Monthly Archives: December 2013

Remote Access Tool Misuse & Familial IT Support

I read an excellent article by Nate Anderson in Ars Technica, “How the FBI found Miss Teen USA’s webcam spy” about how they broke the recent Miss USA ‘sextortion’ case.  It got me thinking about how many of my friend and colleagues become temporary IT support personnel at the end or the year trying to help their parents and loved ones through their various computer problems.  While remote access tools are a tremendous help in solving these issues without having to travel to someone’s home; they do pose a risk.  Even my wife’s favorite support tool; Teamviewer has been targeted.  By their design these tools are developed to sit and listen for an incoming connection.  If you do use these tools make sure that you are using a non trivial password or pass-phrase.  Try to make sure that the tool doesn’t load upon start up and requires that someone find and execute the program before a remote connection can be created.  If possible move the link to the utility out of the normal applications folder and into a sub folder so that it is that much harder to ‘accidentally’ launch.

Why Security is Hard: When APTs became TPAs

Trying to secure the Internet and all it’s users, content, and services is a difficult job. The Internet is a global resource that supports many different cultures and languages.  The purpose of the various Internet web sites that appear on the Internet vary from commercial sites selling products and services to informational sites about many more topics that most people need or care to know about.  There are a myriad of operating systems and applications used to produce and access those sites.  As if Advanced Persistent Threats (APT) were not bad (or scary) enough there is now a new term used to describe the attacks that security personnel are trying to secure all these operating systems and applications from.  Welcome Targeted Persistent Attacks (TPA)!

The first read where I came across TPA was over at Tech Republic.  During an interview with the Research Vice President at NSS Labs they report:

“The truth of the matter is that an APT is sometimes made up of known exploits/vulnerabilities that are not that Advanced; so the term APT doesn’t define the action correctly. TPA highlights that the actor is going after a specific target such as company X or an entire industry sector like financial services, and will be persistent in attacking the target”

Uhh?  So the reason we need a new category of product is because some malware writer slacked off and didn’t use the latest, most advanced exploit or vulnerability and instead used something that Microsoft already addressed a couple of Tuesday’s ago?

To be fair this blog post that also appeared at NSS labs makes a better case for the new term (TPA that was).  What NSS Labs seems to be talking about here is threat or breach detection.  Of course, there is also a TPA focused Breach Detection Systems (BDS) product buyers guide.