US Border Patrol to use Video Game to Aid in Border Safety

The US Border Patrol is switching gears and moving to video game technology to help determine where future improvements will be made.

The system looks a lot like a touchscreen version of the WWII game “Panzer General”. But instead of Panzers, Luftwaffe and the Waffen SS, you have Border patrol trucks, helicopters, and mounted agents. The system, more of a simulation and modeling program than a video game, will help the agency decide where future improvements can be made to help increase the security of our borders.

The system will cost $1.6 million, and will be used in lieu of the $1 Billion dollar virtual border fence project that was recently scrapped.

Our border with Mexico is a major concern now and needs to be dealt with quickly. If this software will help our agents, then let’s get it into their hands, sooner rather than later.

PlayStation Network could be restored in a Week – was it Anonymous?

Sony PlayStation Network and Qriocity users have had to go without service since last Wednesday when Sony shut down the services due to a hacker attack. In an update today, Sony admitted that everything from user names to credit card numbers may have been compromised:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.

If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

Their does seem to be some light at the end of the tunnel for PSN users as the post also states that the down Sony services could be restored within a week.

But one has to ask, who was behind this? Sony seemed to gain the attention of hacker group “Anonymous” earlier this month when the console manufacturer took legal action against people performing hardware hacking and software modifications on their PS3 system. Not only did Anonymous take down the Sony sites, but in a new wrinkle, they were also planning physical protests at Sony stores.

The official news from Anonymous? “For once we didn’t do it“, though they do mention in the news update that it could have been single anonymous members working on their own, but other than the DDoS, they claim they didn’t do it.

Hackers have been known to flood a system and tie it up with a Denial of Service attacks to help disguise actual intrusion attempts.

So far Sony is closed lip about any prospects, which is to be expected, and the FBI apparently has not made any arrests contrary to numerous reports circulating on the web. But one thing is for certain, Anonymous has really drawn the ire of PlayStation users that just want to play their gaming system online.

How to Recognize and Analyze a Fake Anti-Virus Message

I was surfing the web the other day looking for photos and received this error when clicking on an image in Google:

Wow, I thought, this can’t be good, Windows Security has found some critical issues on my system and needs to do a system scan. Something must be very wrong. Thank goodness that this helpful website is offering to scan my system for me.

Actually, nothing could be further from the truth.

Okay I knew right away that this was a fake message. How? I click on a photo and ended up at a completely different website that showed this security alert. This is not how Google normally behaves when you click on an image. It usually takes you to a webpage and shows the image you clicked on in the foreground, while the picture source page is shown in the background.

Also, Windows does not show alerts like this. Windows 7 uses a little red “x” on the white flag at the bottom right side of your desktop when there is a security alert. In addition, the message looks nothing like a standard alert from my anti-virus software, so I knew that this  online scan was bogus.

It would have been more believable too if I was actually running Windows at the time, which I was not, but what the heck, let’s see what happens when we click “OK”

(Never click on these messages by the way, just close the whole browser window with the red “X”. Run your own anti-virus program to do a scan, never an online one).

Right away the “helpful” program comes up and runs a system scan. It isn’t really doing a scan by the way, it just builds the page with html and scripts to make it look believable. It does seem to look like a legit Windows screen, except it all shows up in a browser window, and again, I am not even running Windows on this system!

It then wants me to click on the “Remove All” button, which I did not. Doing so will usually prompt you to download and install the bogus anti-virus program. Allowing the program to run will install the virus to your system. This particular brand of malware when installed will bring up a very believable anti-virus screen and tell you that you need to purchase a license to use it. It also asks for your credit card.

When trying to figure out how I was redirected to this fake AV site from clicking on a Google image, I found something interesting. Hovering over the picture, I noticed that the website that showed up under the image looked legit, but when looking at the image url (which displays if you hover over the image) it pointed to a completely different website. The Google Imgrefurl tag was a mile long, and contained random upper and lower case letters. Clicking on the image immediately took me to the bogus site and kicked off the fake anti-virus message.

So what can we do to see what the fake site is really doing?
(Just a warning – Don’t play with malware sites, especially on production systems, doing so could get your system infected!)

There are several free malware analysis websites available. For this one, I chose Anubis. Anubis is backed by Secure Business Austria and is developed by the International Secure Systems Lab. It is an open framework for malware analysis and  the nice thing is it allows you to submit sites by URL name. From the Anubis home page, just paste in the suspicious target website address and it will examine the webpage with a simulated Internet Explorer interface. Anubis acts like a IE Honeypot and records everything the page tries to do.

After you submit the page, it takes a few minutes for Anubis to preform the analysis. When it is finished it provides you with an indepth report of what it finds.

Submitting this suspicious URL to Anubis resulted in a 9 page report. Below is an abbreviation of what Anubis found that the website code tries to do:

Summary:
Description

• Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. RISK-MEDIUM
• Performs Registry Activities: The executable creates and/or modifies registry entries. RISK – LOW

– Further on in the report under Registry Activities, Anubis reported that the website code tries to modify 3 windows registry settings, and tries to read in over 50 more settings.

Finally it tries to read your Internet history and monitors the use of 6 keyboard keys and all three mouse buttons.

This is just what one of the Malware anaylsis programs found on the malicious website alone. Allowing the site to download the full malware to your system would bring in another level of problems.

With the rash of fake online anti-virus type attacks, including the most recent LizaMoon attack, it is important to remember to not allow any programs to run from unknown websites.

Windows 7 Networks Vulnerable to RA DoS Attack

This has to be seen to be believed. In this video, Sam Bowne, of the City College San Fransisco, shows how rogue IPv6 Router Advertisements can crash all Windows IPv6 enabled systems on your network.

Sam (and others) notified Microsoft of the problem, only to be told that it was a known issue and Microsoft has no plans on patching it! It can be found on the DHS US-CERT Vulnerability Database as CVE-2010-4669.

Sam has an excellent Executive Summary on his site explaining the problem, and several remedies including:

• Disable IPv6. This is drastic, and will break services you may want, such as HomeGroups and DirectAccess. But it will protect you.
• Turn off Router Discovery — this is a simple solution, requiring only one command, but it will prevent you from using Stateless Autoconfiguration. It’s probably appropriate for servers, but not as good for client machines.
• Use a firewall to block rogue Router Advertisements, while still allowing them from your authorized gateway. This is the most precise solution, but it is easily defeated.
• Get a switch with RA Guard — details here: http://goo.gl/PlVlt

Check out Sam’s site for more information.