The Art Of Noh

November 9, 2009

Why is Apple Meddling With My Windows AutoRun?

In every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or, worse, this is not what the users want.

The most popular example of this applies to Apple. Focusing on eye-catching designs and easy to use products, Apple is listed in almost every marketing book as a success story.

Interestingly, maybe their second most popular software product, Mac OS X (after iTunes) represents a curious blend between eye-catching, easy to use, flexible, usable and decently secure, modern operating system. Please notice how I avoided saying "secure" and instead, wrote "decently secure". Not wanting to start a holy war, I'd like to state that no operating system is bulletproof. Or, if an operating system even remotely tries to achieve that, nobody really wants to use it. Take VMS for instance; it was maybe one of the most secure operating systems ever design, yet, it was a pain to use. Ten years ago, in my University, the people doing schoolwork on VMS dreamed of doing it on Linux. Yet, a computer running VMS with 4MB of RAM and a 40MB hard drive could host 50 concurrent users, while a similar Linux computer started having issues with more than 10 users. VMS was not only secure, but it was resource efficient as well. It was that good. Yet, it went into oblivion, just like it will happen to any other secure but a-pain-to-use OS.

With Windows 7, Microsoft made an interesting move. The developer of the most attacked operating system in the world decided to turn off an age-old option. This was one of the options that made the operating system easier to use but much, much more insecure. I'm talking of course about AutoRun.

You can imagine my surprise when I got the following message from iTunes, while plugging my iPod to transfer some newly purchased albums:

So, iTunes detected that my system was more secure but less usable, and decided that maybe it's a good idea to change that back! My surprise was even bigger after seeing the following message from iTunes:

Therefore, even if AutoRun is off, iTunes will still recognize my CDs!

With that in mind, Apple's decision with iTunes doesn't make any sense. It took Microsoft more than 25 years to finally understand how important security is, and then it took them another 5 years to understand that AutoRun is inherently flawed and insecure, so it needs to be deactivated by default.

As I was saying, Apple is a success story when it comes to combining easy to use technology with eye catching design, while keeping it also decently secure. It is a real pity though when somebody finds slips like the one above. Will it also take them 5 or 10 or even 25 years or so to understand the dangers of AutoRun?

I certainly hope not.

[guest editorial written for Threatpost.com - check the original post here]

Posted by Costin Raiu at 4:18 PM | Comments (0)

October 20, 2009

Crawling Twitter

Slides from my Virus Bulletin 2009 presentation (together with Morton Swimmer) in Geneva:

Twarfing: Malicious Tweets

View more presentations from Costin Raiu.

Additionally, if you can read Romanian, I've written a short story about the project for my friend Radu Georgescu's blog here (thanks for the invitation, Radu!):

http://www.radugeorgescu.ro/2009/10/15/malware-de-pe-twitter/

Enjoy,
Costin

Posted by Costin Raiu at 2:11 PM | Comments (0)

August 8, 2008

The dark side of teaching

Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software.

http://www.newsweek.com/id/150465

Back in my university years, we had course dealing with the topic of Data Communications. Not unusual for my faculty, the lab part of the course included a couple of things which had nothing to do with communications. For instance, there was one homework which requested the students to write a boot virus. I went to the assistant and asked for another assignment, as writing viruses is not something I wanted to do. The assistant refused my proposal, refused discussing the subject (he was 'busy') and subsequently gave me 0 points for that particular homework.

Every now and then, in a teaching institution, somebody comes up with the brilliant idea of teaching students about malware. I am not joking here, it IS a brilliant idea. What is however wrong with it, in 99% of the cases, is that the people who come up with the idea have absolutely no clue about ethics or just don't care about it. They also do not understand that writing malware is not the best way to teach people about how to protect against it. Actually, writing malware is the easy way; it is much easier to write malware than writing antivirus programs. Of course, there is also a dark attraction towards writing malware and young people are easy to fall prey to it.

Back to my university years and to the boot virus writing homework, only a few people bothered doing it. Of them, most actually took the Michaelangelo (March6) sourcecode and shuffled it around. A few years later, I heard that homework was removed from the course's curriculum. Most of the people were just taking existing boot viruses and patching them. And it wasn't really a Data Communications assignment per-se.

There are many other more interesting things to teach about than writing viruses, sending spam and circumventing protection solutions. Yet, there will always be people willing to join the dark side, for one reason or another.

The bad thing is that their number seems to be increasing from year to year.

Posted by Costin Raiu at 2:11 PM | Comments (0)

October 22, 2007

LinkedIn 419 scam

Bad guys using LinkedIn for what it seems like a 419 scam:

Simpson Millar’s CONSULT AND CHAMBER,
LIVEPOOL UNITED KINGDOM
Tel: xxxx
Email: xxxx

How are you? i trust you are having a nice day. I am mailing you in reference of investment in your country through you. I am delighted to let you know that, am a consultant and associate of Simpson Millar’s CONSULT AND CHAMBER, UNITED KINGDOM.

I have a client (Kurt Kahle) based here in the UK, who died in the year 2000 with all the members of the Family died in the Plane Crash. You can as well confirm this news at the BBC News Website:
(http://news.bbc.co.uk/1/hi/world/europe/859479.stm)

leaving behind the sum of GBP 11, 520,000.00 (Eleven Million, Five Hundred and Twenty Thousand Pounds). Before his death he disclosed to me his intention of investing in Real Estate business in foreign country and I have not been able to contact any of his family members. He further told me that he deposited this money in Security Company GERMANY for this project.

Meanwhile, i would want us to discuss on how this investment we be done, I am entrusting you with the transaction, since i have not been able to contact any of his family members. As soon as i received from you the confirmation of taking care of my late client properties, we shall then been discussing on how to consult the security company in GERMANY, on how this fund should be release to you for the investment properly.

Wait to hear from you soonest.

Regards

Johnson Mills

Company: Simpson Millar LLP
Job Title: Project
Description: Investment Project

Posted by Costin Raiu at 5:48 PM | Comments (0)

October 18, 2007

Audio stock spam

Today I've seen a couple of reports from various people that the Storm gang has changed once again tactics and started sending out MP3 files with pump and dump stock hints.

Here's one such example received by my girlfriend on her Yahoo e-mail account.

The stock they are spamming, as far as I can make it from the bad quality MP3 is:

http://finance.google.com/finance?q=exto

So far it seems that the method is not as good as the old fashioned plain text stock spam but I'll keep an eye on it to see if it picks up.

Posted by Costin Raiu at 5:58 PM | Comments (0)

October 12, 2007

Restarting in 5

Earlier today I launched a wget to fetch FC7 from www.linuxusers.ro. While I was doing other things, I saw the following window appearing on my laptop: