March 8, 2010
Do you use Google every day? I sure do, and not only that, but I generally trust that the results that show up in a Google search to be malware-free and clean. A less-well-known type of attack, called SEO Poisoning (SEO is Search Engine Optimization) is a scary tactic, which takes advantage of algorithms used to calculate search engine results, and manipulates its way into the top several results for a search to deliver its malware.
(more…)
February 28, 2010
Described in a post by ISC’s Rob VandenBrink is a new trend in Intrusion Detection Systems: IP blacklist score aggregation. In this approach, IP 
addresses (sometimes from multiple systems and networks) that exhibit questionable behavior (even sometimes innocuous behavior that may seem questionable to the algorithm) are rated and stored in a central database.
When new traffic is seen from the IP address (using simple bit by bit and header analysis) – the IDS queries the database, and scores the packet as malicious or not.
What this means essentially is: if you are a penetration tester, or conduct routine tests on your network, or even are simply a user who accesses a lot of admin pages (or uses poorly coded software) – you may be at risk for being blocked or limited by Intrusion Detection Systems, even if you need legitimate access to a network system! IP-based blacklisting is too rigid, and counterproductive if not implemented properly.
This is a strong case against simple rule-filter-table based detection systems, and a case for stronger, smarter detection algorithms and human involvement in network operations. What are you using to detect network anomalies and malicious network traffic?
February 21, 2010
In a recent report, security researchers have seen an marked increase in the number of attacks by botnets on unconfigured (store-bought) routers, switches and wireless gateways.
Czech researchers at Masaryk University’s Institute of Computer Science in Brno, Czech Republic have discovered the “Chuck Norris Botnet”, whose army of compromised computers silently and stealthily probes IP addresses for unsecured routers, wifi-gateways, switches and other network hardware – then attempts to guess the passwords of these machines in order to spread itself.
(more…)
January 30, 2010
Driven from every other corner of the earth, freedom of thought and the right of private judgment in matters of conscience, direct their course to this happy country as their last asylum. – Sam Adams
Privacy is a mainstay of free society.
In celebration of Data Privacy Day (28 January), CNet released an article discussing privacy, namely the fact that many refuse to pay for privacy. It’s been 10 years: Why won’t people pay for privacy? (available: http://news.cnet.com/8301-13578_3-10443575-38.html). Indeed, the ramifications of data privacy (or lack thereof) is increasingly becoming a crucial issue for businesses and consumers alike. Information leaks are rampant, and chances are, your personal data has already been exposed in some sort of attack.
How, then, are we to deal with data privacy threats and mitigate the risks? Our current network infrastructure is designed in ways that simply don’t guarantee security. Yet, most users also simply trust the system. It is the responsibility of the both user and the system developer to strive for information assurance, and to work towards a more secure future. Security is not necessarily about guaranteeing perfect and complete isolation from attacks (such a feat is, and has proven to be impossible in both the physical realm and in cyberspace), rather, it is about a dynamic and adaptable set of rules and policies governing the control of information and access.
(more…)
January 6, 2010
BitForce Consulting LLC, a Colorado based computer security and information technology consulting group, has completed registration as a Limited Liability Company. BitForce Consulting LLC provides small and medium sized businesses with IT services such as network and workstation setup and administration, website security, database design and implementation, custom security software, code auditing, and penetration testing.
For more information, please visit our contact us page: Contact BitForce Consulting LLC.
December 31, 2009
Windows 7 – Microsoft’s answer to Vista’s failure – is a novel operating system, blending visual pleasures from Vista’s “Aero” glass theme, and a host of redesigned features “under the hood”. One such improvement (highly touted by Microsoft, of course) is UAC – User Account Control – a system to harden changes to the underlying operating system against unauthenticated users/malware.
(more…)
December 29, 2009
We’re excited to announce that the BitForce Consulting LLC Website has now launched. Using a streamlined interface, we provide our clients and customers with the utmost quality information, with an easy-to-navigate interface. Please feel free to explore our site!
We plan to add a customer/task tracking system soon. If you are a current client, you will be notified when your tasks are available online. We are glad to be developing this service for you – tracking your tasks, requesting quotes, contacting representatives will be easier than ever before!
