Tuesday, March 3, 2009

More Bad Security Practice

It's been a tough week for information security professionals. Conversely, it's been two thumbs-up if you're part of the clueless moron club.

First comes word that highly sensitive information and documents relating to the presidential helicopter, Marine One, showed up at an IP address in Iran after they were allegedly downloaded from a defense department contractor's computer via a peer-to-peer software network, like Kazaa or Limewire.

This sort of inexcusable security breach is far too common and calls into question several key points:
  • Why did the contractor have a P2P software client loaded on a machine that obviously contained sensitive data?
  • Did the defense department not require, or the vendor not enforce, rules around authorized software and traffic inspection?
  • If mandated, how did software inventory scanning either fail to detect the presence of the P2P application or was there a process breakdown that led to lack of follow up?
  • Why is such highly sensitive material not sandboxed in some manner to prevent common exposure to public and non-secure network traffic?
Word also comes that our old friend, the Conficker worm, is up to no good, targeting the site of Southwest Airlines. There is concern that this could negatively impact such activities as online check-in, ticket purchase, and so on.

How would that work? Well, SophosLabs Canada investigated and discovered millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. If executed, the subsequent spike in web traffic could overwhelm the firewalls and servers at Southwest.com, leading to a very effective denial-of-service condition.

Other sites that have been targeted, and associated dates, are music site jogli.com on March 8, Chinese women's network qhflh.com on March 18, and computer phonetics site praat.org on March 31, according to SophosLabs.

So, for all you jack-holes out there that don't keep your computers patched and your antivirus up to date, who click on links without knowning what they are, and who install P2P software on your machines improperly or without authorization, this Bud's for you. A lot of system administrators and security professionals can breath easily in this tough job market because your repeated ignorance, coupled with insecure software offerings from vendors, gives us all plenty of work to do. Salute!

No comments:

Post a Comment

Please tell me what you think.