Monday, March 29, 2010

Least Expensive Internet Security Device For Home Users

    $5.00 lamp timer
       $5.00 LAMP TIMER

If you have kids who own their own computers, an inexpensive lamp timer is an excellent way to enforce a digital curfew. I can assure you that your child is occasionally using the Internet at 3:00 am, and this is not helping him or her stay focused in class.

There are other good reasons to run the electrical power for your DSL modem, home router, and switch (if you have one) through a timer. Home routers have very little memory, and their RAM can become exhausted, which may limit the degree to which they can adequately perform stateful packet inspection. It should be noted that most of the home routers in operation today are unpatched for vulnerabilities which can render them useless as security devices. By rebooting these flimsy devices on a daily basis, you can reduce the number of problems you experience with them.

In addition, by turning off the Internet for five hours a night (i.e. midnight to 5:00 am), you can reduce your attack window by 20%. This makes your computer significantly less desirable to the botnet master seeking 24/7 uptime. It may also reduce your exposure to hackers in other time zones.

Midnight to 5:00 am is an ideal time to schedule nightly anti-virus and Windows Defender scans. Correspondingly, you should adjust your Automatic Updates feature in Windows to download updates at 2:00 pm (instead of 2:00 am).

In addition to removing the temptation for your kids to chat all night, you will improve your family's safety by limiting Internet activity to a period when an adult may be able to provide some measure of supervision.

James McQuaid

Sunday, March 28, 2010

President Obama receives "thunderous applause" at Bagram Air Base

Obama Rallies Troops in Afghanistan

Trip Caps a String of Successes, Gives the President a 'Hard Pivot' from Health Care to Foreign and Domestic Issues


WASHINGTON—President Barack Obama's unannounced trip to Afghanistan capped the most eventful week of his presidency, a week that saw victory on his signature domestic initiative, completion of a nuclear-arms accord with Russia and a night-time rally with thousands of cheering troops.

It also signaled that after a year mired in health-care politics, Mr. Obama hopes to turn to the multiplicity of issues—at home and abroad—that have languished in the shadows of his one huge domestic fight. Those include the war in Afghanistan, confronting Iran over its nuclear weapons, job creation and senior-level appointments.

Sunday's imagery could provide the "hard pivot" ...

Saturday, March 6, 2010

Who Is Responsible For Malware On U.S.-based Servers

Jeffrey Carr at IntelFusion has an interesting article "Imagine if Russia or China announced a formal policy of using non-state actors in cyber deterrence"

He notes that, "Many other nations in the world community see the U.S. in a more negative way already because 20 of the world’s top 50 worst ISPs for serving malware operate in the United States. This creates the illusion that the US is responsible when in fact foreign actors use US servers to mask attribution and, as a side benefit to them, feed anti-US sentiment. This strategy seems to be working according to the McAfee report “In the Crossfire” (.pdf), which surveyed “600 IT and security executives from critical infrastructure enterprises across seven sectors in 14 countries”. According to the report, the U.S. is seen as the “most worrisome potential aggressor”."
This concern regarding U.S.-based malware can be seen in this chart.
Carr observes, "Ironically, China will surely use this document against us as they continue to accuse the U.S. of launching cyber attacks against .cn websites. China, PRC officials will say, is busy shutting down bad ISPs and enforcing its own anti-hacking laws (which they are doing, by the way), while the U.S. does nothing about its own infected computers and badware."

This prompted me to examine malware infections at The Planet during 2010 as reported by The purpose was to determine what percenatge of the malware served was attributable to foreign actors (non-U.S. citizens or organizations).
In order to show only the most recent data trends, I limited the examination only to new instances of malware (i.e. ignoring the malware that existed at The Planet prior to January 1st). Those of you who investigate malware have a pretty good idea where this is going, however I was surprised by the numbers. lists 83 infection methods across 58 unique IP addresses and 40 unique domains at The Planet (AS21844) for January 1, 2010 through March 6, 2010. In the three charts below, the numbers are broken out by the nationality of those responsible for the malware.

Malware Attribution at The Planet in 2010 by Infection Method

Malware Attribution at The Planet in 2010 By IP Address

Malware Attribution at The Planet in 2010 By Domain

As you can see, Russian and Ukrainian criminals are overwhelmingly responsible for the distribution of malware at The Planet. While this sample is not statistically significant, my guess is that such numbers are likely to hold in a wider sampling. In order to gauge ill will and damage by nationality I created a simple index; it is scored by multiplying infection methods by unique malware IPs by unique malware domains. As you can see in the chart below, the damage imposed by Russian and Ukrainian criminals far supercedes that of all other countries combined.

Damage Index by Actor Nationality

There are a variety of reasons contributing to this situation, including the failure of U.S. hosting firms to be held accountable under law for the actions of their clients, a failure by the hosting firms to vet their clients, a lack of civil liability for their business hosting operations, and a lack of Federal regulation on the industry. In short, aside from the potentially negative effect of appearing on one of the many blacklists published by independent researchers, U.S. based hosting firms have no incentive whatsoever to clean up their IP space. I should hasten to note that The Planet is comparatively clean as compared to the dedicated criminal hosts, and operations like Demand Media. One can also point to the inability of the U.S. to extradite criminals from the former Soviet Union as well as, the extremely weak criminal justice systems in Russia and the Ukraine.

In the end, this will have national security implications because a foreign enemy could easily debilitate commerce in the United States using our own computers against us.

At the recent RSA conference, a number of good ideas were floated on how to clean up the Internet. These included levying a tax, and so forth. In my view, only a comprehensive approach will be effective in ending the current intolerable state of affairs. Simply blaming end users and/or Microsoft won't do.

James McQuaid