Underrated computing threats you need to know about

Your PC may be protected from all the well-known dangers, but there are some you may not have thought of.

1 2 3 4 Page 3
Page 3 of 4

QuickTime concerns

The threat

We sometimes forget that there are Apple products on the Windows PC — and those need to be regarded with the same sort of scrutiny as any other application. A big part of the concern is, again, ubiquity: Many PCs have QuickTime or iTunes installed, and most of us don't think of those things as potential security holes. However, various exploits have been documented in both the Mac and PC versions of QuickTime.

The mechanism

Two examples: In 2007, a nasty buffer overflow exploit affected just about every extant version of QuickTime in both Windows and Mac machines. And another bug was found in 2008 with similar properties. (Want more examples? Search US-CERT using the keyword "QuickTime" to see many more such exploits.)

The prevention

Apple does have an automatic updater for its software in Windows, so PC users should keep QuickTime updated. Also, keep the number of file types associated with QuickTime itself to a minimum — most people just use it to play QuickTime files and nothing else anyway, so this helps limit the available attack surface.

Obfuscated URLs

The threat

URL-shortening services like bit.ly or is.gd have become all the rage with the rise of Twitter and Facebook. They're also a great way to slip someone a digital Mickey Finn: What better way to hide an attack than to not even let people know the actual URL they're clicking on?

The mechanism

URL shorteners generally perform no safety checking on the links they process. Also, shortened URLs tend to be passed around from user to user without much thought for whether or not they've been sanitized. Consequently, someone can pass you a direct link to malware or to an infected site, and folks with a blind click-first reflex may end up taken somewhere they don't want to go.

The prevention

LongURL is a site that lets you paste in a short URL and expand it to see if you're dealing with something malicious. If copy-and-paste is too much hassle, they also provide an add-on version of the service for Firefox, which shows you the long version of the URL when you hover over a shortened link. LongURL also offers a set of APIs that can be integrated with things like jQuery, so people who integrate link-shortening tools into their own sites or programs can make use of such tools, too.

In addition, many Twitter clients — such as TweetDeck and Mixero, to name two — have a preview function that shows the long form of a shortened URL so that you can see what you're about to click on.

DNS poisoning

The threat

DNS servers translate raw Internet addresses (such as 12.94.65.175) into human-friendly domain names (www.myfunsite.com). With a little work, the information provided by some DNS servers can be hijacked or misdirected — "poisoned" — allowing an attacker to send someone to any Web site they choose.

The mechanism

The most common DNS poisoning attacks exploit flaws in DNS server software to allow fake name-resolution data to be sent to clients. One of the worst examples of DNS poisoning surfaced in 2008, when computer researcher Dan Kaminsky demonstrated how domains could be redirected with the then-current version of BIND, the software that most servers use to perform DNS resolution. The end result: You can hijack an entire domain — including its subdomains, its mail servers (MX entries), its SPF records and everything else that can be stuffed into its DNS resources.

The prevention

In this case, prevention is mostly up to the people running domain name services. Admins should update to the most recent version of BIND, which is much more skeptical about the data it receives and performs more thorough cross-checking to prevent poisoning.

If you have doubts about the validity of your DNS hosting, you can test it through the DNSStuff.com toolset. Its DNSreport Demo (free for regular users; the full non-demo version is for-pay) lets you check the results of DNS resolution for common domain names from your servers. If you suspect your DNS servers are dodgy or compromised, you can always use a different one by editing your TCP/IP settings or by setting your in-house router (if you use one) to resolve to another server. The Google Public DNS service might come in handy here, since Google claims its DNS is less vulnerable to poisoning.

1 2 3 4 Page 3
Page 3 of 4
  
Shop Tech Products at Amazon