Niche Konsult Limited'sNewsletter November 2008 Edition
This email message is being sent to all individuals who have expressed interest
in Niche Konsult or Niche Konsult partner products and solutions in accordance
with Niche Konsult’s
You may opt out of future mails by sending a mail to
with “Unsubscribe” in the Subject line.
View in Browser
Feature Story: Phishing - Why You Should Care!
What it is
Phishing scams make use of social engineering to trick consumers into revealing
personal, financial or confidential information, such as credit card numbers, account
usernames and passwords, etc.
They are usually disguised as an email from a trusted source such as a bank or respected
online retailer – that directs the recipient to a fake website - usually a flawless
reproduction of the genuine site. The bogus site requests users to confirm their
records, or maintain their account. At other times, these fake sites are sometimes,
malicious sites in disguise, where the attacker can then use exploits to install
backdoors or gain access to the victim’s computer data, for instance.
It is also known as ‘carding’ or ‘Brand Spoofing’
How it works
- Hundreds of thousands to millions of spam mails are sent daily
- When the user receives the mail, he replies to the call to action contained therein
by clicking on a link in the email
- He is then directed to a fraudulent website where he will most likely have to
logon to update his detailsSource-dependent redirection of network traffic
- Once personally identifiable data is collected
- The criminals mask under the victims identity to commit crimes or in the alternative,
the hosts file on the users PC is modified, and as a result, when he attempts to
access certain sites, his browser will appear to take him to his desired destination,
but in point of fact will actually take him elsewhere or because of inherent vulnerabilities
in the users browser, when he clicks on a link, the browser will display a legitimate
URL in the address bar but will actually load something else
Financial Service Companies Banks both foreign and local. Foreign banks that have
fallen victim include the following :Citibank, Visa, Lloyds, Paypal, Fleet, Barclays,
Wells Fargo, West Pace, Halifax, MBNA, Post Bank, First USA. Credit/debit card operators
and merchants such as Visa, Mastercard, American Express, TJX. Electronic Payment
service providers such as Interswitch and e-Tranzact
Retail Trade/E-commerce sites e.g.: eBay, Yahoo
Telecoms e.g.: Verizon
Individuals The huge number of people using the internet who do not understand the
hidden dangers of internet use. Criminals can easily copy logos and other information
from legitimate business websites and place them in
phishing emails and websites
to deceive these.
Government Entities like the Central Bank of Nigeria, as a matter of fact its equivalent
in the UK and the US have been victims in the past.
Who is behind it?
Spammers – These scams serve to
increase and hasten their distribution
Organized Criminals – These solicit, collect and sell bank account numbers, credit
card validation codes, ATM/Debit card or Credit card numbers and pins to others
who use such information to access customer accounts through online banking, set up false bill payments, transfer funds to their checking accounts or withdraw the
money through ATM machines ...
Please click here to read the rest of the article
Disclosure: Niche Konsult resells anti-phishing solutions amd provides value
Database Security – Making the Case
SANS Institute is running a Database Security
Compliance Survey. We encourage you to participate.
Also click here to view port information for your database server's open
Enterprise Security – Log Collection and Analysis Infrastructure – Part 1
Events and You
An event is an action. An event log is a group or listing of such actions. All software
and hardware on your network generate copious amounts of records and alerts (simply
events). Event logs are thus a valuable tool for monitoring network security and
performance. Unfortunately though, due to their complexity and volume they are often
underutilized. A recent survey carried out by SANS Institute found that 44% of system
administrators do not keep logs more than a month. Others often do not even feel
the need to look at logs at all.
This diagram depicts the Windows Event Viewer
Fact is proper log management helps you to meet several objectives including:
system and network security,
- System health monitoring,
- Legal and regulatory compliance,
- Forensic investigations.
Detailed reasons why event log management is a must have:
- Event logs are a reference point when something goes wrong and they provide a
history of events (i.e., an audit trail of user activity) often required when you
need to carry out internal forensic investigations internally or at the instance
of a court of law
- Government regulations worldwide such as Basel II, PCI Data Standard, Sarbanes
Oxley Act, Gramm-Leach-Billy Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance
1999, UK Data Protection Act, EU DPD, Advance Fee Fraud Act 2006 are increasingly
requiring the maintenance of vast volumes of log information in anticipation of
an audit many weeks, months or years down the road
- Event log monitoring and notification helps identify problems in advance thus
providing a proactive approach to network trouble today, rather than tomorrow
- Event log monitoring can result in real-time notification of suspicious activity
In particular, Section 11 of Nigeria’s proposed “Computer Security & Critical
Information Infrastructure Protection Bill” mandates all service providers to keep
all traffic information, subscriber information and specific content as may be specified
from time to time and to provide such information if requested by law enforcement.
Part 2 - will deal with the various types of event logs and some of the tools used
to mine the data within these logs.
Disclosure: Niche Konsult resells event log monitoring software and provides
value added services
General Security- Passwords and You: Please Pass along to your friends
Please pass this reminder to your users as the old year gives way to the new:
Passwords are like Underwear... Change yours often.
Passwords are like Underwear... Don't leave yours lying around.
Passwords are like Underwear... Don't share them with friends.
Passwords are like Underwear... Be mysterious.
Passwords are like Underwear... The longer the better.
- Courtesy ITCS, University of Michigan
- The danger of web browser "remember your password"feature
Have you ever taken advantage of the offer by your browser (either Internet Explorer
or Mozilla) to help you remember passwords?
After reading this
article and trying this
nifty utility you might have a re-think.
For more information on creating really strong passwords, try these links:
– Personal Data of some 26.5 million Americans compromised
The names, Social Security numbers, and birthdates of veterans discharged since
1975 were lost when a laptop and a hard disk from the home of a Veterans Affairs
Department employee was burgled. Here is article from
News.com and from
– American government requires that contractors subscribe to and enforce a Code
Recently, the Nigerian government had to cancel a proposed contract award for a
multinational on the grounds of graft. It seems problems like this are not limited
to countries like Nigeria, given that the American government is set to enforce
code of ethics for its contractors from December 24, 2007 onwards. Here
is a copy of the
Government Security– Dutch civil servants caught hacking press agency
The Nigerian civil service is notorious for one thing - the trust that civil
servants have for other civil servants is quite high. The general consensus during
my informal discussions with quite a few of them is, if there is an enemy, it has
got to be an outsider. However, this story about the
Dutch press agency hack
reveals one thing, insiders can be a pain in the
neck! It is therefore very important that the Appointments, Promotion and Disclipine
(APD) liaise with the Planning Research and Statistics (PRS) or Information Technology
(IT) Departments as the case may be to revoke computer and network privileges before
termination of employment
by the employer or immediately after voluntary
retirement by the employee.
This story though demonstrates one thing that technology is just half the solution, given that insiders gave out their login details to others.
– Economically motivated nation-state cyber espionage on the rise!
TimesOnline story captures the problem so well. The United States and Great
Britian have been complaining against China
a great deal in recent times. Here is an
American view of the problem, and that is why governments are worried when
by their defence arm is developed overseas.
- Nigeria set to conduct Privacy Impact Assessment Study of National ID
The Nigerian government through its National Identity Management
Commission is currently
requesting for consultants to indicate interest in the conduct of a Privacy Impact Assessment Study. Such consultants may visit Room 3.89, Third Floor, Phase I, Federal
Secretariat Abuja to obtain more information. This is following on the heels of the
proposed National ID program and the award of contracts for same.
The question is does Nigeria really need a Privacy Impact Assessment Study? Well,
read on. At the 3rd International Investment Roadshow of the Nigerian Stock Exchange,
the Director General boasted that the Central Security Clearing System (CSCS)
a subsidiary of the Nigerian Stock Exchange had the capacity to hold data on up
to 10 billion people. Currently, Nigeria has no privacy legislation, except for a very
brief mention in the Nigerian Constitution. Several government instititutions particularly
those dealing with graft as well as service providers in the private sector collect
and use lots of personally identifiable information, we believe that this will end
up putting Nigeria on the map of those nations with privacy legislation.
Also as far back as 2005, a member of Niche Konsult’s board made an appeal to the
government through the Consumer Protection Council for the establishment of a Privacy
Here are the
Why the CPC
law should be reviewed
A Privacy Watchdog
A Privacy Agenda - To be or Not to Be?
Also here are some links on National ID card programs elsewhere:
don't like it
Instant Messaging Security
– Don't leave your PC unattended while Instant Messaging!
MessenPass is a password recovery tool that reveals the passwords of the following
instant messenger applications:
- MSN Messenger
- Windows Messenger (In Windows XP)
- Windows Live Messenger (In Windows XP And Vista)
- Yahoo Messenger (Versions 5.x
- Google Talk
- ICQ Lite 4.x/5.x/2003
- AOL Instant Messenger v4.6 or below,
AIM 6.x, and AIM Pro.
MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.
- Microsoft Releases Office 2007 SP1
Microsoft recently released Service Pack 1 for Microsoft Office 2007. According
to Microsoft, this update includes customer requested stability and performance
improvements as well as user security enhancements. Here is the
download link and a
article that says what has changed
Office Security -
- Block all Microsoft Access database (.mdb) files via email/Internet from
entering your network
According to Microsoft such files are "designed for the sole purpose of executing
commands,” hence the concern. While US-CERT has indicated that absolutely no user
interaction is required to launch such attacks, and has recommended that users do
not launch attachments from unknown sources as well as email server .mdb blockage.
See the related Microsoft Knowledgebase
Microsoft Security Bulletin
Office Security -
- Tales your Electronic Documents Tell!
Earlier this year, a security commentator conducted some forensics on a powerpoint
presentation upon which she based her estimation of the United States Defence budget
for contractors. Here are the links:
Portable Device Security
– Her Majesty's Revenue and Customs (HMRC) bans removable storage media
In the fallout to the scandal discussed above,
HMRC staff no longer have access to CDs and other portable/removable storage
Here is what a notable security author/researcher had to say about
portable storage media security
Portable Device Security
– GFI EndPointSecurity 4 released
This new version ships with a number of new and improved features including advanced
access control that allows the blocking of a range of device classes, as well as
blocking file transfers by file extension, by physical port and by device ID. Administrators
can also use a device whitelist and blacklist to allow only company-approved devices
and block all others. Furthermore, temporary access can be granted to users for
a device (or group of devices) on a particular computer for a particular timeframe.
To download an evaluation,
click here and to learn more,
GFI EndPointSecurity allows control over the following device categories:
- Floppy disks
- CD \ DVD
- Storage Devices
- PDA Devices
- Network Adapters
- Imaging devices
- Human Interface devices
- Other devices
GFI EndPointSecurity can also control the physical port to which devices are
- USB ports
- FireWire ports
- Serial (COM) ports
- Parallel ports
- Infrared (IrDA) ports
- Bluetooth adapters
- Wireless (WiFi)
Disclosure: Niche Konsult is a GFI Value Added Reseller
- Introducing SWFIntruder: Flash Application Security
SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed
for analyzing and testing security of Flash applications at runtime. It helps to
find flaws in Flash applications using the methodology originally described in Testing
Flash Applications  and in Finding Vulnerabilities in Flash Applications 
Some neat features:
- Basic predefined attack patterns.
- Highly customizable attacks.
- Highly customizable undefined variables.
- Semi automated Xss check.
- User configurable
- Log Window for debugging and tracking.
- History of latest
5 tested SWF files.
- ActionScript Objects runtime explorer in tree view.
Configuration and Layout.
SWFIntruder is hosted @
OWASP and is sponsored by
Introducing Sqlmap: a blind SQL injection tool (release 0.5)
Sqlmap 0.5 is an automatic SQL injection tool entirely developed in Python. It is
capable to perform an extensive database management system back-end fingerprint,
retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS,
read system files and much more taking advantage of web application programming
security flaws that lead to SQL injection vulnerabilities.
Symantec September "Internet Security Threat Report" - Why you should care!
Hackers have turned attention to Web application vulnerabilities. The grim statistics:
61% of all vulnerabilities disclosed in the first half of 2007 were web application
vulnerabilities. The Source: The September "Internet
Security Threat Report" from
Disclosure: Niche Konsult is a Symantec Value Added Reseller
Introducing Nikto 2: Open Source web server scanner
Nikto 2 is finally available. Nikto is an open source (GPL) web server scanner which
performs tests against web servers for multiple items, including over 3500 potentially
dangerous files/CGIs, versions on over 900 servers, and version specific problems
on over 250 servers.
Version 2 adds a ton of enhancements, including:
web servers via favicon.ico files;
- 404 error checking for each file type;
false positive reduction via multiple methods: headers, page content, and content
- Scan tuning to include or exclude entire classes of vulnerability checks;
- Uses LibWhisker 2, which has its own long list of enhancements;
- A "single" scan
mode that allows you to craft an HTTP request manually;
- Basic template engine so
that HTML reports can be easily customized;
- An experimental knowledge base for
scans, which will allow regenerated reports and retests (future);
bug fixes and more.
For more info visit http://www.cirt.net/code/nikto.shtml
Introducing CORE GRASP for PHP
CORE GRASP is a web application protection
software solution developed by CoreLabs,
the research unit of Core Security Technologies.
GRASP protects against injection vulnerabilities and enforces privacy in web applications.
GRASP is now available as open source software, under the Apache 2.0
license, and the invitation to collaborate with the project is open. If
you would like to collaborate, please subscribe to our
Introducing XSS-Me and SQL-Inject Me
Security Compass is proud to announce the release of the first two tools in its
Exploit Me series of application penetration testing tools for Mozilla FireFox:
XSS-Me and SQL Inject-Me. Currently in their beta release stage, these open source
(GPL v3) FireFox plug-ins search through web applications for vulnerable visible
and hidden form fields to perform input validation attacks. SecurityCompass believes that these
tools will be invaluable not only to penetration testers and QA testers, but also
to developers as a light-weight method to check for common application security
vulnerabilities during the development process. Please visit
to download these plugins. Please send any feedback to
email@example.com and bugs to
Web Security - KYC or KYE?
- Banks call it KYC (Know Your Client), Now How about KYE (Know Your Enemy)
- How to get around Group Policy under Windows
Here is how!
- Serious Vulnerability! Windows 2000 communication security flaw
The Windows random number generator,
which plays an integral part in email encryption and the Internet browser SSL encryption
protocol has been discovered to have a
- Windows XP Service Pack 3 coming
Found two really good preview, here is the
first and the
New features include Network Access Protection (required for compatibility with
Windows Server 2008), Product keyless installation, new kernel mode
cryptographic module and a blackhole router detection algorithm, grab Windows XP
Serice Pack 3 Release Candidate 1 from
- Windows Vista/Windows XP Service Pack Blocker
As usual Microsoft has released these
- Web Proxy Auto-Discovery (WPAD) technology vulnerability
This vulnerability affects both Windows and Internet Explorer. Here is a
press mention and
Cisco Catalyst 3750 Series Switches now available from Niche Konsult at competitive
Catalyst 3750 24 100BaseFX + 2 SFP Standard Multilayer Image
Catalyst 3750 24 10/100 + 2 SFP Standard Multilayer Image
Catalyst 3750 24 10/100 + 2 SFP Enhanced Multilayer Image
Catalyst 3750 24 10/100 PoE + 2 SFP Standard Image
Catalyst 3750 24 10/100 PoE + 2 SFP Enhanced Image
Catalyst 3750 48 10/100 + 4 SFP Standard Multilayer Image
Catalyst 3750 48 10/100 + 4 SFP Enhanced Multilayer Image
Catalyst 3750 48 10/100 PoE + 4 SFP Standard Image
Catalyst 3750 48 10/100 PoE + 4 SFP Enhanced Image
Catalyst 3750 48 10/100/1000T PoE + 4 SFP Enhanced Image
Catalyst 3750 48 10/100/1000T PoE + 4 SFP Standard Image
Catalyst 3750 48 10/100/1000T + 4 SFP Enhanced Multilayer
Catalyst 3750 48 10/100/1000T + 4 SFP Standard Multilayer
Catalyst 3750 24 10/100/1000T PoE + 4 SFP Standard Image
Catalyst 3750 24 10/100/1000T PoE + 4 SFP Enhanced Image
Catalyst 3750 24 10/100/1000 + 4 SFP Enhcd Multilayer;1.5RU
Catalyst 3750 24 10/100/1000T Enhanced Multilayer Image
Catalyst 3750 24 10/100/1000 + 4 SFP Std Multilayer; 1.5RU
Catalyst 3750 24 10/100/1000 + 4 SFP Std Multilayer;1RU
Catalyst 3750 24 10/100/1000 + 4 SFP Enh Multilayer;1RU
Catalyst 3750 24 10/100/1000T Standard Multilayer Image
Catalyst 3750 16 10/100/1000BT+ 10GbE (req XENPAK) Enh Image
Catalyst 3750 16 10/100/1000BT+ 10GbE (req XENPAK) Std Image
Catalyst 3750 12 SFP Enhanced Multilayer Image
Catalyst 3750 12 SFP Standard Multilayer Image
Catalyst 3750 12 SFP DC powered Standard Multilayer Image
Please email for prices.
These products are new sealed in Cisco box.
Discounts will be considered for quantity purchases
Niche Konsult is desirious of establishing resellers throughout Nigeria, if you would like
to work with us, please drop us a line
telling us you are the one we have been looking for.
Niche Konsult is currently recruiting! Marketers only wanted! If you fit the bill,
then do get in touch
Offers of the Month - McAfee
Get McAfee Security Center
between now and December 31, 2007 and get 37% off the regular price! Call/Email
Offers of the Month -Uniblue Holiday Super Saver
Exclusive Uniblue Holiday Super Saver! $5 (N600.00) off the price of
SpeedUpMyPC 3 and
SpyEraser 2! Or get
the PowerSuite 60% off $59.99 (N7188.00) instead of $159.90 (N19,188.00) Offers
expires December 31, 2007
Offers of the Month - GFI
Fantastic reductions from GFI
till December 31, 2007 on GFI FAXmaker,GFI MailEssentials, GFI MailSecurity, and
GFI MailEssentials and GFI MailSecurity
Niche Konsult is an information technology security firm with
expertise in content, messaging, network and web application security.
Konsult provides software and solutions that help individuals, small and medium
size businesses, large companies and governments optimize and secure their
information technology infrastructure. For more information, please visit
Having trouble viewing this Niche Konsult
Newsletter? Visit http://www.nichekonsult.com/Company/Newsletters/01_17_08.aspx or copy
it into your browser. If you no longer wish to receive these emails simply click
on the following link: Remove Me.
To view previous editions, please visit http://www.nichekonsult.com/Newsletters/Newsletter.aspx
You're receiving this
message because you've either subscribed to receive timely security news and
product/company updates from Niche Konsult or have indicated interest in Niche
Konsult partner solutions in the past.
Have you got something to
say? If yes, please feel free to submit your contributions to us.
We hope that you have found this issue to be informative and useful.
Subscription is entirely free (although 'opt-in' only). Please feel free to pass
this copy on to your friends and colleagues. If your friends or colleagues wish
to receive the newsletter directly, they should simply send an email to:
firstname.lastname@example.org with a title of 'Subscribe'.
Wuse Zone 6
Tel: 234 805 547 7646, 234 9 5240555
Niche Konsult. All rights reserved worldwide. Reproduction in whole or in part
of any text, photograph or illustration without permission of the publisher is