Computer News & Safety – Harry Waldron Rotating Header Image

July, 2012:

Bogus Facebook Offer pages designed to capture email addresses

Facecrooks security provides an awareness of fake “Facebook Offer” pages designed to collect email and other senstive information.  These ressemble legitmate advertising offers and the article shares ways to better affirm whether they are valid or not.  

How Scammers Can Use a Bogus ‘Facebook Offer’ to Obtain Your Email Address
http://facecrooks.com/Scam-Watch/how-scammers-can-use-a-bogus-facebook-offer-to-obtain-your-email-address.html

QUOTE: Recently, Facebook introduced ‘Facebook Offers’ for page owners. This allows businesses to create special offers and then post them to their Facebook page. All users have to do is click ‘Get Offer,’ and they will be emailed the details on how to claim it.  One thing you should be aware of is that as soon as you click the ‘Get Offer’ link, your name and email address is immediately shared with the Facebook page conducting the offer. Personally, I think it would be better if you received a notification that your information is going to be shared, and then given the option to proceed.

Password Analysis from recent security breaches

Recently hackers breached security in a number of websites and disclosed a number of passwords.  Users continue to pick weak and popular passwords that could compromise their online security.  Giving passwords more thought in creating complex ones, plus a good systematic way of remembering them can help improve security, (even as a friend does in writing them down and putting into his wallet).  Also, don’t use the same password on all websites.  Often folks use the same password for Facebook and their email account, and thus discovery of a password to one resource can lead to compromises of other resources.

Password Analysis from recent security breaches
https://isc.sans.edu/diary.html?storyid=13720

QUOTE: Looking at the top 10 passwords and the top 10 base words, we note that some of the worst possible passwords are right there at the top of the list. 123456 and password are always among the first passwords that the bad guys guess because for some reason we haven’t trained our users well enough to get them to stop using them.

Top 10 passwords
123456 = 1667 (0.38%)
password = 780 (0.18%)
welcome = 437 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Top 10 base words
password = 1374 (0.31%)
welcome = 535 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
sunshine = 367 (0.08%)

Password length (count ordered)
8 = 119135 (26.9%)
6 = 79629 (17.98%)
9 = 65964 (14.9%)
7 = 65611 (14.82%)
10 = 54760 (12.37%)
12 = 21730 (4.91%)
11 = 21220 (4.79%)
5 = 5325 (1.2%)
4 = 2749 (0.62%)
13 = 2658 (0.6%)

Physical Security – Lost devices in airports

This article notes caution when traveling to not misplace or forget equipment. While there are expenses associated with lost items, the information contained on them could compromise corporate security controls.

Over 8,000 Laptops, Smartphones, Tablets, USB Drives Lost in Airports
http://securitywatch.pcmag.com/none/300014-over-8-000-laptops-smartphones-tablets-usb-drives-lost-in-airports

QUOTE: Traveling this summer? Know where your mobile device is at all times, Credant Technology advises.  Travelers left their wireless devices behind at “alarming rates” across the seven airports included in a recent airport survey—Chicago, Denver, San Francisco, Miami, Orlando, Minneapolis-St. Paul, and Charlotte— according to the second annual report from Credant Technologies. Researchers found 8,016 total lost devices in major airports, and security checkpoints were the most common place to misplace mobile devices, according to the report. Restrooms was another common area.

Of the devices misplaced in the airport, 43 percent were laptops and 45 percent were smartphones and tablets, according to the report. The remaining 12 percent were USB drives. Just a little half, or 52 percent, of the devices are returned to their owners, Credant said. If they are not claimed, airports overwhelmingly donated them to charity or sold them at public auctions.

Facebook – New Multiple Accounts Warning

As documented by Facecrooks security, Facebook is warning users with possible multiple accounts in advance.  Controls could be more rigidly enforced in the future.

Facebook – New Multiple Accounts Warning
http://facecrooks.com/Internet-Safety-Privacy/warning-our-systems-detected-you-have-multiple-accounts-nothing-to-worry-about-yet.html

QUOTE: Several Facebook users have reported receiving the following warning message from Facebook.

“It looks like you have more than one account on Facebook. Facebook is a community where people use their real identities so you always know who you’re connecting with. Maintaining multiple accounts is a violation of our Terms and could result in all of your accounts being disabled. Please remove this account and help us keep Facebook safe and enjoyable for everyone.”

This warning has been causing quite a stir today! Many users are worried that they will be losing their accounts, and many stated that they don’t have multiple accounts at all. It seemed rather odd that so many were receiving this message all of a sudden, so we reached out to Facebook to see if we could get an explanation.   We received the following message from Facebook a short while ago explaining what is going on:

“We are currently testing a system that warns users who have opened multiple accounts, we are not taking any action on these users for the time being so there’s no need for anyone to worry. We are iterating on this system to be more accurate and are only notifying possible violators.”

Windows 8 – October 2012 Release Announcement

Microsoft has targeted availability of Windows 8 for the end of October as noted below:

Windows 8 – October 2012 Release Announcement
http://www.thestreet.com/story/11609705/1/microsoft-confirms-windows-8-availability.html

QUOTE: Speaking at Microsoft’s Worldwide Partners’ Conference in Toronto, Tami Reller, the CFO of Windows and Windows Live, said that consumers can get their hands on the product by the end of October. The software, she explained, will release to manufacturers (RTM) during the first week of August. Microsoft is busily adding flesh to the bones of its Windows 8 strategy. Last week, the software giant confirmed that it will cost users just $39.99 for Windows 8 Pro if they upgrade from a previous version of Windows.

Windows 8 Team Blog – October 2012 Release
http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/07/09/upcoming-windows-milestones-shared-with-partners-at-wpc.aspx

DNSChanger Internet Client Shutdown – Most users will not be impacted

The media is sharing a need for users to ensure their computers are not infected with the DNSChanger malware agent.  However, this has been overly sensationalized and exaggerated, and some folks are panicking.  The FBI will be turning off Internet services for computers infected by the DNSChanger malware which impacts a very small percentage of total Internet users.  The ISC publishes an excellent and realistic write-up on this scope of possible infections.

DNSChanger Internet Client Shutdown – Most users will not be impacted
https://isc.sans.edu/diary/The+FBI+will+turn+off+the+Internet+on+Monday+or+not+/13630

QUOTE: This new item led to a flood of news reports, which IMHO blow the entire affair out of proportion (the headline to this diary entry pretty much reflects a discussion I had today with a non technical person responding to one of these articles).  In short: Don’t worry. There are estimates of 250,000 infected systems based on data from the DNS changer working group. There are about 2,000,000,000 internet users. So about 0.01% of internet users are infected. In other words: Very few. People who have disregarded warning banners, phone calls from ISPs, AV warnings, and other notification attempts. They probably should be disconnected from the Internet.  Lastly: Tell people to go to dcwg.org (short for DNS Changer Working Group.org). It has a little test to tell you if you are affected or not. It also got a lot of first hand information about this malware.

 

 

Disaster Recovery – Five key tips for a successful plan

We are still recovering in our region one week later from the recent Derecho event. 

Five great DR tips are shared in this related article to facilitate future planning:

Disaster Recovery – Five key tips for a successful plan
http://washingtontechnology.com/articles/2012/07/02/recovery-tips-for-storms.aspx

QUOTE: A five-point plan for strategic disaster recovery can help you capture everything that you need to consider quickly and efficiently.

1. Communications – An effective disaster recovery plan is one that is understood and does not require a team of experts to interpret.

2. Business Process – A proficient disaster recovery plan anticipates different levels of risks inside and outside the enterprise and the inter-dependencies between people, technology, and external conditions beyond normal operational control.

3. Technology Risks – Remember that the restoring data only works if your original backup is actually validated and constantly checked for errors.

4. People Relocation – Be prepared to enable your staff to physically relocate quickly and efficiently to an alternate facility to ramp up operations in times of emergency, and account for external conditions such as weather, transportation, and power outages.

5. Keep It Simple – Finally, remember that if your plan is longer than several pages, it is likely to be misinterpreted by someone, hence, making your data center vulnerable to information

Disaster Recovery – Derecho on June 29, 2012 was wakeup call

On June 29, 2012, one of the top storms of a lifetime roared through our area and even a week later there are numerous power outages.  Our power company noted that the 90 high power transmission lines are not something that is easily fixed with a bucket truck. The article below notes that this “storm of the century” is a wake up call to brush the dust off our DR and Contingency planning manuals and always be prepared for the worse.     

Storms of June 29th 2012 in Mid Atlantic region of the USA
https://isc.sans.edu/diary.html?storyid=13600
http://en.wikipedia.org/wiki/June_2012_North_American_derecho

QUOTE: On June 29th 2012 a severe windstorm reffered to as a derecho tore through the Midwest and MidAtlantic regions of the US. Over 1,750,000 homes and businesses were left without electricity. Datacenters supporting Amazon’s AWS, Netflix and other large organizations were taken offline, and there were several deaths reported. I work for a company with a NOC and primary data-center in the path of the storm. A number of events took place. With day time temperatures near 108F and the windstorm coming through the battery on the backup generator powering the data-center cracked and was not able to start the generator.

So on to old lessons learned – geographic redundancy is desirable, document everything in simple accessible procedures, some physical servers may be desirable, such as DHCP, and AD. Keys services such as RADIUS must be available from multiple locations. Securely documenting addresses and passwords in an offline reachable manner is essential as well as documenting system startup procedures. Some new to me lessons learned are a little more esoteric. Complacency is a huge risk to an organization. Our company is undergoing a reorganization that is creating a lot of complacent and lackadaisical attitudes. It is hard to fight that.

Apple OS X – New MaControl variant in wild

Apple Mac users should be careful with these new targeted and sophisticated attacks

New OS X trojan backdoor MaControl variant reported
https://isc.sans.edu/diary.html?storyid=13612
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
http://www.securelist.com/en/blog/208193616/New_MacOS_X_backdoor_variant_used_in_APT_attacks

QUOTE: Kaspersky has reported that a new previously undetected variant of the MaControl backdoor is being used in the wild. The malware arrived as an email attachment, and if installed connect to a C&C server. More information on the malware, its behaviour, and the attack campaign is available from Kaspersky, who discovered this variant.

Facebook – $100 Starbuck scam circulating

Please be careful as several scams are actively circulating.  When it seems to good too be true, it always is.

Facebook – $100 Starbuck scam circulating
http://facecrooks.com/Scam-Watch/receive-100-starbucks-gift-card-for-free-official-facebook-scam.html

Scam Type: Bogus Offer, Fake Event, Survey Scam

Trending: June 2012

Why it’s a Scam:  The scam is spreading via Facebook Event invitations. If you notice the directions shown above, victims of this scam think they will receive more vouchers based on the number of friends they invite. Step 3 requires users to click on a blogspot URL. This should be a red flag. For one thing, why would Starbucks use Blogspot to run a promotion, and you should also be aware of the fact that a lot of scams are hosted on Blogspot as well. Here we see a very polished and nice Starbucks graphic, but don’t let the good looks fool you.