November 2012 - Posts
More online safety tips for the 2012 holiday season:
http://www.forbes.com/sites/firewall/2012/11/25/you-better-watch-out-online-attacks-are-coming-to-town/
https://isc.sans.edu/diary.html?storyid=14569
QUOTE: It is time for a more consumer oriented blog post with a couple of hints about what to watch out for during the holiday online shopping season. How do you watch out and tell who is naughty and nice online? You better check twice or you better not cry if you lose your money, your credit cards, or even your identity.
1. Stick to Sellers you Know
2. Don't Trust Customer Reviews Blindly
3. Be Careful with "Phishing"
4. Watch Your Credit Card Statement Carefully
5. Be a Cautious Seller
6. Be Careful When and How to Meet a Craigslist Seller
7. Don't Buy Stolen Property
This article in the Mac Security Blog makes a great point, While seatbelts won't prevent all injuries, you are much safer by buckling up. Likewise, security controls won't guarantee complete safety, but folks can stay better protected through technical safeguards and best practices.
http://www.intego.com/mac-security-blog/security-measures-arent-completely-effective-but-that-doesnt-mean-you-shouldnt-use-them/
QUOTE: Passwords, security software, and user education don’t prevent 100% of computer security problems. There are some large holes in “typical use” of these things — no one will disagree with that. Should you stop using them? Every few months, there is some new article suggesting exactly that. The latest to join this trend is an article by Mat Honan discussing the inefficacy of passwords. This much is true: if you’re only using easily guessable passwords and signature-based antivirus on a Windows machine, you’re likely to get hit with malware or have your accounts hacked sooner than later. But if you’re updating your software, using complex passwords, and implementing a security suite including anti-virus with behavioral scanning plus a firewall, your odds of being hit are much lower. At the very least, your protection is going to be way better than what most people are using, so you could be a less tempting target.
Symantec has identified a new sophisticated malware threat designed to alter SQL Server databaseswhere user rights are not properly locked down. As with the Stuxnet attacks, this new threat is most active in the Middle East
http://www.symantec.com/connect/blogs/w32narilam-business-database-sabotage
http://securitywatch.pcmag.com/none/305296-database-modifying-malware-narilam-a-corporate-sabotage-tool
QUOTE: In the last couple of years, we have seen highly sophisticated malware used to sabotage the business activities of chosen targets. We have seen malware such as W32.Stuxnet designed to tamper with industrial automation systems and other destructive examples such as W32.Disstrack and W32.Flamer, which can both wiped out data and files from hard disks. All of these threats can badly disrupt the activities of those affected. Following along that theme, we recently came across an interesting threat that has another method of causing chaos, this time, by targeting and modifying corporate databases. We detect this threat as W32.Narilam. Based on the detections observed, W32.Narilam is active predominantly in the Middle East.
Just like many other worms that we have seen in the past, the threat copies itself to the infected machine, adds registry keys, and spreads through removable drives and network shares. It is even written using Delphi, which is a language that is used to create a lot of other malware threats. All these aspects of this threat are normal enough, what is unusual about this threat is the fact that it has the functionality to update a Microsoft SQL database if it is accessible by OLEDB.
AV Comparatives recently tested cleaning capabilities for free and premium AV products. All products tested did fairly well in scoring.
http://www.av-comparatives.org/images/docs/avc_rem_201211_en.pdf
http://securitywatch.pcmag.com/none/305309-which-antivirus-cleans-best
QUOTE: Bitdefender Antivirus Plus 2013 and Kaspersky Anti-Virus (2013) managed an A average in both removal and convenience. That comes as no surprise to me; both products also scored very well in my own malware cleanup test. Panda Cloud Antivirus Free Edition 2.0 came close with an A- in both categories. All three of these products earned the top rating, ADVANCED+. Even the lowest scores weren't dreadful. AVG Anti-Virus FREE 2013 earned a B average for both thorough removal and convenience, while avast! Free Antivirus 7 averaged a B for convenience and B- for thorough removal. These got a STANDARD rating, the lowest passing rating. All of the others were rated ADVANCED. Overall, products in this test did better than in last year's test.
The System Restore process was improved for Windows 8. The following compares the new approach with an advanced third party recovery tool.
http://securitywatch.pcmag.com/none/305179-windows-8-reset-and-refresh-versus-faronics-deep-freeze
QUOTE: In theory, if you screw up your settings or otherwise run into trouble, the Windows System Restore feature can put things right. In my years of experience, however, I've found that using System Restore causes more problems than it resolves. The new Refresh feature in Windows 8 is intended as a better kind of System Restore, and the Reset feature should reset your Windows 8 installation to a pristine out-of-box installation.
When you run Windows 8 Refresh, it keeps your files and personal settings but restores all Windows settings to their defaults. Applications that you installed from disk will be removed and logged; apps from the Windows Store will remain. Mehta found that the process took about 30 minutes. It turns out that apps from the Windows Store actually do get removed during the process, but it reinstalls them automatically. It also removed all Windows updates, so he had to reinstall those. And it gave the first-time treatment to each user account, rebuilding the profile and offering a Windows 8 tutorial.
The FBI is using social media networks to investigate security fraud, as noted below:
http://www.nbcnews.com/technology/technolog/fbi-uses-twitter-social-media-look-securities-fraud-1C7209895
QUOTE: The FBI sees social media as a potential breeding ground for securities fraud, and has agents scouring Twitter and Facebook for tips, according to two top agents overseeing a long-running investigation into insider trading in the $2 trillion hedge fund industry. April Brooks, a special agent in charge of the New York field office of the Federal Bureau of Investigation, and David Chaves, a supervisory agent, said it is hard to predict the next wave of securities fraud, but they add that it will have a lot to do with advances in technology and social media.
"I will tell you technology will play a huge part, social media, Twitter. Any kind of technology that is new and doesn't exist today, if there is any way to exploit it, these individuals will exploit it," Brooks told Reuters TV in an interview for the Reuters Investment Outlook 2013 Summit. Brooks and Chaves oversee what the FBI calls "Operation Perfect Hedge," which has led to more than 60 convictions of hedge fund traders, analysts and industry consultants.
Sensitive police documents were apparently shredded and used as confetti in the annual Macy's Thanksgiving Day Parade
http://nakedsecurity.sophos.com/2012/11/26/confidential-parade-confetti/
QUOTE: The world's most famous Thanksgiving parade is probably not where you'd expect to find shredded confidential police documents. But that's exactly what Ethan Finkelstein says he found while enjoying the annual parade in New York City last Thursday, according to an American news station. Finkelstein told PIX11 he was watching the parade from 65th Street and Central Park West when he noticed some of the confetti stuck to his friend's coat. As they picked it off they noticed it had the letters 'SSN' and a number next to it. So they gathered some more confetti that had fallen around them. They found other confidential information, such as arrest records and police officers' details, including social security numbers and dates of birth. Some of the documents identified detectives - including undercover officers - by name.
This article by PC Magazine offers excellent safety advice in four distinct vulnerable areas:
http://securitywatch.pcmag.com/none/305284-shop-online-safely-this-holiday-season
QUOTE: While Black Friday marked the beginning of holiday shopping in stores around the country, many consumers are increasingly counting on online deals to find the best gifts. In a PriceGrabber.com survey of 4,958 U.S. online shoppers, 41 percent of consumers said they planned to shop online on Cyber Monday, the first Monday after the long Thanksgiving weekend. Almost a third of respondents planned to shop online after looking for sales during the Black Friday weekend, and 29 percent planned to take advantage of Cyber Monday deals to get their shopping done early. Retailers aren't the only ones prepping deals; cyber-criminals are paying attention, too. Consumers scouring the Web for amazing deals and acting quickly before special offers expire are highly vulnerable to email messages and posts on social networks containing malicious links.
FOUR KEY AREAS OF SAFETY REQUIRED
1. Shop on Legitimate, Secure Sites
2. Protect Your Data
3. Protect Your Accounts
4. Protect Your Devices
Excellent advice by PC Magazine as scam attacks work through malicious applications on Facebook that appear to come from a trusted friend or contact. Avoid clicking the LIKE button or visiting a URL offered if it seems to good to be true.
http://securitywatch.pcmag.com/none/305285-dissecting-the-facebook-gift-scam-how-they-get-you
QUOTE: "Get free stuff!" is a common lure scammers use on Facebook. It doesn't matter if the pitch is for a free airplane ticket, a free iPad, or just a voucher for a free coffee. Everyone likes getting something for free. While the bulk of Hunt's analysis focused on a supposed $400 voucher promotion from Australian retailer Woolworths, there are similar scams for other retailers, including Starbucks, Costco, and Harvey Norman, he said. "The scam relies of the power of social media leverage by making the victim the advocate for the scam. It’s their wall that's telling all their friends how awesome the scammer's page is," Hunt wrote.
It all begins with a friend. Or more precisely, a post from a Facebook friend in the Newsfeed advertising a voucher or a free gift from a company. Users who click on the link first land on the promotion page, which displays a share widget, user comments, and a Like button. After the user completes all three steps (and ensures friends will now see the post in their Newsfeeds), the user is redirected several times before landing on the final scam page. It may be a survey site, a form asking users to fill out information to win a prize, or some other malicious site. There will be no sign of that initial free gift, though.
Trend Labs shares an informative article related to Out of office notification risks
http://blog.trendmicro.com/trendlabs-security-intelligence/the-risks-of-the-out-of-office-notification/
QUOTE: Many enterprises today, guarding against data breaches and targeted attacks is one of the top concerns of IT administrators. One of the things that administrators guard against is reconnaissance and targeting of any potential high-value personnel who may fall victim to a targeted attack. A less obvious source of information leakage, however, is the humble out-of-office notification. Consider what the typical content of an out-of-office notification is. It will have a brief explanation of why the respondent is out of the office, who the sender can alternately contact instead, and an estimate of when they will return to the office. It may also include the user’s email signature, if he has one.
Individually, this may not be a great deal of information. However, it is easy for would-be attackers to gather multiple out-of-office notifications. Based on our research into spear-phishing, the e-mail addresses of about half of all spear-phishing recipients can be found online using Google. In many cases, corporate e-mail addresses follow a predictable format as well; this makes many addresses “known” so long as an employee’s name is known.
So, what can users and IT administrators do? Fortunately, e-mail server software has had the capability for several years now to properly control out-of-office notifications. For example, users can set one notification message to appear to people within an organization, while setting another for those outside it. Users may also want to consider limiting the information that they include in notifications: for example, instead of saying who to contact, the message may say instead to notify “my manager” or “my subordinates”. All in all, out of office notifications represent a valuable target for reconnaissance by determined attackers, but is a threat that can be secured within reason by users and administrators. What is needed is awareness that this threat even exists – which, hopefully, is something this entry has achieved.
Firefox version 17 was just released and two new innovations are available.
http://thenextweb.com/insider/2012/11/20/mozilla-firefox-social-api-facebook-browser/
http://thenextweb.com/apps/2012/11/20/firefox-17-launches-with-click-to-play-plugin-blocks-for-old-adobe-reader-flash-and-silverlight/
QUOTE: In its continued attempt to help influence the Internet, Mozilla on Tuesday released an update to Firefox that integrates social features into the browser. With this update comes two important things to note: first, the browser now has a social API that developers can tap into, and second, starting today, Firefox users can send Facebook messages right from the browser. So, why Facebook? The service is the biggest social network out there and many of its members are of course Firefox users, a Mozilla spokesperson told TNW. In addition, the social network was able to help flesh out the API to make this idea a reality. With the social API, Mozilla is hoping that developers take notice and find a way to leverage social services right into the browser in a way that it says will be “compelling” and “makes it easier to use the Web the way you want”.
Firefox users who have outdated versions of the most popular plugins will soon see a notification urging them to update when they visit a web page that uses them. Old versions of Silverlight, Adobe Reader and Adobe Flash on Windows are covered by this.
MORE DETAILS BELOW:
http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
http://blog.mozilla.org/addons/2012/10/11/click-to-play-coming-firefox-17/
The new "Cool Exploit Kit" appears to be a new and improved variant of Blackhole Exploit kit
http://www.f-secure.com/weblog/archives/00002458.html
QUOTE: Exploit kits are still making rounds, nothing new there. But in addition to the popular Blackhole Exploit Kit, a new kid on the block emerges which has been dubbed as Cool Exploit Kit. It's very interesting to see how these two actually fare against each other… So is Cool really better? With all these "differences", it appears that Cool and Blackhole are more than just a tiny bit related. And it wasn't only us that notices that there's a high chance that both kits have the same author.
Google will offer a new malware scanning service that can help identify malicious applications as documented below.
http://securitywatch.pcmag.com/none/305131-google-to-verify-android-apps-in-jellybean-update
QUOTE: Users with Android 4.2 (Jelly Bean) devices will have the option of scanning apps installed on their devices to identify malicious apps, Google engineer Michael Morrissey wrote in a Google+ post on Wednesday. The new mechanism would complement the existing Bouncer technology, which scans apps as they are uploaded to Google Play to detect and remove malicious apps, by scanning apps as they are installed on the device.
"We will check for potentially harmful applications no matter where you are installing them from," wrote Morrissey, a member of the Android Security team. Google has already begun rolling out this feature to Nexus 7 and Galaxy Nexus devices as an over-the-air Jelly Bean 4.2 update. The app verifier is enabled by default, according to a Web page describing the security settings in the Nexus 4.
Almost every month, new online password breaches are reported. In this case, a relatively small group of users were impacted. As noted, strong passwords and periodic changes are best practices that can help mitigate these attacks
https://isc.sans.edu/diary.html?storyid=14515
https://blogs.adobe.com/adobeconnect/2012/11/connectusers-com-forum-outage-following-database-compromise.html http://arstechnica.com/security/2012/11/adobe-breach-reportedly-spills-easy-to-crack-password-hashes/
QUOTE: Adobe has revealed that apparently a password database was compromised via a SQL injection attack. Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not). Do we really need to remind you what constitutes a strong password and not to reuse them? Adobe officials are investigating the breach of an online user forum related to its Connect conferencing software following a report that 230 names, e-mail addresses, and cryptographically hashed passwords were leaked online.
Some previous password diaries that might be of interest:
Potential leak of 6.5+ million LinkedIn password hashes
Critical Control 11: Account Monitoring and Control
Theoretical and Practical Password Entropy
An Impromptu Lesson on Passwords
Password Rules: Change them every 25 years (or when you know the target has been compromised)
High school students seeking college admission or employment should be always be careful with content posted on Facebook
http://facecrooks.com/Internet-Safety-Privacy/Over-25-of-Colleges-Now-Prying-Into-High-Schoolers%e2%80%99-Facebook-Profiles.html
QUOTE: According to a recent Kaplan Test Prep survey, which polled 350 admissions officers from colleges all over the country, over 25 percent said they had looked up applicants on Facebook and Google. Many high school students are now taking steps that were common place among older college students entering the job market: they’re changing their names on Facebook, or they are ditching the site altogether. The same Kaplan survey found that 15 percent of schools have a rigid social media policy when it comes to admissions. That may not seem like a lot, but compared to the college admissions climate even just a few short years ago, it accounts for many schools.
According to Nancy McDuff, associate vice president for admissions and enrollment management at the University of Georgia, students open themselves up to inquiries from schools when they put themselves out there online. “If a student mentions something in their application that isn’t well explained, and you’re looking for more information, you may check their Facebook,” she told Time Magazine. “They’re writing about themselves. That’s no different from what a guidance counselor may write about them when they ask for someone to write a letter of recommendation.”
This article shares alarming statistics on how large identity theft has become in our nation:
http://redtape.nbcnews.com/_news/2012/11/14/15144350-10000-id-fraud-gangs-active-in-us-especially-the-southeast-study-finds?lite=obinsite
QUOTE: There are 10,000 active identity theft crime rings across the United States, with the greatest concentration in a "ring of fraud" that stretches across the Southeast from Virginia to Mississippi, according to a new report by fraud-fighting firm ID Analytics.
A majority of these rings are what the firm calls "Friends & Family" groups, not professional criminal organizations, the report concludes. The rings are most highly concentrated in Washington D.C.; Detroit; Tampa, Fla.; Greenville, Miss., Macon, Georgia; and Montgomery, Ala., the report found.
ID Analytics compiled the results by examining its massive database of credit applications and other identity “risk events,” which now includes 1.7 billion entries. The firm cross references credit applications from major banks, auto dealers, wireless firms and other credit grantors looking for evidence of systematic identity fraud.
As the Holiday shopping season officially starts this weekend, please be careful as scams and malware attacks are actively circulating
http://www.technewsdaily.com/15546-black-friday-scams.html
QUOTE: Black Friday, the day after Thanksgiving, marks the start of the American holiday shopping season. Brick-and-mortar retailers gear up for it by offering gargantuan sales to get shoppers in the doors. But they’re not they only ones getting ready. Cybercriminals are prepping their online wares too. Many of the scams also target Cyber Monday, which falls on the Monday after Thanksgiving. For the past few years, Cyber Monday has been the biggest day for online retailers, who entice customers with special “one day only!” promotions. Search the Web for “Black Friday” and there will be thousands of sites promoting sales and discount codes. The sad thing is, a lot of the sites are fake.
Below are Safety Tips for shopping online from last year:
http://www.technewsdaily.com/7346-cyber-monday-safety-tips.html
Additional Home Security tips are noted below:
http://www.technewsdaily.com/8177-10-home-security-tips.html
Home users should note these symptoms that might point to a possible malware infection as documented by Avira security
http://techblog.avira.com/2012/10/30/security-101-october-2012/en/
QUOTE: Usually, if your computer is performing strangely, this is a good sign of being infected with malware. “Strange” can mean one or more of the following symptoms:
- Heavy CPU processing
- Too much RAM consumed
- High network activity
- Runs overall slower
- Doesn’t enter in the standby mode anymore
- Programs takes longer than usual to open
You see strange errors popping up on the screen, including BSOD (blue-screen-of-death – aka complete operating system crash)
This new scanning tool can evaluate and measure the completeness and strength of workstation security
http://www.opswat.com/products/security-score
QUOTE: OPSWAT Security Score is a free tool that scans your computer for the status of your installed security applications and provides a score along with recommendations on how to improve both the score and the security of your device. Download it now to find out your security score! The OPSWAT Security Score tool is powered by OPSWAT's OESIS Framework, a development toolkit that can be integrated to solutions to enable detection and management of antivirus, antiphishing, backup, patch management, firewall, public file sharing, hard disk encryption and many other types of third party applications. Security Score uses OESIS to scan your computer for the presence of these types of applications and to get information about their current status.
These links document how to find the largest messages in cleaning up GMAIL history to regain space.
http://lifehacker.com/5958583/find-the-large-attachments-eating-up-your-gmail-space-with-a-simple-search
http://www.techsmog.com/index.php/2012/10/31/finding-large-attachments-and-emails-in-google-mail-gmail/
QUOTE: This may come as a surprise, but Google is known for its search capabilities and offers many useful search shortcuts. It's no wonder that Gmail does the same. Network administrator Josh Gilmour points out on his blog that if you're low on space in your Gmail account, one easy way to fix it is to search by message size. Searching by size is very simple. You just type size: and then the minimum number of you want each message to be. For example, you'd type size:1000000 for messages greater than 1MB.
More Posts
Next page »