Archive for June, 2012

Facebook – Employers may review unprotected profiles

A good security awareness article regarding the need to secure profile information and be careful with information that is posted.

Facebook – Employers may review unprotected profiles
http://www.securitynewsdaily.com/2001-personal-secrets-facebook.html

QUOTE:  Whether you’re looking for a job, or already have one, there’s one thing you can be sure of: It’s not only your Facebook “friends” who are looking at your social media profile  Those doing the hiring freely admit they search potential job candidates’ Facebook profiles. If you think your current co-workers, employees or boss aren’t stopping in for an undetected peek at your profile every so often, you’re deluding yourself.  “So what?” you think. “There’s nothing on my Facebook profile that I’m ashamed of.” Are you sure? You might be surprised how much of what’s on your Facebook page is inappropriate for work.

Here are just a few of the things you’re revealing about yourself that you might not have considered.

1. Your age. Even if you didn’t use your real age when you signed up for Facebook, it’s pretty easy to figure out.

2. Your political beliefs. Anyone with a little common sense knows that talking politics at work is a bad idea, but anyone checking out your Facebook page could probably pretty easily figure out where you stand.

3. Your personal life. What’s the point of putting on a power suit for work if everyone in your office can see photos of you in your pajamas on Christmas morning on your Facebook page?

4. Your childhood. those photos your mom keeps posting of you as a kid in the bathtub are cute, too. While they’re not exactly blackmail material, there’s little doubt they’ll help undermine your efforts to command much respect around the office.

5. Your religious beliefs. What you believe is no one else’s business. But that doesn’t mean they won’t hold it against you.

6. Your work alliances. Even if you think you’re good at playing office politics, odds are your Facebook page tells the real truth about who you like and who you don’t.

Password Attacks – Several websites comprised during June 2012

Trend Micro shares an awareness of the need to have unique and strong passwords to help mitigate on-going website attacks.

Password Attacks – Several websites comprised during June 2012
http://blog.trendmicro.com/password-insecurity-revisited/

QUOTE: The month of June is turning into a very bad month for password security. Last week three major sites – Linkedin, eHarmony, and last.fm – all suffered from major leaks that put millions of user passwords online. Earlier this week, it was revealed that the game League of Legends has also suffered its own flaw which put customer data – including passwords – out into the open.  What have we learned about password security from these incidents? That people are still using woefully insecure passwords. Too many people are still using frightfully short passwords like 1234, or words that are too short/guessable (examples would be job or linkedin).

Celebrating 35 years in insurance profession

On June 6, 1977, I started as a Sr. Programmer/Analyst for Atlantic Mutual Insurance Companies.  I became a Project Manager in 1979 and worked in a number of job roles, including our initial implementation of IBM PCs in 1981 (management of project, training new users, etc).  I started with Microsoft DOS 1.1 and have been using PCs on a daily basis since then.  I currently work for another company in supporting an automated Commercial Lines policywriting system.  However, I continue to work in the same building that I started my early career in the industry (as the other company purchased the data center).  I am greatful for the opportunities to learn and put these skills to work over time in providing for my family.  All professionals need continuing education and that has been beneficial in a professional that is constantly changing.

Android – Fake Security application is Mobile Zeus malware

Fake Android Security App is Mobile Zeus Malware in Disguise
http://securitywatch.pcmag.com/none/299291-fake-android-security-app-is-mobile-zeus-malware-in-disguise

QUOTE: A new variant of the Zeus banking malware is masquerading as a security app in order to lure users trying to protect their Android devices from…malware.  The fake security app, called the Android Security Suite Premium, is actually the latest Zeus malware, Denis Maslennikov, a Kaspersky Lab researcher, wrote on SecureList on Monday. Once Android Security Suite Premium is installed on the mobile device, it displays a blue shield icon on the menu and a fake “activation code” when executed, according to the blog post. The app first appeared in early June, and there are at least six different versions.

The malicious app can intercept incoming text messages and forward them to remote command-and-control servers. Depending on the user, the messages could include sensitive data, such as password reset links or even one-time passwords. Any of the six C&C servers could send instructions to the app to uninstall  itself, collect and transmit system information, and installing other malicious applications.

Android – Top five malware attacks detected in the wild

Sophos has published the top five malware attacks circulating for the Android smartphone

Android – Top five malware attacks detected in the wild
http://nakedsecurity.sophos.com/2012/06/14/top-five-android-malware/

QUOTE: The release of a brand new version of Sophos’s free anti-virus for Android (it actually does much more than just anti-virus, hence our marketroids call it Sophos Mobile Security) makes this an opportune time to update users on the Android malware landscape. SophosLabs has examined the stats produced by installations of Sophos Mobile Security, which is now being used on Android smartphones and tablets in 118 different countries around the world – and it’s making for interesting reading about which malware is being most frequently encountered on the platform.

These malicious apps can send and read SMS messages, potentially costing you money. In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged a fee for using premium rate services it has signed you up for.

1. Andr/PJApps-C. When Sophos Mobile Security for Android detects an app as Andr/PJApps-C it means that we have identified an app that has been cracked using a publicly available tool. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.

2. Andr/BBridge-A. Also known as BaseBridge, this malware uses a privilege escalation exploit to elevate its privileges and install additional malicious apps onto your Android device. It uses HTTP to communicate with a central server and leaks potentially identifiable information.

3. Andr/BatteryD-A. This “Battery Doctor” app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.

4. Andr/Generic-S. Sophos Mobile Security generically detects a variety of families of malicious apps as Andr/Generic-S. These range from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.

5. Andr/DrSheep-A. Remember Firesheep? The desktop tool that can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment? Andr/DrSheep-A is the Android equivalent of the tool.

Apple iOS6 improves iPhone and iPad application security

Apple will be implementing new security controls for apps as noted in the following link:

Apple iOS6 improves iPhone and iPad application security
http://www.securitynewsdaily.com/1988-apple-ios-6-iphone-ipad-security.html

QUOTE:  The next version of Apple’s mobile operating system, iOS 6, will request explicit permission before allowing third-party applications to access user information. It’s a privacy upgrade that could benefit Apple’s hundreds of millions of iPhone and iPad customers.  In the new iOS 6, Apple will force apps to get user permission before accessing Contacts, Calendars, Reminders and Photos, MacRumors reported. The enhanced security feature, outlined in the “Data Privacy” section of Apple’s iOS 6 Release Notes, was announced at the company’s Worldwide Developers

MS12-037 patch protects against New IE based exploits circulating

The Microsoft Security Updates for June 2012 contain an important Internet Explorer fix that the ISC rates as “Patch Now”.  As new exploits are circulating, it is important to ensure users are up-to-date on all security updates

MS12-037 patch protects against New IE based exploits circulating
http://www.msnbc.msn.com/id/47875298/ns/technology_and_science-security/
http://nakedsecurity.sophos.com/2012/06/19/ie-remote-code-execution-vulnerability-being-actively-exploited-in-the-wild/
http://www.securitynewsdaily.com/1954-microsoft-security-bugs.html

QUOTE:  A critical Internet Explorer vulnerability, announced and patched by Microsoft in June’s Patch Tuesday, is being exploited in the wild.  The vulnerability is CVE-2012-1875 (don’t expect any detail – this link is just boilerplate stuff), patched in MS12-037.  SophosLabs has seen numerous attempts to exploit this vulnerability (Sophos products detect it as Exp/20121875-A).  Cunningly-crafted JavaScript code – which can be embedded in a web page to foist the exploit on unsuspecting vistors – is circulating freely on the internet.

ZeroAccess malware – deletes itself using an innovative technique

F-Secure highlights new removal process used by ZeroAccess malware

ZeroAccess malware – deletes itself using an innovative technique
http://www.f-secure.com/weblog/archives/00002385.html

QUOTE: We normally see malware developing and evolving over the years. One particular malware we’ve been following is ZeroAccess, which has been continuously improving which we first detected it in late 2010. Case in point: in the latest samples, its self-deletion routine has changed.  This is a simple Windows batch file ZeroAccess used to use to remove itself after execution, as a fast and simple way to hide any traces of its presence from the user. Lots of other malware use this batch file self-deletion method. Recently though, it looks like ZeroAccess wants to be a bit more different and make things more complicated for analysts.

Facebook – Simple Security Tips now highlighted for Users

Facecrooks Security notes this recent development is a legitimate link where Facebook is sharing basic security tips with it’s user community.

Facebook – Simple Security Tips now highlighted for Users
http://facecrooks.com/Internet-Safety-Privacy/facebook-is-rolling-out-security-tips-to-users.html

Facebook – More details on Security settings
https://www.facebook.com/help?page=203917589649396

QUOTE: If you see a link at the top of your Facebook page to ‘simple security tips,’ don’t be surprised or alarmed that it could be a scam. Facebook has created a page with some common sense security tips, very much like the ones we often release. The resource page contains a short video from a member of Facebook’s Security team, and the following top three tips shown below:

1.Know how to spot a scam — If an offer looks too good to be true, it probably is. Think twice before you click on a link for free airline tickets or other common scams.

2.Choose a one-of-a-kind password — Is your Facebook password different than your email password? If not, please reset your password today.For more password related security tips see our article: The Top Ten Commandments of Password Protection.

3.Confirm your mobile number — If you forget your password, we’ll be able to text you a new one. To make sure we can reach you, confirm your mobile number. We often encourage our readers to enable login approvals, so that even if your Facebook password is compromised the hacker will need a code sent via text message to access your account.

Microsoft Security Updates – June 2012 (critical IE patch)

Please note that the Internet Explorer MS12-037 update is rated as “PATCH NOW” by the ISC and is being actively exploited in the wild. 

Microsoft Security Updates – June 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jun

Microsoft Security Updates – June 2012
(excellent analysis by ISC)
https://isc.sans.edu/diary.html?storyid=13453