Security Protection – Harry Waldron MVP Rotating Header Image

February, 2013:

Internet Explorer 10 verses Google Chrome 25 comparison

ZDnet shares interesting head-to-head comparison of both browsers.  The latest version of Internet Explorer are excellent in terms of security, performance, and standards adherence.  Firefox and Chrome also are good complementary browsers as well.

http://www.zdnet.com/the-best-windows-browser-today-ie-10-or-chrome-25-7000011862/

QUOTE: Microsoft has just released its newest browser for Windows 7: Internet Explorer (IE) 10. Days earlier, Google had released Chrome 25, its latest browser, for all platforms. So, now that both are available on the most popular desktop operating system, Windows 7,  Which is better for Windows 7 users? – In this test, higher scores are better. For once we have a close result and it may surprise you. IE edged out Chrome with a score of 115.38 to 102.73.  So, which is the best? Well, for my money, Chrome seems the easy best pick. Not only does it tend to be faster, usually far faster, than IE, it runs on almost every desktop platform you’re ever likely to use and it’s more HTML5 compatible. That said, if you’re running Windows 7and you must use IE, this latest Microsoft browser is a good choice.

Internet Explorer 10 – Windows 7 verion finalized

The IE10 build has been finalized for Windows 7 as noted below:

http://www.zdnet.com/microsoft-delivers-final-version-of-ie-10-for-windows-7-7000011849/

QUOTE: Microsoft released to the Web the final (non-test) build of Internet Explorer 10 for Windows 7 on February 26. IE10 is the latest version of IE and the one that is bundled with Windows 8 and Windows RT. Like IE10 for Windows 8 and Windows RT, IE10 for Windows 7 is optimized for touch first. Unlike the Windows 8 and Windows RT versions, IE10 for Windows 7 places the URL bar at the top of the screen, not the bottom. And as is true with the Windows 8/Windows RT version, IE10 for Windows 7 has the Do Not Track (DNT) signal turned on by default, preventing users from having their behavior automatically tracked online.

AutoRun Worm – New version highly advanced and polymorphic

McAfee labs shares an update on developments for the latest Autorun worm which is very difficult to detect and uses highly advanced techniques to infect vulnerable computers

http://blogs.mcafee.com/mcafee-labs/polymorphic-autorun-worm-evolves-and-obfuscates

QUOTE: The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral perspective, it looks like any other thumb-drive infecting worm. It adds an autorun.inf file on all removable drives and network shares, has an icon resembling a folder icon to trick people into double-clicking it, and infects ZIP and RAR archives. What separates this worm from the rest, however, is the level of obfuscation and polymorphism that it employs.

The worm can download other prevalent families, such as ZBot, and it’s clear that the payload families use the worm’s spreading mechanism as a propagation vector.  This family hasn’t shown signs of fading away (more than a million files on VirusTotal belong to this family), but with a few simple steps, you can avoid getting infected by this annoying worm.

* Don’t click links in spam emails that promise free stuff or suggest new ways to make a quick buck.

* Don’t execute software that arrives via spam.

* Disable the AutoRun feature on Windows

* Refrain from opening files from unknown sources

* Don’t open any executable file with a shady application name

* Check source by hovering your mouse near a link

* Don’t open any executable file that looks like a folder icon with blurred edges

* Read our Threat Advisory for more information

Facebook – New $500 Walmart gift card scam

There are no “free lunches” available from the Internet and users should never click on links or buttons associated with these scams that often lead to a malicious application.

http://facecrooks.com/Scam-Watch/Ive-just-received-a-500-Walmart-Giftcard-for-free-and-5-more-to-give-away-to-friends-Facebook-Scam.html

QUOTE: I’ve just received a $500 Walmart Giftcard for free and 5 more to give away to friends – Facebook Scam

Scam Signature Message: I’ve just received a $500 Walmart Giftcard for free and 5 more to give away to friends. If you shop at Walmart and want one for free, get one here

Scam Type: Survey Scam, Rogue Facebook Application, Bogus Offer

Trending: February 2013

Why it’s a Scam: Clicking the wall post link takes you to a Facebook called ‘Free Giftcards:’

How to Deal with the Scam:  If you did make the mistake of installing the Facebook application, then you could be spamming the message to your friends. Clean up your newsfeed and profile to remove references to the scam. (click the “x” in the top right hand corner of the post).  You’ll also need to remove the rogue Facebook application from your account.

Adobe PDF Security – First exploit to compromise Sandbox security controls

McAfee Labs shares an interesting and in-depth article on the first exploit to bypass sandbox controls added in version 10 and higher for Adobe.  Adobe users will greatly improve their security by being on the latest version, as active attacks are circulating for version 9 or lower.

http://blogs.mcafee.com/mcafee-labs/analyzing-the-first-rop-only-sandbox-escaping-pdf-exploit

http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit

http://blogs.mcafee.com/mcafee-labs/adobe-flash-zero-day-attack-uses-advanced-exploitation-technique

QUOTE: As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background.  The Adobe Reader sandbox consists of two processes: a high-privilege broker process and a sandboxed renderer process; the latter is responsible for rendering the PDF document.  Adobe has now released the official patch for these critical vulnerabilities. As always, we strongly suggest that users apply the patch as soon as possible

SocialSafe backup software for Facebook or other social network data

As many users store photos and other data on Facebook or other social network environments, this new software product provides a backup service directly to the users computer.  It is described in article by Facecrooks Security.

http://facecrooks.com/Internet-Safety-Privacy/Protect-Your-Social-Media-Accounts-with-SocialSafe-the-Ultimate-Backup-Solution.html

http://services.socialsafe.net/

QUOTE: A company called SocialSafe provides an incredibly simple way to back up and archive your Facebook timeline, Facebook Pages, Twitter, LinkedIn, Instagram, Google+ and Viadeo profiles and more.  As you know, we often talk about social media privacy issues, and one thing we really like about SocialSafe is that all of your information is stored locally on your computer. Your data isn’t stored on a server in the cloud somewhere where it’s vulnerable to data breaches and hackers.

Not only does SocialSafe provide an excellent social media backup service, the application also provides quick and powerful search and browse capabilities. You can navigate your Timeline in a calendar format, search across all of your social networks with deep precision and even view a journal created from all of your backed up activities. As well as this, you can export your data to CSV, allowing you to really take control of and get the most from your social content in any way that you want.

Facebook – New Targeted Ad program for store purchases

Facecrooks Security describes a new voluntary purchase tracking system that is designed to tailor advertising for Facebook users.  Security and Privacy concerns are noted in this article.

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Testing-Targeted-Ads-Based-on-What-you-Buy-In-Store.html

QUOTE: Facebook’s targeted advertising is already pretty sophisticated in understanding your tastes, but their ability to monitor your transactions could soon follow you into the real world. According to Ad Age, Facebook has teamed up with several data provider companies to track your purchases in actual brick-and-mortar stores. It will allow for brands to hone in even more accurately on consumers with targeted advertising on the site. On its surface, this plan seems like a giant leap toward Big Brother, but how it will work in practice isn’t quite so sinister.

The ad targeting will take place when data companies match up, anonymously, retail loyalty program members and Facebook users by using the phone number and email address members gave when they signed up for both services. However, Facebook is going to face an uphill battle in convincing a skeptical public that their personal information is safe, especially given the news of the recent Facebook hack reportedly perpetrated by Eastern European or Chinese hackers. “Facebook’s challenge is going to be breaking down the process in ways that are simple to understand and fostering confidence that this powerful data can be handled in a responsible way,” MEC Social Lead Kristine Segrist told Ad Age.

Secunia Small Business Inspector – Beta Version

At the RSA conference, Secunia debuted a new version of their security inpection software designed for small business networks.  Their PSI product for home users has also been an excellent tool to ensure all software is up-to-date on security patches

http://securitywatch.pcmag.com/none/308639-rsa-keep-your-small-business-pcs-fully-patched

QUOTE: Software isn’t perfect. Any browser, application, or operating system has holes that can allow malefactors to penetrate your security. When a new vulnerability comes to light, vendors scramble to release a patch. If you don’t apply those patches, your PC is likely to fall victim to the attack. As I’ve reported before, the free Secunia Personal Software Inspector (PSI) is a great way to check for unpatched products and, in many cases, automatically apply needed patches. At the RSA Conference in San Francisco, Secunia announced a version aimed at small businesses, as well as an inspector for Android devices.

 

Morten R. Stengaard, Secunia’s Director of Product Management and Quality Assurance, demonstrated a beta version of Secunia Small Business. From a simple central console, you can push installation of PSI to all of the company computers. Once PSI is in place, you can launch scans, evaluate results, and enforce patching.  The computers don’t have to be on the same network, and you can enable administrative control for up to five devices at no cost. Secunia hasn’t yet settled on a price for devices after the free five, but Maria Eriksen-Jensen, VP of Business Development and Marketing, said it would be less than five dollars per month.

“There’s sophisticated technology behind this product,” said Stengaard, “but from the user’s point of view it’s plain, simple, and automatic. Going forward we plan to add notifications, so you can learn about a critical problem without having to log in.  Secunia Small Business is available now as a public beta, free for anyone to try. During the beta period, you can connect with up to the maximum of 50 PCs at no cost. Release is expected in the second quarter.

Adobe Flash Security Update – February 2013

Users should update Adobe Flash when prompted to defend against new attacks in-the-wild

http://securitywatch.pcmag.com/adobe/308607-adobe-patches-flash-bugs-attackers-targeted-firefox-users

QUOTE: Adobe patched three new security flaws in its near-ubiquitous Flash Player, of which two were already being exploited in the wild. Attackers were specifically targeting Mozilla Firefox users, the company said. The two zero-day vulnerabilities, CVE 2013-0643 and CVE 2013-0648, were being exploited in targeted attacks where users were tricked into clicking on a link to a Website hosting malicious Flash files,  Adobe said in its security advisory released Tuesday. The company did not credit any organization or researcher who found the zero-day vulnerabilities, but credited IBM X-force for reporting the third security hole.

Targeted Attacks – Defense tactics for 2013

Trend Labs shares defensive approaches for targeted attacks where a specific group of users might be selected to compromise corporate security controls:

http://blog.trendmicro.com/trendlabs-security-intelligence/understanding-targeted-attacks-how-do-we-defend-ourselves/

QUOTE: Remember that even though we’ve come to accept that attackers have greater control, does not mean that we don’t have any of it. We do, and it is important to take note of that because using that control is highly critical in dealing with targeted attacks.

1. Control the Perimeter

2. Deploy Inside-Out Protection

3. Assume Intrusion and Act Accordingly