|
Sample Issue of
MICETM Security Exclusive
"Your solution to the Technology Rat Race!"
January 2002 VOLUME I ISSUE I
NOTE: This is an actual duplicate of a past issue
------------------------------------
Welcome to our first issue of MICE Security Monthly!
How appropriate that I would be putting out a security
issue this week when our own web site security has been
breached! Ah, the price we pay for teaching people!
But Precision Web has moved us to a secure server and
now it's a matter of restoring some missing information.
So if you tried to access our site over the past several
days and received errors, this is why the site was offline
for a while.
There's so much for you to learn about security that I
hardly know where to start. But I guess we will start
with some of the items talked about in our bimonthly
newsletter.
But little-by-little we will teach you how to protect
yourself online and off. Your questions are always welcome!
If there's something you are particularly concerned about,
please send us an e-mail at:
and we will either respond personally to you or cover the topic
in the next newsletter. But we don't know what you want
unless you tell us!
So dig right in to this issue!
Until next time, "Happy Computing!"
And remember, "The early bird catches the worm,
but the second mouse always gets the cheese!
The Editor,
Debbie Mahler
SECURITY BREACHES
You may have heard it or read it but, just what is a
security breach?
A security breach is any access gained to computers or
technology systems through unauthorized access.
You may hear several terms used in conjunction with this
type of access.
Crack (noun) A program code that allows people to break
registrations or locks on software programs. While this
term is not often used in relation to "security breaches"
with computers, it is a breach of security with software.
Example of use: Joe stopped the trial version of WinZip
from requiring him to register by installing the crack.
Crack (verb) The process of breaching software security.
Example of use: Susie cracked the registration code on the
trial version of Windows XP.
Cracker (noun) Another term for a hacker. Helpful hacker's
would like others to call the "evil" hacker's "cracker's"
instead. Example of use: Smith was arrested for being a
Cracker when they discovered he gained illegal computer
access to the company database.
Exploit (verb) To take advantage of a hole or vulnerability
in software or hardware in order to breach security. Example
of use: Windows XP allows intruders to exploit the core
vulnerability to gain access.
Firewall (noun) A software program or hardware device that
blocks a technology system from outside or unauthorized
users. Example of use: While I use a software firewall at
home, our office uses hardware to block intruders.
Hack (noun) A unsolicited software change added by a third
party. Hack's in shared programming is a good thing because
they are usually improvements that benefit everyone.
Example of use: Carl uploaded a hack to that perl script and
now it is able to perform multiple emails at once!
Hack (verb) The process of gaining access by breaking
through a flaw in programming, firewalls or other security
devices. Example of use: Joe wanted to hack into the
database and delete his employee files.
Hacker (noun) Someone who works hard at breaking or finding
flaws in programming or hardware security. Example of use:
Janet is a well known hacker in our school. She broke into
the student database and changed her grades.
Hole (noun) An open part of code in software programming
that allows intruder's to access. Example of use: A hacker
found a major security hole in our cgi script.
Intruder (noun) An unauthorized presence within a technology
system. Intruders can be anything from a cracker/hacker to
a virus or electronic worm.
Vulnerability (noun) The weakest part of programming code
that allows intruders access.
As mentioned in my introductory paragraph, one of our
cgi scripts on our previous web server had a security hole
in it. A young hacker from France called it to my
attention.
It is these kinds of programming flaws that allow
unauthorized users to access computer systems globally.
Your next question I'm sure is, "Why can't programmer's
program better?" Am I right?
Well, it's not that simple. And in order to understand
the programming process, I'd have to teach you programming
and that would be far too long of a newsletter! But to keep
it short, those of us who do programming, spend our time
making programs work. We don't spend endless hours trying
to discover flaws. We make them as secure as we can with
the knowledge we have at the time, but there are others
who thrive on finding something we don't know about. So,
while we are creating, they are taking apart. Does that
help you understand better?
Next issue we will get into the mind of a hacker and
explain why people do this sort of thing.
LATEST SECURITY NEWS UPDATES
WoW! Where do I start with this one. So much to tell so little room!
Well, I guess I'll start with some humor. (At least I think this is funny. Well really, I thought it was
hilarious!) On January 16, ABC News reported in a story that Microsoft Chairman,
Bill Gates issued an e-mail memo to his employees announcing that the company will focus on security* and privacy instead of new software capabilities.
What's the matter Bill? XP sales aren't as good as expected?
If you think that all this security is talk is an American over-reaction, you MUST READ by the BBC News*
The article explains a study conducted by Symantec UK where they attached firewalls to
the participants PC to track how often they were being "stalked." The results are frightening.
After reading this article, you will understand why we fight so hard to educate PC users!
And if that article isn't enough to scare you into taking security seriously, try this one at Fox News.
This article confirms what we've been "preachin and teachin" for the past four years.
*The articles mentioned in this newsletter are no longer available online
OUR USUAL CHEAP ATTEMPT AT ADVERTISING!
If you like our content, why don't you recommend
us to a friend, family member, neighbor, acquaintance,
the Pastor, your Lawyer, just anyone!!!
Have them sign up at: Subscription Page and get their own issue!
Remember, we have a drawing coming up shortly!!!!
SCUMWARE & SPYWARE DEFINED
Have you heard that term yet? Scumware. AKA Spyware (by definition, they are two different things even though they are used interchangeably).
What is Scumware? According to the experts at Scumware.com, it is:
"The stealing of traffic from independent Web site publishers has become the biggest threat to the survival of the Internet to date."
And just how is that accomplished? In a variety of ways but
it is all accomplished with the aid of downloading
"supposedly" handy utilities or software.
The most common scumware is known to Internet Explorer users
who use software that allows something called TopText and/or
smart tag type technology. The software changes targeted
keywords to links that redirects visitors to advertisers.
Huh?
Let's use an example to help you understand. You install
this great new program that helps you manage your downloads
and suddenly the top portion of your Internet Explorer has
changed. When you go to different web sites, you notice
that some of the words on the page has links in a different color
than what matches the web site design. That's how scumware
works. Advertisers pay for their keywords to get
highlighted on any page visited. When the user clicks on
the highlighted keyword, the user is taken to the
advertisers site. This happens despite the fact that the
original web designer of the site you were visiting NEVER
put the link in there!
So what programs are currently listed as scumware?
eZula Toptext, ePilot, KaZaa, Flyswat, Gator and Surf+
If you would like to see the name of the companies stealing
your keywords check out Thiefware.com/thief.ads (Are you in for some surprises!)
Now, what is spyware? According to Whatis.com,
"In general, spyware is any technology that aids in
gathering information about a person or organization
without their knowledge. On the Internet, spyware is
programming that is put in someone's computer to secretly
gather information about the user and relay it to
advertisers or other interested parties."
The web sites I checked out to research this article are
frightening. What happens is you install a program that
is shareware or freeware and with it comes an adware
program that installs with it. You see the ads at the top
of the program and figure you have to suffer through it
since it's freeware or unpaid for shareware. What you don't
know is that the adware is secretly sending back information
to the server about the ads you are seeing and other
information about your online habits (this information
varies depending on the software).
The key to understanding if you have spyware unknowingly
installed is to look for any reference on your PC to these
Adware providers:
Aureate/Radiate (GoZilla Software & Auereate SpamKiller
Software, Download Minder, Real Estate Web Site Creator,
Really Easy Interactor, Real Reverb Convolution, Vagabonds
Realm, UK Phone Codes, BuzMe Internet Call Waiting,
Advanced Call Center, Free Hearts for Windows, AceNotes,
Ez-Forms Free, Free Picture Harvester, Free Hearts, Free
Solitaire, Free Submitter Pro, Free Budget, Free Image
Editor, Free IRC, Free NotePad, Free Saver MP3, FreeZip)
Conducent/Timesink (Retail Software: eGames, Netzip Download
Demon, Real Information Finder, Real MP3 Finder, Raptor Call
of the Shadows Demo, FreePak, 100% Free Spades, 100% Free
Hearts)
Transcoms Beeline (FreeBee)
Comet Cursor (Netscape and many others!)
GoHip (One visit to the site and your browser and PC is no
longer your own!)
Cydoor (MP3 Tag Studio, PC-to-phone)
Web 3000 (please see this link for their list of software
as there is far too many to list here.)
Other known Spyware programs: Limewire 2.x, Grokster,
Net2Phone
To see the BIG list of Broadcast/Mattel Spyware, please visit the link. (There are far too many to list!)
After my research, I decided to check into a few of my
own suspicions about software I've seen. So I entered
my own Audio Galaxy that I use for sharing MP3's. Yes,
they turned up, but! I had the option of installing the
additional files and I rejected them so they are not on
my computer. And yes, I did go check after seeing them
on the list.
I also checked on another MP3 sharing program I was
suspicious about BearShare. My hunches were right!
They are served by WhenU.com an Internet Shopping service.
Their privacy statement states:
3. WhenU.com may collect user information such as gender,
age and zip code to compile anonymous trend information
about Internet and WhenU.com usage patterns. WhenU.com
compiles statistics by aggregating information across large
numbers of users. These statistics may be provided to third
parties.
This means that it's an invisible program that is installed
when you install BearShare and it tracks your habits and
sends the results back to the adware provider.
If you think you installed a program with Spyware in it,
check the name against the spyware database here: www.spychecker.com*
Ok, the legal stuff at the bottom of the page is coming
next. So, unless you want to unsubscribe, you can really
stop reading now!
Spychecker.com is no longer on the web
Legal Stuff
The unsubscribe information appears in this section of the e-mail.
MICE Security Exclusive is an exclusive FREE newsletter to subscribers only.
The content in this newsletter is not published on our web site.
This is a sample issue of an actual newsletter for example purposes only.
This page will not be updated or otherwise changed.
(C)2001-2003. All right reserved.
MICE Training & Technology retains all copyrights to this publication
but will grant limited reprint rights upon request.
Use of the MICE™ logo and logo graphic is strictly prohibited
and vigorously enforced.
Sources quoted retain the copyrights to their material
and would have to be contacted for reprint rights to their publications.
|
