Oct 16, 2007

Man-in-the-Middle (MITM) Exploits; what they are and how to STOP them

Most of us defend our PCs, websites and servers with an increasing variety of “anti” tools; however it is equally important to understand how or where an assault comes from. So when personally considering your own PC or Internet security this takes a proactive offensive view “I can do something to STOP…” rather than a passive “hiding in the bunker ” defensive position. The best form of defense is offence?

The main route for many web site hacks, defacement, and denial of service (DDoS) attacks is Man-in-the-Middle (MITM) exploits. It is a very easy concept to understand for all of us; consider an unknown person is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. It has a very techie background for those who want to know more – check out Wikipedia for the background or definitions. Here I will solely deal with a pragmatic approach of what you can do to STOP any MTIM.

Firstly a healthy element of paranoia helps, consider from the PC you are reading this article with, what possible connections are there? Home or office network, local ISP, regional backbone routers, international re-routers, DNS servers, server farms, ad networks, web site host, and finally the web site, MITM could be lurking inside anyone of these connections, points or nodes, and as we know so well at StopBadware, within a script on a web site. Worried? Don’t be; just assume the MITM is there, you have the all the solutions at hand and mostly free. The answer is in the technical background “cryptography”, i.e. encryption, passwords, Chmod (website file permissions), and CAPTCHA (establishing the user is a human). Action checklist for all:

Email: use a digital ID or certificate (low cost), PGP encryption (pretty good privacy – free), and as a surprise for sensitive email I now use and recommend Gmail with HTTPS, less connections! All this STOPS any MITM from being able to read your emails.

Web Surfing: Only access online shops or other personal ID sensitive areas where there is HTTPS (SLL), look at the web address, use secure and change your passwords regularly. If you really want to be in control use Firefox with added extras e.g. No-Script (STOPS any script, unless you say OK), Key Scrambler (encrypts any login or password entry STOPS keyloggers), set your privacy options to accept any cookie (STOPS unwanted and bad cookies from being stored on your PC), even consider using PHproxy (this STOPS a web site from even gaining your real IP address).

Webmasters: Only use FTPS to transfer files between your web site and the PC (this STOPS any MITM from intercepting data), use Chmod to restrict access to files, encrypt file directories where you can, apply different passwords to access cPanel, phpMyAdmin, use CAPTCHA for user logins and apply SSL for user data areas (these actions STOP any MTIM from gaining access to your files.

Blocking: Probably the best offensive action you can take, think of it like this “your PC is your home your website is your shop, club, bar, you have the total right to bar entrance to hooligans or thieves”. It is much easier to refuse entrance than to try and throw the unwanted visitor out. For example use OpenDNS on your router it is free, automatically STOPS phishing sites and many other blocking options. Use banning lists on cPanel, ban spammers on your forum, or ask your host for help.

Finally refuse to be a victim and hide in the bunker, STOP the MTIM you actually have all the tools at hand. But…. what if a MITM is already hiding inside before you go on the offensive? Check and clean your PC of any BadWare; for the webmaster does your webhost also host any bad guys? Easy to determine, check the latest block lists on the web.

Oct 1, 2007

Cost of Cyber crime = $105 billion?

A great deal of press concerning the CEO of McAfee statement, DeWalt said, "...... that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide." In a follow up comment in McAfee's blog Lies, Damn Lies and Statistics trying to stress the input came from Reuters and here for CNN, based upon the Government Accountability Office recognized this in its June 2007 report.

However, DeWalt was right from the perspective ".....clearly, placing a value on the size of the cybercrime economy is a real challenge."

As an example the recent VeriSign / iDefense analysis on the Russian Business Network (RBN) showed - see: The Economist article - just for one venture, Rock Phish, they netted $150 million in one year. As an example the RBN’s network, its affiliates, “free-hosting” sites, and associated businesses, the overall dollar value is much more substantial.

However, the RBN is one of the most obvious for quantification. If one was to include malware, spyware, spam, and general BadWare, which most end users who have been victims would definitely call - cyber-crime -. Therefore the $105 billion quoted is an underestimate?