On the Importance of Backups

We often assume bad things mostly happen to other people -- that is, until they happen to us. But a more realistic approach to risk has immense practical benefits. Consider, as a completely hypothetical example, the data on your personal computer. We all know in theory that hard drives fail. But they mostly belong to other people, so we don't worry too much about our own, even if it has 5 years of digital photos and 90% of the next Pulitzer-winning novel on it.

Last week, the drive in my laptop failed completely with no warning at all. Since I carefully maintained regular backups on an external, bootable FireWire drive, I was able to install a new drive and recover all my data with minimal difficulty.

We've mentioned the importance of data backup before, because you just never know when disaster will strike. And as more and more elements of our lives are stored digitally, the failure of a 2.5-inch hard drive can seem nearly as catastrophic as a house fire. Without a good backup, I could have lost this photo taken from the Mont Blanc, and since I don't go to 12,000 feet every day, it might have taken a while to replace.

However, the backup was a week old -- and for a Web developer, a week of code is not something you want to lose. Happily, all the projects I work with on the laptop are also under version control with Subversion, so that missing code was easily restored in about 30 seconds.

What could have been an absolute catastrophe was averted by just a little bit of risk management. If you aren't making regular backups, start now. You never know how glad you'll be to have them until your drive starts making that little clicking sound that means it's now an expensive paperweight.

Site Launch: Custom-Alarm.com

"If you need to feel safe, or you need to hear great sound... Get to Custom Alarm for the best service in town!"

Custom Alarm provides peace of mind by offering the best in sales, design, installation, service and monitoring of security systems. They also offer the best in design and installation of all your sound and media needs for your business, school, retail store, health care facility, city hall, restaurant, house of worship, etc. Want to know more?

There is no such thing as too much information when it comes to the security and safety of your family, home and business. Viewing this same information shouldn't be a chore. In designing Custom Alarm's new presence on the web, we knew that a visually pleasing, easy to use navigation system was needed. The result was a clean, professional site that offers all of the information you need--quick and easy.

It was an honor to be given the task to design a new website for such a well established, reputable company. We look forward to our continued relationship with Nikki and the rest of the crew at Custom Alarm.

Spammers Now Sending PDF files

Foiled by increasingly accurate corporate spam filters, spammers have dumped pictures for PDFs in their bulk e-mailings, according to the latest data from security firms.

Image spam, which at the beginning of the year accounted for nearly 60 percent of all junk e-mail, has plummeted and now accounts for only about 15 percent of spam. Taking its place, the number of junk e-mail messages using an attachment in the Portable Document Format (PDF) has steadily climbed since mid-June, accounting for as much as a third of spam.

"It went from zero to -- when the spammers started experimenting -- fifty-fifty image spam and PDF spam," said Matt Sergeant, senior antispam technologist for e-mail security firm MessageLabs. "Now, its gone to wholesale PDF spam."

The ebb and flow of different types of spam is an indicator of the arms race between spammers and network defenders. Image spam took off in late 2006, primarily as a way to tout penny stocks and manipulate the volatile over-the-counter markets. Yet, other types of spam, advertising products from fraudulent pharmaceuticals to sexual enhancement devices, soon started using embedded images as well. The growth of image spam peaked earlier this year, making up as much as two-thirds of all spam in January.

Companies have adapted to the attack, however, detecting the unwanted images and blocking them, said MessageLabs' Sergeant.

"The volume of image spam was so great that a number of large businesses took to wholesale blocking of e-mails coming in with image attachments," he said.

The better filtering has led spammers to change tactics and experiment with PDF files.

While security firms agreed that PDF files started regularly appearing as spam attachment about mid-June, estimates for the volume of PDF spam varied somewhat between companies. MessageLabs, which filters out virus-laden and spam e-mail messages for its clients, estimated that about 30 percent of all spam now uses PDF files. Security firm McAfee had a more modest estimate that 2.6 percent of all junk e-mail messages carried PDF files. While Symantec, the owner of SecurityFocus, has found the fraction varies between 2 and 7 percent.

"The spammers are doing the old cat-and-mouse game," said Guy Roberts, senior research manager for anti-spam at McAfee. "Vendors have caught up to spammers and detection is pretty good for image spam, so (the spammers) are changing tactics in order to get their message across."

The growth of spam e-mail messages with PDF attachments have also caused the total bandwidth of spam to grow quickly, because PDF files tend to be much larger than the GIF images that the files are replacing.

From a spammers point of view, the strength of PDF is that many companies require that their e-mail systems allow the documents to be passed to the user, said Menashe Eliezer, director of anti-spam research for security firm CommTouch. Because PDFs are ubiquitous in the business world, such attachments are more likely to reach the users, he said.

"Now, they are using professional looking PDFs, and if it doesn't look like spam, that's even better," Eliezer said.

While moving unwanted advertisements from images to PDFs may make it more likely that the message reaches the intended recipient, whether or not that person opens the attachment is another question, said Doug Bowers, senior director of anti-spam engineering for Symantec.

"We are interested in seeing if this is really effective in getting a spam message, not just delivered, but also read," Bowers said.

In the end, if PDF spam cannot deliver more eyeballs to spammers, the trend may end up being a short-lived phase, he said.

Article written by Robert Lemos, SecurityFocus 2007-07-18.

How Security Problems Happen

As computers and web-based software have become deeply integrated into our daily lives, so has a consciousness of security issues and the vulnerability of digital information. Even in the past few months, a number of high-profile breaches of computer security have been widely reported.

How do attacks happen? Although specifics vary, a surprising number of security breaches come through the same pathways -- just as a large number of residential burglars enter through the front door.

A new report from the SANS Software Security Institute has just been released analyzing the top security vulnerabilities reported during 2006. The report identifies three main programming errors which were responsible for most breaches. Even non-programmers can learn something from this report.

Error 1: Accepting input from users without validating it. If you sell your car to a dealer, he's probably going to pop the hood and make sure the vehicle contains an engine before he writes you a check. In the same way, a web-based application needs to ensure that any data it receives is safe before it uses it. In a simple case, attackers (usually automated software rather than actual human beings) can manipulate an insecure contact form on your website into sending spam. More serious attacks could result in exposing an entire database of customer information to the world.

What can you do? If you're responsible for having a website or application developed, discuss the security implications with your programmers and be sure they have a good understanding of how to handle these issues.

Errors 2 and 3: Buffer and integer overflows. In plain English, a buffer is a bucket of computer memory that's intended to hold a certain amount of information. If an attacker force-feeds more data than expected into a buffer, he can sometimes manipulate the computer into executing additional code. Similar attacks can be made by forcing the value of an number to become larger than the software is equipped to handle. Most of these kinds of attacks occur on system-level software that the average user has little control over.

What can you do? Immediately apply software patches as soon as they're released. Don't ignore that Windows Update icon that says you have updates to install. Install antivirus software and keep it up to date.

These measures will not make your software invulnerable to attack. Even well-designed programs can fall prey to a determined attacker, just as a well-secured home may be burglarized. But you should still lock the front door.

Millions Vulnerable to New Hack Attack

Security firm Symantec and the Indiana University School of Informatics have discovered a new type of security threat that could leave up to 50 percent of home broadband users susceptible to attack.

Called "drive-by pharming," the threat is focused on home routers, which can be reconfigured and directed to a malicious Web site if default settings and passwords are being used.

With traditional pharming, an attacker redirects a user from a legitimate Web site to a bogus Web site that contains malicious code. Pharming attacks can be executed by either changing the host file on a victim's PC or manipulating a domain name system (DNS) server.

In the new scheme, when a user visits a malicious Web site, an attacker is able to remotely change the DNS settings on the broadband router or wireless access point and reroute requests for legitimate sites, like online banking sites or financial institutions, to bogus sites designed to steal login information.

Default Passwords

The security team that examined the issue believes that the problem potentially affects millions of broadband users worldwide, and that the attacks can be easily launched.

The researchers urged users to protect their broadband routers and wireless access points by changing their default passwords.

Drive-by pharming is dangerous not only because it directs users to malicious sites, but also because an attacker can permanently change router settings, exposing unwitting victims to ongoing attacks.

"This new research exposes a problem affecting millions of broadband users worldwide," Oliver Friedrichs, director of Symantec Security Response, said in a statement. "Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today."

Symantec recommends that users should change their default passwords and= employ a multilayered security strategy consisting of an Internet security program that combines antivirus, firewall, intrusion detection, and vulnerability protection. Also important, the research team noted, is avoiding clicking on links that seem suspicious.

User Education

But the main issue, according to Sophos senior technology consultant Graham Cluley, is that many users either do not change settings or use the password supplied by the manufacturer. Many devices are given obvious passwords for shipping and setup, such as "administrator" or "password," which Cluley noted are very easy for hackers to guess.

"For the sake of thirty seconds' effort, home users may be leaving themselves dangerously open to attack by not changing their passwords," he said.

While the great likelihood of attack predicted by Symantec could have some effect on user education, Cluley said he hopes that router makers will also take notice and design their software to be more insistent about changing default passwords.

"More prominent warnings that passwords have not been changed from their default might help encourage users to take this relatively simple step," he said. An additional line of defense is to disable JavaScript on untrusted Web sites, he added.

Source: Atomic Park

Fraudulent Email

It has come to our attention that a handful of hosting customers recently received a fraudulent email message claiming to be from CWS. The subject line of this message is "Hosting Regular Security Maintenance."

The message includes an attached PHP script named webguard.php with instructions for the hosting customer to place the script on his or her website and run it. Although this file is presented as a security feature, the opposite is in fact true. The script is malicious and is intended to compromise the security of a server on which it runs.

Should you receive an email of this nature, do not under any circumstances upload the script to your website. If you ever receive an email that claims to be from CWS and have any question at all about its authenticity, please contact us at 1-888-426-7793.