Computer News & Safety – Harry Waldron Rotating Header Image

June 12th, 2012:

Facebook – Privacy Notice Hoax circulating

Facecrooks security highlights a new hoax actively in circulation.  Users are often invited by friends to post these notifications on their Facebook wall. While valid, it does little to actually protect users.  The link at bottom is instead a better way to stay safer online.

Facebook – Privacy Notice Hoax circulating
http://facecrooks.com/Scam-Watch/privacy-notice-warning-any-person-and-or-institution.html

QUOTE: Countless Facebook users are posting the following warning to their profiles and often encouraging their friends to do the same:  PRIVACY NOTICE: Warning – any person and/or institution and/or Agent and/or Agency of any governmental structure including but not limited to the United States Federal Government also using or monitoring/using this website …

The best thing you can do to protect your privacy on Facebook and the Internet in general is to take responsibility for yourself. Use the privacy controls and account settings built in to the platform and be sensible about what information you post online in the first place.   For more information on how to configure your account and privacy settings appropriately, see our guide:

How to Lockdown Your Facebook Account For Maximum Privacy and Security

GRC Password Testing Tool – make Haystack bigger to better hide the needle

PC Magazine shares a new Password Strength Testing Tool from Gibson Research

GRC Password Testing Tool – make Haystack bigger to better hide the needle
http://securitywatch.pcmag.com/hacking/298891-how-to-make-strong-passwords-stronger

QUOTE: If your password is a common word or phrase, the bad guys won’t have any trouble guessing it. That’s just a fact of life. If you’ve taken care to use a seemingly random collection of various types of characters, the time to crack it by brute force totally depends on the size of the “search space.” Gibson Research’s “Haystack Calculator” will analyze your password and estimate the time needed to crack it.

GRC Password Strength Testing Tool
https://www.grc.com/haystack.htm

Adobe – June 2012 Flash Security update

Adobe has released recent updates to better protect Flash along with beneficial improvements for the Firefox 13 browser

https://isc.sans.edu/diary.html?storyid=13417
http://www.adobe.com/support/security/bulletins/apsb12-14.html
http://blogs.adobe.com/asset/2012/06/inside-flash-player-protected-mode-for-firefox.html

QUOTE: New Flash updates have been released today.  In addition to this there have been some good changes for flash on Firefox with the addition of the sandbox.  More info on the sandbox and a good explanation can be found in the blog entry above.

Microsoft – Special CERT update to address misuse by Flame Malware

This out-of-band emergency update mitigates Certificate Authority manipulation by the Flame Malware attacks circulating primarily in middle eastern countries.

https://isc.sans.edu/diary.html?storyid=13366
http://technet.microsoft.com/en-us/security/advisory/2718704
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

QUOTE: Microsoft just released an emergency bulletin, and an associated patch, notifying users of Windows that a “unauthorized digital certificates derived from a Microsoft Certificate Authority” was used to sign components of the “Flame” malware. The update revokes a total of 3 intermediate certificate authorities:

* Microsoft Enforced Licensing Intermediate PCA (2 certificates)
* Microsoft Enforced Licensing Registration Authority CA (SHA1)

Facebook – Enable Dislike Button Scam

Facecrooks security warns of this new scam actively circulating

Facebook – Enable Dislike Button Scam
http://facecrooks.com/Scam-Watch/enable-dislike-button-facebook-scam.html

QUOTE:  Enable Dislike Button — (sent as a Facebook notification or message)

Scam Type: Rogue Application, Rogue Browser Extension

Trending: June  2012

Why it’s a Scam:  Clicking the spam link takes you to the following page:  Clicking the “Enable Dislike” button loads the following application login screen.  If you choose to “Log in With Facebook,” the app creator will have access to your basic profile information. The following pop-up loads. This is how the spam message is spreading on Facebook.