February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for June 2010

Update your iTunes or face potential exploitation

June 28, 2010 By Leave a Comment

While reviewing this weeks CERT summary I noticed three vulnerabilities with a risk rating of 10 which is the highest. With the wide distribution of the iTunes software, these vulnerabilities have potentially serious ramifications. Since they involve remote code execution it is prudent that any and all users of iTunes upgrade to version 9.2 or newer. You can check the version you are running via help/about in the program menu. Here is a partial screen-shot of this portion of the Cert advisory followed by a link to the advisories:

iTunes Vulnerable

iTunes Vulnerable - Cert Advisories

Resources:

Popularity: 5% [?]

Filed Under: Security Tagged With: , , , , ,

Anatomy of a Phishing Email

June 13, 2010 By Leave a Comment

I encountered a great opportunity this evening, the opportunity to share an inside look of a Phishing Email. What is Phishing?

“In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” – Wikipedia

What I noticed was an Email purportedly from Bank of America telling me that there was an “Account Resolution Required”:

Phishing Message Bank of America

Message in Outlook Allegedly from Bank of America

I scanned over to the preview pane and noticed that it had a link that appeared to be correct, so I hovered over the link to see if the link was spoofed and to no big surprise, it was. Here is how the message looked in my preview pane, I did not download pictures because that is a popular way for spammers/crooks to confirm Email addresses of their targets/victims:

Full Phishing Email Screenshot

Full Phishing Email Screenshot

Let me further clarify in lay terms, the link that reads:

https://www.bankofamerica.com/home/1244618/ddjdfdkfi126.aspx?screenid=Update_Acct

is actually:

http://prostyle-esports.nl/index.php

and this is evident when I hover over, or place my mouse cursor on the “alleged” link. This is a tactic you can use to check links you are unsure of. However I should clarify that it doesn’t always work. There have been occasions where this has been spoofed effectively typically it has to do with the Email client or Browser and security patches on your computer.

Testing the Link

Using a test environment I pasted the link to see what the target site looked like:

Blocked - Forgery

Blocked - Forgery

I was pleased to see it had been blocked, this saved me the time of researching and Emailing the Internet Provider involved. After confirming this I used “properties” on Outlook to get the header information, there is a lot of information but plenty of clues to let me know that this message was not authentic (had everything else appeared right, which most certainly the SSL certificate warning would have popped up unless it was an unprecedented forgery!). Here are a few of the more obvious lines I parsed from the headers:

Received: from User ([82.128.0.69]) by post.strato.de (mrclete mo25) (RZmta
23.3) with ESMTP id 20016am5E507CT ; Mon, 14 Jun 2010 07:43:29 +0200 (MEST)
Reply-To:
From: Bank of America

In the above examples, you can see that the message replay and from don’t match and that the mail server is post.strato.de not a likely mail server for Bank of America (perhaps for Deutsche Bank next time guys?). Also after running the IP address of the sender 82.128.0.69 on Arin.net I was able to determine that it was a European Address (which I had already figured due to the .de domain on the mail server, but it was further validation):

Output of Arin.net Whois - RIPE

Output of Arin.net Whois - RIPE

There are a lot of ways to spot fraudulent/Phishing Emails. Our advice to our clients is if they are not 100% certain we recommend they forward the messages to us for analysis. Most of these kinds of messages are blocked and we don’t see them, but if something doesn’t look quite right it probably isn’t.

Enhanced by Zemanta

Popularity: 8% [?]

Filed Under: Howto, IT Professionals, Security Tagged With: , , ,

Speakeasy and Covad to seek merger

June 10, 2010 By Leave a Comment

 

We received information today that Speakeasy is seeking to merge with Covad. As we are a Speakeasy partner we wanted to share this information with our customers immediately. Here is the Email from the Speakeasy CEO Bruce Chatterley:

I want to personally contact you regarding an important announcement that Speakeasy is making today and explain how this announcement benefits our partners.

Speakeasy has decided to join with Covad Communications Company, a leading national provider of IP broadband services in North America and MegaPath Inc., a leading voice, data, security, managed service and VPN service provider.   This new entity combines Speakeasy’s expertise in smaller business communications, MegaPath’s wide selection of products and value-added services and, Covad’s robust network infrastructure. This combined entity creates a new class of CLEC; a Managed Service Local Exchange Carrier (MSLEC). As a result, Covad’s nationwide broadband footprint will support Speakeasy and MegaPath’s voice and data application services. By combining companies, these voice, data, and value added services will be available anywhere you do business and to virtually every small, medium and large business you serve.

This merger is subject to the approval of the Federal Communications Commission and state public utility commissions in many of the states where Covad and MegaPath do business. Until the close of this merger, Speakeasy will continue to operate business-as-usual. This transaction is expected to close by the end of the third quarter of 2010.

Speakeasy is dedicated to providing our partners with the highest-quality portfolio of voice, data services on the market, and this merger helps us strengthen that commitment. The resources of the new combined company will enable us to expand our service offerings and provide more choices and value for you and your customers

I want to take this opportunity to thank you for your continued support. Partners are an important part of both companies and will become even more critical to our combined company. With this merger, you will continue to receive all of the benefits of our existing partnership, plus enjoy the benefits of our expanded network and service offerings. We have some exciting plans for the future, and we look forward to working with you to bring them to market.

Should you have any additional questions, please feel free to contact your Speakeasy Sales Consultant.

For more information, please read the press release posted on www.speakeasy.net/press.

Enhanced by Zemanta

Popularity: 7% [?]

Filed Under: News, Speakeasy Tagged With: , , ,

CIMCO DNC Max and CNC Edit Recommended Serial Hardware

June 9, 2010 By Leave a Comment

Here is the official list of hardware recommended by CIMCO for serial communications via DNC Max and CIMCO Edit:

CIMCO DNC-Max and CIMCO Edit (communications) work with all industry standard serial communication hardware devices including but not limited to multiport serial adapters (PCI) and single/multi-port Ethernet (wired and wireless) serial device servers (converters) from MOXA (www.moxa.ccom), DIGI International (www.digi.com), and Quatech (www.quatech.com). 

Because of the consistently high quality and reliability of device servers (wired and wireless) from MOXA we recommend the following devices for Ethernet based communications: NPort 5610-8, NPort 5610-16, NPort 5210, NPort 5110, NPort 2250 Plus US and NPort 2150 Plus.

For multi-port PCI serial adapters CIMCO recommends DIGI Neo Adapters and related concentrator boxes.

Related Posts Plugin for WordPress, Blogger...

Popularity: 14% [?]

Filed Under: CIMCO Tagged With: , , ,