Security Protection – Harry Waldron MVP Rotating Header Image

December 30th, 2011:

Facebook TimeLine Hoax – Please do me a favor and hover over my name

It is always a good practice to avoid reposting information as instructed in this hoax circulating in Facebook. A security firm called Facecrooks shares this informative link

http://facecrooks.com/Internet-Safety-Privacy/hoax-alert-with-the-new-fb-timeline-on-its-way-hover-over-my-name-above-this-doesnt-work.html

 

HOAX TEXT: “With the new ‘FB timeline’ on its way this week for EVERYONE…please do both of us a favor: Hover over my name above. In a few seconds you’ll see a box that says “Subscribed.” Hover over that, then go to “Comments and Likes” and “Games” and un-click it. That will stop my posts and yours to me from showing up on the side bar(ticker) for everyone to see, but MOST IMPORTANTLY it LIMITS HACKERS from invading our profiles. If you re-post this I will do the same for you. You’ll know I’ve acknowledged you because if you tell me that you’ve done it I’ll ‘like’ it. Thanks”

QUOTE: Sadly, this won’t do anything to protect you from hackers or improve your privacy. A very similar message was circulated when the Facebook ticker was introduced back in September. It caused quite a stir at the time, and it took a day or so for bloggers and social media gurus to get it all sorted out. If you are interested in reading why the message doesn’t work, then we recommend you read this post from our friends at Sophos.

Twitter – Avoid New Fake Tracker Application and dangerous URLs

Sunbelt labs warns of a new malicious application that can be installed on Twitter to determine user visitation.  Currently, no application can perform that analysis and this fake application is similar to the versions seen on Facebook and other sites.

Twitter – Avoid New Fake Tracker Application and dangerous URLs http://sunbeltblog.blogspot.com/2011/12/curious-whos-stalking-you-yes-weve.html

QUOTE: This social media “stalking” thing, to the best of my knowledge, all began on MySpace. We’ve seen them emerge on Twitter, too: our friends at Sophos wrote a so-called “app” that Twitter purportedly released to track a user’s stalker. Only this time, no such app is ever involved. We impore you, Dear Reader, to please exercise caution when clicking links on tweets. Even better: use your better judgment on whether you’d believe a supposedly interesting tweet or not before considering visiting the URL that goes with it. More often than not, scam tweets are designed to sound this way to actually make Internet users click them. Please don’t be fooled.

MS11-100 – Special Microsoft ASP.net security release December 2011

A special out-of-band security release was performed yesterday to address ASP.net vulnerabilities recently discovered.  Corporate users should especially test and install this security patch expediently.

MS11-100 – Special Microsoft ASP.net security release December 2011 http://technet.microsoft.com/en-us/security/bulletin/ms11-100
http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx
http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
http://isc.sans.edu/diary.html?storyid=12295

QUOTE: The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.NET.

While we have seen no attacks attempting to exploit this vulnerability, we encourage affected customers to test and deploy the update as soon as possible. Consumers are not vulnerable unless they are running a Web server from their computer. More technical details can be found at the Security Research & Defense Blog.

Wireless Security – New Brute Force WPS Vulnerability

The ISC shares a new WPS vulnerability where brute force PIN attacks could potentially be used to gain unauthorized access

Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability http://isc.sans.org/diary/Wi-Fi+Protected+Setup+WPS+PIN+Brute+Force+Vulnerability/12292

QUOTE: Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 – available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN. The vulnerability was reported by Stefan Viehböck and more details are available on the associated whitepaper. In reality, it acts as a “kind of backdoor” for Wi-Fi access points and routers.  The quick and immediate mitigation is based on disabling WPS.

More on WPS Security – Pros & Cons https://isc.sans.edu/diary.html?storyid=10675

Wi-Fi Best Practices and Protection Resources http://www.wi-fi.org/knowledge_center_overview.php
http://www.wi-fi.org/files/kc_80_20070104_Introducing_Wi-Fi_Protected_Setup.pdf

Network-wide options by YD - Freelance Wordpress Developer