- Email: [email protected]
Failed firm banned from selling customers' personal data
network SECURITY
ISSN 1353-4858 September 2009
www.networksecuritynewsletter.com
Failed firm banned from selling customers’ personal data
Contents
A
NEWS Firm banned from selling personal data
1
Massive web infection escapes detection
1
ID theft malware on the increase
1
US lab develops new model for defence
2
failed US company, whose databases hold personal details on hundreds of thousands of customers – including fingerprints and iris scans – has been banned from selling that data.
Customers of the company, Clear, paid $200 a year and supplied personal information, including biometric data, as a way of obtaining rapid transit through airport security. But the firm ran out of money and stopped trading in June. It is facing lawsuits from disgruntled customers, but Clear and its parent company, Verified Identity Pass, have not filed for bankruptcy protection. In spite of the fact that agreements with customers stipulated that their
personal data would not be sold, and initial promises by Clear that it would be deleted, it is claimed that the company was indeed seeking to sell the information. This, it’s claimed, was an attempt to generate income to enable the firm to claw its way out of its current problems. That move was blocked by a Manhattan federal court judge who ordered the firm not to sell the contents of its databases. The company may appeal the decision. And the data may still end up passing into other hands if the ailing firm is bought. And whatever happens, it has highlighted the potential for data ‘leaks’ when an organisation goes out of business.
Massive website infection avoids detection by search engine security scanners
A
malicious iframe has been injected into as many as 57,000 websites, yet protection mechanisms used by Google and Yahoo that are meant to warn about dubious sites are generally failing to pick up the problem.
The iframe, discovered by ScanSafe researcher Mary Landesman, points to an exploit site from which it loads additional malware, including backdoors, the Gologger keystroke logging trojan and a downloader. The websites were compromised using SQL injection to insert the code which loads Javascript from
the a0v.org domain. This in turn makes contact with any one of half-a-dozen domains to pull down the exploit code. A simple Google or Yahoo search, using the iframe code, revealed thousands of infected sites. According to Landesman’s blog, these include “www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities”. However, for the most part, the search engines have not yet recognised these compromised sites as dangerous and so fail to provide warnings about them.
ID theft malware on the increase
T
he number of trojans designed to steal private data has risen massively in the past year, claims a report by Panda Security. It has seen a 600% rise in the number of machines infect-
ed by malware intended to steal confidential, personal or banking details.
Trojans now account for 71% of the 37,000 samples of malware PandaLabs Continued on page 2...
FEATURES Why 2FA in the cloud? Two-factor authorisation (2FA) is increasingly popular, but places a serious administrative burden on organisations. Dave Abraham of Signify thinks this makes it a good candidate for cloud-based solutions. 4 The benefits of optimised firewalls There are ways of making your firewalls work more efficiently that won’t just help ensure your security but could also save you money. Nick Garlick of Nebulas explains. 6 Moving to the dark side The ‘dark’ internet is being used by all kinds of people, from terrorists to intelligence agencies. Cath Everett describes the different ways of hiding on the net. 10 A novel architecture for enhanced security A model for using virtualisation and ARP spoofing to create an environment in which attacks are diverted to safe targets. 12 Compliance vs business security New rules imposed by Italian regulators have serious implications for system administrators, who must be authorised, registered and monitored. And the idea could spread, warns Dario Forte. 16 Security in the time of swine flu Staff disruptions and changed work patterns brought on by a flu epidemic could seriously impact your security practices, says Wendy Goucher. 18 REGULARS News in brief Events
3 20
ISSN 1353-4858/09 © 2009 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.
ISSN 1353-4858 September 2009
www.networksecuritynewsletter.com
Failed firm banned from selling customers’ personal data
Contents
A
NEWS Firm banned from selling personal data
1
Massive web infection escapes detection
1
ID theft malware on the increase
1
US lab develops new model for defence
2
failed US company, whose databases hold personal details on hundreds of thousands of customers – including fingerprints and iris scans – has been banned from selling that data.
Customers of the company, Clear, paid $200 a year and supplied personal information, including biometric data, as a way of obtaining rapid transit through airport security. But the firm ran out of money and stopped trading in June. It is facing lawsuits from disgruntled customers, but Clear and its parent company, Verified Identity Pass, have not filed for bankruptcy protection. In spite of the fact that agreements with customers stipulated that their
personal data would not be sold, and initial promises by Clear that it would be deleted, it is claimed that the company was indeed seeking to sell the information. This, it’s claimed, was an attempt to generate income to enable the firm to claw its way out of its current problems. That move was blocked by a Manhattan federal court judge who ordered the firm not to sell the contents of its databases. The company may appeal the decision. And the data may still end up passing into other hands if the ailing firm is bought. And whatever happens, it has highlighted the potential for data ‘leaks’ when an organisation goes out of business.
Massive website infection avoids detection by search engine security scanners
A
malicious iframe has been injected into as many as 57,000 websites, yet protection mechanisms used by Google and Yahoo that are meant to warn about dubious sites are generally failing to pick up the problem.
The iframe, discovered by ScanSafe researcher Mary Landesman, points to an exploit site from which it loads additional malware, including backdoors, the Gologger keystroke logging trojan and a downloader. The websites were compromised using SQL injection to insert the code which loads Javascript from
the a0v.org domain. This in turn makes contact with any one of half-a-dozen domains to pull down the exploit code. A simple Google or Yahoo search, using the iframe code, revealed thousands of infected sites. According to Landesman’s blog, these include “www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities”. However, for the most part, the search engines have not yet recognised these compromised sites as dangerous and so fail to provide warnings about them.
ID theft malware on the increase
T
he number of trojans designed to steal private data has risen massively in the past year, claims a report by Panda Security. It has seen a 600% rise in the number of machines infect-
ed by malware intended to steal confidential, personal or banking details.
Trojans now account for 71% of the 37,000 samples of malware PandaLabs Continued on page 2...
FEATURES Why 2FA in the cloud? Two-factor authorisation (2FA) is increasingly popular, but places a serious administrative burden on organisations. Dave Abraham of Signify thinks this makes it a good candidate for cloud-based solutions. 4 The benefits of optimised firewalls There are ways of making your firewalls work more efficiently that won’t just help ensure your security but could also save you money. Nick Garlick of Nebulas explains. 6 Moving to the dark side The ‘dark’ internet is being used by all kinds of people, from terrorists to intelligence agencies. Cath Everett describes the different ways of hiding on the net. 10 A novel architecture for enhanced security A model for using virtualisation and ARP spoofing to create an environment in which attacks are diverted to safe targets. 12 Compliance vs business security New rules imposed by Italian regulators have serious implications for system administrators, who must be authorised, registered and monitored. And the idea could spread, warns Dario Forte. 16 Security in the time of swine flu Staff disruptions and changed work patterns brought on by a flu epidemic could seriously impact your security practices, says Wendy Goucher. 18 REGULARS News in brief Events
3 20
ISSN 1353-4858/09 © 2009 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.