The Ambassadors Wife and The Missing Laptop

I just heard the wife of the Pakistani ambassador to Ireland on the radio, talking about her laptop which was stolen from her apartment last week. She’s very keen to get it back, not because of the laptop, but because of the data that was on it. Personal information, photos, information realting to a scholarship scheme she’s putting in place. All gone. She was willing to buy back the laptop and not press any charges if she can just retrieve the data.

All of which goes to illustrate once again, that it’s not the computer equipment that is of real value, it’s data. I’m sure whoever took the laptop is planning to wipe all the info off it and sell it for a quick killing. They probably have no interest in what’s stored on it. The moral of the story is backup, backup, backup!

Hacked Every 39 Seconds

No updates for the past while because I’ve been up to my tonsils with work. Not that I’m complaining. One of the “joys” of having your own business is the fact that you never know what’s round the corner. My business is just over three years old now, and a lot of that 3 years was spent cold-calling prospective clients, which was neither pleasant nor productive for me. Since Christmas I have done no cold-calls, and customers are beating a path to my door. I’m not sure why this is the case but I watched “The Secret” a while back and read “The Science of Getting Rich” so I’m putting it down to that.

Anyhow, I did get time last week to browse through PC Live, (Great value for just €3), and came across this article. According to a University of Maryland study, a PC connected to the internet will on average be attacked every 39 seconds.

The study also profiled brute force attacks and found the most common methods of guessing passwords. The most common was to re-enter the username or a variation of it, (eg user: admin, pwd: admin123). Other common password guesses were ‘password’, ‘passwd’, ‘test’, ‘123’, 1234′, ‘12345’, ‘123456’ and ‘1’.

Nothing too surpirsing I suppose in the guesses, but the frequency of the attacks was interesting. It also proves again the need for effective passwords, and we’ve discussed before. Make it long, mix letters, numbers and special characters, and change it on a regular basis.

WordPress Hacked

Having a WordPress-based blog about computer security, it would be a bit of an oversight if I didn’t mention the recent problems encountered by my gracious hosts.

Last week the server hosting the WordPress 2.1.1 download was hacked, and the code was modified to include code for remote PHP execution. According to Matt Mullenweg it appears that only two files were changed and measures have been implemented to try to prevent a recurrance. Any users of 2.1.1 should immediately upgrade to WordPress 2.1.2.

This is obviously a serious issue for WordPress, but in fairness they appear to have responded in the right way, publicising the attack and doing everything possible to make sure it doesn’t happen again. http://wordpress.org/development/2007/03/upgrade-212/

The point of this blog is that everyone can do all the simple things to protect themselves from the casual attack. This type of attack however sounds like Wordpress was a  very specific target, which makes it much more difficult to defend yourself against.

I’m sure WordPress had already invested heavily in their security infrastructure, (Firewalls, Intrusion Detection etc), so now they’re going to have to go back and look at that investment and see where it failed them. Do they need to spend more on technology to prevent a recurrance, (not necessarily always the answer), or is it a matter of ensuring more effective processes are in place.

According to Matt’s blog, a number of measures have already been implemented to stop the same thing happenning again. Time will tell if they’ve done enough.

Dean Koontz

Just finished reading The Husband by Dean Koontz, (Didn’t he used to have an ‘R’ in there or am I imagining that?) Anyway, there’s one line in it that I thought had parallels with computer security. The hero is walking out of a house and doesn’t lock the door behind him, “…perhaps recognising that he couldn’t keep out those he wished to bar, only those who had no desire to enter.”

Computer Security is not quite that bad, but the truth is, if “they” want to get in badly enough, you’ll have to spend an awful lot of time, money and effort to stop them. Thankfully, usually these guys are more interested in the low-hanging fruit. There’s enough of that around to keep them busy so they don’t need to put the effort into actually breaking in. Why bother when there are so many open doors. Ironically, in the book, the guy who left his doors open turned out to be paranoid about computer security later on.

Reads this if you use online banking

Ever heard of phishing? It’s the process whereby someone tries to lure you into divulging personal details, (username, password, account details etc), usually by sending you a mail that appears to come from your bank explaining that their servers are to be upgraded, and asking you to follow the link and re-enter all your details.

Well, last week a major pharming attack hit users of 65 banks in the US, Europe and Australia. Pharming is kind of a step up from phishing, because you don’t need to click on a link in an email. Basically what it does is recognise when you wype in the url for your banks site, and redirect those requests a duplicate site. In last weeks case, all the information keyed in by users was subsequently forwarded to the banks in question, which of course makes the problem harder to detect. But by the time the banks received the information entered it had already been captured by the guys behind the scam.

According to Yahoo news, target institutions included Bank of Scotland, Barclays Bank, eBay, Paypal, Discover Card & American Express.

The whole thing seems to have been launched through a trojan known as Burglar.A, which in turn downloaded a number of other Trojans. Keylog.LN, which captures keystrokes and looks for user login details, Banker.CLJ which carries out the pharming scam, FileStealer, which installs a web-server on the PC giving the authors remote control of the server, and Sters.P, designed to prevent users and programs from contacting their websites for security updates.

So overall this was a really nasty little piece of code. The Internet is a fabulous place, but to quote Hill Street Blues….Let’s be careful out there!

Why Nasty Hackers Target Nice PC Users!!!

Last week I was explaining to a client about how hackers operate, and they simply didn’t believe that anyone would want to hack into their systems. After all, they’re a micro-business operating in the south-east of Ireland. In global terms they are a complete non-entity.

One of the great things about the internet is that you don’t have to be a multi-national corporation to have a multi-national presence. A single PC in the kitchen can provide services to companies all over the world. And that’s what makes every PC a target for hackers. The Washinton Post reported on this last week:

“Last month, a number of anti-spam Web sites came under a sustained distributed denial of service (DDoS) attack, an electronic assault during which the attackers use thousands of compromised personal computers to overwhelm a target with so much bogus traffic that the PCs can’t accommodate legitimate visitors.

The attacks were made possible by tens of thousands – perhaps millions – of computers infected by the recent e-mail virus known as the Storm worm.”

This is just one example but it explains how important it is for every PC to be properly protected. The Storm worm is now particularly ingenious in the way it works. It hit the internet at a time when they’re were particularly bad storms raging across Europe, which helped it spread, but it can be blocked by most commercial security products.

The problem here is that people will go out and spend €1000 on a PC, and then be reluctant to spend €30 or €40 on a decent internet security product. Even the free products like avast and avg provide good levels of protection. I don’t believe that people are that stingy, so surely the problem is a lack of awareness.

IT Superhero to the rescue

I wrote last week about problems recovering deleted files, and got a comment with a couple of suggestions.

https://simplecomputersecurity.wordpress.com/2007/02/12/recovering-deleted-files-that-were-not-backed-up/

Well the good news is, I tried one of them and managed to recover a load of files for my client. She’s delighted to have got back 2.5 years work, and I’m being showered with praise. 

The tool I used was recover4all pro, ($69), and it’s a really simple tool to use. You just download the demo, run it and see what’s recoverable. There are no guarantees at this stage that you will get everything back, but at least you get an indication of what might be recovered. If it finds what you want, you can register online, pay the purchase price and receive an email with the product key. Type it into the program and it will enable the recovery options. Then you just specify where you want to restore to and away you go.

Obviously if you recover to the same drive it could potentially overwrite the files you are trying to get back, so use a different drive. I mapped in a network drive and it worked like a dream.

So many thanks to Lee, (aka Darkan9el) for the tip.

PS The fact that there are tools like this out there shouldn’t make anyone think backups are any less important. I have one very relieved client who certainly appreciates the how critical it is to backup properly.

Why Not Rocket Science

I’m still fairly new to the whole blogging thing, and one of the things I’ve read since I started this was that the blog title should be simple and relevant to the content.

This blog is all about making computer security simple and accessible to non-technical computer users. But it just occurred to me that it may seem like I’m saying that computer security is a simple area. That’s not the case at all. In fact there are layers and layers of complexity and specific areas of expertise within the overall “computer security” field.

The idea that you will make your computer or your network completely secure is nothing more than a pipedream. Sadly, there’s no such thing as Total Computer Security. What you can do though is implement security measures that provide an optimal level of protection. This idea of “Optimal Security” is discussed in more detail on my secureyourbusinessnow.com site, (see the blogroll), but basically it means looking at what you are trying to protect, the threats you are trying to protect from, and then deciding on the best security solutions for your needs.

So the optimal security level will vary from one company or even 1 PC to the next. If you have a PC used for your accounts, payroll, client details, etc, it is more critical than a PC used for web-browsing. That doesn’t mean you don’t implement security in some cases. There is a base level of security that should always be in place on any PC, (and unfortunately often isn’t!!!).

What it means though is that you don’t need to be a technical guru to protect your computers to a level where they are relatively safe from attack. In economic terms, you reach the point of diminishing marginal returns, where spending more money, time or effort will not give you sufficient return to make it worthwhile. It’s up to you to decide where that point is, and you do that by understanding your needs, the threats, and the solutions.

All of which doesn’t have to be that difficult, once you remove the hype and jargon, and focus more on SECURITY and less on COMPUTER.

Clear as mud??? Let me know

Recovering Deleted Files – The Outcome

Well, I went to my client site today armed with a couple of software tools to try to recover the deleted folders and files. Unfortunately, I was unable to get them back.

There are a couple of reasons for this, (and lessons to be learned for next time this type of thing happens).  

Firstly, some of the files had been recovered from the tape backup. This was great to have but restoring the files to the same drive that they had been deleted from considerably reduced the likelihood of recovering the ones that the backup hadn’t got.

Secondly, the server had been rebooted before the recovery tools were run. Again, this goes against recommended practice. The process of shutting down and restarting the computer will write files to disk and increase the likelihood of the “deleted” files being overwritten.

And thirdly, it’s much easier to recover files from a proper backup than trying to use these tools to “undelete” them.

It is possible that the files and folders are still recoverable, but I think at this stage it would take an awful lot of time, effort and of course money to do it, so it’s probably not worth it. However, as I’ve said before, this is not my area of expertise so if anyone knows of a cheap and easy way to get them back I’d love to hear it.

Recovering deleted files that were Not backed up

I mentioned last week about how important backups are, because I have a client who has lost almost 3 years work when someone decided to do a “tidy-up” job on the server.

Well, unfortunately for my client, they hadn’t got all their data backed up. I ran a restore job and recovered a lot of the missing data, but they are still missing some important files and folders.

Tomorrow I’m heading in with some data recover tools to see if we can “un-delete” these files, but I’ve never used these products before. My message to the client was that this is a long shot but we’ll give it a go and see how we get on.

Tune in tomorrow to see how we get on. Same Bat-time. Same Bat-channel.

BTW the two products I’m trying are File Scavenger 3.1 and Stellar Phoenix (FAT & NTFS) 2.1