Merry Christmas everyone!
It's the morning after the big day and everyone is still sleeping in over here. I'm just taking a look at a few things and I saw this article from the honeypot.
As the author mentioned it's an old scheme, but it's dangerous. In the short list of 'Tips from Mom for the cyberage' - visiting a website based on a spam email is taking candies from strangers. While you're visiting the site for a 'quick peek' at something naughty rather than nice - they're infecting your computer.
One approach would be to take a page from Nancy Reagan - 'just say no'. Another would be to make sure you're properly protected before journeying out into wilds the internet.
Think of being protected like dressing appropriately for a rain storm.
level 1 - If you're going out in the rain - you really skip putting on any special gear. you'll get wet - probably no biggie.
2. you add on a hat to protect your head
3. you add on a rain coat
4. you add an umbrella to your gear
5. you add boots/ rain pants
Like wise in the 'safe surfing' world
Level 1 - you're not really using any protection - just surfing online hoping for the best!
2. you have the firewall that came with the OS turned on (eg. on Microsoft Vista)
3. you use the firewall that came with the computer when purchased (eg. Nortons Firewall )
4. you use an external router between you and the internet
5. your firewall/OS are updated automatically
6. your firewall stops unknown outbound traffic! (eg. ZoneAlarm)
... the list of ways to be safer can continue, at this point it just depends on how paranoid you are. :)
Wednesday, December 26, 2007
Wednesday, December 19, 2007
Can I see your ID?
Can I see your ID?
It’s hard to believe now, but those were the most feared words a thirsty 20 year old college student could hear - particularly when trying to buy beer! I can remember trying to look older, trying to look nonchalant, even pre-occupied with something else to get past the watchful eye of the clerk.
Just like the liquor store owner checking the id’s of misguided youths, you need to check the “id” of websites where you shop - or share any personal information. There are some new phishing attacks where fraudsters are re-routing search engine results. Think of it like getting a new yellow pages book every day, and on occasion the number you see in the book is NOT who it is supposed to be!
Leaving that attack aside, here's some easy steps for the home user to follow to ensure safe surfing.
It’s hard to believe now, but those were the most feared words a thirsty 20 year old college student could hear - particularly when trying to buy beer! I can remember trying to look older, trying to look nonchalant, even pre-occupied with something else to get past the watchful eye of the clerk.
Just like the liquor store owner checking the id’s of misguided youths, you need to check the “id” of websites where you shop - or share any personal information. There are some new phishing attacks where fraudsters are re-routing search engine results. Think of it like getting a new yellow pages book every day, and on occasion the number you see in the book is NOT who it is supposed to be!
Leaving that attack aside, here's some easy steps for the home user to follow to ensure safe surfing.
example 1.
2 things to consider for ‘checking this ID’:
1. is your internect connection to this website safe?
2. is the website who you think it is?
All internet traffic travels through many servers and computers you’ll never know or see. Think of the difference between mailing post cards and mailing letters. They both get to their destination, but one can be read very easily along the way. By having a ‘safe connection’, you’re wrapping a virtual envelope around your message. To verify you’re safe, look at your browser – do you see a padlock? It’d either be in the address bar, or on the bottom (or both!). Also, in this example on Mozilla Firefox, there is a yellow color and I can see the letters HTTPS. In Microsoft Internet Explorer 7 and beyond this same area will turn green so you have a good visual all is ok. HTTPS stands for HyperText Transfer Protocol – Secure. Without the ‘S’ even if you logged onto the site your data is not traveling across the wire in a safe fashion.
For websites to be able to use this protocol, they have registered with an independent vendor (think of the internet’s Certificate Authority (CA) similar to a Public Notary) to verify they are who they say they are. There are a few companies that issue these certificates - one is Verisign. Here is what it looks like if you see the verisign logo on a site and follow the link.
To recap: if you have to share your personal information, you're basically ok IF
- You typed in the website address (URL) in your browser address window
- There is an HTTPS (secure Hyper-text Transfer Protocol) prefix on the address
- There is a locked padlock on the bottom of your browser
- You're using a computer that is virus/malware free
Sunday, December 9, 2007
Tips from Mom
Tips from Mom adopted for the re-interpreted for the cyber age
1. Get a good education
a. Attend seminars; read; take action;
b. Know your threat profile
c. Know how to recognize ‘safe’ websites
2. Never ‘talk’ to strangers
a. phishing – never follow links in emails. Motivated bad guys can create websites that look exactly like your bank – with an image over the URL so you can’t tell the difference!
3. Don’t take candy from strangers
a. Cookies are how the websites you use know who you are when you come back. They also maintain data while you’re logged in (these are both good things!)
b. Cookies can also provide data to other people (this isn’t necessarily bad, but could be)
c. Worse than cookies is clicking ‘ok’ to popup from a website you don’t know – this will install a program on your computer.
4. Don’t share your house keys
a. Each time you create a user name for yourself and a password – you’re creating a new ‘house key’ for your personal information
b. Passwords should be complex
c. Passwords should not be shared across websites
5. Take your vitamins
a. Set your computers operating system to update automatically;
b. antivirus program should download new signatures as they are available
6. Lock your doors
a. select a good firewall that meets your household’s needs
b. outbound traffic is as critical to block as inbound
c. use a browser other than Internet Explorer - eg. FireFox
7. Wash your hands when coming home
a. scan for viruses, Trojans, worms, Malware
i. key loggers; data streamers
8. Use a good soap!
a. Research the software tools available and choose wisely
i. Anti-virus
ii. Anti-spyware
1. Get a good education
a. Attend seminars; read; take action;
b. Know your threat profile
c. Know how to recognize ‘safe’ websites
2. Never ‘talk’ to strangers
a. phishing – never follow links in emails. Motivated bad guys can create websites that look exactly like your bank – with an image over the URL so you can’t tell the difference!
3. Don’t take candy from strangers
a. Cookies are how the websites you use know who you are when you come back. They also maintain data while you’re logged in (these are both good things!)
b. Cookies can also provide data to other people (this isn’t necessarily bad, but could be)
c. Worse than cookies is clicking ‘ok’ to popup from a website you don’t know – this will install a program on your computer.
4. Don’t share your house keys
a. Each time you create a user name for yourself and a password – you’re creating a new ‘house key’ for your personal information
b. Passwords should be complex
c. Passwords should not be shared across websites
5. Take your vitamins
a. Set your computers operating system to update automatically;
b. antivirus program should download new signatures as they are available
6. Lock your doors
a. select a good firewall that meets your household’s needs
b. outbound traffic is as critical to block as inbound
c. use a browser other than Internet Explorer - eg. FireFox
7. Wash your hands when coming home
a. scan for viruses, Trojans, worms, Malware
i. key loggers; data streamers
8. Use a good soap!
a. Research the software tools available and choose wisely
i. Anti-virus
ii. Anti-spyware
Wednesday, December 5, 2007
Mmm I love Hunny!
Pooh couldn’t ever do enough to get himself some honey! He’d disguise himself as a little dark rain cloud, he’d get himself stuck in honey jars by trying to lick the bottom of the jar and once he ate himself so fat he had to sit stuck in the door of Rabbits home for many days until he became thin again.
When it comes to “honeypots” - hackers are similar, they can't resist. In a nutshell, honeypots are fake customers, websites, or user credentials. Companies and organizations interested in proactively studying the patterns of who is stealing what use this technique to lure in the bad guys and then track the 'honey' to see where it goes. A friend of mine did something similar with email addresses. He started creating a unique email address for himself whenever he signed up for a service. E.g. He played fantasy football, so he created daves_fantasy_football@vendor.com when he started receiving spam on this email address, he KNEW who sold his information!
Here is a great technical paper from Honeyblog written to explore many areas regarding the topic of malware and new black market forming around the internet in China.
It has a lot of detail explaining who is stealing ID's in China, who the thief is selling them to - and ultimately how the fraudsters can make money off of video game credits!
Read more
Read more
Friday, November 30, 2007
Peek? Peek? Peek a boo!
Last weekend I got to play a rousing game of "peek a boo" with my 2 year old, cute as a button niece. My kids are a little older now, so I forgot about how kids believe if cover their eyes, I’m not there.
Hmm, sounds familiar.
A few people I’ve spoken to lately don’t know much about internet attacks, or if they even have a firewall set up – but since they don’t see them, the hackers out there will somehow not get them. There is a little truth to the idea of 'security via obscurity' but ...
Boo!
I’ve read where over 75% of households surveyed thought they had “good” protection against viruses, spam etc. Of these only 30% were adequate. Most were using what came with the computer when it was purchased – and may or may not have been using the updates.
Here’s a flow of events to think about:
Day 0. A researcher publishes a newly discovered “hole” in a device (PC, iPhone, game console) for someone to take advantage of
Day 1. Anti-virus (AV) company begins work to plug this hole
Day 2. Badguys also begin work to take advantage of this hole
Day 3. AV company publishes fix
Day 3. Badguys release code to take advantage of it
In this scenario, if you’re using a reasonable protection scheme that’s updated automatically – you should be ok.
But what if the Badguys take advantage of a hole before the AV companies are ready for them? That’s called a Zero-Day attack.
Here’s one described:
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.
When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.
"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.
read more
Hmm, sounds familiar.
A few people I’ve spoken to lately don’t know much about internet attacks, or if they even have a firewall set up – but since they don’t see them, the hackers out there will somehow not get them. There is a little truth to the idea of 'security via obscurity' but ...
Boo!
I’ve read where over 75% of households surveyed thought they had “good” protection against viruses, spam etc. Of these only 30% were adequate. Most were using what came with the computer when it was purchased – and may or may not have been using the updates.
Here’s a flow of events to think about:
Day 0. A researcher publishes a newly discovered “hole” in a device (PC, iPhone, game console) for someone to take advantage of
Day 1. Anti-virus (AV) company begins work to plug this hole
Day 2. Badguys also begin work to take advantage of this hole
Day 3. AV company publishes fix
Day 3. Badguys release code to take advantage of it
In this scenario, if you’re using a reasonable protection scheme that’s updated automatically – you should be ok.
But what if the Badguys take advantage of a hole before the AV companies are ready for them? That’s called a Zero-Day attack.
Here’s one described:
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.
When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.
"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.
read more
Wednesday, November 28, 2007
We're not in Kansas anymore
I use the internet a lot for work - probably 50% of my time everyday is spent online doing research. A lot of that research is via search engines, following links - looking things up. Perhaps I was being a little naive - but I thought as long as I didn't go to any websites that weren't safe for work, my computer would be ok.
Then I read this
Update: Subverted search sites lead to massive malware attack in progress
Trojans, rootkits, password stealers hit users who click on a bad link after a search
November 27, 2007 (Computerworld) -- A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.
"This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
Those pages have had their search site ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.
read more
Then I read this
Update: Subverted search sites lead to massive malware attack in progress
Trojans, rootkits, password stealers hit users who click on a bad link after a search
November 27, 2007 (Computerworld) -- A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.
"This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
Those pages have had their search site ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.
read more
IDs! Getchur hot IDs! IDs for sale!
it's that new black market again. IDs are stolen from one place, sold in the black market to others who plan organized attacks. yikes!
Database admin to plead guilty in theft of 8.5M consumer records
He agreed to pay restitution, cooperate with police and forfeit $105,000
November 27, 2007 (Computerworld) -- A senior database administrator at a subsidiary of Fidelity National Information Services Inc. (FIS) who was accused of stealing about 8.5 million customer records and selling them to data brokers is expected to plead guilty tomorrow to felony fraud charges in U.S. District Court in Tampa, according to court documents.
William G. Sullivan has also agreed to pay court-ordered restitution to victims, cooperate with ongoing investigations and forfeit the more than $105,000 he still has remaining from selling the stolen data. In exchange, according to a plea agreement also filed with the court, federal prosecutors are expected to recommend a reduction from the maximum five-year sentence that Sullivan could have gotten.
Sullivan worked as database administrator for Certegy Check Services Inc., a St. Petersburg, Fla.-based Fidelity subsidiary that provides a check-authorization service to financial institutions and merchants across the globe. FIS itself is a provider of transaction processing and related services to the financial industry. It is separate from the better-known Fidelity Investments.
read the full story
Database admin to plead guilty in theft of 8.5M consumer records
He agreed to pay restitution, cooperate with police and forfeit $105,000
November 27, 2007 (Computerworld) -- A senior database administrator at a subsidiary of Fidelity National Information Services Inc. (FIS) who was accused of stealing about 8.5 million customer records and selling them to data brokers is expected to plead guilty tomorrow to felony fraud charges in U.S. District Court in Tampa, according to court documents.
William G. Sullivan has also agreed to pay court-ordered restitution to victims, cooperate with ongoing investigations and forfeit the more than $105,000 he still has remaining from selling the stolen data. In exchange, according to a plea agreement also filed with the court, federal prosecutors are expected to recommend a reduction from the maximum five-year sentence that Sullivan could have gotten.
Sullivan worked as database administrator for Certegy Check Services Inc., a St. Petersburg, Fla.-based Fidelity subsidiary that provides a check-authorization service to financial institutions and merchants across the globe. FIS itself is a provider of transaction processing and related services to the financial industry. It is separate from the better-known Fidelity Investments.
read the full story
Tuesday, November 27, 2007
uh oh
In this story, they're referencing something similar to a 'man in the middle' attack. Picture you're playing a game of 'phone' as kid. You have a soup can, so does your friend. they're connected by a long piece of string and you talk to each other through the cans. This where a 'man in the middle' attack takes place - the fraudster would be in the middle of the string listening to your conversation.
'Man in the browser' is new threat to online banking
Traditional anti-malware software not likely to catch these threats quickly
November 27, 2007 (Computerworld UK) -- Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.
Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.
Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.
read more
'Man in the browser' is new threat to online banking
Traditional anti-malware software not likely to catch these threats quickly
November 27, 2007 (Computerworld UK) -- Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.
Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.
Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.
read more
Monday, November 26, 2007
Phishers Steal DOJ's Identity
New spam-based exploits also operate under guise of Better Business Bureau
NOVEMBER 20, 2007 You'd think that if you were going to commit a crime, impersonating a major law enforcement agency would be the last attack on your list. But some brassy phishers have got another idea.
According to a warning issued earlier today by Websense Security Labs, there is a new spam attack on the Web that claims to be a message from the U.S. Department of Justice.
read the full story
NOVEMBER 20, 2007 You'd think that if you were going to commit a crime, impersonating a major law enforcement agency would be the last attack on your list. But some brassy phishers have got another idea.
According to a warning issued earlier today by Websense Security Labs, there is a new spam attack on the Web that claims to be a message from the U.S. Department of Justice.
read the full story
Caution with credit cards
With the holidays upon us, it’s becoming a reflex move to pull that credit card out - unfortunately if you're concerned about identity theft this could be hazzardous.
Yesterday I was at a mall in the San Joaquin valley needing some food for my kids. The place was packed! As I walked into the court I realized I had a choice – I could either trust the person behind the counter was either honest or too busy/ worn out from the day to care who I was – or I should use cash from the nearby ATM machine. “What’s the difference Dave?” – by using cash I guaranteed my anonymity. If I were to hand the checkout person my card, I was giving up my name, and card number.
I wouldn’t normally give this much of a consideration but on the radio last week I heard a guy, ‘Bob’ on a radio show last week that wanted the DJs to call this girl ‘Sally’ for a date. After some prodding the DJs learned ‘Sally’ didn’t give Bob her phone number – he worked in a deli she frequented often. She paid with a credit card. By using her name and a search engine he found her personal information!
Be careful who you give your card to and be careful what you do with your personal statements.
Social engineering and dumpster diving are the number 1 ways people lose their private information.
Yesterday I was at a mall in the San Joaquin valley needing some food for my kids. The place was packed! As I walked into the court I realized I had a choice – I could either trust the person behind the counter was either honest or too busy/ worn out from the day to care who I was – or I should use cash from the nearby ATM machine. “What’s the difference Dave?” – by using cash I guaranteed my anonymity. If I were to hand the checkout person my card, I was giving up my name, and card number.
I wouldn’t normally give this much of a consideration but on the radio last week I heard a guy, ‘Bob’ on a radio show last week that wanted the DJs to call this girl ‘Sally’ for a date. After some prodding the DJs learned ‘Sally’ didn’t give Bob her phone number – he worked in a deli she frequented often. She paid with a credit card. By using her name and a search engine he found her personal information!
Be careful who you give your card to and be careful what you do with your personal statements.
Social engineering and dumpster diving are the number 1 ways people lose their private information.
Subscribe to:
Comments (Atom)
Posts
