Most email administrators don’t have celebrities like Scarlett Johansson on their networks, but that doesn’t mean they don’t host some pretty juicy targets for cyber robbers.

Hollywood hotties can grab headlines for a hacker, but anyone in a corporation’s chain of command whose identity can be compromised and exploited to filch trade secrets, bank account numbers, and the like, is just as worthy a target for crackers, if not more so. After all, exposing some embarrassing pix about a starlet may earn a hacker some fame, but cajoling bank account credentials from a “suit” can earn him a fortune. Continue reading Lessons Email Administrators Can Learn from ‘Hollywood Hacker’ Bust

It is never good news to have servers compromised by hackers or corporate espionage.  Given the finite resources of any company however, the open secret is that not every computing node on the network can be equally well-protected.  As it is, priorities are often heavily skewed towards protecting servers running crucial Enterprise Resource Planning (ERP) or Customer Relationship Management (CRM) services, or publicly accessible Web servers.

What many businesses do not realize is how the humble email server is often overlooked and left under protected.  Yet it remains a front-facing server due to its location on the Internet, or in the DMZ that demarcates the Internet from the relatively safe harbor of the company intranet.

I want to highlight five repercussions of a hacked Exchange Server account today so as to illustrate the importance of ensuring that your Exchange Server is patched in a timely manner, as well as the need to ensure that adequate best practices and security defenses are put in place.

Continue reading 5 Repercussions of a Hacked Exchange Server Account

One problem that administrators face is the difficulty of acquiring the funds to replace ageing hardware or for periodic upgrades to a major point release of the email server software.

A major portion of the blame for this can be attributed to the infamous adage of “out of mind, out of sight” – an easy tune to hum when everything is running smoothly.  In addition, the fact that most companies deploy Internet-facing servers in the DMZ (De-Militarized Zone) of their network actually exacerbates the problem; some IT managers and CIOs start to envisage the email server as a low-value or invulnerable target from a security perspective.

Taken to extremes, email administrators could even start failing to diligently apply security patches, or continue to use old software long past their support end date.  Yet the misconception that the email server is unimportant to hackers is erroneous, and could not be further from the truth.  To highlight the importance of protecting the humble email server, I have drawn up a list of five reasons why hackers would want to break into your email server.

Continue reading 5 Reasons Why Hackers Want to Break into Your Email Server

Worms and other types of malware aren’t just infecting our desktops and notebooks, now they are infecting our mobile devices and smartphones. It was inevitable of course, and users of the mobile devices need to take the same precautions that they do with their PCs. Just last week, it was discovered that the first iPhone worm was released. The worm changes the lock-mode wallpaper.

Not all iPhones are vulnerable though, only those that have been “jailbroken” to allow third-party apps to run. The vulnerability comes in when a phone is jailbroken, but the user doesn’t change the default SSH login password which is put in place by the jailbreaking software. The worm, known as “ikee”, isn’t particularly malicious, it just changes the wallpaper to a picture of Rick Astley, an ’80s pop music star; and then propagates itself to other iPhones.

The fact that this one isn’t malicious is not reassuring, it merely portends a greater influx of malware to mobile devices in the future—and the ones that come after this will without a doubt be of a more sinister nature.

I saw a surprising poll that said 75 percent of respondents thought that the youthful author of the worm “did iPhone users a favour” by raising awareness of a security problem, and the buzz around the blogosphere seems to be sympathetic towards the Aussie hacker, who goes by the name of “Ikee”.  Ikee has identified himself as Ashley Towns and has openly taken credit for the worm, and seems to be working under the mistaken belief that there’s nothing wrong with creating and releasing a worm into the wild if the purpose of it is, as he said in an ABC News interview, “It’s just poking fun and hoping waking people up a little.” The perpetrator is unapologetic, and has been speaking to media and others via Twitter. But I see no justification for propagating a worm, even if the intended purpose isn’t immediately malicious.

Really? When it comes down to it, there’s no such thing as a good virus. Although it may seem harmless to Ikee, the genie’s out of the bottle now, and there will be copycats who don’t just want to “poke fun,” they want to steal. Regardless of intent, he broke the law. Yes, maybe he was trying to “teach us a lesson” about how to treat our iPhones, but is that a legitimate role for him to be playing? Sounds like vigilantism to me. And it’s not completely harmless, as the infected iPhone seeks out other iPhones to send the worm to, the data allowance will be eaten up and the victim may suffer from a larger invoice for data services.

“Honeypots: Tracking Hackers“  is a solid primer to this very necessary technology, which becomes a powerful teaching tool.  It starts with a basic explanation of honeypots and the different trapping roles they can play.  The book moves on to deeper explorations of six kinds of real world honeypot configurations, which include Back Officer Friendly, Specter, HoneyD, Mantrap, Homemade Honeypots and Honeynets.

What really makes this book thorough is a chapter focused on legal issues surrounding honeypot use. Three legal experts actually contributed to this section of the book. Crucial areas covered are entrapment, privacy and organizational liability. The book leaves no stone unturned by covering the Fourth Amendment, the Electronic Communications Privacy Act, the Wiretap Act, and the Pen Trap Statute. All these important areas are covered from the angle of how each relates to implementations of honeypots.

This book is definitely aimed at many levels of honeypot knowledge, from beginner to advanced technologists.  With this book you will gain an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment. You will arm yourself with the expertise needed to track attackers and learn about them on your own.  In addition to technology staff, security professionals, researchers, law enforcement agents, and members of the intelligence and military communities will find this book indispensable.

Lance Spitzner spends quite a bit of time, in several chapters, to cover honeypot maintenance and how to interpret the data analysis being captured. Spitzner places a decent amount of emphasis to point out that honeypots are not just one time setups that you throw out on to your network and wait for the arrival of attackers. Honepots require constant monitoring  and must be properly maintained.  Otherwise, a honeypot only provides a firm grip on an empty learning sack with no real education being accomplished. “Honeypots: Tracking Hackers” is a very timely and informative reference guide for all email administrators to keep within easy reach.