Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Can Former Staff Still Access Secure Info?
InfoSecurity Magazine recently published an article that blames cavalier attitudes about password management for a new era of data breaches. The article says that a fundamental lack of IT security awareness in enterprises, particularly in the arena of controlling privileged logins, is potentially paving the way for a further wave of data breaches.
The author cites a survey from Lieberman Software of IT security professionals. In the survey, 13% of IT security pro’s interviewed at the RSA Conference 2014 in San Francisco admit to being able to access previous employers’ systems using their old credentials.
Perhaps even more alarming is that of those able to get access to previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials. And, shockingly, more than 16% admit to still having access to systems at all previous employers Lieberman reports. Philip Lieberman, CEO and president of the company, told InfoSecurity in an interview that he blames executives who are satisfied with only meeting minimum security requirements.
Investments in security for technology, people, and processes have been meager, at best, in most organizations for many years … many C-level executives have been strongly discouraged from implementing anything other than the minimum security required by law.
The survey also showed a communications breakdown between the IT Pros and management. Nearly one in five respondents admit that they do not have, or don’t know if they have, a policy to make sure that former employers and contractors can no longer access systems after leaving the organization according to the article.
The survey also found that current employees are also a concern. The InfoSecurity article says that almost 25% of employees surveyed said that they work in organizations that do not change their service and process account passwords within the 90-day time frame commonly cited as best practice by most regulatory compliance mandates. Lieberman pointed out that users who run with elevated privileges can introduce all sorts of IT headaches by downloading and installing applications, and changing their system configuration settings. CEO Lieberman warned that an organization would be wise to strictly control and monitor the privileged actions of its users by:
- Get control over privileged accounts. Start by generating unique and complex passwords for every individual account on the network – and changing these passwords often (no more shared or static passwords).
- Make sure you’re securely storing current passwords and making them available only to delegated staff, for audited use, for a limited time (no more anonymous and unlimited privileged access – for anyone).
- Automate the entire process with an enterprise-level privileged identity management approach. Mr. Lieberman argues, “when users exhibit poor behavior while logged into their powerful privileged accounts, you can be immediately alerted and respond to the threat.”
Mr. Lieberman told InfoSecurity that In the wake of the Edward Snowden / NSA scandal and the Target breach, one would think that corporations would feel that minimizing the insider threat and the attempts of sophisticated criminal hackers to groom those with privileged accounts would be of tantamount importance. But, Lieberman cited a “half-life mentality of opening the pocketbook for security investments immediately after a data breach occurs, but then diminishing back to basic security after a few months.”
rb-
When an employee leaves the company, it’s imperative to ensure that he or she is not taking the password secrets that can gain access to highly sensitive systems.
To back this up, Verizon’s 2013 annual Data Breach Investigations Report says that more than three-quarters (76%) of network intrusions relied on weak or stolen credentials – a risk that Verizon describes as “easily preventable”.
Creating Privileged Accounts:
- Never issue direct access to Administrator or Root, create a unique alias.
- Require password complexity, history and expiration.
Disabling Privileged Accounts:
- Get the termination notice in writing from someone up the food chain before acting, then disable the account ASAP.
- Disable the account, Lock the account, Change the password.
- Don’t change the user name or delete the account until you are sure. Prematurely removing an Admin Account could break some applications or connectors.
- Don’t forget about other accounts, email, VPN, wipe mobile devices, access control PINs.
Related articles
- Protecting Against the Insider Threat (duosecurity.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, Computer security, Edward Snowden, Lieberman, Password, Password management, Privileged Identity Management, Security
More Server Admin Passwords Exposed
I just wrote about the hole in IPMI and now researchers are reporting more problems. Help Net Security writes that over 30,000 servers with the Super Micro WPCM450 line of chips on their motherboards have baseboard management controllers (BMCs) that offer up administrator passwords to anyone who knows where to look. Zachary Wikholm, a senior security engineer with the Security Incident Response Team of hosting provider CARI.net warns that BMC’s which collect information on the health of the hardware and software data do not protect this critical information, Mr. Wikholm wrote;
You can quite literally download the BMC password file from any UPnP-enabled Super Micro motherboard running IPMI on a public interface
The article explains this confidential information is available because Super Micro created the password file in plain text. The file can be downloaded by simply connecting to port 49152. The researcher added that many more critical files can be accessed by the public;
All the contents of the /nv/ directory are accessible via browser including the server.pem file, the wsman admin password and the netconfig files
Help Net Security confirms that Super Micro no longer uses the WPCM450 chips. But a scan of the Internet using Shodan, a specialized search engine for finding embedded systems, indicated 31,964 affected systems were online. The company has also offered up a fix, to this vulnerability which requires administrators to re-flash their systems with the new IPMI BIOS. This workaround is not available to all servers, especially in 24×7 shops.
Mr. Wikholm has stepped in and has devised a temporary fix for those who don’t want to risk re-flashing the server IPMI BIOS. The fix centers around killing UPnP processes on the BMC. The drawback of the fix is that it lasts only as long as the system isn’t disconnected or rebooted.
The existence and the exploitation potential of the flaw was confirmed by SANS ISC handler Tony Carothers: “One of our team has tested this vulnerability, and it works like a champ, so let’s add another log to the fire and spread the good word.”
rb-
Fortunately Super Micro no longer sells this chipset, but there are still over 30K of these time-bombs out there waiting to explode on some poor sysadmin. Hopefully checking out the IPMI BMC is now part of a standard device hardening policy. if not, it should be.
Related articles
- A Penetration Tester’s Guide to IPMI and BMCs (community.rapid7.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, BMC, IPMI, Passwords, Plain Text, SANs, Security, Super Micro, UPnP, Vulnerability
How Many Clicks in a Big Mac
Video gaming for hours is exhausting, so surely it counts as some sort of workout, right? TechCrunch reports that a Japanese publication has estimated how many calories it takes to click a mouse button once. “Convert Anything to Calories,” recently published in PHP Science World, has narrowed down a mouse click to 1.42 calories.
Muscles per click
They calculated an index finger at a volume of 10.8 cubic centimeters, with a weight of 11.7 grams, taking 195 micromoles of ATP (Adenosine Triphosphate the molecule that transports energy in cells) to move the index finger muscles per click according to the article.
With the average daily calorie consumption of an adult male and female estimated at 2,000 kcal and 1,700 kcal (one kcal is a thousand calories), respectively, it’s time to get clicking if you want to make any dent in that amount. Still, if you do manage to use your mouse energetically enough, at a rate of 1.42 calories.
How many clicks to burn off a Whopper
Others have calculated that it will take 387,000 clicks to burn off a McDonald’s Big Mac and a Burger King Whopper can be worked off with just 450,000 mouse clicks.
rb-
Get clicking!
Related articles
- The alcohol calorie catastrophe (alcoholiba.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Health care |
Tags: 2014, Adenosine Triphosphate, Big Mac, Calorie, Click, Index finger, Mouse, Whopper
Conficker Worm – Still Alive
After 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.
6 years old 
For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs. It then connects to these created URLs to download files on the system.
Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.
Despite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE payload in email attachments are attributed to Conficker infected machines.
Over 1.1 million IPs related to Conficker.
On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number, it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.
rb-
With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.
Even with an ancient OS, there are ways to prevent Conficker
- Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
- Patch your systems
- Keep Anti-Malware up to date
- Stay away from shady places on the web
- Be wary of email attachments – Don’t open what you don’t know
- The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
- Mobile malware: Past and current rends, prevention strategies (cloudentr.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
