Wednesday, October 10, 2007

Presidential candidates face phishing threat in '08

Phishing is a huge threat, and has been in the past as well. Security professionals are worried that Presidential candidates in the 2008 may have problems with these attacks, and they could potentially disrupt their campaigns. Canidates websites are a very big target for these crimes to be deployed against. They can also make websites that seem to be legit campaign websites, and ask for contributions, getting donations to the campaign and credit card numbers of those who contribute. They also fear that they could use these methods to pose as one candidates website get donations that are suppossed to be for that canidate and give it to the opposing canidate they are in favor of. They can do this by making a site that it one letter off, from the real site domain name such as hilaryclin.com apposed to hilaryclint.com, and use typos to reek their havoc. Or they can use domains that appear to be an extent from the orginal such as hilaryclin.donate.com. These seem to be an extention of the real site, but are in fact a phishers' websites. The 2008 candidates were warned about the risk that they may be targets but few have acted on these warnings. They need to know how much this can have an impact on their campaign and how they can fix it.

Monday, October 8, 2007

Online Video Emerges as PC Security Hole

Hackers are always trying to find different avenues into your PC and it looks like they found a new way in which to worm themselves in: online videos. Most computer users, by now, have been warned about (and infected by) malicious code sent to them via e-mail that hackers need to find an easier path to deliver their code. Most people are unaware of the risks and dangers of viewing videos online (YouTube) and hackers are starting to take advantage of the situation. According to Chris Rouland, the chief technology officer for IBM Corp.'s Internet Security Systems unit, "As companies have gotten better blocking e-mails, we see people move to more creative techniques. The next logical step seems to be the media players." Malicious code isn’t just popping up in videos, but it is also being embedded in pictures and PDFs as well. Just when you thought it was safe to view videos and pictures online, well, you thought wrong.
http://www.msnbc.msn.com/id/21095733/

Yahoo, eBay try to block phishing

Today’s emerging DomainKeys standard is taking a new form in hope to block phishing attacks. Yahoo is working with eBay and PayPal to help block fake emails that look to be from a legitimate user, but in reality are not. This new standard is going to help fight ongoing phishing attacks that have become more relevant in today’s computing world. EBay and PayPal have done upgrades to their systems to support this new DomainKeys standard. This procedure of authentication was developed by Yahoo and allows email senders to say who they are, allowing Yahoo to block emails that are imposing as someone else. DomainKeys is anti-spam application that uses a form of public key cryptography. This system will use the header of the message and use the DNS information and be compared to see if this was really coming from an actual user. The upgrade will be available to Yahoo mail users worldwide in the upcoming weeks. Other companies have been looking at ways to block phishing email but there have been multiple fears of blocking legitimate emails. Yahoo’s system is superior because it provides a way of automatically detecting the phished email without any consumer interaction. EBay and PayPal are the first to actively block unauthorized emails. This method is going to be emerging in the industry today because of the security it offers. Many consumers that are worried about the protection of the information they are getting from websites will be reassured when this new DomainKey standard is put into worldwide use.

Friday, October 5, 2007

iPhone or Paperweight?

Apple said in a recent article that if you hacked into your iPhone to unlock it, you could end up with a $600 paperweight after they push out the new software updates later this week. The updates will add features that will enable that iPhone to access the iTunes Wi-Fi music store. Apple claims that once the software is installed the touch screen interface that controls that phone will not work properly or may become fully disabled.
Apple claims that their software updates have nothing to with causing the hacked iPhones to become disabled. Now come on! If you believe that you’re pretty naive in my option; Apple knows exactly what they are doing. This is a way for them to make peace with AT&T, since they were the only carrier to have the iPhone and put the screws to anyone who has hacked their own device.
I have to agree with John McLaughlin of Uniquephones.com, in Northern Ireland. He said in the article that Apple is using this as a scare tactic to make people who hacked their iPhones think that they now own nothing more than a useless chunk of plastic. McLaughlin goes on by saying that all that iPhones that have been hacked and unlocked can be put back into working order. He also says that any changes done to the software of the iPhone to unlock it can easy be reversed and that minimal effort is needed to get the phone back into its original locked state. However, Apple claims that as with any product that they offer, hacking the iPhone will void the factory warranty.

To read the full article, go to: http://www.forbes.com/feeds/ap/2007/09/24/ap4151246.html

Thursday, October 4, 2007

Big Brother is Watching

Today more and more people use their cell phones for email, the Internet, texting, as well as making phone calls. While this makes live easier for many, most people are unaware of the complications it can present as well. If you use of these functions offered by your phone, the phone company has records of it. Depending on the company you use, this means that the government also has these records. AT&T, Verizon and BellSouth have all given millions of users’ records to the NSA. The FBI has also abused the Foreign Intelligence Surveillance Act in order to secure records from these same companies. All of this was done without the customers’ consent or notification, often in direct violation of existing telecommunications privacy laws.

Perhaps even scarier are the baby steps towards censorship that these same phone companies are taking. On Sept. 27, Verizon announced that it would block the text messages from a pro-abortion group. Although the decision was reversed fairly quickly in response to public outcry, both Verizon and AT&T released service agreements that state they have the right to suspend the service of anyone whose conduct is unacceptable.

These statements make it clear that these companies are indeed monitoring their customers’ private communications, and are in fact passing judgment on them.
Privacy used to be something that people could take for granted. Those days are over. National security is important, but so are civil liberties. Cell phones have opened up a whole new world, one that has the possibility, if people aren’t paying attention, of resembling an Orwell novel.

http://www.eweek.com/article2/0,1895,2191479,00.asp
http://www.eweek.com/article2/0,1895,2191092,00.asp

Tuesday, October 2, 2007

Securing Mac

For as many computers as there are that run Windows as its OS, as an administrator you’re guaranteed to run across a few Mac OS X users. It is good to familiarize yourself with the security needs of the Macintosh OS. Mac's have a large selection of antivirus programs including Norton AntiVirus 10.0 For Macintosh, McAfee VirusScan For Mac, Intego Virus Barrier X4, Sophos Anti-Virus For Macintosh, and ClamXav. Because of the lesser popularity of the Mac OS spyware is a very small threat to the operating system. There are very few utilities that you can use to remove it. Two programs you can use though are SmithMicro Software's Internet Cleanup and SecureMac.com Inc.'s MacScan. Many other ways of securing a Mac computer follow the same practices as a normal PC. Keep your OS up to date with the latest security updates. The software ran on the computers must be up to date as well. Setting up an IP Firewall is easy to do and can be done within the OS. A nice feature of the Mac OS is that it allows for 128-bit encryption using its FileVault feature. For the extremely paranoid Mac users, they would be happy to learn that they can even encrypt their virtual memory. Mac's out of the box are inherently more secure than PC's, but that does not mean that there aren't any threats out there. A Mac can be exploited or hacked just as easy as a Windows PC.

I'm Riding This Thing Til the Wheels Fall Off...

After all is said and done, when we're finished with our "Ooh's" and "Aaah's" we all know that newer doesn't always mean better. The same concept comes with regards to Microsoft Vista -- some of our machines may not even have enough horsepower to merely power up the operating system to get to the login screen. Why deal with all of the hassles of upgrading your hardware to accommodate a measly piece of tras--software? Now you won't have to, at least for the next several years. Preston Gralla and Dave Methvin continue to explain that there are several tweaks and applications that any user can download to keep XP operating smoothly for quite some time (or hopefully long enough so that Vista can work out its kinks!). Their advice goes from attaining security improvements comparable to Vista's built-in features to tweaking XP's settings for faster performance. Take it from them, don't buy that shiny new toy.

via ComputerWorld

Encryption faulted in TJX Hacking

For the past eight months, the Canadian government has been investigating an incident of millions of credit card numbers being stolen from two Marshalls department stores in Miami. The company that owns Marshalls, TJX Companies, is in trouble for several reasons. One reason is for the companys lack of upgrading encrypted software, which made this hack relatively easy. Another reason is because the company had gathered too much personal information, and had kept it for too long. Some of the banks that the credit cards are used through have been notified of the hack and will be looking for fraudulent charges.

Survey: Consumers Only Think They're Cyber Safe

In a survey taken by the National Cyber Security Alliance , many people said they think that there computer is safe against threats such as viruses or spyware, but truth is over half surveyed only thought that they were secure. 90% of the people surveyed store sensative information and do their banking, etc, online, which makes them even more vulnerable to falling in the wrong hands. The NSCA is a group of companies and government officials that educate people about computer security. In reality they were lacking an antivirus, antispware, or firewall. What does this mean? More than likely you aren't as safe as you think you are. There's a good chance that your computer doesn't have the proper defenses in place or they aren't being updated properly. This month is National Cyber Security Awareness Month. The NCSA is urging people to take time and learn what you can do to protect your pc. Greg Garcia, assistant secretary for cybersecurity and communications at the U.S. Department of Homeland Security, says that we must both have security in the enterprises as well as on our personal machines. I advise all of you to learn as much as you can so, you can truely protect your systems.

Monday, October 1, 2007

Securing Outlook Express

With all of the virus's going around today that concentrate on exploiting Outlook Express; users should be more aware of their actions while using this software. There are many simple steps one can take to mitigate the risk of infection. One solution would be to block applications from sending e-mails. This will prevent an already infected computer from spreading its worm. It will help when you are trying to track down the source of the virus on your network. Another idea would be to turn off HTML By turning off HTML you are preventing users from downloading pictures that are contained in an e-mail. By simply downloading a picture a virus can be released onto the users computer. Disabling JavaScript can prevent information from being leaked on a network. Your browsing history and cookies are all created using JavaScript. If this information is not there then there is nothing to steal. Finally, by blocking malicious attachments you can cut out a whole spectrum of problems. By implementing some of these security measures you can stop some of those "hardcore end users" (those co-workers that puzzle you as to how they turned their computer on, let alone reveice and e-mail) from fubar'ing up your network.

Storm Worm Virus

A group of European hackers calling themselves the Zhelatin gang have released a new virus across the world titled the “Storm Worm”. Computer analysts have estimated a total of 10 million computers that could already be infected. The Zhelatin were said to use every trick in the book on this one. They changed the code in several ways creating many different forms of the virus. Their means of spreading the virus was through e-mail spams, posts on blogs and forums, and also embedding links to their virus on youtube and other popular video streaming websites. With as many computers that were estimate to be infected, there are a lot of worries about if an attack such as this concentrated as a DDoS attack; it would have crippled much of the web.

Network Access Protection

One of the new security features of Windows vista Includes Network Access Protection (NAP). This service will prevent unsecured computers from connecting to your network. When a computer is introduced to the network it will have to meet certain requirements in order to connect with the other computers on the network All computers will have to have the latest security updates with up to date anti-virus software. When accessing a network the server will audit a computer, asking it for all information about its anti-virus and security information. Essentially Microsoft took its Baseline Security Anyliser and implemented it as a network security solution.

AOL has hole in IM software

Everyone today seems to use AIM instant messenger. How would you like the possibility of your computer being hacked into by going through your messaging system? Recently there was a study done that showed a security hole in the widely used new AIM programs. The holes were seen in versions 6.1 and 6.2 which is still in the beta test mode. Core Security Technologies were the ones that stumbled upon the flaw and notified Time Warner Inc. in late August of this year. AOL has said the problem was fixed but now they are saying that solution was temporary because of the more holes they have discovered. Core Security says the hole emerged because of the way the new versions allow for more various fonts and they can sent picture expressions in their chats. Hackers can release a certain command in an IM session and then the intruder would have access to their computer. As of right now AOL spokespeople say that AIM users should consider themselves “completely safe”, but in today’s computer would nothing is ever “completely safe” rather just less insecure. They are currently taking action against the hacks by putting more testing into play on how these hacks are being executed. The best advice right now if you are an AIM junkie would be to switch to the older version of 5.9 or use the web based aim until the bugs are fully resolved. Also just be aware if anything looks suspicious not to click on it.

Saturday, September 29, 2007

"Death and Taxes"

As every Security Professional knows, phishing is a problem. Let's first take a step back. Phishing is the act of sending an email or placing a phone where the attacker pretends to be a legitimate company to get your information. You generally see emails like "Your Ebay account has been disabled. Click here and enter your account info to reactivate".When you click on it, it takes you to the attacker's site and he/she has your account info.


Well, those dirty attackers are at it again. This time they are posing as the IRS. here is a sample of an email you may receive:

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $268.32.
Please submit the tax refund request and allow us 3-6 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.

Regards,
Internal Revenue Service

© Copyright 2007, Internal Revenue Service U.S.A. All rights reserved.

________________________________________________

Turns out, when you click on that link. It takes you to a Russian site. Last time i checked the IRS didn't have a Russian Branch.

Click here for the article.

Wednesday, September 26, 2007

New York subpoenas Facebook over user safety

State's attorney general says Facebook ignored complaints about sexual predators


How many of you know someone that is underage and use Facebook? I bet, over half of you do. It is one of the biggest growing online social networks. It is met to be for college students, but there are many users that are young and vulnerable to sexual predators. Facebook has apparently done nothing to make sure that children and young teens are not solicited by pediphiles. It also, contains many graphic pornographic images and videos readily at anyone who uses the network's disposal.
The attorney general of New York (Andrew Cuomo) and other law enforcement officials have been conducting investigations on these claims. They posed as children from ages 12 to 14 and made accounts. During their investigation they found that Facebook did not have any type of indentifying information to set up these accounts. They also were solicited by a number of adults thinking they were children. They found tons of pornographic images and videos that anyone could view, that had an account. Nobody has been able to get any comments from Facebook.
When they tried to contact Facebook posing as children that had been solicited by online predators and the parents of the children they recieve little response. When they did respond they took very long to do so. Once, they responded they took some of the images off the site, but did nothing about various pornography that was being hosted by users of the site or children being solicited by pedophiles.
Andrew Cuomo has issued a subpoena requiring Facebook to turn in all complaints that have been made about the material and solicitation of children. They also must now respond to these issues as well by law. Those of you who have children can image how important it is to take action against this issue. They could be the ones that are actually being solicited by sexual predators on Facebook, or looking at the junk the users put up there. And, if your a legitamate Facebook user that is of age, you will probably see more restrictions on what you can post and what is allowed to be in your profile. You may also have to provide credentials verifying your identity. Like in many cases there are going to be restrictions set, because people are not being responsible and abusing the site.

Mortgage data leaked over file network

A disgruntled employee strikes again... A former employee of ABN Amro
Mortgage Group put up a spreadsheet with more than 5,000 Social
Security Numbers on the file sharing network 'BearShare'. A Pittsburgh
based company called Tiversa Inc., discovered that the path came from
an ABN Florida computer that had ShareBear installed on it. It was
then discovered to be traced from the employees home computer. It is
now believed that identity theives have these SSN numbers and plan to
use them in their favor. ABN says that it plans to further investigate
the issue.

Tuesday, September 25, 2007

Future Mobile Phone Attacks Inevitable

Within the new technology rising in mobile phones, so is the possibility for an attack. According to researchers at McAfee, mobile malware attacks are not yet popular. The key word there was “yet”. The mobile phone industry really has hit a large boom in terms of smartphones. The phones most consumers and businessmen are using today are not the old-fashioned flip phone, but a device which can do more than just make telephone calls. Currently today Microsoft has a mobile platform called Windows Mobile. They just currently released a new version called Windows Mobile 6. Apple’s IPhone is a similar device offering web browsing, word document editing, and customers to purchase items through their phone. Researchers predict within the next few years the attacks will become large on mobile phones. Many of the phones right now have Wi-Fi built into them for fast internet browsing. This poses a threat in the same way a regular computer would be connected to the internet. Even though it is a mobile phone it is connecting to servers and getting information from another source. Right now this source is trusted, but cybercriminals are beginning to work on ways to hack important information from the mobile phone. Text messages, phone books, important spreadsheets are all types of information that could be intercepted and stolen. A good rule of thumb would be to know the websites you are visiting through the mobile web browser. This will allow the average user’s phone to remain safe, and always remember never give out important information to an unauthorized source.

Monday, September 24, 2007

Cough Up the Dough or Your Email Gets It

Jesse Sklar found himself in a predicament when he noticed that not only was he locked out of his hotmail account, but there was also someone holding it for ransom at one hundred dollars. While Sklar states that he no longer uses the email account on a regular basis, it contains many passwords and other crucial information dealing with his finances.

When it came to his account on Ticketmaster.com or Amazon.com and the like, Sklar soon came to realize that the credentials for these accounts and various others could be compromised and decided to change them immediately. While he implemented the security measures that hotmail has all users place, such as a security question and a backup email -- this was useless for Sklar due to having signed up for the hotmail service decades ago, as he recalls. All he really wants is for the email to be shutdown. Upon later inspection, the kidnapper asked Sklar to send the information via "Paypalll.tk" which is some sort of phishing scam that may result in Sklar losing more than one hundred dollars had he decided to give the money.

If there's anything to take out of Sklar's story, it is not to make the same passwords for everything, as well as not storing crucial information in your emails -- especially one that is a free service.

via WashingtonPost.com

Thursday, September 20, 2007

Do not be a Victim of Social Engineering

In the past few months, not only was Monster.com attacked but also was Ameritrade. In both situations most of the information that was reported stolen by these companies were names and email addresses, not extremely confidential information but, a starting place for scammers out there that would love to steal your identity. In the case of Ameritrade, they found out their database has been breached by a few of their customers because they had received junk mail they felt was unusual to be receiving and reported it to the company. Once Ameritrade investigated it, they determined there was a breach in to their database exposing information about 6.3 million clients.
It is very important now for customers to be aware of the type of emails they get from Ameritrade and do not give out any additional information about themselves in these emails. In most cases, the cyber thieves will be trying to send phishing emails that look very real and will be trying to get the recipients of these emails to provide personal information to be used to try to steal their identity for the thieves’ individual use or to sell to others and make money. Ameritrade should be advising their clients never to give out personal information via emails but if they have not advised their clientele of these standards the client themselves needs to be very careful and call Ameritrade directly if they feel something is not right. Social engineering is very difficult to stop and anybody is capable of social engineer because it does not require technical knowledge so as the consumer you must be aware and careful to protect yourself against a social engineering attack.

Wednesday, September 19, 2007

New Zero-Day Hole in Windows XP

Brand new “zero-day” vulnerability has been discovered in XP. It hasn't been made official yet but a hole was discovered by Jonathan Sarba of GoodFellas Security Research Team. The hole is vulnerable to a buffer overflow attack that exploits an HP All-in-One Series Web Release software/driver installer (version 2.1.0) and an HP Photo & Imaging Gallery (version 1.1) program. The flaw is considered fairly critical because, when exploited, it could lead to a complete compromise of a PC. Microsoft was made aware of the hole back in June but is still investigating it further, so no patch or workaround has been released as of yet. If you are running either of these pieces of software on your PC or on your network, please be aware of any unusual activity and maybe stay away from using those versions of the HP drivers and programs.
For more information, check out the original article by clicking this hyper link http://blogs.pcworld.com/staffblog/archives/005477.html