January 2010 - Posts
Recently, Facebook launched a special security initiative encouraging all users to check and improve their PRIVACY settings. While a 35% compliancy is still low, the industry average is usually 5-10%. All Facebook users should periodically check their security settings to ensure personal information is well protected.
Facebook - Only 35% of users have checked privacy settings
http://sunbeltblog.blogspot.com/2010/01/facebook-privacy-settings-35-percent.html
http://www.mediabistro.com/baynewser/privacy/a_third_of_facebook_users_customized_their_privacy_settings_after_the_policy_changes_and_why_facebook_thinks_thats_a_good_thing_150409.asp
QUOTE: At a privacy roundtable sponsored by the U.S. Federal Trade Commission in San Francisco, Facebook Director of Public Policy Tim Sparapani said that 35 percent of the 350 million Facebook users (that's 122 million!) actually checked their privacy settings when Facebook suggested it in December. The BayNewser, a San Francisco media news site, said Sparapani told their reporter that “the industry average for users' actively engaging with their settings is actually between 5-10 percent.”
DECEMBER 2009 - FACEBOOK PRIVACY INITIATIVE
http://www.facebook.com/privacy/explanation.php
Sophos's - Best Practices for Facebook security
http://www.sophos.com/security/best-practice/facebook/
While tablet devices are mostly used for specialized purposes, the iPad has state-of-art hardware desgins. It will interesting to follow future security developments, as well as innovative uses in home or office environments. It can plug into a Mac or Windows PC via USB 2.0. For Windows, it requires XP or higher as the Operating System
Apple iPad - Home Page
http://www.apple.com/ipad/
http://www.apple.com/ipad/features/
http://www.apple.com/ipad/design/
http://www.apple.com/ipad/specs/
QUOTE: SPECIFICATIONS
LCD Display
9.7-inch (diagonal) LED-backlit
glossy widescreen Multi-Touch display with IPS technology
1024-by-768-pixel resolution at 132 pixels per inch (ppi)
Fingerprint-resistant oleophobic coating
Support for display of multiple languages and characters simultaneously
Capacity
16GB,
32GB,
64GB flash drive
Processor
1GHz Apple A4 custom-designed,
high-performance,
low-power
system-on-a-chip
Audio playback
Frequency response: 20Hz to 20,000Hz
Audio formats supported: AAC (16 to 320 Kbps)
User-configurable maximum volume limit
TV and video
Support for 1024 by 768 pixels
Dock Connector to VGA Adapter
H.264 video up to 720p, 30 frames per second,
Wireless and cellular
Wi-Fi model
Wi-Fi (802.11a/b/g/n)
Bluetooth 2.1 + EDR technology
Wi-Fi + 3G model
UMTS/HSDPA (850, 1900, 2100 MHz)
GSM/EDGE (850, 900, 1800, 1900 MHz)
Input and output
Dock connector
3.5-mm stereo headphone jack
Built-in speaker
Microphone
SIM card tray (Wi-Fi + 3G model only)
Environmental
Arsenic-free display glass
BFR-free
Mercury-free LCD display
PVC-free
Recyclable aluminum and glass enclosure
Some minor issues surfaced with Nmap 5.20 and this release was quickly made to correct these problem areas.
NMAP 5.21 - HOME PAGE
http://nmap.org/
QUOTE: Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest.
New Version offers more than 150 significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)
A series of informative articles reflecting security controls in four popular Windows browsers:
Test Center: How secure is Internet Explorer?
[The world's most popular browser is also the most frequently attacked, but comes with controls and management capabilities other browsers can't match.]
http://www.infoworld.com/d/applications/test-center-how-secure-internet-explorer-343
Test Center: How secure is Google Chrome?
[Google's shiny new open source Web browser is a frustrating blend of excellent security model, questionable decisions, and a dearth of critical security controls.]
http://www.infoworld.com/t/applications/test-center-how-secure-google-chrome-443
Test Center: How secure is Firefox?
[Mozilla's popular Web browser is long on user-friendly features and third-party extensions, and short on granular security controls.]
http://www.infoworld.com/d/security-central/test-center-how-secure-firefox-282
Test Center: How secure is Opera?
[Opera Software's underrated browser is rich in both features and granular security controls, but misses important Windows protections.]
http://www.infoworld.com/d/security-central/test-center-how-secure-opera-620
I see this incident more as a "lessons learned", than a design flaw that millions of users are suffering with. In the original post the Microsoft Update (MU) icon had been flashing for a few hours. Maybe a reboot could have taken place while at lunch or when taking a break at work. Sometimes corporate group policies are indeed rigid and may not allow flexibilities for MU to just notify or download. Some "lessons learned" include:
Reboot ASAP - so that the new settings can take place immediately and avoid instability issues that rebooting the applied updates would resolve. Still, I've been in situations where I've had to delay reboots due to time sensitive work I had to accomplish. However, when possible always reboot right away.
When you see the Microsoft Update shield or prompts to reboot, SAVE all of your work right away to prevent any loss of information. I also start shutting down anything that's non-essential in preparation for a reboot.
How I got attacked by Windows Update - Tales from the Evil Empire
http://weblogs.asp.net/bleroy/archive/2010/01/22/how-i-got-attacked-by-windows-update.aspx
QUOTE: I was writing a wiki page when it happened. The system restart dialog from Windows Update had been blinking helplessly in the task bar for a few hours as I didn’t have time for a reboot yet. And then, right in the middle of a sentence, the effing dialog decides that I’ve been ignoring it for too long, puts itself in front and gives itself focus.
You can see what happened then. My fingers were continuing to type, not realizing that the wiki page had gone to the back. Now the thing is, space is a fairly common key to hit when you’re writing English. But in dialogs, that’s also the key that triggers the default button. Which, in the case of that particular Windows Update dialog, is “Restart”. So before I realized what was going on, I was seeing all my windows close, including of course the wiki page I was working on. No application should ever be allowed to steal the focus.
This "tip of the day" provides key reasons why IE cannot be completely removed from Windows. Internet Explorer is more than just a browser, as other alternative browsers may occasionally use IE APIs. As shared in the article, move to IE8 for better overall security, even when other browsers like Firefox, Opera, or Chrome are used exclusively.
Kim Komando - You can't get rid of Internet Explorer
http://www.komando.com/tips/index.aspx?id=8089
QUOTE: There are good reasons to leave Internet Explorer on your computer. And, in fact, you cannot remove it. It is an integral part of Windows. You can remove the icon if you want. But Internet Explorer will always be with you. So, it’s essential that you keep it updated. That’s actually easy. Just set Windows for the most automatic updates possible. Then, let Microsoft take care of it. Also, be sure you’re using Internet Explorer 8. That is the safest version. There is no value in maintaining old versions of Internet Explorer. They simply make you more vulnerable to attacks.
The Internet Storm Center shares an excellent awareness on the need for companies to revisit their corporate policies to ensure they are up-to-date, relevant, and easy-to-understand. This is just important, as technological defenses. Both go hand-in-hand to protect the company. Revisiting your security policies is an excellent way to start the new decade.
Users need security rules and boundaries, so that acceptable behavior and a reduction of risk occurs in the workplace. Yes, there will some who march to the beat of a different drum and won't comply. Still, companies need to work with their users to promote the best in privacy, security, and information protection.
I've enjoyed authoring these guidelines in the past. Some ideas for success include:
Design in positive terms (minimize the "Thou shall not" statements, e.g., instead of "do not visit inappropriate sites" state as "users must visit business appropriate sites"). This promotes better best practices and eventual buy-in by the users.
Use reasonable controls rather than absolute restrictions (e.g., avoid saying "absolutely no personal use of IT resources" unless that is the desired policy and will be followed by all. Don't be too rigid or lenient in the design, so as to allow limited employee freedoms as long as there is a primary business use focus.
Use simplified language to promote understanding by all (avoid legalize, highly technical terms, complex and/or sentence structures, etc)
Monitor security policies and enforce them (educate first time violators rather than making examples of them)
Most importantly, publish them on your corporate Intranet where they can be kept up-to-date easily and so they are can be easily accessed by all
Publish company wide emails when policies change
Ensure senior management, HR, and Legal Counsel provide input, approve, and back these important guidelines
Internet Storm Center - The necessary evils: Policies, Processes and Procedures
http://isc.sans.org/diary.html?storyid=8071
QUOTE: It is one that you can't afford to overlook. I have found time and time again that having good policies, processes and procedures keep you out of trouble ... What ever the case, having good policies, processes and procedures will only make you and your organization better. So, since its the beginning of a new year, take some time and update your policies and look at your processes and procedures. Have they changed? Do they need updating? Are they even helpful? Writing something for the sake of saying you have it is a waste of time.
AVAST is a popular and free AV offering. The latest version has just been reviewed by PC Magazine:
PC Magazine Review of AVAST Antivirus 5.0
http://blogs.pcmag.com/securitywatch/2010/01/avast_free_antivirus_50.php
http://www.pcmag.com/article2/0,2817,2358288,00.asp
QUOTE: Bottom Line -- The new user interface of avast! free antivirus makes it easier to use, and its new technology eliminates more malware. This tool offers more control over settings and more detail in reporting than some of its free competitors.
Pros -- Improved user interface. New heuristic anti-malware engine. New code emulator technology. Powerful boot-time scan. Good malware removal. Effective malware blocking.
Cons -- Full scan and boot scan both take a long time. Some threats still present after supposed removal. Boot scan requires user interaction if threats found.
ALWIL Software
http://www.avast.com
Type: Personal
Free: Yes
OS Compatibility: Windows Vista, Windows XP, Windows 7
Tech Support: Online technical support, knowledge base and activity community forum
Notes: Free for non-commercial use
Nmap is an excellent tool for corporate PENTEST analysis ... New release is now available.
NMAP 5.20 - HOME PAGE
http://nmap.org/
QUOTE: Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest.
New Version offers more than 150 significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)
This is excellent advice to ensure your donations are received by those who are in need.
SPECIAL FBI WARNING - Best practices to avoid scam attacks
http://www.fbi.gov/pressrel/pressrel10/haiti011810.htm
QUOTE: Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, including the following:
Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
Beware of organizations with copy-cat names similar to but not exactly the same as those of reputable charities.
Rather than following a purported link to a website, verify the legitimacy of non-profit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its non-profit status.
Be cautious of e-mails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Only open attachments from known senders.
To ensure contributions are received and used for intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf.
Do not be pressured into making contributions, as reputable charities do not use such tactics.
Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals
The FBI and the National Center for Disaster Fraud (NCDF) have established a telephone hotline to report suspected Haitian earthquake relief fraud. The number is (866) 720-5721. The phone line is staffed by a live operator 24 hours a day, seven days a week. You can also e-mail information directly to disaster@leo.gov
AVERT Labs shares additional warnings related to spoofed email and websites regarding the tragedy in Haiti. Please only donate to trusted sources directly, so that we can properly help those in need.
Scams Take Advantage of Haiti Relief Efforts
http://www.avertlabs.com/research/blog/index.php/2010/01/22/scams-take-advantage-of-haiti-relief-efforts/
QUOTE: Never is the heartless nature of cybercriminals more apparent than in the wake of a tragedy. As relief efforts continue and worldwide aid pours in to help those affected by the earthquake that rocked Haiti on January 12, cybercriminals have not slowed their efforts. They are eager to get you to donate money that the people of Haiti will never see. Spoofing legitimate relief organizations such as the Red Cross is a typical social engineering lure used by the bad guys to take your money. This morning, however, a particular scam caught my eye that I wanted to share with you. Its subject line was “Help for Haiti” and was sent by “b.obama@whitehouse.gov.”
ADDITIONAL SCAMS
http://www.avertlabs.com/research/blog/index.php/2010/01/19/investigating-a-possible-charity-scam/
Please ensure web account use strong passwords, and especially for banking and e-commerce sites
Web users still don’t select good passwords
http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf
http://sunbeltblog.blogspot.com/2010/01/web-users-still-dont-select-good.html
QUOTE: Key findings:
» About 30% of users chose passwords whose length is equal or below six characters
» Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters
» Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password among Rockyou.com account owners is “123456”.
Microsoft offers an FREE online facility to check the strength of passwords
Microsoft Online Safety -- Check your password — is it strong?
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
Despite efforts to shutdown a few spammers recently, these email attacks continue to present challenges to users everywhere.
Report from Europe: 95 percent of email is spam
http://sunbeltblog.blogspot.com/2010/01/report-from-europe-95-percent-of-email.html
http://www.enisa.europa.eu/media/press-releases/spam-survey-2009-the-fight-against-spam
QUOTE: The European Network and Information Security Agency (ENISA) has released a report that says 95 percent of all email is now spam. The report was based on surveying last year of email traffic by about 100 service providers in 30 countries
Please apply this update expediently to better protect against malicious attacks and to fix 7 vulnerabilities in Internet Explorer. Users with automatic updates set to on, will be notified of this available update immediately (even though it is out-of-band with respect to the normal security updates offered on the 2nd Tuesday of the month, a.k.a., Patch Tuesday) So far, this is working well on IE8 at home and work.
Microsoft Security Bulletin MS10-002 - Critical
Cumulative Security Update for Internet Explorer (978207)
http://blogs.technet.com/msrc/archive/2010/01/21/bulletin-ms10-002-released.aspx
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
QUOTE: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported releases of Internet Explorer
Users should install the latest security updates to protect against malicious Shockwave objects circulating in websites. This process is usually invoked automatically and moving to latest version when prompted will better ensure safety when visiting websites. There is also a manual update process as noted in solution information below.
APSB10-02: Abobe PDF security updates
http://www.adobe.com/support/security/bulletins/apsb10-03.html
QUOTE: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided below.
Solution: Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606, available here:
http://get.adobe.com/shockwave/
Users should install the latest security updates to protect against malicious PDFs circulating in spammed email attacks. Usually starting Adobe Acrobat will trigger the automatic update checking process. Please move to the latest version to better ensure safety when processing PDF documents.
APSB10-02: Abobe PDF security updates
http://www.adobe.com/support/security/bulletins/apsb10-02.html
QUOTE: Critical vulnerabilities have been identified in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
SOLUTION: Acrobat Standard and Pro users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Below are MSE installation instructions for users who have the 64 bit versions of Vista or Windows 7 installed
1. Uninstall any previous Anti-virus products (esp. the 60 day trial AV products that may have come with your system)
2. Reboot your system to ensure a clean start
3. Go the WINDOWS UPDATE site and click on EXPRESS to install all updates for improved protection. There is a Malicious Software Removal Tool which will clean up major virus or spyware infections that could be present on your system.
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
4. In order to download MSE, your system must be WGA compliant. At this site Click on VALIDATE BUTTON to ensure your system is WGA compliant
http://www.microsoft.com/genuine/
5. Then visit Microsoft Security Essentials (MSE) site and click DOWNLOAD Button
TIP: there is also an Installation Video to guide in this process you can watch 1st if desired using Media Player
http://www.microsoft.com/security_essentials/
6. Manually Download latest virus definitions
http://go.microsoft.com/fwlink/?LinkID=87341
7. After downloading, click on MPAM-FEX64.EXE and it will automatically install lastest definitions in a couple of minutes.
8. Reboot system to ensure MSE starts automatically
9. Launch Microsoft Security Essentials from Start Menu and select FULL SCAN to ensure your system is malware free. This may take an hour or so depending on the size of system.
10. Ensure your system is set for AUTOMATIC UPDATES (the WIndows Update process in step 1 above allows you to select this option
QUOTE: Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple
Every major event of this type leads to phishing attacks and money not going where it's intended. Please only donate to mainstream sites like the Red Cross, special church funds, etc. Please avoid many of the sites that might appear in email or web searches.
Meanwhile, my deepest sympathy, prayers, and thoughts continue for those affected by this great disaster.
Internet Storm Center - Do the Right thing
http://isc.sans.org/diary.html?storyid=7996
Wired magazine shares some of the worst cyberattacks during the past decade. As I helped protect our company during this period of time, my own list would include most of these. I might also include the costly attacks of the Love Bug, Nimda, Klez, SoBig, Blaster, or Sasser attacks in this group. Defenses, patch management and security were especially weak early in the decade. However even with current improved security, the sophistication of cyberattacks have also increased in this game of cat-and-mouse.
Wired - The Decade’s 10 Most Dastardly Cybercrimes
http://www.wired.com/threatlevel/2009/12/ye_cybercrimes/
QUOTE: it’s time to reflect on the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium.
2000 MafiaBoy
2002 California Payroll Database Breach
2003 Slammer
2004 Foonet
2006 Los Angeles Traffic Signal Attack
2006 Max Vision
2008 RBS Worldpay Heist
2008 Albert Gonzalez
2009 Conficker
2009 Money Mules
In 1996 while implementing a corporate AV solution, several issues surfaced with our product of choice. Direct calls or emails to the vendor did not work well as most software firms have dozens or even hundreds of Help Desk support for millions of customers.
While searching for solutions, I discovered that our AV vendor had implemented a new forum support concept. I soon got instant and practical solutions to our issues and our AV experiences improved. The guidance of experts with subject matter knowledge greatly improved protection as they constantly shared best practices.
As I started using forum support in 1997, I met several friends online that were very helpful. One member in particular was especially a subject matter expert in AV product and security best practices. I recently discovered this new resource and have bookmarked it as an EXCELLENT future resource.
GeoApps Security News Blog
http://geoapps.blogspot.com/
More Posts
Next page »