Wednesday, January 20, 2010

2009 Annual Report on Computer Security

PandaLabs, part of Panda Security, a leading provider of computer security solutions, has released their 2009 Annual Report on computer security.

Bottom line: It is pretty scary reading. 2009 was, without a doubt, a record-setting year for the creation of new threats and security issues. Cyber-criminals have become much better at making money from their malware and avoiding detection.

To read the report makes you feel that there is no way to be a user of computers safely these days. That isn't true (yet) but new solutions and security approaches are required as new threats are created. The amount of money made from malware in 2009 was more than any previous year so it is safe to safe that we will be seeing more of the same in 2010 and beyond.

Here are some highlights of the report:
  • 25 million new strains of malware were identified in just one year, compared to a combined total of 15 million throughout the rest of Panda Security’s 20-year history.
  • Banker Trojans and fake antivirus programs topped the threat ranking
  • Social networks (Facebook, Twitter, YouTube or Digg) and SEO attacks were favored by cybercriminals for spreading malicious code
  • Politically motivated cyber-attacks significantly increased throughout 2009

Stayed tuned for my analysis as I read through the report but if you want to read it yourself you can find the pdf file here: 2009 Annual Report from PandaLabs.

Friday, January 15, 2010

Using Backup Assist with rSync.net servers

I have been a fan of rsync.net services for a few years now and have always been looking for ways to improve automating backups to their servers. Backup Assist recently added Rsync protocol support in their v5 product and I've been eager to get it to work.

rsync.net's servers do not allow open access via the shell so I had to use the following steps to manual create and move the .ssh keys to the server:

1. Move any existing files out of the default location where Backup Assist stores the SSH keys.
  • Windows XP: “C:\Documents and Settings\All Users\Application Data\BackupAssist v5\.ssh”
  • Windows Vista/7: “C:\Programdata\Backupassist v5\.ssh.
2. In Backup Assist, configure the rSync server credentials and click on “Register with server” and ignore any errors.

3. Verify that three new files have been created in the local Backup Assist .SSH directory listed above. The files are:
  • Ba_id_dsa
  • Ba_id_dsa.pub
  • known_hosts
4. Rename the file “Ba_id_dsa.pub” to “authorized_keys”

5. Use WinSCP to connect to the rsync.net account you are configuring

6. Copy the local “authorized_keys” file in to the remote .ssh folder

7. Click on “Test connection…” in Backup Assist to confirm this worked.

8. If the test fails, restart at step 1 and verify that file time stamps on the local machine are current.

9. Disable the media usage report in the "rsync options" settings tab. The restrictions on the rsync.net server mean that the media usage report won't work either, but rsync.net provide other methods for getting server disk usage information.

Hope this information helps someone else!

Monday, January 4, 2010

Facebook Scam Artists Snag the F.C.C. Chairman

This article in the New York Times is a good reminder of how easy it is for Facebook users to be tricked into compromising the safety and security of their Facebook accounts. Read about the Chairman of the F.C.C.'s travails here.