Recent Hack Points Out Bad Passwords

Andy Carvin pointed out an article that looks at the passwords that users choose when they aren’t forced to use secure passwords. Turns out 123456, password1, and dragon are not good passwords. But you already knew that, right? – K

Virus Hampers Work of Houston Municipal Courts

The Houston Chronicle reports that the Houston Municipal Courts were struck with a virus last week. While only 475 of their 16,000+ computers were affected, the courts had to suspend minor arrests and cancel hearings. – K

ABA Site-tation Gets a New Look

ABA Site-tation, a blog that covers technology issues facing the legal community, recently re-launched at a new address and with an updated look. Check out the the great information it offers on security, online tools, and mobile computing. – K

An Update on the Botnet

I was asked this morning, “How do I know if I’m a part of the botnet or at risk of becoming part of the botnet that you mentioned in your last post?” I’m not an expert, but here are a few resources that I found this morning:

• Microsoft’s Security Bulletin. The initial warning from Microsoft about the vulnerability.
• Protecting Against the Rampant Conflicker Worm (PC World). A great article that walks you through the what issues are, how you can protect yourself, and what to do if you are infected.
• F-Secure Site. A lot of information about the worm is on this site. Check out an overview of the worm and their malware information page with removal tools.
• Symantec Overview. A good overview of that provides links to Symantec’s free products that detect the worm. (Not all of the free products necessarily do.)

The good news that I found from F-Secure: as of Thursday, January 13, 2009, only about 4,000 of the infected computers were in the US. The bad news: the number of infected computers has increased dramatically since then. – K

Are You Part of the New Botnet?

In October 2008, Microsoft released an out-of-band update, or a critical update that is released outside of the normal update schedule. Well, for those of you who didn’t update your systems, it might well be too late. The New York Times reports that this vulnerability is now being exploited and has already infected nine million computers.

What’s going to happen if your computer is infected? Experts say that it will become part of a huge botnet; however, they don’t know what that botnet will be used for. At the least, it sounds likely that your IT staff will be clearing up a mess with your computer, apologizing to your ISP, and attempting to get them to not classify all of your organization’s outgoing e-mail as spam. A more serious prospect–it captures client information, like social security numbers, or modifies files, like your accountant’s records.

My favorite quote from the article:

“I don’t know why people aren’t more afraid of these programs,” said Merrick L. Furst, a computer scientist at Georgia Tech. “This is like having a mole in your organization that can do things like send out any information it finds on machines it infects.”

Security researchers don’t know who created this worm, but from their comments, they suspect that it was someone who knew what he or she was doing. – K

Benchmarks for Creating a Stable and Secure Network

Last year, NPower Greater DC Region, a non-profit technology assistance provider, included a little something extra in their monthly e-newsletters: twelve tips for keeping your network stable and secure. Each tip was written plainly, intended for accidental techies, non-profit managers, and others who need an introduction to the basic characteristics of a high-quality network.

So what are those twelve benchmarks?

1. Ensure all PCs have the minimum configuration.
2. Standardize the OS Platform.
3. Network your office computers or get a file server.
4. Give your staff broadband access.
5. Install a hardware firewall.
6. Secure your wireless networks.
7. Backup mission critical data and establish recovery processes.
8. Protect your e-mail.
9. Patch your web browsers and be careful what you download.
10. Establish effective security plans.
11. Document your technical infrastructure.
12. Have regular, competent tech support.

So are there any benchmarks that surprised you? Or anything you think that they missed? – K

Tell Them Why You Don’t Like Email Attachments

If you are a techie, I know that you’ve told your staff that e-mail attachments are dangerous. In fact, I’m pretty sure that you’ve said it more than once. But have you told them why?

No, not the explanations of “because you’ll get a virus” or “they put the network’s security at risk” or “it creates more work for me.” You and I know what these reasons imply. But do your staff know why getting a virus is bad or why you have to work so hard to get rid of it?

Let them know plainly that this is also about advocacy and the best interests of their clients. It is about stopping the abusive spouse who wants to access the case management system to get his ex-wife’s current name and address or the opposing party who wants to check out your firm’s strategy, arguments, and evidence. Remind them that you can’t protect the system from intrusions alone and need their help. They need to be careful about the e-mail attachments that they choose to open and let you know as soon as possible if they think that they’ve made a mistake.

If you need help putting together an easy-to-understand example for your staff, check out Mitigation Monday: Defense Against Malicious E-mail Attachments. It starts with an example scenario that you can easily customize for your firm. And then it gives you a list of defenses that you can implement to help your staff avoid making mistakes. – K

Free Friday: Snort & Snort Rules

A key responsibility for system administrators is to keep unauthorized people out, and it’s not an easy job. The security landscape changes rapidly, and hackers start to use new tactics even before their current methods fail. News stories of data theft from multi-million dollar companies are becoming more frequent.

While legal aid organizations are not high-profile targets, their system administrators still need to keep their guards up. Legal aid organizations collect a lot of valuable information, including social security numbers, evidence and arguments for court cases, and names, phone numbers, and addresses of domestic violence survivors, who are likely trying to avoid being found. And as we all know, legal aid programs don’t have a whole lot of extra money to spend on fancy security systems.

Fortunately, there is a free option: SNORT. SNORT is an open-source network intrusion prevention and detection system. System administrators give SNORT a set of rules to follow, and SNORT analyzes your network traffic based on those rules. It alerts you to probes, attacks, and other things that aren’t quite right. A special Free Friday bonus: Emerging Threats, which is funded by the National Science Foundation and the Army Research Office, has a set of SNORT rules available for free.

Granted, the total cost of ownership of this software is not free. There is a significant learning curve; however, there are additional free resources to help system administrators learn how to use the tool and a large user community, including Snort User Groups, that system adminstrators can turn to with questions. – K