Once again, the Security Now! podcast has given me cause to justify my relentless insistence that security begins with the person sitting at the keyboard. No amount of Geeky IT rules, security policies and other preventive measures will ever be effective if the end user doesn’t understand them. This is why we need good educational resources to teach with. Believe it or not, our own U.S. Government has produced one. I’ll let Steve Gibson give you the highlights:
…if any of our listeners have ever wished there was a friendly, easy-to-use, really well put together website that they could point their less savvy friends and relatives to, I’ve got to say now there is. The FTC site is called OnguardOnline.gov, just all run together, OnguardOnline.gov. And it’s very nicely designed. In fact, I was impressed by it.
Well, so was I. I have posted a notice in several chat rooms that I participate in to help spread the word. Here’s my most recent post:
Hi Everyone. You know I’m an online security professional and nowhere is security more important than in our own IM businesses. A hacker could ruin your entire business in a minute if he gained access to any of your critical account information.
[8:33:48 PM] + Ken Harthun (Asst. Host: TIIMG): But there’s an awful lot of “geek speak” that sometimes goes with security and people get confused. Good news, though: our own government, in cooperation with the technology industry, has come up with a great site to help you protect yourself.
[8:35:01 PM] + Ken Harthun (Asst. Host: TIIMG): Go check out http://www.OnGuardOnline.gov and you’ll see what I mean. And please heed the advice there.
Please tell everyone you know who may benefit from the information there. This is very solid and useful information written for regular people, not Geeks.
I hope you find my alerts about these webcasts valuable. In general, they have some sort of product pitch built in, but I always manage to glean some valuable information from them. Once again, I have one presented by Sophos, “Strategies for Protecting Virtual Environments: Balancing Security with Performance,” scheduled for February 24, 2011, 2 pm ET/11 am PT. It is a complimentary webcast. Here’s the abstract:
The move to virtual servers has allowed organizations to reduce TCO while increasing IT and business efficiency, flexibility and reliability. Many are looking to extend these benefits to their endpoints with virtual desktops. With the increased adoption of virtualization, organizations now face a new set of security challenges.
Join Jonathan Tait at Sophos, for a live Webcast to learn about the security challenges for both server and desktop virtualization and strategies for balancing protection with performance. Jonathan will discuss these key topics and more:
- How virtualization changes your security posture
- Virtualization security needs and issues
- Strategies for a secure virtual environment
You can register here if you wish to attend.
There seems to have been a rash of tech support scams lately, some with people actually to pretend to be from Microsoft. The scammers seem to target online forums and tech support sites, so be careful what you post if you really do have a technical problem. (You are always welcome to Ask the Geek and that’s my site, so you’re safe.) Let’s take a look at some of the warning signs that will clue you into the fact that you’re probably being scammed. This is taken from one particular incident reported by Woody Leonhard in Windows Secrets.
- First of all, the call will be unsolicited. Even if you asked on a forum, so not assume that the call is in relation to that. You didn’t ask for a phone call, so if you get one, be wary.
- They will ask you for personal contact information, or perhaps pretend they already know it.
- You are asked for your Windows activation code or CD key. There’s no reason why anyone would need this to fix your PC; it’s just a tactic to make you think they’re legitimate.
- They will ask you for some other sort of code or “warranty check” information which you won’t have, and which, of course, is completely bogus anyway.
- Something like this will happen next (as described by the almost-victim in the above article. The person was put on hold while the “technician” purportedly “checked” the warranty: “A few minutes later, he was back and gave me the unfortunate news that my free support period had ended. He told me I would have to pay $99 for extended support and directed me to a place on the website to enter my credit card information. I’m not sure why, but I smelled a rat, so I hung up on him.”
- The website you are referred to looks legitimate and may even say things like, “Microsoft Registered Partner” and have an official Microsoft logo, or it may say “This company is a Technical Support Provider.”
- The domain name is registered in a foreign country and/or does not have legitimate contact addresses or phone numbers associated with it.
- The website they refer you to may have numerous spelling and grammatical errors or just “doesn’t look right.”
- The “support engineer,” or whatever he calls himself wants you to review your event viewer logs and points out that there are numerous yellow and red flags. This, of course, is normal for most Windows machines, but they will try to convince you of the dire consequences of ignoring the warnings and errors.
Don’t fall for it. Most of this will be social engineering in one form or another. They will get your money, they will get your personal information, and they may steal your identity.
Haven’t posted any funny videos in a while, so here’s one that will lighten your mood a bit! There is actually a series of these videos if you search for them, but I found this one on a site that I’m happy to plug: VeryFunnyAds.com. I’m pretty sure that I won’t have to look far for my daily dose of humor now.
[kml_flashembed movie="http://www.youtube.com/v/UNanKfY5T9A" width="425" height="350" wmode="transparent" /]
Hi Ken, Please offer your opinion on this. I had a phone call today from a person representing
Secure All PC.com. He told me that they received information directly from World Web Renting?? and that my windows operating system was a genuine windows and that they received my address, phone number etc. He wanted me to check my computer and see if i had virus/bugs etc that they knew about and if I did they would fix. He wanted me to press the windows button and r at the same time and then type in eventvwr. I was not comfortable doing this.
Needless to say, I gave the advice I would give to anyone in this situation: Run fast and far in the opposite direction. I then did two things: 1. Checked the whois on SecureAllPC.com; and, 2. Checked out their website.
Strike one: Registrant Contact: PrivacyProtect PrivacyProtect () Fax: All Postal Mails Rejected Navi Mumbai, MAHARASTRA 400614 IN. That’s India, not Indiana, in case you’re wondering. No individual’s name in the registration and you can’t even contact them.
Strike two: Amateurish website layout and graphics with numerous spelling and grammar errors.
Strike three: Unsolicited call to potential customer.
Umpire says, “Scam! You’re out!”
I’m willing to bet that whatever they do is useless, possibly malicious as in installing keyloggers or other such things, and they probably specialize in selling your credit card and other personal information to other cyber-criminals.
In the light of the recent revelations about the targeted malware attack against Iran’s uranium enrichment facilities, I’m re-releasing my original prediction about governments turning us into unwitting weapons in global cyber-warfare.
It’s 2010, maybe sooner. A rogue nation has just declared war on your country. No one will be killed in this war, at least not directly. But people will die from starvation, disease, and in the general chaos caused by disruption in vital communications lines. The rogue nation’s primary weapon? Botnets capable of taking down huge segments of the Internet and telephone networks.
The ongoing cyber attacks against Estonian Web sites, covered in a recent NewsBites edition should serve as a sobering reminder that Cyber Warfare is not a theoretical threat but a very effective and real one…
Having made my own observation of the shifting threats to computer and network security, I have to agree with SANS editor Skoudis:
Before 2003, our dominant threats were hobbyists and insiders. In 2003 and 2004, the threat then changed to organized crime looking to make money. Depending on the geopolitical environment, the dominant threat may shift again, and very quickly, to state-sponsored cyber warfare.
What’s ironic is that the attacker will, to some degree, be using your own people — as well as your allies — against you. There’s certainly a good number of people in every country whose computers have become zombies in a botnet. The actual attackers are virtually untraceable, so unless the attacker makes himself known, you’ll not even know your enemy. Scary.
This is why every citizen, every government, must share responsibility in protecting the security of their country’s network infrastructure.
The more things change, the more they stay the same.
In the Official Google Blog today, developed an advanced opt-in security feature called 2-step verification . They announced this to their Google Apps customers a few months ago, but they’re now rolling it out to everyone.
“Most of us are used to entrusting our information to a password, but we know that some of you are looking for something stronger,” Shah blogged. “…2-step verification … makes your Google Account significantly more secure by helping to verify that you’re the real owner of your account.
“2-step verification requires two independent factors for authentication, much like you might see on your banking website: your password, plus a code obtained using your phone.”
As I write this, the feature is still not available on my accounts, but it should be there shortly.
I hope that Google’s lead will bring a sea change in how all SaaS providers view security.
For the full story, here is the blog post:Advanced sign-in security for your Google account.
An attack on PlentyOfFish.com, a free online dating site, has reportedly compromised the passwords of nearly 30 million accounts. According to the site’s founder, Markus Frind, an Argentine hacker was behind the attack. In a strange twist, Frind also suggested that cyber security journalist Brian Krebs was also involved in some way. According to Krebs in his recent post, “…I have notified dozens of companies about various breaches over the years, and I’ve learned to read between the lines in how victims respond. Usually, when the company in question replies by implicating you in an alleged extortion scheme, two things become clear:
“1) You’re probably not going to get any real answers to your direct questions about the incident, and;
“2) The company almost certainly did have a serious breach.”
Frind has since made clear in his blog that Krebs was not involved:
Update*** Just to be clear Krebs didn’t have anything to do with this. I was trying to convey how the hacker tried to create a mass sense of confusion at all times so you never know whats real and what is not..
Krebs notes that the PlentyOfFish database has serious security problems and that the company stores user passwords in plaintext.
Humorous, but very savvy video of basic security concepts. These are things I’ve been touting for years. You’ll love the characters that lighten up the video, but the information is sound. It was produced by the State of Virginia. Enjoy!
[kml_flashembed movie="http://www.youtube.com/v/UPs5JCg910E" width="425" height="350" wmode="transparent" /]
The two latest malware strains exploit Facebook users via email and instant messaging programs. The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe. Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.
An image of the Asprox.N exploit is available here: http://www.flickr.com/photos/panda_security/5394881095/
The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.
Images of Lolbot.Q exploit are available here: http://www.flickr.com/photos/panda_security/5394881133/
I recommend you be wary of any unexpected messages with unusually eye-catching subjects and avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms. Nothing new there, just standard security best practice.
Just be careful out there.