SSCC 50 - Windows 7 SP1, OddJob Trojan, HIPAA fines and erasing SSDs

Filed Under: Data loss, Malware, Podcast, Privacy

Sophos Security Chet Chat logoMy longtime friend and colleague Tony Ross returned for this week's Sophos Security Chet Chat. Tony took some time out from assisting with research on advanced fee fraud scams to share his thoughts on this week's security news.

We began with a story about whether installing Windows 7/Windows 2008 R2 service pack 1 is truly urgent. Then we talked about reports this week of a new banking Trojan called OddJob that bypasses the need to steal your credentials and how it works.

We also talked about the first fines levied under the 1996 HIPAA patient protection law in the US, and why it's so darned difficult to erase the latest SSDs. To wrap up we talked about our recent wins at the SC Magazine awards at RSA and the award we won for most educational blog at the Security Bloggers Awards.

(28 February 2011, duration 12:43 minutes, size 10.2MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 50.

All of our past podcasts are available from http://podcasts.sophos.com and on iTunes.

, , , , , ,

You might like

One Response to SSCC 50 - Windows 7 SP1, OddJob Trojan, HIPAA fines and erasing SSDs

  1. Farid · 1281 days ago

    The threat of OddJob Trojan can rather easily be mitigated by banking or similar websites simply by "remembering" client's IP address at the start of a session and blocking all other IPs which attempt to use the same session Id. All customer needs to do is to avoid using untrusted/public networks and, of course, avoid using proxies/public VPN services when doing their online banking to ensure they don't share an IP address with untrusted people.

    Configuring firewall to block suspicious IP addresses is not practical for regular (non-corporate) people because most personal firewall products around don't offer that capability. But even with those that do allow users to block individual IP addresses (such as Comodo firewall), it's very difficult and time consuming to keep monitoring your connections, research every IP address that you don't recognize, and blacklist or whitelist it (believe me, I tried). It becomes even more impractical considering that it doesn't take long for a Trojan to send out your session Id and close the connection.

    Associating Session Ids with IP addresses have another important benefit: Banking websites can log IP addresses that try to use someone else's Session Id for further investigation and possibly tip off law enforcement agencies in a timely manner.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.