Computer News & Safety – Harry Waldron Rotating Header Image

March, 2014:

Microsoft – System Development Lifecycle story to implement TWC

An excellent historical recap of how security was strategically integrated into Microsoft’s development process.

QUOTE: Across thousands of developers and millions of lines of code, one company learns to build secure software in an increasingly insecure world.  It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm — a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious. At the time, ABC News reported that, in just two weeks, more than 300,000 computers around the world were infected with Code Red — including some at the U.S. Department of Defense and Department of Justice.

Mobile Security – Marble Labs Study of applications with high risk

Communications and social media application plug-ins may create greatest risk of privacy and security according to excellent study performed by Marble Labs during Q1 2014.

QUOTE: Communication apps topped the list; over ten percent of them got tagged as risky. Social media apps came next, around nine percent risky. Somewhat to my surprise, the “news and magazines” category was third, with a bit over eight percent risky apps. Safest of all, according to this study, were game apps, with less than one percent of them identified as risky. The full report points out that consumers may well accept risk levels that businesses wouldn’t. Data leakage in particular is more of a business problem. It concludes, “Companies should monitor or restrict use of these apps on devices that connect to corporate networks, data or online cloud services. Risk-based restrictions are more important than ever, given the ever-growing number of apps and the increased use of mobile devices in the enterprise.”

Malware – Fake TOR Browser circulating to Apple users

A Fake TOR Browser touted to improve security is circulating to Apple users.  As article reflects it will infect vulnerable systems with adware and other malicious agents.

QUOTE: Concerned about online tracking and eavesdropping? Considering TOR? If so, don’t download the iOS app for the Tor Browser from Apple’s App Store. It appears the Tor Browser app for iOS devices is fake, and “full of adware and spyware,” according to a support ticket opened two months ago by “Phobos,” a volunteer with the Tor Project. “Tor Browser in the Apple App Store is fake,” Phobos wrote on the ticket, adding, “We should have it removed.”  It appears from the ticket that Tor Project officials notified Apple of the fake app in December, and Apple said it would give the developer a chance to defend the app. Even though other users have filed complaints, the app remains available on the App Store, and other Tor users and volunteers have expressed their frustrations on the ticket and elsewhere online.

AV TEST – Windows 7 x64 – FEB 2014 review

New Chinese AV Vendor QIHoo, Kaspersky, and Bitdefender recorded perfect scores in latest tests for Windows 7 64 bit O/S as noted in review AV-TEST review.

QUOTE: Chinese Antivirus Qihoo 360 Earns Top Score in Independent Test. Last time around, Qihoo earned 5.5 points in each category, for a total of 16.5. This time it took a perfect six of six points for protection, and usability, raising that score to 17.5 of a possible 18. Bitdefender and Kaspersky tied that score. McAfee, Norton, and Trend Micro came very close, with 17 points each.

Laptops and Mobile devices – Hotels hold lost items briefly

An interesting article notes that hotels may only retain lost items for short period of time and dispose of electronic items in a variety of ways

QUOTE: We’re all human, and humans forget things. And as previously discussed on this bog, laptops are commonly lost. And while one cannot really blame hotels for discarding lost devices that are cluttering their storage rooms (if no one claims them after a reasonable period of time, of course), the survey reminds us all that our laptops could literally end up anywhere. IT and security pros need to deploy full disk encryption technologies to protect the information on these devices, and they need to establish policies that do not interfere with how people work but protect any data on the device if it is lost or stolen.

Privacy – Unlike passwords SSN cannot be changed

PC Magazine shares excellent security awareness that static identifiers like SSN or birthdates can never change and must be protected from criminals.

QUOTE: When an online shopping site suffers a data breach, you’ll get a warning to change your password. If your bank is hacked, they’ll send you a new credit card. The real problem occurs when a business authenticates you using personal data that can’t be changed, like your SSN or birthdate. A new whitepaper from NSS Labs examines the use of static and dynamic information for authentication, and offers businesses advice for improving security.

Static Data – The SSN was never meant as a personal identifier. The report notes that the equivalent identifier in the UK is never used for authentication. Once your SSN is revealed in a breach, it’s forever compromised. And that’s a problem. Some businesses attempt to protect customers by storing only the last four digits of the SSN. It turns out that this isn’t very effective. The first five digits aren’t random; they’re based on when and where you first applied for your SSN. A research project from five years ago analyzed data from the government’s “Death Master File” and devised an algorithm to predict those first five digits.

Malware – Crigent “Power worm” infects Office documents

Trend Labs warns of this new threat which uses PowerShell scripts to infect Word and Excel documents

QUOTE: Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as “Power Worm”) which brings several new techniques to the table. (We detect these files as W97M_CRIGENT.A and X97M_CRIGENT.A.).   Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell to carry out its routines. PowerShell is a powerful interactive shell/scripting tool that is available for all current versions of Windows (and is built-in from Windows 7 onwards); this malware carries out all its behavior via PowerShell scripts. IT administrators that are normally on the lookout for malicious binaries may overlook this, as malware using this technique is not particularly common.

This particular threat arrives as an infected Word or Excel document, which may be dropped by other malware or downloaded/accessed by users. When opened, right away it downloads two additional components from two well-known online anonymity projects:  the Tor network, and Polipo, a personal web cache/proxy.  Using the installed Tor and Polipo software, it accesses its command-and-control server. The URL it uses contains two GUIDs.

Adobe Flash Player security update for March 2014

During mid-March, Adobe released an important update for Flasher player

QUOTE: Adobe Flash Player, released for Mac and Windows, is now available for download. Adobe has also released Adobe Flash Player for Linux. These updates address two vulnerabilities, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

Malwarebytes version 2.0 – improved GUI & features

PC Magazine reviews Malwarebytes version 2.0, which is excellent tool with improved user interface, built-in rootkit detection, and thorough malware scanning capabilities.

FULL REVIEW – Malwarebytes Anti-Malware 2.0  (Editor’s Choice – free product),2817,2455505,00.asp

QUOTE: After ten years of version 1.x, Malwarebytes has finally released version 2.0. The powerful malware-fighting tools are all still there, but the package is a lot better looking. A new dashboard page displays security status; if anything isn’t right, you just click Fix Now. And you can track progress of updates and scans right in the dashboard. Rootkit detection, once a separate component, is now integrated. A variety of other once-awkward mechanisms have been streamlined for ease of use. It’s quite an improvement. Want to know more? Read my full review. Malwarebytes remains our Editors’ Choice for free, cleanup-only antivirus.

Facebook – Financial Pyramid scheme shutdown by SEC

The SEC recently stopped a financial scam where Facebook and other sites were utilized

QUOTE: The Securities and Exchange Commission took emergency action against an alleged fraudulent pyramid scheme promoted on Facebook and Twitter. A federal court gave the SEC a court order to freeze the accounts held by Fleet Mutual Wealth and MWF Financial, doing business as Mutual Wealth. The SEC claims Mutual Wealth has “been exploiting investors” using social media including Facebook and Twitter. Investors were promised returns of 2% to 3% a week, the SEC says, by using an investment strategy that “invests into securities for no more than a few minutes.”