Contributed By:
Robert Siciliano
The trouble with social media revolves around identity theft, brand hijacking and privacy issues.
The opportunity social media creates for criminals is to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams.
It was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire. Now it’s old news, but it’s still happening.
* Register your full name and those of your spouse and kids on the most trafficked social media sites. If your name is already gone, include your middle initial, a period or a hyphen. You can do this manually or by using a very cost effective service called Knowem.com
* Get free alerts. Set up Google alerts for your name and kids names and get an email every time someone’s name name pops up online. You want to see if someone is talking about you or using your name.
* Discuss social media with your kids. Make sure they aren’t providing their “friends” with personal information that would compromise their security or your families.
* Monitor what they do online. Don’t sit in the dark hoping they are acting appropriately online. Be prepared to not like what you see.
* Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
* Lock down settings. Most social networks have privacy settings that need to be administered to the highest level.
* Always delete emails you receive in social media from those who you don’t know. I’m messaged all the time by scammers and I’m sure you are too.
* Don’t enter all the “25 most amazing things about you” or whatever other games that extract your personal information. Nothing good can come from that.
* Always log off social media sites when you walk away from the PC. If you are ever at someone else’s home or on a public PC, this habit will save lots of aggravation. My sister-in-law, a Boston Bruins fan, left her Facebook open on the family PC. I changed her Facebook picture to the Philly Flyers and wrote Go Phillys! as her status. Bruins lost that night. I blame her.
* Do not activate geolocation services that tell the world your every move. Nothing good can come out of allowing anyone in the world to stalk your every move.
Thursday, August 5, 2010
Sunday, July 25, 2010
Cairo Security Camp 2010
Bluekaizen, with the help of Nile university, is glad to announce the launching of the "Cairo Security Camp 2010" event. The event will be held on Monday 26th of July in the Auditorium Room in the main building of Nile university in the Smart Village (Building B2 - infront of Xceed).
Cairo Security Camp is targeting Network and Information Security Experts, Managers and Post Graduate Students. The event is not a security awarenes...s event !
Please, if you wish to attend, register on the website of BlueKaizen. Non-registered users will not be allowed to enter due to space limitation. You can check the list of speakers and their topics on http://www.bluekaizen.org/
P.S: the detailed agenda will be posted on http://www.bluekaizen.org/ before the 23rd of July.
Registration link: http://www.bluekaizen.org/events/event_0.php
For more inquiries, please contact:
info@bluekaizen.org
010-2675-570
Cairo Security Camp is targeting Network and Information Security Experts, Managers and Post Graduate Students. The event is not a security awarenes...s event !
Please, if you wish to attend, register on the website of BlueKaizen. Non-registered users will not be allowed to enter due to space limitation. You can check the list of speakers and their topics on http://www.bluekaizen.org/
P.S: the detailed agenda will be posted on http://www.bluekaizen.org/ before the 23rd of July.
Registration link: http://www.bluekaizen.org/events/event_0.php
For more inquiries, please contact:
info@bluekaizen.org
010-2675-570
Get notified of suspicious Facebook access to your account
For all of you who haven't figured it out already, there is a simple way to make sure that if someone breaks into your Facebook account and misuses it, you know it immediately. All that's needed is a simple change to you settings that takes less than 5 seconds altogether.
Just log in into your Facebook account, go to your Account Settings, change you Account Security, and choose to receive notifications for login from new devices:
You will receive an email notification if someone accesses you account from a computer or mobile device you haven't used before almost instantly, and if you have activated Facebook Mobile, you can receive the notification by SMS.
Just log in into your Facebook account, go to your Account Settings, change you Account Security, and choose to receive notifications for login from new devices:
You will receive an email notification if someone accesses you account from a computer or mobile device you haven't used before almost instantly, and if you have activated Facebook Mobile, you can receive the notification by SMS.
Thursday, July 22, 2010
Noscript (Firefox extension)
Noscript is a Firefox extension that stops Javascript (a major target for security flaws) from running without permission, blocking exploits such as click jacking and XSS; white listing feature lets the user select named sites that can run scripts. Can be a bit intrusive but worth it for the security-conscious.
Dell warns of malware on PowerEdge server motherboards
Dell is apparently warning customers that "a small number" of its PowerEdge R410 server motherboards may contain malicious software. "The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware," according to post on a Dell support forum. "This malware code has been detected on the embedded server management firmware."
Dell's response came after a customer wrote about being contacted by a service technician trying to schedule an appointment to cleanse a server of malware. Dell said that it did not believe the issue would impact its customers. "To date we have received no customer reports related to data security," according to the post.
Non-Windows OSes are not affected, and the malware is not present on the new motherboards shipped with PowerEdge systems, Dell said.
The company said it has assembled a customer list and is contacting customers through letters. Dell representatives contacted in London on Wednesday morning did not have an immediate comment.
Dell's response came after a customer wrote about being contacted by a service technician trying to schedule an appointment to cleanse a server of malware. Dell said that it did not believe the issue would impact its customers. "To date we have received no customer reports related to data security," according to the post.
Non-Windows OSes are not affected, and the malware is not present on the new motherboards shipped with PowerEdge systems, Dell said.
The company said it has assembled a customer list and is contacting customers through letters. Dell representatives contacted in London on Wednesday morning did not have an immediate comment.
Wednesday, July 21, 2010
What is CAPTCHA?
CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.
What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.
Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.
What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.
Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.
Open USB Drives but be notified by a Email and a Log File VB Script
HKEY_LOCAL_MACHINE = &H80000002
strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","My-Computer")
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
If Err.Number Then
WScript.Echo "Computer Name Does Not Exist"
Wscript.Quit
End If
dim objNetwork
Dim fso
Dim CurrentDate
Dim LogFile
CurrentDate = Now
Set objNetwork = WScript.CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")
strUser = objNetwork.UserDomain
Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
ValueName = "WriteProtect"
DwordValue = "0"
objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue
If IsNull(DwordValue) Then
Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue
Elseif DwordValue=0 then
Wscript.Echo "The USB Key for computer " & strComputer & " is: Open and Not Read Only! - ", DwordValue
Set LogFile = fso.OpenTextFile(BinPath & "ChangeLog.log",8,true,0)
LogFile.WriteBlankLines 1
LogFile.WriteLine("================================================================================")
LogFile.WriteLine("USB Access changed to OPEN" & " By User " & objNetwork.UserName )
LogFile.WriteLine(Now & " - The Registry Key for " & strComputer & " is open.")
LogFile.WriteLine("================================================================================")
LogFile.WriteBlankLines 1
LogFile.Close
' ------ NOTIFY OF USB KEY CHANGE ACCESS ------
strFrom = "usbaccess@yourdomain.com.au"
strTo = "it@yourcompany.com.au"
strSub = "USB Access changed to OPEN" & " By User " & objNetwork.UserName
strBody = "USB Access changed to OPEN" & " By User " & objNetwork.UserName & " on " & Now & " - The Registry Key for " & strComputer & " is now open."
strSMTP = "YOUR-INTERNAL-SMTP-SERVER"
' ------ END CONFIGURATION ---------
set objEmail = CreateObject("CDO.Message")
objEmail.From = strFrom
objEmail.To = strTo
objEmail.Subject = strSub
objEmail.Textbody = strBody
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP
objEmail.Configuration.Fields.Update
objEmail.Send
else
Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue
End if
If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _
strComputer & "\root\cimv2")
Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOS
objOS.Reboot()
Next
End If
Locking down USB Drives to Read Only VB Script
| HKEY_LOCAL_MACHINE = &H80000002 Err.Clear strComputer = inputbox ("Please Enter Computer Name","Enter Computer Name","IT-0") ' Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") On Error Resume Next if strcomputer = "" then Wscript.Quit End if Set objReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" objReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath ValueName = "WriteProtect" DwordValue = "1" objReg.SetDwordValue HKEY_LOCAL_MACHINE, strKeyPath, ValueName, DwordValue If IsNull(DwordValue) Then Wscript.Echo "The Registry Key for " & strComputer & " is not found. - ", DwordValue Elseif DwordValue=0 then Wscript.Echo "The USB Key for computer " & strComputer & " is now OPEN: Not Read Only! - ", DwordValue else Wscript.Echo "The USB Key for computer " & strComputer & " is Secured and Read Only - ", DwordValue End If If Msgbox("Do you want to reboot machine now for the change to take affect? " & strComputer, vbYesNo, "Reboot Machine") = vbYes then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & _ Set colOS = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOS in colOS End If | | |
| |
|---|
Botnet C&C centers move to social networks
Twitter accounts have been used as such for a while now, but RSA researchers recently spotted another social network (they are not saying which) being used for the same purpose.
According to ThreatPost, the bot herder sets up fake profiles, then posts encrypted commands on it:
Every time a new computer gets infected with the banker Trojan in question, the malware is programmed to visit the profile and get new commands. The text contains authentication code so that the Trojan can be sure it's in the right place, and hard-coded instructions telling it what to do next.
According to Uri Rivner, Head of New Technologies, Consumer Identity Protection, at RSA, this instance is part of a growing trend and a direct consequence of the recent takedowns of "bulletproof" ISPs.
"These groups have had four main options for hosting if they want to put it in a resilient infrastructure," he says. "You can build your own, and there are some that are very sophisticate with great disaster recovery, but that's expensive. You can go with bulletproof hosting, but that's getting harder. You can use cloud services, which we've seen some of lately. Or you can now use social networks. That's getting more popular because resilience is they key for some of these Trojans that can run for months or years. It's so important to them to find a good hosting environment."
What really makes the use of social networks to host these centers handy is the fact that profiles can be easily made and disposed of as soon as they are flagged and blocked by the networks. Hundreds of profiles can be coded into a Trojan, and as one profile is removed, the Trojan simply visits the next one on the list and gets its commands there.
Luckily for the criminals, social network operators still can't manage to identify these profiles quickly enough to make a dent into the botnet activity, but these sites will soon be under pressure from the community and governments to come up with a solution to this problem, and botnet herders will have to find yet another way to keep themselves in business.
New zero-day "shortcut worm" vulnerability affects all Windows versions
Microsoft published Security Advisory 2286198 on Friday of last week, confirming the existence of a critical vulnerability in all supported versions of Windows.
The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI.
An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.
The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.
The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend.
Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.
Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”
F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.
Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.
The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI.
An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.
The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.
The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend.
Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.
Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”
F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.
Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.
Subscribe to:
Comments (Atom)