Thursday, February 26, 2009

Kids Download the Darnedest Things

As a kid I loved to hunt wild creatures, trap them and bring them home alive. Snakes were my favorite. My mom still tells the story of my bringing home a four foot reptile during her tea party with neighborhood moms.

These days kids are just as likely to introduce dangerous creatures of the digital kind into the home computer.

An interesting segment appeared on NBC's Today Show this morning that describes the risk. The story focused on kids who downloaded and used a file sharing program to access music online. Unfortunately they were using the same computer that Mom and Dad used to prepare the family tax return and did not realize the completed tax forms were shared for the entire world to see! Any identity thief could simply type "Tax Return" into their own file sharing program's search field and find the family's 1040 form ripe for the picking. The family profiled in the Today Show story had their tax form filed electronically by an online thief who was very happy to receive their $2000 tax refund.

There are more insidious risks to file sharing networks: they are an excellent means for spreading Trojans that quietly infect computers, remain under your antivirus radar, and do more long-term damage than grabbing a tax return. File sharing programs are used by millions of users around the world to download "free" software. Need Photoshop but don't want to spend the money? File sharing programs can deliver you a "cracked" copy (a permanent free trial) or a key generator you can use to generate your own license key. Bogus key generators ("keygens") are the most common form of malware on file sharing networks.

Malware distributors watch for file sharing searches of any and all keywords and immediately offer up files that match the keywords. Searches for "Benjamin Franklin" in a file sharing program will return hits like "Benjamin Franklin keygen" or "Benjamin Franklin Greatest Hits." The files these search results point to can be executable programs or songs and videos that can deliver infections to computers that play them.

Here is an example of a file sharing search this morning. The marked entry, "benjamin franklin KeyGen," is identified by Authentium's Command Anti-Malware as "W32/Trojan2.FXIS." This is a trojan that infects the Windows login service so it runs every time a user logs in. What does it do next? Anything it wants to.



These infections can include Banking Trojans, Keyloggers and DNS Changers that are described elsewhere on this blog.

Kids do download the darndest things. Authentium's SafeCentral provides secure banking and shopping even on computers that may have been infected by the kids.

Now I'm going to call my mom and remind her that none of the snakes, crabs or lizards I brought home ever emptied the family bank account.

Update:
March 16, 2009: A couple of media outlets picked up on this story over the weekend:

Dallas Morning News - Pamela Yip covered the story in Sunday's paper here:
Protect your personal data when filing taxes online

MarketWatch - Andrea Coombes included it in last Friday's Taxing Times and will be following up with more this week in the Market Watch Personal Finance section

Tuesday, February 17, 2009

The Next Internet..Now

Internet Security is broken, and the best way to fix it is to start over. This is the idea presented in an excellent article in the New York Times this weekend: Do We Need a New Internet? John Markoff describes "a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over."

This is an excellent topic for debate and discussion among Internet technologists and everyday users alike. Technologists can (and will) endlessly debate the merits of a revolutionary approach like the Clean Slate program at Stanford versus a more evolutionary approach to incremental improvements like deploying DNSSEC and IPv6. Whichever approach we take, it is safe to say the solution will take decades to develop and get into mass deployment.

But the fact that stands out clearly is: Something Must Be Done.

Authentium has taken a revolutionary approach to Internet security and developed a solution that gives users access to The Next Internet, now. We recognized the limitations of DNS and the critical impact its compromise can have on Internet transactions. We saw the "maddening" failure of antivirus and firewall suites in their efforts to keep computers clean of infection by identity-stealing malware that allows criminals to "take over someone's computer from half a world away."

So we developed SafeCentral, which has its own Secure DNS and its own hardening against the keyloggers and screen-stealers found in Banker Trojans. Our goal was to create an island of safety on a computer that is otherwise adrift on an unsafe Internet, which is the only Internet we have right now.

Tuesday, February 10, 2009

Is there Safety in the Cloud?

Web applications that run in Data Centers can be well-protected with physical, network and system security by applying sufficient people, processes and technology to manage infrastructure that is directly under the control of operations staff.

Unmanaged endpoints, like desktop computers of tele-workers or laptops of mobile users who access these applications, can introduce holes into an otherwise complete security model.

The best efforts of server and network professionals can protect data in the server farm, but data that originates from or is downloaded to compromised endpoints is subject to theft and exploitation.

So, yes, there is safety in the cloud, but the endpoint is another matter.

Authentium's SafeCentral is an endpoint-based solution that creates a secure footprint on an otherwise unmanaged computer to allow it to access sensitive data and applications and block data leakage. Such leakage can result from mass-market or targeted attacks on endpoints that install keyloggers, SSL data hijackers, remote access tools or other malware.

SafeCentral creates a managed session on an otherwise unmanaged computer. SafeCentral applies special, restrictive policies to the unmanaged operating system during web application usage such that data and functions the application makes available can be shielded from monitoring, recording and theft by malware that has infected the endpoint.

Examples of shielding include:

  • Blocking keyloggers

  • Blocking screen capture

  • Preventing code injection that can steal data even out of SSL/TLS-protected web connections

  • Providing alternate, secure DNS lookups that bypass vulnerable DNS resolvers

  • Providing browser lockdown that blocks malicious plugins and extensions

Online banking is a good example of extremely sensitive web applications that run on unmanaged clients. Banking trojans are increasingly used by online criminals to take advantage of these access points to create a multi-billion-dollar industry of fraudulent transactions. The largest banks around the world will be deploying SafeCentral to their clients during 2009.

There will be many interesing ways in which remote desktops, virtual machines or virtual browsers on the client side, and other security approaches evolve over the next decade. Given that Citrix Winframe has been available for over a decade, it's clear that these technologies take time to achieve maturity and large-scale deployment.

SafeCentral is available now as a managed service that provides a secure web application client on Windows endpoints that are prone to infection and exploitation even when antivirus, antispyware, firewall and other security software is already installed. Data Center staff cannot also take responsibility for keeping endpoints clean of malware, but they can require use of SafeCentral to access their server-side applications and rest assured that web sessions remain private and protected.