Tuesday, November 23, 2010

Firefox Saves the Day

I just got to see a new feature in Firefox 3 at work, and it's pretty cool.

I had an email in my GMail spam folder that looked like this:

Looks pretty legit, right? The link text appears OK. However, the actual link looks something like (part of the URL intentionally deleted):


So obviously it's at best a personal information phishing site. Well, I decided to see where that would take me, so I clicked on it. However, Firefox saved me from myself:

Clicking on the "Why was this page blocked?" button shows this:

I tried this in Internet Explorer and I'm happy (and a bit surprised) to report that it gave a similar "you really don't want to go there" message.

However, even though our browsers sometimes try to protect us from ourselves, links in emails should never be clicked on. If you get a message from your bank that wants you to log in for whatever reason, go to your browser and type in the URL that you know to be the correct one for your bank (if you don't have it bookmarked) rather than click on anything in an email.

Friday, November 19, 2010

Stuxnet Worm - still in the news

I have posted three times about the Microsoft Windows "Shortcut (LNK)" vulnerability since July. A lot has transpired since then; it's been found to be one of six security issues in Windows that are leveraged by the Stuxnet worm (some of which were previously unknown in the security community).

Stuxnet is in the press right now as being one of the most serious security threats ever unleashed, and is said to be a sort of "new animal" in cyber-warfare. I'll provide some links for further reading below, but the apparent intent and sophisticated behavior of Stuxnet is so, well, awesome (in a bad way) that I do want to summarize what's been learned:
  • Its targeted behavior is very specific - although it propagates via Windows (using USB memory sticks and/or network connections), its ultimate target is a particular brand of industrial controller computer made by Siemens, that are network-connected to those Windows systems
  • Not only is it Seimens "SCADA"-system specific, but its end target are "variable-frequency drives" made by two specific companies, that regulate the speed and operation of electric motors
  • Only motors that are programmed to run within a specific speed band are targeted
  • The speed band corresponds to speeds used by uranium refinement centrifuges
  • The end result is that Stuxnet causes those motors to periodically overspeed and underspeed

It's still not known who wrote Stuxnet, but there is universal agreement that its sophistication and complexity are unprecedented, and unfortunately is probably the first shot fired in a new level of cyber-warfare.

As promised, here are some links if you want to dig deeper:

I promise we have not heard the end of this "worm".

"Shall we play a game?"