28.8.09

FBI investigating laptops sent to U.S. governors


SAN FRANCISCO -- There may be a new type of Trojan Horse attack to worry about.

The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.

According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.

The West Virginia laptops were delivered to the governor's office several weeks ago, prompting state officials to contact police, according to Kyle Schafer, the state's chief technology officer. "We were notified by the governor's office that they had received the laptops and they had not ordered them," he said. "We checked our records and we had not ordered them."

State officials in Vermont told him they've received similar unsolicited orders, Schafer said. Representatives from that state could not be reached for comment Thursday.

Schafer doesn't know what's on the laptops, but he handed them over to the authorities. "Our expectation is that this is not a gesture of good will," he said. "People don't just send you five laptops for no good reason."

The computers are now being held as evidence by state police, who are working with the FBI to figure out how the machines were sent to the governor's office, said Michael Baylous, a sergeant with the West Virginia State Police.

The West Virginia laptops were delivered Aug. 5, according to the Charleston Gazette, which first reported the story.

The laptops sent to the Wyoming governor's office arrived in two separate shipments on Aug. 3 and Aug. 6, according to Cara Eastwood, a spokeswoman for Governor Freudenthal.

"We received one package, opened it and realized that it was an error since no one in our office had ordered them," she said. "The next day we received another package. At this point we realized that they needed to be turned over to law enforcement."

Although there is no evidence that the computers contain malicious code, HP confirmed Thursday that there have been several such orders and that they have been linked to fraud. "HP is aware that fraudulent state government orders recently have been placed for small amounts of HP equipment," spokeswoman Pamela Bonney said in an e-mail message. "HP took prompt corrective action to address the fraudulent orders and is working with law enforcement personnel on a criminal investigation."

With users now more reluctant to install suspicious software or open attachments on their networks, scammers appear to be looking for new ways to get inside the firewall.

Criminals have tried to put malware on USB devices and then left them outside company offices, hoping someone would plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.

Many organized criminals would be happy to spend the cost of five PCs in order to access government computers, said Steve Santorelli, director of investigations with security consultancy Team Cymru. "What is a netbook? $700? You send five of them; you're dropping three grand, and say you get into the Congressional e-mail system. How valuable would that be?"

27.8.09

Can You Trust Free Antivirus Software?


Free antivirus programs vary just as much as paid security programs do in the quality of their protection. And frugal computer users on the hunt for no-cost antivirus software--already faced with tons of options--will have even more to choose from when new free offerings from Microsoft and Panda join the programs currently available from Alwil (Avast), AVG, Avira, Comodo, and PC Tools.

To help you figure out which free antivirus app is right for you, we put packages from all of those companies through their paces. Our testing partner, AV-Test.org of Germany, employed its vast "zoo" of collected malware to test detection rates and scan speed. We then poked and prodded the apps to see which ones made stopping malware an effortless task, and which ones made it feel more like drudgery. For a summary of our findings, see our free antivirus software ranked chart. For our in-depth evaluations, see the individual reviews, linked in this story and in the chart.

Something--But Not Everything--For Nothing

While free antivirus programs give you some value, they don't have everything that a paid security application can offer.

For one thing, you won't have anyone to call if things go haywire, or if you need disinfection help in the event something does sneak past your PC's defenses. Most free apps give support only on online forums, though Avast offers e-mail support (and Microsoft plans to when Security Essentials launches); Avast users can submit online support tickets, too. AVG gives paid phone support, but the $50-per-call fee costs more than most paid antivirus apps.

Do-it-yourselfers can often find good advice at helpful sites like Wilders Security Forums, but even there you shouldn't expect to talk to anyone for help with a free antivirus app. (Unless you can bribe a techie friend, that is.)

Generally, free apps have less-frequent malware-signature updates than paid products do, which can leave a window of opportunity for brand-new baddies to evade detection. Most of the free apps we tried update their signature databases only once daily. Microsoft Security Essentials, however, will also check suspicious samples that don't match a particular installed signature, by running the sample against Microsoft's latest online signatures. And as long as you have an Internet connection, Panda Cloud Antivirus checks everything against Panda's servers, so it will always use the newest signatures. (If you don't have an Internet connection, the Panda program falls back on local caches.)

Some free utilities have fewer scanning options than paid apps from the same company do. For example, Avira's paid antivirus program will scan http traffic to catch Web-borne malware before it hits your hard drive, but the company's free AntiVir Personal version won't. And AVG's paid app ties in to IM programs for additional security, while its AVG 8.5 Free doesn't.

Finally, some free programs give you stuff you don't want. The AVG app and Comodo Internet Security both default to installing unnecessary search or social networking browser toolbars (you can opt out during program installation), and many free apps display ads urging you to buy the paid versions. Avira's daily pop-up ads are the most intrusive, but Avast, AVG, and PC Tools Antivirus Free Edition all display ads in some form as well.

In spite of all that, in choosing a no-cost antivirus utility, you can get decent protection and save yourself at minimum $30 every year, if you're willing to go without a few nonessentials. For many people, that isn't a bad trade-off.

Next: Which Free Antivirus Software Is Best for You?

Which Free Antivirus Software Is Best for You?

When the results came in, Avira AntiVir Personal claimed the top spot in our rankings. It excelled in the essential malware-detection tests and also boasted the top scan speed. We weren't big fans of its interface, but function matters more than form here. Even the shiniest security tool wouldn't be worth a darn if it couldn't keep a PC safe. As such, our detection, disinfection, and speed tests account for the lion's share of each app's final score.

Despite Avira's number one finish, some of the other free programs still merit consideration. For example, if you dislike Avira's daily pop-up ad, you might opt for Avast Antivirus Home Edition's Web traffic scanning and less-intrusive ads--but then you'll have to deal with an even worse interface. Meanwhile, AVG 8.5 Free is a good deal easier to use, but its protection lags a bit behind the other two programs'.

And then there's Microsoft Security Essentials, which uses the same antivirus engine as the company's canceled OneCare paid suite. It isn't yet publicly available as of this writing, and won't be done until the end of the year. But since it promises to shake up the world of free antivirus, we ran tests on the current beta to give you an idea of how well the final version might work.

Rounding out your primary-care options are PC Tools Antivirus, Comodo Internet Security, and the new Panda Cloud Antivirus. Panda's use of online servers to analyze potential malware holds promise, and the app did better than any other in malware detection. Its unfinished-beta state and its unique approach, however, prevented us from giving it a full score and ranking. We did rank the PC Tools and Comodo apps, but both fell flat in detecting malware. PC Tools says that its program purposely leaves out antispyware protection and thus shouldn't be compared with other security apps; but when every other company has left distinctions such as "spyware" and "virus" behind in favor of keeping everything bad off your PC, the artificial separation of categories seems tired.

We also tried two free products that are designed to supplement existing security. PC Tools Threatfire proved a real winner with its excellent, proactive malware detection. It can capably spot a nasty intruder based solely on what the file tries to do on the computer, without the need for signatures. It can work in tandem with any of the free antivirus apps we tested. ClamWin Free Antivirus represents the open-source entry in the free-antivirus competition. It scans only when you tell it to, and it won't automatically run a safety check when you save or run a file. You could use it for a second-opinion scan as backup for your main antivirus tool--but its rock-bottom malware detection means you wouldn't get much extra protection from it.

Free Antivirus Software: Read Our Reviews

  • Top Free Antivirus Software (chart)

Avira AntiVir Personal Alwil Avast Antivirus Home Edition AVG 8.5 Free Microsoft Security Essentials PC Tools Antivirus Free Edition Comodo Internet Security

Source: PCworld.com

26.8.09

Gigabit Ethernet fit for a tank


Ethernet continues to go places its inventors probably never imagined. This week GE Fanuc Intelligent Platforms got a $645,000 contract to supply a custom version of its Gigabit Ethernet switch to rumble around inside the US Army’s Abrams tank.

Specifically, GE Fanuc said it would supply a custom version of its IPv6 capable fully managed Layer 2/3 Gigabit Ethernet switch which features non-blocking shared memory, a 44 Gbps core and delivers full-wire speed performance with minimal latency to all ports simultaneously and is available in both air- and conduction-cooled formats, the company stated. The company will also provide its dual 10 GB Optical port XMCXGO XMC card for the switch.

The Ethernet upgrade is part of a long-term Army plan to bolster the tank’s electronics systems to greatly improve digital command and control capabilities. The upgrades include faster networked communications, high-density computer memory and increased microprocessing speed, as well as the ability to upgrade the overall system more easily. More than 8,800 Abrams main battle tanks have been produced for the US Army and other armies around the world since 1978.

The deal is also only a small part of millions of dollars in related technology contracts GE Fanuc has with the Army.

The Army isn’t the only branch of the military to take advantage of Ethernet’s flexibility. The US Navy recently signed Boeing to a five-year, $42.9 million to upgrade and support the Gigabit Ethernet networks it is building on its guided missile destroyers.

The Navy's Gigabit Ethernet Data Multiplex System (GEDMS) upgrades the current 100Mbps fiber-based backbone network to a 1Gbs redundant Ethernet mesh, bringing enhanced multimedia capability to the ships, the Navy said. The GEDMS is the heart and soul of the guided missile ships and basically handles ship-wide data transfers and supports navigation, combat, alarm and indicating, and damage control systems. It also is the underlying communications mechanism for the Aegis missile system which uses a system of radars to track and destroy targets.

And the Ethernet odyssey went into space earlier this year when NASA signed an agreement with a German Ethernet vendor to build highly fault-tolerant networks for space-based applications. TTTech builds a set of time-triggered services called TTEthernet that is implemented on top of standard IEEE802.3 Ethernet. Its technology is designed to enable design of synchronous, highly dependable embedded computing and networking, capable of tolerating multiple faults, the company said.

In addition, NASA and TTTech will collaborate on space network standards that will lead to an open space Ethernet standard suitable for deployment in upcoming space networks in NASA programs and space systems.

22.8.09

SSL VPNs might not be as secure as you think

LAS VEGAS -- SSL VPNs can be compromised in a way that enables them to take over remote users' machines and potentially cause mischief inside the networks they attach to, according to research presented at the Black Hat conference.

The problem can exist with Web clients that install themselves on remote machines at the start of SSL VPN sessions, said Michael Zusman, a senior consultant for the Intrepidus Group. (Dan Kaminsky also spoke at Black Hat about how SSL certificates used to confirm the validity of Web sites could be circumvented with a DNS attack.)


Zusman said his research does not apply to SSL VPN clients that are installed permanently on machines as part of computers' standard software loads.

Elements of the so-called Web clients Zusman referred to can expose them to attacks, however. These clients are downloaded to remote machines by SSL VPN gateways and include Active X components. Some vendors include a feature that enables the client to launch full application clients on the remote machine.

So, if remote users want to access a corporate accounting application, for example, they click on that application as listed on the VPN portal. The VPN client then launches the client for the accounting application so users don't have to do it manually, making the process cleaner.

The danger lies in these clients' reliance on an Active X component that acts as an application launcher, which means it also could launch malicious code, Zusman said. So, the convenience of having the SSL VPN client launch other client applications opens up a potential attack vector, he said. "I think that's a pretty bad tradeoff," he said.

Zusman actually carried out this Active X repurposing with SonicWall SSL VPN gear, he said. SonicWall fixed the problem when he told the company about it. This may be possible with other SSL VPN gear as well, he said, but he has not tried.

Zusman also demonstrated a trick he devised to acquire a valid SSL certificate from a trusted third-party-certificate authority. He wouldn't name the authority, but he tricked the certificate out of it by saying he wanted the certificate for an internal network only.

He then used the certificate to validate SSL sessions to a proxy server for a legitimate Web site. Users could be directed to the proxy via e-mail phishing. "The victim machine is being routed to an attacker-controlled address," Zusman said. Because the certificate is valid, the tricked users don't receive popup warnings about whether it is valid, he said.

How SSTP Works
When a user on a computer running Windows Server 2008 or Windows Vista Service Pack 1 initiates an SSTP-based VPN connection, the following occurs:
  1. The SSTP client establishes a TCP connection with the SSTP server between a dynamically-allocated TCP port on the client and TCP port 443 on the server.
  2. The SSTP client sends an SSL Client-Hello message, indicating that the client wants to create an SSL session with the SSTP server.
  3. The SSTP server sends its computer certificate to the SSTP client.
  4. The SSTP client validates the computer certificate, determines the encryption method for the SSL session, generates an SSL session key and then encrypts it with the public key of the SSTP server’s certificate.
  5. The SSTP client sends the encrypted form of the SSL session key to the SSTP server.
  6. The SSTP server decrypts the encrypted SSL session key with the private key of its computer certificate. All future communication between the SSTP client and the SSTP server is encrypted with the negotiated encryption method and SSL session key.
  7. The SSTP client sends an HTTP over SSL request message to the SSTP server.
  8. The SSTP client negotiates an SSTP tunnel with the SSTP server.
  9. The SSTP client negotiates a PPP connection with the SSTP server. This negotiation includes authenticating the user’s credentials with a PPP authentication method and configuring settings for IPv4 or IPv6 traffic.
  10. The SSTP client begins sending IPv4 or IPv6 traffic over the PPP link.

Source: Cisco.com, Microsoft.com