Security Protection – Harry Waldron MVP Rotating Header Image

February, 2014:

Facebook – protect your account from Rogue Browser Extensions

Facecrooks security shares this improved security approach

http://facecrooks.com/Internet-Safety-Privacy/how-to-protect-your-facebook-account-from-rogue-browser-extensions.html

QUOTE: Lately, we have noticed an alarming trend in how Facebook scams are being spread among users. Scammers will exploit every method and medium to disseminate their malware and mayhem. We have seen like-jacking, click-jacking & tag-jacking attacks, rogue applications, the abuse of Facebook messages and chat, browser exploits…you name it. The last couple of scams we have profiled use rogue browser extensions (sometimes called addons or plug-ins) to propagate on Facebook. This typically occurs by the scammer tricking users into downloading and installing what appears to be a theme, application or required plugin to watch an advertised video.

Facebook – improve security using Login approvals

Facecrooks security documents this 2 factor authentication approach

http://facecrooks.com/Internet-Safety-Privacy/How-Secure-Your-Facebook-Account-With-Login-Approvals.html/

QUOTE: Phishing scams are widely popular on Facebook. Cyber criminals relentlessly pursue ways and means to obtain Facebook usernames and passwords. These compromised accounts often send out spam or scam messages virally across the platform. Scammers can also data mine these accounts and their network of friends. This information can be used for identity theft or other targeted attacks.

Login Approvals is a two-factor authentication feature employed by Facebook. It’s an added layer of security that requires a code to be entered to complete the login process if the device isn’t recognized by Facebook. To access this setting, click on the gear icon located in the top right hand corner and then click on the ‘Settings’ link. Next, click on the ‘Security’ link located in the left hand column. You can also be taken directly to this screen by clicking here: https://www.facebook.com/settings?tab=security

Now all you have to do is click the ‘Edit’ link under Login Approvals and set everything up. If you use the Facebook mobile application, then you can also enable ‘Code Generator’ on this screen. Instead of sending you a text message with the secret code, the mobile Facebook application will generate a code for you to use.

Facebook – Purchases WhatsApp Messaging application

Articles related to Facebook’s purchase of the popular WhatsApp messaging system for $19 billion

http://money.cnn.com/2014/02/19/technology/social/facebook-whatsapp/

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Buys-WhatsApp-Privacy-Concerns-Arise.html/

QUOTE:  Facebook announced this week that it acquired popular messaging app WhatsApp for a stunning figure of $19 billion. The app is currently the most popular messaging app for smartphones, and boasts over 450 million users while adding an additional 1 million users every day. Of course, not everyone that uses WhatsApp is on Facebook, and some privacy advocates have expressed concern that Facebook will now have access to all of WhatsApp’s user data.

“Currently, WhatsApp can change terms and conditions at any time, without notifying users, which many people who use this service aren’t aware of. Meanwhile, Facebook already has a very broad copyright license on people’s content and already shares your data with many other services,” said St. John Deakins, the CEO of Citizenme, a group advocating for online privacy. “Now with Facebook buying WhatsApp, this could see more and more private information becoming part of Facebook’s database. From a personal data standpoint, this is extremely worrying.”

WhatsApp will be absorbed by Facebook and function as an autonomous unit within the company. Though it’s easy to doubt the site’s motives, it’s likely that Facebook simply saw the app as a massive growth opportunity. Facebook has obvious plans to expand its messaging services, and WhatsApp is a logical extension of their goals. However, for those WhatsApp users who aren’t comfortable living under the thumb of Facebook, it may be time to find another online messaging service.

AVAST – Mobile security requires constant protection

Smartphones can store highly sensitive information and must be constantly protected as noted in article.  Password protection, encryption, and other best practices should be used.

http://blog.avast.com/2014/02/26/mobile-security-your-best-protection-is-constant-protection/

QUOTE: More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.  Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkel’s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies;  and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.

Facebook – Music Theme scam circulating FEB 2014

Avast labs documents new fake them circulating that may lead to malware of loss of privacy

https://blog.avast.com/2014/01/23/facebook-music-theme-scam-hits-a-sour-note/

QUOTE: By now, we are all familiar with Facebook scams that claim to give your Newsfeed a designer look. Remember Facebook Red or Facebook Black? Those pretty themes ended up spreading spam and malicious links via online surveys and fake videos. Today, the AVAST Virus Lab experts discovered a unique variety– the Facebook Music Theme Scam.  The Facebook Music Theme Scam is supposed to change the theme and add a song to your Facebook page. But when our Virus Lab expert, Honza Zika, investigated, he got more than danceable music tracks, “What this code does is modify Facebook.  It automatically liked 32 photos, people, groups, … See my activity log, that is just half of it.”

RSAC: Trend Micro, McAfee, and Symantec score well in NSS Lab tests

NSS Labs shared recent test results of corporate products at the 2014 RSA conference

http://securitywatch.pcmag.com/security-software/321170-rsac-trend-micro-mcafee-and-symantec-best-in-nss-labs-test

QUOTE: Most of the tests and reports generated by NSS Labs are aimed at big companies, Fortune 500 domestically, Fortune 2000 worldwide. They help these enterprises choose the best next-generation firewalls, intrusion prevention systems, and so on. From time to time, they also put consumer-facing security products to the test. At the RSA Conference I sat down with Randy Abrams, NSS Labs Research Director to go over the latest results. The current report looks at how well nine popular security products handle socially-engineered malware. McAfee and Trend Micro earned the best overall score, with Norton so close behind that the difference isn’t statistically significant. These three were also the quickest to detect new threats.

RSAC – Windows 8 has Smart Screen Filter built into operating system

Windows 8 was found to be effective with URL smart screen filtering during recent NSS testing

http://securitywatch.pcmag.com/security-software/321170-rsac-trend-micro-mcafee-and-symantec-best-in-nss-labs-test

QUOTE: Microsoft Security Essentials was included in the test, but Abrams pointed out that Microsoft wants this product treated as a baseline. “If people are going to pay for a third-party product,” he said, “it had better outperform the baseline. Microsoft doesn’t want a monoculture; that doesn’t protect their brand. Even so, if people have no other antivirus MSE helps.”

One cool thing in Windows 8, they built the Smart Screen Filter right into the operating system,” he said. “Even if your browser is terrible at detecting bad URLs, it still works. They pulled it out of Internet Explorer, they’re not saying that you must use IE for protection. We had to turn it off for testing! It was too effective, 98 to 100 percent accurate. Dennis Batchelder and Joe Blackbird at Microsoft said we should leave it on, but we couldn’t do that and still test the antivirus.”

RSAC 2014 – Secunia advocates patching 3rd party products

 

Another beneficial security session from RSA conference as documented by PC Magazine:

http://securitywatch.pcmag.com/security/321109-rsac-hey-people-patch-your-programs

QUOTE:  Secunia’s free Personal Software Inspector tool checks all the software on your PC, identifies any programs that need updates, and helps you apply those updates. The company also gathers stats on vulnerabilities and publishes a yearly report. At the RSA Conference, Secunia’s CEO Peter Colsted and CTO Morten Stengaard went over the latest report with me.  “Overall, the majority of vulnerabilities are still in third-party programs,” said Stengaard. “The total number is increasing, with over 13,000 new ones in 2013 compared to an average of around 9,000 in previous years. The big increase is primarily driven by IBM. It’s still a huge problem, with over 2,000 vulnerable products.”

Stengaard noted that among the top 50 most commonly seen vulnerabilities, the most prevalent are non-Microsoft programs, even though the number of affected Microsoft programs is large. “Microsoft products are fairly well covered,” said Stengaard, “and people do tend to update.” (A recent study did show that keeping Windows patched is an important element of any security strategy). The report clearly shows vastly more vulnerabilities in the most popular browsers and PDF readers than in off-brands. “You can use whatever product you want, as long as you patch,” said Colsted. “If you know you’re not going to patch, you’re better off using a less common program.”

 

Social Engineering – Corporate Security breach in 20 minutes

This account illustrates how excellent acting skills and technological know-how can be combined into social engineering attack

http://securitywatch.pcmag.com/security/320913-hacked-in-20-minutes-social-engineering-done-right

QUOTE: How long would it take for an attacker to break into a business? Get on the corporate network as an authenticated user? If you think it would take a few days or even a few hours, you are way, way off.  Try 20 minutes.

It took David Jacoby, a senior security researcher with the Global Research and Analysis Team at Kaspersky Lab, three minutes to sneak into the building, four minutes to get network access, five minutes to get authenticated access to the network, and ten minutes to install a backdoor onto the corporate network. He was able to download and walk away with “gigabytes of data” from the company, he told attendees at last week’s Kaspersky Lab Security Analyst Summit. Jacoby was invited by a company come in and tests its defenses. As it turned out, he didn’t need any fancy hacks or zero-days to get through. It was all social engineering. “They spent so much money [on security], and I still got in,” Jacoby said.

Being Nice to Tailgaters – The company required employees to use a badge to enter and leave the building. Jacoby waited for other employees to go inside, and just hurried in after them. Most people want to be polite and will hold the door open if someone is going in at the same time—something most tailgaters take advantage of. Jacoby went a step further, in case the employee thought to ask to see the badge. He dressed up a bit to look a little managerial and held a cell phone up to his ear as if he was having a conversation with someone. As he was going through the door, he said, “I am right in the lobby. I will be up in a minute.”  No one will interrupt a phone call, and if you convey the impression that you are someone important heading off to meet someone important, most people won’t stop to question you, Jacoby said.

Next Step of Finding Connection – he went straight to the printer room, where there is invariably a network hub for the printer. He plugged his laptop into the hub and as easy as that, he was on the network. Getting on the network as a valid user took more talking than hacking. Jacoby found an employee sitting next door to the printer room and explained he was having trouble with the network. He asked if he could borrow the employee’s computer. When he sat down, the employee was still logged in, which meant he could do whatever he wanted on the network.  At this point, he installed a backdoor on the network, giving him full control. He no longer needed the employee’s computer or credentials.

Exploring Vulnerabilities – After getting access to the network, Jacoby found that the network was segmented incorrectly, so sensitive systems were easily accessible. He found outdated and vulnerable software. He also found 300 user accounts with passwords set to never expire. All these things made his job, as an attacker, much easier.  Think like an attacker. You will be surprised at just how vulnerable your organization may be.

RSAC 2014 – Patch Management improves security

Another informative talk in 2014 RSA conference

http://securitywatch.pcmag.com/security-software/321014-rsac-can-windows-updates-protect-against-malware

QUOTE: Are your PCs all configured for Automatic Update? If not, you’re risking more than just missing out on the latest version of Internet Explorer. At the RSA Conference, Simon Edwards, Technical Director of London-based Dennis Technology Labs, presented the results of a study showing that keeping Windows up to date seriously improves your security. Edwards noted that one obvious way to get even more protection is to patch significant third-party tools like Flash, Adobe, and Java. “If you kept those things up to date,” said Edwards, “the graph of improved protection in a patched system would be a lot higher. The bad guys specifically use toolkits that attack vulnerabilities in those third-party apps.” He noted that using a patch manager like Secunia Personal Software Inspector 3.0 can help.

Overall, 32 percent of the malware samples used in testing were neutralized by the simple act of fully updating the test systems. Those antivirus products with the lowest scores in the unpatched state naturally got the most benefit from patching. Does this mean you don’t need antivirus if you keep your system patched? Not at all! Think about the other 68 percent of malicious programs that were not stopped by patching. And if you want to know more, dig into the full report on the Dennis Labs website