Archive for the ‘Security’ Category

Clipboard Hijack Attack

Posted: August 25, 2009 in Networking, Security
Tags:
1


What is a clipboard hijack attack?

A clipboard hijacking is an exploit in which the attacker gains control of the victim’s clipboard and replaces its contents with their own data, such as a link to a malicious Web site.

The attack makes it impossible for users to copy anything else to the clipboard until they either close the browser or reboot the machine. Aside from the nuisance factor, the danger is that a user might inadvertently paste the inserted content into their browser or into online content, exposing themselves or others to malicious code.

In August 2008, there were reports of clipboard hijack attacks conducted through Adobe Flash-based ads on many legitimate Web sites, including Digg, Newsweek and MSNBC.com. The coding is in Shockwave files and uses a method called System.setClipboard() that repeatedly flushes and replaces clipboard contents. If users follow the inserted link, they are taken to a fake security software site warning them that their systems are infested with malware. The purpose of the attack is to get users to download fraudulent software, putting personal information at risk in the process. All major operating systems and browsers are vulnerable to the attacks, as long as Flash is installed.

Adobe has since announced it will add a mechanism to the next version of Flash that allows users to grant or deny access when a Shockwave file tries to load data to the clipboard.

Basics of Microsoft BitLocker Encryption

Posted: August 25, 2009 in Security, Vista
Tags:
0

When Microsoft introduced Windows Vista, one of its most anxiously anticipated features was its encryption capability called BitLocker. Many mistakenly refer to BitLocker as whole-disk encryption, but the more accurate description is full-volume encryption.

The distinction is important. A single physical disk can be partitioned into multiple volumes. Whole-disk encryption would encrypt all of the data on the entire physical disk drive, while full-volume encryption protects each volume or partition separately. BitLocker might be encrypting the volume designated as the C: drive, but the data on other volumes may still be unencrypted.

The initial release of BitLocker encrypted only the Windows Vista boot volume. Granted, that is better than nothing, but for larger hard drives with multiple volumes it also left a significant amount of data unprotected. With the release of Windows Server 2008 and Windows Vista SP1, Microsoft expanded the scope of BitLocker so that any of the volumes could be encrypted. The upcoming Windows 7 operating system broadens the reach of BitLocker even farther by including the ability to encrypt data on removable media such as USB flash drives.

How does Bitlocker work?

BitLocker requires that a small unencrypted partition be created which contains core operating system files that Windows needs to start the boot process. Microsoft created the BitLocker Drive Preparation tool to automate the creation of the second partition and the migration of the files necessary to create the split-load configuration that BitLocker relies on to boot the operating system.

Once the drive is properly partitioned and the data is encrypted with BitLocker, there is a process the system follows to boot the system and decrypt the data so you can use it. As with any encryption process, it relies on keys.

The sectors of data on the drive are encrypted using the FVEK (full-volume encryption key). However, the FVEK is stored locally in encrypted form and the user never interacts with or uses the FVEK directly. The key that users work with is the VMK (volume master key). The VMK is used to encrypt and decrypt the FVEK which, in turn, encrypts and decrypts the actual data sectors.

BitLocker relies on TPM to authenticate system hardware

By default, BitLocker relies on a TPM (Trusted Platform Module) chip. The TPM is a chip wired to the motherboard which can create a unique hash signature related to the hardware configuration of the system and securely store the encryption key. The TPM provides a virtually incorruptible method of authenticating the system hardware.

By itself, the TPM would not prevent an unauthorized user from accessing a BitLocker encrypted volume. In TPM-only mode, an attacker can still cold boot the system, and as long as the TPM could validate the hardware signature hash, BitLocker would decrypt the data and allow the system to boot. For that reason, an additional authentication factor should be used along with the TPM. The available options for BitLocker include:

  • TPM only
  • TPM plus a PIN
  • TPM plus a USB key
  • TPM plus a PIN and a USB key
  • USB key only

The last option, USB key only, is typically only used in situations where BitLocker is implemented on a system that is not equipped with a TPM chip. The option to enable BitLocker without a TPM has to be configured by modifying the security policy settings.

The USB key only and the TPM plus a PIN and USB key options have additional cost and administrative overhead in that USB keys must be provided and maintained. They are also easy to lose or misplace which could lead to an increase in support desk calls to retrieve lost encryption keys and gain access to BitLocker encrypted systems.

How to manage BitLocker keys

One of the most important aspects for enterprises to consider before encrypting data with BitLocker is how to store and manage recovery keys. In the event that a user forgets a PIN, loses a USB key or is unable to access their BitLocker-encrypted system for any reason, the support desk must have the ability to help them recover their data and gain access to their system.

Users can be supplied with a USB key containing the BitLocker recovery key to use as a backup when the need arises. For deployments that already use a USB key for BitLocker authentication, it would be an additional or backup USB key to use in the event of the primary USB key being lost or stolen. The downfall of this system is that the backup USB key would most likely be stored with the laptop and a thief that steals the laptop will also have the keys.

An alternate solution is to configure BitLocker to store a recovery key in Active Directory. An administrator can configure Group Policy to automatically generate a recovery key and store it in Active Directory when BitLocker is enabled. It is also possible to prevent BitLocker from encrypting any data until the recovery key is successfully backed up to Active Directory.

How to get best security in Vista?

Posted: August 21, 2009 in Security, Vista
Tags:
0

To get the absolute best security with Windows Vista, run one of the x64 versions of

the operating system.That’s because the x64 versions of

Windows Vista include a few unique security features that are not available or as

effective in the 32-bit versions of the operating system. These include:

• A new feature called Address Space Layout Randomization (ASLR) that randomly

loads key system files in memory, making them harder to attack remotely.

• A hardware-backed version of Data Execution Protection (DEP) that helps prevent

buffer overflow-based attacks.

x64 drivers must be digitally signed, which suggests (but doesn’t ensure) that

x64 drivers will be more stable and secure than 32-bit drivers, which are often

the cause of instability issues in Windows.

Of course, x64 versions of Windows Vista have their own compatibility issues, both

with software and hardware. The tradeoff is yours to make: Better security and reliability

or compatibility.

Windows Defender & Firewall in Vista

Posted: August 21, 2009 in Security, Vista
Tags: ,
0

One of the best features in Windows Defender is hidden a bit in the application’s user

interface. The Software Explorer—found in Tools➪Software Explorer—lists the applications

that run at startup (you can also change the display to list currently running

applications, network-connected applications, and other features). Best of all, you can

actually remove or disable startup applications. In previous versions of Windows, you

would use the System Configuration utility (msconfig.exe) for this functionality;

System Configuration is still available in Windows Vista, but Windows Defender’s

Software Explorer feature is arguably a better solution because it provides so much

information.

There’s some confusion about how the Windows Firewall is configured in Windows

Vista. Although it is indeed enabled to monitor both inbound and outbound network

traffic, it is configured differently for each direction. Windows Firewall, by default, is

configured to block all incoming network traffic that is not part of an exception rule,

and allow all outgoing network traffic that is not blocked by an exception rule.

The Windows Firewall interface described previously is quite similar to that found in

Windows XP with Service Pack 2. But Microsoft also includes a second, secret interface

to its firewall that presents far more options. It’s called Windows Firewall with

Advanced Security, and you can access it via the also-hidden Administrative Tools

that ship with all mainstream Windows Vista versions. To find it, navigate to Control

Panel and turn on Class View. Then, navigate into Administrative Tools and then

Windows Firewall with Advanced Security., the tool loads into

a Microsoft Management Console (MMC).

As good as Vista’s firewall is, you should absolutely use a third-party firewall instead if

you’re using a security software suite. In such cases, the security suite will typically

disable Windows Firewall automatically and alert Windows Security Center that it is

now handling firewalling duties. Unlike with antispyware applications, you should

never run two firewalls at the same time, as they will interfere with each other.

10 Fast and Free Security Enhancements

Posted: August 20, 2009 in Security, System Information
Tags:
0


10 Fast and Free Security Enhancements

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.

3. Install a free spyware blocker. Our Editors’ Choice (“Spyware,” April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you’ll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you’re not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don’t assume that e-mail “From:” a particular person is actually from that person until you have further reason to believe it’s that person. Don’t assume that an attachment is what it says it is. Don’t give out your password to anyone, even if that person claims to be from “support.”

Newer Entries