Computer News & Safety – Harry Waldron Rotating Header Image

February, 2012:

Facebook – Users improve Privacy protection during 2011

Studies reflect a trend for improved privacy settings among Facebook users

Facebook – Users make improvements in Privacy protection
http://www.marketwatch.com/story/facebook-users-take-a-sharp-turn-toward-privacy-2012-02-21
http://facecrooks.com/Internet-Safety-Privacy/are-facebook-users-more-privacy-aware-now.html

QUOTE: A study of 1.4 million Facebook users shows a sharp rise in protecting personal information. The most notable statistic was the number of users choosing to hide their friend list. This figure rose over 200% during the 15-month period of the study. Further analysis revealed that women and higher income users were more apt to have stricter privacy settings. Here are a couple of fun Facebook facts from their research:

* In March 2010, 17 percent of users had their friends list hidden from public view. 15 months later this figure rose to 53%.

* Other profile information, such as, age, high school, graduation year, network, relationship, gender, interests, hometown and current city also were hidden more frequently. (12% in 2010 and rose to 33% in 2011)

Banking and Credit Cards – Keep your PIN protected

The 4 digit PIN number used for ATM processing should always be difficult to guess and not easily associated with the person. In review of 32 million PIN numbers the person’s birthday was the most common PIN setting.

Banking & Credit Cards – Keep your PIN protected
http://securitywatch.pcmag.com/security/294415-pro-tip-for-thieves-the-pin-is-in-the-wallet

QUOTE: So you’ve stolen a wallet. You’ve pocketed the cash, and now you’re standing at an ATM with your victim’s debit card and only a four-digit PIN standing in the way of the bounty. Four-digit numeric PINs aren’t impossible to guess, but at an ATM you only have, what, three guesses before the account is placed on lockdown?  According to some statistical math wizards at Cambridge University, your best bet is to enter the person’s birthday. The researchers modelled 32 million PIN numbers provided by 32 million PIN numbers provided by the RockYou gaming website breach in 2009, iPhone passcodes, and thousands of online surveys.

Android – Best Security Practices

PC Magazine highlights a great list of protective techniques:

Android – Best Security Practices
http://securitywatch.pcmag.com/security/294330-four-must-have-android-settings-from-a-security-expert

QUOTE: Any Android user concerned about securing the data on his device should make sure the following Settings are turned on:

1. Enable Lock Screens: Under Settings\Security. Enable Face Unlock, Pattern, PIN, and Password to increase physical security to the device. Slide doesn’t do much.

2. Disable USB Debugging: Under Settings\USB debugging. When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.

3. Enable Full Disk Encryption: Under Settings\Security. This will prevent even USB Debugging from bypassing the lock screen.

4. Maintain Device Up-To-Date: Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this, but when you are finally prompted to upgrade your operating system, do so. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

BONUS: Stick to official app stores. This is far less likely, but an attacker can also discover your PIN lock (which is necessary for him to root your phone) if you accidentally install a malicious app that records your personal data, including PIN. Most malicious apps are distributed through

Malware – New Trojan hijacks Windows DLL

Bitdefender documents a new trojan attack that embeds itself in a Windows DLL

Malware – New Trojan hijacks Windows DLL
http://securitywatch.pcmag.com/malware/294461-new-dropper-trojan-hijacks-critical-dll
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html

QUOTE: Bitdefender researchers have come across a new Trojan that uses a completely different technique. It patches COMRES.DLL so that whenever the DLL gets loaded it executes the malware code. The malware may not get launched the very minute Windows boots up, but it only has to wait until a browser, communications application, or network tool launches COMRES.DLL.

Of course this shouldn’t be possible; Windows shouldn’t permit modification of a critical DLL. However, Bitdefender’s team found that it does. The threat also makes use of a simpler technique that takes advantage of the way Windows programs load DLLs. In many cases, putting a same-named DLL in the same folder as the victim application will cause it to load the changeling DLL rather than the valid Windows file.

Bitdefender provides more details on this new threat:
http://www.malwarecity.com/blog/newly-found-dropper-skirts-startup-list-by-hijacking-critical-dll-file-1256.html

Apache 2.4 Security Features for new version

The ISC and Apache highlight security features in the latest release

Apache 2.4 Security Features for new version
http://isc.sans.edu/diary.html?storyid=12643
http://httpd.apache.org/docs/2.4/new_features_2_4.html

QUOTE: The Apache Foundation released version 2.4.1 of its popular web server, including a number of interesting changes. Among the features, I would like to highlight some of the security relevant changes:

– More granular logging
– Various changes to timeouts
– Changes to the proxy configuration
– Apache now includes a “mod_session” that will have Apache take care of sessions
– Mod_ssl has been improved to allow it to check for invalid client certificates via OCSP.

IRS – Top Tax Scams for 2012

Please be careful when processing taxes online to ensure that security controls, privacy, and confidentially are well maintainged

IRS – Top Tax Scams for 2012
http://www.networkworld.com/news/2012/021712-irs-dirty-dozen-256313.html
http://www.networkworld.com/news/2011/060211-irs-top-10.html

QUOTE: The Internal Revenue Service this week issued its annual “Dirty Dozen” ranking of tax scams the agency says tend to surface around tax season each year. “Taxpayers should be careful and avoid falling into a trap with the Dirty Dozen,” said IRS Commissioner Doug Shulman in a statement. “Scam artists will tempt people in-person, on-line and by e-mail with misleading promises about lost refunds and free money. Don’t be fooled by these scams.”

Network World Evaluation – Nook Tablet vs. Kindle Fire

Two excellent products are reviewed by Network World as noted below:

Network World – Nook Tablet vs. Kindle Fire
http://www.networkworld.com/news/2012/022112-nook-kindle-fire-256394.html

QUOTE: While there are some minor differences in the tablets’ overall specifications, the real differences come down to what extra goodies you get from Amazon and Barnes & Noble, such as cloud storage and digital newsstands. In this article we’ll break down the similarities and differences between the Nook and the Kindle Fire and deliver a verdict on which tablet is most worthy of your hard-earned $199.

Hardware: Have we mentioned that these two tablets are very, very similar? Well, they are. The Nook Tablet has 8GB of internal storage and a 1GHz TI OMAP4 dual-core processor. The Kindle, in contrast, features … 8GB of internal storage and a 1GHz TI OMAP4 dual-core processor! The biggest difference hardware-wise is the significant improvements in battery life that B&N is promising to deliver with the Nook. So while the Kindle Fire delivers just eight hours of reading time and 7.5 hours of video time on the Kindle Fire even when the Wi-Fi is turned off, the Nook promises 11.5 hours of reading time and nine hours of video. Not too shabby!

Size and weight: The Nook and the Kindle Fire feature identical 7-inch display screens with resolutions of 1024×600 pixels. The Nook’s weight of 14.1 ounces is ever-so-slightly lighter than the Kindle Fire’s 14.6 ounces. All in all, though, this comes up as a push.

Operating system: They both run on modified versions of Android 2.3 (“Gingerbread”). There’s been no word yet on when either device will get upgraded to either Android 3.0 (“Honeycomb”) or Android 4.0 (“Ice Cream Sandwich”), both of which are optimized for the tablet form factor.

Price: As mentioned before, both tablets will set you back $199 so pricing comes out as yet another push.

Extra goodies: Finally! A clear, definable difference between these two cheapie Android tablets!

Mozilla Firefox version 10 release

New release and a recent patched version available

Firefox Version 10 – Home
http://www.mozilla.org/en-US/firefox/new/

Firefox Version 10 – Release Notes
http://www.mozilla.org/en-US/firefox/10.0.1/releasenotes/

Microsoft Security Bulletins – February 2012

This special release on Valentine’s Day addresses several security vulnerabilites. Corporate and home users should quickly apply these changes

Microsoft Security Bulletin Summary for February 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-feb

ISC Analysis (always a great resource)
http://isc.sans.edu/diary.html?storyid=12586

Trend Micro Analysis
http://blog.trendmicro.com/microsoft-sends-love-on-february-patch-tuesday-with-nine-advisories/

QUOTE: Microsoft addresses 23 vulnerabilities on the 14th of February. The software giant released nine bulletins and fixed critical flaws in Internet Explorer, an error in a runtime library which can be targeted through Windows Media Player, and flaws in the Windows kernel. Four out of the nine bulletins were tagged as Critical by Microsoft

Symantec – Free Parental Android Application

Symantec Releases Free Parental Monitoring App for Android
http://securitywatch.pcmag.com/none/293842-symantec-releases-free-parental-monitoring-app-for-android

QUOTE: If you worry about your children’s Internet habits, you have to consider their mobile Internet habits as well. Fortunately Symantec has just released a free mobile parental control app for Android called Norton Safety Minder, which you can download from the Android Market. It’s free to use after you sign up for a Norton Online Family account, a free parental control suite for desktops.  Norton Safety Minder lets parents openly track and block websites their children access on an Android device, similar to McAfee Family Protection. It does so by attaching itself to the default browser in their child’s mobile device and blocking sites based on an age category or customized list. Your child will not be able to use any other browser