Technical Tidbits

I was doing some research on TrendMicro for a student and accidentally fell on this hidden new tool! RUBotted is a new, free botnet (zombie) detection and removal tool in Beta from TrendMicro.

In my PC security course, I teach my students how to detect zombies and botnets but this tool makes it a snap!

I just downloaded the small file and installation went 1 - 2 - 3!

I was relieved when the installation completion announced that: NO BOTNETS FOUND!

It also runs quietly in the background (systray) and doesn’t appear to be using any huge amount of resources. In fact, I don’t even notice a difference in my system performance.

The requirements to install this new tool is minimal so even if you don’t have the latest and greatest PC or processor, check this out!

Kudo’s to TrendMicro for creating a great new Botnet (Zombie) detection and removal tool! And FREE!

written by Admin \\ tags: botnet detection, botnets, free, free botnet removal tool, free pc security, free pc security tool, how to remove a botnet, pc security, remove a botnet, Security, trend botnet, trendmicro, zombie, zombies

In catching up on my overstuffed Thunderbird e-mail inbox, I found a relatively new newsletter from SearchSecurity. I know some of my students in the advanced PC Security course were interested in this subject, so I thought I’d post this for you.

PODCAST: Countdown: Making NAC work with your existing security tools

This podcast provides listeners with real-world anecdotes and detailed information on how to overcome obstacles presented by conflicts between your various NAC products and other security and networking tools on your network.

DOWNLOAD PODCAST

NAC: Snyder Answers the Hard Questions
(Videocast and Podcast versions available)

The videocast and podcast featured here help answer some of today’s hardest NAC questions and provide information on how to overcome some common obstacles and challenges faced while implementing NAC within your company.

VIDEOCAST: NAC: Answering the hard questions

PODCAST: Countdown: Making NAC work with your existing security tools

Speakers are: Joel Snyder, Ph.D., Senior Partner, Opus One and Mike Chapple, CISA, CISSP, IT security professional, University of Notre Dame

SPONSOR: Sophos Inc.

Enjoy!

written by Admin \\ tags: Joel Snyder, Mike Chapple, NAC, podcast, searchsecurity, Security, sophos, techtarget, videocast

Yet another attempted hack at my eBay account today. Yet another RoadRunner IP address!

I tried to send them the e-mail showing their user’s IP but they sent me back this blah, blah BS automated response. Obviously, the ISP’s don’t care! Nice.

Anyway, this time, it was a simple request that they be e-mailed their forgotten password. Nice try! But there’s no way you’re getting in now! I have a secret weapon!

More on that later……..

written by Admin

As if we’re not busy enough with this website and our clients, our eBay account was hacked this morning.

I received an e-mail this morning from eBay confirming that they had changed my e-mail address as requested. What???? My real name was in the e-mail BUT, the ISP address and the IP address of the alleged “me” did not match!

First of all, the IP address is registered to Road Runner according to http://ws.arin.net/whois/

I have Comcast as an ISP and a Comcast IP address, not Road Runner.

Secondly,  the ISP address is part of the “Blackhole” so it’s not a valid ISP.

Now, this raises two questions.

1. How did my account get hacked when my password was not a hackable one?

2. Why did it get hacked when there is nothing in the account that would be of benefit. No checking account information, and so forth.

Now, mind you, I’m not what you would call a “Conspiracy Theorist” but I’m beginning to wonder about some strange things I’m noticing recently.

I had sent in for one of those PayPal key chain automatic password generators and never activated it. (It was more for research then anything else.)  Could PayPal have purposely hacked my eBay account because I wasn’t using it? Makes you wonder!

The reason I’m suspicious of this type of activity is because I’ve seen some activity on our web logs that bothers me.  But more on that later.

For now, make sure your eBay account has not been compromised in case this is going around.

Now, back to changing ALL my passwords on every account I have to make sure they are tighter then they were before…..

Stay safe, Debbie

Debbie

written by Admin \\ tags: ebay, ebay account hack, ebay hack, hack, hacked, hacker, password, paypal

In our Introduction to PC Security course, one of our students reported that their computer ports are all stealth except 1030 and 1031 - which are showing open in GRC’s ShieldsUP test. (Hi Steve!)

Steve actually covers

this issue on this page: Port Authority for Internet Port 1030.  Which states this (and other) ports are used by Microsoft (M$) DCOM service.

However, this explanation doesn’t go deep enough. (Sorry Steve!) DCOM and RPC uses this port as well as 1031 and beyond. In fact, the DCOM RPC Vulnerability utilizes the 1031 port and beyond!

If you are curious or interested in investigating this further, I recommend this excellent paper called: Analysis of the Microsoft Windows DCOM RPC Exploit by Packetwatch.net.  

Debbie

written by Admin