Archive for USB security

Data Security Podcast Episode 74, Oct 18 2009

Posted in Breach, Business Continuity, Court Cases, darkweb, Vulnerabilities with tags , , , , , , , on October 19, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.

* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 74 of the Data Security Podcast

* Conversation:  Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.

* Tales From The Dark Web:  Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out.  If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.

Rogueware with new Ransomware Technology

Rogueware with new Ransomware Technology

Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security.  Take note that the malware icon disappears from the computer, and when it does, the attack is in place.  If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:

WNDS-TGN15-RFF29-AASDJ-ASD65
WNDS-U94KO-LF4G4-1V8S1-2CRFE
WNDS-6W954-FX65B-41VDF-8G4JI
WNDS-G84H6-S854F-79ZA8-W4ERS
WNDS-TTUYJ-7UO54-G561H-J1D6F
WNDS-A1SDF-6AS4D-RF5RE-79G84
WNDS-A1SDF-RY4E8-7U98D-F1GB2
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-JUYH3-24GHJ-HGKSH-FKLSD

* From Our Take on The News:  Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory. 

Data Security Podcast Episode 54 – May 24 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , on May 24, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Does that shiny new computer come pre-installed with malware?  A new project fights viruses in home PCs FROM the cloud. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

–> Ira has a conversation with Pedro Bustamante, Security Researcher Advisor of Panda, about the testing of a cloud based anti-virus for home PC users.  Check out the blog mentioned in the show at: http://blog.cloudantivirus.com .

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

–> Tales From The Dark Web: Does that shiny new computer come pre-installed with malware?

–> From The News: The Fight Against Whole Body Imaging at US Airports. We were afraid nobody was going to object to this!

After a terrifyingly silent public response to news that TSA workers at six major American airports are using whole body imaging technology — Otherwise known as “naked pictures”  — of airline passengers, CNN reports this week that privacy advocates have launched a campaign against the machines.  You can read the petition here against the “virtual strip search” of citizens by Homeland Security.

–> From The News: 9 Month Old Critical Java Vuln. Still Not Patched in Mac OS X

–> From The News:  C. Harwick’s Thrica.com blog posting on potentially harmful privacy issues with Safari 4 beta

–> Wrap Up: Massachusetts Supreme Judicial Court Tosses Out Warrant in Boston College Case, Says No Probable Cause Existed

Data Security Podcast Episode 53 – May 18 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities, web server security with tags , , , , , , , on May 17, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – One web malware variant overtakes all others; Smart cards INSIDE MiniSD for two factor auth via cell phone. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> Stream, subscribe, or download via our page at Podcast.com.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

Combining smart cards and memory on a MiniSD for two factor ID

Combining smart cards and memory on a MiniSD for two factor ID

–> Ira has a conversation with William Holmes, of Go Trust. They have developed technology to merge smart cards with MiniSD memory. This technology can be used to make rather smart two-factor authentication. Go Trust is looking for people that want to develop applications that leverage this new security technology.

–> Tales From The Dark Web: According to Graham Cluely’s Blog at Sophos, Malicious JSRedir-R script found to be biggest malware threat on the web, at least for the next 15 minutes..

–> Be sure to read a new feature on our web site: Lame Excuses, the dumb statements by people who should have been responsible for securing information.  A new entry was added this week, and we welcome your contributions.

–> From The News: The Federal Computer Week story,  Homeland Security Information Network suffers intrusions.

–> From The News: U.S. attorney’s office tells employees not to log on to Drudge Report, as reported by Jonathan Martin at POLITICO.com .

Data Security Podcast Episode 46 – Mar 30 2009

Posted in Breach, darkweb, Vulnerabilities with tags , , , , , , on March 29, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: New broadband gear botnet ;What will happen with Conficker on April 1st?  And the week’s news.

–> Stream, subscribe or download Episode 46 - Listen or subscribe to the feed to automatically get the latest episode sent to you to your  Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 46 of The Data Security Podcast

-From The News: NASCIO publication mentioned by Samantha, in her story on security and the stimulus plan.

- From The News: Ransom-ware attacks mentioned by Ira. See FireEye’s Blog posting on the topic for more details, including how to de-crypt files without paying the Dark Web’s ransom.

-From The News: RSPlug-F Mac Trojan horse distributed via HDTV website. See the video of an attempted attack. No such thing as malware for the Mac, eh?

. -Tales From The Dark Web: New psyb0t malware targets certain Linux broadband networking equipment. DroneBL has extensive information, scroll down to a post by Crichton for instructions on how to apply defence in depth security to networking gear that does not allow you to change factory default usernames. Unfortunately, many gear makers fall into that category. One also needs to update firmware on networking gear, not just desktop PCs, servers and handheld devices.

- Conversation: Ira talks with Paul Royal of PureWire Security about Conficker and what might or might not happen on April 1st, 2009.

- Wrap Up: Lauren buys a PC. Comments are from YouTube post, not from Data Security Podcast

Data Security Podcast Episode 41 – Feb 23 2009

Posted in criminal forensics, darkweb, Podcast, Vulnerabilities with tags , , , , , on February 22, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Confiker Sequel hits hard; Demand for computer forensics training soars, SANS Institute fills the gaps;  Plus, this week’s news.

–> Stream, subscribe or download Episode 41 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 40

-From The News: Adobe PDF Zero Day. We suggest that you delete Adobe PDF reader, and install a non-Adobe PDF reader. Try PdfReaders.com , and the LostInTechnology.com blog for alternatives to Adobe PDF readers. Read details on the threat at The Shadowserver.org site, including how to disable JavaScipt on Adobe PDF reader. Here is the instructions for a GPO to disable Adobe PDF reader JavaScript.

-From The News: Nigerian 419 scams are more complex than you might think. One example, from the Salt Lake Tribune: Nigerian web scam bilked Utah out of $2.5M.  And, there is this excellent article at 419Eater.com that includes an analysis of some of the variations and motivations of these “poor people who are just trying to get by” when they steal and defraud innocent people of millions of dollars/euros/pounds/yen.

419Eater.com Counter-Scam Site

From 419Eater.com Counter-Scam Site

- Tales From The Dark Web:  Conficker / Downadup strikes back….a newer, stronger variant is out. See details in this blog posting by Ira Victor.

- Conversation: Ira Victor talks with Rob Lee, computer forensics Grand Poobah of The SANS Institute computer forensics program , and the SANS Forensic Blog.

Conficker Worm / Downadup Worm: New Variant By-Passes Some Countermeasures

Posted in darkweb, Vulnerabilities with tags , , on February 22, 2009 by datasecurityblog

From the Spy vs. Spy Department….

There is a new variant of Conficker / Downadup worm on the loose. It has new elements designed to circumvent some of the counter measures to the original attack.

To re-cap, Conficker-infected machines can contain key loggers, launch Denial of Service attacks and can become part of a botnet.  The worm can spread through USB devices and network shares. Latest reports are that millions computers are infected.

Conficker B++, uses new techniques to attack systems, giving its creators more flexibility with compromised systems.  Some admins have minimized the impact of Conficker by carefully controlling DNS and routing, to prevent the Conficker worm from contacting the mother ship.

The new variant appears to skip the need to contact a mother ship. You may read a detailed report of the new variant in this excellent SRI report.  Countermeasures like stronger network passwords, and USB control software are still effective means of mitigating  Conficker B++

Some have opined that it is sufficient to turn off auto-run on USB to stop the spread of the original Conficker. That tactic ignores that fact that there are reports that some variation of Conficker re-enable autorun. Others try to protect USB by disabling the ports through active directory group policy. That solution ignores the reality that an exception list starts to build for those that need access to certain USB ports.

The best solution I have found is to deploy third party software that has granular controls for all removable media ports; shadow copies the files that are moved, for audit purposes; and, that deploys as a group policy object, rather than through a separate control panel.

Data Security Podcast Episode 39 – Feb 9 2009

Posted in Breach, darkweb, Podcast, Vulnerabilities, web server security with tags , , , , , , on February 8, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program:  Using DNS to neuter Conficker/Downadup; A new, free VPN helps secure RDP and wireless; Evil traffic “cops” give tickets with malware; And, this week’s news.

–> Stream, subscribe or download Episode 39 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

Program Notes for Episode 39

-From The News: Withinwindows.com blogger Rafeal Rivera scores a victory in the battle to lock down UAC

-From The News: Consumer Electronics Company Agrees to Settle Data Security Charges; Breach Compromised Data of Hundreds of Consumers

Evil parking cops spread malware

Evil parking "cops" spread malware

- Tales From The Dark Web: Malware attacks via fake parking tickets.

- Tales From The Dark Web: OpenDNS will block outbound botnet connections to the Conficker/Downadup master. Blocking will work with free unregistered and free registered users.  You can set your computer’s DNS settings, or your router/firewall/UTM DNS settings to these IP addresses to start using OpenDNS right away: 208.67.222.222 , and 208.67.220.220.

- Conversation: Ira Victor speaks with Egeman Tas, the Senior Research Scientist with Comodo Security, about a free VPN application he is working on. This app is a peer to peer application to make VPNs easy, and yes, free. If you are using RDP, WiFi in a public hot spot, or other relevant applications, you need to use a VPN. The software is still in Beta. It’s only for Windows at this time, but Egeman reports that a MAC and LINUX version is in the works.

-Wrap Up: Congressman Twitters an Iraq Security Breach, revealing details of his location in Iraq . Hoekstra’s spokesman Dave Yonkman, said, “We never agreed to anything as far as not discussing it (beforehand) or during…Congressman Hoekstra believes in giving people in West Michigan as much information as possible.”

Data Security Podcast Episode 38 – Feb 2 2009

Posted in darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , on February 1, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program:  It’s the Obama Worm…Yes We Can! Is there a huge hole in Windows7 and why does Microsoft call it a feature? Plus. this week’s news.

–> Stream, subscribe or download Episode 38 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Be sure to listen to the show for a special discount for Data Security Podcast listeners.

Program Notes for Episode 38

-From The News: Patty “Identical Cousins” Retires. You can watch the video here. Then watch a general video about online Social Security services, and how secure their system are, here.

-From The News: Wall Street firm The Blackstone Group gets sued by the Financial Times Online.  The FT alleges that Blackstone bilked them out of subs by sharing one (weak) password, for the paid area of the FT site, with scores of users. The NY Post has this satirical look at the story:

Blackstone Group vs. The Financial Times in password dispute

Blackstone Group vs. The Financial Times in password dispute

- Tales From The Dark Web: Ira speaks with Rafael Rivera of the WithinWindow.com blog, about a potentially huge hole in Windows7 user account controls (UAC). But, Rafael says that Microsoft considers the hole a feature, and without pressure, the hole could be included in the full Windows7 release.

- Si se puede! Yes we can name a worm for the President of the United States. Ira speaks with Rob Koliha of Walling Data about The Obama Worm. Like Conficker, this worm attaches itself to USB removeable media, and can disable attempts to stop auto-run and anti-virus, according to Mr. Koliha. Here is a snapshot Rob grabbed of an infected system:

Si Se Puede! Yes We Can!

Si Se Puede! Yes We Can!

Attention Linux users: Open Source users can also use Rhythmbox to listen and subscribe to this podcast. Rhythmbox is a music management application designed for the GNOME Desktop. Many Linux distros include Rhythmbox, so check your system. Once you launch the Rhythmbox, select the Subscribe to New Podcast  icon in the top tool bar, and use this URL when prompted: http://feeds.feedburner.com/datasecuritypodcast . Thank you to the guys at the Red Hat booth at GTC Southwest in Austin for the tip!

Data Security Podcast Episode 37 – Jan 26 2009

Posted in darkweb, Podcast, Vulnerabilities with tags , , on January 25, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Heartland Processing breach impacts over 100 million, what went wrong? Two new MAC threats. And, this week’s news.

–> Stream, subscribe or download Episode 37 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System.

Program Notes for Episode 37

-From The News: Medial ID Theft Final Report, part of Congress’ new efforts to appropriate funds for Federally-mandated, centralized electronic medical records.

-From The News: In a story related to our coverage of the Conficker worm, and the Congressional medical data base story, The Register is reporting, “Conficker seizes city’s hospital network.” Comment from Ira: “This story illustrates that Conficker is exposing much larger security issues on corporate networks, as I discussed in last week’s conversation I had with Randy Abrams, of ESET Anti-Virus.”  See Data Security Podcast Eposide 36 for that conversation.

- Tales From The Dark Web: Ira speaks with David Hoelzer, about the 100 million credit card breach at Hearthland Processing. Heartland claims they are PCI-DSS compliant. So, how can this happen? Read David’s blog posting on the topic at the IT and Security Auditing Resources from the SANS Institute.

-MAC Attacks:  New MAC attacks that are harder to uncover.

Cleaning Up Conficker / Downadup Mess, and Reducing the Odds of Getting Stung

Posted in darkweb, Vulnerabilities with tags , on January 23, 2009 by datasecurityblog

As of this writing, the Conficker/ Downadup continues to spread. Latest reports are that there are over 9 million systems infected so far. This posting will provide more details on the attack, how to know if you have been hit, and suggestions for clean-up if you think you are a victim.  There will be more coverage of Conficker/Downadup in Episode 37 of the Data Security Podcast that will post Sunday Night.

First, some important background.

According to anti-virus experts, there are a number of factors that make this attack different than other recent malware attacks. First, there are three methods of infection:

1. USB devices, thumb drives, photo frames, MP3 players, PDAs, plug-in “chip” readers, OR
2. System accounts not protected by very strong passwords, OR
3. One system on a network not having the latest patch, either by poor planning, OR, by the malware turning off updates without an administrator’s knowledge

Second, the attack appears to have a high degree of morphing, making it very difficult to locate and kill. If just one un-patched laptop connects to your network, or just one wrong USB device is plugged in, you could get hit.

Third, according to the AV experts, the attack itself may be a precursor to a larger attack. Reports are that the worm is designed to send data to remote servers, using hundreds of possible domains, with new domains being created at a high rate.

With such a complex attack, you want to make sure that ALL Win2k, XP, and WIN2k3 systems have the patch “MS08-067” from Microsoft applied. For many, Windows Update will apply this patch. But, there are reports that the worm will quietly shut this service down. So, you want to double-check to make sure you are patched.

There are two ways to do that. You can use a patch checking tool. Secunia makes free tools that van be used by business networks and home users. Just visit this link: http://secunia.com/vulnerability_scanning . There is a bonus for using a tool like Secunia: Many systems have out of data third party applications, like Adobe Flash, Java, or iTunes, and attackers are counting on systems missing these critical patches to launch attacks. This would be an excellent time to update all software, not just Windows.

Or, you can launch Micosoft Internet Explorer -> Tools -> Windows Update -> Review your update history -> go back through you patches and look for : KB958644 in your update history. Many systems were updated before January, and you may need to go back to October or November’s patches, depending on your system. If you see the KB958644, you are patched.

Since the worm spreads via removable media (USB, CD, Firewire), I suggest that you get DeviceLock security software to control all removable media. Many reports I have read on this attack are overly focused on disabling Windows autorun on USBs to stop part of attack. But that won’t protect certain versions of this attack that, according to reports, trick users into executing (“clicking on”) the malware when the USB dialog box appears when a device is plugged into a Windows computer. While this attack is called a worm, in reality, it appears to be a blended threat, with behaviors of both worms and viruses, according to reports. Disclosure: DeviceLock has been an advertiser on the Data Security Podcast in the past. I recommended the software for a long time, actually, long before the invention of Podcasting. Why? DeviceLock has granular controls, excellent logging, key logging detection, native to group policy, and supports open source encryption. And, it’s very inexpensive.

The worm also attacks weak passwords. You want to “upgrade” all passwords on your network to strong passwords. With current computing technologies, that now means, 15 characters or more (20+ is better), with upper and lower case letters, numbers and punctuation. Think pass phrase, rather than password. People resist doing this, and the bad guys are counting on it.

Let’s move on to the indications, according to Microsoft, that your systems have been hit by Conficker/Downadup:

“If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

* Account lockout policies are being tripped.

* Automatic Updates, Background Intelligent Transfer Service (BITS),   Windows Defender, and Error Reporting Services are disabled.

* Domain controllers respond slowly to client requests.

* The network is congested.

* Various security-related Web sites cannot be accessed.”

And more from Redmond on how to clean up the mess once you have been hit: “The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.

You can download the MSRT from either of the following Microsoft Web sites:

http://www.update.microsoft.com

http://support.microsoft.com/kb/890830

As I have talked about in previous postings on this topic, if you are worried about being vulnerable to this attack, you probably have much larger security issues.

When was your organization’s last security audit?

Are you running intrusion prevention AND anti-virus at the gateway? I have found many network administrators that say YES to that, but upon audit, they are only running intrusion prevention at the gateway, and they are depending on one AV vendor that protects both servers and desktops. The bad guys are counting on that!  A multi-vendor, multi-layered IPS and AV approach is what many networks need.

Are you running data loss prevention (DLP) hardware to detect outbound data loss? Firewalls protect from inbound connections, what measures do you have in place to detect outbound data transfers on all ports (mail, http, https, ftp, and other ports)? If you don’t know what DLP is, find out fast.

Are you encrypting laptop hard drives? TrueCrypt has an excellent, free open source solution. Are you logging all events on a dedicated logging server? Are you encrypting your backups and storing them off-site? Are you deploying virtual machines with security as a focus, not an afterthought?

This is just a partial list. The point is, now is the time to look at your security posture again. The Conficker/ Downadup is just an indicator of how much work remains to be done to secure our information assets.

According the Randy Abrams, at ESET Anti-Virus, the really scary attacks don’t usually make the headlines as they are growing. You may only know long after the data is gone. Just ask the people at Heartland Processing, who just announced the breach of over 100 million transactions. But that incident is for another posting, or for a podcast.

Follow

Get every new post delivered to your Inbox.

Join 1,064 other followers