Security Protection – Harry Waldron MVP Rotating Header Image

November, 2012:

Holiday Season 2012 – Seven safety tips for online shopping

More online safety tips for the 2012 holiday season:

http://www.forbes.com/sites/firewall/2012/11/25/you-better-watch-out-online-attacks-are-coming-to-town/

https://isc.sans.edu/diary.html?storyid=14569

QUOTE: It is time for a more consumer oriented blog post with a couple of hints about what to watch out for during the holiday online shopping season. How do you watch out and tell who is naughty and nice online? You better check twice or you better not cry if you lose your money, your credit cards, or even your identity.

1. Stick to Sellers you Know

2. Don’t Trust Customer Reviews Blindly

3. Be Careful with “Phishing”

4. Watch Your Credit Card Statement Carefully

5. Be a Cautious Seller

6. Be Careful When and How to Meet a Craigslist Seller

7. Don’t Buy Stolen Property

Computer Security Controls – Better safe than sorry

This article in the Mac Security Blog makes a great point,  While seatbelts won’t prevent all injuries, you are much safer by buckling up.  Likewise, security controls won’t guarantee complete safety, but folks can stay better protected through technical safeguards and best practices.

http://www.intego.com/mac-security-blog/security-measures-arent-completely-effective-but-that-doesnt-mean-you-shouldnt-use-them/

QUOTE: Passwords, security software, and user education don’t prevent 100% of computer security problems. There are some large holes in “typical use” of these things — no one will disagree with that. Should you stop using them? Every few months, there is some new article suggesting exactly that. The latest to join this trend is an article by Mat Honan discussing the inefficacy of passwords.  This much is true: if you’re only using easily guessable passwords and signature-based antivirus on a Windows machine, you’re likely to get hit with malware or have your accounts hacked sooner than later. But if you’re updating your software, using complex passwords, and implementing a security suite including anti-virus with behavioral scanning plus a firewall, your odds of being hit are much lower. At the very least, your protection is going to be way better than what most people are using, so you could be a less tempting target.

W32.Narilam – New SQL data base malware emerges in Middle East

Symantec has identified a new sophisticated malware threat designed to alter SQL Server databaseswhere user rights are not properly locked down.  As with the Stuxnet attacks, this new threat is most active in the Middle East

http://www.symantec.com/connect/blogs/w32narilam-business-database-sabotage

http://securitywatch.pcmag.com/none/305296-database-modifying-malware-narilam-a-corporate-sabotage-tool

QUOTE: In the last couple of years, we have seen highly sophisticated malware used to sabotage the business activities of chosen targets. We have seen malware such as W32.Stuxnet designed to tamper with industrial automation systems and other destructive examples such as W32.Disstrack and W32.Flamer, which can both wiped out data and files from hard disks. All of these threats can badly disrupt the activities of those affected.  Following along that theme, we recently came across an interesting threat that has another method of causing chaos, this time, by targeting and modifying corporate databases. We detect this threat as W32.NarilamBased on the detections observed, W32.Narilam is active predominantly in the Middle East.

Just like many other worms that we have seen in the past, the threat copies itself to the infected machine, adds registry keys, and spreads through removable drives and network shares. It is even written using Delphi, which is a language that is used to create a lot of other malware threats. All these aspects of this threat are normal enough, what is unusual about this threat is the fact that it has the functionality to update a Microsoft SQL database if it is accessible by OLEDB.

 

AV Comparatives Testing – Which AntiVirus cleans best

AV Comparatives recently tested cleaning capabilities for free and premium AV products.  All products tested did fairly well in scoring.

http://www.av-comparatives.org/images/docs/avc_rem_201211_en.pdf

http://securitywatch.pcmag.com/none/305309-which-antivirus-cleans-best

QUOTE: Bitdefender Antivirus Plus 2013 and Kaspersky Anti-Virus (2013) managed an A average in both removal and convenience. That comes as no surprise to me; both products also scored very well in my own malware cleanup test. Panda Cloud Antivirus Free Edition 2.0 came close with an A- in both categories. All three of these products earned the top rating, ADVANCED+.  Even the lowest scores weren’t dreadful. AVG Anti-Virus FREE 2013 earned a B average for both thorough removal and convenience, while avast! Free Antivirus 7 averaged a B for convenience and B- for thorough removal. These got a STANDARD rating, the lowest passing rating. All of the others were rated ADVANCED.  Overall, products in this test did better than in last year’s test.

Windows 8 – Improved System Restore utilities

The System Restore process was improved for Windows 8.  The following compares the new approach with an advanced third party recovery tool.

http://securitywatch.pcmag.com/none/305179-windows-8-reset-and-refresh-versus-faronics-deep-freeze

QUOTE: In theory, if you screw up your settings or otherwise run into trouble, the Windows System Restore feature can put things right. In my years of experience, however, I’ve found that using System Restore causes more problems than it resolves. The new Refresh feature in Windows 8 is intended as a better kind of System Restore, and the Reset feature should reset your Windows 8 installation to a pristine out-of-box installation.

When you run Windows 8 Refresh, it keeps your files and personal settings but restores all Windows settings to their defaults. Applications that you installed from disk will be removed and logged; apps from the Windows Store will remain.  Mehta found that the process took about 30 minutes. It turns out that apps from the Windows Store actually do get removed during the process, but it reinstalls them automatically. It also removed all Windows updates, so he had to reinstall those. And it gave the first-time treatment to each user account, rebuilding the profile and offering a Windows 8 tutorial.

FBI – New tactics to investigate Securities Fraud

The FBI is using social media networks to investigate security fraud, as noted below:

http://www.nbcnews.com/technology/technolog/fbi-uses-twitter-social-media-look-securities-fraud-1C7209895

QUOTE: The FBI sees social media as a potential breeding ground for securities fraud, and has agents scouring Twitter and Facebook for tips, according to two top agents overseeing a long-running investigation into insider trading in the $2 trillion hedge fund industry.  April Brooks, a special agent in charge of the New York field office of the Federal Bureau of Investigation, and David Chaves, a supervisory agent, said it is hard to predict the next wave of securities fraud, but they add that it will have a lot to do with advances in technology and social media.

“I will tell you technology will play a huge part, social media, Twitter. Any kind of technology that is new and doesn’t exist today, if there is any way to exploit it, these individuals will exploit it,” Brooks told Reuters TV in an interview for the Reuters Investment Outlook 2013 Summit. Brooks and Chaves oversee what the FBI calls “Operation Perfect Hedge,” which has led to more than 60 convictions of hedge fund traders, analysts and industry consultants.

Macy’s Day Parade 2012 – Sensitive data in shredded confetti

Sensitive police documents were apparently shredded and used as confetti in the annual Macy’s Thanksgiving Day Parade

http://nakedsecurity.sophos.com/2012/11/26/confidential-parade-confetti/

QUOTE: The world’s most famous Thanksgiving parade is probably not where you’d expect to find shredded confidential police documents. But that’s exactly what Ethan Finkelstein says he found while enjoying the annual parade in New York City last Thursday, according to an American news station.  Finkelstein told PIX11 he was watching the parade from 65th Street and Central Park West when he noticed some of the confetti stuck to his friend’s coat. As they picked it off they noticed it had the letters ‘SSN’ and a number next to it. So they gathered some more confetti that had fallen around them. They found other confidential information, such as arrest records and police officers’ details, including social security numbers and dates of birth. Some of the documents identified detectives – including undercover officers – by name.

Cyber Monday 2012 – Saftey tips for shopping via Internet

This article by PC Magazine offers excellent safety advice in four distinct vulnerable areas:

http://securitywatch.pcmag.com/none/305284-shop-online-safely-this-holiday-season

QUOTE: While Black Friday marked the beginning of holiday shopping in stores around the country, many consumers are increasingly counting on online deals to find the best gifts. In a PriceGrabber.com survey of 4,958 U.S. online shoppers, 41 percent of consumers said they planned to shop online on Cyber Monday, the first Monday after the long Thanksgiving weekend. Almost a third of respondents planned to shop online after looking for sales during the Black Friday weekend, and 29 percent planned to take advantage of Cyber Monday deals to get their shopping done early. Retailers aren’t the only ones prepping deals; cyber-criminals are paying attention, too. Consumers scouring the Web for amazing deals and acting quickly before special offers expire are highly vulnerable to email messages and posts on social networks containing malicious links.

FOUR KEY AREAS OF SAFETY REQUIRED

1. Shop on Legitimate, Secure Sites

2. Protect Your Data

3. Protect Your Accounts

4. Protect Your Devices

Facebook – How Free Gift Scams work

Excellent advice by PC Magazine as scam attacks work through malicious applications on Facebook that appear to come from a trusted friend or contact.  Avoid clicking the LIKE button or visiting a URL offered if it seems to good to be true.

http://securitywatch.pcmag.com/none/305285-dissecting-the-facebook-gift-scam-how-they-get-you

QUOTE: “Get free stuff!” is a common lure scammers use on Facebook. It doesn’t matter if the pitch is for a free airplane ticket, a free iPad, or just a voucher for a free coffee. Everyone likes getting something for free.  While the bulk of Hunt’s analysis focused on a supposed $400 voucher promotion from Australian retailer Woolworths, there are similar scams for other retailers, including Starbucks, Costco, and Harvey Norman, he said.   “The scam relies of the power of social media leverage by making the victim the advocate for the scam. It’s their wall that’s telling all their friends how awesome the scammer’s page is,” Hunt wrote.

It all begins with a friend. Or more precisely, a post from a Facebook friend in the Newsfeed advertising a voucher or a free gift from a company. Users who click on the link first land on the promotion page, which displays a share widget, user comments, and a Like button. After the user completes all three steps (and ensures friends will now see the post in their Newsfeeds), the user is redirected several times before landing on the final scam page. It may be a survey site, a form asking users to fill out information to win a prize, or some other malicious site. There will be no sign of that initial free gift, though.

EMAIL – Out of office notification risks

Trend Labs shares an informative article related to Out of office notification risks

http://blog.trendmicro.com/trendlabs-security-intelligence/the-risks-of-the-out-of-office-notification/

QUOTE: Many enterprises today, guarding against data breaches and targeted attacks is one of the top concerns of IT administrators. One of the things that administrators guard against is reconnaissance and targeting of any potential high-value personnel who may fall victim to a targeted attack. A less obvious source of information leakage, however, is the humble out-of-office notification. Consider what the typical content of an out-of-office notification is. It will have a brief explanation of why the respondent is out of the office, who the sender can alternately contact instead, and an estimate of when they will return to the office. It may also include the user’s email signature, if he has one. Individually, this may not be a great deal of information. However, it is easy for would-be attackers to gather multiple out-of-office notifications. Based on our research into spear-phishing, the e-mail addresses of about half of all spear-phishing recipients can be found online using Google. In many cases, corporate e-mail addresses follow a predictable format as well; this makes many addresses “known” so long as an employee’s name is known.

So, what can users and IT administrators do? Fortunately, e-mail server software has had the capability for several years now to properly control out-of-office notifications. For example, users can set one notification message to appear to people within an organization, while setting another for those outside it.  Users may also want to consider limiting the information that they include in notifications: for example, instead of saying who to contact, the message may say instead to notify “my manager” or “my subordinates”.  All in all, out of office notifications represent a valuable target for reconnaissance by determined attackers, but is a threat that can be secured within reason by users and administrators. What is needed is awareness that this threat even exists – which, hopefully, is something this entry has achieved.