Protect your Web site from Google Hacking

March 8, 2008 – 4:20 PM

What’s accessible to the average person about your Web site? It could be more than you bargained for. Even if pages are hidden from view, confidential files about customers and employees could be just a search phrase away.

Google.com keeps a massive index of Web pages and files on the Web. At the end of 2004, its reach included a whopping 8 billion pages. Google isn?t picky about what it extracts from the Web. It can get to almost anything on a Web server. That’s part of the problem, but it?s not necessarily the search giant’s fault. Google simply does its job; hackers abuse its services.

Every Web site?s front is held together with numerous directories of files, images and programs. Google hackers can get to those loosely guarded directories. Those directories can include personal information from consumers like you and me.

Google is a hacker favorite because it offers the most advanced search features. Most hackers use a special set of features called advanced operators. You can find a list of those operators from Google at:
http://www.google.com/help/operators.html

One common hack involves the operator ?intitle.? The intitle operator lets you search only in Web page titles. These titles appear in your browser?s title bar, the colored area at the top of the window.

The simplest Google search for a directory is intitle:”index of”. The intitle operator searches Web page titles. Directory titles usually begin with the words ?index of.? If a server?s contents aren?t secure, that will be apparent in the search results. Adding other operators, these searches can be very specific. Google can be misused to search for budget spreadsheets, password lists, or Social Security numbers.

Google also saves copies of Web pages in a cache, or storage. A cache temporarily holds used information that might be needed again soon. Hackers can take advantage of Google?s cache of Web pages. Many sites work hard to improve security. But old, unsecured site versions can remain in the cache. Google?s cache is searchable with a ?cache? operator.

Google hacking is not a simple task for the average person. The hacker must know how Web sites are structured. Hackers must also know common directory and file names. Even then, they need the expertise to discern the valuable information.

If you are running a Web site, try different searches and operators on your site. Or if you know someone who does, pass them the link to this tip. If you have any doubts about your security, check into it. You might even want to have a security expert audit your system.

http://www.komando.com/tips_show.asp?showID=8733

Spyware shifts from marketing to robbery

March 8, 2008 – 4:19 PM

Need examples of why spyware is so insidious? Headlines from the last few months are full of them, said Richard Stiennon, VP of threat research for Boulder, Colo.-based security firm Webroot. Spyware probably contributed to the data thievery companies like Lexis-Nexis, BJ’s Wholesale Club and Bank of America suffered, he said.

That’s the big point of a new report Webroot has released on spyware activity for the second quarter of 2005: Spyware pushers are shifting their focus from pay-per-click advertising to identity theft. And they’re quickly expanding their network of infected machines in the process.

“The big marketing opportunity for spyware writers is over,” Stiennon said. “Now they are competing with each other, going after bigger and better targets, using URL monitors, keystroke loggers and Trojan horses to steal your information.”

The report comes about a week before the Anti-Spyware Coalition is set to meet and discuss feedback it’s received since releasing a rough draft of spyware definitions July 12. The coalition — formed earlier this year when the nonprofit Center for Democracy and Technology teamed up with several tech firms and security organizations — hopes to weave the feedback into a final document to be released this fall.

Paul Kurtz, executive director of the Cyber Security Industry Alliance, said the Anti-Spyware Coalition’s work is vitally important given the damage spyware can do.

“Spyware can be so broad,” he said. “We allow forms of it on our computers every day. That’s the big issue we need to think about today. There must be common rules and procedures for defining and removing it. If we can establish a common template to determine what should be removed as spyware, we’d at least be putting everyone on the same sheet.”

Despite awareness, infection rate stays high
Awareness is up. Antispyware legislation is pending at the federal level and in 19 states. And the security market is flush with new tools to scan and clean systems. Yet the spyware infection rate for enterprise desktops remains above 80%, the report said.

To date, Webroot’s Enterprise SpyAudit has scanned nearly 60,000 systems representing more than 20,000 companies; finding the number of spyware instances per infected machine up by 19% this year, the report said.

The firm’s research team also saw evidence that spyware pushers are aggressively growing their distribution channels. The report said the number of Web sites distributing spyware has quadrupled since the start of the year to 300,000 unique URLs. Meanwhile, the company has seen the number of spyware traces in its spyware definition database double in the same period to over 100,000.

Stiennon said spyware pushers are also working hard to test their wares against a range of antispyware software and are successfully using rootkits to avoid detection.

New names for new spyware
The report also offers a list of programs Webroot has fingered as spyware, including a new one called Look2Me. This spyware may monitor Web surfing activity and report back usage statistics to a centralized server, the report said. It may also display pop-up ads and install several other pieces of spyware.

“Once installed, Look2Me may update itself and install other applications,” the report said. “These applications are usually other pieces of spyware. Look2Me may download and execute third-party programs on your computer without your knowledge or consent.”

Look2Me is usually installed using ActiveX drive-by download sites or flaws in common Web applications, the report said, adding, “Look2Me is very difficult to remove due to its injection into system-level processes. Look2Me may also install other pieces of spyware and adware, which decrease your computer’s performance, and may display pop-up advertisements.”

“When you look at where this is going, you think, ‘when will this end?” Stiennon said. “Our feeling is that we haven’t seen anything yet. Profit motive opens a whole new world.”

The next big story
While Stiennon doesn’t see the spyware war ending anytime soon, he predicts executives will start being held more accountable when they fail to stop the malware from stealing data and damaging the company’s reputation.

“The next big story in this saga will be when the big CEOs start getting fired over this year’s breaches,” he said. “When you can’t detect something like a keystroke logger, you’ve got a problem. I’ve been on road for eight weeks talking to clients, and more often I’m hearing them say, ‘we really want to stay off the front page of the Wall Street Journal.'”

He believes the Anti-Spyware Coalition’s work will help give companies a better idea of what to look for and how to respond when spyware infections are uncovered. But the overall impact may be limited.

“Activities of a coalition like this won’t have a direct impact in turning the tide,” he said. “But it shows a maturing in the industry where the players are at least talking to each other. In the end, though, you can’t issue a document that will improve security. It’s all about personal behavior.”

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1118610,00.html

Ready to Drop Kick Your PC?

March 8, 2008 – 4:18 PM

There’s a famous scene in the classic movie Caddyshack in which Bill Murray (playing demented greenskeeper Carl Spackler) says that in order to defeat the gopher that’s ruining his golf course, he must think like a gopher. Troubleshooting computers can be a bit like that: To recognize and fix what’s ailing your system, you must understand how it works.

For instance, when my 10-month-old laptop started to hang occasionally during boot-up before Windows could launch, I figured the problem might be caused by a cold hard drive not quite ready to leap into action, or perhaps an overstrained power supply falling short at a critical moment. But when the problem evolved into crippling Windows crashes, called the Blue Screen of Death (or BSOD), I knew it was something more.

Was it software? No, couldn’t be, I told myself. I was sometimes getting those crashes before Windows was even running. Was it the hardware? Probably, but why wasn’t the problem always the same? Before I could go much further, I had to mind the four corners of PC troubleshooting: backup, document, Google, and isolate.

Backup and Document

First, I did the smart thing. After that initial BSOD, I backed up all my data. I keep an external USB 2.0/FireWire 250GB hard drive around for just such a contingency. I love how the quick drive can get files off my ailing PC fast. And because it’s external, it puts no additional load on the system that I’m trying to troubleshoot. A fast network connection to a second PC offers similar benefits.

Confident that my work and files were protected, I soldiered on, keeping a close eye out for patterns and trends in my mysterious crash investigation.

Next, I went about documenting the problem. PC veterans know that intermittent or delayed crashes are often caused by heat. Heat can cook CPUs, lock up graphics cards, and render disk drives inoperative. Because different applications can drive components at different levels, these crashes can be frustratingly unpredictable. A PC may crash within ten minutes, or it might run all day before giving up.

Facing just such a situation, I downloaded a heat-monitoring utility. I also used a watch and a case thermometer to time how long and how hot the system would run before crashing. When the case sensor pushed past about 40 degrees Celsius, I would often get the BSOD. Now, hitting 40 degrees in my power-mad laptop isn’t that unusual. Still, I thought, maybe a specific component wasn’t getting properly cooled and was passing a critical threshold. I was officially on to something.

I wrote down everything. I tracked the times and temperatures from my tests. I jotted down cryptic error messages and memory addresses from the BSOD screen dumps. I even took digital pictures of the Windows crash screens so I could send them to my vendor’s tech support folks.

Great Google-y Moogle-y

That’s when I worked the third trick of PC sleuths: the old Web search. I Googled all those error messages and codes. Then I did the same at Yahoo Search. I used the search engines to find helpful and obscure technical forums, where discussions relating to my problem raged.

I also went to the highly useful Google Groups service and performed searches in Usenet newsgroups, which are online bulletin boards where a lot of computer-savvy people post information and discuss topics. I soon learned that failing memory chips could be causing my BSOD error code.

Which brings me to the fourth step in a good troubleshooting program: isolate. My PC has two RAM modules. After studying the documentation and checking some user forums for detailed guidance, I opened my system and removed one of the 512MB RAM DIMMs. With 512MB left in my system, I booted up. Windows launched. Applications launched. The PC ran for one full day, then two. I ripped MP3 files and compressed video. My PC was cured, but that other RAM DIMM was most certainly toast.

Just to make sure I’d isolated the problem correctly, I swapped the two 512MB modules in the PC. I couldn’t get the poor beast to boot. Ten minutes later, I described my sleuthing to the tech support guy, and immediately arranged to receive two new RAM modules to replace mine (RAM needs to be closely matched, so you often need to replace both modules even if only one is bad). As it turns out, the specific model of memory in my system was known to be temperamental. The replacement stuff has been rock-solid ever since.

Different Strokes for Different Folks

The RAM odyssey was trying, but I was fortunate. I was able to get my PC to run for significant stretches, so I could notice patterns (like temperature levels and BSOD codes) that ultimately identified the problem. What if a PC just plain won’t start? At those moments, I urge folks to check the simple stuff. Is the power cord plugged in tightly at both ends? Is the outlet powered? Don’t laugh: I had a network problem drive me bonkers for 45 minutes before I realized a blown circuit had shut down the outlet powering my router.

After that, you have to think like a gopher and wonder about things like: Is the hard disk working? If you listen closely, you may be able to hear a drive in distress (clicking, grinding, or undue vibration can all be telltale signs of a hard disk fixing to bite the dust). Remove the case and put your eyes and ears to work. An inoperative cooling fan may cause components to cook like ants under a magnifying glass.

Don’t overlook simple explanations, either. A dead PC could have been damaged by being knocked over or moved. Look closely for possible physical damage. Also power off the system and make sure all the internal and external cables, as well as internal cards, fit properly and securely. Then restart again with the case off and your eyes and ears peeled. Look closely at the boot screen and see if any weird errors–like a drive not found error–come up.

Tools of the Trade

Of course, your eyes and ears aren’t always enough to pinpoint problems. Software programs can also help you get past pernicious PC problems. Here are a few to consider:

RegWorks: This low-cost Registry editor is tuned to guide you through routine tasks and help you solve Registry issues.

Task Manager: It’s built into Windows (just right-click the taskbar and click Task Manager). Use the Processes tab to find programs that might be hogging CPU time or refusing to close, and close them out by right-clicking the app and clicking End Process. Works every time.

System Restore: It’s also built into Windows XP (go to Start, All Programs, Accessories, System Tools, System Restore). It takes a snapshot of your Windows configuration so you can roll back to a previous, working setup. System Restore is great for backing out of hardware upgrades or software installations gone horribly wrong.

X-Setup Pro: It’s tweaker madness with this low-level utility that lets you change almost everything in your Windows setup. Great for disabling misbehaving Windows components and streamlining and securing your PC.

Hey, computers may never be 100 percent reliable, but maybe they’re becoming more predictable. The reason your system acts funky is rarely mysterious–except to you. You simply need to take the proper steps and tap the World Wide Web of troubleshooting knowledge to fix what ails you.

http://www.pcworld.com/resource/printable/article/0,aid,122156,00.asp

Webroot: Spyware Rampant in the Enterprise

March 8, 2008 – 4:18 PM

The number of Web sites distributing malicious software has quadrupled in the last year to more than 300,000, as the spyware problem continues to fester on the Internet, according to an upcoming report from Webroot , an antispyware software company.

Webroot Software Inc.’s State of Spyware Report for the second quarter of 2005, claims that 80 percent of enterprise computers are infected with some kind of adware or spyware. Rates of infections of malicious programs such as Trojan horse and keylogging software did not decrease between the first and second quarter, despite more awareness of the danger of spyware.

The report comes as the online criminal groups that are responsible for spyware switch from pay-per-click advertising to identity theft as a way to profit from their activities, said Richard Stiennon, vice president of threat research at Webroot.

The State of Spyware Report presents the results of spyware scans of almost 60,000 systems at 20,000 companies, Webroot said.

The average number of spyware infections on computers increased almost 20 percent to 27 per machine since the last quarter, despite more public awareness of the spyware problem and the availability of a number of new tools for detecting and removing spyware from infected computers, Stiennon said.

The reason may be that spyware makers are wising up to detection tools such as Microsoft Corp.’s Antispyware and Webroot’s Spy Sweeper, Stiennon said.

Spyware researchers discover ID theft ring.

Evidence collected by Webroot researchers indicates that spyware authors are testing their creations against those programs and adopting techniques from stealthy programs known as “root kits” to avoid detection, he said.

Online scam artists are switching their focus from installing advertising software that generates revenue from pop-up ads and pay-per-click advertising to spyware and remote-system monitoring tools that are used to steal identities, Stiennon said.

The spyware can generate far higher revenue, per install, for the online criminals, he said.

“We’re seeing adware-type spyware evolving into system monitoring spyware,” he said.

Software from mainstream adware vendors was actually less prevalent on systems scanned by Webroot, according to Webroot’s data. That may indicate that improved installation practices and end-user license agreements from mainstream adware companies are having an affect. However, the decline in legal adware is offset by the continued strength of malicious spyware such as keyloggers and Trojan horse programs, Webroot.

Cool Web Search, a ubiquitous form of spyware, was found on about 8 percent of the machines Webroot scanned in the second quarter, and keyloggers were on about 7 percent of all machines?comparable to the rates of infection last quarter, Stiennon said.

IT administrators should actively scan and monitor their network hosts for spyware infections. They should also avoid complacency about the problem, Stiennon said.

Sunbelt adds detection for ID theft keylogger.

Keyloggers, Trojans and other spyware are much more common today than they were five years ago. However, they still pose a serious security risk to enterprises and should be taken seriously.

“I think the data loss news that is hitting us is an indicator of how serious this problem is,” Stiennon said.

A new enterprise version of Spy Sweeper, which is being released Monday, will be able to detect and remove sophisticated spyware that changes the configuration of Windows systems and interacts with the operating system at a low level, said Brian Kellner, vice president of enterprise products at Webroot.

Spy Sweeper Enterprise 2.5 has a new spyware scanning engine and CRT (Comprehensive Removal Technology) that can remove even tricky spyware programs such as Look2Me and Cool Web Search variants without harming Windows systems, Kellner said.

Spy Sweeper Enterprise can also scan systems more quickly, uses smaller spyware definition files, and has a Web-based management dashboard with new reporting features and the ability to control and configure Spy Sweeper clients across an enterprise network, he said.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

Click here for full story

AMD Speeds Turion Chips

March 8, 2008 – 4:17 PM

Advanced Micro Devices introduced two new low-power-consumption 64-bit microprocessors, the MT-37 and the MT-40, to its Turion mobile range this week.

The model names identify two aspects of the processors’ performance. The T signifies that they are part of the low power-consumption range of Turion mobile processors (components from the ML series consume more power), while the numbers signify that the processors’ computing power is at the top of the range currently on offer. AMD already offers processors with designations from ML-28 to ML-40, and from MT-28 to MT-34.

The price of the MT-37 is $268 in quantities of 1000, while the MT-40 costs $359, AMD says. The MT-28 is listed at $159 in the same quantities.

Systems Available

The processors are available worldwide immediately, and computers containing them will soon be available for delivery in North America, according to AMD.

Voodoo Computers of Calgary, Alberta, for example, is already taking orders for laptops containing the faster processors through its Web site. The Envy Featherweight a:228 model retails for $1892.82 with an MT-28 processor.

Replacing that with an MT-37 adds $230.99 to the cost, while an MT-40 adds just $222.40, according to Voodoo’s Web site.

AMD says it also expects Voodoo to offer the processors in the heavier Envy Middleweight a:538, but that model is not listed on Voodoo’s site.

Machines containing Turion mobile processors will run 32-bit versions of Microsoft’s Windows operating systems, but also have support for 64-bit applications, AMD says.

http://www.pcworld.com/news/article/0,aid,122269,tk,dn082205X,00.asp