Security Protection – Harry Waldron MVP Rotating Header Image

May, 2011:

Apple advisory – MacDefender malware will be removed by OSX patch

This is an interesting development and am hopeful they will be successful:

Apple advisory on “MacDefender” malware http://isc.sans.org/diary.html?storyid=10918

QUOTE: Looks like Apple noticed that “MacDefender”, a fake anti-virus tool that we covered earlier, is indeed starting to make inroads on the Mac user community. They have published an advisory today that describes how to “avoid” or “remove” the threat.

The advisory also states “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware” which might turn out to be the first glimpse of an acknowledgment that yes, Macs can also have malware, and yes, Macs might even need a tool to remove malware.

Facebook – Please avoid the Profile Music Player spam attacks

Please avoid spammed messages features a new Facebook music player feature. This will compromise your Facebook account plus it may create malware infections on your PC as well.  Trend Labs warns of this new attack below:

Trend Labs – Facebook Spam Now Plays Your Favorite Music http://blog.trendmicro.com/facebook-spam-now-plays-your-favorite-music/

QUOTE: Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site?  Unfortunately, spammers also find this cool. We recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature.

The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features.

Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read: “FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]“ All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.

Microsoft – New EMET version available

 A new version of EMET has been released with the following new features

Microsoft – New EMET version available http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx

QUOTE:  The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making “current” exploitation techniques harder and less reliable. Users interested in finding out more about EMET can read more here.  Today’s release comes with some new features:
  • EMET is an officially-supported product through the online forum
  • “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
  • Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
  • Improved command line support for enterprise deployment and configuration
  • Ability to export/import EMET settings
  • Improved SEHOP (structured exception handler overwrite protection)  mitigation
  • Minor bug fixes

Mississippi Flooding Disaster – Scams and Malware attacks

CERT has issued a recent warning to be careful with recent disasters and other news events.  These are often used to trick individuals into revealing sensitive information or accepting malware on their systems.

Mississippi Flooding Disaster – Scams and Malware attacks http://www.us-cert.gov/current/index.html#mississippi_flooding_disaster_email_scams

QUOTE: Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters. US-CERT encourages users to take the following measures to protect themselves:

MySpace – Phising Site uses slightly misspelled URL

It is always important to verify URLs and a slightly mispelled version of MySpace could trick users into sharing the email, cell phone number, or other senstitive information.

Every day is a Birthday Party  http://sunbeltblog.blogspot.com/2011/05/every-day-is-birthday-party-at.html

QUOTE: You’d have thought Myspace would have snapped up myspac(dot)com, but it seems to have scampered past them in the night like a small scampery thing that scampers. This site will bounce you through a whole bunch of different locations. When you hit that last one, the “Social Reward Center” tries to make you feel all bad about not taking part in their birthday celebrations. Did I say “birthday celebrations”? I sure did, because it’s their sixth birthday!  You’re then asked to hand over your mobile number and email address. Not sure I’ll be signing up to this one anytime soon, especially as the Site Advisor user reviews are so positive.

Windows 8 – Targeted for release in 2012

Microsoft’s CEO has officially announced a target of 2012 for Windows 8.

Ballmer: Windows 8 is Coming in 2012 http://www.cio.com/article/682792/Ballmer_Windows_8_is_Coming_in_2012

QUOTE:  Microsoft’s (MSFT) next version of the Windows operating system, dubbed Windows 8, will debut in 2012, company CEO Steve Ballmer said Monday. Ballmer made the announcement in Tokyo, speaking to an audience of software developers.  Observers had been expecting the next version of Windows next year, but this is the first time that the company has officially confirmed the 2012 date.

Ballmer told the developers, “as we look forward to the next generation of Windows systems, which will come out next year, there’s a whole lot more coming,” according to a transcript of his speech posted to Microsoft’s website.  “As we progress through the year, you ought to expect to hear a lot about Windows 8. Windows 8 slates, tablets, PCs, a variety of different form factors,” he added.

CIO Magazine – Complete Guide to Windows 7

A good resource with 3 pages of links

CIO Magazine – Complete Guide to Windows 7 http://www.cio.com/article/496464/Windows_7_Bible_Your_Complete_Guide_to_the_Latest_Version_of_Windows

QUOTE: From pricing questions and a rundown of interface features to upgrade concerns and challenges presented by the iPad, CIO.com’s Windows 7 Complete Guide covers it all. Our guide delivers expert reviews, advice on planning and rollout, opinion pieces and news analysis on Microsoft’s latest client operating system.

Windows 8 – At least Four Different versions anticipated

According to early reports, tablets and mobile devices will also be a focal point for this new operating system

Windows 8 Coming in At Least 4 Versions http://www.cio.com/article/682543/Windows_8_Coming_in_At_Least_4_Versions

QUOTE: Microsoft will make at least four different versions of Windows 8 for devices with ARM processors, but you won’t be running older Windows apps on any them, according to an Intel executive. Renee James, Intel’s senior vice president and general manager of Software and Services Group, also reaffirmed that Windows running on ARM devices will be focused on tablets and other mobile devices, according to Bloomberg.

Facebook – Two factor authentication using passcodes to mobile phones

In the Account Settings, users can opt to get a special password code delivered in text to their mobile phone to strengthen login authentication.    You must register your mobile phone with Facebook for this feature.  This is documented below.

Facebook goes two-factor http://isc.sans.org/diary/Facebook+goes+two-factor/10909
https://www.facebook.com/note.php?note_id=10150172618258920

QUOTE: Facebook is now offering a new feature called “Login Approvals“.   I call it part-time two-factor authentication mechanism.  Andrew Song of Facebook states:  “Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer.”  I have downgraded it to “part-time” because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list.  I clarify “browser” because you will be forced to re-auth from a different browser.

Public Internet Facilities – Dangers in using shared devices

This article from the McAfee blogs highlights the danger associated with using shared Internet facilities in a library, hotel, restaurant, or executive lounge.  Some key points include:

* It’s always important to LOGOFF all environments after checking email or other activity.

* Users should avoid sharing sensitive information

* Users should avoid e-commerce transactions

* In these less trusted settings, there are even dangers of keyloggers or wireless interception capabilities

* There are dangers in plugging portable media (USB devices) into public computers as they could be potentially infected

*  Finally, if you see that the last user is still logged on, please do them a favor and log them off  

Public Internet Facilities – Dangers in using shared devices http://blogs.mcafee.com/mcafee-labs/the-dangers-of-shared-devices-and-exec-lounges

QUOTE: One of the perks of travel is access to Executive Lounges. One of the perks of Executive Lounges is that they often have VERY cool devices on display for the weary traveler to use. In one particular lounge I am currently in resides a very nifty Motorola XOOM:

I am kinda torn on the idea of shared devices. It’s great to have access to cool technology in a lounge or a store but you would kind of hope there would be SOME kind of protection or device management/lockdown going on. Who in their right mind would log into a wide open device and use it for their private email, twitter or Facebook use right? I think you guessed…. quite a few people.

This particular XOOM (and there were several in this lounge as well as at least one Motorola ATRIX) had what you would expect: Twitter, YouTube, FaceBook and such. All of these has multiple logins with the account data saved (which I will NOT show for obvious reasons) but in truth this was not what surprised me. Poking around I quickly noticed that I had full access to the main account that the device used.