Thursday, February 26, 2009

Even turned off machines can have security hazards!; Cold boot issues


There is another bizarre security threat for computers even after being turned off. It seems to apply to office environments or perhaps areas with public computers. In an environment with encryption, an attacker could cause computers to be turned off, and then steal the RAM and physically take off the encrypted information from a DIMM module.

This possibility was described by Niley Patel, Feb. 2008, in “Engadget” here.

A UK paper called “The Register” describes, in a paper by John Leyden, a “Cold Boot Crypto Attack” which works because DRAM circuits retain data after being powered.down. The story is “Security boffins attempt to freeze out cold boot crypto attack; Cache from chaos”.

The link is here.

All of this came up today (for me) as a topic of interest (after some searching) because suddenly my keyboard became unresponsive, going into the “Standby” panel when I tried to reboot. It remained so when I got the machine to restart (Word would not accept input from the keyboard) and I actually got a “keyboard error” during the boot process. It started working OK after I did a cold boot, and waited about a minute for Microsoft XP to run some repair scripts that seemed to start automatically.

I don’t know what would cause the Bios to lose contact with hardware. McAfee was clean. Maybe it’s overheating and a weak fan. But, a quick search indicates that “keyboard errors” on restart do sometimes happen on Dell machines (just like HAL errors, discussed earlier).

Tuesday, February 24, 2009

Parry Aftab on GMA: Girl Scouts and Internet Safety


Parry Aftab appeared on ABC’s “Good Morning America” on Tuesday, Feb 14 to discuss a partnership between her and the Girl Scouts and Microsoft to promote online safety. One of the tips offered today on the show was that parents set up profiles themselves on Facebook or Myspace if their kids have them in order to monitor who make themselves “friends” and who try to contact them.

There is a website for this effort called “LMK: Life Online by Girl Scouts and Windows” link here. Tab 5 is Parry Aftab’s essay question Q&A on the difference between online and offline risks. Contrary to horror movies, no one can “pull you into the computer” but they can court and try to manipulate you, she said.

Aftab says she will soon have a meeting with the Obama White House on internet safety for minors.

Monday, February 16, 2009

National Defense University provides training in Internet security for "older" executives; watch out for Second Life


The National Defense University is training military officers and civilian agency managers and contractors on how to spot cyberthreats, reports Kim Hart on p D1 of the Washington Post Business section in “The Download” Column, in a story titled “Cyber Threats 101”. The link is here. The facility is located on the Anacostia waterfront in Washington DC, at Fort McNair, where President Clinton gave his speech announcing “don’t ask don’t tell” in July 1993.

The class teachers managers in their 40s “hacking” skills of sniffing wireless ports, simulating buffer overflows, and scoping Second Life and Warcraft for classified information. Most of their younger subordinates were brought up on computers and may be more conversant on the “tools of the trade.”

Over thirty companies assist in providing the training.

Back in 1998, my employer in Minneapolis sent most of us for a one day training in laptop security (especially buffer overflow risks) at the University of St. Thomas in St. Paul.

Update: Feb. 17, 2009

A front page story in USA Today by Peter Eisler this morning reads "Reported raids on federal computer data soar: 'Major intrusions' on networks are up 40%" link here., referring to increases in breaches in 2008.

Sunday, February 15, 2009

Do we need a "new" Internet? Would it require a "license"? What about existing e-business? Lessons from Conficker


John Markoff has a sobering essay in The New York Times “Week in Review” Section Sunday Feb. 15, 2009, “A New Internet: The old one is putting us in jeopardy”, link here.

The heart of his discussion is the proposal, with some efforts underway, to develop a more secure Internet , possibly based on the new IPv6 (allowing orders of magnitude more IP addresses) architecture available with newer PC’s and MacIntosh’s. One likelihood is that users would need “driver’s licenses” to use it, a proposal we have touched on before even for the current Internet. That would compromise anonymity and spontaneity. Although the current Internet would remain in place (presumably), it’s not clear how that could affect current business models based on blogging, social networking and associated advertising.

Nevertheless, we may have put ourselves at risk for an “electronic 9/11” by hanging our commerce on a technical infrastructure originally intended to be tightly secured for defense. (Just a stream of consciousness thought: one a civilian job I had with the Navy department in the early 1970s, I almost go to got on a Navy ship for a while and even live on it to implement a system.)

The article also talks about the ticking Conficker worm (or virus, also called "Downadup"), many a risk to corporate networks, having done little harm yet, but capable of segregating off a large part of the global Internet without warning.

Saturday, February 07, 2009

Maryland legislature bans Myspace, Facebook from its computers out of "fear" of viruses


The Maryland General Assembly has banned Facebook and Myspace from assembly computers. When a user attempts to access either site from a legislature computer, he or she gets a DNS error.

The Assembly has said that the increase in viruses on member pages or applications in the past few weeks is the reason. Facebook has created some controversy with a few applications that it permitted, but reportedly tightened controls and supervision.

Although Facebook is now open to anyone to join, it has long been associated with the academic community and has always been stricter about acceptable use and has been viewed as a little more “conservative” or “professional” than Myspace, which has a reputation of appealing to teens. Many people have been particularly critical of pulling the plug of Facebook, which legislators could use to stay in tough with constituents (as they could use Myspace).

In fact, many political candidates have pages on both Facebook and Myspace (as well as Linked In, which is not affected by the Maryland policy).

One wonders why the Maryland Assembly does not have more confidence in the ability of its own IT staff or contractors to keep the system safe, with a variety of anti-virus tools. It may well be wise to use more than one tool. Instead of relying just on McAfee and Norton, Best Buy’s Geek Squad, for example, suggests that users and companies look at some newer specialized products like SpySweeper.

Neither Virginia nor the District, nor United States Congress has imposed such restrictions on social networking sites. I’m not aware at the moment of infections in any state legislature’s computers from a social networking site.

Some public school systems ban Facebook and Myspace out of concern for inappropriate conduct or predators, and some employers ban them out of productivity concerns, although in many cases social networking is part of the job and such bans are counter-productive.

A blog called “Legum’s New Line” as a detailed news story with links, here. (I don't think the blog bears any relation to "New Line Cinema"! But it calls itself "Fresh thinking from the Old Line State"!)

Tuesday, February 03, 2009

Companies offer parents ability to monitor their kids' cell phone (ab)use


The Dr. Phil show today (Tues. Feb 3) presented a device called “Radar” or “My Mobile Watchdog” that allows parents to monitor their kids’ cell phone use. A link showing how it works is here.

Some parents have clamped down on teen home computer use, by measures such as moving the computers into public areas and installing filters, but are unaware that predators could try to contact their teens by cell phone.

The Dr. Phil show demonstrated s sting operation by police in Colorado resembling NBC Dateline’s famous series, but this time involving cell phones as well as computers. Cell phones and blackberries send emails and have Internet access as well as processing calls and texts. But teen texting (sending and receiving) seems to be posing hazards previously underestimated by parents.

Dr. Phil presented “text language”.

Sunday, February 01, 2009

"Stop Badware" is a major resource for webmasters, software developers; major search engine flap happened Saturday


There is a site developed as a partnership of “academic institutions, technology industry leaders and volunteers” that aims to communicate threats of malware, spyware, viruses, badware, etc. The site is called Stopbadware. One of its functions is to work with search engine companies and identify sites shown, with credible evidence, to have distributed harmful downloads or malware. It also identifies harmful applications or products.

The group also offers webmasters products to identify badware distributed advertently from their sites, possibly because of hacking, disgruntled employees, or even ads delivered to the sites, and even sites linked to in user-generated areas or comments. The group warns webmasters about the safest protocols to use for updating (it prefers SFTP and SSH to regular FTP or telnet), and describes a couple of possible stealth hacking attacks: “invisible frames” and “obfuscated code” both of which can sometimes be legitimate coding practices if intended. Generally, webmasters using shared hosting provided by large and well-established hosting companies with standard security procedures are much less likely to encounter problems. The business consolidation that has gone on in the web hosting industry does provide economy of scale that makes first rate security much more affordable and practical.

Visitors will want to study their “active alerts.” The Software Guidelines page is also important, link here. Note the definition of “badware website” at the bottom of this page.

Stopbadware could be used in conjunction with services like McAfee Site Advisor or My Web of Trust.

Multiple media resources indicate that Google mistakenly returned a stopbadware warning (“This site may harm your computer”) on “all” search engine results because of a software or server problem for about one hour early on Saturday January 31. (Actually, the problem has to do with regarding “/” as a URL; that reminds me of an old trap in assembler programming in my IBM assembler days back in the 1980s and 1990s.) Google’s corporate blog entry on the issue is here. (The "?!" in the posting is actually the notation used for "dubious move" in annotating chess games!) You can go from this link to Stopbadware’s explanation for even more details, at the end of the post.