Friday, September 11, 2009

Journal Assignment 2- MALWARE ATTACK


EyeWonder malware incident affects popular web sites


Along with viruses, one of the biggest threats to computer users on the Internet today is malware. It can hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit, and generally screw things up. Malware programs are usually poorly-programmed and can cause your computer to become unbearably slow and unstable in addition to all the other havoc they wreak.

The article that interested me is an Eyewonder malware incident that affected popular websites. Eyewonder is a vendor of online video advertisements. In this incident, the visitors of popular and high trafficked web sites such as CNN, BBC, Washington Post, Gamespot, WorldOfWarcraft, Mashable, Chow.com, ITpro.co.uk, AndroidCommunity; Engadget and Chip.de, started reporting that parts of the web sites are unreachable due to malware warnings appearing through the EyeWonder interactive digital advertising provider.

This malware incident demonstrates how a single exploitation of a trusted third-party content/ad serving vendor can not only undermine its credibility, but potentially the credibility of the sites using the network. And since the ads on the affected sites are dynamically served through different networks, it remains questionable whether it was in fact EyeWonder that served malicious content, or a compromised partner of the network itself.

Since this incident, EyeWonder has been shut-down for maintenance. The situation will be carefully monitored as computer users should be aware of this type of campaign that could potentially cause your system to become infected with malware.

Please refer the following link for full article:

http://blogs.zdnet.com/security/?p=3694


Saturday, September 5, 2009

IDENTITY THEFT INCIDENT

FACEBOOK ID THEFT TARGETS 'FRIENDS'

Identity theft is not new, it has been a problem for many years, but the increase in technology has made identity theft easier for criminals, but more complicated for consumers and identity theft victims.

People who have had their identities stolen can spend years and thousands of dollars cleaning up the nightmare that these callous criminals have made of the victim's good name and credit record. It takes the average victim a year to realize that their identity has been stolen. Victims have been known to lose their jobs, be refused loans, education, or housing. Some people have even reported being arrested for crimes they didn't commit. Criminals have found many methods to steal the identities of innocent people. Advances in technology constantly introduce new methods for criminals to steal identities.

Hacking is one of the high tech method for identity theft. A recent case happened in which facebook ID theft targeted friends of a Microsoft employee, Bryan Rutberg. In Rutberg's case, criminals managed to steal his Facebook login password, steal his Facebook identity, and change his page to make it appear he was in trouble. Next, the criminals sent e-mails to dozens of friends, begging them for help.

One of his friends, Beny Rubinstein -- a fellow Microsoft employee -- fell for the story. At 10:30 p.m. that Wednesday night, he sent $600 via Western Union using an online service. The following morning, Rubenstein received a phone message from the imposter, asking for more money. So he went to a local retail store and wired another $600.

Please see the link below for the full article:

http://redtape.msnbc.com/2009/01/post-1.html

Friday, September 4, 2009

LIVE CD

Definition:
A live CD is a CD containing a bootable computer operating system. The term "live" derives from the fact that these CDs each contain a complete, functioning and operational operating system on the distribution medium.

Uniqueness:

Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive. While a live CD typically does not alter the operating system or files already installed on a computer's hard drive, many live CDs include mechanisms and utilities for altering the host computer's hard drive, including permanent installation. This is important for the system management aspect of live CDs, such as removing viruses, drive imaging, and system recovery.
The default option, however, is to allow the user to return the computer to its previous state when the live CD is ejected and the computer is rebooted. It is able to run without permanent installation by placing the files that typically would be stored on a hard drive into RAM, typically in a RAM disk. However, this does cut down on the RAM available to applications, reducing performance.

Security Perspective:

LiveCD, which is a CD that is executable upon boot and contains a computer operating system, typically Linux. Files that would typically install onto the hard drive of the computer are loaded into system RAM and as such simply rebooting the computer will return it to its previous state. These traits make the use of a LiveCD a great idea for anyone needing to use a public computer terminal. Loading an operating system from the CD will allow a user to take advantage of the computers resources, including network access and access to disk drives, but will not load the OS or any applications that are installed on the computer’s hard drive. This means that any key loggers or other such tracking software that is installed upon the machine will not be loaded and the user of the terminal need not fear software being used to monitor his/her actions. While this will not protect against hardware-based key loggers or network-based monitoring such as packet sniffing, it does help to dramatically improve security and privacy, by all but eliminating software-based threats. Moreover, the fact that the LiveCD install and use data resides only on either the CD or in volatile memory such as system RAM is an added benefit. As soon as the CD is removed and the computer is rebooted, all of the information pertaining to the usage of the machine is wiped out, thereby making it virtually impossible for a future user to garner any usage information from browser histories, caches, or auto-complete features.
Moreover, Linux based LiveCDs come in a great variety with one of the first Linux LiveCDs to appear being Knoppix. Many Linux LiveCDs like Knoppix and the Fedora and Ubuntu Live distributions load versions of Linux that closely resemble desktop installs of Linux, and provide access to robust desktop environments such as KDE or Gnome and applications such as OpenOffice.org. While these types of LiveCD distributions are great if you need all of the features of a full Linux desktop, their performance can be somewhat lacking since data often needs to be read from the CD to load certain applications. Users who are simply interested in a LiveCD distribution for purposes of accessing the Web and email may instead want to consider distributions such as Puppy Linux and Damn Small Linux, as these distributions can be completely loaded into system RAM. While not as application rich as other Linux distributions, most users will find them surprisingly feature complete given their small size, and as a result of running solely off of system RAM, they will yield extremely rapid response times.


Here are few screenshots of live CDs:

Live CD of UBUNTU



Live CD of FEDORA 11




References:


http://en.wikipedia.org/wiki/Live_CD

http://www.livecdnews.com/

http://linux.sys-con.com/node/514335