Thursday, August 27, 2009

Zeus, King of the Underground Crimeware Toolkits

This blog post and video explains how Zeus, currently the world's largest botnet, works.

Labels: , , ,

Tuesday, August 25, 2009

OWA+Weak Passwords=Big Trouble

Now's the time to make sure your users are using strong passwords. As pointed out in this post from the RedSpin Security Blog, Outlook Web Access makes getting email on the go very easy for users, but it opens up yet another attack surface that is pretty easy to attack using commonly used tools.

This an another example of why law firm IT folks needs to encourage the use of strong passwords.

Labels: , , , ,

Sunday, August 23, 2009

What's so interesting about the TJX Hacker Charged With Heartland, Hannaford Breaches

Here's a few details I find interesting in this story:
* The hackers allegedly stole more than 130 million credit and debit card numbers from Heartland and Hannaford combined.
* Gonzalez and 10 others were charged in May and August 2008 with network intrusions into TJX, OfficeMax, Dave & Busters restaurant chain and other companies.
* The attack vector was SQL-injection
* The hackers tested their malware against some 20 different antivirus programs to make sure they wouldn’t be detected, and also programmed the malware to erase evidence from the hacked networks to avoid forensic detection.
* The thieves captured card account numbers and expiration dates and, in 20 percent of cases, the customer’s name as well.
* Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.”
* Another hacker linked to the crime committed suicide in 2008.
* Gonzalez goes to trial in New York on September 14th for the Dave & Buster’s hack.
* Next year, Gonzalez faces trial in Massachusetts on the TJX hack and may eventually face trial in New Jersey on new charges levied against him this week for allegedly hacking into five other companies, including Heartland Payment Systems and 7-11, and stealing more than 130 million credit and debit card numbers — the largest data breach prosecuted in the United States to date.

Some are wondering if Gonzalez was hired to do these jobs for the Russian mob. I can find no coverage of such a link.

Two of my debt cards were involved in these breaches. One was replaced. My bank give me one year of free fraud monitoring on the other.

While we as law firm IT don't usually process credit card transactions, most of us have SQL databases, many of them Internet facing or running our websites.

As defenders what can we learn from the breach? Secure your web applications. SQL-injection is a common thread in many recent breaches. It's a quick and easy way to get behind your firewall.

Labels: , , , ,