Security Protection – Harry Waldron (WP) Rotating Header Image

Malware – Fake TOR Browser circulating to Apple users

A Fake TOR Browser touted to improve security is circulating to Apple users.  As article reflects it will infect vulnerable systems with adware and other malicious agents.

QUOTE: Concerned about online tracking and eavesdropping? Considering TOR? If so, don’t download the iOS app for the Tor Browser from Apple’s App Store. It appears the Tor Browser app for iOS devices is fake, and “full of adware and spyware,” according to a support ticket opened two months ago by “Phobos,” a volunteer with the Tor Project. “Tor Browser in the Apple App Store is fake,” Phobos wrote on the ticket, adding, “We should have it removed.”  It appears from the ticket that Tor Project officials notified Apple of the fake app in December, and Apple said it would give the developer a chance to defend the app. Even though other users have filed complaints, the app remains available on the App Store, and other Tor users and volunteers have expressed their frustrations on the ticket and elsewhere online.

AV TEST – Windows 7 x64 – FEB 2014 review

New Chinese AV Vendor QIHoo, Kaspersky, and Bitdefender recorded perfect scores in latest tests for Windows 7 64 bit O/S as noted in review AV-TEST review.

QUOTE: Chinese Antivirus Qihoo 360 Earns Top Score in Independent Test. Last time around, Qihoo earned 5.5 points in each category, for a total of 16.5. This time it took a perfect six of six points for protection, and usability, raising that score to 17.5 of a possible 18. Bitdefender and Kaspersky tied that score. McAfee, Norton, and Trend Micro came very close, with 17 points each.

Laptops and Mobile devices – Hotels hold lost items briefly

An interesting article notes that hotels may only retain lost items for short period of time and dispose of electronic items in a variety of ways

QUOTE: We’re all human, and humans forget things. And as previously discussed on this bog, laptops are commonly lost. And while one cannot really blame hotels for discarding lost devices that are cluttering their storage rooms (if no one claims them after a reasonable period of time, of course), the survey reminds us all that our laptops could literally end up anywhere. IT and security pros need to deploy full disk encryption technologies to protect the information on these devices, and they need to establish policies that do not interfere with how people work but protect any data on the device if it is lost or stolen.

Privacy – Unlike passwords SSN cannot be changed

PC Magazine shares excellent security awareness that static identifiers like SSN or birthdates can never change and must be protected from criminals.

QUOTE: When an online shopping site suffers a data breach, you’ll get a warning to change your password. If your bank is hacked, they’ll send you a new credit card. The real problem occurs when a business authenticates you using personal data that can’t be changed, like your SSN or birthdate. A new whitepaper from NSS Labs examines the use of static and dynamic information for authentication, and offers businesses advice for improving security.

Static Data – The SSN was never meant as a personal identifier. The report notes that the equivalent identifier in the UK is never used for authentication. Once your SSN is revealed in a breach, it’s forever compromised. And that’s a problem. Some businesses attempt to protect customers by storing only the last four digits of the SSN. It turns out that this isn’t very effective. The first five digits aren’t random; they’re based on when and where you first applied for your SSN. A research project from five years ago analyzed data from the government’s “Death Master File” and devised an algorithm to predict those first five digits.

Malware – Crigent “Power worm” infects Office documents

Trend Labs warns of this new threat which uses PowerShell scripts to infect Word and Excel documents

QUOTE: Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as “Power Worm”) which brings several new techniques to the table. (We detect these files as W97M_CRIGENT.A and X97M_CRIGENT.A.).   Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell to carry out its routines. PowerShell is a powerful interactive shell/scripting tool that is available for all current versions of Windows (and is built-in from Windows 7 onwards); this malware carries out all its behavior via PowerShell scripts. IT administrators that are normally on the lookout for malicious binaries may overlook this, as malware using this technique is not particularly common.

This particular threat arrives as an infected Word or Excel document, which may be dropped by other malware or downloaded/accessed by users. When opened, right away it downloads two additional components from two well-known online anonymity projects:  the Tor network, and Polipo, a personal web cache/proxy.  Using the installed Tor and Polipo software, it accesses its command-and-control server. The URL it uses contains two GUIDs.

Adobe Flash Player security update for March 2014

During mid-March, Adobe released an important update for Flasher player

QUOTE: Adobe Flash Player, released for Mac and Windows, is now available for download. Adobe has also released Adobe Flash Player for Linux. These updates address two vulnerabilities, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

Malwarebytes version 2.0 – improved GUI & features

PC Magazine reviews Malwarebytes version 2.0, which is excellent tool with improved user interface, built-in rootkit detection, and thorough malware scanning capabilities.

FULL REVIEW – Malwarebytes Anti-Malware 2.0  (Editor’s Choice – free product),2817,2455505,00.asp

QUOTE: After ten years of version 1.x, Malwarebytes has finally released version 2.0. The powerful malware-fighting tools are all still there, but the package is a lot better looking. A new dashboard page displays security status; if anything isn’t right, you just click Fix Now. And you can track progress of updates and scans right in the dashboard. Rootkit detection, once a separate component, is now integrated. A variety of other once-awkward mechanisms have been streamlined for ease of use. It’s quite an improvement. Want to know more? Read my full review. Malwarebytes remains our Editors’ Choice for free, cleanup-only antivirus.

Facebook – Financial Pyramid scheme shutdown by SEC

The SEC recently stopped a financial scam where Facebook and other sites were utilized

QUOTE: The Securities and Exchange Commission took emergency action against an alleged fraudulent pyramid scheme promoted on Facebook and Twitter. A federal court gave the SEC a court order to freeze the accounts held by Fleet Mutual Wealth and MWF Financial, doing business as Mutual Wealth. The SEC claims Mutual Wealth has “been exploiting investors” using social media including Facebook and Twitter. Investors were promised returns of 2% to 3% a week, the SEC says, by using an investment strategy that “invests into securities for no more than a few minutes.”

Facebook – DeepFace software improves Facial recognition in photos

Facebook has introduced new software to improve facial recognition

QUOTE: Facebook owns the world’s largest photo library, and it now has the technology to match almost all the faces within it.   Facebook announced last week that it has developed a program called “DeepFace,” which researchers say can determine whether two photographed faces are of the same person with 97.25 percent accuracy. According to Facebook, humans put to the same test answer correctly 97.53 percent of the time — only a quarter of a percent better than Facebook’s software.


Facebook – Spam controls for newly installed applications

When special Facebook applications are installed they may email friends and contacts excessively.  These links provide helpful controls:

QUOTE: That’s why Business Insider published a valuable blog post this week telling readers how they can stop their Facebook apps from spamming their friends. First, open your Facebook page and click on the “Settings” button in the upper right-hand corner of the browser window. Next, click on the Apps tab underneath “General Account Settings.” From there, you can control all facets of your apps, including who can see them, what they can do, and whether or not you want to keep them at all. You can also click the “X” button next to the option for apps to “Post on your behalf.” This will effectively prevent your apps from spamming your friend list.