Casino

Why ask for vulnerability scan?

Why audit your computer?

An ethical hacker can scan, then  “attack”  your computer or network and then tell you what is going on with any vulnerabilities.

Such as you say?  How about Ecigs that give you malware?

http://blog.trendmicro.com/trendlabs-security-intelligence/yet-another-digital-picture-frame-malware-incident/

Advanced Threats Researcher Paul Ferguson alerted us today to a report that Amazon.com and Samsung have informed their consumers regarding the discovery of a Sality worm on the product’s installer disc (Samsung Frame Manager XP version 1.08). The infected installer disc is needed to use their product, the Samsung SPF-85H 8-Inch Digital Photo Frames w/ 1GB Internal Memory, as a USB monitor.

 

What a well known manufacturer has unknowingly given malware to their customers? It happens unfortunately.

ecigchargeimagesecigchargerimages

even as innocuous as an Ecig can have malware…  How? Remember my BadUSB post? October 7th I wrote about how USB devices can have inapropriate software in the firmware portion of the USb device (as in the picture below)

badUSB

 

So the moral of the story is any device that you installed on your computer, could have been previously infected.  How does one truly know that your systems are free of infectious software?

The only way is to audit them. To have an independent party take a look at your computers and network.

 

Contact us to discuss with us a free initial visit of your situation.

 

We have an alpha scan among others…

 

Must Have Anti-malware Strategy

To prove this beyond a shadow of doubt:

There are several methods malware can get on your system.   (most likely method is if you click on an attachment that you should not, and that your system is not patched which causes software to be installed and then your machine is infected.

 

 

 

 

Malware Must Die! blog explains how malware code gets installed (i.e. how the code is installed)  of malware attack code:

Blog.malwaremustdie.org   “China ELF(Executable Linking Format) botnet malware infection & distribution scheme unleashed

There are so many ELF malware infection with the multiple type of backdoors and DDoS’ers originated from China.”

There is an interesting video on the site which shows a hacker attacking, maneuvering within a remote session. (Windows machine)

ELF is explained here http://elinux.org/Executable_and_Linkable_Format_%28ELF%29

Malware Must Die! also had an earlier post on the shellshock attack which was an explanation of the Mayhem ELF.so botnet.

The shellshock attack tried to modify a tmp file on the system, run it and then remove the file. So essentially they ran software after installing/downloading it and then removing the /tmp file.  This is a sophisticated attack. and if your system is vulnerable to Shellshock it may have been hit with the Mayhem botnet.

Contact Us to test your systems

Review Your Network Computer Security

“… Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations…”

THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS
OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF ,
U.S. DEPARTMENT OF DEFENSE

NIST publication 800-39 http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf

Follow these steps to review your computer network security:

A. Ensure that senior leaders executives recognize the importance of managing information

security risk and establish appropriate governance structures for managing such risk

1. Develop Risk Assessment for the systems on the Internet, create a priority listing, where the systems most critical are noted as such.

2. Create a Security Policy  (governance structure) from the Risk Assessment

3. Have an independent person (not your IT department) check the system for Software and ports open  (Audit), review your security policy, does it work with the risk assessment?

4. Review the software and ports open with IT department to ensure they are all patched (digest the Audit)

5. Create any documentation that is necessary to complete a full Network Computer Security risk Analysis

 

Contact Us for help in all of these steps.  We do Computer Security all day every day.

fixvirus-logo-small

 

 

How would one analyze risks?

Risk analysis as it pertains to computer resources, is a process of determining potential fiscal cost of having one or more of the three elements(reliability, integrity, and confidentiality)

First what are we risk analyzing?     A Website that is hosted by a third party

Why are we risk analyzing?  To determine if we need more security (more resources)

A vulnerability analysis involves what could occur if the system was compromised and thus affect (reliability, integrity, and confidentiality)

A threat analysis is a process of identifying who can negatively affect (reliability, integrity, and confidentiality)

in these assessments a percentage chance of likelihood of attack on the system

what is the value of the website?

riskassessment

Out of the various analyses we can start to create a Risk Assessment matrix for each device or website. For each software

One unfortunate aspect of Risk assessment is not being able to asses the Unknown unknowns.

A new Zero-day attack could negatively affect the systems and thus either degrade or bring down the site for a while. One needs to decide on the value of the computing resources to decide the level of testing and monitoring.

 

Contact us to make an analysis for your situation.

Tony Zafiropoulos  314-504-3974

 

 

Kaspersky IT Security survey: “Fighting the Silent threat”

Kaspersky PDF download link

 

kasperskythreat

Highest threat(2013 survey) is malware or viruses. , the next threats come to Spam, and phishing attacks.

Network intrusion or hacking is 4th, then after that theft of mobile devices and then Denial Of Service attacks.

One can boil the survey down to the following:

Virus, malware, and phishing attacks coming in through Spam.

While Network intrusion and Denial of Service is next on the threat-meter.

Losing mobile devices to theft comes next.

 

Why discuss this at all? it seems that all of these answers are common sense.

even though each survey answer is understandable, it is good to know what is happening in other companies.

Plus one can budget resources appropriately.

 

If you ask me though, Anti-virus and anti-malware tools are a must, so once you have them the next point of order is to have more people working on the intrusion detection/ and denial of service attack vector.

Putting some resources into anti-theft technologies is also important.

 

Contact me and I can help you verify your systems.

 

In business since 1995 as IT consultant – Systems Engineer

My education is as a Systems engineer (and is in my Blood :)

 

What is a systems engineer?

Applied Mathematics as well as engineering.

 

What sets Systems Engineering apart from standard IT?

waterfall

Notice the Waterfall approach in software development (I worked at as software company before starting my business in 1995) the Analysis comes before Design and then development and then testing.

 

Now Systems engineering approach:

systemsengineeringprocess

From University of Arizona: http://www.sie.arizona.edu/sysengr/whatis/whatis.html

Notice the basic closed feedback loop:

closedloopfeedback

From http://fas.org/man/dod-101/navy/docs/es310/Int_SysE/Int_SysE.htm

Which I studied intimately.

The similarity of a closed feedback loop and Agile Programming methodologies are uncanny.

agiledevelopmentprocess1

This is why I was able to pick up Agile Programming methods(in late 90’s), as it  is very similar to a closed feedback loop in Systems Engineering.

So why are we discussing this?

closedloopCEOprocess

It is because I am trying to create a Closed Feedback loop for the CEO/CFO

Customer needs are input into the “Company system”- IT department/ IT Security  and products get created.

Fixvirus will test and let the IT department know how to fix, while writing the report for the CEO/CFO.

 

Contact Tony Zafiropoulos 314-504-3974 to discuss your testing needs.

tonyz”@”fixvirus.com

 

 

 

 

 

Defend correctly or in time the criminals will force you to pay attention- Cryptowall 2.0

Hopefully you will not see this image on any of your computers:

cryptowall2.0message

But unfortunately there is no way to recover from this Cryptowall infection, the only hope is to recover the files,from a shadow volume setting which you hopefully had turned on before the infection. Of course if you still have WindowsXP – you have no methods of recovery except from any backups created.

Notice the criminal is also asking to be paid using an anonymous method with the TOR browser. Please do not pay this criminal. There are no guarantees that you will receive the unencrypt method.

This is the  text:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/12Uj7f4
2.https://paytordmbdekmizq.pay2tor.com/12Uj7f4
3.https://paytordmbdekmizq.tor2pay.com/12Uj7f4
4.https://paytordmbdekmizq.pay4tor.com/12Uj7f4

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/12Uj7f4
4.Follow the instructions on the site.

IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/12Uj7f4
Your personal page (using TOR): paytordmbdekmizq.onion/12Uj7f4
Your personal identification number (if you open the site (or TOR ‘s) directly): 12Uj7f4

 

 

Do you want to get ahead of all the security headlines?

Yes it is possible to get in front of security problems.

First have a Security policy in place.

The policy will include patching all systems in a best possible method. I.e. cannot patch a system during production hours without testing first. But as soon as a patch is tested, then the production system should be patched.

Items as how to handle new USB drives is important.

Second have the best possible technologies in place which includes the following:

NGFW – Next Generation FireWall  – not just stateful multi-layer inspection, but an integrated Intrusion Prevention System that operates at layer 3 or layer 2.

Wifi access points with  WPA2 encryption

wiresinto-modem

We can help you size a firewall technology for your needs.  Contact Us  Tony Zafiropoulos 314-504-3974

 

New video – includes Kmart breach

Kmart had an IT department and still got a malware breach with the credit card numbers stolen.

We are attacked by 5 trillion scans per month?

JPMORGAN SPENT $250 MIL DOLLARS ON SECURITY DEFENSE – STILL HACKED. http://oversitesentry.com/?p=614

http://oversitesentry.com/?p=606    The post that explains the number of scans per month ( a USENIX conference paper)

If there are any weaknesses the hackers will find them.