Thursday, September 27, 2012

Employee personal social media accounts could attract dangerous phishers to workplaces

The Washington Post has a front page story on the indirect danger to workplace networks from social engineering of phishing attacks aimed at employees.  The story by Robert O’Harrow Jr. is titled “Zero Day: Cyberattacks hit targets with human touch”, online “investigations” link here

Cybercriminals troll the personal social media accounts of low-level workers in sensitive jobs, and figure out how to send them emails, often with sender-ids spoofed with names of other coworkers, that will lead to infection of their employers’ networks with spyware, that could lead to industrial espionage or to compromise of customer accounts.
It’s disturbing that personal social media accounts can lead to these risks for employers, and they could lead to more “conflict of interest” and blogging policies.  

Thursday, September 20, 2012

Hackers associated with Muslim outrage or with Assange claim credit for outages really caused by ordinary server programming bugs ("unsafe code")

Media sources report a slowdown at the Bank of America website and possibly other financial institutions this week (particularly Tuesday September 18), because of alleged cyber attacks motivated by the amateurish anti-Muslim film supposedly made by private right-wing elements within the US.

Michael Endler has a story on Information Week here

I have my own checking at BofA and have noticed no problems this week.  I have noticed slowdowns before in the past, and one or two outages.

Info Week links to another story reporting that GoDaddy had a recent outage that it says was caused by “corrupt router data tables”, but hactivists claimed “credit” for the outage.

Companies could have outages because of ordinary internal bugs, and hackers might claim bragging rights when the problems are made public.

A few weeks ago,  on a normal weekday, I had a situation where I could not reach my own ISP through my Comcast Internet service, but could reach it through my Verizon hotspot.  Yet most other websites were working normally through Comcast.  The situation lasted about twelve hours. 

Update: Sept. 22

Later media reports suggest that Iran was involved in a DDOS attack against Bank of America, in retaliation for sanctions; the attack was not very "successful".  Ellen Nakashima has a story in the Washington Post here

Thursday, September 06, 2012

Major sports, news, banking sites serve complicated ads that can cause Windows 7 to stall briefly and then give unwanted popup link

I’ve noticed an annoying problem on all my Windows 7 laptops.  After rebooting, and only once before the next boot, the machine will hesitate about thirty seconds when it encounters certain kinds of ads on certain sites (especially newspaper sites and Major League Baseball and, curiously, Suntrust Bank).  The machine freezes, and the mouse pointer or trackpad will not operate. Finally, the machine “releases” (the Dell XPS laptop, which was converted from Vista, beeps a few times), and goes to a full link of the unwanted ad. 
Tapping the trackpad will get the machine to release (but using the wireless mouse, an attachment, will not), but causes a link to the ad, which then fills the screen as an unwanted visit.  The advertiser will be charged for the ad display by the site, which the user may not have intended to visit or have a legitimate interest in.
Perhaps there is a problem with the startup procedure in W7, and the ad is using an application (like some part of Shockwave) that requires additional memory allocation. Or perhaps it is “unsafe code”  (in java or C#) on the site.

This morning, I had the problem with Rosenthal Nissan Honda when visiting the Washington Post site.  I’ll give the link for the ad, which may cause a Windows 7 machine to hesitate.  This problem does not seem to happen on my MacBook, mi iPad,or  my smartphone,  and it doesn’t happen in the older XP operation system.  Here’s the link

I suppose I could get rid of this by playing with the Popup blocker (in Chrome, Firefox, or Internet Explorer – it happens in all of them in Windows 7).

The problem does not seem to occur on any ads served by Google. 

Update: September 10, 2012

Today the hang occurred while the Washington Post was open to a complicated page when I went back into Word to copy the URL.  Once in Word, the computer would freeze if I tried to use Word.  On restart, it gave the usual warning an invitation to use Safe Mode, which can be skipped.

Microsoft Control Center tells me that I need a fix for a Dell memory driver that is used by some media applications.  I just installed it.  We'll see if this fixes it.

I fixed the Word file by hard-copying to another file with a different name.  

Tuesday, September 04, 2012

Major hack of unique Apple ID's from FBI reported

Media outlets are reporting that hackers connected to Anonymous and Lulzsec claim to have obtained unique Apple ID’s (UDID's) of the iPhones and iPads of over 12 million users, from an IBI computer, and have published a link to the ID’s. of 1,000.001 users or customers.

Apple customers who use Cloud services heavily  (or who gave Apple a lot of personal information and who have heavily linked their online accounts) could theoretically be at further risk (maybe in the spirit of the “Wired” writer’s hack described here Aug. 17). 

So far no actual use of the data has been reported.  Will Apple have to offer free credit report monitoring to the million users affected?

It’s a little hard to believe that the data was so “easily” lifted from the FBI.

A typical news story by David Meyer is published by zDNet here

Again, the advice: keep some backups yourself, and check your online accounts frequently.

Saturday, September 01, 2012

"The Economist" reports that future viruses may build on pre-installed apps

The Aug. 25, 2012 issue of “The Economist” offers a brief article “A thing of threads and patches: soon, computer viruses may assemble themselves from other bits of code”, link here

The article discusses a “Frankenstein” program designed by Vishwath Mohan and Kevin Hamlen, from the University of Texas at Dallas, and presented in Microsoft country in Washington state recently at a security conference. 

The theory is that viruses assembled from sequences of pre-installed code (like “Frankenstein” body parts or “pieces”, as in the notorious horror films from the 70s and 80s) would be harder for anti-virus software to detect, at least quickly, and could be useful in quick DOS attacks, or in industrial espionage.