tekniaxp.com

December 19, 2005

Think you’ve had security problems? You ain’t heard nothing yet. We asked the pros to tell us some of the worst disasters they’ve faced.

Here’s what they told us.

By Matthew Friedman
Networking Pipeline

If there’s a law of network security, it is that disasters happen. However, some disasters are worse than others, both because of the causes and the consequences of the error. When the Canadian Air Miles loyalty card exposed subscribers’ personal information on an unprotected website directory in 1999, the situation was a horror story both because the privacy of 50,000 consumers was compromised, but also because it was such a stupid error.

“Dumb mistakes are so common, but the problem is that you don’t have to be dumb to make a mistake,” says Justin Peltier, senior security consultant at Peltier Associates in Detroit. “Once system complexity gets to a certainly level, mistakes are virtually inevitable, and it’s the mistake and not the hacker that’s going to get you. Even then, defenders have to be right all the time, while attackers only have to be right once.”

Although organizations that handle sensitive data — which is to say, virtually all organizations — have become more security savvy in the last few years, the cost of network carelessness continues to be substantial. Unfortunately, the kind of perfection that Peltier refers to is probably impossible. Accidents happen, and doors are left open despite the best intentions of even the most security-aware companies.

The biggest security horror story in recent memory was last spring’s CardSystems breach that exposed the credit card and bank account information of 40 million consumers. The company dotted all of its information “i’s” and crossed all of its technological “t’s” but a hacker was still able to get at them. CardSystems “had passed all their audits, so they thought they were okay,” says Peter Stapleton, director of Computer Associates eTrust Security Management. “The problem was that the audit was very network oriented; it wasn’t an audit of the process vulnerabilities.”

CardSystems had to make the effort because of the sensitive nature of its data, but companies that don’t deal with millions of credit card numbers can often forget that even their data are sensitive. Together with a lack of technological savvy, that can be a recipe for disaster. Peltier recalls installing a firewall at a Midwestern industrial equipment manufacturer and supplier in 2001. The company was still paper-based at the time, so none of its critical systems were then online.

Three years later, the company had networked virtually all of its processes. Unfortunately, it had left those processes swinging in the digital wind. “The old network administrator had left at that point, and he hadn’t given the passwords for the firewall to the new administrator,” he says. “As a result, then couldn’t configure the firewall, but because they were networking more processes, they just decided to put everything out on the raw Internet.”
While the company’s vulnerability is particularly horrific because it showed a blatant ignorance of the basic principle of network security, some problems are ghosts in the machine. Some are mundane, like the apocryphal web-based company benefits system that is secured by secure sockets layer (SSL), but allows users to click the browser “back” button to see what had been entered in previous forms.

While that kind of bad code can have catastrophic consequences to the bottom line, Peltier notes that, in this age of “networked everything,” ill-considered products and network configurations can lead to profoundly disturbing situations. One of the scariest situations he has confronted, involving a petrochemical company’s catalytic equipment, could have been a disaster of truly horrific proportions.

The catalyst featured a network link to the manufacturer to permit periodic monitoring and maintenance. While this was certainly a boon to the company – which could count on an extended warranty and periodic upkeep — the network connection itself was a potential problem that, fortunately, never materialized. “The manufacturer would come in over the network over an unauthenticated telnet system,” Peltier recalls. “That’s wide open, and you’re not just dealing with a security issue if someone decides to change the equipment’s operating temperature. This could have been a bomb!”

Ultimately, the bottom line is that, when dealing with their networks, organizations have to know everything. The testing of new systems and equipment is key, but so too is the attitude toward knowledge. Peltier says that the truly knowledgeable network administrator is the person who keeps asking questions. “The moral is that, if you don’t know, ask,” he says. “And if you don’t know what questions to ask, ask someone who does. No one has all the answers, and there’s nothing worse than fake knowledge. Ignorance about your systems will jump up and bite you.”

See tekniaXP News for more articles on how we are losing our legitimate digital rights.
Mom Fights Downloading Suit on Her Own - Yahoo! News
Mom Fights Downloading Suit on Her Own

By JIM FITZGERALD, Associated Press Writer Mon Dec 26, 3:26 AM ET

WHITE PLAINS, New York - It was Easter Sunday, and Patricia Santangelo was in church with her kids when she says the music recording industry peeked into her computer and decided to take her to court.
ADVERTISEMENT

Santangelo says she has never downloaded a single song on her computer, but the industry didn’t see it that way. The woman from Wappingers Falls, about 80 miles north of New York City, is among the more than 16,000 people who have been sued for allegedly pirating music through file-sharing computer networks.

“I assumed that when I explained to them who I was and that I wasn’t a computer downloader, it would just go away,” she said in an interview. “I didn’t really understand what it all meant. But they just kept insisting on a financial settlement.

unreal teknia - Game News
Video20Game20Sheds20NFL20License2C20Gets20Violent20-20Yahoo20News
By20NATHANIEL20HERNANDEZ2C20Associated20Press20Writer20Sun20Dec20252C2033A1220PM20ET0D0A0D0ACHICAGO20-20In20a20gritty20new20video20game20about20a20fictional20football20league2C20players20cripple20their20opponents2C20gamble20and20use20performance-enhancing20supplements.0D0AADVERTISEMENT0D0A0D0A22Blitz3A20The20League2220is20able20to20feature20the20graphic20violence20and20adult20themes20not20usually20seen20in20sports20video20games20because20it20was20produced20without20an20NFL20license20and20the20restrictions20that20carries.0D0A0D0ADeveloped20by20Chicagos20Midway20Games2C2022Blitz2220is20the20first20unlicensed20football20title20to20hit20store20shelves20since20the20NFL20reach20an20exclusive20agreement20a20year20ago20with20Electronic20Arts20Inc.2C20makers20of20the20popular2022Madden20NFL2220franchise.2022Madden20NFL2220and20the20companys20edgier2022NFL20Street2220series20are20both20rated20E20for20everyone.

Yahoo News - By NATHANIEL HERNANDEZ, Associated Press Writer Sun Dec 25, 3:12 PM ET

CHICAGO - In a gritty new video game about a fictional football league, players cripple their opponents, gamble and use performance-enhancing supplements.
ADVERTISEMENT

“Blitz: The League” is able to feature the graphic violence and adult themes not usually seen in sports video games because it was produced without an NFL license and the restrictions that carries.

Developed by Chicago’s Midway Games, “Blitz” is the first unlicensed football title to hit store shelves since the NFL reach an exclusive agreement a year ago with Electronic Arts Inc., makers of the popular “Madden NFL” franchise. “Madden NFL” and the company’s edgier “NFL Street” series are both rated E for everyone.

» Spyware Confidential | ZDNet.com

Posted by Suzi Turner @ 10:34 pm

This story just keeps on giving and giving. Spyware expert Ben Edelman has some thoughts on how Sony could clean up its mess. Ben includes illustrations of how Sony could notify customers with DRM protected (infected) CDs and demonstrates with screenshots and packet logs.

ZDNet blogger David Berlind has an update including a note about several artists who are outraged with Sony and worried about fans’ reactions. David also has links back to 2001 about copy-protected CDs and how history repeats itself. A reader posted a link to this Yahoo! news story about how Sony may have contributed to the demise of DRM.

Repair XP
Repair XP

Following are my experiences with repairing XP. I will not assume any responsibility for problems that may occur to your system from using any of these suggestions. It is always prudent to backup important data before you make any changes to your operating system.

Windows Update Site Problems - Jupiter Jones MS MVP
How To Uninstall SP2 Using the Recovery Console - S Raj Kumar Rathi (scroll to August 17, 2004)
How To Use The Automatic Recovery Feature to Recover From a Bad SP2 Install - Microsoft
How To Remove SP2 using a Repair Install
How To Access Safe Mode
How To Access Last Known Good Config
How To Backup, Edit and Restore the Registry - Microsoft
How To Create a Boot Disk to Start Windows XP
How To Create a Slipstreamed version of XP
Cannot Start Windows XP if the System or Software Hive Is Missing or Damaged - From Kelly Theriot
Password Problems and Windows XP - From Kelly Theriot
How To Fix The Cryptographic Service Error - Fix for “Error:Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer”
System Cannot Access CD-Rom, CD-Recorder or DVD Devices
Error Messages After Removing Easy CD Creator from XP
Introduction to using System File Checker - SFC /SCANNOW
SFC (System File Checker) has a problem running - SFC /SCANNOW keeps asking for the XP CD
How to log on to Windows XP if you forget your password
How To Take Ownership of a File or Folder
How To Access Recovery Console
Recovery Console in Windows XP - From Kelly Theriot. This is a must read
How To Backup, Edit and Restore the Registry in XP - Microsoft Knowledgebase Article.
How To Create a Set of Emergency Floppies - If your computer can not boot from a CD-Rom create a 6 floppy disk set that corresponds to your version of Windows XP. Click here for Home Edition Click here for Pro Edition
How To Repair Boot sector
How To Format
How To Partition
How To Exit the Recovery Console
How To Run a Repair Install
How To Uncover Windows XP Product Key
How To Change The Product ID
A better boot diskette for WinNT/2000/XP
Has XP Been Activated?
NTFS Reader for DOS (freeware) - lets you access an NTFS partition from a floppy and copy files off it
Known Issues with Windows XP Service Pack 1
AIDA32 - AIDA32 is a professional system information, diagnostics and benchmarking program running on Win32 platforms. It extracts details of all components of the PC. You can even uncover your Windows XP and Office 2000/XP Product Keys with this freeware app. READ the FAQ!!!
Tweaks&Fixes - From Kelly’s Korner this is a fantastic set of registry hacks and fixes.
NTBackup Is Missing From My OEM version of XP (download)- Some OEMs don’t include NTBackup - Bob Cerelli has it at his site in his Windows XP Tips section
Knoppix - Ok this might appear to be blasphemy on a site dedicated to Windows but if your system is really hosed and you are desperate to get data off the drive then give Knoppix a go. The download is a whopping 700MB but you get an ISO that, when burned to CD, creates a version of Linux that runs directly off the CD and doesn’t require installation to your Hard Drive. With this CD Operating System you can access your NTFS or FAT partitions and with it’s built in CD Burning software copy your important data off the drive . Or if you have a network you can transfer files to another system. This is a must have!

How to access Safe Mode:
Reboot your computer while holding down the F8 Key. At the Advanced Options Menu select the option for Safe Mode and press Enter.

How to access Last Known Good Configuration:
Reboot your computer while holding down the F8 Key. At the Advanced Options Menu select Last Known Good Configuration.

a web development company located in metro denver, colorado, usa
targeting small businesses snagged in the technology maze,
we offer common sense web solutions,
maximize limited business resources,
enable communication success,
enhance marketing efforts,
conquer technical issues,

tekniaXP
blogteknia.us
tekniaXP Development

To include your dug items on your own page, just insert the following into your html:

The html written to your page will be organized as follows:
(you can use CSS with the class names to customize the display)

apple
deals
design
gaming
hardware
links
linux/unix
mods
movies
music
robots
science
security
software
technology
digmandigg here!

top users
top stories
digg news
report a bug

kevin rose dot com
Best Deal Sites On The Web

Here is my list:

http://www.gotapex.com/
http://slickdeals.net/
http://bensbargains.net/
http://cheap.typepad.com/
http://skimper.com/

If I’m missing one, post it in the comments.

tekniaXP

a web development company located in metro denver, colorado, usa
targeting businesses snagged in the technology maze
we offer common sense web solutions
maximize limited business resources
enable communication success
enhance marketing efforts
conquer technical issues
knowledge management
eCommerce