Email as a service?

Many businesses use email as a service.  The economics can be very compelling.  Email as a service is simply defined as getting your email delivered from a company centrally hosting a mail server and software.  Another common method is to have your own email server and software.

If you’re already using an email service I hope it has the following features implemented:

–     Spam filtering.  I really don’t know how anyone lives without a Spam filter, but some still do.  Spam is an avenue for malware and whether you use a service or have your own server, you need this protection.

–     Anti-virus filtering.  Like Spam filtering above, scanning your email before it’s delivered for known malware is an important and valuable layer of defense.

–     Redundancy.  As I have discussed before, everyone needs their email.  It’s mission critical.  If you can’t get it because your email service is down, find another service.  A good service has multiple data centers with servers mirrored over separate geographic regions and can guarantee 100 percent up time.

–     Supports all standard protocols such as POP3, IMAP4, and SMTP.  This means your users can check and send email from various desktop email clients like Outlook and Mozilla Thunderbird, plus wireless devices like Blackberry, iPhone, iPad, and Droid smartphones.

–     Security.  SSL and TLS encryption for the standard protocols mentioned above encrypts your data so that others cannot view it.

–     Attachment size capability.  Some services severely restrict the size of attachment you can receive.  This is frustrating when you’re expecting a larger attachment.

–     Mailbox capacity.  A small capacity mailbox means you have to keep cleaning out your mailbox.

–     Daily backups.  Account data is saved nightly to top tier data centers and can be restored from the past 14 days.

–     Ad free.  A professional service doesn’t insert ads in your email.

If you’re paying more than $1.75 per month per mailbox for the services listed above, or if you aren’t receiving those features, it’s time to consider alternatives to your existing email service.  If you’d like to know the service we recommend, give me a call or shoot me and email.

How do you get your email?

Posted in Uncategorized | Tagged , , , , | Comments Off on Email as a service?

How old is your network security appliance?

Time flies and your memory perception can get distorted.  Things that I thought happened “a few” months ago actually occurred a year or two ago.  The same thing is true about your company’s technology.  It’s easier to notice when you need to refresh your server, workstation or laptop because the software requires faster processing and more memory.  You see things begin to bog down.

When it comes to security appliances the manufacturer’s software is written to work within the parameters of the hardware technology available at the time of its production.  As you know, “technology time” flies even faster than any other kind of time.  If your security appliance is 3 years or older, it’s likely not providing as much protection as you need.

Vast improvements in hardware, including processing power and memory have accommodated a robust new generation of security appliances enabling features like gateway anti-malware, intrusion prevention and application control.  These features protect your network by adding a layer of defense to stop malware before it gets to your network and enabling you to identify and throttle or block unauthorized, unproductive and non-work-related appliances and websites such as Facebook® or YouTube®.

How many cell phones have you been through in the last 3 years?  What about Servers, desktops and laptops?  Maybe it’s time to think about your security appliance.

Call us if you need help evaluating your current security appliance.  We can advise you on whether it’s up to today’s protection capabilities.

Posted in Uncategorized | Comments Off on How old is your network security appliance?

Email – in house or hosted service?

Chances are you’re pretty dependent on email.  Most people go apoplectic when they can’t access their email, after all it is a vital business function.  When you can access it, it better be filtered for spam, viruses, phishing and other malware or you’ll be in  for a world of hurt.  There are at least a couple of ways to provide and maintain your company’s email.  One way involves maintaining server hardware and software along with the requisite anti-virus and spam filters in-house. Another way is to use a “hosted” service that delivers your email and calendaring services without the burden of maintaining the technology.

A common method used to provide “in-house” email includes a server that is, ideally, dedicated to your email application.  For example, Microsoft Exchange is the most widely known and used email service.  Your company’s security must be maintained with a solid spam and antivirus solution not to mention a viable data backup.  All of which need to be tended to periodically to ensure maximum operability, functionality and uptime.

On the other hand a hosted email service can eliminate these tasks yet provide you the full functionality of “doing it yourself” without all the chores.  Of course you want to use a company with a solid reputation offering a nice variety of features.  Such services are often provided at affordable monthly rates on a per mailbox basis.  Better email providers not only enable you to receive your email, but a copy can be delivered to your smart phone, it is filtered from spam and viruses, it is backed up, your outbound email is encrypted and you’re able to receive large file attachments.

There are pro’s and con’s to each of these methods and it’s best to evaluate them carefully along with your return on investment as you consider your email needs.  Either way, we can help you figure out which one works best for
you.

Posted in Uncategorized | Comments Off on Email – in house or hosted service?

How do I avoid Search Engine Poisoning?

Are you careful about what you click on while Web browsing?  There are numerous stories about Search Engine Poisoning. This is a method used by attackers to turn your search for a term or news item into an opportunity to infect you with malware.  They use innocent looking links that appear to be exactly what you’re looking for but redirect you to a site that can infect your computer.

So how do you protect your organization from this kind of attack?  Your web content filter will not catch everything because legitimate sites get used to redirect visitors.  A deep layer content inspection and filtering of the data at your Internet Gateway (found in the latest generation of network security appliances) works better to prevent the malicious content from reaching you.

Educating yourself and your users about some of the common tactics used is essential.  For instance, very often poisoned links redirect users to “scareware” sites where a very ominous yet real looking alert pops up that your computer has been infected with a “clean now” button. Once that is clicked the virus is delivered and installed.  Users need to exercise particular caution (paranoia, if you will) when searching a “breaking” news item.  Never rely on search engine links, but go directly to well known and reputable news sources by entering the website address, if known, into your browser.  Enable your browser’s security features and never click anything, but immediately close when suddenly asked to install anti-virus or spyware software while browsing.  Of course, make sure you and your users have all the security updates installed and that each machine has anti-virus and anti-malware enabled and updating.

We’re here to help you.  Do you have any questions or concerns we can address?

Posted in Uncategorized | Comments Off on How do I avoid Search Engine Poisoning?

Are you protecting your assets?

Do you buy insurance for your business?  It pays off in the event of a mishap, but you still have the overwhelming and expensive task of getting up and running again.  Why do so many businesses emphasize preparation for AFTER something bad happens, yet spend little to nothing to prevent it in the first place?  The cost of recovery is far greater than the cost of prevention.

Comprehensive network security provides prevention and is at its strongest in layers.  We preach this all the time but it’s not always practiced, which leaves  your business vulnerable to calamity.  There are several vectors of attack on your network and you are best advised to address each one.

So what are the layers of defense you should implement?

1) A strong security appliance at your Internet gateway utilizing features like Gateway Anti-virus and Intrusion Prevention is the best start.

2) An email security appliance (or service) to filter your company’s email for spam that often includes viruses, phishing attempts, spyware, spoofing, etc.

3) A strong Web content filter to control and safeguard users’ Internet browsing.

4) A desktop anti-virus is essential.  Make sure it’s always enabled and up to date with the latest virus definitions.

5) Patch management for your servers and desktops is crucial.  Updates to the operating systems and other commonly used programs like Adobe and Java are provided continuously by the manufacturers to plug vulnerabilities being exploited by data and identity thieves.  For example if you’re using an old Internet browser, you are increasing the likelihood of you being attacked.

6) A reliable data backup (more insurance) to restore lost or corrupted data.

7) A strong policy on removable USB hard drive devices and CD disks.

8) Secure your Smart phones.  Do your users sync with your network?

How many of these are you covering?  Doing all you can to protect your business PREVENTS the pain and suffering caused when an attack disrupts your operation, AND saves you money.  We’re here to advise you on finding the gaps in your network security and closing them.  Call or email me with your concerns.  I look forward to your comments.

Posted in Uncategorized | Comments Off on Are you protecting your assets?

How wary are your end users?

Even Internet security companies get infected with malware.  I ran across an interesting and brief article (http://threatpost.com/en_us/blogs/researchers-discover-file-used-hack-rsa-082611) that includes an explanation on how RSA (http://en.wikipedia.org/wiki/RSA) was attacked.  They were forced to replace millions of SecureID tokens as a result.

A simple email message with an infected Excel attachment resulted in costly havoc for RSA.  “The subject line of the email is ‘2011 Recruitment Plan’ and the Excel attachment had the same name. The email appeared to come from the address ‘webmaster [at] beyond dot com’, a job recruitment site.  The email itself contains just one line of text, which in the grand tradition of phishers everywhere, is in fourth-grade English:

‘I forward this file to you for review. Please open and view it.’ That’s the entire contents of the message. Once the victim double-clicked on the Excel file, it opened a spreadsheet with no real contents other than the malicious Flash object that then exploited a Flash vulnerability. The exploit then plants the Poison Ivy backdoor on the machine and the attack is over.”

The final bastion of defense for Internet Security is the end user.  Although a Spam/Phishing/AV firewall filter greatly reduces your chances of infection in this manner, your users may not be using and accessing only your company’s email server.  Although you can and likely should implement policies to block other email services, a laptop user can connect to gateways outside your control.  Therefore it’s important to continually educate them to be wary of email, particularly from unknown sources.

Here’s a good link to share with end users about recognizing phishing email messages, links, etc.:  http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx.

Posted in Uncategorized | Comments Off on How wary are your end users?

Thirteen Windows Bulletins Patch 18 Security Holes

Critical SMB, DNS, and ActiveX Flaws Corrected

Severity: High

12 April, 2011

Summary:

  • These vulnerabilities affect: All current versions of Windows and components that ship with it
  • How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view malicious images
  • Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released thirteen security bulletins describing 18 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS11-019: SMB Client Remote Code Execution Vulnerability

Microsoft Server Message Block (SMB) is the protocol Windows uses for file and print sharing. According to Microsoft, the Windows SMB client suffers from two security vulnerabilities which attackers could leverage to execute malicious code. By enticing one of your users to connect to a malicious SMB server, or by sending a specially crafted SMB message, an attacker can exploit of either the flaws to gain complete control of a vulnerable Windows computer. However, firewalls like WatchGuard’s XTM appliances typically block SMB traffic from the Internet, making these vulnerabilities primarily an internal risk. That said, many types of malware leverage SMB vulnerabilities to self-propagate within networks, once they infect their first victim.
Microsoft rating: Critical

  • MS11-020: SMB Server Remote Code Execution Vulnerability

The Windows SMB Server also suffers from a code execution vulnerability. By sending a specially crafted SMB packet, an attacker can exploit this flaw to gain complete control of a vulnerable Windows computer. Again, this vulnerability primarily poses an internal risk since firewalls block SMB.
Microsoft rating: Critical

  • MS11-027: Cumulative ActiveX Kill Bit Update

Microsoft and external researchers have identified several Microsoft and third party ActiveX controls that suffer various security vulnerabilities. By enticing one of your users to a malicious website, an attacker could exploit any of these ActiveX controls to execute code on your user’s computer, with that user’s privileges. Like most Windows vulnerabilities, if your user has administrative privileges, the attacker would gain complete control of the user’s PC. This update sets the Kill Bit for all the vulnerable ActiveX controls, thereby disabling them in Windows. For more details about which ActiveX controls are disabled, see the Vulnerability Information section of Microsoft’s bulletin.
Microsoft rating: Critical.

  • MS11-028: .NET Framework Stack Corruption Vulnerability

The .NET Framework is software framework used by developers to create new Windows and web applications. Unfortunately, the x86 JIT compiler within the .NET Framework suffers from a complex vulnerability having to do with it incorrectly compiling certain types of function calls. The scope and impact of this vulnerability differs greatly depending on the Web or Windows .N ET application you’ve designed. In the worst case, an attacker could exploit this flaw to gain complete control of a Windows computer. However, you are only vulnerable if you are hosting a custom web application creating in a certain way, allow others to upload custom .NET web applications, or created a special .NET Windows application. If you do create .NET application, see the Vulnerability Information section of Microsoft’s alert for more details about this issue. In any case, if you’ve installed .NET Framework, you should install this update even if you don’t create your own .NET applications.
Microsoft rating: Critical.

  • MS11-029: GDI+ Integer Overflow Vulnerability

The Graphics Device Interface (GDI+) is one of the Windows components that handles images, specifically 2D vector graphics. GDI+ suffers from an integer overflow vulnerability involving its inability to properly handle specially malformed EMF images. By luring one of your users into viewing a malicious image, perhaps hosted on a web site, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, the attacker gains full control of their computer.
Microsoft rating: Critical

  • MS11-030: Windows DNS Client Code Execution Vulnerability

The Windows DNS client suffers from an unspecified vulnerability having to do with its inability to handle specially crafted Link-local Multicast Name Resolution (LLMNR) DNS queries. There are two way an attacker could exploit this flaw, which depend on what version of Windows he targets. Against Windows XP and Server 2003 computers, an attacker needs to log in to your computer locally with valid credentials, and then run a special program which would exploit this flaw to elevate his privileges. Since this sce nario requires the attacker have local access to your computers and valid credentials, it poses less risk. However, the flaws poses much greater risk to Windows Vista, 7, and Server 2008 computers. Against these versions of Windows, an attacker only has to send a specially crafted LLMNR broadcast message to leverage this flaw to execute code with the NetworkService accounts privileges, which would give him significant control of your computer.
Microsoft rating: Critical.

VBScript and JScript are both scripting languages created by Microsoft, and used by Windows and its applications. According to two Microsoft Bulletins, these scripting engines suffer from two code execution vulnerabilities. The lesser risk flaw is a recap of MS10-022, which we described in a previous alert. This is a code execution issue that only crops up when you press F1 in a very particular situation. However, the second vulnerability is an integer overflow flaw an attacker can easily trigger with a specially crafted script. By enticing you to a specially crafted web page, an attacker could leverage this flaw execute code on your computer with your privileges. If you have admin rights, then it’s game over for your PC.
Microsoft rating: Critical and Important.

  • MS11-032: OpenType Font CFF Driver Code Execution Vulnerability

Windows ships with many fonts, including the OpenType Compact Font Format (CFF) font. Unfortunately, the driver that helps Windows display the OpenType CFF font doesn’t properly validate certain parameter values. Attackers can exploit this flaw in one of two ways, depending on whether they are targeting newer or older versions of Windows. Against older versions of Windows (XP and 2003) an attacke r would need to run a specially crafted program on one of your Windows computers in order to gain complete control of that system, regardless of the attacker’s original user privileges. The attacker needs to have local access to one of your computers in order to run his malicious program. However, newer versions of Windows (Vista, 2008, 7) have an auto preview feature that will automatically preview fonts in a directory. By luring one of your users into opening a file share that contains a maliciously crafted OpenType font, an attacker could leverage this flaw to gain complete control of newer Windows computers. As an aside, this flaw is almost identical in nature to MS11-007.
Microsoft rating: Critical

  • MS11-024: Fax Cover Page Editor Memory Corruption Vulnerability

The Windows Fax Cover Page Editor (fxscover.exe) is just what it sounds — a program that helps you create a cover page for faxes. It suffers from an unspecified memory corruption vulnerability due to its inability to handle specially crafted fax cover pages (.cov). By enticing one of your users to open a specially crafted .cov, an attacker could exploit this flaw to execute code on that user’s computer, with their privileges. As usual, if your users have administrative privileges, the attacker inherits them.
Microsoft rating: Important.

  • MS11-026: MHTML Information Disclosure Vulnerability

In our February advanced notification post, we mentioned a zero day MHTML vulnerability that was similar to a Cross-site Scripting (XSS) vulnerability.The flaw involves the Windows MHTML or MIME HTML component, which is used to handle special web pages that include both HTML and MIME (typically pictures, audio, or video) content contained in one file. If an attacker can entice you to visit a specially crafted web-page, or click a malicious link, he could exploit this flaw in much the same way he might exploit a Cross-Site Scripting (XSS) vulnerability; to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on a web site. This update finally fixes that February zero day flaw.
Microsoft rating: Important.

  • MS11-033 : WordPad Code Execution Vulnerability

WordPad is the free text editor that comes with Windows. It suffers from an unspecified vulnerability involving its text converters inability to parse specific fields in a specially crafted Word document. By enticing one of your users to open such a document, an attacker could exploit this flaw to execute code on that users computer. If the user is a local administrator, the attacker gains full control. This flaw only affects Windows XP and Server 2003.
Microsoft rating: Important

  • MS11-034 Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from two elevation of privilege vulnerabilities. Though these flaws differ technically, they share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of these flaws.
Microsoft rating: Important

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS11-019:

MS11-020:

MS11-027:

* Note: Server Core installations not affected.

MS11-028:

Due to the complicated, version-dependent nature of .NET Framework updates, we recommend you see the Affected & Non-Affected Software section of Microsoft’s Bulletin for patch details.

MS11-029:

* Note: Server Core installations not affected.

MS11-030:

MS11-031 & MS11–022

Due to the complicated, version-dependent nature of VBScript and JScript updates, we recommend you see the Affected & Non-Affected Software sections of Microsoft’s Bulletins for patch details:

MS11-032:

MS11-024:

This Fax Cover Editor update requires multiple patches. Please see the Affected & Non-Affected Software section of Microsoft’s Bulletin for more details.

MS11-026:

MS11-033:

MS11-034:

For All Users:

Attackers can exploit these flaws using diverse exploitation methods. A properly configured firewall could help mitigate the risk of some of these issues. That said, the Firewall cannot protect you from local attacks, nor can it prevent attacks that leverage normal HTTP traffic. Therefore, installing Microsoft’s updates is your most secure course of action.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Posted in Uncategorized | Tagged , , , , , | Comments Off on Thirteen Windows Bulletins Patch 18 Security Holes

Malicious Office Documents Could Open Doors into Your Network

Severity: High

12 April, 2011

Summary:

  • These vulnerabilities affect: Most current versions of Microsoft Office, and the components that ship with it
  • How an attacker exploits it: Typically by enticing one of your users to open a malicious Office document
  • Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it
  • What to do: Install Microsoft Office updates as soon as possible, or let Microsoft’s automatic update do it for you

Exposure:

As part of today’s Patch Day, Microsoft released two security bulletins describing eleven vulnerabilities found in Excel and other components that ship with most current versions of Microsoft Office for Windows and Mac.

Though the eleven vulnerabilities differ technically, and affect different Office components, they result in the same problem. If an attacker can entice one of your users into downloading and opening a maliciously crafted Office document, he can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

According to Microsoft’s bulletins, an attacker can exploit these flaws using many different types of Office documents. In one bulletin, Microsoft specifically states Excel documents are vulnerable. However, they also mention any “Office files” in their other alert. Therefore, we recommend you beware of all unexpected Office documents.

If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:

  • MS11-021: Nine Excel Code Execution Vulnerabilities, rated Important
  • MS11-023: Two Office Code Execution Vulnerabilities, rated Important

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.

MS11-021:

Excel update for:

MS11-023:

For All Users:

While you can configure certain Firewall models to block Microsoft Office documents, some organizations need to allow them in order to conduct business. Therefore, these patches are your best recourse.

If you want to block Office documents, contact your Online Technology Management Support Team by email to support@otmgm.com.  Some of the file extensions you’d want to block include, .DOC, .XLS, .PPT, and many more (including the newer Office extensions that end with “X”). Keep in mind, blocking files by extension blocks both malicious and legitimate documents.

Status:

Microsoft has released Office updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Posted in Uncategorized | Tagged , , , | Comments Off on Malicious Office Documents Could Open Doors into Your Network

IE Update Corrects Code Execution and Information Disclosure Flaws

Severity: High

12 April, 2011

Summary:

  • This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows
  • How an attacker exploits it: Typically, by enticing one of your users to visit a malicious web page
  • Impact: In the worst case an attacker can execute code on your user’s computer, gaining complete control of it
  • What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you

Exposure:

In a security bulletin released today as part of Patch Day, Microsoft describes five new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows. Researchers reported four of the new vulnerabilities privately to Microsoft, while the other one was disclosed publicly. They rate the aggregate severity of these new flaws as Critical.

The five vulnerabilities differ technically, but three of the worst flaws share the same general scope and impact. This trio of flaws all involve memory corruption issues having to do with how IE handles various HTML elements, including MSHTML objects and page layouts. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these three vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker gains complete control of the victim’s computer. Attackers often leverage these type of code execution vulnerabilities to launch Drive-by Download attacks.

The remaining two issues are less severe  information disclosure and click-jacking vulnerabilities.

Keep in mind, today’s attackers commonly hijack legitimate web pages and booby-trap them with malicious code. Typically, they do this via hosted web ads or through SQL injection and XSS attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.

If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technical differences aside, the memory corruption flaws in IE pose significant risk. You should download and install the IE cumulative patch immediately.

Solution Path:

These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.

Internet Explorer 6.0

Internet Explorer 7.0

Internet Explorer 8.0

* Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.

For All Users:

These type of attacks typically look like normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Posted in Uncategorized | Tagged , , | Comments Off on IE Update Corrects Code Execution and Information Disclosure Flaws

After Comodo breach, Internet users urged to update browsers

(Reposted from http://newsinfo.iu.edu)

BLOOMINGTON, Ind. — Indiana University’s Center for Applied Cybersecurity Research is strongly encouraging Internet users to update their web browsers following the compromise of a Certificate Authority — discovered Wednesday (March 23) — that leaves potentially valuable data at risk of being intercepted and stolen.

Though you may not have heard of Certificate Authorities (CA), they play an instrumental role in securing the Internet, according to CACR Deputy Director Von Welch.

“Just as the government issues forms of identification to prove your identity, CAs serve as proof of digital identities, called certificates, to secure websites that let your web browser know that it is really talking to sites like Google, Yahoo!, or your bank,” Welch said.

But Wednesday morning, an independent security researcher published the results of an investigation that revealed a CA, Comodo, had been compromised and fraudulent certificates issued. Comodo later verified the compromise.

The list of certificates the attacker tried to generate includes many of the world’s most popular communications and social media websites: Google, Yahoo!, Skype, Mozilla, and Windows Live, among others.

“Wednesday’s CA compromise discovery means that those responsible for the breach could create fake websites that look and behave exactly like real ones and include the normal indication that the site you are visiting is secure,” Welch said. “That could lead to passive eavesdropping on a user’s communications with a website, including stealing passwords, emails, and other communications.”

Welch said it is not yet clear what the motivations of the attacker are.

“Right now we don’t believe anyone has been victimized by this yet. To be safe, update your web browser, including web browsers on mobile devices such as smart phones and tablets such as the iPad,” Welch said. “Microsoft, Firefox, and Chrome have all released updates that protect against the fraudulent certificates that were discovered Wednesday. The rest are sure to soon follow.” Check for available updates to your web browser and install them if prompted.

These simple fixes are easy to complete and will help protect you against vulnerabilities posed by the Comodo breach. In the future, however, Welch said there is a great need to create better mechanisms to deal with such compromises, including systems that can resist the compromise of a single certificate authority.

The Center for Applied Cybersecurity Research is a part of Indiana University’s Pervasive Technology Institute, and affiliated with the IU Maurer School of Law.

Posted in Uncategorized | Tagged , , , | Comments Off on After Comodo breach, Internet users urged to update browsers