Computer Security Blog

Recently biometrics has been reported as the solution for computer security, especially with the release of the PC Verifi FingerTouch Security Professional Software. This software allows computer users to surf in the regular way, but instead blocks entry to your personal information. The system works by attaching a USB port to your fingerprint reader. The software will verify your fingerprint and you can start using the computer.

However, there are disadvantages to using this computer security software. One particular problem is that how finger must be placed in the exact same spot that you did in the beginning when setting up the software. Therefore, you will have to keep trying until it is in the right spot.

Using the fingerprint reader and software, an ewallet or secure disk partition can be setup that only you would have access to. The complete software system retails for $92 and is compatible with Windows.

It seems 2005 has introduced a new brand of hackers, crackers, and cyber criminals in general. Many of the crimes being previously committed involving young teenagers competing against each other to see who could hack into a certain computer.

However, 2005 has been a year of numerous security breaches putting the personal data of many consumers at risk, in which hackers could use this information to setup credit accounts.

In previous years, many people within the computer security were concerned about viruses entering a computer and damaging it, however 2005 has been the year of the “botnet” in which an “army of infected computers” is taken over by the hacker and used to commit other cybercrimes.

2005 also saw the introduction of new information about the possibility of routers being hacked, as well as learning about the “rootkits” that Sony BMG has installed on its CDs. Based on all of this 2005 has been a year in which more malicious cybercrime has occurred with the main intention of the cyber thieves making money.

For more information about computer security in 2005 read the article entitled, "Security Trends: Follow The Money".

According to writer Jon Swartz of USA Today, 2005 has been declared the worse year for breaches related to computer security. So far it has been estimated that between 50-60 million Americans have had their personal information exposed to a security breach. These 130 security breaches have created a situation in which social security and credit card numbers of the people affected have been placed in the possession of criminals.

All of these 130 security breaches have occurred during the year that saw a budget cut of 7% to the Department of Homeland Security cyber-security section. The Treasury Department’s Office of Technical Assistance also announced that cybercrime amounted to over $105 billion last year.

For example, since Dec 16th, ABN Amro Mortgage, Marriott, Ford Motor Company, and Sam’s Club have all announced that computer data or credit card information has been stolen. In total, between 2-2.5 million people were affected in this short time due to fraud at these companies.

Microsoft has seemed committed this year to providing a more secure computing environment for its customers.  This is evident in an article appearing on ccnmag.com, which outlines Microsoft’s “achievements such as greater customer awareness of the existence of spam, viruses, spyware, and other security threats, as well as the availability of more effective and powerful software protections against software attacks and security breaches.”

The article continues by listing the more important areas in which Microsoft has increased in its ability to offer a secure product. These three areas include, “fundamental, threat and vulnerability mitigation, and identity and access control.”

A further description of the security advancements can be read here.

An interesting appearing on the Edmontonsun.com website was written by Jeremy Loome about the hacker Renderman.

However the former hacker now has a job as computer security consultant. Most of his time is spent trying to find computer access points transmitted through wireless technology. In the article it stated that almost 5,000 access points were found with, “45% (of them) have no protection at all”. Renderman felt it was easy for someone to send spam or steal credit card numbers based on these access points:

"What scares the crap out of me is the possibility of going downtown, sitting in a parkade for eight hours and having a server in the trunk, grabbing whatever connection it can, firing off a million addresses, and when it's done that, seeing what else is out there and firing off another million. The whole drive-by spamming thing is a very real possibility."

An interesting article written by Mirko Zorz explored the biggest events in the computer security industry within the past year. However, the general theme of the article stated that computer users were subjected to malware, phishing, and credit card fraud to name a few.

"I know it is popular to blame Microsoft for security woes, but they really deserve it this year! From remotely exploitable vulnerabilities in Windows core services like UPnP and MSDTC, to a barrage of severe IE vulnerabilities, Windows users were constantly under attack." said Fyodor, a NMAP author. "Microsoft spends many marketing dollars touting their security, but they need to start backing this up with action."

However Zorz ended the article stating that only the experiences that we have gone through this year can determine if the year was a secure one.

In an ironic situation, Guidance Software which produces software design to test for hacking, was hacked. This information was announced last week and appeared in a article by staff writer Brian Krebs of the washingtonpost.com.
Personal customer information was accessed on December 7th, and Guidance Software notified its customers last week with a letter. However some customer’s credit numbers had already been used.

According to Michael Kessler, of Kessler International, $20,000 was charged to American Express card because of the hack.  "I just got our American Express bill and nearly fell out of my chair," Kessler remarked. "You'd think Guidance would be the last company this kind of thing would happen to."
John Colbert, CEO of Guidance Software, had this to say in response, "This certainly highlights the fact that intrusions can happen to anybody and that nobody should be complacent about security," Colbert said.

According to an article appearing on jsonline.com, and written by Stanley Miller II, he writes “If you're ambitious enough to get a computer, you should also be motivated enough to make sure it's protected against all the evil software and exploits on the Internet: viruses, spyware, spam, and phishing.”

The article continued by revealing "81% of the homes that have a personal computer do not have spyware, adware protection, or antivirus software installed on their computers."

The article then goes on to say, “despite these findings, 83% of these homes believe they are safe from an attack."

If your neighbor is complaining to you that he thinks his CDs might be spying on him, he could possibly be right!

Information released today showed that Sony BMG had hidden anti-piracy software on its CDs. When the CDs are played on the computer, it will open up software called XCP which Song BMG refers to as "extended copy protection software", which will open up a music player to play your CDs.

However, the XCP software contains a bit of code called a “rootkit” that has been known to damage a computer when attempting to get rid of it. Also the “rootkit” makes it possible for a hacker to access files on your system. Beyond these things, the “rootkit” can also decrease the general performance and speed of a computer.

Since XCP’s discovery by a computer scientist, Sony BMG has issued a recall and subsequent replacement of all CDs with XCP, along with provide a removal tool. The company has denied that it was using the software to spy.

According to an article from the Business Times in Malaysia, ‘only a third of the Asian companies have a computer security strategy’

This was quite surprising to read, as Asia is well known for its advances in technology.

A stated by Dr Raja Malik Mohamed, in charge of the Malaysian National Computer Confederation, "It is not just a business issue, but also a governance challenge that involves risk management, reporting and accountability. It requires the active engagement of, and execution by, executive management," he stated. He later went on to say." Enterprises must put in place a roadmap for the way in which security leaders must interact with others within the organization. "The security professionals must not be 'techies' who have no understanding of the company's business." he said.

According to the folks at scmagazine.com, many male employees would show a good looking, nicely dressed woman, how to use a company computer if she walked in looking for help. This might seem like a joke or unbelievable, but “according to this year's CSI/FBI survey on Computer Crime and

Security more than $30 million worth of damage was caused by insiders stealing proprietary information. FBI and other security analysts still maintain that the majority of threats originate from insiders or people with insider privileges.”

The rest of the article entitled, “Social Engineering and other threats to internal security “, revealed how hacker Keith Mitnik was able to use ‘social engineering’ to gain access to your computer. Mitnik described a scenario in which a promotional CD sent to an employee could be used to gain access to a company’s computer.

Security software LIGATT celebrated the start of their new website ShopLIGATT.com by giving away to four tickets to the Rose Bowl Game.

In order to win two of the tickets, the customer must be the 1,000^th buyer on the website. The other 2 tickets will be given away to the customer who is the 40^th buyer of the Acer Secure Laptop Bundle.

LIGATT is well known for its ability to offer brand name computer software at bargain prices. For example, the website boasts that they can offer your computer security for as little as $7.50.

The hackers are at it again, and apparently they visited the files of two computers at Iowa State University. Details of the hack appeared today on the demoinesregister.com website, detailing that two computers, one that at least contained credit card numbers, were accessed. However, Iowa State University said the numbers were encrypted.

However, the second computer also contained sensitive personal information such as social security numbers. Officials at the school do not feel this information was copied, however everyone whose information was stored on the computers was notified.

From an article written by Jennifer Mears, from Networkworld.com, the Computer Security Applications Conference in Arizona, had as it main theme, the need for consumers to find a balance between being able to use computers in a way that is user-friendly but secure as well.

A systems administer with named Marcus White, employed by Bechtel-Nevada summed up quite eloquently, the problems that users face:

"It helps to hear what people are doing. The issue with security is if you put in too much security, it's too cumbersome and restrictive. What I'm seeing here is people are trying to find a balance between security and usability”, stated Mr. White.

Besides this issue, the chair for the conference Dan Thomsen, felt that the conference was quite a success.

What we do here is let other people hear about these efforts, not only other researchers, but also people in companies and in the government”, stated Thomsen.

During the keynote address of the InfoSecurity Conference in New York, Bruce Schneier, author of the book “Beyond Fear: Thinking Sensibly About Security in an Uncertain World”, stated that he felt computer security was not problem that technology is facing, but rather a problem of the economy.

Schneier feels that the solution to the problem is to look at how a company is affected when someone hacks into their computer system, "To understand the difference it's necessary to understand the basic economic incentives of companies and how businesses are affected by liabilities" he stated.

Schneier went on to say that the company ChoicePoint who revealed a few months ago that the credit information of 145,000 people they had stored on their computers, might be at risk for identity theft.

You can read the full details

The computer security team at Purdue University issued a recommendation yesterday, that people buying computers this holiday quickly install an anti-virus program and security patches.

Even though many of the new computers will have anti-virus software installed, Mike Carr, the chief computer security officer at Purdue, recommends that the computer be upgraded with the latest virus definitions, "Anti-virus software is only as good as its latest update," Carr said. "Most vendors release regular updates to meet the latest computer virus threats."

Carr also encouraged people to install the latest patches available for the software they are using. Read more about Carr’s recommendations at this website.