Niche Konsult Limited'sNewsletter November 2008 Edition

This email message is being sent to all individuals who have expressed interest in Niche Konsult or Niche Konsult partner products and solutions in accordance with Niche Konsult’s privacy policy. You may opt out of future mails by sending a mail to with “Unsubscribe” in the Subject line.

View in Browser   Privacy Policy

Feature Story: Phishing - Why You Should Care!

What it is

Phishing scams make use of social engineering to trick consumers into revealing personal, financial or confidential information, such as credit card numbers, account usernames and passwords, etc.

They are usually disguised as an email from a trusted source such as a bank or respected online retailer – that directs the recipient to a fake website - usually a flawless reproduction of the genuine site. The bogus site requests users to confirm their records, or maintain their account. At other times, these fake sites are sometimes, malicious sites in disguise, where the attacker can then use exploits to install backdoors or gain access to the victim’s computer data, for instance.

It is also known as ‘carding’ or ‘Brand Spoofing’

How it works

  • Hundreds of thousands to millions of spam mails are sent daily
  • When the user receives the mail, he replies to the call to action contained therein by clicking on a link in the email
  • He is then directed to a fraudulent website where he will most likely have to logon to update his detailsSource-dependent redirection of network traffic
  • Once personally identifiable data is collected
  • The criminals mask under the victims identity to commit crimes or in the alternative, the hosts file on the users PC is modified, and as a result, when he attempts to access certain sites, his browser will appear to take him to his desired destination, but in point of fact will actually take him elsewhere or because of inherent vulnerabilities in the users browser, when he clicks on a link, the browser will display a legitimate URL in the address bar but will actually load something else


Financial Service Companies Banks both foreign and local. Foreign banks that have fallen victim include the following :Citibank, Visa, Lloyds, Paypal, Fleet, Barclays, Wells Fargo, West Pace, Halifax, MBNA, Post Bank, First USA. Credit/debit card operators and merchants such as Visa, Mastercard, American Express, TJX. Electronic Payment service providers such as Interswitch and e-Tranzact

Retail Trade/E-commerce sites e.g.:  eBay, Yahoo

Telecoms e.g.: Verizon

Individuals The huge number of people using the internet who do not understand the hidden dangers of internet use. Criminals can easily copy logos and other information from legitimate business websites and place them in phishing emails and websites to deceive these.

Government Entities like the Central Bank of Nigeria, as a matter of fact its equivalent in the UK and the US have been victims in the past.

Who is behind it?

Spammers – These scams serve to increase and hasten their distribution

Organized Criminals – These solicit, collect and sell bank account numbers, credit card validation codes, ATM/Debit card or Credit card numbers and pins to others who use such information to access customer accounts through online banking, set up false bill payments, transfer funds to their checking accounts or withdraw the money through ATM machines ... 

Please click here to read the rest of the article 

Disclosure: Niche Konsult resells anti-phishing solutions amd provides value added services

Database Security – Making the Case

SANS Institute is running a Database Security Compliance Survey. We encourage you to participate.

Also click here to view port information for your database server's open ports.


Email Security – Targetted email attacks are real!


A targetted attack is one that is directed at a single organization or a few carefully selected organizations. When it comes via email, then it is a targetted email attack.

Here are some links to view some recent targetted email attacks in the news:

A while ago, GFI Software prepared a very thought provoking whitepaper on targetted cyber-attacks

Disclosure: Niche Konsult is a GFI Value Added Reseller


Enterprise Security – Log Collection and Analysis Infrastructure – Part 1

Events and You

An event is an action. An event log is a group or listing of such actions. All software and hardware on your network generate copious amounts of records and alerts (simply events). Event logs are thus a valuable tool for monitoring network security and performance. Unfortunately though, due to their complexity and volume they are often underutilized. A recent survey carried out by SANS Institute found that 44% of system administrators do not keep logs more than a month. Others often do not even feel the need to look at logs at all.


This diagram depicts the Windows Event Viewer

Fact is proper log management helps you to meet several objectives including:

  • Information system and network security,
  • System health monitoring,
  • Legal and regulatory compliance,
  • Forensic investigations.

Detailed reasons why event log management is a must have:  

  • Event logs are a reference point when something goes wrong and they provide a history of events (i.e., an audit trail of user activity) often required when you need to carry out internal forensic investigations internally or at the instance of a court of law
  • Government regulations worldwide such as Basel II, PCI Data Standard, Sarbanes Oxley Act, Gramm-Leach-Billy Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act, EU DPD, Advance Fee Fraud Act 2006 are increasingly requiring the maintenance of vast volumes of log information in anticipation of an audit many weeks, months or years down the road
  • Event log monitoring and notification helps identify problems in advance thus providing a proactive approach to network trouble today, rather than tomorrow
  • Event log monitoring can result in real-time notification of suspicious activity

In particular, Section 11 of Nigeria’s proposed “Computer Security & Critical Information Infrastructure Protection Bill” mandates all service providers to keep all traffic information, subscriber information and specific content as may be specified from time to time and to provide such information if requested by law enforcement.

Part 2 - will deal with the various types of event logs and some of the tools used to mine the data within these logs.

Disclosure: Niche Konsult resells event log monitoring software and provides value added services

General Security- Passwords and You: Please Pass along to your friends

Please pass this reminder to your users as the old year gives way to the new:

Passwords are like Underwear... Change yours often.

Passwords are like Underwear... Don't leave yours lying around.

Passwords are like Underwear... Don't share them with friends.

Passwords are like Underwear... Be mysterious.

Passwords are like Underwear... The longer the better.

- Courtesy ITCS, University of Michigan

General Security - The danger of web browser "remember your password"feature 

Have you ever taken advantage of the offer by your browser (either Internet Explorer or Mozilla) to help you remember passwords?

After reading this article  and trying this nifty utility you might have a re-think.

For more information on creating really strong passwords, try these links:

Code Assembly



Government Security – Personal Data of some 26.5 million Americans compromised

The names, Social Security numbers, and birthdates of veterans discharged since 1975 were lost when a laptop and a hard disk from the home of a Veterans Affairs Department employee was burgled. Here is article from and from SecurityFocus.

Government Security – Her Majesty's Revenue and Customs (HMRC) Office loses personal data on 25 million British citizens

The HMRC CEO resigned, while the breach has been labelled the UK's worst data loss ever. Investigations traced the breach to a junior employee with more access than was required for his job function who burnt the information unto 2 CDs and sent them via courier but the CDs never got to their destination. Information on the CD includes the names, addresses, dates of birth, child benefit numbers, National Insurance numbers, and bank/building society account numbers of the victims. In the wake of the breach, removable storage media has been banned, only Director level staff can use CDs/removable storage and even that has to be with permission and under exceptional circumstances,  and an IT security team has been set up to oversee secure data management.

Here are the links for a 360 degree view of the problem

Government Security – American government requires that contractors subscribe to and enforce a Code of Ethics

Recently, the Nigerian government had to cancel a proposed contract award for a multinational on the grounds of graft. It seems problems like this are not limited to countries like Nigeria, given that the American government is set to enforce a code of ethics for its contractors from December 24, 2007 onwards. Here is a copy of the regulation

Government Security– Dutch civil servants caught hacking press agency

The Nigerian civil service is notorious for one thing -  the trust that civil servants have for other civil servants is quite high. The general consensus during my informal discussions with quite a few of them is, if there is an enemy, it has got to be an outsider.  However, this story about the Dutch press agency hack reveals one thing, insiders can be a pain in the neck! It is therefore very important that the Appointments, Promotion and Disclipine (APD) liaise with the Planning Research and Statistics (PRS) or Information Technology (IT) Departments as the case may be to revoke computer and network privileges before termination of employment by the employer or immediately after voluntary retirement by the employee.

This story though demonstrates one thing that technology is just half the solution,  given that insiders gave out their login details to others. 

Government Security – Economically motivated nation-state cyber espionage on the rise!

The TimesOnline story captures the problem so well. The United States and Great Britian have been complaining against  China a great deal in recent times.  Here is an American view of the problem, and that is why governments are worried when software used by their defence arm  is developed overseas. 

Government Security - Canadian Breach

In Canada, sensitive patient medical data leaked unto the internet recently 

Govrnment Security - Nigeria set to conduct Privacy Impact Assessment Study of National ID Card Program

The Nigerian government through its National Identity Management Commission is currently requesting for consultants to indicate interest in the conduct of a Privacy Impact Assessment Study. Such consultants may visit Room 3.89, Third Floor, Phase I, Federal Secretariat Abuja to obtain more information. This is following on the heels of the proposed National ID program and the award of contracts for  same.

The question is does Nigeria really need a Privacy Impact Assessment Study? Well, read on. At the 3rd International Investment Roadshow of the Nigerian Stock Exchange, the Director General boasted that the Central Security Clearing System (CSCS) a subsidiary of the Nigerian Stock Exchange had the capacity to hold data on up to 10 billion people. Currently, Nigeria has no privacy legislation, except for a very brief mention in the Nigerian Constitution. Several government instititutions particularly those dealing with graft as well as service providers in the private sector collect and use lots of personally identifiable information, we believe that this will end up putting Nigeria on the map of those nations with privacy legislation.

Also as far back as 2005, a member of Niche Konsult’s board made an appeal to the government through the Consumer Protection Council for the establishment of a Privacy Task Force and the development of  a National Privacy Policy.

Here are the documents:

Why the CPC law should be reviewed

Privacy: A Burning Consumer Issue, Privacy Policy: A National Imperative, Wanted: A Privacy Watchdog

CPC: A Privacy Agenda - To be or Not to Be?

Also here are some links on National ID card programs elsewhere:



Even Americans don't like it 

Instant Messaging Security – Don't leave your PC unattended while Instant Messaging!

MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP And Vista)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Miranda
  • GAIM/Pidgin

MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.

Office Security - Microsoft Releases Office 2007 SP1

Microsoft recently released Service Pack 1 for Microsoft Office 2007. According to Microsoft, this update includes customer requested stability and performance improvements as well as user security enhancements. Here is the download link and a KnowledgeBase article that says what has changed

Office Security - - Block all Microsoft Access database (.mdb) files via email/Internet from entering your network

According to Microsoft such files are "designed for the sole purpose of executing commands,” hence the concern. While US-CERT has indicated that absolutely no user interaction is required to launch such attacks, and has recommended that users do not launch attachments from unknown sources as well as email server .mdb blockage. See the related Microsoft Knowledgebase article, the US-CERT Advisory   and the Microsoft Security Bulletin

Office Security - - Tales your Electronic Documents Tell!

 Earlier this year, a security commentator conducted some forensics on a powerpoint presentation upon which she based her estimation of the United States Defence budget for contractors. Here are the links: First, second and third.   

Portable Device Security

– Her Majesty's Revenue and Customs (HMRC) bans removable storage media

In the fallout to the scandal discussed above, HMRC staff no longer have access to CDs and other portable/removable storage media.

Here is what a notable security author/researcher had to say about portable storage media security

Portable Device Security – GFI EndPointSecurity 4 released

This new version ships with a number of new and improved features including advanced access control that allows the blocking of a range of device classes, as well as blocking file transfers by file extension, by physical port and by device ID. Administrators can also use a device whitelist and blacklist to allow only company-approved devices and block all others. Furthermore, temporary access can be granted to users for a device (or group of devices) on a particular computer for a particular timeframe. To download an evaluation, click here and to learn more, click here.

GFI EndPointSecurity allows control over the following device categories:

  • Floppy disks
  • CD \ DVD
  • Storage Devices
  • Printers
  • PDA Devices
  • Network Adapters
  • Modems
  • Imaging devices
  • Human Interface devices
  • Other devices

GFI EndPointSecurity can also control the physical port to which devices are connected:

  • USB ports
  •  FireWire ports
  • Serial (COM) ports
  • Parallel ports
  •  Infrared (IrDA) ports
  •  Bluetooth adapters
  • Wireless (WiFi)
  •  S-ATA
  •  SD

Disclosure: Niche Konsult is a GFI Value Added Reseller

Web Security - Introducing SWFIntruder: Flash Application Security

SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. It helps to find flaws in Flash applications using the methodology originally described in Testing Flash Applications [1] and in Finding Vulnerabilities in Flash Applications [2]

Some neat features:

  •  Basic predefined attack patterns.
  •  Highly customizable attacks.
  •  Highly customizable undefined variables.
  •  Semi automated Xss check.
  •  User configurable internal parameters.
  •  Log Window for debugging and tracking.
  •  History of latest 5 tested SWF files.
  •  ActionScript Objects runtime explorer in tree view.
  •  Persistent Configuration and Layout.

SWFIntruder is hosted @ OWASP and is sponsored by Minded Security




Web Security - Introducing Sqlmap: a blind SQL injection tool (release 0.5)

Sqlmap 0.5 is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Web Security - Symantec September "Internet Security Threat Report" - Why you should care!

Hackers have turned attention to Web application vulnerabilities. The grim statistics: 61% of all vulnerabilities disclosed in the first half of 2007 were web application vulnerabilities. The Source: The September "Internet Security Threat Report" from Symantec. 

Disclosure: Niche Konsult is a Symantec Value Added Reseller

Web Security - Web servers, LDAP and Information Disclosure

LDAP may be an  information disclosure route for Web servers. This article provides methods for dealing with this type of attack and clarifying how to secure LDAP and

Web Security - Introducing Nikto 2: Open Source web server scanner

Nikto 2 is finally available. Nikto is an open source (GPL) web server scanner which performs tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Version 2 adds a ton of enhancements, including:

  • Fingerprinting web servers via favicon.ico files;
  • 404 error checking for each file type;
  • Enhanced false positive reduction via multiple methods: headers, page content, and content hashing;
  • Scan tuning to include or exclude entire classes of vulnerability checks;
  • Uses LibWhisker 2, which has its own long list of enhancements;
  • A "single" scan mode that allows you to craft an HTTP request manually;
  • Basic template engine so that HTML reports can be easily customized;
  • An experimental knowledge base for scans, which will allow regenerated reports and retests (future);
  • Optimizations, bug fixes and more.

For more info visit

Web Security - Introducing CORE GRASP for PHP

CORE GRASP is a web application protection software solution developed by CoreLabs, the research unit of Core Security Technologies. GRASP protects against injection vulnerabilities and enforces privacy in web applications. GRASP is now available as open source software, under the Apache 2.0 license, and the invitation to collaborate with the project is open. If you would like to collaborate, please subscribe to our mailing list.

Web Security - Introducing XSS-Me and SQL-Inject Me

Security Compass is proud to announce the release of the first two tools in its Exploit Me series of application penetration testing tools for Mozilla FireFox: XSS-Me and SQL Inject-Me. Currently in their beta release stage, these open source (GPL v3) FireFox plug-ins search through web applications for vulnerable visible and hidden form fields to perform input validation attacks. SecurityCompass believes that these tools will be invaluable not only to penetration testers and QA testers, but also to developers as a light-weight method to check for common application security vulnerabilities during the development process. Please visit to download these plugins. Please send any feedback to and bugs to .

Web Security - KYC or KYE?

- Banks call it KYC (Know Your Client), Now How about KYE (Know Your Enemy) 

HoneyNet Whitepaper

Windows Security - How to get around Group Policy under Windows

Here is how! 

Windows Security - Serious Vulnerability! Windows 2000 communication security flaw

The Windows random number generator, which plays an integral part in email encryption and the Internet browser SSL encryption protocol has been discovered to have a security loophole

Windows Security - Windows Vista SP1 coming

Found two really good previews one from Microsoft and the other from a well-known Windows Expert

Windows Security - Windows XP Service Pack 3 coming

Found two really good preview, here is the first and the second. New features include Network Access Protection (required for compatibility with Windows Server 2008), Product keyless installation, new kernel mode cryptographic module and a blackhole router detection algorithm, grab Windows XP Serice Pack 3 Release Candidate 1 from Microsoft here.

Windows Security - Windows Vista/Windows XP Service Pack Blocker

As usual Microsoft has released these blockers

Windows Security - Web Proxy Auto-Discovery (WPAD) technology vulnerability

This vulnerability affects both Windows and Internet Explorer. Here is a press mention and Microsoft's advisory  

Other News - Cisco Catalyst 3750 Series Switches now available from Niche Konsult at competitive prices

WS-C3750-24FS-S Catalyst 3750 24 100BaseFX + 2 SFP Standard Multilayer Image
WS-C3750-24TS-S Catalyst 3750 24 10/100 + 2 SFP Standard Multilayer Image
WS-C3750-24TS-E Catalyst 3750 24 10/100 + 2 SFP Enhanced Multilayer Image
WS-C3750-24PS-S Catalyst 3750 24 10/100 PoE + 2 SFP Standard Image
WS-C3750-24PS-E Catalyst 3750 24 10/100 PoE + 2 SFP Enhanced Image
WS-C3750-48TS-S Catalyst 3750 48 10/100 + 4 SFP Standard Multilayer Image
WS-C3750-48TS-E Catalyst 3750 48 10/100 + 4 SFP Enhanced Multilayer Image
WS-C3750-48PS-S Catalyst 3750 48 10/100 PoE + 4 SFP Standard Image
WS-C3750-48PS-E Catalyst 3750 48 10/100 PoE + 4 SFP Enhanced Image
WS-C3750G-48PS-E Catalyst 3750 48 10/100/1000T PoE + 4 SFP Enhanced Image
WS-C3750G-48PS-S Catalyst 3750 48 10/100/1000T PoE + 4 SFP Standard Image
WS-C3750G-48TS-E Catalyst 3750 48 10/100/1000T + 4 SFP Enhanced Multilayer
WS-C3750G-48TS-S Catalyst 3750 48 10/100/1000T + 4 SFP Standard Multilayer
WS-C3750G-24PS-S Catalyst 3750 24 10/100/1000T PoE + 4 SFP Standard Image
WS-C3750G-24PS-E Catalyst 3750 24 10/100/1000T PoE + 4 SFP Enhanced Image
WS-C3750G-24TS-E Catalyst 3750 24 10/100/1000 + 4 SFP Enhcd Multilayer;1.5RU
WS-C3750G-24T-E Catalyst 3750 24 10/100/1000T Enhanced Multilayer Image
WS-C3750G-24TS-S Catalyst 3750 24 10/100/1000 + 4 SFP Std Multilayer; 1.5RU
WS-C3750G-24TS-S1U Catalyst 3750 24 10/100/1000 + 4 SFP Std Multilayer;1RU
WS-C3750G-24TS-E1U Catalyst 3750 24 10/100/1000 + 4 SFP Enh Multilayer;1RU
WS-C3750G-24T-S Catalyst 3750 24 10/100/1000T Standard Multilayer Image
WS-C3750G-16TD-E Catalyst 3750 16 10/100/1000BT+ 10GbE (req XENPAK) Enh Image
WS-C3750G-16TD-S Catalyst 3750 16 10/100/1000BT+ 10GbE (req XENPAK) Std Image
WS-C3750G-12S-E Catalyst 3750 12 SFP Enhanced Multilayer Image
WS-C3750G-12S-S Catalyst 3750 12 SFP Standard Multilayer Image
WS-C3750G-12S-SD Catalyst 3750 12 SFP DC powered Standard Multilayer Image

Please email for prices. These products are new sealed in Cisco box. Discounts will be considered for quantity purchases

Other News

Microsoft Centro gives way to Microsoft Essential Business Server

Nigerian entreprises willing to serve as a case study for GFI wanted! Email for details.

Produkey:Recover lost product keys of Windows, Microsoft Office and SQL Server

Anonimity on the Internet - Possible or Impossible

The Insider Threat is real! As demonstrated by a former VA Auditor, a Certegy database administrator and Michael Keehn of California 

Windows Live 9.0 Instant Messenger in beta

10 top data breaches of 2007

The 2007 Security Hall of Shame

Microsoft releases XNA Game Studio 2.0

Aspiring Game developers can contest in "Dream-Build-Play 2008"

Microsoft's FolderShare autodeletes files

South Koreans clone cats that glow in the dark

Mozilla and Opera team up to fight Microsoft Silverlight and Adobe Flash 9

Yahoo! Google, etc use Captcha's to prevent automated registrations. However, many captcha implementions just don't work. Why? Read this Codinghorror article and this as well.

Technology is but half the solution! The story of America's dependence on the same in its war against Iraq

Tips and Tricks

1. Try PowerShell today, and while you're at it, install the PowerTab for Powershell.

2. Do your kids compute? in their rooms or in a public part of the house? Ivory Dickerson’s story might prompt a re-think

3.  The Nerd handbook: The care and feeding of nerds

Beta Testers Wanted

Niche Konsult is looking for beta testers for the following software:

1.Hospital Information Management System

2.Human Resource and Payroll System

3.Accounting Inventory System

4.Fixed Assets Management System

5. Hotel Management System

6. Library Management System

Please if interested, drop us a line and we will get in touch with you.

Resellers Wanted

Niche Konsult is desirious of establishing resellers throughout Nigeria, if you would like to work with us, please drop us a line telling us you are the one we have been looking for.

Marketers Wanted

Niche Konsult is currently recruiting! Marketers only wanted! If you fit the bill, then do get in touch

Offers of the Month - McAfee

Get McAfee Security Center between now and December 31, 2007 and get 37% off the regular price! Call/Email for details!

Offers of the Month -Uniblue Holiday Super Saver

Exclusive Uniblue Holiday Super Saver! $5 (N600.00) off the price of Uniblue RegistryBooster 2, SpeedUpMyPC 3 and SpyEraser 2! Or get the PowerSuite 60% off $59.99 (N7188.00) instead of $159.90 (N19,188.00) Offers expires December 31, 2007

Offers of the Month - GFI

Fantastic reductions from GFI till December 31, 2007 on GFI FAXmaker,GFI MailEssentials, GFI MailSecurity, and GFI MailEssentials and GFI MailSecurity

About Niche Konsult

Niche Konsult is an information technology security firm with expertise in content, messaging, network and web application security.

Niche Konsult provides software and solutions that help individuals, small and medium size businesses, large companies and governments optimize and secure their information technology infrastructure. For more information, please visit

Having trouble viewing this Niche Konsult Newsletter? Visit  or copy it into your browser. If you no longer wish to receive these emails simply click on the following link: Remove Me.

To view previous editions, please visit

You're receiving this message because you've either subscribed to receive timely security news and product/company updates from Niche Konsult or have indicated interest in Niche Konsult partner solutions in the past.


Have you got something to say? If yes, please feel free to submit your contributions to us.

Newsletter Reminder

We hope that you have found this issue to be informative and useful. Subscription is entirely free (although 'opt-in' only). Please feel free to pass this copy on to your friends and colleagues. If your friends or colleagues wish to receive the newsletter directly, they should simply send an email to: with a title of 'Subscribe'.

Niche Konsult

43 Cotonou Crescent

Wuse Zone 6


Tel: 234 805 547 7646, 234 9 5240555

© 2008 Niche Konsult. All rights reserved worldwide. Reproduction in whole or in part of any text, photograph or illustration without permission of the publisher is prohibited.

Contact Niche Konsult

Like This Page!


PANDA SECURITY One step ahead. 23% of PCs with updated antivirus are infected yours? Find out now for free !