April 2012 - Posts
Facecrooks security highlights a new tool available to assess privacy for popular Facebook apps
QUOTE: Privacyscore, a project conducted by Privacychoice, recently released a Facebook application that rates the privacy risks of the most popular Facebook applications. Pictured below is what you’ll see when you visit the app. Hovering over one of the featured apps, displays their score.
As with all BETA products, a good working knowledge of how to work around issues is essential:
Microsoft - Security Essentials v4 BETA release
QUOTE: Microsoft has released Security Essentials 4.0, the latest version of its lightweight, straightforward antivirus package. The bulk of the changes this time are under the hood. MSE’s “Automatic Remediation” now does a better job of quarantining threats on its own, for instance, no user intervention required. And Microsoft claims scanning performance and malware detection rates have both improved on the previous build.
Facebook is now actively promoting AV solutions that include free 6 month trial periods plus products like MSE, AVG, or AVAST that are completely free
Facebook Security Page
Facebook Security - AV Products being promoted for better security
QUOTE: One of the more exciting announcements made in the post is that the security companies mentioned above will be sharing educational materials on the Facebook Security page.
Hundreds of pages of data are highlighted in the latest release
Microsoft SIR Volume 12 release - Huge release of analytical information
QUOTE: Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:
• Latest industry vulnerability disclosure trends and analysis
• Latest data and analysis of global vulnerability exploit activity
• Latest trends and analysis on global malware and potentially unwanted software
• Latest analysis of threat trends in more than 100 countries/regions around the world
• Latest data and insights on how attackers are using spam and other email threats
• Latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites
A good article documenting the need to review phone bills in detail each month:
Mobile Security - How can you tell your phone is infected?
QUOTE: On a PC the signs are pretty obvious. Your computer slows to a near-screeching halt, your browser re-directs you to random websites, your friends are suddenly calling asking about your career change to become a Viagra distributor (since your email has probably been hacked). Your IT guy can often tell by looking at your process names, as malware authors might name their malicious process 'svchsot.exe' to look like a legit one 'svhost.exe' (see what I did there?).
Harder To Tell On a Phone -- According to Kaspersky malware researcher Tim Armstrong, users usually don't discover something's wrong until they look at their phone bills and don't recognize the numbers of text message recipients. Premium rate SMS Trojans are the most common type of mobile malware. This malware disguises itself in a legit-looking app, and secretly sends SMS short codes that bill the caller. Nor will an average user really be able to tell by checking app permissions. Android developers can choose from dozens of permissions, and as Armstrong notes, it's often impossible to guess which are legitimate and which are warning signs.
Both Windows and Mac users are protected if they are up-to-date on security patches.
QUOTE: A malware attack called Flashback infested well over a half-million Macs last week by exploiting a Java vulnerability. All Mac users have since updated to Apple's recently-released Java update, thereby rendering all Flashback variants powerless. Right. In your dreams! In the real world, hundreds of thousands of Macs remain infested, and a new threat has surfaced that gains entry using the same exploit but goes on to wreak even more havoc.
According to a post by Graham Cluley on Sophos's Naked Security blog, Sophos researchers determined that this new threat is attacking both Mac and Windows computers through the same Java vulnerability Flashback used. Windows users who permit automatic updates should be safe, as Microsoft patched the vulnerability in mid-February. Windows and Mac users who haven't updated are vulnerable.
ISC highlights recent security update and the creation of a removal tool for the Flashback Trojan attacks circulating in-the-wild.
Apple Security - Flashback Removal Tool
QUOTE: Earlier in the week Apple released a Java update which included software to remove the Flashback Trojan from OS X Lion machines running Java. The Flashback Trojan removal tool is now also available for OS X Lion machines not running Java. This Flashback malware removal tool is available through the OS X Software Update tool, or from Apple's download site
DBAs and security teams should apply these patches promptly as numerous products were updated
QUOTE: Affected Products and Versions Patch Availability
Oracle Database 11g Release 2, versions 22.214.171.124, 126.96.36.199 Database
Oracle Database 11g Release 1, version 188.8.131.52 Database
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 Database
Oracle Application Server 10g Release 3, version 10.1.3.5.0 Fusion Middleware
Oracle BI Publisher, versions 10.1.3.4.1, 10.1.3.4.2 Fusion Middleware
Oracle DB UM Connector for Oracle Identity Manager, Version 184.108.40.206 Fusion Middleware
Oracle Identity Manager 11g, versions 220.127.116.11, 18.104.22.168 Fusion Middleware
Oracle JDeveloper, version 10.1.3.5.0 Fusion Middleware
Oracle JRockit versions, R28.2.2 and earlier, R27.7.1 and earlier Fusion Middleware
Oracle Outside In Technology, versions 8.3.5, 8.3.7 Fusion Middleware
Oracle WebCenter Forms Recognition, version 10.1.3.5 Fusion Middleware
Enterprise Manager Grid Control 11g Release 1, version 22.214.171.124 Enterprise Manager
Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5 Enterprise Manager
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3 E-Business Suite
Oracle E-Business Suite Release 11i, version 126.96.36.199 E-Business Suite
Oracle Agile, version 6.0.0 Supply Chain
Oracle AutoVue version 20.0.2 Supply Chain
Oracle PeopleSoft Enterprise CRM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HCM, version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise FCSM, versions 9.0, 9.1 PeopleSoft
Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52 PeopleSoft
Oracle PeopleSoft Enterprise Portal version 9.1 PeopleSoft
Oracle PeopleSoft Enterprise SCM, versions 9.0, 9.1 PeopleSoft
Oracle Siebel Life Sciences, versions 8.0.0, 8.1.1, 8.2.2 Health Sciences
Oracle FLEXCUBE Direct Banking, versions 5.0.2, 5.3.0-5.3.4, 6.0.1, 6.2.0 Contact Oracle Customer Support
Oracle FLEXCUBE Universal Banking, versions 10.0.0-10.5.0, 11.0.0-11.4.0 Contact Oracle Customer Support
Primavera P6 Enterprise Project Portfolio Management, versions 6.2.1, 8.0, 8.1, 8.2 Primavera
Oracle Sun Product Suite Oracle Sun Product Suite
Oracle MySQL Server, versions 5.1, 5.5
This excellent set of Windows utilities was recently updated
ISC: Sysinternals - April 2012 Product Releases
QUOTE: Among the release are updates to the following:
• Process Monitor v3.01
• TestLimit v5.2
• Webcasts from Mark R.
• Windows Internals 6th Ed. Part 1
The ISC documents an important security release:
Word Press 3.3.2 security release
QUOTE: WordPress released a security update (version 3.3.2) that fixes 3 external libraries (Plupload, SWFUpload and SWFObject) as well as privilege escalation and cross-site script (XSS) issues as well as 5 other bugs. Change log posted here. The advisory is posted here and you can download the update here.
As Apple works to resolve current issues with Flashbook, malware authors continue to innovate attacks.
New 'Flashback.S' Variant Spotted in the Wild
QUOTE Intego reported on Monday afternoon that Flashback has already evolved into a new variant, exploiting the same Java vulnerability that earlier this month had infected more than half a million Macs. This time, however the user does not even need to enter a password to complete the install. "It's an entirely silent install now," Intego researcher Lysa Myers told Security Watch. "We've seen silent installs on OS X before, but this is the first time we've seen something to this extent." Flashback.S drops two files in the user's home folder, then deletes cached Java files to avoid detection.
Facecrooks security shares a new scam to avoid:
Facebook - Free Regal AMC Movie Tickets scam
QUOTE: Get 4 Free Regal/AMC Movie Tickets (Limited Time Only) ... We are giving away 4 Free Regal or AMC movie Tickets to all facebook users!
IMPACT: By reading the Terms and Conditions of the ‘deal,’ you quickly discover that you have to complete a total of 6reward offers. These offers often cost money. You also have to complete surveys – keep in mind that your personal data will be shared with other marketers, sponsors, scammers – whatever you want to to call them! You are usually required to provide your name, address, phone numbers and date of birth. This will enable the shady marketers to not only spam your Facebook account, but also harass you via snail mail, phone calls and text messages.
Microsoft recently announced that "Windows Server 8" will be officially named as "Windows Server 2012"
Windows Server 8 officially dubbed Windows Server 2012
QUOTE: On April 16, Microsoft officials unsurprisingly revealed that the final name of Windows 8 on most PCs and tablets would be “Windows 8.” The name of Windows 8 on ARM tablets, surprisingly, is Windows RT — not to be confused (ha!) with the WinRT Windows Runtime which is the crux of the Windows 8 Metro-Style development platform. On April 17, Microsoft officials said during the opening keynote of the Microsoft Management Summit (MMS) 2012 in Las Vegas that the final name of Windows Server 8 will be “Windows Server 2012.”
Botnets are starting to target and spread to other environments as noted below:
Apple - Large botnet of 600K+ Macs infected
Facecrooks security shares a warning related to malware attacks that present credit card forms for users to fill out in the Facebook environment. These attacks should be avoided.
[Malware Alert] Beware of Rogue Forms Asking for Credit Card Info
QUOTE: Trusteer researchers released the details of a sophisticated new malware attack targeting Facebook users. The goal of the Ice IX malware scheme is to steal credit card information and personal account information. This is accomplished by using a web injection cycle to display a malicious web page in the victim’s browser.
The form tries to obtain cardholder name, credit card number, expiration date, CID and billing address. Users are advised this form must be completed to verify their identity and to further secure their Facebook account. Once a user falls for the scheme, the form data is delivered to the malware authors using an instant messaging script. This is especially dangerous since it allows for immediate account access. Check out their blog post to see an example of the rogue form in action and to see a walkthrough of a marketing video discovered in underground forums. The scammers use this video to showcase how web injection attacks are perpetrated.
This article by PC Magazine explains the challenges and difficulties in shutting down a botnet
Botnets Takedowns: A Game of Whack-A-Mole?
QUOTE: Botnet takedowns are exciting. Researchers explain how they’ve infiltrated the shadowy world of botnets and wrested control away from the unknown botmasters who are intent on controlling our computers for their nefarious purposes. Thanks to their technical expertise, our computers are safe again, at least, until the next infection.
On Mar. 26, Microsoft announced Operation B-71, in which its Digital Crimes Unit worked with industry partners and law enforcement to seize over 100 domains and shut down servers used to control a group of Zeus botnets. Kaspersky Lab followed up three days later with its own shutdown story with Crowdstrike and Dell SecureWorks to take over the Kelihos botnet, which may have had 116,000 machines under its control.
PC Magazine shares some great safety tips for Twitter
Twitter - Best practices for using it safely
QUOTE: A lot of safe Twitter practices are common sense, like previewing shortened URLs before clicking them, assuming all your tweets are public, but on top of that Ryan offered a few more ways to mitigate the risk of a targeted attack:
1. NEVER re-use passwords.
2. ALWAYS delete password reset emails.
3. NEVER use the Auto-Complete and Save functions in Web browsers.
4. ALWAYS use complex passwords.
5. ALWAYS use SSL (https://) when accessing Twitter through a Web interface. You can enable this automatically in your Twitter Settings page.
6. ALWAYS pay close attention to the APIs you allow access to your account. You can do this by clicking Twitter/Settings/Apps. Remove unused APIs.
7. ALWAYS monitor what your friends and loved ones tweet about you. This is information that can be used to strengthen a phishing attack.
Facecrooks security shares safety tips on turning off third party APPS. This prevents invitations from a malicious APP from being spammed to all contacts. While many Game application invitations are clear cut, a technique called Clickjacking may cause an application to be installed unknowingly for your account.
How to Protect your Personal Data from Facebook Applications your Friends Use
QUOTE: Many Facebook users have an aversion to third party Facebook applications and rightly so. The platform is riddled with rogue apps that are used to spread spam, scams and malware. Also, it is a huge privacy risk to give unknown application developers access to your private Facebook data. You can disable all platform apps. This is obviously the most direct and definitive approach. This will totally prohibit any third party Facebook application from accessing your account. This option is located under your Privacy Settings. Next, you will need to scroll down and click ‘Edit Settings’ under Apps and Websites.
More on dangers of Malicious Applications
Sharing recent article for CPCU Society releated to ethical conduct for insurance professionals ...
Below are ideas for improvement as we strive to meet high standards of ethical conduct.
Ethics - Key Principles for Professionals during 2012
1. Always treat the customer in the same manner you would like to be treated
2. Also treat your fellow employees, family, and friends in the same manner you would like to be treated
3. Strive to be honest in all matters both on and off the job
4. Don't cheat even with the smallest of monetary consequences (even a quarter can make a difference as shared below)
5. Estabilish a system of accountability and company standards (to ensure that everyone is working with a common goal of fairness and honesty)
6. Take seriously the standards of the CPCU designation with respect to continuing education, professionalism, and ethics
7. Management must lead by example, if they expect employees to follow
8. We are all human and we will occassionally fail. It is important to quickly correct mistakes, quickly repair relationships and avoid future mistakes
9. When faced with complex decisions and ethical dilemas, proceed carefully and think through the various options before taking action. It's better to be slow than unethical in meeting customer needs
10. We must learn from mistakes and visualize the long term benefits of operating with the best ethical practices, rather than taking short cuts.
QUOTE: For the good of the society, we should not unquestioningly embrace just any value system. I propose we consider at least three universal precepts that exist in nearly every civilized society and in most every religion: honesty, respect for other persons and respect for others’ property. Those ought to be the qualifying parameters for any belief system chosen by an insurance professional.
AN ETICAL DILEMMA – HOW EVEN A QUARTER MAY MAKE A DIFFERENCE
Several years ago, a new pastor moved to Houston, Texas. Some weeks after he arrived, he had occasion to ride the bus from his home to the downtown area. When he sat down, he discovered that the driver had accidentally given him a quarter too much change. As he considered what to do, he thought to himself, "You'd better give the quarter back. It would be wrong to keep it."
Then he thought, "Oh, forget, it's only a quarter. Who would worry about this little amount. Anyway, the bus company gets too much fare; they will never miss it. Accept it as a 'gift from above', keep quiet, and don't make a big deal about it.
When his stop came, he paused momentarily at the door, then he handed the quarter to the driver and said, "Here, you gave me too much change." The driver with a smile replied, "Aren't you the new pastor in town? "Yes" - the Pastor replied. The bus driver replied, "I have been thinking lately about going to worship somewhere. I just wanted to see what you would do if I gave you too much change. You passed my test, so I'll see you at church on Sunday"
When the pastor stepped off of the bus, he literally grabbed the nearest light pole. This small incident had shaken him up somewhat. He thought, "If I had kept that quarter, I would have made a critical mistake and misrepresented my faith and profession". The bus driver may have thought that we're all hypocrites and not taken that step to come to our church on Sunday.
While Google and many companies celebrate this day with harmless pranks, many malicious attacks have also occurred in the past. Please be careful with email, websites, and even what you read on this day.
More Posts Next page »