Loading....

AOL Data Breach, User Data Stolen

AOL Logo

AOL is reporting a massive data breach which affects a “significant amount of users”.  AOL is recommending users change their passwords immediately.

According to AOL’s Security Team:

This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts.

If you utilize AOL for your consignment software’s email functionality, or for your personal email, please be sure to change your password right away.

Stunnel Vulnerability | Remove or Patch Immediately

Bug

Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin.  There is a known flaw that could be utilized to inject arbitrary code and ultimately control where the connection goes.  Imagine the emails you’re trying to send to consignors and/or customers being intercepted.

That wouldn't be good...

If you think this is being hyper-sensitive, you don’t internets enough.

Any applications installed on your systems must be justified, as per the PCI DSS v2.0:

[hr size=’big’]

2.2.2 Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system.

2.2.2.b Identify any enabled insecure services, daemons, or protocols. Verify they are justified and that security features are documented and implemented.

2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.

2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers.  Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.

[hr size=’big’]

If someone is going to install 3rd party software on your computer, be sure to ask them if they are going to maintain and patch that software on a daily basis.  As a business bound by PCI DSS, applications must be patched on at least a monthly basis.  For systems storing/processing/connected-to sensitive data, applications should be patched more-frequently – i.e. daily.

Without even considering PCI DSS, it’s common sense.  An application installed with good intentions, can easily backfire on you if not properly maintained.

Days Since Last Known Java 0-day Exploit

Days Since Last Known Java Exploit

A handy website to let you know how many days its been since the last-known Java 0-day exploit.

[hr size=’big’]

[button link=”http://java-0day.com/” size=”bigger” open_new_tab=”true”]java-0day.com[/button]

[hr size=’big’]

With Java 0-day exploits appearing at the rate of one per day, it will probably come in handy.  🙂

What’s Rubbing-Up Against YOUR Website?

CloudFlare IDS

Or who, for that matter.  If you think your website just sits there and serves pages to friendly visitors, you’re missing out on all the fun that’s going on behind the scenes.  Properly securing a website + ongoing maintenance are critical to preventing your site from being “hacked”.

Websites are not a “set it and forget it” sort of thing.  Server logs should be inspected on a regular basis.  An Intrusion Detection System should be in place.  Updates for software should be installed on a regular basis.  WordPress must be updated and maintained and if you ignore this maintenance, you’ll have some friends coming to visit you…

CloudFlare IDS
CloudFlare IDS | Click to Enlarge

And what are these “friends” doing on your website?  Just running some friendly Dictionary Attacks, that’s all…

Dictionary Attacks
Dictionary Attacks | Click to Enlarge

Attempting to log in as ‘admin’…

Admin Login Attempts
Admin Login Attempts

If you have a WordPress site, unsuccessful login attempts are not blocked, so someone can try to log in to your admin page over and over again without you ever knowing.  That is, unless you have the right tools in place.  At the very least, make sure you install the Limit Login Attempts plugin.

Security is a multi-layer approach, so don’t think there is just one simple solution to secure your website.  Make sure you or someone is maintaining your website, installing the latest updates, pruning as many attack vectors as possible, checking your logs, etc.

If you have any questions, feel free to comment below or Contact Us!

Patch Tuesday To Address 57 Security Vulnerabilities

Windows Updates Patch Tuesday

Tomorrow is Patch Tuesday and this one’s a big one.  Microsoft is releasing a dozen updates that will address a whopping 57 security holes.  So chances are, this just means another Manic Wednesday for some users.

Some tips to help avoid bumps on Patch Tuesday:

[checklist]

  • When you leave for the day, close any programs or files you’re working on.  Running applications, un-saved files, etc. can all affect the Windows Update process, especially come time to shutdown/reboot.
  • Ensure your computer is running on a stable power source + an Uninterruptible Power Supply.  Even just a slight sag in power can have a major impact on a system.  It’s just not worth it to not protect your data with a battery backup.
  • If you see Windows Updates in progress when rebooting or when powering-on, be patient.  Sometimes it can take 5, 10, even 15+ minutes to “chew” on all of these updates.

[/checklist]

Don’t forget to patch your other applications as well, such as Acrobat Reader, Flash, etc.  Java should be fully removed unless absolutely required.  If you’d like to have The Computer Peeps handle automatic patch management for you, as well as complete system monitoring, we offer those services on a monthly basis with no contracts.  Whether it’s us, you, or another tech, someone needs to be patching your systems.

What are you doing for patch management at your consignment store?  Comment below if you have any questions!

Edit 2/11/2012 6:46 PM EST: Fixed a typo.

How To Install AdBlock Plus for Firefox [Video]

AdBlock Plus

Here is a quick video tutorial on how to download the free AdBlock Plus add-on for Firefox…

You can install the AdBlock Plus add-on, or any add-on, via your Firefox Button, then Add-ons

Firefox Add-on

The very first result is for AdBlock Plus – click Install

AdBlock Plus Add-on
AdBlock Plus Add-on | Click to Enlarge

We strongly recommend utilizing ABP not just to hide annoying ads, but as another layer of security for your system.  Many legitimate websites can have their 3rd party ads compromised, so just by using ABP, you are reducing some of the potential attack vectors you may encounter.

Speedtest.net Recently Compromised

Speedtest.net

The most popular internet speedtest site, Speedtest.net, was recently compromised.  They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.

Invincea has a fantastic dissection of the payload the infected site was delivering.  This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system.  It doesn’t have to be a *questionable* website or suspicious email that leads to infection.  Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.

There is no single solution to security.  Security is a multi-layered approach.  With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start.  By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system.  Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible.  A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.

So keep your wits about ya, folks.  Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.

For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.

Remote Zero-Day Exploit In Linksys WRT54G Routers

Remote Zero-Day Exploit In Linksys WRT54G Routers

Linksys WRT54GLBack in the day, the WRT54G used to be the router.  That hasn’t been the case for years though.  A lot of “techs” who read, but don’t actually practice, tend to sing the praises of the WRT54G as though it were the holy grail of routers.  What they don’t know is, the router they evangelizing, isn’t the hardware it once was.

Before I go on, I’ll wait while those of you interested in the technical details, go and read this first:

http://nerdvent.net/2012/07/12/stop-telling-people-to-buy-wrt54gs/

Ok, everyone back?  Good, let’s continue.

First of all, the Linksys WRT54G simply is not the class of router a small business should have in place.  Anyone recommending it is bringing their personal home setup, into the wrong arena.  And don’t try to start the conversation about, “You can flash the router and install DD-WRT.”  Tell that to a consignment store owner and let him/her know you’re going to personally maintain it for life.

Now there are even bigger problems with the Linksys WRT54G.  There’s a remote zero-day exploit for the router, allowing an attacker to remotely connect to and obtain root (i.e. full admin access) over your router, all its files, settings, etc.

Remote Zero-Day Exploit for Linksys WRT54G
Remote Zero-Day Exploit for Linksys WRT54G | (Image Source: DefenseCode)

According to the team who discovered the exploit, and despite Linksys saying they’ve patched it…

The latest official Linksys firmware – 4.30.14 and all previous versions are still vulnerable.

So what started as a blog post about how the Linksys WRT54G simply isn’t the router “kids” think it is, has now become much more serious.  Apparently a fix is on the way but this will most-likely require users to download and flash a new firmware update.

Back To Top