Let’s Get Proactive with End User Security

Where do most of the threats to the security of our IT systems lurk? The Internet, of course! Powerful malicious software apps are all over the Net, like website land mines, just waiting to explode into your computer if you touch them. And how about accessing social networks from your company work station? Do you really think that content on these sites is secured and only available to those you chose to see it? If so, then Im sorry to disillusion you.

So why do most concerns still let their employees casually access and surf the Web from their business systems? Especially in the present when most everyone has a smart phone or pad with them at all times? Businesses should embrace this situation and use it to their advantage. Why not set up an employee wireless network with all the appropriate security measures in place just for Internet access? (This network should be totally separate from business networks and not accessible by business computers). Its not expensive or difficult to administer and maintain a network like this, and employees could access websites to their hearts content (on their off time of course). And for those employees that are without a smart phone (an ever dwindling few), you could stand up a few kiosk computers that they could access using their employee wireless network password.

As for employees that need Internet access to perform their work duties, you should lock their access down tight. The best thing to do is to add needed websites to a white list and only allow those employees with a business need to access only those websites that are necessary and no others. Black listing and web filtering are partially effective, but they dont really work well enough. I cant tell you how often we have seen such filters in place at businesses that we assess that prevent access to gaming and porn sites, but still allow access to traps like known malicious websites in foreign countries! Go figure.

And dont forget to properly segment your business networks. Users should only be allowed access to those network resources that they need for business purposes. Users in workstation space should never be allowed to seeinto server space. Preventing this will go a long way in curtailing attacks from the other big danger the malicious insider. 

Thanks to John Davis for writing this post.

Deals for Replacing XP for Home & Small Business

Now that Windows XP is end-of-lifed, it is wise to replace it at home and in businesses of all sizes. Malware and vulnerabilities for XP are likely to skyrocket over the coming months, making it a very unsafe platform, indeed.

To help with replacement, we at MSI went shopping for some deals on Windows 7 and Windows 8 for you. Here are the deals we found on newer Windows software. Please note, we have no affiliation with any of these vendors and can’t recommend them in particular. We simply found the best prices we could identify for Windows OS. Your milage and paranoia may vary.

Here are the deals we could find:

For one PC license of Windows 7 Pro for as low as $69.99.

If you need more than one,  the lowest is $219.99.

For Windows 8 Pro – $79.94 for single computer use.

The price is $199.99 for multiple computer to use Windows 8 Pro.

We hope that helps some of you who still need to upgrade. Until next time, thanks for reading & stay safe out there! 

OpenSSL Problem is HUGE – PAY ATTENTION

If you use OpenSSL anywhere, or use a product that does (and that’s a LOT of products), you need to understand that a critical vulnerability has been released, along with a variety of tools and exploit code to take advantage of the issue.

The attack allows an attacker to remotely tamper with OpenSSL implementations to dump PLAIN TEXT secrets, passwords, encryption keys, certificates, etc. They can then use this information against you.

You can read more about the vulnerability itself here. 

THIS IS A SERIOUS ISSUE. Literally, and without exaggeration, the early estimates on this issue are that 90%+ of major web sites and software packages using OpenSSL as a base are vulnerable. This includes HTTPS implementations, many mail server implementations, chat systems, ICS/SCADA devices, SSL VPNs, many embedded devices, etc. The lifetime of this issue is likely to be long and miserable.

Those things that can be patched and upgraded should be done as quickly as possible. Vendors are working on patching their implementations and products, so a lot of updates and patches will be forthcoming in the next few days to weeks. For many sites, patching has already begun, and you might notice a lot of new certificates for sites around the web.

Our best advice at this point is to patch your stuff as quickly as possible. It is also advisable to change any passwords, certificates or credentials that may have been impacted – including on personal sites like banking, forums, Twitter, Facebook, etc. If you aren’t using unique passwords for every site along with a password vault, now is the time to step up. Additionally, this is a good time to implement or enable multi-factor authentication for all accounts where it is possible. These steps will help minimize future attacks and compromises, including fall out from this vulnerability.

Please, socialize this message. All Internet users need to be aware of the problem and the mitigations needed, even for personal safety online.

As always, thanks for reading, and if you have any questions about the issues, please let us know. We are here to help!

Podcast Release: Threats From the Net Feb 2014

The Kluniac is back! This month, the ElderGeek covers more emerging issues in infosec that came calling in February. 

Give it a listen, and touch base with him on Twitter (@pophop) to tell him what you’d like to hear on upcoming episodes. He loves the chatter and really digs listener feedback.

You can get this month’s episode by clicking here.

Learn More About TigerTrax Services in Our Webinar

After the powerful launch of TigerTrax last week, we have put together a webinar for those folks looking to learn more about our TigerTrax™ services and offerings. If you want to hear more about social media code of conduct monitoring, passive analysis and assessments, investigation/forensics and threat intelligence enabled by the new platform, please RSVP.

Our webinar will cover why we built TigerTrax, what it does and how it can help you organization. We will discuss real life engagements using the TigerTrax platform across a variety of verticals and looking at social, technological and trust issues. From data mining threat actors to researching supply chain business partners and from helping pro-sports players defend themselves against accusations to monitoring social media content of key executives, the capabilities and examples are wide ranging and deeply compelling.

Register for the webinar by clicking here. Our team will get you registered and on the way to leveraging a new, exciting, powerful tool in understanding and managing reputational risk on a global scale.

The webinar will be held Wednesday, March 12, 2014 at 3 PM Eastern time. Please RSVP for an invitation. Spots are limited, so please RSVP early.

As always, thanks for reading. And, if you would prefer a private briefing or discussion about TigerTrax, give us a call at (614) 351-1237 x206 and we will get a specialist together with you to help identify how MSI can help your organization.

Twitter Stream About Online Card Fraud & Crypto Currency

The other day, I was discussing the idea that as the world moves more strongly toward chip and pin credit cards, that the levels of online credit card fraud were likely to skyrocket. Joel, the @SCADAHacker took me to task, and I thought I would share with you our conversation (with his permission, of course.) Here it is:

@lbhuston: Time to Get Moving on Chip and PIN? ow.ly/tvyZa <There are downsides to this too. It will help physical, but up online fraud.

@scadahacker: @lbhuston Please explain your reasoning on this and why it would be any different than current mag-based cards for online purchases. [sic]

@lbhuston: @SCADAhacker The threat won’t be different, but the criminals that now work physical card fraud will migrate their value stream to online.

@lbhuston: @SCADAhacker In other words, the crime rings powered by card fraud will simply compensate for the controls by switching fraud vector.

@lbhuston: @SCADAhacker This has been historically valid, & I think applies here. Most of those rings already have online fraud skills, they extend.

@lbhuston: @SCADAhacker Make sense? Sorry, hard in 120 char bursts. Sorry for the multiples. 🙂

@lbhuston: @SCADAhacker The really sad thing is that it is the best path forward. Chip cards work, for now. Also look for forgery to accelerate. 🙁

@scadahacker: @lbhuston Agree.  Good point my friend!

From there, I went on to discuss another concern that I am focusing on at the moment, crypto currency.

@lbhuston: @SCADAhacker Sadly, another thing I am watching closely is the impacts of crypto currencies on old school political corruption. Few controls

@lbhuston: @SCADAhacker Many law enforcement & govt watchdog groups don’t have digital chops to even understand something like bitcoin. 🙁

@lbhuston: @SCADAhacker Here’s my derby talk from 2 years ago. bit.ly/QQ4Skq <The innovate crime 4 profit is why I follow a lot of this.

@scadahacker: @lbhuston Thanks bro!

As always, Joel and all of my readers are welcome. Thanks for reading what I have to say and for allowing me to voice my thoughts and concerns. If you don’t already follow Joel, you should, he is world class and in addition to being brilliant, is a heck of a nice guy, too. Reach out and Twitter and let me know what you think. Do you think card fraud is about to turn a corner? How will crypto currency influence the future political process? Am I just being paranoid? Give me a shout at @lbhuston and let me know what is on your mind.

PS – It looks like some of these ideas are being thought about around the world. Here are some other folks thinking along the same lines. Click here, here, here or here.

HoneyPoint IP Protection Methodology

Here’s another use case scenario for HoneyPoint Security Server. This time, we show the methodology we use to scope a HoneyPoint implementation around protecting a specific set of Intellectual Property (IP). 

If you would like an in-depth discussion of our process or our capability, please feel free to reach out to us and schedule a call with our team. No commitment and no hard sale, guaranteed.

If the graphic below is blurry on your device, you can download a PDF version here.

HP_IPProtection

HoneyPoint Trojans Overview

Here’s another quick overview graphic of how HoneyPoint Trojans work. We have been using these techniques since around 2008 and they are very powerful. 

We have incorporated them into phishing exercises, piracy studies, incident response, intrusion detection, intelligence gathering, marketing analysis and even privacy research. To hear more about HoneyPoint Trojans, give us a call.

If the graphic below is blurry on your device, you can download a PDF version here.

HPTrojanOverview

HoneyPoint in a Point of Sale Network

We have been getting a LOT of questions lately about how HoneyPoint Security Server (HPSS) fits into a Point of Sale (POS) network.

To make it pretty easy and as a high level overview, below is a use case diagram we use to discuss the solution. If you would like a walkthrough of our technology, or to discuss how it might fit into your specific use cases, please let us know.

As always, thanks for reading and for partnering with MicroSolved, Inc.

PS – If the graphic below is difficult to read on your device, you can grab a PDF version here.

HP POSNetworks