February 2013 - Posts
ZDnet shares interesting head-to-head comparison of both browsers. The latest version of Internet Explorer are excellent in terms of security, performance, and standards adherence. Firefox and Chrome also are good complementary browsers as well.
http://www.zdnet.com/the-best-windows-browser-today-ie-10-or-chrome-25-7000011862/
QUOTE: Microsoft has just released its newest browser for Windows 7: Internet Explorer (IE) 10. Days earlier, Google had released Chrome 25, its latest browser, for all platforms. So, now that both are available on the most popular desktop operating system, Windows 7, Which is better for Windows 7 users? - In this test, higher scores are better. For once we have a close result and it may surprise you. IE edged out Chrome with a score of 115.38 to 102.73. So, which is the best? Well, for my money, Chrome seems the easy best pick. Not only does it tend to be faster, usually far faster, than IE, it runs on almost every desktop platform you're ever likely to use and it's more HTML5 compatible. That said, if you're running Windows 7and you must use IE, this latest Microsoft browser is a good choice.
The IE10 build has been finalized for Windows 7 as noted below:
http://www.zdnet.com/microsoft-delivers-final-version-of-ie-10-for-windows-7-7000011849/
QUOTE: Microsoft released to the Web the final (non-test) build of Internet Explorer 10 for Windows 7 on February 26. IE10 is the latest version of IE and the one that is bundled with Windows 8 and Windows RT. Like IE10 for Windows 8 and Windows RT, IE10 for Windows 7 is optimized for touch first. Unlike the Windows 8 and Windows RT versions, IE10 for Windows 7 places the URL bar at the top of the screen, not the bottom. And as is true with the Windows 8/Windows RT version, IE10 for Windows 7 has the Do Not Track (DNT) signal turned on by default, preventing users from having their behavior automatically tracked online.
McAfee labs shares an update on developments for the latest Autorun worm which is very difficult to detect and uses highly advanced techniques to infect vulnerable computers
http://blogs.mcafee.com/mcafee-labs/polymorphic-autorun-worm-evolves-and-obfuscates
QUOTE: The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral perspective, it looks like any other thumb-drive infecting worm. It adds an autorun.inf file on all removable drives and network shares, has an icon resembling a folder icon to trick people into double-clicking it, and infects ZIP and RAR archives. What separates this worm from the rest, however, is the level of obfuscation and polymorphism that it employs.
The worm can download other prevalent families, such as ZBot, and it’s clear that the payload families use the worm’s spreading mechanism as a propagation vector. This family hasn’t shown signs of fading away (more than a million files on VirusTotal belong to this family), but with a few simple steps, you can avoid getting infected by this annoying worm.
* Don’t click links in spam emails that promise free stuff or suggest new ways to make a quick buck.
* Don’t execute software that arrives via spam.
* Disable the AutoRun feature on Windows
* Refrain from opening files from unknown sources
* Don’t open any executable file with a shady application name
* Check source by hovering your mouse near a link
* Don’t open any executable file that looks like a folder icon with blurred edges
* Read our Threat Advisory for more information
There are no "free lunches" available from the Internet and users should never click on links or buttons associated with these scams that often lead to a malicious application.
http://facecrooks.com/Scam-Watch/Ive-just-received-a-500-Walmart-Giftcard-for-free-and-5-more-to-give-away-to-friends-Facebook-Scam.html
QUOTE: I’ve just received a $500 Walmart Giftcard for free and 5 more to give away to friends – Facebook Scam
Scam Signature Message: I’ve just received a $500 Walmart Giftcard for free and 5 more to give away to friends. If you shop at Walmart and want one for free, get one here
Scam Type: Survey Scam, Rogue Facebook Application, Bogus Offer
Trending: February 2013
Why it’s a Scam: Clicking the wall post link takes you to a Facebook called ‘Free Giftcards:’
How to Deal with the Scam: If you did make the mistake of installing the Facebook application, then you could be spamming the message to your friends. Clean up your newsfeed and profile to remove references to the scam. (click the “x” in the top right hand corner of the post). You’ll also need to remove the rogue Facebook application from your account.
McAfee Labs shares an interesting and in-depth article on the first exploit to bypass sandbox controls added in version 10 and higher for Adobe. Adobe users will greatly improve their security by being on the latest version, as active attacks are circulating for version 9 or lower.
http://blogs.mcafee.com/mcafee-labs/analyzing-the-first-rop-only-sandbox-escaping-pdf-exploit
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
http://blogs.mcafee.com/mcafee-labs/adobe-flash-zero-day-attack-uses-advanced-exploitation-technique
QUOTE: As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background. The Adobe Reader sandbox consists of two processes: a high-privilege broker process and a sandboxed renderer process; the latter is responsible for rendering the PDF document. Adobe has now released the official patch for these critical vulnerabilities. As always, we strongly suggest that users apply the patch as soon as possible
As many users store photos and other data on Facebook or other social network environments, this new software product provides a backup service directly to the users computer. It is described in an article by Facecrooks Security.
http://facecrooks.com/Internet-Safety-Privacy/Protect-Your-Social-Media-Accounts-with-SocialSafe-the-Ultimate-Backup-Solution.html
http://services.socialsafe.net/
QUOTE: A company called SocialSafe provides an incredibly simple way to back up and archive your Facebook timeline, Facebook Pages, Twitter, LinkedIn, Instagram, Google+ and Viadeo profiles and more. As you know, we often talk about social media privacy issues, and one thing we really like about SocialSafe is that all of your information is stored locally on your computer. Your data isn’t stored on a server in the cloud somewhere where it’s vulnerable to data breaches and hackers.
Not only does SocialSafe provide an excellent social media backup service, the application also provides quick and powerful search and browse capabilities. You can navigate your Timeline in a calendar format, search across all of your social networks with deep precision and even view a journal created from all of your backed up activities. As well as this, you can export your data to CSV, allowing you to really take control of and get the most from your social content in any way that you want.
Facecrooks Security describes a new voluntary purchase tracking system that is designed to tailor advertising for Facebook users. Security and Privacy concerns are noted in this article.
http://facecrooks.com/Internet-Safety-Privacy/Facebook-Testing-Targeted-Ads-Based-on-What-you-Buy-In-Store.html
QUOTE: Facebook’s targeted advertising is already pretty sophisticated in understanding your tastes, but their ability to monitor your transactions could soon follow you into the real world. According to Ad Age, Facebook has teamed up with several data provider companies to track your purchases in actual brick-and-mortar stores. It will allow for brands to hone in even more accurately on consumers with targeted advertising on the site. On its surface, this plan seems like a giant leap toward Big Brother, but how it will work in practice isn’t quite so sinister.
The ad targeting will take place when data companies match up, anonymously, retail loyalty program members and Facebook users by using the phone number and email address members gave when they signed up for both services. However, Facebook is going to face an uphill battle in convincing a skeptical public that their personal information is safe, especially given the news of the recent Facebook hack reportedly perpetrated by Eastern European or Chinese hackers. “Facebook’s challenge is going to be breaking down the process in ways that are simple to understand and fostering confidence that this powerful data can be handled in a responsible way,” MEC Social Lead Kristine Segrist told Ad Age.
At the RSA conference, Secunia debuted a new version of their security inpection software designed for small business networks. Their PSI product for home users has also been an excellent tool to ensure all software is up-to-date on security patches
http://securitywatch.pcmag.com/none/308639-rsa-keep-your-small-business-pcs-fully-patched
QUOTE: Software isn't perfect. Any browser, application, or operating system has holes that can allow malefactors to penetrate your security. When a new vulnerability comes to light, vendors scramble to release a patch. If you don't apply those patches, your PC is likely to fall victim to the attack. As I've reported before, the free Secunia Personal Software Inspector (PSI) is a great way to check for unpatched products and, in many cases, automatically apply needed patches. At the RSA Conference in San Francisco, Secunia announced a version aimed at small businesses, as well as an inspector for Android devices.
Morten R. Stengaard, Secunia's Director of Product Management and Quality Assurance, demonstrated a beta version of Secunia Small Business. From a simple central console, you can push installation of PSI to all of the company computers. Once PSI is in place, you can launch scans, evaluate results, and enforce patching. The computers don't have to be on the same network, and you can enable administrative control for up to five devices at no cost. Secunia hasn't yet settled on a price for devices after the free five, but Maria Eriksen-Jensen, VP of Business Development and Marketing, said it would be less than five dollars per month.
"There's sophisticated technology behind this product," said Stengaard, "but from the user's point of view it's plain, simple, and automatic. Going forward we plan to add notifications, so you can learn about a critical problem without having to log in. Secunia Small Business is available now as a public beta, free for anyone to try. During the beta period, you can connect with up to the maximum of 50 PCs at no cost. Release is expected in the second quarter.
Users should update Adobe Flash when prompted to defend against new attacks in-the-wild
http://securitywatch.pcmag.com/adobe/308607-adobe-patches-flash-bugs-attackers-targeted-firefox-users
QUOTE: Adobe patched three new security flaws in its near-ubiquitous Flash Player, of which two were already being exploited in the wild. Attackers were specifically targeting Mozilla Firefox users, the company said. The two zero-day vulnerabilities, CVE 2013-0643 and CVE 2013-0648, were being exploited in targeted attacks where users were tricked into clicking on a link to a Website hosting malicious Flash files, Adobe said in its security advisory released Tuesday. The company did not credit any organization or researcher who found the zero-day vulnerabilities, but credited IBM X-force for reporting the third security hole.
Trend Labs shares defensive approaches for targeted attacks where a specific group of users might be selected to compromise corporate security controls:
http://blog.trendmicro.com/trendlabs-security-intelligence/understanding-targeted-attacks-how-do-we-defend-ourselves/
QUOTE: Remember that even though we’ve come to accept that attackers have greater control, does not mean that we don’t have any of it. We do, and it is important to take note of that because using that control is highly critical in dealing with targeted attacks.
1. Control the Perimeter
2. Deploy Inside-Out Protection
3. Assume Intrusion and Act Accordingly
Lookout mobile security recommends these five articles:
https://blog.lookout.com/blog/2013/02/11/5-cybersecurity-articles/
QUOTE: Reading these 5 insightful articles won’t leave every cybersecurity stone unturned, but it’s a solid start:Five recommended cybersecurity articles for FEB 2013
Reading these 5 insightful articles won’t leave every cybersecurity stone unturned, but it’s a solid start:
1. President Barack Obama is near issuing an executive order that would set cybersecurity standards for companies operating core U.S. infrastructures.
2. Yesterday, the European Union launched a cybersecurity directive calling for all states to form Computer Emergency Response Teams (CERTs).
3. The U.S. Federal Communications Commission recently issued 10 cybersecurity tips for small businesses.
4. The U.S. Department of Homeland Security gives helpful advice about cybersecurity on their website.
5. On the go? Check out this short Wall Street Journal video about staying safe online
The blog has been an excellent resource in following mobile security developments. AV Test recognized mobile security product as providing good protection as well.
https://blog.lookout.com/blog/2013/02/18/raising-the-bar-av-testing/
QUOTE: We’re proud to share that our product was recognized by AV-TEST as a top mobile security product. It is a testament to our approach of using data and advanced automated analysis to detect and block malware before it spreads. This offers comprehensive detection and equally important, protects people with the speed and efficiency that the traditional AV industry has lacked The fact is, emerging technologies are a challenge to test and benchmark, and it takes time to build a sound methodology that is an accurate measure of the real-world threat environment.
Please ensure you are update with this recent update
http://securitywatch.pcmag.com/software-patches/308303-adobe-patches-exploit-in-acrobat-and-reader-update-now
QUOTE: Adobe pushed a critical update to users of their Reader software yesterday, patching a critical vulnerability being exploited to take control of victims' computers. The patch is recommended by Adobe for all users of Adobe Reader and Acrobat, XI and earlier. The update impacts Windows, Macintosh, and Linux users for versions 11.0.01, 10.1.5, 9.x, and earlier versions of Adobe's software. The patch can be downloaded from Adobe's website, or through the company's automatic update feature. Adobe notes that while automatic updates are enabled by default, users can manually check for an update by clicking Help > Check for Updates
A new “Gold Membership” scam for fee of $9.99 is circulating and should be avoided by all users
Facecrooks: Scam-Watch/The-Facebook-Gold-Membership-Hoax
QUOTE: It seems that a new viral hoax sweeps Facebook every week or so. They always sound vaguely plausible, at least upon first glance and without a close inspection. The latest in this line of semi-believable hoaxes is the Facebook “Gold” membership hoax. The bogus message reads: “It’s official. Communication media. FACEBOOK has just published its price. fee of $? ($ 9.99), to become a member of ‘gold’ and keep your privacy as it is. If you paste this on your wall will be completely free. Otherwise, tomorrow all your documents can become public. Even those messages that you have deleted or photos that you have not authorized …… not cost you anything, copy and paste.”
As a top safety tip, recommend moving to version 11 of Adobe Reader as it offers sandbox security controls that help better mitigate scripting attacks
http://securitywatch.pcmag.com/none/308409-read-pdf-files-safely-here-is-how
QUOTE: Cyber-attackers frequently trick users into opening PDF files containing malicious code. Once opened, the code triggers security flaws in Adobe Reader and Acrobat and compromises the victim's entire computer. Read on for tips on how to be safe when opening PDF files.
Key summary of safety tips include:
1. Keep your PDF reader up-to-date with the latest patches and versions.
2. Always avoid updates from unofficial sites.
3. Use of alternate PDF readers can help mitigate risks
4. Disable it in the Browser
5. Do not open PDF files from unknown sources.
During FEB 2013, Microsoft issued an extensive security update ... Please be sure all servers and PCs are up-to-date corporately and at home ... sharing as reminder and ISC has excellent monthly analysis:
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
https://isc.sans.edu/diary/Microsoft+February+2013+Black+Tuesday+Update+-+Overview/15142
Symantec has published an infographic related to some of the latest data loss trends involving both security and contigency planning
http://securitywatch.pcmag.com/none/307948-top-10-surefire-ways-to-lose-your-data-in-2013
QUOTE: For example – putting off file or server backups until tomorrow or some other day could be disastrous. Yes, you may have work that needs to be dealt with right away, but wouldn't you rather rest easy knowing that in case of a power outage, your company's data is secured and backed up, thus reducing the possibility of falling behind in production?
Another bad habit is employees taking their work home with them using unencrypted USB drives or emailing it to their personal accounts. If you want to keep doing your work at home, make sure to encrypt the files and data. Cybercriminals could easily hack into your email and find that information, putting your company at risk of a security breach. Also, avoid using public WiFi to send confidential reports and data to your boss. It may be convenient, but you never know who else is using that network
Facecrooks security shares some great best practices with detailed screenshots to help guide users in tuning their privacy and account settings
http://facecrooks.com/Internet-Safety-Privacy/how-to-lockdown-your-facebook-account-for-maximum-privacy-and-security.html
QUOTE: Our goal was to create a guide that Facebook users could reference to help them set up their privacy and security controls quickly, easily and appropriate for their comfort level of sharing. This walk-through will show you how to configure your Facebook Account and Privacy Settings
The new Facebook "graph search" feature may share some personal preferences that users may not want to disclose. This great advice from F-Secure can help better protect privacy.
http://www.f-secure.com/weblog/archives/00002495.html
Yesterday as I was testing Facebook's Graph Search, which is in Beta, I searched for the following: women who live in Helsinki, Finland and who like sushi. (I wanted something that would get lots of results. It did.). At the end of the day, I cleared my search history. Then today, a sponsored story for a Helsinki-based sushi restaurant appeared in my News Feed. Coincidence?
Three steps to improve privacy
1. First of all, consider limiting all of your old posts. Most of the profiles that I've observed make good use of current privacy controls, but some have pre-2010 legacy posts which are public.
2. Secondly, edit your likes. (facebook.com/"profile.name"/favorites)
3. At least limit each category to friends rather than public, especially if your posts are generally only shared with friends
This decision tree infographic is offered by Trend Labs and shares beneficial security and privacy techniques
http://securitywatch.pcmag.com/none/307488-stay-secure-with-this-mobile-privacy-chart
QUOTE: While a good start, there's a few points in the graphic that deserve elaboration. For instance, a blanket statement like "Don't connect to public hotspots" probably won't work for most people. Instead, it's smart to limit your public WiFi use to benign web browsing and avoid activities that might expose valuable information—like online banking. VPN servioces can also shield you from sniffers, for when you really need to get something done on a public network.
The graphic also advises that users not save passwords in apps. However, this can be counter-productive with the sheer number of services that require password authentication. Consider using a password service like LastPass to generate and store high-quality passwords. Also, keep an eye on accounts and act quickly to change passwords if you suspect one has been compromised.
One area where the graphic provides excellent advice is apps and games. We couldn't agree more with most of these points; especially with the recommendation that users check the app's authenticity. We'd also stress that Android owners check what permissions the app requests, or even check the app against a reputation service.
MOBILE PRIVACY INFOGRAPHIC - EXCELLENT RESOURCE
http://www.pcmag.com/image_popup/0,1740,iid=365782,00.asp
More Posts
Next page »