Security Protection – Harry Waldron MVP Rotating Header Image

October, 2012:

Hurricane Sandy – Don’t believe everything on Twitter or Facebook

Several folks shared photos of the ominous cloud looming behind the Statue of Liberty circulating on Facebook.  Also, plenty of fabricated stories circulated distorting the facts and possibly alarming folks who have friends or relatives in the area.  As other major events have proven, it is important to always get facts from the proper sources.

http://bostonglobe.com/opinion/editorials/2012/10/31/hurricane-sandy-shows-media-don-believe-everything-twitter/e2kAu24WWmvnaxa2IkppBK/story.html

QUOTE: Those who logged onto Twitter as Hurricane Sandy barreled toward the East Coast Monday night were among the first to read a handful of eye-popping news developments that eventually wound their way onto outlets like CNN and Reuters: that the floor of the New York Stock Exchange was under 3 feet of water; that the New York subways had been pre-emptively closed for a week; and that 19 employees of an electric company had been trapped in a building. These updates seemed to illustrate how a crowd of social media junkies can turn up news faster than a scattered few professional reporters. That would have been true — if the stories themselves had been. In fact, many stories were fabricated, some by the same anonymous tweeter. At the same time, images purporting to show what was happening on the ground in New York spread across the Internet. One, showing an ominous cloud looming behind the Statue of Liberty, had been digitally altered; another, picturing the statue as it was about to be covered by waves, was a scene from the apocalyptic movie “The Day After Tomorrow.” In this case, as in many others, Twitter users called out such errors with mockery, circulating obviously fake images of Lady Liberty crouching behind her base.

Russian Hacker Underground – Trend Labs documents

Trend Labs shares an interesting PDF report on this topic:

http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-the-russian-underground/

QUOTE:  Earlier today, we released the paper Russian Underground 101 which provides readers an overview of the Russian underground economy. The Russian underground is a key source for all sorts of illegal products and services used by criminals, which is ultimately aimed at users all over the world.  By exploring underground resources, (visiting various underground forums) we were able to determine the products and services that are most commonly traded for, as well as the prices of these goods. This provides us with a good insight into the Russian underground ecosystem, information which can be used to provide enhanced protection for Trend Micro customers.

Android 4.2 – new version announced

Key security feature announced is multiple user profiles

http://www.nbcnews.com/technology/gadgetbox/android-4-2-still-jelly-bean-sweeter-1B6743843

QUOTE: Google announced also Android 4.2 on Monday. It’s still called Jelly Bean, just like the prior version, but it’s made just a little bit sweeter by the addition of new features such as Photo Sphere, Gesture Typing, multi-user support and more.  Sharing an Android tablet with a family member will be significantly less awkward thanks to multi-user support. Each user can have his or her own homescreen, background, widgets, apps and games. Toggling between users is supposedly as easy as switching between apps.

Windows Phone 8 SDK release

Windows Phone 8 SDK has been released as documented by Next Web:

http://thenextweb.com/microsoft/2012/10/30/the-windows-phone-8-sdk-is-now-live-for-all-heres-where-to-get-it/

QUOTE: Yesterday Microsoft promised to release the Windows Phone 8 SDK at its event in San Francisco. Today, during the opening keynote of its BUILD conference, the SDK went live.  Microsoft is betting heavily on Windows Phone 8, moving the core of the operating system to a shared codebase with Windows 8. While this presents numerous advantages, it does cut loose all older Windows Phone handets, as their physical architecture cannot manage the new software.

Available from link below:

http://www.microsoft.com/en-us/download/details.aspx?id=35471

South Carolina – Recent data breach exposes sensitive information

The state of South Carolina is working to resolve issues and hopefully sensitive information was not captured extensively during the compromised security incident.

http://securitywatch.pcmag.com/none/304400-south-carolina-data-breach-exposes-ssn

QUOTE: The latest data breach in South Carolina where over three million Social Security numbers were exposed is just another example of how organizations aren’t protecting sensitive data with encryption. As many as 3.6 million Social Security numbers and 387,999 credit and debit card numbers may have been exposed during a series of cyber-attacks against systems belonging to the South Carolina Department of Revenue, state officials disclosed on Friday. Anyone who has ever filed a South Carolina tax return since 1998 may be affected.

Official response can be found here:

http://www.sctax.org/News+Releases/20121009_1026NR.htm

Hurricane Sandy – ISC Update

The ISC offers an update on outages and malware/scam attacks associated with Hurricane Sandy

https://isc.sans.edu/diary/Hurricane+Sandy+Update/14410

QUOTE: If you reside in the effected area, you are probably best off staying at home. Many roads are blocked by debris and in some cases by downed power lines. Here are some of the typical issues we see after an event like this:

outages of communications networks as batteries and generator fuel supplies run out.

malware using the disaster as a ruse to get people to install the malicious software (“watch this video of the flooding”)

various scams trying to take advantage of disaster victims.

A couple ways how the internet can help in a disaster like this:

– many power companies offer web pages to report and monitor outages.

– FEMA offers updates on it’s “ready.gov” and “disasterassistance.gov” web sites.

– local governments offer mobile applications to keep residents informed.

AVAST – scored well in OCT 2012 AV-Comparatives review

AVAST received top rankings in malware removal and performance

http://blog.avast.com/2012/10/18/avast-only-free-antivirus-to-receive-advanced-award-for-performance-and-detection/

QUOTE: Avast! Free Antivirus won the top rating for malware removal from independent research organization AV-Comparatives last month, and this month is the only antivirus solution that also received the ADVANCED+ award for performance. The latest performance test measured the impact on system resources and speed of 19 antivirus products, and avast! Free Antivirus was the best scoring FREE product again.

AV-Comparatives performance testing is a series of real-world scenarios that includes downloading, extracting, copying, and encoding files, installing and launching applications, in addition to an automated testing suite. The ranking system is three-levels: “Standard,” “Advanced” and “Advanced+” awards. To receive the “Advanced+” award, avast! Free Antivirus was compared to mostly paid-for antivirus suites based on how much impact the product has on system resources, including protection against ‘real-world’ zero-day malware attacks, detection of a representative set of malware discovered in the last 2-3 months, false positive rates, and scanning speed. Avast was the highest scoring free product and out-shined a host of paid-for products and other free products.

Hurricane Sandy – Malware and scam attacks likely

As in past major news events, there is a high potential for Hurricane Sandy related internet scams and malware attacks.  Please be careful with email, Facebook links, web searches and any charitable donations made during coming days.

http://blog.avast.com/tag/hurricane-sandy/

QUOTE: With Hurricane Sandy bearing down on the northeast United States, the potential is high for cybercrooks to release a wave of scams and malware related to the storm. If the past repeats itself, Facebook postings, tweets, emails, and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits. These messages often include malicious code that attempt to infect computers with viruses, spyware, or Trojan horses.

Android – FakeInstaller top malware threat

McAfee Labs shares an analysis of the top Android malware threat:

http://blogs.mcafee.com/mcafee-labs/fakeinstaller-leads-the-attack-on-android-phones

QUOTE: Android.FakeInstaller is a widespread mobile malware family. It has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and many other top applications. This is not news in the mobile malware world, the FakeInstaller family is one of the most prevalent malware that we have analyzed. More than 60 percent of Android samples processed by McAfee are FakeInstallers. This threat has become more dangerous, adding server-side polymorphism, obfuscation, antireversing techniques and frequent recompilation, all to avoid detection by antivirus solutions. Android.FakeInstaller sends SMS messages to premium rate numbers, without the user’s consent, passing itself off as the installer for a legitimate application. There is a large number of variants for this malware, and it is distributed on hundreds of websites and fake markets. The spread of this malware increases every day

Firefox 17 – New Social Facebook API designed to help safeguard privacy

Firefox 17 beta offers a new API that interacts with Facebook directly and may help reduce infections associated with fake email alerts.  The first social network implementation will be for Facebook.

https://blog.mozilla.org/privacy/2012/10/22/being-social-with-privacy-in-mind/

With our latest beta, we’ve started testing a new social API right inside Firefox. This API provides an open, Web-based infrastructure that allows users to connect Firefox with their favorite social networks, creating an experience that’s social, still feels like Firefox, and most importantly still respects our privacy principles. The first implementer of our new social API is Facebook, and we expect many more implementations in the coming months.  One of the social API’s key requirements is that data is only sent to a social network when the user wants to send it. The new social features are completely opt-in and are disabled until you visit a social network site and decide to turn things on. Once enabled, Firefox loads several pages from your social network over secure connections.