WatchGuard Blogs

Goodbye, WatchGuard Blogs; Hello, WatchGuard Wire!

2009-06-08T11:12:00.000-07:00

As you've probably noticed, we haven't posted any updates to this blog in many months. Regular readers are probably wondering where the heck we've been. The short answer is... Due to many changes at WatchGuard, we will be retiring these WatchGuard Blogs and returning to the WatchGuard Wire.Scott Pinzon and I originally started this blog as an experimental offshoot of the WatchGuard Wire. At the

Want to score a cool quarter mil? Track down Conficker's maker

2009-02-20T11:23:00.000-08:00

What's a sure sign that Conficker (also called Downadup) has actually infected lots of innocent users? The answer is, when Microsoft offers a $250,000 bounty on the worm author's head.According to their press release, if you can supply any information that leads to the arrest and conviction of those responsible for the Conficker worm, Microsoft wants to give you a quarter million dollar reward.

Conficker's virulence continues to confound me

2009-01-23T11:14:00.000-08:00

I still don't really understand why the Downadup/Conficker has spread so successfully, but it definitely has.The latest reports say the virulent worm has infected over 10 million PCs. Some of the big name victims include, New Zealand's Ministry of Health, the UK Ministry of Defence, and some Sheffield hospitals. Furthermore, according to Panda Security the Downadup/Conficker has infected at least

OS X pirates usher trojan onto their computers

2009-01-23T09:30:00.000-08:00

If you've recently downloaded iWork 09 illegally using BitTorrent, your Mac probably has a trojan.According to Intego (a company focused on Mac security), a new Mac trojan is circulating within the illegal copies of iWork 09 floating around on BitTorrent trackers. The trojan, OSX.Trojan.iServices.A, hides within an extra install package included with the iWork image, called iWorkServices.pkg. If

Huge data breach could affects tens of millions of credit card users

2009-01-21T12:55:00.000-08:00

During President Obama's inauguration yesterday, Heartland Payment Systems -- a major debit and credit card transaction company -- admitted that they were the victims of a huge data breach that could affect tens of millions of debit and credit card customers.According to a Washington Post Security Fix article, Heartland found malware buried somewhere within their payment processing system.

Malware preys on Obama-mania

2009-01-20T07:22:00.002-08:00

Today is an exciting and historical day in the United States (and the World). In just a few hours we inaugurate an African American man, Barrack Obama, as our 44th president. The nation feels a surge of hope, believing that the new administration will begin to correct some of the woes currently afflicting our country. Leave it to a few despicable malware authors to corrupt that hope, and twist it

Is the Downadup/Conficker worm creating the next big botnet?

2009-01-15T12:20:00.001-08:00

Last week, F-Secure made quite a few blog posts [ 1 / 2 / 3 / 4 ] describing a new worm that seems to be spreading like wild-fire. Called Downadup by some and Conficker by others, the worm appears to spread, primarily, by exploiting the semi-recent Windows Server Service vulnerability (LiveSecurity Subscription required), which Microsoft patched last October. Previous worms have taken advantage

PlayStation hammers a nail into the lid of MD5's coffin

2009-01-06T17:00:00.000-08:00

Since 2004, security researchers have known that the MD5 hash algorithm suffered from certain cryptographic weaknesses. However, during a recent talk given at the 25th Chaos Communication Congress (25C3), a team of researchers showed the world just how dangerous these weaknesses have become.Before I dive into the researchers' new attack, let me offer a refresher on some cryptography concepts

Predict the future; win Superman's TRS-80!

2009-01-06T13:06:00.000-08:00

The latest episode of Radio Free Security, entitled "Security Predictions for 2009," just went live, available on our feeds page and Apple iTunes. In this episode, we announce a contest, and I wanted to show you the Grand Prize. It's a rare comic book from 1982 wherein Superman and Wonder Woman desperately need the help of "the Computer Masters of Metropolis" -- who turn out to be two kids with

US gov sets out to secure cyberspace. First obstacle: US gov

2008-12-19T09:59:00.000-08:00

In the first week of December, the Center for Strategic and International Studies (CSIS) released a seemingly important report, entitled "Securing Cyberspace for the 44th Presidency." The report was the conclusion of a year of work from a blue-ribbon panel, co-chaired by two Congressmen, an Air Force lieutenant, and a guy who has worked in security at Pricewaterhouserestofalphabet, Microsoft, and

Make sure you're greasing the right monkey

2008-12-05T12:20:00.000-08:00

According to an InfoWorld article, attackers have released a banking trojan that masquerades as the populer Firefox extension called Greasemonkey.Greasemonkey is a real Firefox extension that allows you to customize your web browsing experience. Basically, you can install scripts that allow you to change the look and feel of a web site on the fly. (This video gives a good example of what you

TNT to "Leverage" the Age of the Geek

2008-12-04T09:33:00.000-08:00

As a wanna-be screenwriter, I read a lot of screenwriter's blogs. One of the most popular, entertaining, and polarizing is Kung Fu Monkey -- the blog by John Rogers, who is both a screenwriter and a comic book scribe. (He wrote one of the drafts of the Michael Bay Transformers movie, and for years has written the comic, Blue Beetle.)For months, John has been giving the behind-the-scenes

Malware professionals continue targeting Mac OS X

2008-11-25T16:34:00.000-08:00

Just over a year ago, I wrote a WatchGuard Wire post about a new Mac trojan. While I'd heard about a few Mac trojans before, OSX.RSPlug.A marked the first written by a professional malware group. In fact, the arrival of this trojan was one of the reasons that Scott and I predicted an increase in Mac malware for 2008 (Radio Free Security Dec 2007 episode, "Security Predictions for 2008").Last week

Video game insider is victim of Xbox Live hack

2008-11-25T14:32:00.000-08:00

If you're a video gamer, you've probably heard the name Dan "Shoe" Hsu. He was the Editor-in-Chief for Electronic Gaming Monthly (EGM), an editorial director for the 1UP Network, and currently writes for IGN. In fact, if you watch the 1UP Show you've probably even seen him in past episodes. Unfortunately, Hsu's gaming notoriety probably contributed to his recent plight -- the uber gamer was the

Ghosts of KGB past haunt Radio Free Security

2008-11-25T08:20:00.000-08:00

I'm assembling the December episode of Radio Free Security, and it contains a notable first for the show: listeners will hear an ex-KGB Major General share some of the cat-and-mouse espionage games Soviet Russia played against the US during the Cold War.Oleg Kalugin worked his way up in the KGB from the days of Kruschev all the way up to Gorbachev (and regards Putin as a junior upstart), but

Washington Post reporter clobbers a major spammer

2008-11-13T08:56:00.000-08:00

The USA's newspapers usually make a poor source of network security news. Their reporters often report developments days late, and/or get the facts wrong.The refreshing exception is Brian Krebs, a Washington Post tech columnist. He stands out as pretty much the sole US newspaper reporter who actually reports security stories I haven't heard three days (if not three weeks) before, and he gets the

Elections, governments attract network attackers -- but who are they?

2008-11-07T13:50:00.000-08:00

Wow! It seems government officials are getting popped by network attackers left and right lately. First Sarkozy got pwned, and now attackers have targeted a whole menagerie of US government officials. Summarizing this week's government-related attacks:Now that the US election is over, reporters are sharing the dirt from their campaign trail experiences. Among the juicy highlights, we learned that

More details emerge on WPA attack

2008-11-07T10:51:00.001-08:00

Yesterday, I let you know about a new WPA attack that Eric Tews plans to disclose at a security conference next week. At the time, the security community knew little about the attack since Tews hadn't disclosed any technical details. Nonetheless, many stories reported that he had cracked WPA's TKIP key.As it turns out, Tews didn't crack the TKIP key (which makes sense -- Scott and I couldn't

Looks like Sarkozy was targeted

2008-11-06T15:37:00.000-08:00

Back on October 20, I posted about an incident where the French president Nicolas Sarkozy got hacked. Attackers figured out the credentials to his online bank account and stole a meager sum of money.At the time, authorities didn't think attackers had targeted Sarkozy, and I agreed with them. Nowadays, most attackers avoid big name targets, knowing those targets will only get them more police

WPA encryption -- partially cracked?

2008-11-06T13:21:00.000-08:00

I'm getting sick of this new trend where researchers pre-announce their intention to disclose details about a new security vulnerability. It doesn't really help anyone to say a "big" vulnerability exists if you can't tell them what to do about it. Nonetheless, an upcoming talk on an alleged Wi-Fi Protected Access (WPA) encryption vulnerability might be one worth watching for.According to a

President Obama faces a D.C. digital divide

2008-11-05T09:55:00.000-08:00

This is a network security blog, so I'll set aside for a moment the major cultural and political significance of the USA electing its first black President last night. But I can offer an IT geek's perspective on one aspect of Obama's election.After spending last week in Washington, D.C., I'm concerned about the digital divide between the Federal government and all of us who work in the private

Malicious worm exploits the serious Microsoft Server service flaw

2008-10-28T15:34:00.000-07:00

Last week, I wrote a LiveSecurity alert (subscription required) warning our customers of an extremely critical out-of-cycle patch released by Microsoft. This patch fixes what has to be the most severe Windows networking vulnerability that I have seen in the past few years. Simply put, by sending specially crafted RPC packets, a remote, anonymous attacker can exploit this flaw to gain complete

Even Presidents get hacked

2008-10-20T14:55:00.000-07:00

A month ago, we learned that vice presidential nominees could get hacked. Now, we can add an actual president to the pwnd victims list.Last week, a French news agency learned that Nicolas Sarkozy, the president of France, had a modest amount of money stolen from his online bank account. Investigators haven't shared how the president's account got compromised, but I'd guess that the attackers

Uneven GTISC report gives plenty of food for thought

2008-10-16T15:22:00.000-07:00

Yesterday, the Georgia Tech Information Security Center (GTISC) in Atlanta hosted its annual summit on emerging network security threats. I was unable to attend, but I downloaded the report their experts issued, "Emerging Cyber Threats for 2009." (PDF) What a mixed bag it turns out to be.The authors of the report include some very respected and credible security analysts, including the CISO of

Internet sky falls three times in one week

2008-10-10T15:43:00.000-07:00

Talk about ending the week on a down note! We all get sick of "the sky is falling!" over-hyped cries. But this week, we saw three events in network security that are legitimately milestones of Teh Suck in network security:Jack Louis and Robert Lee divulged the existence of a fundamental flaw in the TCP/IP stack that makes it relatively simple to DoS a victim server right off the Internet. The