Maximum PC Security RSS Feed

Rising Enterprise Data Disasters Blamed on Human Error

Paul Lilly — Fri, 20 Nov 2009 07:24:14 -0600

A rising number of data flubs has caused some to question whether the benefits of cloud computing truly outweigh the risks, but is that really a fair assessment? The eggheads at Kroll Ontrack don't think so, who point out that the recent spike in data losses with corporate enterprises is simply the result of human error.

"While advanced storage options such as virtualization and cloud computing offer corporations storage optimization, human processes are still at the root of these solutions, instructing the technology as to how to perform," said Phil Bridge, managing director at Kroll Ontrack UK. "The complextity of these systems often requires a steep learning curve. With reported IT spending at a low, human error is increasingly common."

According to Kroll Ontrack, some of the biggest mistakes attributed to the human element include pulling the wrong drive while trying to pull a failed disk in a RAID array, accidentally deleting a business-critical database and restoring it with a corrupt or incomplete backup, attempting to force failed drives back online when rebuilding a bad array, accidentally deleting files, volumes, virtual machines, or a SAN LUN with no backup in place, and reformatting the wrong SAN LUN during a server migration.

The NSA has been Working with Microsoft on Windows 7 Security

Paul Lilly — Wed, 18 Nov 2009 11:15:01 -0600

With the release of its latest OS, Microsoft appears to have put security at the forefront of the design phase. So much so that the National Security Agency (NSA) had a hand in helping the software maker lock down its operating system, a senior NSA official said on Tuesday.

"Working in partnership with Microsoft and [the Department of Defense], NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user's ability to perform their everyday tasks," Richard Schaeffer, the NSA's Information Assurance Director, told the Senate Judiciary Committee in a statement prepared for a hearing held in Washington. "All this was done in coordination with the product release, not months or years later in the product cycle."

The NSA and Microsoft working together is not exactly a new venture. Back in 2007, NSA officials confirmed they had also lent a hand during the development of VIsta, but the collaboration goes even further back. In 2005, the NSA and other government agencies assisted Microsoft in securing Windows XP and other programs.

Of course, the NSA is probably best known for its electronic eavesdropping operations, and we can't wait to see what the conspiracy theorists have to say about the organization's involvement with Windows.

IBM Introduces New Security Product for Virtual Environments

Paul Lilly — Mon, 16 Nov 2009 07:04:41 -0600

IBM is taking virtualization security to the next level with a new product designed to safeguard enterprise virtual server infrastructures, the company said.

The product -- IBM Virtual Server Security for VMware vSphere -- purports to help growing companies stay protected as they consolidate their data centers. IBM said it has been working with clients to simplify and optimize their virtual infrastructures, and that this product allows those same businesses to put up a shield against next-gen security threats.

"Clients are asking for solutions to secure their data centers as they move from a traditional environment to virtual deployments. To that end, IBM has built this solution based on feedback of hundreds of customers looking to answer this urgent need," said Brian Truskowski, general manager, IBM Internet Security Systems (ISS).

Some of the automatic protection features of IBM's Virtual Server Security for VMware vSphere include Virtual Network Access Control (CNAC) to limit network access from a virtual server until security posture can be confirmed, rootkit detection, virtual infrastructure monitoring, and more.

The new product will be available in December 2009.

Image Credit: IBM

Sneaky Windows 7 Zero-Day Bug Confirmed

Paul Lilly — Mon, 16 Nov 2009 07:04:24 -0600

It was reported that just a day after Microsoft squashed a dozen bugs in its software, there remained an unpatched bug in Windows 7 and Server 2008 R2 capable of locking up systems and forcing a complete shutdown in order to regain control. Turns out the report was true, as Microsoft Friday evening confirmed that the unpatched vulnerability does indeed exist.

"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable," Dave Forstrom, a spokesman for Microsoft security group, said in an email. "The company is not aware of attacks to exploit the reported vulnerability at this time."

In theory, the attacks could be targeted towards any browser. Should a user be tricked into visiting a malicious site, hackers could send out tainted URIs (uniform resource identifiers) and crash their PCs.

Microsoft didn't give a time frame on when it will patch the bug. In the meantime, users can stay protected by blocking TCP ports 139 and 445 at the firewall, although doing so would also disable browsers and a host of critical services, including network file-sharing and IT group policies, ComputerWorld reports.

Image Credit: Microsoft

Flash Flaw Could be Major Risk for User-Generated Content Sites

Ryan Whitwam — Fri, 13 Nov 2009 21:23:34 -0600

Security research firm Foregorund has made known today that there is yet another serious flaw in Abobe’s Flash plugin. The problem could potentially affect many of the sites we use every day. Researcher Mike Murray said, “Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this."

The problem stems from the Flash ActionScript same-origin policy. This system is supposed to limit a Flash object’s access to content from its original domain. But if an attacker is able to insert malicious code into a Flash object, it can execute that code when run. Anyone viewing the malicious Flash object is vulnerable to attack.

Adobe and the researchers agree that the flaw is not easily corrected with a patch to Flash. "We see this as a generic problem that affects any site that allows active scripting, not just Flash, but things like JavaScript and Silverlight as well,” said Adobe’s Brad Arkin. Foreground has yet to see any examples of the attack in the wild, but they believe it could happen at any time. The only way to be completely safe from this attack is to stop using Flash or at least running the No Script add-on for Firefox.

Koobface Botnet Computers Used to Infiltrate, Spam Facebook

Paul Lilly — Thu, 12 Nov 2009 13:15:35 -0600

Trend Micro has issued a warning that the Koobface botnet has begun pushing out a new component capable of automatically registering a Facebook account and confirming an email address in Gmail to activate the fake persona. Once Koobface becomes part of the social network's community, it begins randomly joining Facebook groups, adding friends, and posting messages to people's walls.

"Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook," says Trend Micro. "All Facebook accounts registered by this component are comparable to a regular account made by a human. The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books, among others. In addition, every account registered is unique in such a way that the details vary for every account registered."

That's pretty wild, and it's done using Internet Explorer to create and register the account, according to Trend Micro. But what's interesting is that the Koobnet botnet halts its dastardly deed if the affected user is kicking it old school with IE6.

So how do you avoid being duped by a fake friend? You could become a loner, but that might get, well, lonely. Common sense applies - be sure you know who it is you're adding. And as usual, be wary of clicking on links. Trend Micro says the messages posted through Facebook's wall contain a link that leads to the fake Facebook or YouTube page hosting the Koobface loader component.

HP Beefs Up SMB Security

Paul Lilly — Wed, 11 Nov 2009 07:04:03 -0600

Hewlett-Packard is stepping up to the plate with improved data protection and better backup solutions for small and medium businesses, The Register reports.

First on the list is HP's LeftHand Networks P4000 SMB storage area network (SAN) lineup, which will now come equipped with application-integrated snapshots. This will make it easier on admins, who can use the P4000 GUI to signal that a snapshot needs to be made of a volume, and the P4000 array software will handle the rest.

The second change comes to HP's Disk-to-Disk (D2D) backup product, which has been given a file interface allowing applications to view it as a NAS box. In the long-run, customers will be able to reduce their reliance on tape.

For those who want to keep using tape, HP introduced its new DAT320 tape drive. The 8mm DAT320 packs 320GB, or twice as much as the DAT160.

Image Credit: HP

Computer Security Company Takes Out Enormous Botnet

Ryan Whitwam — Tue, 10 Nov 2009 18:30:15 -0600

Security firm FireEye has reportedly struck a massive blow against spam. The so called “Mega-D” or “Ozdok” spam botnet was effectively dismantled by these intrepid security researchers. After studying the beast, FireEye launched an attack by notifying ISPs, having command and control (CnC) domains removed, and then registering unused CnC domains.

Almost immediately, the spam ceased. No small feat, considering Ozdok was probably responsible for one third of the world’s spam. This takes the load off ISPs which were forced to filter the spam from this botnet. Individual users probably won’t notice much difference.

FireEye found that over 246,000 zombie machines were reporting to the CnC domains in their possession after the takedown. The security firm plans to work with ISPs to indentify the owners of the PCs so they may remove the malicious software.