InfoSec News

It's 10pm, Sunday night, Anytown. In a quiet house, a phone rings.
Ring Ring, Ring

Your Mother in Law: Hello Dear, I've got an XYZ error message on my screen, I've powered off and back on, and the message is still there. Can you help?

You (to yourself, in your inside voice): which means she's powered here *screen* off and on instead of her computer, here we go again! it really sounds like i need to be there to fix this - can I stop by tomorrow after work?

Her: But I'm bidding on an WXY, and the auction closes tomorrow - can't we get this fixed tonight? Plus you know how I like to play those fun online games my friend showed me over my coffee every morning

You (inside voice again): yeah, another XYZ, everyone needs more of those! and don't get me started on those malware infested flash games! how am I going to get this fixed before work tomorrow? She's an hour's drive away and I have an early start tomorrow at at work!

You (to her,out-loud): Will you still be awake in an hour, I can drop by later tonight still if that's ok?

Her: that'd be lovely - I'll put a pot of coffee on, and I baked some cookies today. If this is like last time you'll probably be a few hours!
Wouldn't it be greatif she had an icon on her desktop that would let you remote control her computer, right now?

Well, the good news is, there is such an app. And like so many things in IT, the bad news is, well, the bad news is that there is such an app.
Remote control tools like gotomypc (now gotomysupport), logmein, webex, bomgar and the like used to be considered *evil* apps in many IT groups. They pretty much allowed strangers to remote control your desktop computers over SSL or other encryption (or obfuscation or clear text)protocols, and there weren't a lot of tools out there to control how they got used. Ican remember talking to my CFOa number of years back, trying to explain why gotomypc (which was new at the time) was not a good alternative for him, that he should use the corporate VPNaccess. If you look at what these remote access toolsdo, it sounds a lot like the ultimate goal of any pen-tester, or of any of the bad guys who of course also want to compromise your network security - total control of internal resources without your knowledge.
On the other hand, as these tools have matured we're seeing a large uptake in their use in corporate IT groups, to the point that most IT groups will often have such a solution in place to remotely support their own users. We also see it routinely if we call for support on server operatingsystems or network infrastructure problems - almost the first thing most support techs will do is mail you a remote support link so they can see the problem first-hand and work on it themselves (using your computer).
So for all our family remote support needs, there's dozens of free tools out there that do exactly this. For our corporate needs, similarly, there aredozens of tools out there that do exactly this, for a per-seat or per-site license fee.
Even in this new world where we'venowblessed these remote access tools, people are missing some of the Securtiy 101 questions around them. Things like - how good is the encryption on this tool? Where exactly does the sessiondata transit? Am Irunning this through an appliance in my own datacenter, or am I being run through the provider's infrastructure on the internet (people call this the cloudthese days, like that makes it safer somehow).If the session data goes to the remote support tool provider, what country are they in? How does theirprivacy, search and seizure legislation compare to yours? Does the tool offer a drive map, which might allow file transfer without the user knowing? The answers to these questions might not matter too much to your Mother-in-Law, but your CEO, CIOand Corporate Counsel should all care.
The traditional remote control tools like VNCor MSTerminal Services have been made a lot less effective by firewalls, especiallypersonal firewalls turned on by default in the OS. They can still bedeployed (and controlled) in a corporate setting where you can do things like have Group Policy open workstation firewall ports when at work, and close the affected ports when away, but these tools aren't much help when your CEOis trying to VPNin from a hotel behind a firewall and 2 timezones away.
What tools do you use for remote support? If you run a corporate network, how do you control use of remote control tools? Does your firewall or IPS control this stuff, do you restrict it at the desktop using Group Policy or browser settings, or have you just resigned yourself to the fact that anyone who can dial one of your end-users' extension can social engineer themselves into a remote session on your network?
Please use the comment form to discuss - this is a debate that's been around for a while, but seems like wehave new answers every time !
=============== Rob VandenBrink Metafore =============== (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The big news from Facebook today: an overhauled version of Groups. The news I actually care about: downloads.
 
An Akamai Technologies staffer was arrested Wednesday and charged with wire fraud after he provided confidential business information to an undercover federal agent that he believed to be working for an unnamed foreign government.
 
Cisco has introduced Umi, a home telepresence system that uses high-definition TVs and also works with Google Video Chat.
 
Oracle CEO Larry Ellison didn't rule out the possibility of buying chip companies but also seemed to dismiss the idea of expanding its services offerings, in remarks made during the vendor's annual shareholder meeting on Wednesday.
 
Verizon made big waves in the telecom industry today by announcing that its 4G LTE network would go online in 38 U.S. markets by the end of the year.
 
If you're struggling to rearchitect your WAN to handle unprecedented growth, you're not alone. Enterprise organizations are gearing up for a bandwidth tsunami.
 
Logitech on Wednesday took the wraps off a set-top box called Revue, which will be the first device to bring the highly anticipated Google TV platform to television sets.
 
Like the Mi-Fi and other mobile hot spot devices, the Overdrive 3G/4G Mobile Hotspot combines a mobile Wi-Fi router with a 3G/4G wireless connection, this time via Sprint.
 
With Cisco's introduction of its Umi home TelePresence system on Wednesday, a vision that Chairman and CEO John Chambers has been talking about for years finally saw the light of day. But one piece of his dream is still missing.
 
As security professionals we all know when our computers are trying to tell us that there is something wrong. We also have our own techniques for poking around under the hood looking for trouble before it gets out of hand. Like car enthusiasts, we know what each rattle and noise means and we take steps to correct the problem early. But what about our parents and extended family members who don't have the same skills? Like the temperature gauge or check engine light in your car, how does a typical user know that something is wrong?
Most newer operating systems have a system health and monitoring capability. For example, in Windows 7 you do this:

Log on as a local administrator on your computer, click Start, and then click Performance and Information Tools.
Under Advanced Tools, select Generate a system health report.

And in Windows XP you take these steps:

Log on as a local administrator on your computer, click Start, and then click Help and Support.
Under the Pick a task, click Use Tools to view your computer information and diagnose problems.
In the Task pane, click My Computer Information, and then click View the status of my system hardware and software.

But what else can a non-technical user do that is simple and easy? We published a diary about this subject a couple of months ago and got some really cool ideas. Take a look at the comments and see if there is anything else you are aware of. Use the commentlink below to add your ideas to this diary.
Marcus H. Sachs

Director, SANSInternet Storm Center
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Motorola has filed two patent lawsuits and a patent complaint with the U.S. International Trade Commission (ITC) alleging that a wide range of Apple products infringe its patents.
 
Verizon shifted the responsibility for delivering an iPhone on its network to Apple, on the same day the Wall Street Journal reported that such a phone will be released early next year.
 
Cisco has introduced Umi, a home telepresence system that uses high-definition TVs and also works with Google Video Chat.
 
The U.S. government can save more than $1 trillion over the next 10 years by consolidating its IT infrastructure, reducing its energy use and moving to more Web-based citizen services, a group of tech CEOs said in a report released Wednesday.
 
Watch out RIM, the Motorola is out to get your enterprise customers with the just announced Motorola Droid Pro.
 
Comparison Chart: Motorola Droid Pro, Motorola Droid 2, Motorola Droid X, HTC Droid Incredible
 
The company has become rich, fat and gray, but it's in denial. Isn't it past time for Ballmer to be shown the exit?
 
With over 500 million user accounts worldwide, Skype is one of the most popular free Voice-over-Internet Protocol (VoIP) services around. Skype is probably most famous for its video chat service, but it also provides telephony (the paid Skype-out feature even allows you to call landline and cell phone numbers) and text-chat services. Until recently, Verizon stood out as the only carrier to allow Skype calls on its network. That has now changed--somewhat--with the introduction of the Skype app for Android 2.1 and above.
 
Although Internet Explorer continues to slowly lose the war for browser share, its rate of decline has slowed since Microsoft launched IE8, according to data from one Web metrics firm.
 
Facebook engineers have been in a lockdown for the past 60 days working on new products, and on Wednesday the company took the wraps off some of those new tools.
 
The Stuxnet malware has highlighted the need for software with fewer defects and is an "indictment on the IT business in general," according to the security chief at NERC.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft's acquisition of AVIcode Inc. will help the company extend application management to the cloud
 
The term network neutrality has been used lately to refer to a number of different ideas. One is that networks should be operated without any protocol filtering. Another is that the one and only business model for an ISP is one in which there is a flat fee for unlimited access at the specified line rate. And still another is that networks should be available to all, equally, regardless of their geographic location. There may even be more ideas wedged uncomfortably into this single term's common use.
 
DeviceAnywhere has a software-only application, and client agent, that lets developers create sophisticated scripts to put smartphone applications through their paces.
 
The final version of the international Anti-counterfeiting Trade Agreement (ACTA) leaves the door open for countries to introduce the so-called three-strikes rule, which would see Internet users cut off if they download copyrighted material.
 
AOL may buy more online media and even traditional newspapers in its bid to boost the digital content it offers customers, a senior company executive said.
 
Citrix Systems will add video to its web conferencing service GoToMeeting via a new feature called HD Faces, the company said on Wednesday at its Synergy user conference in Berlin, Germany.
 
By making the new version of XenDesktop easier to manage, Citrix Systems is hoping to convince more companies to virtualize their desktops, the company said on Wednesday at its Synergy user conference.
 
Imagine a cellphone the size of a shoe. Or a laptop weighing 10 kilograms.
 
Despite the hype, the HTML5 specification isn't yet ready due to interoperability issues, a W3C official says
 
A federal judge delayed his final ruling in a patent infringement lawsuit a Yale professor won against Apple, giving the company more time to dispute a $625 million penalty.
 
Fujitsu's newest cell phone might have users seeing double. The handset has two screens and thanks to an innovative user-interface design the extra screen real-estate could help bring clarity to cloud-based mobile services.
 
Vendors are trying to sell users on the idea that they need to stick RFID tags on IT equipment to keep track of it. Users are interested in this technology because they would much rather automate inventory tracking then go server-to-server with a bar code scanner and clipboard.
 
Motorola introduced the Droid Pro, an Android smartphone aimed at the BlackBerry market, along with several other Android handsets, at a Tuesday evening event in San Francisco.
 
Hitachi-LG Data Storage has developed a prototype data storage device that can automatically back up unused data to Blu-ray Disc cartridges, each capable of holding one terabyte (1TB) of data.
 
Cricket, a U.S. mobile operator that uses pay-in-advance monthly plans, will sell the Android-based Ascend smartphone for $149 without a contract when it hits stores in the next two weeks.
 
Security issues have prompted election officials in the District of Columbia to suspend a service that aimed to allow overseas voters to use cast their ballots via the Web in the November elections.
 
InfoSec News: Rogue Trader at Societe Generale Gets 3 Years: http://www.nytimes.com/2010/10/06/business/global/06bank.html
By Nicola Clark The New York Times October 5, 2010
PARIS -- When a French judge on Tuesday sentenced Jerome Kerviel, the former Societe Generale trader, to three years in prison and ordered him to repay €4. [...]
 
InfoSec News: Secret-Spilling Sources at Risk Following Cryptome Breach: http://www.wired.com/threatlevel/2010/10/cryptome-hacked/
By Kim Zetter Threat Level Wired.com October 5, 2010
Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired. [...]
 
InfoSec News: Students Hack Washington D.C.'s Web Voting System to Play College Fight Song: http://gawker.com/5656641/students-hack-washington-dcs-web-voting-system-to-play-college-fight-song
By Max Read Gawker Oct 5, 2010
A pilot internet voting program in Washington D.C. for this November's elections has been scrapped. Why? Well, officials invited hackers to [...]
 
InfoSec News: Russian 'Hackers' Busted by FBI: http://www.themoscowtimes.com/news/article/russian-hackers-busted-by-fbi/418504.html
By Natalya Krainova The Moscow Times 06 October 2010
Eleven Russian students are among 20 people detained in the United States on suspicion of working for an international group of hackers [...]
 
InfoSec News: Novell Finds Widespread Concern About Cloud Security: http://www.informationweek.com/news/security/storage/showArticle.jhtml?articleID=227700129
By Mathew J. Schwartz InformationWeek October 5, 2010
Nine out of 10 cloud computing users remain concerned about cloud security, yet 77% of businesses already use some form of cloud computing. [...]
 
InfoSec News: Adobe plugs 23 holes in Reader, Acrobat: http://news.cnet.com/8301-27080_3-20018672-245.html
By Elinor Mills InSecurity Complex CNet News October 5, 2010
As expected, Adobe released updates for Reader and Acrobat today that fix 23 holes in the popular PDF-viewing programs, including two that are [...]
 

Posted by InfoSec News on Oct 05

http://www.wired.com/threatlevel/2010/10/cryptome-hacked/

By Kim Zetter
Threat Level
Wired.com
October 5, 2010

Secret-spilling site Cryptome was hacked over the weekend, possibly
exposing the identities of whistleblowers and other confidential
sources, according to a hacker who contacted Wired.com and claimed
responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the
long-running site, where they...
 

Posted by InfoSec News on Oct 05

http://www.nytimes.com/2010/10/06/business/global/06bank.html

By Nicola Clark
The New York Times
October 5, 2010

PARIS -- When a French judge on Tuesday sentenced Jerome Kerviel, the
former Societe Generale trader, to three years in prison and ordered him
to repay €4.9 billion in restitution to the bank, the collective gasp
from the courtroom clearly signaled that the question of who bears
responsibility for banks’ aggressive...
 

Posted by InfoSec News on Oct 05

http://gawker.com/5656641/students-hack-washington-dcs-web-voting-system-to-play-college-fight-song

By Max Read
Gawker
Oct 5, 2010

A pilot internet voting program in Washington D.C. for this November's
elections has been scrapped. Why? Well, officials invited hackers to
give the system their "best shot," and some college kids did—and pulled
off a pretty good prank.

During a trial period of the web voting system last week, the...
 

Posted by InfoSec News on Oct 05

http://www.themoscowtimes.com/news/article/russian-hackers-busted-by-fbi/418504.html

By Natalya Krainova
The Moscow Times
06 October 2010

Eleven Russian students are among 20 people detained in the United
States on suspicion of working for an international group of hackers
that stole at least $70 million from bank accounts worldwide.

The FBI called the hacker ring "one of the largest cyber criminal cases
we have ever...
 

Posted by InfoSec News on Oct 05

http://www.informationweek.com/news/security/storage/showArticle.jhtml?articleID=227700129

By Mathew J. Schwartz
InformationWeek
October 5, 2010

Nine out of 10 cloud computing users remain concerned about cloud
security, yet 77% of businesses already use some form of cloud
computing.

Those findings come from a survey conducted by Harris Interactive for
Novell, which asked 210 IT professionals -- ranging from managers to
CEOs -- at...
 

Posted by InfoSec News on Oct 05

http://news.cnet.com/8301-27080_3-20018672-245.html

By Elinor Mills
InSecurity Complex
CNet News
October 5, 2010

As expected, Adobe released updates for Reader and Acrobat today that
fix 23 holes in the popular PDF-viewing programs, including two that are
actively being exploited in attacks that could allow someone to take
control of the computer.

One of the critical vulnerabilities is being used in attacks against
Reader and Acrobat; the...
 

Internet Storm Center Infocon Status