Messaging | The IT Security Attaché

So you thought that having anti-virus installed would protect you from the threats out there, hmm, not fully. Here’s why.

November 3, 2009 at 4:20 am Brett A. Scudder 1 comment

In today’s world of technology, you’re under attack from multiple angles, products, solutions and people, yes, people, even those you may know. The threat from known and trusted sources is ever increasing because of the simple fact that because I know you I will trust that what you’re sending me is legitimate. This is a very bad analogy and one that only lead to serious issues because you never know if the message, file, document or link was intentionally sent from the person rather than an infected system being operated by a bot master.

When an infected system gets to this level where it is sending out invites, notices, links and other kind of communications from your PC, the end user is at the mercy of their common sense in thinking of whether or not to open and use it. This presents many problems for the end user because this could come to you in the form of many things, all of which are valid resources that you may normally use.

Let’s take a quick look at a few of the top ones.

Web browsing – quick, simple and easy to infect by drive-by-downloads. One of the fastest growing trends of infection today is the use of websites for infection. A drive-by-download is when you visit a website that has been infected with malicious codes and by simply viewing it the code is downloaded onto your system and builds itself into a threat. Because of its simplicity, there have been drastic increases in the number of infections from drive-by-downloads that are even bypassing anti-virus solutions and making a successful hit on the system. Many will not even know when they are hit because the payload and production is done behind the scenes and is totally transparent to the user.

Are you running the latest version of the browser?
What kind of threats am I exposed to by using this browser?
Does it have a history of successful exploits and if so, am I vulnerable to them and how can I fix them?
When was the last time you checked if you are running the latest updates, patches and fixes for your web browser?
Is the browser configured for optimal use and security while browsing the internet?
These are basic questions you should be asking yourself.

While this is a major issue today, many people still get caught up in the discussion of browser security and what is best, better, more secure or even more vulnerable. My word to you today is, all systems, applications and browsers are vulnerable if not properly patched, secured and used efficiently. Many systems are running vulnerable applications that a hacker or malicious piece of code has many entry points to be successful in hitting a mark. Many users are running security solutions that are outdated, unpatched and expired that it is scary to think they are comfortable with these things.

Email – an infected system is used to send messages to everyone in your address book pointing them to a website they need to visit that is riddled with threats of all sorts. This is one of the easiest forms of compromise because everyone knows that you should not accept emails with attachments from anyone you don’t know much less to get it from someone you know.

So what do you do when you receive an email from someone you know, love, trust and/or do business with?

So I just guaranteed myself that you will visit the link in the email because you’re thinking that it’s legit/ok and because there are no attached files in the message what are the chances of a risk, hmm, much more than you think. Drive-by-download is the fastest and most successful form of attack because of its simplicity. Most people today are not running a security solution that provides web filtering and web browser security and so the traffic goes unchecked. So as simple as that, you visit this website and because your anti-virus solution is not able to detect and block these attacks you’ve now been owned.

IM (Instant Messaging) – a growing trend that is easily exploited and with major impacts because a worm hijack the IM application and start sending out messages as if it was the user sitting at the PC doing it. So you have 200 contacts in your IM list and they are all vulnerable due to you being infected with this worm that is spreading from your PC.

Will you know this is happening?
Maybe, or maybe not depending on how you manage and maintain your system. Maybe one of your contacts will say, hey, I got this message from you to look at some pics on a website but when I went there nothing happened, it was a blank page with an error on it.

Hey, guess what, you’ve just given your friend the threat or exposed them to it unbeknownst to them. This is such an easy method of infection that it’s unnerving.

Storage and media players – now here’s one of my favorite. The use of storage devices like USB flashes drives.
Who doesn’t have one today?

They are so prevalent because of the low cost, ease of transporting, size and high storage that you can get them any and every where you go today. It is a very nice giveaway at an event where the host wants you to have the information or handouts in a soft copy. Go to any tech store or even online today and you can get a 4GB drive for under $20 and in some cases even under $10.

Media players – through the sharing of media files such as avi, mp3s and mp4, threats are easily slipping through the anti-virus systems and successfully attaching to the systems and causing all kinds of damage. One must be very cautious when it comes to sharing files such as mp3, avi and other media containers.

Back in the day we used to think of an infection as an application that has to be run (some still do today), while that was true then for most of the threats out there, it is certainly a different ball game today. You don’t have to run anything to get an infection, simply viewing a website/page is enough to cause a world of pain. Yet, unchecked, old systems with old scanning functions are being used to ward off these new threats and type of attacks.

Back in the day we used to think of email being just text messages, today email is the primary delivery mechanism for audio, video, text and many of today’s critical threats that propagate through the wires.

We need to get rid of the old mindset of thinking and wake up to a new and more sophisticated level of warfare that we would never send our children into but has come into our homes and is right there in front of our families.
We need to rise above the decadent levels of omission where one is exempt from high level meetings, discussions and events because they do not meet certain requirements, but are adversely affected and impacted by these same issues. None should be omitted as the omitted can be your weakest link or area of vulnerability.
We need to start thinking of threats as the new form of invasion from known and trusted sources. You are just as much at risk as anyone else and the threats does not care who, what, why or where you are online, you are at war now stand up and fight by educating yourself, being aware of the threats/risk and arming yourself with the proper solutions to protect you.

These are some of the needed education and awareness that we should be exposing our children and youths to today as they are as much involved as those of us in the workforce and industry.

Thank you and have a great day,

~Brett A. Scudder~

My Writings, Personal, The Attaché, Thoughts Anti-Virus, awareness, Drive-by-Downloads, education, Email, Flash Drives, IM, IT Security, Malware, Messaging, USB

How serious is my messaging identity, 150+ domains, multiple mail services and providers, no public webmail accounts

October 15, 2009 at 11:13 pm Brett A. Scudder No comments

So here I was caught up in another messaging discussion and the use of online mail services. I don’t mind having a discussion on mail security but when it comes to infrastructure people tend to think I over extend the value and need, do I?

Ever since I started my very first business I have always had my own domain name and had my own mail server/services. I had this identity crisis that always led me to believe that the real value of a businessman was to reflect the value of his infrastructure across the board. I was never a fan of webmail services because I always felt that the manipulation of my messages should be handled by me alone. I always felt that some visibility was always in the hands of the service provider and that didn’t sit well with me.

Setting up an email server was the slickest thing and didn’t require any high end technical knowledge if you had technical knowledge at all. So over the years I built on that and continued that practice. So today here I am with 150 domains under my name and the access, resources and availability of adding messaging services to all. So I settled on one domain name as my primary and then two secondary with two backups.

Hmm, what does that mean you ask, simple.
I manage one account that is copied to two other accounts as backup and then aggregated into a catchall on two others. All five accounts are on different servers so the chance of losing/missing a message is less than .0001%. I may have a task finding it depending on which layer of the mix I am looking for it.

So does that sound like I take this messaging thing too seriously?

It’s your call but for me, it is critical that I have and can find my messages even if my primary account is down or inaccessible. The other aspect of that is identity, identifying myself as the owner of that domain and all other associated domains in that name sequence. There are nine major domain extensions, .com, .net .org, .info, .ws, .biz, .me, .mobi, .us (varies depending on the country you live in) and whenever I’m getting a new domain I get all of them. I get them because I want to ensure that the name is owned across the nine for/by me. There are a few rare instances where I may like something that is already taken and if it is the .com only then I base the need on severity. Again, this is a rare case as I always try to find unique names that most people wouldn’t come up with. Take TITSSN as an example.

So now you know how I end up with over 150 plus domains and my various hosting infrastructure allows me to fire up a new mail infrastructure on any one at anytime.

So how many email accounts do I have?

We’ll leave that for another time lol. Let’s just say I left the people with that blank look of awe on their faces. It was a nice conversation though and it made the train ride home much quicker.

Have a great day,

~Brett A. Scudder~