Category Archives: Security Articles

The Computer Security Archives

Bitcoin Security

Bitcoin has become very popular but there has also been several security issues. Is Bitcoin really safe?

A lot of sophisticated security has been included in Bitcoin. Although you may have a heard about plenty of Bitcoin security breaches, Bitcoin itself is actually very secure. Only one major vulnerability in the bitcoin protocol has been detected. That was back in 2010 but it was quickly fixed. But while Bitcoin may be secure, humans using Bitcoin often create security problems.

Theft of Bitcoins has happened several times, in some cases huge amount of Bitcoins have been stolen. The largest thefts have involved Bitcoin exchanges but several users have also lost Bitcoins stored in their wallets.

Bitcoin exchanges are marketplaces that allow users to sell or buy bitcoins using different currencies. Given the huge amounts of money, both bitcoins and other currencies, handled by the exchanges, they are prime targets for many attackers.

Bitcoins are stored in electronic wallets. The wallets can exist on a server in the Internet, on a user’s computer or offline. A wallet at an Internet site is similar to a bank account. Just be aware of that while most bank accounts are insured by financial authorities, Bitcoin wallets are not.

Obviously, there is not much a user can do about improving the security of a Bitcoin exchange. But by keeping just small amounts of bitcoins at an exchange you can limit your potential losses. It is a good practice to withdraw any excess funds as soon as possible from a Bitcoin exchange, leaving just a small amount in your account. You can move your funds either to a standard bank accounts, which typically is insured, or to an offline wallet. Unfortunately, several Bitcoin exchanges have made huge losses due to attacks, often inside attacks, and customers have lost some or all of their deposits.

Given that Bitcoin wallets are typically not insured, it is a good idea to keep most of your bitcoins offline. Limit the amount of bitcoins in your online wallets to what you need for the next few weeks. If you are going to do any large transfer, take the amount from an offline wallet and transfer the funds to the receiver as quickly as possible to limit the risk of theft. Nowadays, almost all online wallets offer additional security, so that your account is not protected just by a password. Always enable this option, sometimes called 2-Factor Authentication.

It is important to remember that you can lose your bitcoins also without being attacked by someone. If you have stored your bitcoins on your hard drive and the drive crashes, your bitcoins are gone unless you have made backups. Needless to say, always backup your bitcoins and store the backups in a safe place, or preferably in a number of safe places.

Another way of losing your bitcoins is by forgetting the password. There are some possibilities of recovering lost passwords but basic brute-force attacks are not feasible at the moment. It may be an option some time in the future when computers have become cheaper and more powerful. If you have some idea about what the password is, you can generate a list of possible password and try them. It is a long shot, so make sure to write down your passwords and keep them in a safe place. Computer-generated strong passwords are highly recommended but make sure that you have stored the passwords in several safe places, not just in one single password management program.

There are plenty of products which protects your bitcoins. One of the best solutions are small USB-key sized device with a small screen and two buttons which you connect to your computer when you need to transfer some bitcoins. The advantage of such devices is that even if your computer gets hacked or stolen, your bitcoins are still safe on the USB device, which you hopefully keep in a safe place when not needed. These USB devices typically also offer backups, so that you can recover your bitcoins even if the USB device is destroyed. At the moment, the Trezor hardware wallet is a very good solution for your bitcoins.

VMware Security Overview

VMware has become very popular and is nowadays used to build huge virtual environments. The virtual nature of VMware is creating new potential security issues. That said, VMware security has improved a lot over the years. Here is an overview of VMware security.

Securing an VMware environment is a complex task, this is especially true for large virtual environments. At the same time, VMware security is very important for organisations that use VMware as one of the cornerstones in their virtualization strategy. A security flaw in VMware could make it possible to compromise all systems in the Cloud.

The success of VMware has also made it an interesting target to attack. In the early days, security on the hypervisor level was not much of an issue. It was more important that the guest operating systems, such as Windows, were secured. Very few attacks on the hypervisor level had been reported. One reason for this was that very few people had enough knowledge about VMware to be able to find ways to attack it.

Nowadays, VMware releases security patches regularly. Attacks on VMware sites are nothing odd any longer. VMware also had an embarrassing problem, parts of the confidential VMware ESX source code has turned up on the Internet. Some people were looking for help from experts who could find security flaws in the source code.

So what kind of potential security issues exist in a virtual environment like VMware? There are a number of especially operational threats. New virtual machines can be created quickly and easily, which is very handy but from security point of view this is a big problem. A VM (virtual machine) which has not been hardened can compromise the whole virtual environment. The virtual networks are seldom monitored which can let attackers collect sensitive data for a very long time without anyone noticing the security problem.

Another practical problem is who should administer what in a virtual environment. This is an issue which can quickly turn into a political battle when different teams try to maximize their control of the environment. Sometimes administrators have full control over the whole virtual environment which is bad practice from security point of view. Granular access is good for security but it is taking time to introduce the concept in the VMware world.

What about VM Escape? This refers to the scenario where malicious code running on one VM can escape out of the VM and infect the whole virtual environment. No real examples of VM Escapes have been found and it is thought to be impossible to achieve. But there has been incidents there malicious code in one VM has managed to propagate itself to other VMs, albeit only in special cases and with limited success.

As mentioned earlier, VMware viruses and malware used to be unknown but with the increasing popularity of VMware such programs have started to become VMware-aware. One reason for this is that many anti-virus companies check out viruses and malware on VMs, after all VMs are very useful for such purposes. Due to this, some viruses check if they are running in a virtual machine and if that is the case, they exit or at least change their behavior from what it would be on a physical machine.

Biometrics in Computer Security

Biometrics has become a hot topic in computer security. Using biometrics has a number of advantages but finding reliable solutions is still a problem. A lot of money has been spent on finding commercially viable solutions. But it is still a long way to go before biometrics will be used instead of passwords for authentication.

Biometric authentication has several advantages compared with passwords, the standard solution in the computer world. Passwords can be forgotten or stolen. Using biometric identification to recognize a person based on her physiological or behavioral characteristics avoids such problems. Using biometrics for authentication isn’t actually something new, fingerprints may have been used already in the ancient Babylonia 4000 years ago.

But finding a reliable biometric system for authentication is far from easy. It should be something unique, so every person can be identified. At the same time it needs to stay relatively constant over time and should be both quick and easy to apply. Fingerprints have been used long before computers entered the stage but other biometric systems are also being tested. But as mentioned, no reliable solution has been found that could be for example built into laptops.

Biometrics also creates potential privacy concerns. Users are of course aware when they are asked to enter a password but biometrics data can be collected without active participation of the users, which means that they may not even be aware that data is being collected. Governments can for example collect detailed information of all the flights people have made, even if there is no security justification to store such information. If DNA data is collected, it is even possible to trace illnesses and genetic conditions that have nothing to do with the identification process.

In movies, biometric authentication is often depicted as very easy and reliable. But in practice it is often very difficult for computers to determine the accurate response, which may require a lot of processing as well.

One problem with biometrics compared with passwords is that is not replaceable. While a stolen password can be easily replaced, biometrics is not easy to replace.

There are several international biometrics standards available. And a number of new ISO/IEC standards are being developed. One of the main problems is to find a reliable system that makes it possible to identify people without being too strict. The biometrics profiles of two people may overlap, in which case it is important that the system can identify both people accurately without rejecting people because they can’t safely be uniquely identified.

The enrollment of people in biometrics systems is more complicated than issuing passwords. Typically, special equipment is required which is only available in a few places. Some people have biometrics that are far outside the normal values which may cause the biometrics system to reject them.

At the moment, no biometrics technology has become dominant. Several different biometrics systems are being used. Fingerprint, iris, face, hand geometry and voice are the most widely used at the moment. Fingerprints are the most commonly used biometrics right now. Fingerprints have a number of advantages, they are unique, don’t change over time and relatively easy for computers to recognize. But some people associate finger prints with criminals and not everyone like to touch a sensor that has been touched by unknown people. Fingerprints also require active participation. Face recognition does not require active participation but has a number of disadvantages. Faces can be obstructed by glasses, hair, hats and many other things. Faces also change over time and good cameras are needed to get accurate results.

What is Computer Forensics

Computer security has become very important and one of the most important fields is computer forensics. Computer forensics is defined as the acquisition, preservation and analysis of electronically stored information in such a way that it can be used in a court of law. This generally boils down to trying to figure out what happened, when it happened and who did it. Computer forensics has even become popular in fiction but here we are going to discuss activities in the real world.

Computer forensics is very interesting and since new technology is introduced all the time, the methods have to be refined to keep up with the changes. Investigations can be divided into two types. In the first category we have the investigations there computers were used to commit a crime. In the second type of investigations, the computer was the target of the crime.

Forensics investigators follow standard set of procedures to ensure that their findings can be used as evidence in court. Often this includes working on a digital copy of the data while the original is stored in a secure place. All this is done to avoid getting the evidence declared invalid by the court, just because the correct procedures were not followed. Computer forensics can require as much legal skills as technical skills.

Nowadays, there are plenty of tools for computer forensics investigations. There is no need to develop your own tools. This means that the technical skills needed for computer forensics are relatively easy to acquire.

The International Society of Forensic Computer Examiners has a computer forensics certification, the Certified Computer Examiner (CCE) certification. It is not well known outside computer forensics, but it is the only certification and has been around since 2003.

Of course, being able to recover data from crashed hard disks is a useful skill also outside legal courts. Often crashed disks contain important data that has not been copied to other locations. While end users are seldom capable of recovering the data, people with the right tools and skills can in many cases recover most of the data. A lot of clients are prepared to pay generously to get their data back.

Computer forensics experts can also find data that has been deliberately deleted. In most operating systems, then you delete a file, the file handle is removed but the data still remains on disk. The operating system can’t find it, the file handle does not exist anymore but the data has not been overwritten on disk. For most operating systems, recovery tools exist that can restore deleted files, as long as the data has not been overwritten. But if the data on disk has been overwritten such tools can’t recover the data.

But it is actually possible to recover the data even if it has been overwritten. This requires special tools which analyze the magnetic fields on the disc platters. If the data has only been overwritten once, it is relatively easy to recover the file. Therefore, if you want to be sure that the data can’t be recovered you need to overwrite the data blocks several times. Every time a data block is overwritten, the chance of recovering the old data decreases exponentially. By overwriting the data seven times, it will be too difficult and too expensive for most organizations to recover the data.

How to protect against insider attacks

Firewalls are very good at protecting organizations against attacks from the outside. But if the attacker is already inside the firewall, you are not helped by firewalls. Insider attacks have become a big problem for many companies. Here are some ideas how you can protect yourself against insider attacks.

Obviously, in order to carry out their daily duties, some people need to have permission to do activities which could harm the organization. It is also easier for staff to acquire information about sensitive systems than it is for outsiders. Since insiders generally know much more about the computer systems of the organization, inside attacks often cause much more damage than attacks done by outsiders.

Protecting against internal attacks is often a tedious task. It requires that you list what systems and data that need to be protected. Then you have to build a list of the people who need access to these systems in order to carry out their daily jobs. Now you are ready to start planning how to protect the organization’s sensitive resources. This includes assign a person who is responsible for each asset that needs to be protected. This person decides who should have what kind of access to the asset.

It is relatively easy to audit access. This should be done and the audit logs need to be saved in on secured server. Otherwise, the insider may erase the audit log after the attack has been done. But audit log only makes it possible for you to work out who did what, they don’t prevent people from damaging the system or stealing data.

The principles that should be used are known as “Principle of Least Privilege” and “Segregation of Duties.” The first principle means that no one should get privileges greater than those needed to carry out his or her tasks. The second principle means that no single individual should be able to process a transaction from initiation to completion.

There are number of reasons why it is difficult to protect against internal attacks. Below are some of the main reasons.

In many organizations, people move frequently to new positions with new responsibilities. But that can also mean that they should no longer have permission to do tasks or to access information that belonged to their old position. This means permissions have to be updated and audited regularly.

By restricting staff’s access, it becomes harder for them to do their work. It can often be convenient to relax the restrictions but this also decreases the security.

Often an inside attacker can take advantage of the fact that he or she is on friendly terms with people who possess vital information. Sometimes this makes it possible to acquire key knowledge or information that the attacker was not supposed to get. But a colleague wanted to be helpful and supplied the information.

Note that insiders can also create security issues by mistake. It is easy to bring in new programs on USB sticks and similar devices. Far from everyone select strong passwords for their accounts. Educating the users is the best way of preventing such security problems. Clever social engineering is another way how insiders can be fooled, here you can learn more about social engineering.

What Is Social Engineering

You may have heard that it is very difficult to protect against social engineering attacks. But what is social engineering? Here is a short overview about what it is and how it has been used to gain unauthorized access.

Social engineering is a term used for a number of methods and techniques. They all have one thing in common, they all try to manipulate people, by posing as someone else, into revealing information or performing actions. Social engineering covers a wide range of techniques, some examples are, pretending to be a manager and requesting actions from employees, posing as a new employee asking for information about the systems or claiming to be support personal and telling people to download and install an important patch.

Nowadays, social engineering can also be done using email. Phishing emails have become a daily nuisance, telling you to log into your online bank account using the link provided in the email or emails pretending to come from the police or IRS telling you to open an attachment.

Social engineering is difficult to defend against because it targets the weakest link in IT security, humans. After all, we all want to be helpful and look like we know what we are doing. This means that the defense against social engineering is education. Unfortunately, this is not easy since there are so many different ways that social engineering can be used.

A social engineering attack can be fast, just a phone call or an email, but also slow by gathering one piece of information at a time. The latter approach can be very difficult to detect, each individual piece may not be important but by putting together all information, the attacker may know all he needs to know.

Social engineering is not just limited to getting access to computers. It can be used gain entrance to server rooms, getting badges or keys for buildings or getting confidential documents.

Firewalls are very efficient in preventing unauthorized people from gaining access to your network. A lot of attackers have also realized this, social engineering is one way of getting around the firewalls and all other IT security. This is what makes social engineering so dangerous, you can have configured your firewalls and computers very securely, preventing all unauthorized access just to have some “helpful” employee giving the attacker all he wants.

Still, good IT security is important, it limits the number of people who can help the attacker and it also makes life more difficult for the attacker even if he successful with his social engineering. But you also have to inform all people about popular social engineering attacks. Increasing your staff’s awareness about social engineering is the best way of preventing such attacks.

Since there are so many different kinds of social engineering attacks it is very difficult to teach people how to detect such attempts. Social engineering by email is very common but seldom efficient, most people know that it is very easy to forge an email. Still, if it would not work at all, we would not receive so many emails pretending to come from the IRS, FBI or UPS. But educated users are unlikely to give away any sensitive data in an email. After all, even if the recipient is not an attacker, you should never put any sensitive data in an email. Most emails travel over public networks without being encrypted. Although it is unlikely, the data can be read by anyone who has access to the network.

Social engineering over telephone requires some knowledge about the organization but is also be much harder to protect against. Once again, people aware of social engineering attacks are less likely to be fooled. Social engineering in person is not very common, after all it exposes the attacker. But a sophisticated attacker is very good at reading people and knows when to look helpless and when to be aggressive. Such attacks are generally done by insiders and can be very difficult to protect against.

Encryption Overview

Encryption has been used for a very long time. It is used to scramble information so that it cannot be read by anyone except the intended recipient. In the computer world, encryption is very important. Without secure encryption, the Internet would never have become such a huge success. Here is a short encryption overview.

Encryption has a long history, it was already used in the ancient world. Even some wars have been won more thanks to superior skills in cryptology than superior military skills. Computers have completely changed the science of cryptology. The computing power of modern computers has made it possible to create codes that are virtually impossible to crack without the help of sophisticated software and powerful computers. On the other hand, sophisticated encryption is absolute necessary on the Internet. Often, users use encryption without even being aware of it.

Computer encryption can be divided into two categories, symmetric encryption and asymmetric encryption. Symmetric encryption means that the same key is used to both encrypt and decrypt the message. This key has to be kept secret and distributed securely before the communication can begin. Asymmetric encryption on the other hand, uses different keys to encrypt and decrypt the information. One key is public, which is known by everyone, and one key is private, which must remain known only to one entity. The advantage of asymmetric encryption is that no secret keys need to be securely distributed.

The first popular encryption standard for computers was DES, Data Encryption Standard, developed by IBM in the early 1970s. DES uses symmetric encryption and could be implemented very efficiently. But it had one practical problem, how to distribute the keys securely. DES also used a 56-bit key, not long enough to avoid brute-force attacks by powerful computers. To improve the security, 3DES or Triple Des was created. It uses 168-bit keys, three times longer than the original DES key length. Each additional bit in the key doubles the effort needed by brute-force to crack the code.

The problem with secure key distribution has made asymmetric encryption methods, also known as public key encryption, popular in the computer world. The advantage is that the public key can be distributed freely to everyone, also to people who are not allowed to decrypt the information. The decryption can only be done if you know the secret key, known as the private key. When the pair of keys is generated, the private keys is kept by the entity and the public key is distributed freely to the whole world.

The most well-known public key encryption system is probably PGP, Pretty Good Privacy. It was developed by Phil Zimmerman in 1991. The creation of PGP was controversial, it provided everyone, both good and bad guys, with encryption that was extremely secure. It can be downloaded free of charge. Just beware that you are not allowed to download it from a site in the US if you are located outside the US.

The RSA method is most likely the most successful commercial public key method. The RSA methods were developed by Ron Rivest, Adi Shamir and Len Adlema. The first letter in the surnames of the developers is supposed to have been used for the name.

Note that public key encryption also makes it possible to create digital signatures. By reversing the process, using the private key to encrypt a signature and decrypting it with the public key, you know that the message was sent by the person who possesses the private key.

Both SSL, Secure Sockets Layer, and TLS, Transport Layer Security, use public encryption to provide secure communication over the Internet. URLs beginning with https rather than the usual http use SSL or TLS.

Here you can learn more about the Public Key Infrastructure which is used on the Internet

What Is Malware

Malware has become more and more sophisticated. It has also become harder to detect malware. At the same time, the damage done by malicious software has increased. Protecting your computers against malware is extremely important. Here is a short article explaining what malware is and how you can protect your computer.

First we should sort out what malware really is. A lot of different terms have been used for software that you should not use. The term computer virus has been around for a long time. Computer viruses are one type of malware. Malware is nowadays used as a term describing all kinds of software that you don’t know that have been installed on your computer and which execute harmful operations. The damage done can be limited to just being annoying but criminals have started to use malware in order to steal money as well.

Since malware is a term used for a lot of different kinds of software, it is difficult to protect computers to such a wide variety of attacks. The old computer viruses were relatively easy to stop, they were installed when the user executed an infected executable. Anti-virus programs are good at detecting viruses. But the success of Internet has opened new ways of attacking computers. Old computer viruses were often annoying but not very harmful. Viruses that did too much damage were easy to detect and did not survive for long. Today’s malware can be much more malicious and very difficult to get rid of.

Successful malware must be hard to detect, otherwise it will not get any chance to do its job. But first the malware needs to be installed on the computer. While it is popular to attack computers remotely and try to install malware without the owner being aware of what is happening, most malware is installed by tricking the computer user to install the malware himself. Email is one of the least sophisticated methods but it still works. That’s why most people get official looking emails with attachments supposed to contain important information. But instead the attachment includes malware that the attacker hopes that the user will execute.

A more sophisticated method is phishing. The attacker sets up a website that looks like an official website, such as an Internet banking site, and tries to divert real bank customers to his site instead of the real site. Often phishing emails are used, it is an official looking email with links pointing to the fake website. The victim enters his login details which are saved and then the user is generally told that the login was incorrect and diverted to the real website. Since passwords are typically not displayed on the screen, most people think that they made a typo and try again and this time they log on to the real site. Everything looks normal but the attacker has got the information he wanted.

The old viruses were simple to detect, once the virus creator had released the malicious code, he could not change it. All anti-virus programs needed to know was how the infected code looked like and they could detect it without any problems. But things have changed, nowadays malware creators have learnt to change their code slightly with every infection, known as polymorphism, so it is almost impossible for virus scanners to detect them.

Botnet is a term used for a group of computers that run malware that is controlled by one operator. The computers can be infected with relatively harmless software (for the user), for example used for email spamming or distributed denial of service attacks. But also dangerous software such as keyboard loggers could be installed.

So how can you protect yourself against malware? It is very easy to get infected but common sense, anti-virus software and a firewall will help you. Avoid connecting your computers directly to the Internet, use a basic NAT firewall. They don’t stop all attacks but at least your computers are safe against basic scans and attacks. A real time anti-virus scanner is a must nowadays. They are not fool-proof but they detect most viruses and limit the damage. But most important of all, be careful. Never download things from sites you don’t know. Never execute anything unless you are sure that it comes from a trusted source.

Botnets are a sophisticated malware which are used for financial gains. Here you can learn more about botnets.