Security Watch

Are Viruses Dead?

Despite rise in malware, poll says fewer users prone to being infected. Also: hacking 911, phishing for fun and old hard drives and data.

More than 75 percent haven’t had a virus infection in the last twelve months, says a silicon.com reader poll, leading pollsters to speculate whether the virus threat is receding. The report went on to mention how Symantec said that it saw a 185 percent increase in newly reported malware in the first six months of 2007 over the same, six-month period in 2006.

Well, clearly the threat from malware isn’t over. If anything, users are more aware of the social engineering techniques typically used by criminals, not the least of which is just plain old poor grammar and spelling.

911 Jeopardized by Easy Hack
Infosecnews.com reports that William Bryant pled guilty to remotely shutting down Cox Communication's systems that provided access to 911 services for Dallas, Las Vegas, New Orleans and Baton Rouge, Louisiana. Bryant connected remotely, hours after he had been asked to resign from the company. He could face up to 10 years in prison and a $250,000 fine.
http://www.infosecnews.org/pipermail/isn/2007-September/015298.html

It's yet another fine example of how the dismissal of individuals needs to be properly handled. Bryant’s access to systems should have been terminated just prior to or immediately after his dismissal. Further, other access methods that might be known to him should have also been altered. Had this been done properly, Bryant would not have been able to perform the criminal acts he did.

Play the Phishing Game
Carnegie Mellon University researchers have created a game that teaches players to distinguish between phishing attempts and legitimate information. They believe anyone who plays the game for 15 minutes is better educated than reading traditional phishing education materials for the same amount of time.
http://cups.cs.cmu.edu/antiphishing_phil/
http://www.first.org/newsroom/globalsecurity/154585.html

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

The game does a decent job of presenting fake URLs and sites, but to really correctly identify all those they present you’ll likely need to be aware of phishing attempts that already exist. Why would anyone in the U.S., for example, know much about the U.K. Barclays Bank URLs or site, or vice versa? However, since the game can be customized by, say, an organization that wanted to present it to their workers, such discrepancies can easily be corrected.

Hard Drives Never Die, They Just Keep Old Data
According to three surveys commissioned by BT, 37 percent of hard disks sold via online auction sites contain traces of personal data. This figure is roughly the same as it has been in the past two years, when similar surveys were conducted. This suggests that the lessons are not being learned by companies and individuals. Data discovered included corporate financial information, credit card numbers and other personally identifiable information.
http://www.techworld.com/security/news/index.cfm?newsID=10146

Perhaps just as interesting is the fact that of the 133 disks bought in the U.K. as part of the survey, 44 percent were unusable. Regardless, we agree that disposal of equipment is not being scrutinized enough. Any drive which has had sensitive data on it should be destroyed, not just thrown away.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular