RB | Bach Seat - Part 118

Archive for RB

RB | July 10, 2014

Comments Off

How Many Clicks in a Big Mac

Video gaming for hours is exhausting, so surely it counts as some sort of workout, right? TechCrunch reports that a Japanese publication has estimated how many calories it takes to click a mouse button once. “Convert Anything to Calories,” recently published in PHP Science World, has narrowed down a mouse click to 1.42 calories.

Muscles per click

They calculated an index finger at a volume of 10.8 cubic centimeters, with a weight of 11.7 grams, taking 195 micromoles of ATP (Adenosine Triphosphate the molecule that transports energy in cells) to move the index finger muscles per click according to the article.

With the average daily calorie consumption of an adult male and female estimated at 2,000 kcal and 1,700 kcal (one kcal is a thousand calories), respectively, it’s time to get clicking if you want to make any dent in that amount. Still, if you do manage to use your mouse energetically enough, at a rate of 1.42 calories.

How many clicks to burn off a Whopper

Others have calculated that it will take 387,000 clicks to burn off a McDonald’s Big Mac and a Burger King Whopper can be worked off with just 450,000 mouse clicks.

rb-

Get clicking!

The alcohol calorie catastrophe (alcoholiba.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Health care | Tags: 2014, Adenosine Triphosphate, Big Mac, Calorie, Click, Index finger, Mouse, Whopper

RB | July 7, 2014

Comments Off

Conficker Worm – Still Alive

After 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs. It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker worm Despite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number, it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

Even with an ancient OS, there are ways to prevent Conficker

Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
Patch your systems
Keep Anti-Malware up to date
Stay away from shady places on the web
Be wary of email attachments – Don’t open what you don’t know
The Conficker Working Group has an easy way to check if your machine is infected with Conficker here

Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

Category: Uncategorized | Tags: 2014, 7, Conficker, Conficker Working Group, Malware, Microsoft, MSFT, TMICY, Trend Micro, Vista, Windows, XP

RB | July 3, 2014

Comments Off

Happy 4th

Independence Day 1915

Superior View

Category: Holidays | Tags: 2014, Fourth of July, Holiday, Independence Day, Michigan

RB | July 1, 2014

Comments Off

Another Cloud Implosion

Code Spaces, formerly a popular cloud-based source code hosting service run by AbleBots from New Jersey was forced to close. Infosecurity reports that after an attacker managed to get access to its Amazon (AMZN) Web Services EC2 control panel and delete most of its customers’ data. According to an explanation on the Code Spaces website, the firm was a victim of DDoS with the apparent attempt to extort “a large fee to resolve the DDOS.”

As the firm attempted to restore control of its machines, the attacker escalated the attack, the site says;

hanging out a closed sign

… the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel … We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances. In summary, most of our data, backups, machine configurations, and offsite backups were either partially or completely deleted.

Code Spaces marketed itself as a trusted provider offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” and a “full recovery plan” with full redundancy, duplication, and distribution of the data across three different geographical data centers if things went wrong. According to the Infosecurity blog despite the marketing hype the Code Spaces sites is folding up its tent and hanging out a closed sign by saying;

Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility.

rb-

Another high-profile Cloud Computing service goes bust. Last year when Nirvanix went belly up I wrote about the need for a cloud exit plan. Calum MacLeod, vice president of EMEA at Lieberman Software told CIO.com that security incidents like this are avoidable if companies take effective steps. He suggested firms should implement:

Certificate-based authentication along with normal user IDs and passwords,
Whitelist applications,
A schedule for changing Credentials every few hours for critical applications,
Continuous discovery of the systems and applications to check if there were any changes to account settings, like happened to Code Spaces where new privileged accounts were created to allow the attack to continue.

He concludes that the Code Spaces incident reads like a cyberattack 101 scenario, where the failure to properly manage privileged credentials ultimately was the cause of the breach.

Other suggested measure for organizations using AWS would be to enable multi-factor authentication for admin logins. Alternatively, to prevent the wholesale loss of files Amazon Glacier could be used for longer-term data archival, to augment regular offline backups.

eFolder Acquires Cloudfinder, Empowers Managed Backup and Search for… (prweb.com)

Category: Uncategorized | Tags: 2014, Amazon, AMZN, Cloud computing, Code Spaces, DDOS, EC2, Fail, Ransomware, Security, Web Services

RB | June 26, 2014

Comments Off

Who’s Hacking Who?

Update – The hacking map function seems to have been shut down – I got an error message “All access to this object has been disabled.”

A new animated map of the Internet created by the U.S.-based computer security firm Norse helps cyber-defenders visualize where hackers are coming from and illustrate just how ubiquitous hacking is around the world according to a recent article by Maya Kosoff from BusinessInsider.

St. Louis-based Norse offers a product call IPViking which displays a map and lists of the countries doing the most hacking, the countries getting hacked the most, and the types of attacks happening. Quartz noted the animated map looks kind of like the vintage video game Missile Command.

Norse, founded by a former intelligence expert with the U.S.’s Department of Homeland Security explained to Smithsonian Magazine how the system works;

attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.

BI continues that the map doesn’t show all the hacking going on in the world, it could be a representative snapshot of today’s hacking ecosystem. A snapshot of the stats shows some of the baseline back-and-forth hacking attempts. Today, over 5 hours,

The top attack types:

SSH port 22 – 6,308 attacks
SIP port 5060 – 2,380 attacks
Microsoft-DS port 445 – 2,317 attacks
MS-SQL-S port 1433 – 2,193 attacks
DNS port 53 – 2,182 attacks
HTTP-Alt port 8080 – 2,007 attacks
SNMP port 161 – 1,367 attacks
MS-term-services port 3389 – 1,327 attacks

Internet Attacks

Rank	# of Attacks sent	Attack Origins	Rank	# of Attacks received	Attack Target
1	12,216	China	1	27,667	United States
2	7,827	United States	2	1,161	Thailand
3	2,446	Mil/Gov	3	1,077	Hong Kong
4	2,161	Netherlands	4	682	Canada
5	1,899	France	5	655	Portugal
6	1,351	Russia	6	650	Australia
7	1,331	Canada	7	600	Singapore
8	717	Hong Kong	8	469	Netherlands
9	627	Thailand	9	458	France
10	495	Bulgaria	10	411	Bulgaria

Internet Attacks as logged by Norse IPViking on 6-25-14 approx. 11:00 to 16:00

rb-

I have posted a couple of good maps on here before. This map relays a lot of good info while being mesmerizing also. The amount of malicious traffic flying at U.S. sites is staggering. The attacker’s emphasis is on basic network services, SSH, SIP, AD, SQL, DNS, HTTP, SNMP. Attacks on the basic services we rely on reinforce the urgency for U.S. network users to get their basics in order. The U.S. and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries.

Now for the really scary part. This IPViking map only reveals the tip of the hack-attack iceberg. It only shows penetration attempts against Norse’s network of “honeypot” traps. The real number of hack attempts lighting up interwebs at any given moment is far, far greater than this cool piece of big data mining can ever possibly show.

A secure cloud can keep an enterprise safe from attack (cloudentr.com)

Category: Uncategorized | Tags: 2014, Active Directory, Attack, Dection, DNS, Hacking, Honeypot, HTTP, Innovation, Internet, IP, IPViking, Map, Norse, Security, SIP, SNMP, SQL, SSH

« Older Entries Recent Entries »

Bach Seat

Archive for RB

How Many Clicks in a Big Mac

Muscles per click

How many clicks to burn off a Whopper

Related articles

Conficker Worm – Still Alive

6 years old

Over 1.1 million IPs related to Conficker.

Related articles

Happy 4th

Independence Day 1915

Who’s Hacking Who?

Internet Attacks

Related articles

Meta