[ISN] Beware That Company Box You Took

From: InfoSec News (isnat_private)
Date: Tue Sep 04 2001 - 23:14:43 PDT

  • Next message: InfoSec News: "[ISN] How bigger, badder Code Red worms are being built"

    By Michelle Delio 
    2:00 a.m. Sep. 4, 2001 PDT  
    Dead dot-coms are still alive in some ex-employees' computers. But
    these haunted hard drives harbor huge security holes instead of
    Inexperienced home users running corporate-configured computers are a
    security disaster just waiting to happen, said Christopher Budd, a
    manager at Microsoft's Security Response Center.
    Many who worked for now-defunct businesses inherited or appropriated
    the computers they had been using at the office. These computers are
    typically configured for use on a corporate network protected by
    skilled system administrators, firewalls and other industrial-strength
    security measures.
    When removed from their network, taken home and hooked up to a modem,
    the computers are immediately transformed into easy targets for
    malicious hackers.
    And it's not just the recently fired who are running these highly
    vulnerable machines. Bargain hunters are also at risk, said Jack
    Danahy, manager of the Server Security Division at WatchGuard
    "Take a look at how many powerful machines are suddenly for sale cheap
    at places like eBay. There are kabillions of these machines, and I'd
    guess that many come from closed-down businesses and haven't been
    reconfigured," Danahy said. "Chances are good that the systems
    administrator was fired before the accountant, and nobody was left to
    clean up these machines before they got sold for 10 cents on the
    Kerry Rondell took her laptop home when the Web design company she
    worked for suddenly went out of business in July. Employees were
    allowed to take computers and other office equipment in lieu of
    severance pay.
    Rondell said that after a week or so, her computer began "acting
    funny." Shortly after, she started getting e-mails warning her that
    her machine, which runs Windows 2000, was infected with the Code Red
    II worm.
    "I didn't know what to do so I took the computer to a repair shop,"
    Rondell said. "They told me yes, my machine was infected with that
    Code (Red) worm, and it was also infested with programs that could let
    hackers look at whatever is on my computer. My whole life is on that
    machine. I feel like I've been raped."
    Microsoft's Windows 2000 and NT are the operating systems of choice
    for many networked business computers, but some security experts say
    that these systems are not the best choice for unskilled users.
    "I don't think NT/2000 is suitable for the average home user," said
    Robin Keir, chief software engineer of security firm Foundstone. "Many
    of these people can barely use AOL, so they don't stand a chance
    trying to configure their network protocols and security settings."
    Microsoft's Budd said Windows 2000 and NT operating systems are quite
    secure, but he is worried about people running machines that were
    configured for use on corporate networks.
    "Microsoft Windows 2000 and NT are proven secure platforms that are
    used successfully by millions of customers," Budd said. "In this case,
    though, people are using configurations that they've inherited from
    the previous owners. This is never a good idea and has the potential
    to lead to disaster."
    One of Windows 2000/NT's major selling points is that the systems
    allow knowledgeable users to configure the system to suit their
    individual requirements, Budd said.
    "But clearly, settings that are appropriate for an enterprise will not
    be appropriate for home use," Budd said. "This may lead to a number of
    problems, including security issues."
    Marquis Grove of Security News Portal thinks that the "more earnest"
    users will make the effort to reconfigure their machines for home use
    and will also perform other essential chores such as regularly
    patching their software and updating antiviral applications.
    But Grove believes that many of these "fully loaded" machines are now
    owned by people who have always relied on a systems administrator to
    secure and maintain their machines.
    "Most of them are totally unaware that computers can't just be turned
    on and left to their own devices," Grove said.
    Jerome DelVicchio, an accountant for a defunct pet supplies e-commerce
    site, said that he and other employees were allowed to take their
    "wonderfully powerful" laptops with them when the company closed.
    "Some of us keep in touch, and we all started to notice our machines
    were acting oddly - they were really sluggish, the screensavers or
    other settings would sometimes spontaneously change, and sometimes the
    disk drive light would be flickering when we weren't doing anything on
    the computer," DelVicchio said.
    "So I got ahold of our old systems guy, who was horrified that we were
    running network machines without changing the security settings to
    suit non-networked computers. He said it was like having unprotected
    sex with 100 hookers - you're bound to get infected with something."
    DelVicchio's ex-system administrator, who did not want to be
    identified, said in an e-mail, "These idiots are running machines that
    were specifically configured to make it very easy for them to share
    information with each other across the network. And most of them have
    high-speed Internet connections, but they didn't bother to install a
    basic firewall application.
    "I told them all this when the office closed, but they always thought
    I was paranoid. So now they are for all intents and purposes happily
    sharing whatever it is on their computers with the entire Internet.
    Way to go, guys."
    There are no statistics on how many corporate machines have made their
    way to non-corporate use, but many security experts thought that a
    significant number have recently moved from business to home machines.
    And security watchdog CERT issued an alert in July, warning of the
    "significant increase" in security compromises of home computers.
    Budd's advice to those who "choose to operate inherited software" is
    to start from the very beginning.
    "They should perform a new installation of the software from scratch
    and configure it appropriately using the tools and checklists
    available on Microsoft's website," Budd said. "This process of
    customizing software to operate securely in a new environment is
    That's a good plan, assuming you have access to the software disks. If
    not, the best thing to do is to scan the computer with Microsoft's new
    MPSA security tool and apply the suggested fixes and patches. The tool
    only works with Windows 2000 and NT operating systems.
    Radsoft, a company that makes security tools and other software, has
    posted a safe-computing checklist on its site to aid the overwhelmed.
    And all users, especially those with cable and DSL connections, should
    run personal firewall software and an antiviral utility, Grove said.
    "Running a home computer without these two essential programs is like
    trying to drive a car that is not equipped with brakes or a horn,"
    Grove said. "You can't stop and you can't warn others."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 01:17:47 PDT