October 2009 Archives

An AP article today covered the exposure of a report related to a Congressional ethics committee meeting. Apparently it contained some not-yet disclosed ethics investigations into some current US Congressional Representatives.

What's really interesting to me, however, is how the material was exposed, through "cyber-hacking":

"A committee statement said that its security was breached through 'peer to peer file sharing software' by a junior employee who was working from home. The staff member was fired."

Obviously we are missing a few details here, however it seems that a staffer took some work home and stored it on a PC that had peer-to-peer sharing enabled. Now, this may all end up being a political smoke screen covering what really happened, but if this is indeed the story it should serve to highlight the risks associated with taking sensitive information off organizations relatively-controllable network, and working on unsecured home PCs.

Image via Wikipedia

Some of the advanced options are use with Windows Update Services (WSUS) servers ony or use Microsoft Update Sevice only.

Checks system not only for Operating System Updates but for Microsoft Office Updates
Ref:
MSBA 2.1.1 download

Brian Krebs from Security Fix at the Washington Post cautions business users to use LIVE CD Operating Systems to to perform online banking. Live CD distributions are generally free, Linux Based operating systems that one can down load and burn to a CD-Rom.

This allows the user to boot the operating system off of the CD everything is just run in memory and when your done with your transactions everything that was performed is now not available on any disk. The advise is just to use the LiveCD for Online Banking transactions and not to visit other sites.

Brian Krebs also points out that this is not only his recommendation but the recommendation of the Financial Services Information Sharing and Analysis Center
(FS-ISAC)

I just want to point out that one needs to be sure where you are acquiring these distributions, simply obtaining one from a download or from an expert does not verify the validity of the distribution make sure that you can verify the distribution before running it.

A response noted by "neversaylie"
"Some Windows malware perform DNS spoofing/ARP poisoning/DHCP spoofing, so even a LiveCD won't help you if you're on a network with some infected Windows machines."

So if you are using Live CD but your DNS or DHCP servers are spoofing IP's your still resolving fake addresses to your on line banking institution and not free of man in the middle attacks.

Avoid Windows Bank on Live CD

Here's a quick link to a story about anti-WiFi paint. It seems there are some legitimate criticisms, and it may not be all that new in some circles, but it certainly gets one thinking about interesting possibilities.