Archive for February 27th, 2014

Facebook – protect your account from Rogue Browser Extensions

Facecrooks security shares this improved security approach

QUOTE: Lately, we have noticed an alarming trend in how Facebook scams are being spread among users. Scammers will exploit every method and medium to disseminate their malware and mayhem. We have seen like-jacking, click-jacking & tag-jacking attacks, rogue applications, the abuse of Facebook messages and chat, browser exploits…you name it. The last couple of scams we have profiled use rogue browser extensions (sometimes called addons or plug-ins) to propagate on Facebook. This typically occurs by the scammer tricking users into downloading and installing what appears to be a theme, application or required plugin to watch an advertised video.

Facebook – improve security using Login approvals

Facecrooks security documents this 2 factor authentication approach

QUOTE: Phishing scams are widely popular on Facebook. Cyber criminals relentlessly pursue ways and means to obtain Facebook usernames and passwords. These compromised accounts often send out spam or scam messages virally across the platform. Scammers can also data mine these accounts and their network of friends. This information can be used for identity theft or other targeted attacks.

Login Approvals is a two-factor authentication feature employed by Facebook. It’s an added layer of security that requires a code to be entered to complete the login process if the device isn’t recognized by Facebook. To access this setting, click on the gear icon located in the top right hand corner and then click on the ‘Settings’ link. Next, click on the ‘Security’ link located in the left hand column. You can also be taken directly to this screen by clicking here:

Now all you have to do is click the ‘Edit’ link under Login Approvals and set everything up. If you use the Facebook mobile application, then you can also enable ‘Code Generator’ on this screen. Instead of sending you a text message with the secret code, the mobile Facebook application will generate a code for you to use.

Facebook – Purchases WhatsApp Messaging application

Articles related to Facebook’s purchase of the popular WhatsApp messaging system for $19 billion

QUOTE:  Facebook announced this week that it acquired popular messaging app WhatsApp for a stunning figure of $19 billion. The app is currently the most popular messaging app for smartphones, and boasts over 450 million users while adding an additional 1 million users every day. Of course, not everyone that uses WhatsApp is on Facebook, and some privacy advocates have expressed concern that Facebook will now have access to all of WhatsApp’s user data.

“Currently, WhatsApp can change terms and conditions at any time, without notifying users, which many people who use this service aren’t aware of. Meanwhile, Facebook already has a very broad copyright license on people’s content and already shares your data with many other services,” said St. John Deakins, the CEO of Citizenme, a group advocating for online privacy. “Now with Facebook buying WhatsApp, this could see more and more private information becoming part of Facebook’s database. From a personal data standpoint, this is extremely worrying.”

WhatsApp will be absorbed by Facebook and function as an autonomous unit within the company. Though it’s easy to doubt the site’s motives, it’s likely that Facebook simply saw the app as a massive growth opportunity. Facebook has obvious plans to expand its messaging services, and WhatsApp is a logical extension of their goals. However, for those WhatsApp users who aren’t comfortable living under the thumb of Facebook, it may be time to find another online messaging service.

AVAST – Mobile security requires constant protection

Smartphones can store highly sensitive information and must be constantly protected as noted in article.  Password protection, encryption, and other best practices should be used.

QUOTE: More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.  Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkel’s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies;  and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.

Facebook – Music Theme scam circulating FEB 2014

Avast labs documents new fake them circulating that may lead to malware of loss of privacy

QUOTE: By now, we are all familiar with Facebook scams that claim to give your Newsfeed a designer look. Remember Facebook Red or Facebook Black? Those pretty themes ended up spreading spam and malicious links via online surveys and fake videos. Today, the AVAST Virus Lab experts discovered a unique variety– the Facebook Music Theme Scam.  The Facebook Music Theme Scam is supposed to change the theme and add a song to your Facebook page. But when our Virus Lab expert, Honza Zika, investigated, he got more than danceable music tracks, “What this code does is modify Facebook.  It automatically liked 32 photos, people, groups, … See my activity log, that is just half of it.”

RSAC: Trend Micro, McAfee, and Symantec score well in NSS Lab tests

NSS Labs shared recent test results of corporate products at the 2014 RSA conference

QUOTE: Most of the tests and reports generated by NSS Labs are aimed at big companies, Fortune 500 domestically, Fortune 2000 worldwide. They help these enterprises choose the best next-generation firewalls, intrusion prevention systems, and so on. From time to time, they also put consumer-facing security products to the test. At the RSA Conference I sat down with Randy Abrams, NSS Labs Research Director to go over the latest results. The current report looks at how well nine popular security products handle socially-engineered malware. McAfee and Trend Micro earned the best overall score, with Norton so close behind that the difference isn’t statistically significant. These three were also the quickest to detect new threats.

RSAC – Windows 8 has Smart Screen Filter built into operating system

Windows 8 was found to be effective with URL smart screen filtering during recent NSS testing

QUOTE: Microsoft Security Essentials was included in the test, but Abrams pointed out that Microsoft wants this product treated as a baseline. “If people are going to pay for a third-party product,” he said, “it had better outperform the baseline. Microsoft doesn’t want a monoculture; that doesn’t protect their brand. Even so, if people have no other antivirus MSE helps.”

One cool thing in Windows 8, they built the Smart Screen Filter right into the operating system,” he said. “Even if your browser is terrible at detecting bad URLs, it still works. They pulled it out of Internet Explorer, they’re not saying that you must use IE for protection. We had to turn it off for testing! It was too effective, 98 to 100 percent accurate. Dennis Batchelder and Joe Blackbird at Microsoft said we should leave it on, but we couldn’t do that and still test the antivirus.”