Posts Tagged Security

Yet (another) reason why I don’t like Google…

As someone who uses a computer on a daily basis to do my work (you tend to do that as a computer engineer and consultant), I have various Operating Systems installed and I also have various browsers installed. One of those browsers happens to be Google Chrome. Admittedly I rarely use it as I most frequent IE – and no it’s not because I’m a Microsoft “Fan Boy” or an MVP, I just find it easier to use, not to mention most websites are designed for it (for whatever reason)…Anyways, today I went out to get a new mouse mat as my new desk is reflective and my infrared mouse won’t track anywhere on it…Upon my return home, I was greeted with the following in my system tray:

google update or not

Hmm, “There’s a new version of Google Chrome available…Try it out (already installed)”. Ok, bells and whistles. New version, but it’s already installed you say…Did you install it or did I? If I did, is there really a new version? Is this from Google or is it some sort of Malware/Spyware and maybe my Security Essentials definitions are out of date…Let’s try the link and see what that returns (for those wondering, the link points to http://www.google.com/support/chrome/bin/answer.py?answer=150752).  Essentially that page says:

When Google Chrome hasn’t been used for an extended period of time, you may see a little pop-up appear on your screen, asking whether you want to give the latest version of the browser a try or whether you want to uninstall the browser from your computer. Since Google Chrome updates itself automatically, you’ll have a new and improved version of the browser waiting for you to try if you select the first option. If you decide that you’d rather not use Google Chrome, you can uninstall it. We hope you’ll tell us why in the survey you’ll get as part of the uninstall process.

Wow, so essentially that means Google has installed code on my system (even though when I installed it I wasn’t made aware of this nor did I have a choice to disable what is the “Google Update Service (gupdate)”). So similar to a time bomb, just waiting to go off, as it has today they have installed a service…Interesting as these guys are the ones who say Internet Explorer is doing wrong by being part of the Operating System…Last time I checked, I had options with Internet Explorer as to what it did, how often it did things and least of all, when it was running (and moreover, what data it is sending and when)…

So, Google, want to tell us what else your “Google Update Service (gupdate)” might be doing? I know one thing’s for sure…You won’t be getting any more data from my machine, as there is no more Chrome on it…

Oh, by the way, I uninstalled Chrome, yet guess what, you’re “Google Update Service (gupdate)” service is still there, albeit in the definition of it, it clearly states:

Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can’t be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

Aah, how marketing companies like to lie, lie and lie again.

Tags: , , , ,

Data Protection…Bah, Who Cares Really

So, on my way to Las Vegas en route to the MVP Summit 2010 and where do I get to travel via?  Of course, my favourite airport London Gatwick :)  Just a note, it’s neigh on impossible for me to “avoid” Gatwick, so every time I get to fly through Gatwick I ensure to keep a look out for interesting things.  If you’re a frequent reader in the past you surely know about their difficulties with the Windows XP monitors and you’ve probably read about my thoughts on the MyMemory automated vending machines (Story1, Story2, Story3).  Well, good news, today all of the monitors I passed were working and the prices in the MyMemory machine were better than before and competitive with Dixons (who now seem to operate two shops in the South Departures Lounge).  However what was worrying was what I came across upstairs.

For those of you who haven’t had the experience of travelling through Gatwick lately, over the past 18-24 months Gatwick has gone through various transformations, one of them being moving the primary security channel from the ground floor to the upstairs just outside the main restaurant.  Supposedly there are more security machines and they can get passengers through more effectively and efficiently.  Personally, I don’t believe it, and in my personal experiences, I’m waiting longer upstairs, but hey ho.  What scared me today though was the sign I came across as part of Gatwick’s further transformations.

Upstaris, after clearing the security channel there was a set of scaffolding to what looked like roof access.  Being the curious type, I approached it and low and behold exposed to the outside world – the names and telephone numbers of all of the parties involved in the works on transforming Gatwick.  No, not internal telephone extensions, rather their mobile numbers.  Yep, fully exposed to the public:

gatwick numbers

Now, I know usually you can get information if you work hard at trying to unearth it or uncover it, but hey, here it is open to Joe Public and no strings attached.  You’d like to think that they’d put this sheet behind the door where people who were working on the project – those who would need these numbers – would have secure access to, but nah, let’s throw data protection to the wind and make it visible for everyone.

N.B. For protection of those innocent I’ve blacked out the last two digits of everyone’s mobile, but should you want them, book a flight via Gatwick and as soon as you’re through the security channel, presto, they’re yours for having :)

So, food for thought, if you ever do any contracting work at Gatwick or do work for BAA, I’d ask them their idea of data protection as you’re mobile number, should you be anyone involved in the project at a level of any significance, will be visible to all.  Thanks again Gatwick and BAA for making my delay all the more interesting by yet again giving me another story to write about your airport :)

Tags: , , ,

What kind of security might your car tell everyone about you?

In 2006 as a valentine’s day present, the UK put in to effect an initiative called Chip and Pin.  What it meant was that you no longer signed for card purchases at the till, rather you entered a four digit code – the same four digit code you enter when withdrawing money from a cash point (ATM).  According to the marketing people:

Chip and PIN is the new, more secure way to pay with credit or debit cards in the UK.

What it actually meant is that anyone who gets your PIN can then purchase stuff as you. No longer needing to practice your signature.

Now, here’s the twist.  There are places that use Chip and Pin who have number plates that are only digits…Here’s an example:

normal number plate

What does that number plate say?  Well it says 35949 and underneath it, Silverline Cars.  Ok, so we know this Alfa Romeo came from Silverline Cars.  No big deal.  However, what if you were to have your number plate personalised or have a four digit number plate? (it’s the “in” thing to have a smaller number as it’s easier to remember)

four digit number

No problem,again we can see this one came from a place called Doyle Motors Honda…Now, here’s where security comes in to play.  Walking down the road the other day I came across the following:

security number plate

I’ve blurred out part of the number, but the biggest concern is what is below the number.  If you click on the photo it gets larger.  I’ve blurred it out, but what it is – the person has not only personalised their number plate, but they’ve gone to the extent of telling you who they are…Why the concern?  Information is ubiquitous today.  Those four digits plus the person’s name gives me loads of information on who they are (and maybe even their pin number), not to mention, there’s probably an online telephone directory (p.s. there is), which now lets me know where that person lives (and yes this person was in the public directory)…

All from their number plate.  Next time you think of having something personalised about yourself and you’re going to make it publically available, think what it might say about you or even what information it might just be putting in the wrong hands…

Tags: , , ,

Get On ‘Yer Bike (Trike) Google

get on your bike google

As if they aren’t in the news enough already for upsetting China and blaming Microsoft for a zero-day flaw in IE:

<soapbox>

By the way Google, I quote from the MSRC:

Based on our comprehensive monitoring of the threat landscape, we continue to see only limited attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.

We continue to recommend that customers update to Internet Explorer 8 to benefit from the improved security protection it offers.

And, albeit that the successful attacks are only confirmed against IE6, they’re still going to patch it, and they’ll even talk about it:

Please join us Thursday, January 21 at 1:00 p.m. PST for a public webcast where we will present information on the bulletin and take customer questions. Registration information:

Date: Thursday Jan 21
Time: 1:00 p.m. PST (UTC -8)
Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032440627

And interestingly enough Google, in your own blog post Thursday May 14, 2009 you state:

We work hard to keep our users safe and secure when using our applications, and we believe that making sure users have the latest software available using automatic updates is a key component of that.

Guess what, Microsoft suggest that and does that too, and if you were updated (similar to your suggestions above), you’d have IE 8 which is safer than Chrome and this attack wouldn’t have been such a big marketing hoo rah for you, but at any rate, I digress…

</soapbox>

Google have a bloke on a push bike riding around the UK taking imagery of the National and Historic landmarks…Quite an interesting contraption and if you’re interested more in imagery of this bloke on his pusher, visit the BBC’s In-Pictures review.

If you’re interested in the aforementioned rant about Internet Explorer, I ask you…Which version of IE are you running?  If you’re not running IE 8, why?  Do you not take your car in for service and make sure it’s “up to date”? When you go for an MOT each year to ensure you’re “safe” on the roads, do you not have to do what they suggest to make your car roadworthy?

Microsoft Update is your MOT and your service call all in one…Best of all, it’s free of charge :)

Tags: , , , , ,

Firefox Fans Skew the Statistics with Funny Math

There are various articles floating around the Internet right now about how Firefox has overtaken IE as the most popular browser in the world…  Let’s have a look at Mike Albee’s Article from the LA Business Tech Examiner

Ok, let’s take a look at the graph referenced in the article:

firefox-beats-ie

A quick analysis of it does show, yes Firefox 3.5 is more popular than Internet Explorer 7, however is IE 7 the only browser Microsoft has and is IE 7 representative of what you call “Internet Explorer”?  No, by no means.  IE is IE6, IE7 and IE8.  Oh one other thing before we get in to the nitty gritty of the stats. The comment about Firefox:

Each new version built upon the project’s original goals of speed, security, and reliability.

So, why is it then that they have to patch it for security holes more frequently than IE?  Here’s a good article describing this:

Report: Firefox Security Superiority a Myth

Interesting thing, it’s a linux based article too, so no bias either.

Anyways back to the numbers, I think it’s interesting how you got to the conculsion that Firefox “trounced” (article headline) IE, because if we add up everything – Stats Counter, the same people providing the aforementioned graphs give us the real result:

real-browser-stats

…and in case you think I’m making this up, here is a URL for you to visit:

http://gs.statcounter.com/#browser-ww-monthly-200811-200912-bar

Looks to me like IE still has a demanding stronghold on the market – in fact if my math proves me right – I think that 60% (about what IE has) is DOUBLE 30% (what Firefox has)….

What’s next?  Linux being more popular than Windows (95)? 😉

Tags: , , ,

Security and Computers in Schools…

Thick-Type-Brass-Padlock

So, if you follow me on twitter, you’ll notice lately that I’m marrooned on an island (aside of the island I live on).  On that island there is a small school, which in it has four computers and is connected “to the real world” via a 2MB microwave link.  The company I work for used to support the IT in the school, so I have a good working knowledge of it, however we no longer support the infrastructure. 

While stuck, however, I went in to look at the computers as they’ve been playing up some and my extensive knowledge was sought to hope shed some insight in to things (it turned out to be a simple DNS server setting which was causing all of the issues, but I digress).

Whilst in the school, I took the opportunity to have a look at the new system that has recently been put in to replace the old.  First off, let me say – Windows XP – What?!  Why!?  Don’t know.  However, lets progress to the point of this article.  Security.

What is the objective of going to school?  Learning, last time I checked.  So, what is all of this rambling about?  Well, the new system locks the kids out of so much, they can’t even change the background.  How can you teach children about IT if they can’t do rudimentary tasks?  Surely the best way to learn is by breaking things…why lock the kids out of things that will make them more successful in learning, which is what they’re meant to do?

C’mon guys…What is the point of locking down the machines so the kids can’t learn?  Also, for crying out loud, why put in Windows XP as it hasn’t even been supported since mainstream since June and it’s nearly 10 years old now.  Yikes!!!

Tags: , , ,

BAA looking for IT staff (probably)

Part of travelling usually means visiting where you left (it’s all part of a return trip, right)?  Well back on November 7th, I brought you the Gatwick oops.  I got to revisit Gatwick on the following Saturday the 14th and was hoping to see some changes.  Guess what, changes did I see – only worse!!!

First, lets take the monitor with the Windows XP screensaver.  It was upstairs next to Dixon’s.  Guess what, still there:

winxp screen saver (1024x739)

Good location to put your first faux paux guys…right next to the IT store ha ha!

OK, that’s not too bad (however, has anyone mentioned to them Windows XP Support is EOL?) There’s a Windows 7 upgrade opportunity – I can help if you need 😉 Let’s look at the second problem – FidsMon.exe crashing.  You’d have thought that the monitor that had it broken a week ago would have it fixed, wouldn’t you?  Nope:

error last screen return (1024x742)

In fact, there was another monitor which had the same issue only it was in between screens which meant the times were broken, but I wasn’t too bothered to get a screen capture of the same thing twice as there were other fish frying (as you read on)…

Problemo numero three…A monitor in limbo.  OK, so I know you can put your monitor to sleep (there were quite a few of these around), however this monitor was as if someone remote controlled it (probably to kill a FidsMon error) and then just left it as if they were going to be late going home and traffic on the M25 was going to get them out:

cursor only (1024x750)

Yep, that’s it, just a cursor on the right screen…again, the start button and system tray icons and system bar all visible to the world. Not too smart guys.  Ok, so three down, how about we find yet another one…Another one you ask?  Yep, there is more.

Every chance I get, living on an island without McDonald’s, I snap at the opportunity to get a Quarter Pounder with Cheese (large naturally)…actually there’s another blog post about that waiting, but for now, back to the story.  I proceeded up to Ronald’s house on the second floor (there’s a +1 about Gatwick – they’ve recently put McDonalds in the South Departures Lounge.  It used to be in the public area of the North Terminal, but now it is in a much better place :) ).  At any rate, up to McDonalds to get my Quarter Pounder, and right in front of me there it was:

mcdonalds blue screen (768x1024)

BANG, a Blue Screen.  Note: BSOD would not be the right phrase to use here as BSOD actually means Black Screen of Death, back in the early Windows days.  So, at any rate, there she was looking straight at me, a win32k.sys error with stop codes and all. “A problem has been detected and Windows has been shut down to prevent damage to your computer.” (well really it blue screened long enough for us to deduce this:

mcdonalds blue screen - Copy

More likely than not this one is memory related, however you can always reinstall (or upgrade to Windows 7 so your OS is supported 😉 ). So, there’s your free support for the day BAA…if you need more help, we’re here and can help

Tags: , , ,

Using a TechEd Kiosk – Why Not Go InPrivate

It’s been deemed as controversial by some and others simply refer to it as “porn mode” however, here at TechEd, with all of the CommNet as public as your details on Facebook, there’s no better time to utilise a feature of IE 8 than the present:

in private browsing

InPrivate browsing.  With this, your trails are hidden from the next user.  In just a random survey of a few (more than the fingers on two hands) CommNet PC’s I’ve tried this morning, if I open the history (CTRL + H), I can see who’s been checking mail and what else has been happening on EVERY machine I’ve tested.  Not very security conscious I must say attendees!

Next time you use the CommNet or a kiosk PC, think twice before using the already open browser, close it and use the jump list (you do know what that is, right?) to start IE in InPrivate mode and cover your tracks and history!

Tags: , , ,

Networking Security in a Virtual World

17856_lg When you think about a virtual switch, do you envision a black or dark-blue box that consumes 1U or 2U at the top of server racks? That ever-present device from Cisco, 3Com or Juniper creates the networking fabric within which your IT infrastructure communicates. Built into its network hardware is a mature Internetwork Operating System that enables the complex routing, switching and access control that users have come to expect from production networks.

Yet any vision of a virtual switch that exactly mirrors a physical one is only fantasy with today’s technology. The virtual switches within virtualization platforms such Microsoft’s Hyper-V might resemble their real-world counterparts, but virtual switches today provide only a subset of the capabilities of physical servers.

That lack of functionality can be a problem for organizations that make assumptions about virtual network security. Simply put, virtual networks are not physical networks, and they need special attention to be secured properly. First and foremost, Hyper-V’s virtual switches are "Learning Layer 2" devices, which means they route their packets based on Media Access Control addresses. It also means that Hyper-V’s switches don’t understand and can’t process the more-advanced IP-based routing and access-control features commonly found in today’s Layer 3 switches. In essence, an access control list (ACL) can’t be applied to an internal Hyper-V virtual switch using current technology.

Hyper-V’s virtual switches are also limited because they lack support for third-party monitoring and enforcement of virtual network traffic. Once traffic leaves a physical network and enters Hyper-V’s internal virtual realm, it disappears from any external intrusion prevention or detection systems.

Thus, a Hyper-V networking environment requires a few workarounds to duplicate the high levels of security found in some physical servers. First, network ACLs that restrict traffic to Hyper-V hosts will need to be designed with the recognition that they’ll be limited to the boundary of the physical network infrastructure. Conversations between individual virtual machines (VMs) on the same host won’t respect those network-based ACLs. Each virtual machine will need its own installation of an operating system-level firewall and intrusion-detection software if those components are required by your security policy.

Microsoft’s guidance for Hyper-V security also strongly recommends that a dedicated network adapter be used for connecting the host’s primary partition (its "management OS") to the network. This protects the primary partition’s OS from traffic that is sent along the interface used by virtual machines. From a security perspective, virtual machine traffic is always considered to be at a lower trust level than the primary partition because protecting the primary partition is critical to ensuring that VMs stay operational. Environments with very high security requirements may consider restricting primary partition management traffic not only to its own network interface but also to its own protected subnet.

Microsoft has strengthened security in Windows Server 2008 R2 with the introduction of a new setting in virtual switch management. In R2, the Hyper-V Virtual Network Manager includes a new check box marked "Allow management operating system to share this network adapter." This check box further ensures that management OS traffic is isolated from virtual machine traffic. By leaving this check box blank, created virtual networks are not exposed to the primary partition.

Environments that need high availability with Hyper-V will also require some form of shared storage between cluster nodes. For many, this involves implementing an iSCSI-based storage-area network for the storage of Hyper-V VMs. It is a best practice to always separate iSCSI network traffic from production network traffic. At the same time, iSCSI traffic should generally be placed into its own subnet to prevent denial-of-service conditions during periods of overuse as well as to further isolate the different types of traffic from each other.

Many people seek to improve system-availability metrics through network interface teaming. To that end, Microsoft itself does not support the teaming of interfaces for high availability. This has often been panned in the media as a major limitation in Hyper-V for production environments. However, note that Microsoft has never supported interface teaming — even in physical environments. Notwithstanding, vendors such as Dell and Hewlett-Packard have for years developed their own set of teaming drivers, many of which will function in a Hyper-V environment. Obviously, you’ll need to verify the level of support that the OEM for such drivers will provide.

In short, the move to virtualization atop Hyper-V is much easier when there are plenty of network interfaces on Hyper-V hosts. It is not unheard-of to see Hyper-V hosts with up to 10 network interfaces as organizations use dual four-port network cards in addition to the typical dual network interfaces built into today’s server motherboards. Having this many network interfaces ensures that enough are available for redundant production networking, storage and management, as well as a few left over for any "interesting" network configurations that may be needed down the road.

Networking can be a hidden danger, but there’s a danger too in how your virtual machines colocate atop Hyper-V hosts. Particularly problematic in clustered environments where VMs can live migrate around for failover and load balancing, VM colocation can be a security as well as a compliance problem or your IT environment.

Tags: ,