Tag Archives: security software

KL’s Airport Gets Infected

image

If there’s one place you hope you won’t get infected by a computer virus, it’s an airport.

It’s not just that the virus may fiddle with your departure times; it’s the wider possibility that the virus may have infected more sensitive parts of the airport: ticketing, say, or—heaven forbid—flight control.

Kuala Lumpur International Airport—Malaysia’s main international airport—was on Friday infected by the W32.Downadup worm, which exploits a vulnerability in Windows Microsoft patched back in October. The worm, according to Symantec, does a number of things, creating an http server on the compromised computer, deletes restore points, downloads other file and then starts spreading itself to other computers.

image

Enlargement of the photo above. The notification says Symantec Antivirus has found the worm, but has not been able to clean or quarantine the file.

KL airport clearly isn’t keeping a tight rein on its security. The virus alert pictured above is at least 12 hours old and the vulnerability it exploits had been patched up a month before. Says Graham Cluley of UK-based security software company Sophos: “What’s disturbing to me is that over a month later, the airport hasn’t applied what was declared to be an extremely critical patch, and one which is being exploited by malware in the wild.”

What’s more worrying is that this isn’t the first time. It’s the first time I’ve noticed an infection on their departures/arrivals board, but one traveller spotted something similar a year and a half ago, with a Symantec Antivirus message popping up on one of the monitors. I saw a Symantec Antivirus message on one monitor that said it had “encountered a problem and needs to close”, suggesting that the worm had succeeded in disabling the airport’s own antivirus defences:

image

So how serious is all this? Cluely says: “Well, it’s obviously a nuisance to many people, and maybe could cause some disruption.. but I think this is just the most “visible” sign of what may be a more widespread infection inside the airport.  I would be more concerned if ticketing and other computer systems were affected by the same attack.”

He points to computer viruses affecting other airports in recent years: In 2003, Continental Airlines checkin desks were knocked out by the Slammer worm. A year later, Sasser was blamed for leaving 300,000 Australian commuters stranded, and BA flights were also delayed.

For me, the bottom line about airports and air travel is confidence. As a traveler I need to feel confident that the people deciding which planes I fly and when are on top of basic security issues. And that doesn’t mean just frisking me at the gate. It also means keeping the computer systems that run the airport safe. This is probably just sloppy computer habits but what if it wasn’t? What if it was a worm preparing for a much more targeted threat, aimed specifically at air traffic?

(I’ve asked KL International Airport and Symantec for comment.)

Loose Bits, Nov 28 2006

From my PR intray, some surprisingly interesting little odds and ends:

LocalCooling is a 100% Free power management tool from Uniblue Labs that allows users to optimize their energy savings in minutes and as a result reduce Greenhouse Gas emissions. The software “automatically optimizes your PC’s power consumption by using a more effective power save mode. You will be able to see your savings in real-time translated to more evironmental terms such as how many trees and gallons of oil you have saved.”

Sim CityElectronic Arts Inc. today announced SimCity for mobile, which “lets mobile phone users create and manage the growth of a living city in the palm of their hands. Originally created by Will Wright, SimCity is now available on major U.S. carriers.” Not sure how this works, as there’s nothing yet on EA’s site. It does sound a bit like milking a cash cow or is it flogging a dead horse? 

free spam filterCyberDefenderFREE is “a full internet security suite that can operate  standalone, or complement existing security software to add an existing layer of early-alert security to the desktop.” As far as I can work out, this is a competitor to Windows Defender although it seems to include a collaborative element, where users report either manually or automatically dodgy software and sites they’ve come across. I think.

iPod, National Security Threat

Companies, governments, institutions: beware of the dude carrying an iPod.

Bernhard Warner, Reuters’ excellent European Internet Correspondent, points out that the high-capacity iPod is getting banned from a lot of places as high-tech security risk. The UK’s Ministry of Defence “has become the latest organisation to add the iPod to its list of high-tech security risks” and “no longer allow into most sections of its headquarters in the UK and abroad”.

This policy kicked in when the MoD “switched to the USB-friendly Microsoft XP operating system over the past year”. And it’s not just the chaps from the MoD: Bernhard also quotes a survey of 200 mid-sized and large UK companies by security software firm Reflex Magnetics that says 82 percent of respondents said they regard so-called mobile media devices like the iPod as a security threat.

And it’s not just stealing stuff: Bernhard says technology consultancy Gartner a week ago “advised companies to consider banning the devices because they can also unwittingly introduce computer viruses to a corporate network”.

This all makes sense, but if you’re going to ban the iPod, you’re going to have to ban USB keychains, USB pens, microdrives and other small forms of storage. What about PDAs? What about smart phones?

Bluetooth Security – The World Wakes Up?

The corporate world, it seems, is waking up to Bluetooth security issues. At the same time there is a growing slew of products to make them sleep safer.

InfoSync World writes of new security software from Bluefire Security which “disables Bluetooth and Infrared communication to minimize the risk of information theft.” Bluefire Mobile Firewall Plus 3.0 allows system administrators to disable Infrared and Bluetooth communication capabilities on any company PDAs or other gadgets before they’re handed over to workers.

GeekZone also reports that AirDefense has launched what the company is calling “the industry’s first Bluetooth monitoring solution”. BlueWatch monitors an organisation’s ‘airspace’ and can identify different types of Bluetooth devices, including laptops, PDAs, keyboards and cell phones, their signal strength and illustrate the connectivity among various devices.

Here’s a piece from ComputerWorld on what IT managers are doing. Of course, there’s a danger of an over-reaction here. Some folk don’t see Bluesnarfing, Bluejacking et al to be a problem. But this is usually because they are only considering it from their own point of view (‘I’ve only got my mum’s and girlfriend’s telephone number in there, who would want that? They’re welcome to it’). But for companies this is a serious issue. If a rival could sit outside their office and download all the marketing department’s contacts from their cellphones, PDAs or (theoretically) their laptops, then that might be something to worry about.

The Price Of Democracy

An interesting essay by security guru Bruce Schneier (via the brianstorms weblog) on the economics of fixing an election. Put simply: How much is it worth a party to fix an election, and so how much would they be willing to spend on doing it? Put another way, how much should the folk designing an electronic voting system assume will be spent on trying to get past the security software?

Bruce does the math and concludes ”that affecting the balance of power in the House of Representatives is worth at least $100M to the party who would otherwise be losing. So when designing the security behind the software, one must assume an attacker with a $100M budget. Conclusion: The risks to electronic voting machine software are even greater than first appears.”

Scary stuff. Although much of the emphasis of such articles has been on how this might be done in established democracies (and there’s still plenty to worry about there) my worry is how about how voting systems may be exported to the developing world.

News: PestPatrol Goes Free

PestPatrol, Inc. “the leading developer of security software to detect and eliminate spyware, adware, trojans and hacker tools from corporate networks and home user PCs” (I don’t know whether there’s any limit on the length of phrase companies can claim they are the best at, but I’ll faithfully reproduce them here; maybe we can have a competition sometime for the silliest one) have launched the first
comprehensive online spyware detection service
. For free.

PestScan from PestPatrol is a web-based program that runs right from the PestPatrol website, downloading just a few small components to the user’s computer. It is designed to provide a quick and easy way to scan Windows PCs for spyware, keyloggers, and other computer pests in the places they are most likely to be hiding. The PestScan results link directly to PestPatrol’s extensive pest information database, enabling users to find out exactly what the threat level is.

I haven’t tried this yet. Let me know how it works for you.