Cybersecurity – Identity Ecosystem

Stop. Think. Connect. Cyber attacks permanetly damage your computer, and virtual predators can steal your personal information and use elements of your identity to commit fraud. The U.S. Department of Commerce will launch an office focused on promoting online trusted identity technologies, although much of the effort will be driven by private vendors, officials with President Barack Obama’s administration said.

Trusted ID technology is important because it can help improve consumer confidence in the Internet, said Gary Locke, secretary of the Commerce Department, during a speech at Stanford University in California. “The reality is that the Internet still faces something of a trust issue,” Locke said. “It will not reach its full potential until users and consumers feel more secure than they do today when they go online.” (more…)

January 13th, 2012 | dsmith | Categories: Attack, Best Practices, Cybersecurity, Exploit, FUD, Laptop, Malware, McAfee, Passwords, PIPA, SOPA | Comments: Comments Off

Internet Censorship Ahoy!

You may have heard people talking/blogging/twittering about SOPA — the Stop Online Piracy Act. The recent SOPA-related boycott of GoDaddy was all over the news, with many people expressing their outrage over the possibilities of SOPA, but when I ask people about SOPA and its sister bill in the Senate, PIPA (Protect IP Act), many don’t really know what the bills propose, or what we stand to lose.

Obviously and it is no secret, that the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA) and other pro-copyright groups, lobby politicians and law enforcers for this and continue pushing very hard. It seems to me, that the industries distribution model is not working anymore, or perhaps the movies they are making are just crap? I have not been to the theater in six years, I find the cost to exorbitant in my opinion. (more…)

January 12th, 2012 | dsmith | Categories: Attack, Business, Facebook, FUD, Google, Mozilla, PIPA, SOPA | Comments: No Comments

Internet Blackout Looming

Summary: Will Google, Amazon, and Facebook Black Out the Net?

In the growing battle for the future of the Web, some of the biggest sites online – Google, Facebook, and other tech stalwarts — are considering a coordinated blackout of their sites, some of the web’s most popular destinations. Sites such as Google, Amazon and Facebook could temporarily replace their usual homepage with a black screen and a message asking users to contact politicians and urge them to oppose the Stop Online Piracy Act. The move could come as early as January 24, when the bill is due to be debated in the House of Representatives.

No Google searches. No Facebook updates. No Tweets. No Amazon.com shopping. Nothing. (more…)

January 2nd, 2012 | dsmith | Categories: Attack, Business, Facebook, FUD, ISP, SOPA | Comments: Comments Off

Stopping Online Piracy – SOPA

Will 2012 see the end of the internet as we know it? The House Judiciary committee tried to finalize the Stop Online Piracy Act (Sopa) before Christmas for a vote early next year. But fierce opposition – much of it online – seems to have given pause to the bill’s main author, Lamar Smith. He is now expected to hear from expert witnesses early next year before the bill goes to Congress.

The Stop Online Piracy Act (SOPA), also known as H.R. 3261, is a bill that was introduced in the United States House of Representatives on October 26, 2011, by Representative Lamar Smith (R-TX) and a bipartisan group of 12 initial co-sponsors. The bill expands the ability of U.S. law enforcement and copyright holders to fight online trafficking in copyrighted intellectual property and counterfeit goods. Now before the House Judiciary Committee, it builds on the similar PRO-IP Act of 2008 and the corresponding Senate bill, the Protect IP Act. (more…)

December 23rd, 2011 | dsmith | Categories: Attack, Business, Facebook, FUD, ISP, Security, SOPA | Comments: Comments Off

Outsmart Internet Scammers

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Have you received email with a similar message? It’s a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website. (more…)

December 21st, 2011 | dsmith | Categories: Attack, Best Practices, Ripoff, Scam | Comments: Comments Off

Automatic Computer Malware

According to a Security Intelligence Report from Microsoft, AutoRun—the feature in Windows that automatically executes files when you plug in a USB or connect to a network—accounts for almost half of all malware infections.  These are infections that don’t require any user-input from you, so it’s kind of not your fault that your computer gets infected. By turning off AutoRun, you’ll add an extra step to certain tasks, but it’s worth it to cut down on malware 50%.

This report states that Windows XP SP3 systems get infected about ten times as much as Windows 7 SP1 64-bit systems, and six times as much vs. 32-bit Windows 7 systems. That alone is one reason why you might want to upgrade your parents’ machines to Linux. bear in mind that Windows XP should have been mostly fixed back in February of 2011. See Microsoft Security Advisory 967940. The update does not disable auto-play for CD nor DVD media, but only USB drives, external hard drives and network shares. (more…)

December 2nd, 2011 | dsmith | Categories: Attack, Best Practices, Malware, Security, Trojan, Vulnerability, Windows, Windows 7, Windows Vista, Windows XP | Comments: Comments Off

2012 Security Threats

Hackers are sidestepping automated security technology and are using social engineering and data mining to orchestrate attacks against prominent individuals and their corporate networks.

This trend has been brought about through advances in network protection and tighter regulation both of which have conspired to make it more difficult for hackers to compromise systems and create widespread disruption.

Traditional techniques such as SQL injection, web app hijacking and unauthorised server access are now being bypassed in favour of more rewarding social engineering practices which yield the data necessary to carry out highly organised systematic attacks.

Five influential security trends to watch in 2012 are:  (more…)

November 29th, 2011 | dsmith | Categories: Attack, Best Practices, Business, Facebook, Gmail, Google, LinkedIn, Security, Vulnerability | Comments: Comments Off

Are You Pwned?

2011 has been called the year of the data breach, with hacker groups publishing huge troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised.

Pwnedlist.com is the creation of Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint. Enter a username or email address into the site’s search box, and it will check to see if the information was found in any of these recent public data dumps.

Puzic said the project stemmed from an effort to harvest mounds of data being leaked or deposited daily to sites like Pastebin and torrent trackers.

“I was trying to harvest as much data as I could, to see how many passwords I could possibly find, and it just happened to be that within two hours, I found about 30,000 usernames and passwords,” Puzic said. “That kind of got me thinking that I could do this every day, and if I could find over one million then maybe I could create a site that would help the everyday user find if they were compromised.”

Pwnedlist.com currently allows users to search through nearly five million emails and usernames that have been dumped online. The site also frequently receives large caches of account data that people directly submit to its database. Puzic said it is growing at a rate of about 40,000 new compromised accounts each week.

Puzic said information contained in these data donations often make it simple to learn which organization lost the information.

“Usually, somewhere in the dump files there’s a readme.txt file or there’s some type of header made by hacker who caused the breach, and there’s an advertisement about who did the hack and which company was compromised,” Puzic said. “Other times it’s really obvious because all of the emails come from the same domain.”

Puzic said Pwnedlist.com doesn’t store the username, email address and password data itself; instead, it records a cryptographic hash of the information and then discards the plaintext data. As a result, a “hit” on any searched email or username only produces a binary “yes” or “no” answer about whether any hashes matching that data were found. It won’t return the associated password, nor does it offer any clues about from where the data was leaked.

Any site that raises awareness about the benefits of strong passwords is a good thing in my book. But deciding what action to take — if any — after finding a hit on your email address at pwnedlist.com.

Answering the question of, “What now,” pwnedlist.com offers the following advice:

“Don’t panic! Just because your email was found in an account dump we collected does not mean it has been compromised. Your first reaction should be to immediately change any passwords that might be associated with this email account. It is probably a wise idea to go through all your accounts and create new passwords for each of them, just in case. Once one account has been compromised its best to assume all others have been too. Better safe than sorry.”

Length and complexity are two of the most important factors in determining a strong password. It’s also a good idea to periodically change passwords for sensitive accounts, provided you have a decent way to recover the password should you forget or lose it.

Puzic said while his site does not store username or email address submitted to the pwnedlist.com form, for security reasons he does keep a record of Internet addresses of those who use the site: It seems some users have been trying to poison the database or include malware and exploits in data dumps submitted to the site.

“We have attempts about every other week [to plant malware or hack the site], but nobody’s done it yet,” he said. “We’ve had lots of different attempts. Someone tries just about every week.”

The two researchers plan to begin publishing regular updates to their Twitter account (@pwnedlist) when new data dumps are discovered. Longer term, Puzic said he has multiple goals for the site, including a longitudinal study on password security.

“I would love it if this could raise awareness about cybersecurity,” he said. “Also, it could serve as a good measuring stick for the amount of breaches that happen every day. For example, if you see that all of a sudden I have eight million more entries, something big may have happened.”

November 9th, 2011 | dsmith | Categories: Attack, Best Practices, Email, Innovation, Maintenance, Password, Passwords, Privacy, Security | Comments: Comments Off

PC Phone Scam


Online con artists are targeting PC users worldwide in a brazen scam. It starts with a phone call from a “tech support specialist” who warns that your computer is infected with a virus. To fix things, all you have to do is give the caller remote access to your PC. Here’s what happens next.

An old social-engineering scam appears to have taken on new life lately, targeting PC users worldwide.

 

Ironically, the scam doesn’t use a computer at all—at least, not initially. Instead, it starts with a phone call from someone who claims to be affiliated with Microsoft or another legitimate company or government agency.

The caller then asks for the primary computer user in the house, who is told: “Your computer has downloaded a virus.” And, of course, the caller is ready and willing to fix the problem. All you have to do is navigate to a web site, click a link to install some remote-control software, and allow the “technician” to get to work.

The perps are using legitimate remote-assistance software, like the Ammyy Admin program from Ammyy Software Development, which posted a warning that included some reports the company has received from scam victims:

“I got call from an India based consultant who said to me that he is calling from a govt. organisation in Melbourne, Australia. He made me to log into my computer to track some files and without advising me he wanted me to download a software application from ammyy.com and get remotely connected to a technician to delete some files…”

“I was recently called by what I thought was my internet service provider technician who used Ammyy to gain remote access to my computer – after I stupidly granted him that permission. It turns out that he was nothing to do with my internet service provider. When I became suspicious and began questioning him he said he would show me who he was and opened a website of a company – the web site triggered my virus software and I then demanded that the remote access be terminated…”

The scam has been around for a few years. Charles Arthur at the Guardian UK wrote about a similar scam last year, noting that it had been “going on quietly since 2008 but has abruptly grown in scale this year.” He wrote about it again in March 2011. This appears to be another wave, judging from the sudden increase in complaints I’ve seen recently.

I’ve heard from Windows users and legitimate support specialists who’ve seen this scam in action in Australia, Canada, and the UK. I also got one reliable report from an extremely trustworthy source: my mother.

A caller with a thick accent tried to run this scam on a user, who peppered the caller with questions. What’s your name? What’s your company’s name again? What’s your phone number?

A user’s Caller ID said the call originated from 999-910-0132; the caller claimed to be from a company that sounded something like Alert Center, and she gave a callback number of 609-531-0750.

If you plug those numbers into a search engine, you’ll find that they lead to a group of companies using identical website templates under different names, including TechResolveItek Assist, and—bingo—AlertSoft. A company with the unimaginative name Custom Design Firm, at the same address in Kolkata, India, also offers custom web-design and search-optimization services at exorbitant prices.

The user eventually hung up on the scammers, but others haven’t been so lucky. If a victim falls for the scam, the next step involves a credit card, naturally, as this victim reported:

Posed as troubleshooter, got into my system, used a “safe code” to get into my computer. Claimed my machine has been hacked into and infected with a virus. Tom and John, heavy Asian accents. Wanted to install “lifelong protection” for $130. I balked. They have my name and number and have been calling incessantly. I’m concerned that they might have planted something in my computer that allows them access.

Indeed, that’s a legitimate concern. Once a victim has granted an intruder remote access, it’s impossible to tell exactly what sort of damage they’ve done. If you know someone who has fallen for this scam, you should assume their computer has been compromised and respond appropriately.

Most readers of this blog are sophisticated computer users who would laugh out loud at an attempt like this. But you probably have friends, family members, or clients who could use a heads-up on this one. If you get a call from someone claiming to have detected a virus on your PC, just hang up.

November 7th, 2011 | dsmith | Categories: Attack, Best Practices, Ripoff, Scam, Uncategorized, Virus, Windows | Comments: Comments Off

Microsoft Word Virus

A new virus has cropped up in various countries across the world and its target appears to be corporate networks. The Duqu virus, first noted last month by a laboratory at Budapest University, has now been spotted in several other countries and appears to be sent via Microsoft Word documents attached as emails. Microsoft has announced that it is working on a fix.

The point of the new virus seems to be to gather corporate information and then send it to some as yet unknown site. Thus, it’s a form of corporate espionage. Chillingly, researchers at Symantec, the giant antivirus company, say it looks like some of the code in the virus is the same as was found in the Stuxnet virus that wreaked havoc on Iran’s nuclear program, indicating that the perpetuators were either able to obtain the code from that virus, or, are the same people.

The virus is activated when a person to whom an infected Word document was sent, opens it. The virus infects that computer then seeks out other computers through the corporate network. As it goes, it collects data and then apparently, seeks a path out to the Internet where it can send the data it’s collected to a predefined destination. Thus far it has relied on a so-named zero day exploit to take advantage of a previously unknown weakness in the Windows kernel, which means getting in and doing its dirty work before victims have a chance to come up with a means of defense against it.

Thus far, it appears that the virus has been targeted at specific types of companies, as the data- collecting part of the virus seems to seek out information pertaining to industrial control-systems. So it’s likely that whoever unleashed the virus, did so in hopes of gaining information on how companies are designing and manufacturing their products; not something the average person would need to worry about, but still enough to cause concern about the growing sophistication of computer viruses.

So far, instances of the virus have been seen in Iran, India, France, Ukraine, the UK and at least eight other countries that have not been specifically identified.

In the mean time, Microsoft has released an advisory and a stopgap fix for the zero-day vulnerability exploited by the “Duqu” Trojan, a highly targeted malware strain that some security experts say could be the most important cyber espionage threat since Stuxnet.

According to the advisory, the critical vulnerability resides in most supported versions of Windows, including Windows XPVista and Windows 7. The problem stems from the way Windows parses certain font types. Microsoft says it is aware of targeted attacks exploiting this flaw, but that it believes few users have been affected.

Nevertheless, the flaw is a dangerous one. Microsoft said that an attacker who successfully exploited this vulnerability could run arbitrary code, install programs; view, change, or delete data; or create new accounts with full user rights. The most likely vehicle for the exploit is a poisoned email attachment. This means that a hacker deploying the Duqu Trojan against a Windows machine that hasn’t yet downloaded the temporary fix could gain nearly total access to a person’s computer.

Microsoft is working on developing an official security update to fix the flaw. For now, it has released a point-and-click Fixit tool that allows Windows users to disable the vulnerable component. Enabling this tweak may cause fonts in some applications to display improperly. If you experience problems after applying the Fixit solution, you can always undo it by clicking “disable” image in the Microsoft advisory and following the prompts. So in reality, some of you may not be to may not be able to fix this until the next ‘Patch Tuesday’ in December.

November 7th, 2011 | dsmith | Categories: Attack, Bugs, Exploit, Flaw, Malware, Microsoft, Patch, Trojan, Virus, Vulnerability, Windows, Windows 7, Windows Vista, Windows XP | Comments: Comments Off

Next Page »