VOIP SERVICE and PORT 23

Over the last couple of months I have been noticing a lot of reports in my job that shows customers who are using a VOIP service are being seen as having port 23 open.

While I do not find any reports that show that there are any current issues with that port being used to conduct a DOS (denial of service) or any other major issue, it is still using a service that was blacklisted in the 1990s. This blacklisting took place because of the relaying of data that was unencrypted. This means that if someone wanted to obtain a username and password it would not be too hard to do so. In my professional opinion any software or equipment that opens up port 23 is a liability.

While on the phone today with LINGO, one of the providers of the VOIP service, I am seeing as vulnerability on port 23. They informed me that they recognized the issue and have started using a new device to eliminate the port being opened. The new device is the Linksys SP2102 model.

Any Lingo customers that were installed prior to June 2009 that do not have the Linksys SP2102 should contact their customer service and make arrangements to have the new model shipped to them.

While I am on the subject, Security, I would recommend anyone who is using any equipment behind a DSL or CABLE modem do a scan of their network to ensure they are not subject to any vulnerability. Ports that are opened up that would be a major concern would be FTP, SSH, TELNET, NNTP, SMTP, POP3. Any ports that are open should be questioned. You can find information by contacting your service provider or by researching with Google (www.google.com.)

To run a scan of your network you can download software called NMAP. They have a windows version and it is free. Refer to the help files to figure out how to conduct the scan. (http://nmap.org/download.html)

Following is the response that I have received from LINGO TECH SUPPORT via emails

“Thank you for contacting Lingo Technical Support.

We have reviewed your mail and from the information provided we understand that you want to know few technical information about lingo service.
Since we are sending Linksys device for the new customers. By default port 23 is permanently blocked in that device. We don’t have any access to telnet your device using port 23.Lingo service is a voip service so it uses the voip ports in the range of 1024-1030, 5060-5065, 10,000-20,000 UDP ports.
Please contact Technical support for additional assistance at 1-888-Lingo99 (546-4699) option-2 and we will be glad to assist you.

We look forward to helping you with any servicing needs in the future.

Sincerely,
Lingo Technical Support”

I am happy to see that LINGO recognized this issue and has worked to protect their customers.

HERE WE GO AGAIN Microsoft vulnerability

Microsoft tells the world of another security hole. Today I have been reading that if you use Internet Explorer and run Windows XP or Windows Server 2003. That visiting a hacked website could give a hacker control of your computer.

This is yet another of the vulnerabilities windows has to deal with. It seems to never end.

While I do not want to be like Chicken Little and say the sky is falling. I do want to get the word out that if you are running windows you will need to be sure to patch your operating system.

This will be a good time as well to discuss the need for all computer users to make sure they are running security software on their computers. Security software should include an antivirus, firewall and some kind of malware / spybot scanning tool.

This is also a good time to point out that you should not click on links that you get in a spam email. This is important to remember as the common link with this new vulnerability is the links in spam that people are clicking. This click is most likely going to take you to the infected sites that are giving a hacker control of your computer.

Windows users please see Microsoft for the patches needed to protect your computer.

http://www.msnbc.msn.com/id/31766751/ns/technology_and_science-security/

Web crooks recuiting helped by Economy

We all know that the economy of the world is not in a healthy state right now. To many, myself included, it is believed that this is going to spur an increase in the amount of get rich email scams. With people losing their life savings, or with the interest rate being dropped to subzero ranges. Many internet users will be willing to take more of a chance and open up their home and most likly their “bank account”

Do not fall prey to these ploys. If indeed you have lost your money in the stock game, or you have your thousands of dollars in a saving account that is not paying any interest. You will not make any money on these ploys. In fact you will, potentially lost what ever money you have left in your account.

McAfee’s annual “Virtual Criminology Report” says that 873 money mule recruitment Web pages were detected in Britain in the first half of 2008, This was reported to be a 33 percent increase over the first half of 2007.  That data was compiled by APACS, the United Kingdom’s payment-industry trade group.

McAfee is not the only one warning of this rise in trends. Panda Security, a Spanish software vendor, found that  job-related messages hit a new record of 0.31 percent of all spam in October 2008. This is nearly a tripleing the August 2008 numbers. It was also reported that recruiting money mules had rose 1.8 present in October. The rate in August 2008 was 0.5 percent.

As we go forward we will likely see these numbers increase.

Long Forgotten Servers, are they secure

I was recently reading an article that indicated that there is an increase in the amount of brute force attacks against SSH.

I see a lot of computers on my network that are using SSH. I am of the opinion that if you are not a network administrator you probably should not be running any servers. What happens is “dynamic customer A” installs an SSH server on his computer and somewhere down the road forgets about it. Now, several patches have been released and months have passed. It now becomes a vulnerability to customer “A” and to the ISP that is providing the service. Along comes a naughty character who scans the network at 1 AM. Finds Customer “A” is running the long forgotten SSH server and “Brute forces” his way into the computer. Once in, he can access all the logs, set up mail servers and at the least reak havick to the client. A few days later Customer “A” is shut down by their ISP for millions of emails that have been generated from their network. Once briefed, the customer can be reinstated. and in most cases has no idea what allowed the spam to be sent through their network.

Long story short, if you are going to be playing with servers on your computer/network. Be leary about letting them be seen outside of your network.

REASONS to SECURE YOUR PC’s

I think it is safe to say that almost everyone in America has computers in their homes. Most schools assign homework to be done on computers. So most everyone has to have it and to top it off they have to have internet access. That demand for internet access also makes a lot of computer potential victims. According to an article from MSNBC, Organized crime is being drawn to cyber crimes like identity theft. It is then important to get the word out that each person using a computer needs to take the time to make sure that their computers are secure.

Security steps should include Firewall, Antivirus, Trojan or spy ware scanners. It is also important to keep your software patched. Usually these are put out by the software developer.

Also, in the article from MSNBC, it talks about the possibility of other countries spying on the UNITED STATES and potentially of taking the internet down. These countries were not named. However, when Russia invaded Georgia, Georgia accused Russia of performing a cyber attack at the same time they invaded the country. There are many opinions on this. However, I feel that in this day and age. An invading country is going to have the ability to take down the network of a nation and bring their government to a halt.

The lesson to learn here is that security on the internet starts with us. Each user and each computer that is connected to our network needs to be secure. Take the steps mentioned and do your part to protect our great nation.

http://www.msnbc.msn.com/id/27216425/

 

New Fake YouTube -Speading virus

be aware of the new attacks. This is not a flaw with YouTube. It is just the use of some programs that allow the attackers to be able to set up sites exacly like the one they are hacking into.

http://www.msnbc.msn.com/id/27090461/

ISP’s have POWER

ISP’s have a ToS and AuP. Most of them have teams that monitor and investigate reports. Each ISP, has a procedure that they follow, Basically, this procedure will result in the temporary suspension of the customer involved.

In an article I came across, darknet.org.uk I read where the backbone of an ISP out of California took the ISP offline. The article goes on to state that the customer was brought  back on-line when it agreed to sever connections with malware/spyware affected customers (most of which are in the UK). This is estimated, according to darknet, to be 25% to 50% of there business. This is a bold move by the backbone of this provider. However, it is a needed move. If more of the major backbones actually had a “backbone” and took action like this for reports that they receive perhaps we could see a decline in this kind of illegal activity. It is also my opinion that, taking action like this will require the ISP to be aware of what they are allowing on their service. It would also mean that they will be quicker to enforce the ToS/AuP down to the residential customers.

No ISP wants to take their customers offline and face the possible lose of a residential customer. It is, however, a better alternative to the Backbone taking the whole ISP offline. 100% of their customers being taken off line is a major threat to the loss of customer then taking maybe 1 to 2 % of the customers that are residential offline and facing the potential of losing them.

It goes with out saying that if everyone reports their phishing email and their spam email or firewall logs to the ISP that is providing service. A lot can be done to eliminate the activity on line. I think that most of us do not really want to take the time needed to look up (whois) the IP and then email a copy of the email along with the headers to the ISP. But unless we do this, and quit thinking that the other people are going to send them in, we will not see this kind of activity being halted. In the example that I mentioned about the ISP being taken offline. I guarantee that the reports were being sent to the ISP and to the Backbone. We have all heard of the term “A squeaky wheel get the oil” This is usually the case with ISP’s The ones that are getting a lot of reports, get the attention. It is imperative for us to make sure that we take the time to report the activity.

I recommend any one who has questions on how to report the spam or hacking attempts contact their ISP. In most cases the ISP (internet provider) is going to be willing to direct you on how to obtain headers or how to report the information that is needed. You can also do a search on the internet for the term that you are looking for. Someone will have written instruction on how to report it.

From Banking to Careerbuilder malware

It looks like the authors of the malware is turning it attention to Careerbuilder. Please be aware of this and use caution with your surfing habits.

http://asert.arbornetworks.com/2008/09/busy-friday-careerbuilder-iran-and-burma/

Free email accounts- how safe are they?

A couple weeks ago I had come across an article written but a blogger that shared how to hack into free webbased email accounts like Yahoo. He spelled out exactly how to do that in his article. From what I am hear on the Fox news network. This is how the yahoo account of Ms Palin was broke into.

In my opinion, this is a major problem for people in the spot light that are using these free email accounts. All a web sleuth has to do is pay attention to details and bingo they tell you where they grew up, where they meet the significant other or where they were born. All of these details are just what these free site use for security questions. There needs to be a revamping of these questions and how they are being used to reset passwords. If we are going to continue to use these features. I think that due to the need of these free sites like Yahoo wanting to sell advertisement for revenue, we will soon see this revamping.

For more on the article mentioned in my blog please see http://redtape.msnbc.com/2008/08/almost-everyone.html#posts

I would not advise trying this on a politition as the FBI might be knocking on your door tomorrow.

Did you know that Spam yields rewards – you maybe at fault

I was reading that 30 percent of the internet users are responcible for spam being a booming business. I thought that this number was a bit high. However, the spammers are making money. The researchers, state that the greatest purchases are male enhancement, software and adult material. Please read the link for further information.