What are the next security threats on the technology horizon? Cell phones and wireless devices, instant messaging, and websites are becoming targets for malicious or intrusive activity. Learn about these threats and how to protect yourself before they become prevalent. This article first appeared in Law Technology News, May 2005.

Catherine Sanders Reach, MLIS

SP2 - with or without you

This spring, AssetMetrix Research Labs released a survey regarding the installation of Microsoft Corp.’s Windows XP Service Pack 2 (SP2) in 251 North American corporations, consisting of more than 136,000 PCs. Of the companies using the Windows XP operating system, fewer than 25 percent of PCs were updated with the service pack.

In fact, the survey analysis suggested that 40 percent of the companies using Windows XP actively avoided the “upgrade.” When SP2 was released nearly eight months ago, early adopters sent up a hue and cry regarding bad experiences with the patch. The grapevine did its job, and Microsoft held off on forcing a download of SP2 via the automatic updating features, until April 12, 2005. After that date, the only way to avoid the patch is to turn off the auto-update features and run all updates through a separate application.

So, why did companies go out of their way to avoid a service pack designed to fix security flaws? Asked a different way, why would a company intentionally leave known security holes open? Were the problems that the service pack caused so insidious that IT staff decided to try to protect their networks and users in other ways? The survey leaves many questions unanswered, but the fact remains: a tremendous number of companies, for whatever justification, did not apply the latest security fix. Perhaps an overview of some of the newest threats and annoyances coming online will remind you that security patches may provide their own brand of irritation, but compared to the ongoing attack against your privacy, identity, and income, they may be worth it.

Selling the “Pharm”

People have gotten wise to phishing scams that use e-mail to impersonate a bank or other institution to get personal information such as credit card accounts and social security numbers. Thanks to constant media exposure and notification from many at-risk companies to their customers, most people know to be wary of e-mails asking for confidential information. But what if you were to type in the URL of your bank, log-in to your account, transfer funds from one account to another to later find that the website you visited was spoofed and the site you visited was really hosted by scamartistsunite.com? This act of site spoofing is called “pharming” and the technical description implies DNS poisoning. If the term “DNS poisoning” makes you feel sick, you are not alone. Pharming sends people to fake copies of legitimate websites, without any warning signs. This is accomplished by exploiting the DNS, or Domain Name System (or Service or Server). When you type a URL (Uniform Resource Locator) into a browser, the browser must translate that information. For instance, when you type “www.google.com” into the address bar, the browser must translate the address into an IP (Internet Protocol) address which is a series of numbers like 123. 456. 78.9. In order to do the translation, the browser consults a DNS get the IP address for the text address, then sends you to the requested website. Pharming attacks the translation process, substituting a different IP address for the text address. Thus, when you think you are visiting “Google” you are actually being sent to the website run by “Bizarro Google.” If the site has been made up to look like the requested site, any information you send will be collected by this impostor. If you immediately recognize that the site is not the one you wanted, it has probably attempted to infect your computer with some malware.

Boiled down, the concept of “pharming” can be described as a fake website. There are several ways to exploit the DNS and this potential has long been well-known. According to the SANS Institute’s Internet Storm Center, attackers exploited a vulnerability in Symantec firewalls to redirect users typing in google.com, eBay.com and weather.com to three malicious sites. Symantec has issued a fix. The threat is growing and security companies are rushing to create a way to protect us.

In the same way that care must be taken in all online transactions, one way to keep from passing on private information to a compromised site is to check for the SSL (Secure Socket Layer) certificate. This is the small lock icon displayed in your browser when you are at a site that should be protected for confidential transactions. Also, be wary of any site that requests a social security number or other information that seems superfluous. Another way to catch on to a pharming scam is that the login process may not look the same as the legitimate site. While currently pharming is still on the horizon, there are plenty of reasons to practice safe Internet.

New Ways to Catch a Cold

There are new threats for our new, faster ways to communicate. SpIM is a term used to describe the spread of viruses, worms, and spam over instant messenger services. The IMlogic Threat Center reported a 271 percent increase in report incidents of IM-borne security threats. IM viruses work in the same way as that of a traditional virus, often enticing the user to open a file or click through to an infected website. However, because IM is much more difficult to protect at a server level, users of instant messaging services need to be especially wary.

Another new threat is that of the cell phone virus. The first one to be widely reported attacks smart phones that use the Symbian operating system. The viruses have names, like Cabir and CommWarrior, and they are documented. These threats have been downplayed, suggesting that the user would have to give permission for the files to be downloaded. Considering that the “I Love You” virus also required permission-based download these viruses may become more prevalent as the writers become more sophisticated.

Safety First

There are new scams, viruses, and irritants in our wired (or wireless) world everyday. Avoiding the methods that have become and will become the way of doing business — online interaction — is ill advised. Learning to be safe, be smart, and stay up-to-date will always be necessary. Moving to less vulnerable operating systems and browsers only gives a false sense of security. Firefox, the alternate browser many people enjoy for its functionality as well as its safety, has already issued several patches to plug security holes. Anything that becomes popular is a target for scammers and those with malicious intent. Security patches, updates, and fixes are issued to help with safety concerns, even if they occasionally bring a few of their own bugs along.

All computer users who access the Internet and use e-mail should run a firewall, anti-virus, spam blockers, and any other protection that is available and keep it up to date. Network back-ups are another tool in the arsenal to combat the onslaught of threats. Make sure that all data is backed up and test your ability to restore from different points. In this way, if anything happens you should be able to turn back the clock. The lesson here is to stay alert and stay up-to-date.

* Mention of a company, product, or service does not indicate endorsement or support by the American Bar Association or the authors.