Tuesday, February 27, 2007

NOXS has been acquired by Westcon.

The company, NOXS, I work for has been acquired by Westcon. Westcon Group, Inc. and Unit 4 Agresso announce today that a UK-based subsidiary of Westcon Group, Inc. has signed an agreement to acquire NOXS, the value-added distribution arm of Unit 4 Agresso’s Internet and Security division. With this acquisition, Westcon Group executes another step in its global strategy of building strength in key areas of networking, convergence, security and mobility in which it has an existing $2 billion business. The acquisition of NOXS positions Westcon to become a leading multinational distributor of network security products and solutions. After the acquisition, Westcon’s customers will have access to NOXS’ expertise, solutions and services, enabling them to bring integrated security solutions to their networking, convergence and mobility customers. Similarly, NOXS’ customers will have access to a broader set of opportunities in which their knowledge of solutions such as Unified Threat Management, mobility security, network access control and regulatory compliance have become mandatory requirements.
For me, it's business as usual and hopefully it will stay like that or possibly even improve. The future will prove it. For more info you can look at the websites
http://www.westcongroup.com or
http://www.noxs.com .

Monday, February 26, 2007

Can illegal hacking be justified?

66-year-old Ronald C Kline, a former senior judge from California, has been sentenced to 27 months in jail for possessing child pornography. Kline was initially brought to the attention of the authorities after his computer was infected by a Trojan horse planted by Canadian hacker Brad Willman. He planted the Trojan horse, disguised as images of child abuse, on an internet newsgroup visited by pedophiles in 1999. The hacker (with alias Omni-Potent) broke into the pc's of those he infected, focusing on those he suspected of being involved in child abuse.
Few will shed tears over Kline going to prison, but the case does raise interesting questions over whether illegal hacking and the distribution of malware can ever be justified. I am really worried that this case will be viewed as a green light for other hackers to infect computers with their malicious code. It's very difficult to draw the line here and this will remain very difficult in the future but there are other legal ways to gain the information you need and I know what I am talking about as my wife is a police-officer and teacher at the police academy. There are always legal methods like forensic investigation done by the Computer Crime Unit to obtain the necessary information. This way (the hacker's way) is at least completely unethical.
You can find more about the Virtual Global Taskforce - a group of police forces working around the world together to find online child abuse at http://www.virtualglobaltaskforce.com and you can always contact the Belgian FCCU at http://www.ecops.be to report it.

Sunday, February 25, 2007

Data News Openings Debate at InfoSecurity 2007 Belgium.

Data News asked me for their openings debate at InfoSecurity Belgium at 21 March 2007.
Senior Staff Writer Data News and security expert Guy Kindermans (see picture) moderates the debate about the following subjects:
- Which new viruses and other threats set the trend in 2007?
- What are the risks of web 2.0?
- How to develop secure software?
Three well known security experts participate in this round table: Eddy Willems(me), NOXS; Erwin Geirnaerts, Zion Security and Johan Peeters, freelance software architect.
You can find more at the website http://www.infosecurity.be and my own press page. After the show you will find several infosecurity related articles at my press page as well. I wrote an opinion piece for the Special Security Guide of Data News and I was interviewed for Smart Business Strategies for 2 articles: one concerning MS Vista security and one about general security. You are all invited!

Wednesday, February 14, 2007

e-Valentine cards could be dangerous.

Every opportunity where people send each other cards is one of those times the bad folks out there try to do their thing.Valentines day is no exception to that rule.We can all try to educate users not to click on attachments that are unexpected or from unknown senders, but how is that going to meet up in real life against the possibility of a hot date with a secret admirer ? We can try to tackle the problem with technology that scans incoming messages, removes executable content, repetitive content (spam), etc. but signature based systems will leak exploits, repetition might not always be there and the first few will be passed on regardless and perhaps worst of all, users are generally willing to go through great lengths to get their price and work around extension based filtering. I could also try to promote not sending media rich wishes what I always do. Just use normal plain text within all your emails. If everybody should do this ... Anyway, make sure to have a happy February 14th without catching one of these. BTW several parts of the world have been spammed by some problematic e-Valentine cards already, so please pay attention and don't forget to update and patch (MS critical patches) today!

Sunday, February 11, 2007

Botwars and Press Interviews...

It seems that two of the largest Botnet gangs maybe fighting each other. The P2P Botnet created by Storm-Worm variants seems to have been used to launch a Distributed Denial-of-Service attack against several of the domains used by the Warezov/Medbot gang. It really reminds me at the viruswar between the Bagle and Netsky gang back in 2004. Coupled with this supposed attack it seems that the websites of several Anti SPAM organisations have been targeted in the attacks. Joe Stewart over at SecureWorks has posted an analysis of the attacks here. There has also be some speculation that these attacks are related to the attacks that have been reported against the DNS root servers. Associated Press reported that the attacks overwhelmed at least 3 of the 13 root DNS servers on Tuesday. Stats provided here by DNS monitoring at RIPE seem to indicate that these attacks could have disrupted at least 2 of the root DNS servers. It is still completely unsure that these Botnets has something to do with these attacks. I've been interviewed by the Belgian press last Thursday about those attacks. You can find more about it on my press page. It's still unbelievable that after working together with the press for several years now that the name of the company I work for, 'NOXS', seems to be mispelled as 'NOCX' by one TV broadcast station.

Wednesday, February 07, 2007

Internet's Backbone servers attack could be a terrorist test.

Zombie computers likely played a part in last night's major attack against key root servers which form the backbone of the internet. Users' computers are likely to have been taken over by hackers to create zombie networks or 'botnets', in order to bombard the internet's Domain Name System (DNS) servers with traffic. They note that while the computer owners may have been unaware that their PCs were compromised, had the attack been successful then all website access and email delivery would have been suspended globally. Theoretically these zombie computers could have brought the web to its knees, and while the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem - the lax attitude of some users towards IT security. I see this problem more and more coming up in the SMB market where there is less security awareness: A problem I personally try to tackle with my lectures for the KMO-IT (see below this blog) these days. Everybody is almost totally reliant on the internet for day-to-day communication - it's ironic that the people who depend on the web may have been the ones whose computers were secretly trying to bring it down.
Root servers, which manage the internet's Domain Name System are essentially acting as an address book for the internet. UltraDNS, which manages traffic for websites ending with the suffix .org and .info, confirmed that it had witnessed an unusual increase in traffic. In all, three of the 13 servers at the top of the DNS hierarchy are said to have felt the impact of the attack, although none are thought to have stopped working entirely. Fortunately the system is designed to be extremely resilient to these kind of attacks, and the average man in the street won't have noticed any impact. Some reports have suggested that much of the attack traffic may have come from computers based in South Korea. However, the motivation for the attack remains unclear. It could be a test for a coming terrorist attack on the internet but it could be also something completely different. It's very difficult to say. Whatever the motives of the people responsible for this assault, everyone needs to properly defend their pc from being taken over by hackers and used for criminal purposes. According to reports, last night's incident was the most significant attack against the DNS backbone since October 2002. Try be aware and find out that your pc's are not under someone else's control. Use at least decent security software and hardware everywhere on your network and pc's.

Friday, February 02, 2007

Dutch Botnet hackers sentenced.

Two Dutch hackers have been given jail sentences for infecting millions of Windows PCs with malware, and stealing personal information such as credit card details to purchase iPods, digital cameras and games consoles. The 20-year old leader of the hacking gang has been sentenced to two years in prison and his 28-year old accomplice received an 18 month jail term. They have also been fined 9,000 and 4,000 Euros respectively by the court in the town Breda in the Netherlands. Prosecutors claimed that the men ran one of the largest networks of infected computers ever uncovered, which included PCs around the world. Such zombie networks, also known as botnets, are often used to launch distributed denial of service attacks (DDOS) or to launch spam campaigns. The two men used the W32/Codbot or Backdoor.CXJ to take remote control of innocent users' PCs between June and October 2005, with some versions of the malware capturing keypresses, in an attempt to commit identity fraud by stealing bank account information and credit card numbers. Several other suspects in the case are still awaiting sentencing. It's time that we see these kind of convictions however I know several people who wanted to sentence these men much heavier. Was this sentence really hard enough for them?