Tag Archive for Microsoft

| August 5, 2014
Comments Off on Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS MalwareThe U.S. Department of Homeland Security (DHS) has issued a warning to retailers. DHS reports that cybercriminals are using remote desktop software to open up retailers’ networks to point-of-sale malware attacks. Point of Sale (POS) systems have been at the heart of many of the recent data breaches. Retailers impacted include Target, Jimmy John’sP.F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International the New York Times reported.

Research conducted by the DHS, the Secret Service, the National Cybersecurity and Communications Integration Center, and security firm Trustwave SpiderLab. have following the attacks. During the attacks, Cybercriminals are scanning corporate systems for remote desktop software. The attackers are looking for Microsoft (MSFT) Remote DesktopApple (AAPL) Remote Desktop, Google (GOOG) Chrome Remote Desktop, Splashtop, Pulseway, and LogMeIn’s join.me.

Install malware

After finding an exposed system, attackers launch brute force attacks on the login feature. FireceIT Security reports that once the attackers gain network access, they deploy Backoff POS malware.  steal customer payment data and hide the theft using encryption.  An alert was issued by US-CERT on 07-31-2014 that explained how the malware gets installed.

At the time of discovery and analysis, the [Backoff] malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious

malwareUS-CERT has informed anti-virus vendors of the threat from Backoff malware and they will be updating their software to detect and block the malware. The malware can scrape memory for track data, log keystrokes, engage in command and control communication, and inject a malicious stub into explorer.exe that ensures “persistence in the event the malicious executable crashes or is forcefully stopped.”

The article concludes, “The impact of a compromised POS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts.

rb-

Lesson learned?If mega-firms like Target can be breached, what chance do small mom-and-pop POS firms in schools, food trucks, kiosks at the airport stand? I say not much. I have worked with several POS vendors and it seems they barely understand their own product, let alone SSL certs, VPNs.

Here are some tips from Verizon’s 2012 research into security breaches affecting companies that use POS systems to process customer payments. Make sure your POS vendor does the following:

1.  Change administrative passwords on all POS systems. (Hackers are scanning the Internet for easily guessable passwords).

2.  Implement a firewall or access control list on remote access /administration services. (If hackers can’t reach your systems, they can’t easily steal from it).

3.  Avoid using POS systems to browse the web (or anything else on the Internet).

4.  Make sure your POS is a PCI DSS compliant application (ask your vendor)

5.  Use password management software like LastPass to generate secure passwords. (LastPass allows you to avoid storing passwords in your browsers and can generate ready-to-use secure passwords for you).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 29, 2014
Comments Off on Clock Ticking on Windows Server 2003 Deployments

Clock Ticking on Windows Server 2003 Deployments

Clock Ticking on Server 2003 DeploymentsNow that everybody has worked Windows XP out of the PC fleet (LOL), another Redmond deadline looms. Microsoft (MSFT) will be ending all support on the venerable workhorse of many organizations, Windows Server 2003. Windows Server 2003 (and R2) will cease to be supported by Microsoft on July 14, 2015. Yeap that is less than one year.

Windows Server 2003 logoPaul Mah at FierceCIO explains that Windows Server 2003 will be end-of-support phase on July 14, 2015, and will no longer be updated with security patches and bug fixes. He points out that companies that continue to run Windows Server 2003 July 14, 2015, will start to fail standard compliance audits. Regulations such as HIPAA, PCI, and SOX require regulated industries to run on supported platforms. Michael Cobb at SearchSecurity reminds us that most compliance and regulatory standards consider running end-of-life software as a control failure.

FierceCIO estimates that custom support agreements for Windows Server 2003 will have a hefty price tag of $200,000 per year. The article quotes Brad Anderson, Microsoft corporate vice president of Windows Server and System Center, “If new issues do happen to be found, the only way to receive additional updates will be through a custom support agreement.”

End of LifeCompliance considerations aside Windows Server 2003 would have been in operation for 12 years at that point. The article says companies that continue to use an unsupported platform could find support for some server applications suspended–including all Microsoft applications.

Microsoft is expecting a large number of existing deployments to be migrated to its latest Windows Server 2012 platform. This mandatory migration could help MSFT with its market share against is virtual nemesis VMware (VMW). Mr. Anderson says a lot of Server 2003 machines need to be upgraded.

The fact of the matter is that there is a significant amount of Windows Server 2003 to upgrade around the world. We estimate that there are more than 15 million physical servers that are likely to be upgraded over the next 12 months.

Windows HyperVMigrating millions of servers to Windows Server 2012 gives Microsoft’s virtualization technology, Hyper-V, a big boost, noted eWeek. This is because Windows Server 2003 doesn’t have any virtualization technology baked in, unlike Server 2012 which comes with Hyper-V for support for up to 1,024 active virtual machines (VM) and up to 1TB of memory per VM.

The clock is ticking though for companies looking to make the switch. The FierceCIO article reports the average Windows Server migration takes 200 days. This means that organizations looking to get started very soon, or risk running out of time.

Over at SearchSecurity, Michael Cobb, CISSP, offers a starting point for migrating from Windows Server 2003.

Upgrade nowStart now – Mr. Cobb warms that phasing out Windows Server 2003 will be a complicated process there are choices that must be made that will affect infrastructure strategies for the foreseeable future.

Hosted Services – Organizations using hosted services will have no choice but to update their legacy software. Mr. Cobb says providers will ultimately force customers to upgrade from Windows Server 2003 so that they can continue to provide the support and security promised in their service-level agreements.

Enterprises have a couple of upgrade options when it comes to retiring Windows Server 2003 according to Mr. Cobb.

  • Changing from Windows to a Unix-based OS won’t really be an option for many enterprises, as their key applications will only run on a Windows machine. Because application compatibility and a lack of in-house skills are likely the overriding issues, Unix is not an option for most companies.

application compatibility and a lack of in-house skills

  • Going to Windows Server 2012 – While it is the latest Microsoft server OS, it can’t run 16-bit Windows-based applications, and 32-bit applications must be run in an emulator, making this option also unattractive because of compatibility issues according to the author of www.hairyitdog.com.
  • Windows Server 2003 x64 Edition – Enterprises already running 64-bit applications should consider upgrading their hardware and moving straight to Windows Server 2012.
  • Windows Server 2008 – Since Windows Server 2003 servers are likely to be running on old hardware, this upgrade route — while cheaper short-term — will probably just delay legacy hardware and software issues to a later date as both will need replacing prior to 2020 when Windows Server 2008 reaches the end of its extended support period.

SearchSecurity offers these starting points:

  • Start rewriting old applications now so the inevitable problems and errors can be sorted out. It is also a great opportunity to not only improve security and stability but also add much-needed new features to enterprise systems.
  • Legacy software is always an attractive target for hackers,Contact vendors now about 64-bit versions of key application software. If vendors have no plans to offer application upgrades, it’s time to start searching for replacements. Legacy software is always an attractive target for hackers, particularly if it is no longer supported by the original vendor.

Rewriting applications and upgrading licenses and hardware is complex, time-consuming, and costly, but vulnerable systems and data could ultimately be even more expensive. CISSP Cobb warns that doing nothing is not an option. Enterprises must start planning their migration strategies now to avoid making hasty decisions once the reality of unsupported software has already disrupted operations.

rb-

Will the last-minute scramble to migrate from the Windows XP repeat itself all over again? To quote the immortal Yogi Berra, will it be déjà vu all over again.

déjà vu all over againThe rule of thumb for successful migrations is to plan ahead, be thorough, and don’t wait until the last minute if it can be avoided.  Despite this fact, a survey by AppZero found that:

  • 57% of Microsoft customers are still running WS 2003
  • 94% of those running WS 2003 intend to migrate, but only 24% are ready to do so
  • 40% not sure of upgrade path
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 22, 2014
Comments Off on Top Patent Troll Reloads

Top Patent Troll Reloads

Top Patent Troll ReloadsIt’s been a good year for patent trolls, and now the biggest patent troll of them all wants to keep the party going. Jeff John Roberts at GigaOM reports that Intellectual Ventures (IV) has acquired more than 200 new patents. The acquisitions will help IV extend its legal tentacles in fields like wireless infrastructure and cloud computing.

Patent troll aquires more patentsGigaOM explains that IV’s peculiar brand of innovation involves acquiring old patents and using them to arm thousands of shell companies, whose sole business is to extract licensing fees from productive businesses.

News of IV’s restocked war chest, which Reuters says is partially funded by Microsoft (MSFT) and Sony (SNE) comes after earlier reports that initial investors, including Apple (AAPL) and Intel (INTC) declined to take part in IV’s newest trolling fund. According to the report, by the law firm Richardson Oliver and spotted by IAM, the fund is on track since IV purchased 16 percent of all available patent packages in the first half of 2014. A chart by the firm suggests it paid $1-$2 million in most cases; here’s a partial look:

The chart shows six patents related to the cloud computing industry, which has so far escaped the rampant patent trolling that has plagued mobile phone and app developers. The author speculates cloud computing could now be prime picking for IV in the coming year.

IV is well-positioned to exploit the patents thanks to Senate Democrats, who in May killed a bipartisan Patent reform bill that would have undercut many of the economic incentives for patent trolling according to Mr. Roberts. IV has also been active on the lobbying front, filing to start a PAC this year and donating sums of money to Senator Dick Durbin (D-Il), who is closely allied to the trial lawyer lobby that reportedly helped to derail reform.

corrupt politicansGigaOM believes darker clouds could be looming for IV. They cite growing public skepticism towards patent trolls, who now account for 67 percent of all new lawsuits. The trolls have received harsh treatment from the likes of NPR and the New York Times, while the Supreme Court’s repeated criticism of slip-shod patents may finally be making it harder for companies to abuse them.

Meanwhile, respected tech figures like Marco Arment have lashed out at IV’s business model as “cowardly” while inventors like Tesla’s Elon Musk have questioned the value of patents to begin with.

rb-
Uh oh, the world’s biggest patent troll has restocked its weapons chest — and it looks like their next target will be cloud computing.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 7, 2014
Comments Off on Conficker Worm – Still Alive

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old Conficker

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker wormDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number,  it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

End Of Support Changes Little About Windows XP's Popularity

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Don’t open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| May 29, 2014
Comments Off on 70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On The PlanetRebecca Borison at the BusinessInsider asks who remembers the 1999 panic about the Y2K crisis. In 1999, Y2K looked as if it might derail modern life when computers because the glitch would reset computers to Jan 1. 1900, rather than Jan. 1, 2000, because computers only used two digits to represent a year in their internal clocks.

déjà vu all over againNow it déjà vu all over again, BI reports there’s a new, even bigger global software coding fiasco looming.  A huge amount of computer software could fail around the year 2038 because of issues with the way the code that runs them measures time.

Once again, just like with Y2K every single piece of software and computer code on the planet must now be checked and updated again. That is not a trivial task according to the author. In 2000, we bypassed the Y2K problem by recoding the software explains Ms. Borison. All the software — a fantastically laborious retrospective global software patch.

Disruption to the tech industry

Y2K problemAlthough Y2K was not a disaster, it was a massive disruption to the tech industry at the time. Virtually every company on the planet running any type of software had to find their specific Y2K issue and hire someone to fix it. Ultimately, Y2K caused ordinary people very few problems — but that’s only because there was a huge expenditure of time and resources within the tech business.

The 2038 problem will affect software that uses what’s called a signed 32-bit integer for storing time. The problem arises because 32-bit software can only measure a maximum value of 2,147,483,647 seconds. This is the biggest number you can represent using a 32-bit system.

time is represented as a signed 32-bit integerWhen a bunch of engineers developed the first UNIX computer operating system in the 1970s, they arbitrarily decided that time would be represented as a signed 32-bit integer (or number), and be measured as the number of milliseconds since 12:00:00 a.m. on January 1, 1970.

Glitch says it’s 1970 again

On January 19, 2038 — 2,147,483,647 seconds after January 1, 1970 — these computer programs will exceed the maximum value of time expressible by a 32-bit system using a base 2 binary counting system, and any software that hasn’t been fixed will then wrap back around to zero, thinking that it’s 1970 again.

UNIX time coding has since been incorporated widely into any software or hardware system that needs to measure time.

BI spoke with Jonathan Smith, a Computer and Information Science professor at the University of Pennsylvania for confirmation. The professor confirmed the Year 2038 is a real problem that will affect a specific subset of software that counts on a clock progressing positively. He elaborated:

Most UNIX-based systems use a 32-bit clock that starts at the arbitrary date of 1/1/1970, so adding 68 years gives you a risk of overflow at 2038 … Timers could stop working, scheduled reminders might not occur (e.g., calendar appointments), scheduled updates or backups might not occur, billing intervals might not be calculated correctly

The article concludes that we all need just to switch to higher bit values like 64 bits, which will give a higher maximum. In the last few years, more personal computers have made this shift, especially companies that have already needed to project time past 2038, like banks that need to deal with 30-year mortgages.

64 bitsApple (AAPL) claims that the iPhone 5S is the first 64-bit smartphone. But the 2038 problem applies to both hardware and software, so even if the 5S uses 64 bits, an alarm clock app on the phone needs to be updated as well. (If it’s using a 32-bit system in 2038 it will wake you up in 1970, so to speak.) So the issue is more of a logistical problem than a technical one.

HowStuffWorks reports that some platforms have different dooms-days.

  • IBM (IBM) PC hardware suffers from the Year 2116 problem. For a PC the beginning of time starts at January 1, 1980, and increments by seconds in an unsigned 32-bit integer in a way like UNIX time. By 2116, the integer overflows.
  • Hardware and softwareMicrosoft (MSFT) Windows NT uses a 64-bit integer to track time. However, it uses 100 nanoseconds as its increment and the beginning of time is January 1, 1601, so NT suffers from the Year 2184 problem.
  • On this page, Apple states that the Mac is okay out to the year 29,940!

rb-

The tech industry’s response to Y2K suggests that they will mostly ignore the 2038 issue until the very last minute when it becomes to ignore.  Another example of the pace of global software updates is that a majority of ATM cash machines were still running Windows XP, and thus vulnerable to hackers even though Microsoft discontinued the product in 2007.

Dont worryFortunately, the 2038 problem is somewhat easier to fix than the Y2K problem. Well-written programs can simply be recompiled with a new version of the C-library that uses 8-byte values for the storage format. This is possible because the C-library encapsulates the whole time activity with its own time types and functions (unlike most mainframe programs, which did not standardize their date formats or calculations). So the Year 2038 problem should not be nearly as hard to fix as the Y2K problem was.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »