Orb Data

Orb Data's Blog Site

Dawn of the Dead (Computer)

Last updated on August 19th by Simon Barnes

Movies that include computers are notoriously inaccurate. Who can forget the girl from  Jurassic park shouting ‘it’s a Unix system’ as the velociraptors broke through the door or the graphical skyscraper directory listing from Hackers. Enjoyable films perhaps, but not fantastically plausible.  So maybe I can put make a suggestion for a new film that could perhaps be called “Dawn of the Dead Computer” that is not only accurate but based on a true story.

The film starts with a man walking down a deserted hall, intermittently illuminating by a strip light flickering above him. He gets to the end of the corridor and heads through a wooden door into the men’s lavatory. He flicks the light and reaches into his pocket with a gloved hand before placing a small metallic object next to one of the sinks. He turns and leaves.

Cut to the next morning. The hall is different; lighter and full of people and one of these enters the same bathroom that the man had been in the night before and finds the item which turns out to be a USB stick. He picks it up, looks around and pockets it thinking that this is his lucky day. It isn’t.

Later that day he puts it in his computer and that is when the day of the man, his colleagues and the business he works for takes a turn for the worse. The simple act of inserting an unknown USB stick has unwittingly infected the whole business with the Conficker worm and opened up all of his company’s computers to random and harmful downloads.

The problem with this scenario is that it has already happened. F-secure’s chief research officer, Mikko Hypponen estimated in 2009 there were more than 9 million infected computers already.This worm (also known as Confick or Downadup) uses Windows’ AutoRun feature to infect computers via USB memory sticks. It spreads by attacking ADMIN$ shares using a long list of different popular passwords, for example “password”, “qwerty” or sequences of letters or repeated numbers. Do you recognise any of yours here?

So what is the answer?

Microsoft says “Computers with a proper password policy are protected from infection of this worm” and therein lies the problem.  What is proper protection? I recently spoke to someone who had just worked at a company that held envelopes containing passwords for all their servers offsite in a safe. When they need to access a system somebody goes and signs out the envelope and delivers it to the person who needs it. The password will then be changed and the new envelope delivered off-site again. It seems extreme but the alternative as I heard at a Managed Service conference recently was for a company to use one account and one password for all their customer’s servers. They changed this once a month and shared it with all their staff. If they were my managed service provider I think I would be looking to change.

There is another choice though.

Using a product such as ForestSafe from EESM removes the worry associated with unmanaged passwords. Instead it manages the need for your support teams to know any passwords apart from their own computer accounts, the password of which is known only to them. It does not store passwords at all but instead generates them as they are required which removes another point of attack and ensures administrator passwords can never be cracked or guessed. In this way the viruses and worms such as the Conficker are stopped before they get started and perhaps the computer movie can have a happy ending after all.

Leave a Reply

Your email address will not be published. Required fields are marked *