CrypKey Customer News | October 2007

...from CrypKey (Canada) Inc.

Welcome to the latest edition of CrypKey News, the newsletter exclusively for customers of CrypKey (Canada) Inc. CrypKey News is issued monthly to keep you up-to-date on the latest CrypKey products and information.

In this Issue. . .

        1.   October Special - $300 Discount on New CrypKey SDK License
        2.   Upcoming Release: CrypKey 7.1 with Windows Vista 32 and 64
        3.   Whitepaper: The Merits of True Network Licensing
        4.   Anti-Piracy: Types of Software Piracy!
        5.   Casper: Web-based Licensing 24/7/365
        6.   Web 2.0 Brings Barbarians Inside the Firewall
        7.   Internet Criminals get down to business
        8.   Share Your Ideas
        9.   Privacy

Thought for the Day

Opportunity is missed by most people because it is dressed in overalls and looks like work.

~ Thomas A. Edison, Inventor (1847 - 1931)

 

October Special

CrypKey's going Loonie! During the month of October, receive an amazing $300 US discount when you purchase a new CrypKey SDK license. CrypKey SDK protects Windows EXEs and DLLs and provides true encryption for .NET applications. Visit http://www.crypkey.com/sdk.asp for a full list of features.

Don't wait — this offer ends October 31, 2007.

Top

Upcoming Release: CrypKey 7.1 with Vista 32 and 64

CrypKey SDK 7 and CrypKey Instant 7 currently support Vista 32-bit operating systems.

The full release of CrypKey 7 is now available to our customers. For more information, contact us at sales@crypkey.com.

The release of CrypKey 7.1, with Vista 32 and 64-bit support, is in final testing. Here's a preview of what's in store:

Vista Easy

We've taken Vista compatibility a big step further by making CrypKey Instant and CrypKey SDK “Vista Easy”.

We noticed that users are struggling with the way Windows Vista handles file security in the Program Files directory. Under some conditions, Vista redirects file creation and file writes to a user-specific “Virtual Store” directory which is not available to other users of the computer. This is typically undesirable for CrypKey license files, as it means the license won't work for other users on the computer, sometimes not even the same user executing the same application using a different security mode.

CrypKey 7.1 addresses this by automatically detecting your program's attempt to put a license in a Program Files (or other Vista-illegal) directory. Before Vista redirects files to an unwanted directory, we redirect them to one you do want – one that works for all users of the computer.

The bottom line: with CrypKey 7.1 you don't have to change anything to make CrypKey work perfectly with Vista.

Seamless 64-bit Platform Support for 32-bit Programs

If your customers try to run your 32-bit program on a 64-bit Windows computer, will the licensing work?

CrypKey's licensing and copy protection is contained in the CrypKey License Service and we've developed a 64-bit version of it. The CrypKey License Service install that comes with CrypKey 7.1 automatically detects 32- or 64-bit machines and installs the appropriate files. The CrypKey License Service handles the differences between 32- and 64-bit platforms and your program continues to operate normally on either.

The bottom line: with CrypKey 7.1 you don't have to change anything to make CrypKey work perfectly on 64-bit Windows computers.

Seamless 64-bit Program Support

Are you contemplating porting your application to 64-bit now or in the future? If so, CrypKey 7.1 takes care of this. Using the new library or dll, you can implement CrypKey in your 64-bit application just as easily as in a 32-bit application and enjoy the same functionality.

The bottom line: if you're planning to port your application from 32 to 64 bits, you don't have to change anything to make CrypKey work perfectly.

Wide Area Network (WAN) Support

CrypKey 7.1 brings additional network functionality to your application. CrypKey already supports the placement of network licenses anywhere on a local area network (LAN), but CrypKey 7.1 allows network licenses to be accessed over a WAN too. This includes support for explicit computer names when a network's broadcast protocols are not enabled. If your customers have computers that access a network from a remote site they can still access the CrypKey license at a central location.

The bottom line: using CrypKey 7.1, you don't have to change anything to support WAN licensing.

Top

Whitepaper: The Merits of True Network Licensing

The difference between simple software protection solutions that allow licensed software to run on a standalone computer and a network licensing-enabled software protection (NLESP) application is significant. A software protection system with network licensing uses the inherent abilities of the enterprise network to broaden the market for software vendors. Since the enterprise market makes up a significant portion of total software sales, vendors are wise to consider the important benefits of NLESP when choosing a protection solution. From the enterprise perspective, NLESP benefits the organization by offering better and more flexible control of its software license management.

CrypKey (Canada) Inc. offers the NLSEP abilities discussed in a new whitepaper as standard features in both the CrypKey SDK and CrypKey Instant software protection systems. Visit www.CrypKey.com to download this latest whitepaper.

Top

Anti-Piracy: Types of Software Piracy

The Canadian Alliance Against Software Theft (CAAST) identifies the following types of software piracy:

Corporate/Government Account Under-Licensing

  • A major contributor to software piracy in Canada
  • When large corporations or government departments purchase fewer software licenses than the number actually being deployed on desktops within the organization

Consumer Copying/Downloading

  • When an employee copies software from work and takes it home for personal use or shares it with friends
  • When a consumer purchases software and shares it with friends
  • When pirated software is downloaded from the Internet

Academic Product Leakage

  • When academic products (intended to be sold to people involved in education at a discount price) are illegally sold to people who are not part of the education industry

Hard-Disk Loading

  • When unlicensed software is illegally loaded onto the hard drive of a new computer without providing the purchaser with software media, manuals, licenses, etc.

Counterfeiting

  • Counterfeit software is big business in Canada, and unlicensed products can be sold in many forms.
  • Both retail and original equipment manufacturing (OEM) versions of software can be counterfeit.
    • Retail
      When retail products are fraudulently copied and sold in retail stores, many times the counterfeit product looks so real that the consumer cannot tell the difference.
    • OEM
      Software product provided to system builders at a discount rate. The software is only legal when sold with the original license and system.
    • Compilation CDs
      Where an individual uses a CD ROM burner to copy software. These CDs are typically loaded with thousands of dollars worth of software and typically sold for under $100.

Rental

  • When copies of software programs are illegally rented to customers who often copy the application on to their home PC.

Internet

  • Any form of software piracy that involves the use of the Internet to market or distribute copyrighted software programs.
  • There are a variety of ways in which Internet piracy may occur:
    • Peer-to-Peer (P2P)
      P2P technology allows users to locate, share and distribute information between workstations without connecting to a central server. Pure P2P programs (Gnutella, Free Net and others ) do not run on a central server and have no central point at which the system can be shut down.
    • E-mail
      Electronic mail enables computer users to distribute pirated software by attaching files to their messages or by encoding it into the text of their messages, thereby eliminating the need to copy programs onto physical media, not to mention the necessity of an in-person exchange. Email use also extends to the advertisement, solicitation and subsequent sale of pirated software by mail.
    • News Groups
      News groups are established Internet discussion groups that operate like a public e-mail inbox. While most serve legitimate purposes, they can also be vehicles for the distribution of pirated software. To ease downloading, the software is often broken up into small (1- to-1.4MB-sized) files. Since many newsgroups devoted solely to software piracy are archived, they act as storehouses of illegal software.
    • Internet Relay Chat (IRC)
      IRC is a real-time, interactive Internet chat system that allows you to see what others type as they type it. As such, it is a popular means of spreading the word about new "hot" pirate sites that permit downloading. Like news groups, IRC discussion groups (called "channels") can be used to bring together persons who have and persons who want particular files.
    • Mail Order/ Auction Sites
      The Internet, naturally, reaches a global audience that is pre-disposed to purchase software online. Prospective buyers can browse, select and order pirated software online through Web sites and otherwise legitimate e-commerce sites such as Internet auctions. The selection of offerings has expanded to include pirated CDs, compilation CDs, counterfeit software and gray market sales.
    • File Transfer Protocol (FTP)
      FTP is the standard computer language that allows disparate computers to exchange files quickly and easily, including the uploading and downloading of software programs. When exploited by software pirates, they facilitate the distribution of large volumes of copyrighted software programs.

Visit the CrypKey website to better understand how to combat these threats at http://www.crypkey.com/anti_piracy.asp.

Top

Casper : Web-based Licensing 24/7/365

For CrypKey Instant, CrypKey SDK, and CrypKey DLM customers, we offer Casper (CrypKey Automated Software Purchasing & Electronic Registration), the web-based authorization solution. Casper has two product versions, Casper eRegister and Casper eCommerce, which enable you to automate the secure distribution, licensing, and payment processing of your products over the Internet on a 24/7/365 basis without human intervention.

Casper eRegister provides automatic authorization of CrypKey-protected product licenses using software serial numbers. With this solution, the customer pre-pays the license fee and is then provided with a serial number to automatically obtain a code to unlock the software via the Internet.

Casper eCommerce automates the processes of software license authorizations by verifying credit card purchase information. This solution works by first processing the customer's credit card information, verifying that the transaction was successful, and then immediately sending the customer a code to unlock the application over the Internet.

New! Casper eCommerce accepts PayPal payments for online purchase transactions. Casper eCommerce also supports PC Charge and Payflow Pro payment gateways.

The main features of Casper are:

software license authorization via a purchase verification process

web and email communications

CasperWeb user interface for streamlined product and customer information management

eTransfer allows licenses to be moved from one computer to another via the Internet

eCommerce customers can purchase a software license from within the application itself

Top

Web 2.0 Brings Barbarians Inside the Firewall

By: Doug Campblejohn
http://www.itworldcanada.com

Although Web 2.0 has enriched the Internet with some great new capabilities, it has also brought some very unpleasant ones, namely a whole class of new security threats that can silently install when a user visits a compromised website.

Web 2.0 gives the bad guys more "surface area" to exploit-more bandwidth, more communication channels (for example, IM, P2P), and more client-side executable options. To make matters worse, many users appear to have thrown caution to the wind when it comes to downloading untrusted content. Employees who would never download an e-mail attachment from someone they didn't know will now add a widget to their MySpace page or play a potentially harmful YouTube clip without knowing where it came from.

It is also becoming more and more difficult to distinguish malicious from nonmalicious sites. Google recently published a paper from researching sites it crawls (see “The Ghost in the Browser"), and found that one in 10 websites contains a malicious payload. Most users would be hard-pressed to distinguish the malicious 10 percent from a random set of search results. Once inside the firewall, these covert applications can steal confidential data, infect other machines and launch spam or malicious attacks.

The "new new" threat: Botnets

The most sophisticated of these new threats are botnets. These collections of software robots known as "bots" run on compromised computers called "zombies" that can be controlled by "bot herders" through a communications infrastructure named "command and control" or "C&C" for short. The value of a botnet is directly proportional to the number of machines it controls, the value of those machines (for example, .com versus .org, if data theft is the goal) and the aggregate bandwidth the botnet can command for distributed denial-of-service (DDoS) attacks.

Once a bot hijacks a PC, it starts scanning the network for other vulnerable hosts to compromise. The bot will then report back to C&C with information on how many systems are under its control. Finally, C&C will send instructions and payloads for the botnet to execute, which could include sending spam, click fraud, collecting confidential data or launching a DDoS attack.

In the early days, botnets were typically controlled by a single C&C, so chopping off its "head" would render the botnet useless. Not anymore. These days, most botnets contain multiple C&Cs, hiding on many servers, with control being turned over to a new server every few minutes. They use a tiered infrastructure, much like a military command structure, so taking out a lower-level C&C won't affect the rest of the botnet. In the spirit of organized crime, botnet owners are now collaborating, sharing pools of bots and C&C servers to increase fault tolerance, and they're making more money in the process. Finally, bots are broadening their reach beyond their initial target base of desktop PCs and are now infecting servers, including e-mail and UNIX servers.

No one knows for sure how many bots are out there, but Mi5 Networks has discovered them in approximately 65 percent of the enterprises and 100 percent of the universities we've work with this year. What's amazing to watch is the amount of activity even one bot can generate. It's not unusual for a single bot to perform more than 1 million IP scans and hundreds of thousands of spam-related communications in a single day. In one network of more than 8,000 PCs, for example, we found 145 bots in the first month, but those bots performed more than 136 million IP scans during that time.

Bot detection and prevention best practices

The amount of C&C traffic crossing the firewall is intentionally kept very low, allowing bots to avoid detection from traditional intrusion protection systems and other security measures. Although some ISPs and security monitoring services can tell if significant spam or DDoS traffic is coming from an IP address space within an organization, they can't definitively confirm whether machines within the corporate network are infected, nor which machines are generating the traffic. What's required to pinpoint hijacked machines inside the firewall is the ability to monitor internal network traffic in addition to the data coming in and going out of the enterprise. This visibility exposes how botnets spread internally, send out spam, launch DDoS attacks and so on. Ideally, a security system will also block communication out of the network from infected machines and even automatically dispatch cleanup agents.

Like most security issues, there isn't a single magic bullet to stop bots, but the first step is to implement a layered defense (desktop + gateways) that limits the number of bot infections. Beyond that, enterprises need early warning systems that can detect infected PCs inside their network and block those machines from communicating sensitive data back out.

According to recent research by Gartner, the Web perimeter remains the biggest unprotected border within most organizations' networks today. Although most enterprises have URL filtering in place, fewer than 15 percent have adequate protection from Web-based malware. Gartner predicts that by the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that have evaded their traditional perimeter and host defenses.

Top

Internet Criminals Get Down to Business

By Mark Long (http://www.newsfactor.com)
September 24, 2007 12:29PM

Criminals aren't coming through the front door and directly hitting the company's critical systems, explained Javier Santoyo, Symantec's senior manager of emerging technologies. "The trend is in social engineering -- getting someone on the inside to do something they aren't supposed to do so they can get access," he said.

When it comes to planning and implementing malicious online attacks, Symantec says, Internet criminals are increasingly adopting a professional, business-like attitude. In particular, the software company noted that an underground economy is developing around the latest sophisticated tools, strategies, and methods for launching an ever-widening array of online scams.

"The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal," said Symantec senior vice president Arthur Wong.

Symantec reported that the top country of attack origin in the first six months of this year was the United States, which accounted for 25 percent of all malicious attack activities worldwide. But just because the systems are sourced in the United States doesn't necessarily mean the cyber criminals are also over here, said Symantec senior manager of emerging technologies Javier Santoyo.

Troublesome Toolkits

"Hackers do not use their own systems to leverage their activities," Santoyo explained." They go through a series of hops before they get to the system that actually sources the attacks." One of the more professionally developed toolkits for supporting online criminal activities was designed by software engineers in Russia, Santoyo said.

The toolkit, called MPack, installs malicious code on thousands of computers globally and then enables the criminals to monitor the success of each attack on a Web-based, password-protected dashboard.

MPack is one example of how Internet criminals are now employing the same commercialization practices as legitimate businesses -- putting a product through a development lifecycle and even including service support levels." We are seeing that model being applied to the criminal space with the understanding that users will be taking that concept and commercializing it for the black market," Santoyo said

Exploiting Human Habits

Until recently, Internet criminals had to seek out their unsuspecting targets. These days, however, the hackers have been implementing a new strategy for tricking victims to come to them. Social-networking sites are particularly appealing to Internet criminals because they provide access to a large number of computer users, many of whom trust that the sites they regularly visit are secure.

"This becomes a scary topic in the sense that you can no longer trust where you are going because of the potential of someone with bad intentions directing you to a malicious Web site," Santoyo noted. "It is the responsibility of social networking sites to police their own content, which is why security departments in these organizations are now being ramped up."

What is even more surprising is that 4 percent of all malicious activity that Symantec detected during the first half of this year originated from Internet Protocol addresses registered to Fortune 100 companies. In these cases, the criminals aren't coming through the front door and directly hitting the company's critical systems, Santoyo explained. "The trend is in social engineering -- getting someone on the inside to do something they aren't supposed to do so they can get access," he said.

"The security devices and technologies that companies put in place will improve on a yearly basis, but that's not enough," he cautioned. "Organizations still need to educate their users to bring security up to the next level."

Top

Share Your Ideas

Let us know which topics you'd like to see in upcoming issues of CrypKey Customer News. If you'd like to learn more about specific technical aspects of CrypKey products, tell us. Send your requests and suggestions to sales@crypkey.com.

We want to help. If you have questions about product subscription(s) or renewals, call us at 1-403-258-6274 or email sales@crypkey.com.

Top

Privacy

We respect your right to privacy and never make our mailing lists public. In our efforts to better serve you, we want to be certain that you would like to continue hearing from us. To unsubscribe from future CrypKey product bulletins and marketing updates, please send an e-mail to optout@crypkey.com with "Remove Me" in the subject heading.

We appreciate your business and continued support. Thank you for reading and have a great day!

Sincerely,
Team CrypKey

Sales Email:
Support Email:
Web Site:
Telephone:
Fax: 		sales@crypKey.com
support@crypKey.com
http://www.crypKey.com/
1-403-258-6274
1-403-264-8838 		CrypKey (Canada) Inc.
The Devenish Heritage Building
908-17th Avenue SW, Suite 200
Calgary, Alberta T2T 0A3 Canada

The Right Pick

Two IT guys were walking across the park when one said, "Where did you get such a great bike?"

The second IT guy replied, "Well, I was walking along yesterday minding my own business when a beautiful woman rode up on this bike. She threw the bike to the ground, took off all her clothes and said, "Take what you want." The second IT guy nodded approvingly, "Good choice; the clothes probably wouldn't have fit."