By December 31, 2010 and on a going forward basis, all level 1 and 2 merchants must validate PCI DSS compliance via an annual onsite assessment conducted by a PCI Security Standards Council (PCI SSC) certified Qualified Security Assessor (QSA).  Level 1 merchants who previously conducted onsite assessments using internal resources will no longer be permitted to do so.  Level 2 merchants who were previously permitted to validate via a Self Assessment Questionnaire (SAQ) must now also begin validating with an onsite assessment by a QSA.  All level 1 and 2 merchants must submit a fully compliant Report on Compliance (ROC) from their QSA by December 31, 2010.

While this is surely a boon to the Network Security consulting industry, its a move that is going to cost alot of companies a great deal of money. Previously, Level 2 merchants were only required to submit to a quarterly external network scan and a yearly self-assessment questionnaire.  Now, they, like Level 1 merchants, must have a yearly onsite assessment performed.  For many companies, depending on the size, this are going to be in depth audits that may force them to change man of the ways they do business.

PCI-DSS, unfortunately, is a useless standard. Companies should perform best practices, and if they don’t, they should pay for it.  The fact that they have to be beaten into submission through scans, audits, and fines is silly. All of the recent major breaches of credit card data were all from PCI certified companies. So what does that tell us?

Here’s a great article about some of the problems with the PCI standard:

http://securitybuddha.com/2007/03/23/the-problems-with-the-pci-data-security-standard-part-1/

Accepting an untrusted Exchange server certificate results in storing an exception on a per-hostname basis. On the next visit to an Exchange server contained in the exception list, its certificate is accepted with no prompt and validation. This may lead to the disclosure of credentials or application data. This update addresses the issue through improved handling of untrusted certificate exceptions.

and this interesting one:

A logic issue in the handling of ICMP echo request packets may cause an assertion to be triggered. By sending a maliciously crafted ICMP echo request packet, a remote attacker may be able to cause an unexpected device reset.

So, in case you’re waiting for some reason to update, go ahead and take the plunge and do it. Its my belief, that as users become more mobile and start keeping more of their private information on these devices, the attempts at hacking mobile devices will become more common.

Here’s a link to more info straight from Apple regarding these fixes:

http://support.apple.com/kb/HT3639

Let’s be safe out there…

DNS (Domain Name System)  – is a method by which the URL’s you type into your browser are translated into the actual Internet IP-addresses fo the appropriate servers. Its by using these unique addresses that information gets routed properly around the Internet. A common comparison is your postal address: You can think of the URL’s as your NAME and the IP address as your street and house number.  Your mail won’t reach you without the address. So for every Domain name out there, a unique Ip address exists. When you make a request in your web browser for a particular website, it queries its DNS provider for the correct IP address and then takes you there. By default you’re probably using your ISP’s DNS servers to provide this functionality for you.

You can create a free account and then set your router or home your home PC’s individually to use OpenDNS’ servers instead of your ISPs. OpenDNS categorizes domain names and URL’s into all kinds of useful collections which you can then choose to allow or deny access to from your network.  OpenDNS grabs your DNS “queries” and, for categories which you’ve chosen to block , it inserts its OWN ip addresses in the return, rather than the actual destination. For example, you can choose to block adult content.  When you type in “www.playboy.com” in your browser, your computer queries OpenDNS for the correct IP address. OpenDNS, sees that you’ve chosen to block this site, and instead of returning  216.163.137.3 (the acutal playboy.com address), it returns with an address owned by OpenDNS. So when your browser goes to this new address, you’re greeted with a nice blocked message that looks something like this:

By intercepting these addresses, OpenDNS has the ability to block all sorts of malicious or unwanted content, and notify you if it detects you trying to access it.  For instance, they can currently detect if you’re infected with the conficker worm.

They also offer all kinds of great statistics about your network’s usage. You can customize the block messages and looks as well.  For the price, OpenDNS can’t be beat.

There are instructions on the OpenDNS website for configuring both home routers and individual computers. For more info click here.

According to Trend Micro’s summary:

Two things can be summed up from the events that transpired:

1. As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing!
2. Conficker-Waledac connection? Possible, but we still have to dig deeper into this…

Here’s a link to more information from Trend Micro

Here’s a link to the conficker “eye test” – it’ll let you know if your machine is infected or not.

http://www.talkbiz.com/confickertest/

From Microsoft: Conficker infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Once your computer is infected, it is now “owned” by the Conficker worm and its creators. It becomes one of millions of infected PC’s making up a massive “army” of infected machines that could possibly be used to implement the author’s bidding at any time.  Here’s the scary part- all these infected machines ( or “bots”) are currently programmed to “check in” with their master on April 1st to get new instructions. No one knows exactly what will happen on that day.

Pundits have speculated a variety of different malicious deeds this massive bot army could undertake on 4/1. One possibility is that the author’s will grab sensitive personal data off all these machines. Another thought is that they will launch massive denial of service attacks on major websites.  Still others believe that this bot army will be sold off for the purposes of sending out Spam worldwide.  No one, except the authors knows for sure.

Regardless, make sure your machines have AntiVirus software, and that its up-to-date. If you’ve just recently installed AntiVirus, make sure you do a full system scan. Make sure Automatic Updates are turned on.

The Honeynet project just released a new python script you can run to scan your network for infected machines. Here’s a link to it:

http://honeynet.org/node/388

For more info about this worm you can check out any of the following links:

http://en.wikipedia.org/wiki/Conficker

http://vil.nai.com/vil/content/v_153464.htm

This one’s REAL technical but a great read if you have the time:

http://mtc.sri.com/Conficker/addendumC/

Let’s be careful out there….

In theory, you should be able to simply set up Internet Sharing on your Windows Mobile device with Bluetooth PAN. Then on your Mac, simply create a BlueTooth PAN connection. The problem with this is that you run the risk of eating up your mobile device’s battery much quicker as its using its 3G connection and its bluetooth connection simultaneouslly. Even though it should work, I never could get it going, anyways. Ideally, we want to plug the phone in via USB, so that it is charging while sharing its connection. OSX won’t support the standard ActiveSync USB Internet Sharing method, so you’ll need to do a little work to get it going.

First download these files

Unzip and Copy all three files to /Library/Modem Scripts

Back on your Windows Mobile device, in the USB connection settings, change USB to mode to MODEM instead of ActiveSync. You may get a warning here that ActiveSync won’t work when Modem is selected.  Remember to change it back later when you are ready to sync up again with a Windows computer. Once you’ve selected modem, plug your device into your Mac via USB.

Now, go to your Network Preferences menu.

On the left side, you should see your list of Network Interfaces.  Click the little “+” sign to add an interface. Click Interface drop down menu, and you should see a choice for “Samsung CDMA Technologies”. Go ahead and choose it, and click CREATE. it should populate itself on the left-hand pane now.

Highlight the new Samsung Entry, and on the right side make the following entries:

Configuration: Default

Telephone Number: wap.cingular

Account Name: WAP@CINGULARGPRS.COM

Password: CINGULAR1

Now click Advanced…

On the Modem Tab, make sure Vendor is Samsung and Model is GPRS (GSM/3G)

On the PPP tab:

For Session, Uncheck “Redial if Busy”

Next to Settings, choose CONFIGURATION and select “Send PPP echo packets” and uncheck: Use TCP header compression.

Apply all these changes and lock the Network Preferences, and you’re ready to test.

Its a good idea when testing to disable your Wi-Fi so you can be sure you’re genuinely using your mobile devices WAN.

Now, highlight the Samsung modem, and on the right side, click CONNECT. If all goes correct, you should see a little meter with your connection strength, and you should now be able to surf the web. Go for it!

“It lists thousands of kosher restaurants and includes the Book of Psalms, the three daily prayer services, the Traveler’s Prayer, a Hebrew calendar, and two versions of Grace After Meals.” Apparently GPS and Cell Phones are OK as long as there’s none of that dirty internet on them. Nice idea.

I wonder if it shuts down automatically on Friday night? Here are some other features I heard they are including:

1) Default voice of Jackie Mason
2) Yells at you in “Mother-In-Law Voice” when you miss your turn.
3) POI are all Doctor’s offices, mostly podiatrists and urologists

4) Special mode that guides by landmarks: “Make a right when you get to the hospital where Uncle Mort had his goiter removed…”

5) Speed Warnings over 25 MPH: “Oy Vey! You’re going too fast! You’re driving like a meshuginah”
6) Media Player preloaded with Yentl, the Jazz Singer, and Fiddler on the Roof
7) Routes you half-way through every trip to visit your Grandmother
8 ) Warns you when powering up that you look a little thin. “Have you been eating enough? Maybe you should have a nosh before you leave.”
9) Unfortunately, maps are only available for Boca Raton and the lower East Side of New York
10) Hot key to call your Grandson for help using the damn thing

Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs) within the Microsoft Windows operating system.

In XP you can run the following command to see what services are behind each svchost:

tasklist /svc /fi "imagename eq svchost.exe"

Alternately, you can run this great FREE piece of software called SVCHOST viewer. It’s a nifty little gui to let you see vital info about each svchost instance.   Check it out here…

1) NMAP - incredibly powerful command line utility. In addition to port scanning, it can perform OS detection and do all kinds of other great. Its great for troubleshooting network services availability.

2) Cain and Abel – Careful with this one. Password “recovery”, ARP poisoning, sniffing…

3) Nessus - #1 Vulnerability scanner. It will check for everything under the sun on your network. You’ll be surprised at what’s running out there.

4) BSA - Straight from MS.  Microsoft’s free security and vulnerability assessment scan tool

5) Wireshark - World-class packet sniffer. Enough said.

6) Netstat – command line for displaying network connections and other net-related info about your PC. Great quick way to figure out What’s running and who’s it talking to, and no installation required!

7) NetStumbler - This is great for doing wireless network assessments. Where are the dead spots? What AP’s are interfering?

9) TCPView - Great tool from SysInternals (MS). Like Netstat on steroids in a gui.

10) Snort - Open Source IDS (Intrusion Detection System) – very powerful, extensible, Lightweight, IDS.