Tag Archives: corporate networks

The Red-faced Blue Frog

What’s intriguing about this Blue Security/Blue Frog episode, where angry spammers attack the anti-spam company with a Distributed Denial of Service (DDoS) attack, which in turn directs traffic (unwittingly or wittingly, it’s not clear yet) and temporarily brings down blog hoster TypePad, is this: The guy behind Blue Security, Eran Reshef, is founder of Skybox, a company “focused on enabling the continuous enterprise-wide assessment of vulnerabilities and threats affecting corporate networks.”

This is at best somewhat embarrassing for Reshef, and for Blue Security, at worst it exposes him and the company to ridicule and lawsuits. Getting involved in battling spammers is not a task taken on lightly, and the one thing that Blue Security had going for it was that it seemed to know what it was doing. Users download software and register their email addresses in a central database. Spammers are encouraged to remove those email addresses; if they don’t, the software will respond to subsequent spam by visiting the website advertised and automatically filling the order form. If enough people have the software running this, in theory, creates an overwhelming amount of traffic for the spammer and brings their business to a halt. Blue Security now says it has tens of thousands of members.

But then came last week’s attack. Reshef initially said that that no such DDoS took place on the www.bluesecurity.com server, something contested by some analysts. He has since said that a DDoS did take place, but against operational, back-end servers  and not connected to his company’s front door. This, he said, he only spotted later. He says that when he redirected traffic to his blog at TypePad there was no DDoS on the bluesecurity.com website; that, he says, came later. This appears to be borne out by web logs provided to TechWeb journalist Gregg Keizer.

Blue Security’s handling of this raises more questions than it answers. Many are highly technical and not ones I understand. But there are some basic ones. Was the company not prepared for spammers to retaliate? Did it not have any procedures in place? Why did it redirect traffic to TypePad without informing them first? Why did it not coordinate closely with its ISP? And why, given Reshef’s expertise on DDoS attacks with Skybox, was he not able to spot the DDoS attack on his backend servers?

SkypeKiller Or PR Stunt?

Some people, we know, really don’t like Skype. A few people are now building a business on it. Now there’s SkypeKiller (“Your whole network Skype ridden for free”), a French program which will remove all traces of Skype from your network. As its homepage states:

With nearly 200 million downloads and 62 million regular users worldwide, Skype´s IP telephony service has become a real phenomenon.  However use in corporate networks can cause real problems:
* Uncontrollable bandwidth usage
* Uncertainty as to confidentiality
* Potential security flaws
* Productivity issues
* etc …

Thanks, Russell Shaw of ZDNet blogs, who walks us through how to use it. Unfortunately, “SkypeKiller” as a name is much more likely to be assumed to be a program that is better than Skype. And Stuart of Skype Journal reckons it’s more about cheap PR than being a serious tool.
 

Beyond Phishing, There’s Corporate Spoofing

Phishing — the practice of lulling users into giving up their passwords and whatnot — is not just aimed at the public. Corporations are also falling victim.

According to MailFrontier, a company that provides ‘messaging security’, says that ”while phisher scams — a largely consumer-facing problem where fraudsters spoof well-known brands in an attempt to steal personal information — garner most of the media attention, the untold story is that IT departments are being spoofed as well, compromising the security of entire corporate networks. Highly-sensitive information about the company, employees and customers, is easily attainable when a fraudster gains access to legitimate employee passwords and network login information.”

MailFrontier cites as an example of this a large media company, where new hires received an email written in the official corporate format asking them to re-authenticate their SecurID cards by providing serial numbers corporate usernames, and PINs. The request appeared to come from the IT department, and several new employees provided the information. The emails, MailFrontier says, were fraudulent and as a result, the enterprise’s network was compromised, exposing secure corporate assets and employees’ personal information.

MailFrontier, of course, has a solution: its new MailFrontier Enterprise Gateway 3.and MailFrontier Desktop 4.0, “the only such products on the market that actively protect email users from this dangerous threat”. But that doesn’t mean it’s not a real problem. I just haven’t heard much about it. I guess that’s because companies don’t like to broadcast such breaches, not only because it’s bad PR but because, presumably, the most likely culprits would have to be someone in the same business.

News: Klez Is Still So Big

 Viruses, worms, whatever, don’t have to be new to be a pain. Bill Fallon, Vice President of Product Marketing at EasyLink Services Corporation, the company that offers and operates MailWatch (“a leading Spam-blocking, virus-scanning and content-filtering service protecting corporate networks worldwide!”) : “The Klez worm, which debuted back in October 2001, continues to be the most widely circulating threat among corporate networks almost two years later. Just last month we intercepted it over 95,000 times.” That baby just seems to run and run. There are three times as many Klezes running around as the next most popular worm, Sobig (32,000).

News: PestPatrol Goes Free

PestPatrol, Inc. “the leading developer of security software to detect and eliminate spyware, adware, trojans and hacker tools from corporate networks and home user PCs” (I don’t know whether there’s any limit on the length of phrase companies can claim they are the best at, but I’ll faithfully reproduce them here; maybe we can have a competition sometime for the silliest one) have launched the first
comprehensive online spyware detection service
. For free.

PestScan from PestPatrol is a web-based program that runs right from the PestPatrol website, downloading just a few small components to the user’s computer. It is designed to provide a quick and easy way to scan Windows PCs for spyware, keyloggers, and other computer pests in the places they are most likely to be hiding. The PestScan results link directly to PestPatrol’s extensive pest information database, enabling users to find out exactly what the threat level is.

I haven’t tried this yet. Let me know how it works for you.