Featured Posts

<< >>

Top Troll Reloads

It’s been a good year for patent trolls, and now the biggest troll of them all wants to keep the party going reports Jeff John Roberts at GigaOM. He points to a report reveals that Intellectual Ventures has acquired more than 200 new patents, which will help IV extend its legal tentacles in fields like

Many Ex-employees Can Still Access Privileged Info

 InfoSecurity Magazine recently published an article which blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches. The author

More Server Admin Passwords Exposed

I just wrote about the hole in IPMI and now researchers are reporting more problems. Help Net Security writes that over 30,000 servers with the Super Micro WPCM450 line of chips on their motherboards have baseboard management controllers (BMCs) that offers up administrator passwords to anyone who knows where to look. Zachary Wikholm, a senior

How Many Clicks in a Big Mac

Video gaming for hours is exhausting, so surely it counts as some sort of workout too, right? TechCrunch reports that a Japanese publication has estimated how many calories it takes to click a mouse button once. “Convert Anything to Calories,” recently published in PHP Science World, has narrowed down a mouse click to 1.42 calories. They calculated

Conficker Worm – Still Alive

After 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45 percent of malware related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT)

Top Troll Reloads

Top Troll ReloadsIt’s been a good year for patent trolls, and now the biggest troll of them all wants to keep the party going reports Jeff John Roberts at GigaOM. He points to a report reveals that Intellectual Ventures has acquired more than 200 new patents, which will help IV extend its legal tentacles in fields like wireless infrastructure and cloud computing.

Patent troll aquires more patentsGigaOM explains that IV’s peculiar brand of innovation involves acquiring old patents and using them to arm thousands of shell companies, whose sole business is to extract licensing fees from productive businesses.

News of IV’s restocked war chest, which Reuters says is partially funded by Microsoft (MSFT) and Sony (SNE) comes after earlier reports that initial investors, including Apple (AAPL) and Intel (INTC) declined to take part in IV’s newest trolling fund. According to the report, by law firm Richardson Oliver and spotted by IAM, the fund is on track since IV purchased 16 percent of all available patent packages in the first half of 2014. A chart by the firm suggests it paid $1-$2 million in most cases; here’s a partial look:

Patent Troll may target cloud computing next

Rampant  mobile phone patent trollingThe chart shows six patents related to the cloud computing industry, which has so far escaped the rampant patent trolling that has plagued mobile phone and app developers. The author speculates cloud computing could now be prime picking for IV in the coming year.

IV is well-positioned to exploit the patents thanks to Senate Democrats, who in May killed a bipartisan Patent reform bill that would have undercut many of the economic incentives for patent trolling according to Mr. Roberts. IV has also been active on the lobbying front, filing to start a PAC this year and donating sums of money to Senator Dick Durbin (D-Il), who is closely allied to the trial lawyer lobby that reportedly helped to derail reform.

Corrupt politcanGigaOM believes darker clouds could be looming for IV. They cite growing public skepticism towards patent trolls, who now account for 67 percent of all new lawsuits. The trolls have received harsh treatment from the likes of NPR and the New York Times, while the Supreme Court’s repeated criticism of slip-shod patents may finally be making it harder for companies to abuse them.

Meanwhile, respected tech figures like Marco Arment have lashed out at IV’s business model as “cowardly” while inventors like Tesla’s Elon Musk have questioned the value of patents to begin with.

rb-
Uh oh, the world’s biggest patent troll has restocked its weapons chest — and it looks like their next target will be cloud computing.

Many Ex-employees Can Still Access Privileged Info

 InfoSecurity Magazine recently published an article which blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches.

Access filesThe author cites a survey from Lieberman Software of IT security professionals. In the survey 13% of IT security pro’s interviewed at the RSA Conference 2014 in San Francisco admit to being able to access previous employers’ systems using their old credentials.

Perhaps even more alarming is that of those able to access previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials. And, shockingly, more than 16% admit to still having access to systems at all previous employers Lieberman reports. Philip Lieberman, CEO and president of the company, told InfoSecurity in an interview that he blames executives who are satisfied with only meeting minimum security requirements.

Investments in security for technology, people and processes have been meager, at best, in most organization for many years … many C-level executives have been strongly discouraged from implementing anything other than the minimum security required by law.

Staff leavingThe survey also showed a communications breakdown between the IT Pro’s and management. Nearly one in five respondents admit that they do not have, or don’t know if they have, a policy to make sure that former employers and contractors can no longer access systems after leaving the organization according to the article.

The survey also found that current employees are also a concern. The InfoSecurity article says that almost 25% of employees surveyed said that they work in organizations that do not change their service and process account passwords within the 90-day time frame commonly cited as best practice by most regulatory compliance mandates. Lieberman pointed out that users who run with elevated privileges can introduce all sorts of IT headaches by downloading and installing applications, and changing their system configuration settings. CEO Lieberman warned that an organization would be wise to strictly control and monitor the privileged actions of its users by:

  1. Get control over privileged accounts. Start by generating unique and complex passwords for every individual account on the network – and changing these passwords often (no more shared or static passwords).
  2. Make sure you’re securely storing current passwords and making them available only to delegated staff, for audited use, for a limited time (no more anonymous and unlimited privileged access – for anyone).
  3. Automate the entire process with an enterprise-level privileged identity management approach. Mr. Lieberman argues,. “when users exhibit poor behavior while logged into their powerful privileged accounts, you can be immediately alerted and respond to the threat.”

Head in the sandMr. Lieberman told InfoSecurity that In the wake of the Edward Snowden / NSA scandal and the Target breach, one would think that corporations would feel that minimizing the insider threat and the attempts of sophisticated criminal hackers to groom those with privileged accounts would be of tantamount importance. But, Lieberman cited a “half-life mentality of opening the pocketbook for security investments immediately after a data breach occurs, but then diminishing back to basic security after a few months.

rb-

When an employee leaves the company, it’s imperative to ensure that he or she is not taking the password secrets that can gain access to highly sensitive systems.

To back this up, Verizon’s 2013 annual Data Breach Investigations Report says that more than three-quarters (76%) of network intrusions relied on weak or stolen credentials – a risk that Verizon describes as “easily preventable”.

Creating Privileged Accounts:

  • Never issue direct access to Administrator or Root, create a unique alias.
  • Require password complexity, history and expiration.

Disabling Privileged Accounts:

  • Get the termination notice in writing from someone up the food chain before acting, then disable the account ASAP.
  • Disable the account, Lock the account, Change the password.
  • Don’t change the user name or delete the account until you are sure. Prematurely removing an Admin Account could break some applications or connectors.
  • Don’t forget about other accounts, email, VPN, wipe mobile devices, access control PINs.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

More Server Admin Passwords Exposed

More Server Admin Passwords ExposedI just wrote about the hole in IPMI and now researchers are reporting more problems. Help Net Security writes that over 30,000 servers with the Super Micro WPCM450 line of chips on their motherboards have baseboard management controllers (BMCs) that offers up administrator passwords to anyone who knows where to look. Zachary Wikholm, a senior security engineer with the Security Incident Response Team of hosting provider CARI.net warns that BMC’s which collect information on the health of the hardware and software data do not protect this Confidential informationcritical information, Mr. Wikholm wrote;

You can quite literally download the BMC password file from any UPnP-enabled Super Micro motherboard running IPMI on a public interface

The article explains this confidential information is available because the Super Micro created the password file in plain text. The file can be downloaded by simply connecting to port 49152. The researcher added that many more critical  files can be accessed by the public;

All the contents of the /nv/ directory are accessible via browser including the server.pem file, the wsman admin password and the netconfig files

PatchHelp Net Security confirms that Super Micro no longer uses the WPCM450 chips. But a scan of the Internet using Shodan, a specialized search engine for finding embedded systems, indicated 31,964 affected systems were online. The company has also offered up a fix, to this vulnerability which requires administrators to re-flash their systems with the new IPMI BIOS. This work-around is not available to all servers, especially in 24×7 shops.

Mr. Wikholm has stepped in and has devised a temporary fix for those who don’t want to risk re-flashing the server IPMI BIOS. The fix centers around killing UPnP processes on the BMC.The drawback of the fix is that it is lasts only as long as the system isn’t disconnected or rebooted.

The existence and the exploitation potential of the flaw was confirmed by SANS ISC handler Tony Carothers: “One of our team has tested this vulnerability, and it works like a champ, so let’s add another log to the fire and spread the good word.”

rb-

Fortunately Super Micro no longer sells this chip set, but there are still over 30K of these time-bombs out there waiting to explode on some poor sysadmin. Hopefully checking out the IPMI BMC is now part of a standard device hardening policy. if not, it should be.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

How Many Clicks in a Big Mac

How Many Clicks in a Big MacVideo gaming for hours is exhausting, so surely it counts as some sort of workout too, right? TechCrunch reports that a Japanese publication has estimated how many calories it takes to click a mouse button once. “Convert Anything to Calories,” recently published in PHP Science World, has narrowed down a mouse click to 1.42 calories.

Index fingerThey calculated an index finger at a volume of 10.8 cubic centimeters, with a weight of 11.7 grams, taking 195 micromoles of ATP (Adenosine Triphosphate the molecule that transports energy in cells) to move the index finger muscles per click according to the article.

With the average daily calorie consumption of an adult male and female estimated at 2,000 kcal and 1,700 kcal (one kcal is a thousand calories), respectively, it’s time to get clicking if you want to make any dent in that amount. Still, if you do manage to use your mouse energetically enough, at a rate Whopperof 1.42 calories.

Others have calculated that it will take 387,000 clicks to burn off a McDonalds Big Mac and a Burger King Whopper can be worked off with just 450,000 mouse clicks

rb-

Get clicking!

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45 percent of malware related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.
 

Conficker wormFor those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October, 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration, mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate response.

SPAMDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware related spam mails are delivered by machines infected by Conficker worm.  Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related with Conficker. What ever the number,  it’s still a big number, for a 6 year malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

Infographic: End Of Support Changes Little About Windows XP's Popularity | Statista

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Dont open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.