Security Corner


February 12, 2011  3:00 PM

Watch Out for “Tech Support” Scams



Posted by: Ken Harthun
Cybercrime, FakeAV, Fraud, Online Scams, Phishing

My reputation as a Geek often results in my being the “go to” guy when contacts and people in various Skype channels have technical issues. Recently, I received this from a contact:

Hi Ken, Please offer your opinion on this. I had a phone call today from a person representing
Secure All PC.com. He told me that they received information directly from World Web Renting?? and that my windows operating system was a genuine windows and that they received my address, phone number etc. He wanted me to check my computer and see if i had virus/bugs etc that they knew about and if I did they would fix. He wanted me to press the windows button and r at the same time and then type in eventvwr. I was not comfortable doing this.

Needless to say, I gave the advice I would give to anyone in this situation: Run fast and far in the opposite direction. I then did two things: 1. Checked the whois on SecureAllPC.com; and, 2. Checked out their website.

Strike one: Registrant Contact: PrivacyProtect PrivacyProtect () Fax: All Postal Mails Rejected Navi Mumbai, MAHARASTRA 400614 IN. That’s India, not Indiana, in case you’re wondering. No individual’s name in the registration and you can’t even contact them.

Strike two: Amateurish website layout and graphics with numerous spelling and grammar errors.

Strike three: Unsolicited call to potential customer.

Umpire says, “Scam! You’re out!”

I’m willing to bet that whatever they do is useless, possibly malicious as in installing keyloggers or other such things, and they probably specialize in selling your credit card and other personal information to other cyber-criminals.

Steer clear.

February 12, 2011  2:56 AM

Are You a Cyber-weapon?



Posted by: Ken Harthun
Cyber warfare, Security

In the light of the recent revelations about the targeted malware attack against Iran’s uranium enrichment facilities, I’m re-releasing my original prediction about governments turning us into unwitting weapons in global cyber-warfare.

It’s 2010, maybe sooner. A rogue nation has just declared war on your country. No one will be killed in this war, at least not directly. But people will die from starvation, disease, and in the general chaos caused by disruption in vital communications lines. The rogue nation’s primary weapon? Botnets capable of taking down huge segments of the Internet and telephone networks.

Such a weapon is already being used in cyber attacks against Estonian Web sites, as reported by SANS:

The ongoing cyber attacks against Estonian Web sites, covered in a recent NewsBites edition should serve as a sobering reminder that Cyber Warfare is not a theoretical threat but a very effective and real one…

Having made my own observation of the shifting threats to computer and network security, I have to agree with SANS editor Skoudis:

Before 2003, our dominant threats were hobbyists and insiders. In 2003 and 2004, the threat then changed to organized crime looking to make money. Depending on the geopolitical environment, the dominant threat may shift again, and very quickly, to state-sponsored cyber warfare.

What’s ironic is that the attacker will, to some degree, be using your own people — as well as your allies — against you. There’s certainly a good number of people in every country whose computers have become zombies in a botnet. The actual attackers are virtually untraceable, so unless the attacker makes himself known, you’ll not even know your enemy. Scary.

This is why every citizen, every government, must share responsibility in protecting the security of their country’s network infrastructure.

The more things change, the more they stay the same.


February 11, 2011  12:58 AM

Google Adds 2-Factor Security to Gmail and Apps



Posted by: Ken Harthun
Email security, Google, Security best practice, Two-factor authentication

In the Official Google Blog today, developed an advanced opt-in security feature called 2-step verification . They announced this to their Google Apps customers a few months ago, but they’re now rolling it out to everyone.

“Most of us are used to entrusting our information to a password, but we know that some of you are looking for something stronger,” Shah blogged. “…2-step verification … makes your Google Account significantly more secure by helping to verify that you’re the real owner of your account.

“2-step verification requires two independent factors for authentication, much like you might see on your banking website: your password, plus a code obtained using your phone.”

As I write this, the feature is still not available on my accounts, but it should be there shortly.

I hope that Google’s lead will bring a sea change in how all SaaS providers view security.

For the full story, here is the blog post:Advanced sign-in security for your Google account.


February 8, 2011  11:30 PM

PlentyofFish.com Hacked 30 Million Accounts Compromised



Posted by: Ken Harthun
cyber security, hackers, Password, Plenty of Fish, Security best practice

An attack on PlentyOfFish.com, a free online dating site, has reportedly compromised the passwords of nearly 30 million accounts.  According to the site’s founder, Markus Frind, an Argentine hacker was behind the attack. In a strange twist, Frind also suggested that cyber security journalist Brian Krebs was also involved in some way.  According to Krebs in his recent post, “…I have notified dozens of companies about various breaches over the years, and I’ve learned to read between the lines in how victims respond. Usually, when the company in question replies by implicating you in an alleged extortion scheme, two things become clear:

“1) You’re probably not going to get any real answers to your direct questions about the incident, and;

“2) The company almost certainly did have a serious breach.”

Frind has since made clear in his blog that Krebs was not involved:

Update***    Just to be clear Krebs didn’t have anything to do with this.   I was trying to convey how the hacker tried to create a mass sense of confusion at all times so you never know whats real and what is not..

Krebs notes that the PlentyOfFish database has serious security problems and that the company stores user passwords in plaintext.


February 6, 2011  3:25 PM

Video: Security “To-Duhs” List



Posted by: Ken Harthun
cyber security, Security best practice, Video

Humorous, but very savvy video of basic security concepts. These are things I’ve been touting for years. You’ll love the characters that lighten up the video, but the information is sound. It was produced by the State of Virginia. Enjoy!

[kml_flashembed movie="http://www.youtube.com/v/UPs5JCg910E" width="425" height="350" wmode="transparent" /]


January 31, 2011  11:50 PM

Facebook Security Threats Continue to Grow



Posted by: Ken Harthun
Facebook, Fraud, Malware, Social Networking Hacks

The two latest malware strains exploit Facebook users via email and instant messaging programs. The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe. Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.

An image of the Asprox.N exploit is available here: http://www.flickr.com/photos/panda_security/5394881095/

The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.

Images of Lolbot.Q exploit are available here: http://www.flickr.com/photos/panda_security/5394881133/

http://www.flickr.com/photos/panda_security/5395478542/

http://www.flickr.com/photos/panda_security/5395478578/

I recommend you be wary of any unexpected messages with unusually eye-catching subjects and avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms. Nothing new there, just standard security best practice.

Just be careful out there.


January 31, 2011  9:49 PM

Your Security Suite Says You’re Clean, But You Still Have Issues?



Posted by: Ken Harthun
Anti-malware, Anti-virus, Security

If your child is not feeling well and you suspect he or she has a virus infection you’re going to visit your doctor. But what do you do when the doctor tells you that he cannot find anything, yet your child still does not feel very well? You get a second opinion.

Similarly, what do you do when you’ve run full scans using your normal anti-malware suite and you’re still showing signs of infection? You get a second (or third, or fourth) opinion from another product, right? I have long recommended MalwareBytes AntiMalware as one of the best second opinion apps and I’m not changing my position on that. However, I have just found another one that is truly impressive: SurfRight’s Hitman Pro. Hitman Pro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and doen’t slow down the computer (except for the few minutes it is scanning). No installation is necessary–it can be run straight from a USB flash drive, a CD/DVD, local or network attached hard drive.

I have done my own testing of this app, and believe me, it lives up to its claims (I wouldn’t be telling you about it if it didn’t). Also, this isn’t one of those things that will leave you hanging and infected if you don’t buy it–you get a free 30-day license, so if it finds anything, you can clean it and decide later whether you’ll continue to use it.  I like it so much, that I took them up on their invitation to become an affiliate.

They also have an anti-spam app that I haven’t tested, but I suspect it’s probably a good one: SurfRight Antispam Trial version. Check them out, won’t you?


January 30, 2011  3:09 PM

Facebook Enables Always-on HTTPS



Posted by: Ken Harthun
Facebook, Firesheep, hackers, https, Session hijacking, SSL, wifi

Street sign in South Africa. Credit: hmvh

Facebook users now have the option to select HTTPS as their connection method after a strange post was discovered on the Facebook fan page under founder Mark Zuckerberg’s name. Though the company maintains that this was due to a bug in the system, they quickly began rolling out the SSL option. This will effectively stop hackers from grabbing user login details and sniffing Facebook sessions when connected through public WiFi

Previously, Facebook used HTTPS only to send passwords, similar to the way Yahoo! Mail STILL (hint, hint) is doing things. Users will have to manually enable the SSL setting in their account security settings (Account Settings->Account Security) and it doesn’t work with all third-party Facebook applications.  It is available in the US, but has not yet been rolled out worldwide. [As of Saturday morning, even US coverage was sporadic, though I was able to change my settings.]

While I applaud this move, I wish they would have just implemented HTTPS by default or at least notify the user when they log on that option is available. They could also sense when the user is logged into an insecure wifi hotspot and switch automatically to HTTPS. While some might argue that always on HTTPS will slow pageloads for some, Google has found with its new default of HTTPS for all users, that the encryption isn’t nearly as server-intensive as many engineers and companies think it is. Of course, if you’re always wired to your home network when you log into Facebook, you don’t have to worry about having your session hijacked anyway.

This article in Wired says that for those who want further protection, try the EFF’s HTTPS Everywhere plug-in for Firefox, which forces many sites to use HTTPS. [For the totally paranoid out there], investigate using a VPN such as CryptoCloud.


January 29, 2011  4:27 PM

Now THIS is Proactive Security



Posted by: Ken Harthun
hackers, Security, SourceForge

Got this in my email this morning and reminded me about how I preach being proactive about security. You don’t wait for the disaster to happen, you take action before it does. The folks at sourceforge.net did just that:

Hello,

We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database — just in case.  We’re e-mailing all sf.net registered account holders to let you know about this
change to your account.

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.

So, as a proactive measure we’ve invalidated your SourceForge.net account password. To access the site again, you’ll need to go through the email recovery process and choose a shiny new password:

https://sourceforge.net/account/registration/recover.php

If you need help with this, feel free to e-mail us:

sfnet_ops@geek.net

We appreciate your patience with us as we work to respond to this attack. We’ll be working through the weekend to get things back to normal as quickly as possible.

Watch for updates on the service outages on our blog:

http://sourceforge.net/blog/

Thank you,

The SourceForge Team

If you have an account at SourceForge and haven’t seen this message yet, check your email, or just head on over using the links above and change your password. I just did.

Enjoy your Saturday!


January 29, 2011  11:46 AM

14 Golden Rules of Computer Security 2011 to Be Fully Revised and Updated



Posted by: Ken Harthun
14 Golden Rules of Computer Security

The cyber security landscape has evolved over the past year; the fundamentals haven’t really changed, but I’ve conducted some experiments, made some observations, and come up with a couple of new tips that I will be adding to a fully revised and update version of “14 Golden Rules of Computer Security,” my popular ebook first issued last year at this time.

Spam continues to be an ever growing concern, despite many spam-spewing botnets having been disrupted or outright disabled. I dedicate an entire section to becoming spam free in 2011. Despite what you may think, it CAN be done by almost everyone with very little effort.

Additionally, in each tip, I list specific tools, many of which are available in my popular Geek Toolkit, aka “The Ultimate Security Toolkit,” that are useful for solving the problems or dealing with the issues presented in the security topic discussed. In fact, it is my intention to thoroughly integrate the Geek Toolkit and provide more documentation than has previously been available.

As part of this initiative, I am also proud to announce my affiliation with SurfRight, makers of Hitman Pro security software. Hitman Pro is a second opinion scanner and malware removal tool, designed to rescue computers from viruses, spyware, trojans, rootkits, and other threats, that infect users despite the security measures they may already have taken (such as anti-virus software, firewalls, etc.). I will be offering an innovative Free of Charge second opinion scanner with the additional capability to remove any malware found. Readers of 14 Golden Rules 2011 will be given special rebates on consumer, corporate, and government licenses of SurfRight software.

So, stay tuned for a special link in an upcoming post where you can secure your updated copy of 14 Golden Rules and take decisive action to become more secure in 2011.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: