Friday, February 6, 2009

This is how bad it gets: US Govt Security. Plus my wetware lecture.

--
I recently read that Steve Ballmer had been invited to talk to the US Congress about 'innovation'. After ROTHFMAOTID, I fell asleep dreaming of the US Govt. actually making sense.

This morning I found a lovely story about just how insane the US Govt. remains. Even one of their security contractors can't keep out the malware. I wonder what OS they are using, NOT. This is lifted from the highly recommended EXCELLENT weekly SANS NewsBites email newsletter, Volume 11, Number 10, © 2009, accessible at:

http://www.sans.org/free_resources.php


--Government Security Contractor Suffers Data Breach
(February 3 & 4, 2009)
US government contractor SRA has notified its employees and customers that their personal information was compromised after the company found evidence of malware on one of its servers. The affected data include names, addresses, dates of birth, health information and Social Security numbers (SSNs). SRA provides computer security and privacy services. SRA informed the Maryland Attorney General's office of the incident on January 20.
http://www.theregister.co.uk/2009/02/04/sra_virus_infection/
http://fcw.com/Articles/2009/02/04/SRA-faces-possible-data-breach.aspx
http://www.scmagazineus.com/Intruders-put-virus-on-government-security-contractor-network/article/126889/
http://www.networkworld.com/news/2009/020309-federal-workers-notified-after-sra.html
http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-164577.pdf


Could this happen on Mac OS X? At this point in time the answer is: Maybe. The recent pirateware Trojan could theoretically pull these tricks.

Conclusion: Don't be naughty wetware. Always install only verified, legitimate software. Every time you type in your password to install something, think twice. Once you hit the OK button, you could be zombieing your computer.

Saying such stuff used to be FUD, and there are still people who rant and flame that such statements are going overboard. Not any more! Social engineering is becoming a fine art, and you are the target, no matter what computer platform you use. This sort of malware knows no operating system bounds. There isn't any anti-malware program that can be 100% predictive of what new and nasty Trojan is buried in something you just put on your drive. What's at fault here, as indicated above, is YOU if you install it. You can't blame Apple, you can't blame Microsoft, you can't blame Linus Torvalds. You get to point at the person in the mirror for not following the rules required for dead basic computer security.

And just as a reminder:
What is the very best way to protect yourself from the effects of malware infection?

It's that same old #1 rule of computing:
Make A Backup.

Now get out there and tell the world! Wetware unite! Social engineers: DIE!

Share and Enjoy,

:-Derek
--

No comments:

Post a Comment