[SecurityRatty] tag: hide

Hunt for the elusive rootkit 'Rustock.C' revealed

Mon, 14 Jul 2008 20:00:00 +0000

Rootkits embody software code designed to hide from view, so the tale of how Kaspersky Lab hunted down the rumored Rustock rootkit reads like a Sherlock Holmes story.

If you want to talk to me your caller ID should not come up unknown

Wed, 09 Jul 2008 06:45:56 +0000

Image via Wikipedia

Much has been written lately about annoying sales tactics and how many in the security field try to duck vendor calls. Believe it or not, I get my share of annoying sales calls as well. Whether it is the great conference that is being organized with all of the CIOs that I would ever want to speak to or the latest, greatest new product that is going to make my life easier and define the road to riches, I am swamped with spam telephone calls (on my cell phone no less) every day.

One thing that I have come to see is that many of these unsolicited calls come in with an unknown caller ID. I don't mean no name for entity, but no number either. Most of these people don't leave a voice mail either, they just keep calling until the get an answer. My view is that if the caller has to go to the effort of hiding their name and number, than they have something to hide and are not being upfront. I don't want to do business with anyone like that. I think this just puts two strikes against anyone calling. Why are you hiding who you are? Are you ashamed of what you are doing?

So here is my Shimel rule on sales calls. If your caller ID does not identify you, than I don't want to talk to you!

If you want to talk to me your caller ID should not come up unknown

Wed, 09 Jul 2008 05:45:56 +0000

Image via Wikipedia

So here is my Shimel rule on sales calls. If your caller ID does not identify you, than I don't want to talk to you!

Sunglasses that Hide your Face from Cameras

Mon, 07 Jul 2008 09:54:18 +0000

Clever. Article and video:

They work by mounting two small infrared lights on the front. The wearer is completely inconspicuous to the human eye, but cameras only see a big white blur where your face should be. Building them is a snap: just take a pair of sunglasses, attach two small but powerful IR LEDS to two pairs of wires, one wire per LED. Then attach the LEDs to the glasses; the video suggests making a hole in the rim of the glasses to embed the LEDs. Glue or otherwise affix the wires to the temples of the glasses. At the end of the temples, attach lithium batteries. They should make contact with the black wire, but the red wires should be left suspended near the batteries without making contact. When you put them on the red wire makes contact, turning the lights on. It's functional, but we're thinking that installing an on/off switch would be more elegant and it would allow you to wear them without depleting the batteries.

Tip: Does Your Server Really Need a Recycle Bin?

Wed, 02 Jul 2008 04:54:44 +0000

This is obvious when you think about it. What might you do, operating on the server itself, for which you need a recycle bin? In fact, for some, like Terminal Servers, you might need then, but not on others like a web server. In the meantime, it turns out to be a potential liability there. Thanks to The Elder Geek, by way of the SBS Diva blog (read this one for better details), for pointing this out. Susan, the SBS Diva, recently had a server compromise, and it turns out that the attackers used her web server's recycle bin as a video repository. Why? Because it's hidden. Removing the recycle bin won't stop someone from compromising your server, but it will take away one place they can hide once they get in there, so you might discover the breach sooner. And if you don't delete it, at least cut it down in size from the default 10% of space, which is far too big for a server, and probably for most client desktop.

Tip: Does Your Server Really Need a Recycle Bin?

Wed, 02 Jul 2008 04:54:44 +0000

This is obvious when you think about it. What might you do, operating on the server itself, for which you need a recycle bin? In fact, for some, like Terminal Servers, you might need them, but not on others like a Web server. In the meantime, it turns out to be a potential liability there. Thanks to The Elder Geek, by way of the SBS Diva blog (read this one for better details), for pointing this out. Susan, the SBS Diva, recently had a server compromise, and it turns out that the attackers used her Web server's recycle bin as a video repository. Why? Because it's hidden. Removing the recycle bin won't stop someone from compromising your server, but it will take away one place they can hide once they get in there, so you might discover the breach sooner. And if you don't delete it, at least cut it down in size from the default 10 percent of space, which is far too big for a server, and probably for most client desktops.

Fast Track to Botnet Central

Tue, 01 Jul 2008 05:41:45 +0000

Its true, you too can finally get into the botnet you always wanted. Finally the ability to be a zombie computer under some losers control is yours!

Seriously though, becoming a victim to a hacker's botnet is incredibly easy. These attacks are not typical to other forms of destruction found on the internet. There true intent is usually to remain hidden from view until called upon. In the case of FastTrackBot however there is a new objective. FastTrackBot downloads several executable files that keep your computer clicking on the attacker's affiliate links. These executable files keep the webpages in hidden iexplore.exe windows in order to hide the application from suspicious eyes. If you're using X-cleaner, I suggest you take a look at the Expert Tab. The Show All Hidden Windows function is great for showing you exactly what is open at the time.

FastTrackBot phones home to several of these sites in order to keep the user clicks through affiliate links.

Aside from creating invisible windows to hog your bandwidth up, it also attempts to install a rogue anti-spyware application. This is a popular technique when attempting to fraud the victim into leaking credit card information when actually attempting to purchase the fake product. FastTrackBot inserts a fake security center that appears identical to the one found in Windows XP.

As you can see in the address bar, this is not the actual security center. Clicking anywhere on this window means almost certain doom in the worst way possible...a never ending stream of fake "YOU ARE INFECTED!!!!" alerts.

In order to kill the actual application, you have to remove it from memory first, then remove its autostart which is found in 5 different locations - or simply remove with our free Microscanner.

Worry Over Fate Of Nuke Bomb Data

Mon, 16 Jun 2008 06:51:59 +0000

Um, yipes?

From Seattle Times:

Four years after Abdul Qadeer Khan, the leader of the world’s largest atomic black market, was put under house arrest and his operation declared over, international inspectors and Western officials were confronting a new mystery left by him, this time over who might have received blueprints for a sophisticated and compact nuclear weapon found on his network’s computers.

Working in secret for two years, investigators have tracked the digitized blueprints to Khan computers in Switzerland, Dubai, Malaysia and Thailand. The blueprints are electronic and could be rapidly reproducible for creating a weapon relatively small and easy to hide, making it attractive to terrorists.

The revelation over the weekend that the Khan operation even had such a blueprint underscores the questions that remain about what the Pakistani metallurgist and the father of Pakistan’s nuclear-weapons program, was selling and to whom.

It also raises the possibility he may still have sensitive material in his possession.

Read on.

Article Link

Great series of articles on stayin safe online with Vista

Thu, 12 Jun 2008 13:50:57 +0000

I like this ladies series of articles.
It would benefit you to read em, even if you are not using Vista.

clipped from www.lockergnome.com

Protecting Against Spyware In Vista Part I

Syware and adware programs usually come as a part of legitimate shareware, but hide themselves in such a way that you do not always know when they are being installed. They just sit in the background and drain system resources, either displaying advertisements or worse, reporting system activity back to a central location. Marketers use information gathered from these programs to target pop-up ads and spam.

Why making health records public is not a great idea

Tue, 20 May 2008 03:21:10 +0000

Fred Wilson has an interesting blog up regarding the new Google Health service. Fred filled out his personal medical information and was disappointed that he was not able to publish this data and make it public. Fred would like to have a sidebar widget for his blog with his health profile. Many people wrote to Fred telling him why Google does not do this. Many of them centered on the fact that insurance companies would use this information against you to deny or limit your coverage. Some took shots at Fred's socio-economic status saying that he didn't care if the insurance companies used it against him because he could afford to pay whatever he had to. Fred replies that he thinks withholding or being less than open about health issues to insurance companies, investors, etc. is problematic and in a perfect world insurance companies should not be able to use this against us. In fact Fred says:

Wouldn't we all be better off with an insurance system that wasn't able to discriminate between people based on pre-existing conditions? Wouldn't we be better off if we came together to insure everyone? Wouldn't we be better off if we knew everyone's medical conditions and what treatments worked and what did not? Wouldn't we be better off if we could search for others with the same conditions to share our experiences?

I don't believe Fred feels this way because of his socio-economic status. I think Fred thinks like this because he is I assume in good health. I wonder if Fred were suffering from some medical condition, if his views on this would change. This reminds me of the "nothing to hide" argument that some use to justify the government trampling on our privacy rights. If you have nothing to hide, what do you care. I care because it is wrong. I care about not making health records public because it is wrong. We don't live in a perfect world. Even taking Hillary or Obama's health plans into account, we live in a world where insurance companies can discriminate against those with pre-existing conditions for the foreseeable future. Think about if only healthy people published their records, what would that say about people who did not publish their records?

Fred's point about searching for others with the same condition is fine, if they wanted to be found. It is inherently a persons right not to be found. In fact today if you want to share with a person who shares a medical condition with you, you can search and usually find a group and on line community of people. What is nice is some of these people can share in these groups without revealing their identity. It is this ability to remain anonymous that I think make these types of communities successful.

Fred recognizes that not everyone would want to share their records. I say once we start dividing society by those who do and don't we really already have imposed a penalty on those who cherish their privacy.