Wednesday, March 31, 2010

Vista logon.scr error

Vista, as most of us know, will take a machine out of standby (light sleep), to install the "Tuesday updates". After it reboots, I see this:


Logon screen error are traditionally dangerous because they have been used to bypass the logon screen.

Monday, March 22, 2010

Data Breaches 2010

Below is a list of 171 data breaches identified by public records found by the ID Theft Resource Center for the first two and one half months of 2010. ITRC has a justice department grant to catalog all known data breaches from credible sources. ITRC is a donor sponsored, multi-venue, non-profit working to resolve identity theft.  If you are a public or private sector enterprise of any type - banking, financial services, insurance, University, medical provider, HMO, governmental department, law firm, hotelier, or non-profit - you will find analogs to your business in this list. I encourage you to read through this list if you have any network or data exposure and ask yourself: 

  • What information assets does my group have to lose? 
  • How could we lose them?

ITRC20100316-01 John Hancock Financial Services
ITRC20100315-02 TD Bank PA Yes
ITRC20100311-01 US Bank OH 
ITRC20100310-05 Securities and Exchange Commission
ITRC20100310-04 Assurity Financial Services US
ITRC20100309-10 Virgin Money USA Inc
ITRC20100309-01 Ally Bank US 
ITRC20100308-16 Wells Fargo - Law
ITRC20100308-14 Partnership Federal Credit Union
ITRC20100308-09 Telhio Credit Union OH
ITRC20100308-08 M&T Bank MD 
ITRC20100305-08 BlackRock US 
ITRC20100226-01 CitiGroup US
ITRC20100224-01 SunTrust Banks FL 
ITRC20100218-08 ING Fund US 
ITRC20100201-03 Ameriquest Mortgage MN 
ITRC20100126-07 Gregory Navone, First Interstate
ITRC20100114-02 Lincoln National Financial Securities
ITRC20100113-02 Suffolk County National Bank
ITRC20100104-01 Eastern Bank Corp MA
ITRC20100316-03 Beecher Carlson Holdings US
ITRC20100316-02 Beer & Wine Hobby
ITRC20100315-01 Littleton Pizza Hut franchisee
ITRC20100312-01 MonoPrice.com US 
ITRC20100310-08 Experian US
ITRC20100310-07 GroupM US 
ITRC20100310-06 Citco - Evanston Capital
ITRC20100310-03 Kraft Foods US 
ITRC20100310-01 Thrivent Financial PA None
ITRC20100309-15 AlixPartners LLP US 
ITRC20100309-14 T-Mobile MD
ITRC20100309-13 Hotels.com - vendor US
ITRC20100309-12 LitCon Group VA 
ITRC20100309-11 AT&T - unknown vendor
ITRC20100309-08 California Business Bureau Medical
ITRC20100309-07 Wolters Kluwer - CCH
ITRC20100309-06 Center for American Progress
ITRC20100309-05 Ameriprise Financial - vendor
ITRC20100309-03 Priceline.com US -
ITRC20100309-02 United Guaranty Residential Insurance
ITRC20100308-15 Coffee.org US 
ITRC20100308-13 LampSource US  
ITRC20100308-12 Ameriprise Financial US 
ITRC20100308-11 Bristol-Myers Squibb Company US
ITRC20100308-10 MoneyGram International US 
ITRC20100308-07 National Audubon Society AZ
ITRC20100308-06 Willard InterContinental Hotel DC
ITRC20100308-05 Ameriprise Financial Inc US
ITRC20100308-04 Cell Phone Kiosk -
ITRC20100308-03 Arrow Electronics NY
ITRC20100308-01 Los Angeles Westin Bonaventure
ITRC20100305-12 Uniformed Services Benefit Association
ITRC20100305-11 Nuance Communications US Yes
ITRC20100305-10 FCI USA LLC US
ITRC20100305-09 Genworth Financial, Life Insurance
ITRC20100305-07 Thermo Fisher Scientific Inc
ITRC20100305-05 Moses,Phillips, Young, Brannon and
ITRC20100305-04 Easybakeware.com US
ITRC20100305-02 Hancock Fabrics US 
ITRC20100304-03 Vernon Sales Promotion US
ITRC20100301-07 Feeney Agency PA 
ITRC20100301-06 McGraw-Hill Construction UT 
ITRC20100301-05 Erisa Pension Systems -
ITRC20100301-02 MSO of Puerto Rico
ITRC20100301-01 MSO of Puerto Rico
ITRC20100226-02 Wyndham Hotels US
ITRC20100225-01 Law Firms, Smyrna GA
ITRC20100224-02 Association for the Blind
ITRC20100223-24 Mid America Kidney Stone
ITRC20100223-17 Merkle Direct Marketing -
ITRC20100223-16 Health Services for Children
ITRC20100223-12 Public Employee Health Insurance
ITRC20100223-07 Private Practice, Wilmington NC
ITRC20100223-02 Educators Mutual Insurance Association
ITRC20100219-02 H&R Block IN Yes
ITRC20100218-09 Cullman Dairy Queen AL
ITRC20100218-07 Galeton, Gloves Inc US
ITRC20100218-06 Daedalus Books US
ITRC20100218-05 TGI Friday's - West
ITRC20100218-04 Eclipse Property Solutions FL
ITRC20100218-02 Small Dog Electronics US
ITRC20100212-03 Macy's - St Louis
ITRC20100212-01 Equifax US
ITRC20100209-13 Ozarks Area Community Action
ITRC20100209-11 St. Clair Winery &
ITRC20100209-10 Highmark US  -
ITRC20100209-06 Ceridian US 
ITRC20100209-03 AvMed Health Plans FL
ITRC20100202-03 Innotek US 
ITRC20100202-02 P.F. Chang's Bistro 
ITRC20100119-04 ExposeObama.com  
ITRC20100119-03 Time Customer Service 
ITRC20100119-02 Goodwill - Kent County
ITRC20100111-01 Metropark NY 
ITRC20100104-02 Moriarty & Primack MA
ITRC20100305-01 New Mexico State University
ITRC20100301-04 Bennett College NC 
ITRC20100219-01 Valdosta State University GA
ITRC20100218-01 Southern Illinois University IL
ITRC20100209-14 Kansas City Art Institute
ITRC20100209-04 University of Texas El
ITRC20100202-01 West Virginia University WV
ITRC20100201-04 Columbia University 
ITRC20100201-02 Humboldt State University CA
ITRC20100126-05 University of Missouri MO
ITRC20100114-03 Eugene School District OR
ITRC20100114-01 Western Michigan University MI
ITRC20100316-04 St. Louis Metropolitan Police
ITRC20100305-06 Anne Arundel County's Fire
ITRC20100304-01 SC Department of Health
ITRC20100301-03 Arkansas Guard, Camp Robinson
ITRC20100223-25 New York Department of
ITRC20100223-14 Alaska Department of Health
ITRC20100223-13 Brooke Army Medical Center
ITRC20100222-01 TennCare TN Yes -
ITRC20100218-03 West Memphis Police Department
ITRC20100209-09 Social Security Administration NY
ITRC20100209-08 Wyoming Department of Health
ITRC20100209-07 Ohio Department of Administrative
ITRC20100209-02 D.C. Office of Tax
ITRC20100209-01 CA Department of Health
ITRC20100201-01 Iowa Racing and Gaming
ITRC20100128-01 PricewaterhouseCoopers - Alaska state
ITRC20100127-01 US Department of Commerce
ITRC20100126-08 New York Department of
ITRC20100126-06 Minnesota Department of Labor
ITRC20100126-04 Seattle Municipal Court WA
ITRC20100126-02 Internal Revenue Service -
ITRC20100126-01 Columbus Health Department OH
ITRC20100119-01 City of Oakridge OR
ITRC20100107-01 Housing Authority of New
ITRC20100104-03 Transportation Security Administration (TSA)
ITRC20100311-07 BlueCross BlueShield of RI
ITRC20100311-06 Center for Neurosciences AZ
ITRC20100311-05 Advanced NeuroSpinal Care CA
ITRC20100311-04 Lucille Packard Children's Hospital
ITRC20100311-03 University of New Mexico
ITRC20100311-02 North Carolina Baptist Hospital
ITRC20100310-02 Quest Diagnostics - AmeriPath
ITRC20100309-16 Empi Recovery Services -
ITRC20100309-04 DaVita - Renal Treatment
ITRC20100308-02 University of Texas Southwestern
ITRC20100305-03 Wake Forest University Baptist
ITRC20100302-01 Diabetes Direct FL 
ITRC20100226-03 Shands HealthCare FL 
ITRC20100225-02 University of Washington Medical
ITRC20100223-23 Private Practice Torrance #5
ITRC20100223-22 Private Practice Torrance #4
ITRC20100223-21 Private Practice Torrance #3
ITRC20100223-20 Private Practice Torrance #2
ITRC20100223-19 Private Practice, Torrance #1
ITRC20100223-18 City of Hope National
ITRC20100223-15 Cogent Healthcare of Wisconsin,
ITRC20100223-11 BlueCross BlueShield - DC,
ITRC20100223-10 Children's Medical Center of
ITRC20100223-09 Concentra TX 
ITRC20100223-08 Advocate Health Care IL
ITRC20100223-06 Blue Island Radiology Consultants,
ITRC20100223-05 Private Practice, Stoughton MA
ITRC20100223-04 Cardiology Consultants FL Yes
ITRC20100223-01 Ashley and Gray DDS
ITRC20100222-02 Group Health WA 
ITRC20100212-02 University of Texas Medical
ITRC20100209-12 Greensburg Dental Practices PA
ITRC20100209-05 Abbott Medical Optics CA
ITRC20100128-02 University of California -
ITRC20100127-02 University Medical Clinic -
ITRC20100126-09 Methodist Hospital - Texas
ITRC20100126-03 Unknown Dentist TX 
ITRC20100113-01 Kaiser HMO CA 
ITRC20100105-01 Massachusetts Eye and Ear

Thursday, March 18, 2010

ipsumdump..

It is easy to be fond of professor Eddie Kohler's ipsumdump.  Take your monthly egress pcap file and filter it through something like this:
 
 for i in `ipsumdump -s --no-headers $1 | sort -n | uniq`
        do  echo $i, `./geoip.sh $i | awk '{print $1""$7""$8" "$9""$10""$11}'`
done
( where geoip.sh is geoiplookup -f /usr/local/share/GeoIP/GeoLiteCity.dat $1 )

and what you are quickly returned something like this:

10.10.10.2, GeoIPAddressnot found
12.129.147.95, GeoIPVA,Ashburn, 20147,39.033501,-77.483803,
12.130.131.98, GeoIPCA,San Bruno,94066,37.622799,
12.130.81.249, GeoIPNY,Brooklyn, N/A,40.652500,-73.955399,
12.149.161.248, GeoIPCA,Mountain View,94043,37.419201,
12.25.91.250, GeoIPCT,Stamford, N/A,41.083099,-73.538803,
12.25.93.2, GeoIPNY,Newburgh, 12550,41.537498,-74.051201,
24.123.206.230, GeoIPIN,Lawrenceburg, 47025,39.162300,-84.891098,
24.226.158.219, GeoIPQC,Richmond, N/A,45.666698,-72.150002,
24.43.25.8, GeoIPCA,Los Angeles,N/A,34.041599,
24.43.43.169, GeoIPCA,Los Angeles,N/A,34.041599,
38.103.25.181, GeoIPVA,Alexandria, N/A,38.790901,-77.094704,
38.106.23.79, GeoIPN/A,N/A, N/A,38.000000,-97.000000,
41.208.20.155, GeoIP06,Alberton, N/A,-26.233299,28.133301,
58.19.117.118, GeoIP12,Wuhan, N/A,30.583300,114.266701,
58.215.75.62, GeoIP22,Beijing, N/A,39.928902,116.388298,
59.181.103.140, GeoIP16,Bombay, N/A,18.975000,72.825798,
59.36.98.195, GeoIP30,Dongguan, N/A,23.048901,113.744598,
59.51.114.39, GeoIP11,Changsha, N/A,28.179199,113.113602,
...

Tuesday, March 16, 2010

How the FEDS use social networking...

What type of security risk is social networking? A document obtained by the EFF and posted on Wired's Threat Level blog details how FBI and Secret Service are using social networking sites to obtain information. Here's a sample from the document:
 
"Overview of Key Social Networking Sites
GETTING INFO FROM FACEBOOK
 Data is organized by user ID or group ID
 Standard data productions (per LE guide):
Neoprint, Photoprint, User Contact Info, Group Contanct Info, IP Logs
 HOWEVER, Facebook has other data available.
 Often cooperative with emergency requests."

So glad to hear that FEDS are getting co-operation from Facebook. Think for a moment what this other data might be: your chats? your friend searches? your browsing? I have to wonder what Facebook "IP Logs" look like....