Bill's Internet Safety Tips

Yahoo! email account(s) cracked and potentially incriminating spam sent (case I know of personally); Gmail usage phishing scam is out there, too

2012-01-30T06:56:00.000-08:00

Yesterday I learned of a case where an individual’s Yahoo! email account was cracked, and where undesirable emails were sent to others on a list in her name. This is a situation where the actual account was used, not just where the sender-id was spoofed. I’m not aware that Yahoo! offers the two-step verification that Google’s gmail does.

In the past, there have been cases where people have been held liable for content sent when their email account was actually cracked. It’s still an ambiguous situation legally.

The individual said it took a whole day for the problem to be fixed (apparently by virus removal). The individual says that the password wasn’t cracked by guessing, but probably picked up by a Trojan keylogger or virus.

In a two-step system, the attacker would not be able to log on to a different computer without another verification code sent to a cell phone or stored on a separate list. But in some scenarios an attacker (like a “Lisbeth” or a “Nolan” from popular movies and shows) might be able to log on to the user’s system through the Internet (as with buffer overflow) and actually use the target’s computer, an issue typically addressed by regular security updates to an operating system.

Update:

There is a phishing scam telling users their Gmail space quota is exceeded, with a phony link to click on to increase it pretending to be at Google. Of course it is not. Major email filters are not marking this one as spam yet.

Kaspersky again complains about Facebook plugins in XP only; spammers trying to leverage Assange-mania

2012-01-20T20:41:00.000-08:00

Once again, Kaspersky, on an older XP machine, gives me “access to requested object is forbidden” and a warning about spyware associated with this plug in on a few sites, such as DC examiner:

The warning looks like this:

“http://www.facebook.com/plugins/activity.
php?site=examiner.com&width=300&height=
350&header=true&colorscheme=light&
recommendations=true”

I don’t get this in Windows 7 on another machine with Kaspersky. Webroot also did not give this problem.

Also, when I try to review the “Report”, Kaspersky stopped responding, and the machine had to be restarted.

I presume that most companies now have Facebook plugins and they should not be a problem. I didn’t try logging on to this different Machine; I always use Facebook from a different computer.

One other little “current event”: Last night, I got an email saying, “Classified information, please open attachment”. Yes, that sounds like obvious spam, trying to load a trojan in an attachment with social engineering based on anti-government sentiment. But what if someone really is trying to lack classified information this way? I’m not sure what the law is, on “possessing” classified information you know was offered to you “illegally”.

Update: Now Kaspersky on this older computer is not updating properly.

Signs your computer is "balding"; liability for bank account drains; phishing proof-of-concept education

2012-01-17T17:55:00.000-08:00

Webroot treated us to a couple of important tweets today. One is by Davey Alba of Laptop Magazine, “Five Signs that your PC is infected”, (website url) link. I’d be a little surprised that people discover repeated unauthorized withdrawals from their bank accounts. Yes, that’s bad, but you shouldn’t let your bank get away from you.

Do banks have to reimburse customers? In the US, generally yes for individuals, no for businesses. (For someone who works at home with a proprietorship earning some money from blogging, I suppose that could get tricky.) In the UK, it appears businesses have two days to find it. Who foots the bill for better security? It’s an existential problem. Here’s an informative link on liability. The risks are increasing especially with mobile banking. The biggest risk would seem to come from keyloggers.

The rest of his suggestions are rather routine. Of course, slow machines, and unwanted popups and website jumps are suspicious.

There’s also a rogue effort to educate banks and other companies on who easily criminals can mimic them with phishing attacks, with a “proof-of-concept” training exercise, described here by Brian Krebs on his new site, link.

Zappos is latest corporate victim of hack

2012-01-16T07:44:00.000-08:00

The latest incident seems to be an attack on Zappos, with the company’s explanation here. Zappos even asks for twenty minutes to read the posting!

MSN has a “Redtape” story by Bob Sullivan about the incident (website url) here. 24 million customers had personal information (including last 4 of credit card numbers only) stolen.

It makes you glad not to be “working” now in a conventional company.

I don’t store any visitor information at all (other than through cookies associated with Blogger, as explained in the Privacy Policy). All credit transactions are outsourced to e-commerce sites.

I personally didn't shop at Zappos; "Sartor Resartus" belongs in college literature.

Adobe Reader update fails this morning - related to AV?

2012-01-12T08:54:00.000-08:00

Today, a security update to Adobe Acrobat reader failed due to lack of “permissions” on my Windows 7 Professional XPS machine, where I just use a generic user. This is the only machine with Webroot Secure Anywhere. The older version of Reader still works normally on this machine.

On a Windows 7 Starter Notebook (Toshiba) yesterday, a similar update succeeded (Kaspersky). Oddly, when a PDF was read with the updated Adobe, a few lines of text were distorted until the cache was filled, then it looked OK.

A similar update on an older XP machine worked, absolutely normally (also under Kaspersky).

Adobe has been criticized for adding capabilities of questionable value to the Reader, increasing the opportunity for exploits.

Saturday, I found that I've lost the ability to print from Adobe on this machine because of the aborted update -- I get a memory access error. So I'll have to get this figured out.

Update (Jan 16): It's looking as though Adobe won't update now on a home machine with only an unprotected default user of "Owner" in Windows 7. It looks like a pw-protected Administrator has to be set up. Maybe that helps explain why the legacy Webroot firewall suddenly started blocking everything last year. Will look some more. Adobe's explanation is here.

Comcast XFINITY offer "Constant Guard", with some controversy

2012-01-08T12:47:00.000-08:00

Telecommunications providers are offering their own security services. At least, Comcast XFINITY offers “Constant Guard”, link (web url) here. Notice the specific reference to “bot assistance”.

But many computer owners already have contracts with “regular” providers, often set up when they purchase their computers, such as form BestBuy (which in recent years has promoted Webroot and Kaspersky, instead of McAfee and Norton).

But one source (Digital QA) also notes that Xfinity often provides Norton, and advises against adding Constant Guard, link here The reviewer talks about the possibility of “re-imaging his machine” and of some sites not working properly (confusing alphakeys with numeric). I have never heard of this with a security protection suite.

PC Mag explains the relationship between Constant Guard and Norton (web url) as follows. Norton provides conventional notification of problems; Constant Guard has the customer working directly with Comcast. It would appear that Constant Guard places a focus on problems that consumer network resources (such as botnets).

Some banks offer online customers anti-virus products “free”, such as McAfee from Bank of America (link). The problem is that it might conflict with other products already purchased from the PC vendor.

Google Chrome fixes vulnerabilities, offers Beta version

2012-01-07T08:06:00.000-08:00

Google Chrome, probably the fastest browser to load most web pages (I find Firefox slower), has new fixes to three or more possible security vulnerabilities, in version 16.0.912.75.

An article in InfoSecurity, tweeted yesterday by Webroot, briefly discusses the fixed problems here.

Google’s technical post describing the security fix (the “Stable Channel Update”) is here. Apparently the fixes download automatically when a new Chrome window is opened. The problems involved two kinds of buffer overflow and a “user-after-free” in animation frames. I don’t know whether the “controversial” keyloggers identified by Webroot in the past were addressed.

“Buffer overflow” is a bit of a mystery to novices. But once, while working for ING back around 2000, I saw a demonstration in a one-day security forum at the University of St. Thomas in St. Paul MN.

That page gives a subordinate link to another page , the “Chromium Security Page”, (link) which explains how the public can get involved in problem detection and in proposing fixes. (I didn't need the "You're awesome" greeting.) However, to get involved, one needs to apply and demonstrate a background with the relevant technical experience.

Google is also offering a beta release for Version 17, which is supposed to improve speed while retaining all the security fixes. A different Chrome blog posting, “Speed and Security”, Jan. 5, describes the release here.

I tried download the Beta on an older Windows XP machine. I found Kaspersky Security interrupted it, and the download proceeded when allowed. The product is not telling me that it is the Beta version, as far as I can see.

Google Chrome has a late 2010 YouTube video explaining Sandboxing:

Court computer infection gets defendant new trial; does Webroot Secure Anywhere do a registry fix?

2012-01-06T05:42:00.000-08:00

Here’s an interesting story tweeted by Webroot, from itword: a defendant in Miami FL got a new trial because the court reporting machine got infected, and the court reporter didn’t make proper paper machine backups, meaning the state can’t prove the trial was fair, link here. One wonders why the Court system didn’t have a better automated cloud-based or off-site backup of the reports.

A follow-up on the Webroot Secure Anywhere. I’ve noticed that Windows 7 bootup is much faster (and initial Internet connection is usually faster). I don’t know if Secure Anywhere does a registry cleanup. I haven’t had a Windows Update that requires configuration since Dec. 16, and the Webroot update occurred Dec. 27. I noticed the faster boot-ups the next day.

Stuxnet is setting an example for many more industrial worms

2012-01-01T16:28:00.000-08:00

Again, in the “tradition” of reporting news that I personally witness, I happened to sit on the Metro, going into the New Year’s Eve party, next to a man who said he was an Internet security expert, and that corporations don’t know what is about to hit them. He mentioned the Stuxnet Worm as one of many such exploits around.

Stuxnet is said to be the first worm to include a “rootkit” for a “programmable logic controller”. It is said to have been detected first by Kaspersky.

It’s thought to have come from Israel. But the greatest danger for American companies would probably come from China and Russia. As Donald Trump says, the Chinese are not our friends.

But the speaker on the Metro made it sound as if the kind of hacking done by Lisbeth in “The Girl with the Dragon Tattoo” is now commonplace. (Or for that matter, Jesse Eisenberg’s impersonation of Mark Zuckerberg at the beginning of another Fincher film, “The Social Network”. That is, “let the hacking begin.” It takes a certain focus for people to learn to do this, but somehow the rewards (and asymmetric power) become greater than from anything else.

We talked a little about Bradley Manning, and I said that 90% of the government’s secrets are probably overclassified.

A strange thing happened on the way to the "forum", that is, another thing. As I turned off the last Chrome window on an XP machine last night (before leaving the house for the Metro ride to the Party), Chrome told me it was downloading something. Downloading what? I don’t do a lot on the machine, and the last download from Chrome had come in July. I shut down the machine for the evening, to play it safe while I was out, and when I brought it up this morning, the issue did not recur. Kaspersky gave me no warnings.

Kaspersky renewal through Best Buy hits a glitch (for me, today)

2011-12-28T20:34:00.000-08:00

Today, on a small travel Toshiba computer with Windows 7 Starter and Kaspersky Security, the product would not renew and activate despite my paying the credit card renewal (about $40 a year) twice. The red “Fix it now” button kept leading me to a Best Buy application which would not close. Finally, I took it to a Best Buy store and the Geek Squad found a hidden link to give the user the opportunity to paste in a new product code. I don’t know why the web application didn’t do this automatically.

Also, early on Dec. 29, one Picasa image (on my Dec. 28 posting of my Issues Blog) came back as a blank area with an arrow. The problem went away when I deleted the html code linking to the picture and re-uploaded it. A quick search shows that sometimes Kaspersky and Webroot (it happened on two machines) reject the scripting around Blogger images as possibly malware, a "false positive". In my case, so far, it has happened only with the first image uploaded under Google Chrome (when Firefox was having trouble connecting to Blogger); all subsequent images worked (so far), and the first one worked when re-uploaded.

Installed Webroot Secure Anywhere today

2011-12-27T10:39:00.000-08:00

Today, I did install Webroot Secure Anywhere (v8.0.1.44). It downloaded an executable in the usual way from Firefox (save an exe file, get permission from Windows 7) and installed fast. It ran a scan for rootkits and malware that took about 8 minutes, no problems.

The McAfee Security Scan Plus says that the Webroot Internet Security Essentials is turned off. But that should be normal, if Secure Anywhere is running. I don’t know why the free McAfee product doesn’t recognize the new Webroot. Windows 7, however, is not warning me about a need to turn on security (it will).

After the install, I also got some javascript object errors that went away when I closed all browsers and closed Microsoft Word. The computer seemed slower than usual when restarting any object (even Windows Explorer) until using it at least once.

The install gave me two different produce registration codes. It flashed one, and then gave me a different code (in the last few characters) to save on the clipboard and in my own records.

I’m not sure if Webroot is running its own Firewall on top of Windows 7 Firewall. It is allowing all “normal” browser Internet traffic. I tried Weather Channel, Twitter, Facebook, Blogger, major news (MSN).

Update: Dec. 29

I do see the Firewall in the control panel now. It looks as though the earlier problem of overblocking is fixed. Webroot also provides a "locked desktop" Windows "notification icon" (at the bottom) whenever you use https or go to sleep. That may prevent others from logging on to your machine, in person or even remotely (a problem recently discussed elsewhere).

Also, McAfee Security Scan Plus now returns a green status and recognizes all Webroot components.

Heavy social networking users targets of webcam-related schemes (the Mijangos case)

2011-12-24T07:01:00.000-08:00

The January 2012 print issue of GQ, on p. 90, has a detailed story (by David Kushner and Jason Madara) of the “sextortion” computer hacking by a disabled California man Luis Mijangos, which involved controlling webcams of users laptops after getting them to download infected videos from emails with senders spoofed to look like social networking (often Facebook) friends. The story is not available online yet.

The O.C. Weekly (yes The OC, or Orange County) had a detailed story of the arrest in September here.

The Huffington Post had a story on his six year sentencing in September.

Generally, this sort of scam is much more dangerous to people who are “heavy” users of social media , especially those who use their webcams a lot and share a lot of videos and photos. It’s a bit of a paradox. Some employers even think that large friends’ lists are a sign of social success, but it’s very much a two-way street as far as I’m concerned.

Chinese hackers target US Chamber of Commerce

2011-12-21T10:04:00.000-08:00

The Wall Street Journal is reporting today, in a story by Siobhan Gorman, that hackers from China have breached the systems of the U.S. Chamber of Commerce, with the story (paywall) link here. Attackers gained access to information on three million members.

The story is front page news on today’s WSJ in print.

It’s a bit ironic, because the US Chamber of Commerce has attracted controversy for its support of the Stop Online Piracy Bill (SOPA) before the House in Congress, a bill which Internet free speech advocates can cause many contingent problems.

Webroot and Kaspersky find problems with popups on many corporate media news sites

2011-12-17T09:30:00.000-08:00

Just a note of followup. I still get warnings from Webroot on a number of ads that lead in to newspaper stories on major papers like The Washington Post and USA Today. Usually, the warnings are yellow, one or two have been red. These are the advertisements that have an insertion, “skip this ad” or “continue reading”.

The problem noted Monday with a New York Times web page discussing the nexus between blogging and journalism has been resolved. Kaspersky no longer warns of a rogue Facebook application trying to load, and no survey comes up.

Here’s another oddity: Now, when I boot up my XPS laptop under Windows 7, Windows asks me to start Webroot and Webroot always updates before it will let me start it, delaying the start of my ability to work about two or three minutes. My version is 7.0.12.22.

A site called “TopTenReviews” has a discussion of problems at the New York Times (link), but the facts appear to relate to the 2009 attack. The problem I encountered this week did not involve fake anti-virus software (a common scareware scam); it was instead a fake Facebook survey, probably related to phishing for personal information. As of right now, only Kaspersky has reported it.

Even trusted sites of big companies and government agencies (trustworthty?) seem to get hacked.And unfortunately you have to use more than one anti-virus vendor to catch everything.

Georgia hospital disrupted by computer virus

2011-12-13T07:46:00.000-08:00

A medical center in Georgia (Lawrenceville and Duluth) has been infected with a computer virus since last week, causing it to ask ambulance companies to send new patients elsewhere. Webroot tweeted the Atlanta Constitution story yesterday here. The virus has the odd name of an “I.T. service interruption virus” and is said not to have any effect on patient records.

There is no explanation yet as to the source of the infection or hack.

The link is here.

Kaspersky warns me about a Facebook Trojan when I visit a NYTime debate page in XP; one "fake survey" pops up

2011-12-12T12:50:00.000-08:00

Today, when accessing a New York Times opinion page debating blogger journalism, from Google Chrome, my Windows 7 computer (Dell XPS) hiccoughed for a few seconds and froze, then released the page. This sometimes happens once in a day after a restart. It seems as though the system needs to start one more service to run a script.

I wrote a post and linked to it OK on my “BillBoushka” blog today, and Firefox under Webroot/Sophos accepted the linked NYTimes page OK, no warnings. (Usually it's Webroot that catches these first; today it was Kaspersky instead, even though Webroot did a full update this morning.)

But on another XP machine with Kaspersky under Google Chrome, I got a warning about a possible spyware script, which is unusual. The Kaspersky report showed something like “facebook/com/dialogue/oauth with an application number of 9869919170. I double checked and this has no connection at all to my own Facebook account, and in fact I wasn’t logged on to Facebook in any browser through which I accessed this page.

I tried the XP Kaspersky experiment several times. Just once, a pop-up appeared for a “On Question Site Survey” at the bottom. I forget what it was trying to survey or sell (short term memory?) I simply closed the survey and everything was normal. I suspect that the survey would have asked for personal information or cell phone numbers for spam.

I don’t know if this is a legitimate hack or not – it’s on a New York Times page if it is. I don’t know how it got in, and so far only Kaspersky finds it.

There have been problems with fake surveys being embedded in Facebook apps for phishing purposes; maybe some of them are being picked up by major news sites and not being caught by security.

I consistently find that different vendors find different threats that other miss. That doesn’t bode well for PC home security for the average user depending on one vendor.

Webroot major update; my Firewall false blocks still not fixed

2011-12-12T08:31:00.000-08:00

Adventures in (a) Webroot? Adventures in a Perambulator?

Saturday morning, my Windows 7 Dell XPS froze when I tried to go to AOL just as W7 was telling me that Webroot wasn’t working. I rebooted and got past that. This morning, Webroot took about 45 minutes of my time with major updates and one restart. Even after the restart is still did about 10 more minutes of updating before I could do anything.

I thought that the false Firewall blockage was fixed. I turned the filter back on. As long as I stayed in Google Chrome I was fine. But when I went to Firefox it started blocking all traffic again. So back to allowing all traffic, and a red status. Understand, Windows Firewall is still on (as is Wndows Defender), and it seems to block what it should.

Update: Dec. 21

Please note the comments. I should be ready for Webroot Personal Security "Secure Anywhere" right after Christmas. (Sorry for my typo in the last comment -- it happens on laptops.)

Security experts continue to show concern about PDF vulnerabilities, from "unnecessary" features from Adobe

2011-12-07T20:51:00.000-08:00

Today, Sophos Security (associated with Webroot) sent a downloadable white paper on PDF security. The way it was delivered makes it hard to give an effective URL, but Neil Rubenking of PC Mag gives a pretty cogent view (from April 2010) about how Adobe “lost its way” by adding so many features to PDF, that make them a security hazard.

I get updates from Adobe constantly, but there seems to be some scuttlebutt that keeping up is difficult, and that the wide range of capabilities of PDF documents are unnecessary for most users, causing needless risk.

The PDF format does have one great advantage for book-like documents: they view and print (and paginate and font-interpret) exactly the same on any device. So they’re very popular, for example, for transmitting program notes that accompany music .mpg files when composers sell them online.

There are a lot of suggestions to use Google Docs to view PDF files on the web, and to install the gPDF plugin, particularly for Firefox.

The link for the story is here.

The view of PDF makes it sound as risky to view on the Web as used to be thought the case with Word documents (instead of HTML). But today, it's not so clear that HTML has to be safe either.

I have noticed that Webroot will sometimes give me warnings about Microsoft Word macros on a few of my own local documents from earlier times.

I have used PDF for my new eBook on my “Do Ask Do Tell” site, and for three other documents explaining my plans. I created these from Word. I guess I should reassess this since some visitors may not like opening PDF documents.

Facebook security fix actually allowed private pictures to be visible for a while

2011-12-06T20:36:00.000-08:00

George Mathis has a story on a Facebook bug fixed today that for a while allowed pictures marked as private to be accessed by others in public anyway. Someone proved the point by posting one of Mark Zuckerberg’s “Private” pictures.

The bug had occurred as Facebook pushed a facility to allow reporting multiple instances of inappropriate content simultaneously.

The story from the Atlanta Constitution blogs is here.

Hidden app tracks or logs user's activities on many smartphones ("Carrier IQ")

2011-12-01T02:58:00.000-08:00

The Huffington Post has as story about research by Trevor Eckhart over a hidden app on many smartphones, called the “HTC IQ Agent” which logs many details about the user’s activities and could provide a security threat for hacking of various private activities (like logons to financial sites) later. It’s also called “Carrier IQ”. The link is here.

Could this risk be similar to that of keyloggers on PC's?

Trevor supplied a YouTube video:

Pete Williams at NBC explained Carrier IQ's response to a class action suit. This facility is only for quality control.

Visit msnbc.com for breaking news, world news, and news about the economy

"Forward Secrecy" will enhance https

2011-11-30T08:37:00.000-08:00

Parker Higgins at Electronic Frontier Foundation has an important discussion of a new security enhancement to “https” or encrypted sign-on, and that’s called “Forward Secrecy”. The link is here. Apparently, Google is introducing it with its accounts (to augment remote 2-step verification). With Forward Secrecy, some information needed to decrypt messages in the future is “ephemeral” and is never stored. It’s a kind of “reverse pay-if-forward”.

More on web sites "yellow-rated" by Webroot

2011-11-28T08:43:00.000-08:00

Since I have (somewhat consistently, recently) gotten yellow warnings from a number of sites from Webroot that McAfee and MyWOT accept, I looked up a review on PCMag, from 2011, here. The sites particularly include movie reviews, retail, and some foreign blogs.

The reviewer talks about McAfee and Norton flashing red-colored (blacklisted) pages that Webroot missed. I haven’t experienced this; on a few rare occasions, I’ve seen red pages from all, including MyWOT. Google and Bing (as well as Yahoo! safe search) seem less likely to include these sites these days from search results.

The yellow page is supposed to indicate suspicious behaviors sometimes associated with malware distribution or keylogging or other infectious behaviors, on sites that have not been "blacklisted". Webroot does not seem to say exactly what behaviors are suspicious; is it what we call “unsafe code”? One could wonder how the passage of SOPA might affect the way site-security ratings work (and the other way around).

It would be helpful if all site rating services could distinguish between hazards of computer infection (upon visitation or use) compared to a reputation for other bad business practices (such as was the case with Righthaven and MyWOT).

In some cases, I don’t give a link to a Webroot-yellow site; for example, I may be able to find a Facebook page for the company and use that instead.

Cyber attacks on utility infrastructure through public Internet are happening, according to Privacy Clearninghouse; bundling of land line phone can lead to home security holes

2011-11-21T21:18:00.000-08:00

A story by Selena Frye in Tech Republic, “Warning: this privacy website might depress you”, link here was link-tweeted today by Webroot.

The story is about a database in the Privacy Rights Clearinghouse that has come up with some incidents where the operation of a public utilities in the United States was compromise by cyber attack. One story concerned a water pump in Illinois. In 2002, some critics started warning that utilities could be vulnerable to terrorists with cyberattacks, but most people wondered why they were even accessible through the public Internet.

One could peruse the Privacy Clearinghouse Chronology of Data Breaches, link here.

There’s a least another reason for your power to go out.

Here’s something else: cable and FIOS companies are bundling land-line phone service with television and Internet. Home security systems are dependent on land-line connections, and a bundled service may be much less robust against both natural disasters and possibly deliberate attacks. The cable and home security industries need to start working together on this.

Update: Nov. 26

There are later reports that the water pump failure was caused by a foreign contractor but not by malware or hacking itself. Ellen Nakashima has the story Nov. 25 here.

Webroot scan shows a Kelogger for Chrome; not sure if false positive yet

2011-11-12T15:26:00.000-08:00

Today, Webroot Spysweeper quarantined a “commercial system monitor” that it called “Gumshoe Keylogger for Chrome,” with Sophos research report here (code AF770ECL). A commercial system monitor installed by an attacked on a home computer could steal passwords and personal or banking information.

In April, 2011, Google wrote an answer to a similar question about this (and another warning just called “Keylogger for Chrome” which it says are Webroot false positives. It’s not clear from the answer if this refers to the “Gumshoe”. McAfee is also discussed as having flagged warnings. The link is here.

A legitimate keylogger will exist in any browser that supports Search Auto Complete in Google. This topic requires more research. I'll have to notice whether future Webroot scans find the same item.

Update: Nov. 26

Webroot, under the latest release of Mozilla (but not Chrome) continues to warn about sites that all other site safety services accept, particularly some movie official sites and some overseas blogs about protests and detentions.

FBI, Estonian police bust huge botnet causing DNS contamination

2011-11-09T20:18:00.000-08:00

Trend Micro reports the takedown of a massive botnet Tuesday Nov. 8 of over 4 million nodes by the FBI and Estonian police, with the detailed technical story here. The takedown of Esthost is being called the biggest cybercrime bust in history!

The botnet comprised computers with DNS settings pointing to foreign IP addresses.

This story may be related to a report Monday of DNS “cache poisoning” in Brazil.

Ordinary home users in the US may not have been much affected. Cases of what may look like DNS contamination may result from misspelling of domain names to synonyms that are taken over by distributors of malware and fake anti-virus software or ransomware.

However, in July 2008, major security companies held emergency meetings at Microsoft over predictions of how DNS contamination could occur.

Update: Nov. 10

Shaun Waterman reports on the incident in the Washington Times, "Six Estonians arrested in 'cyber-infestation'" which he says affected about a half million personal computers in the US, and 4 million around the world, link here.

Cloud email and other Internet services start to offer 2-step verification processes, using cell phone; Gmail (Google account users) encouraged to switch to it now

2011-11-08T11:57:00.000-08:00

First, I want to recommend that everyone read the detailed article in the November 2011 Atlantic, p. 100, “Hacked”, link here. The TOC subtitle is "An inside look at the unsettling perils of cloud computing, and how to avoid them".

The writer describes an incident in 2011 when he and his wife returned from a trip to China, and one morning his wife found that her Gmail account was locked up. By logging on to his own Gmail, Fallows discovered that his wife’s account had been hijacked for a “Mugged in Madrid” scam.

What happens is similar to spam with sender spoofing, but it is more dangerous because the email owner’s account is logged into (by stealing the password) and used to send spam. In this case, the spam tries to collect money from “friends” of the victim. (It’s easy to imagine trying to do this with a Facebook Friend’s list.) Of course, with well-educated populations, most people will recognize the scam and not respond. But the scam is operated usually from a poor country, where the scammer needs only to collect from maybe 1% of the contacts to “make a living”.

It’s not clear how the password was compromised. The most likely explanation (multiple choice test question) is that his wife had used the same password (although strong) on less secure sites, including Gawker. It’s possible to crack passwords today even when the server like Gmail limits attempts from an automated script. (The same sort of issue has existed with using captcha’s to prevent spam, particularly spam blogs.) Since the logon is encrypted (https), it shouldn’t have been sniffed, but perhaps overseas in China it could have been.

As to the extra dangers: In theory, it would sound as though the account owner could have legal liability. Unlike simple spoofing of his sender name, the actual account is used. I haven’t heard of litigation or prosecution from this. But what if an account were hijacked from the cloud and used to send child pornography? Some prosecutors still believe in a potential “absolute liability” doctrine for misuse of one’s own resources. This would be a good question for Jeffrey Toobin or Richard Herman on CNN.

Fallows says that his wife's entire Gmail content spaces was deleted (usually this doesn't happen), and only because of recent changes in Gmail policy was the company able to restore it. Typically, companies are more concerned that they can permanently delete materials when told to by consumers (for privacy reasons). [Facebook may be the exception.]

Fallows describes the common transient attacks on Gmail, and recommends that users start taking advantage of Google’s two-step verification process, which has been in use for about a year. I just signed up for it today. The theory is that to log on a user must have not only a password, but also access to a physical cell phone.

The process applies to the entire account, not just Gmail. When you sign up, the process tests your cell phone first with an SMS message. (It does not force you to change the password if it is already strong enough.) You will get a second text (which you must use) for your first “live” logon. You can use one pw per computer (and once for every browser on that computer, in my experience) every 30 days. I presume that this means that if you have several laptops, you go through the process for each machine. (If your cable provider changes your IP address or you have more than one way to get on – by going to a hot spot, I’m not sure if you have to reverify I wonder if Webroot Spysweeper's prediliction for quarantining cookies will cause more frequent need for new verification codes.) When you plan to travel, you should set up your travel laptop the day before.

The process supplies backup codes and the opportunity to add a second phone should the cell phone not be working.

Owners of some devices (including Androids and recent Blackberries) can download a Google Authenticator, which generates codes not dependent on a cellular wireless connection. After download on the Blackberry, it can be found under “Downloads” (an envelope icon) and the application icon looks like a G in heavy metal. When I signed up, it did not give me the opportunity to use it.

Once you use the process, other applications (like Picasa for pictures) will require generation of one access code per app. Save these in hard copy (and back up on a thumb drive or Carbonite).

Google’s main link for the 2-part process is here.

Fallows’s Atlantic article discusses Gmail only, and doesn’t mention that the process applies to the whole Google account. But Fallows passionately recommends that everyone use it, as do most other security experts who write about it on the Web.

This suggests that banks (and especially brokerages) might start using a similar process to protect customer accounts. Other email providers, like Yahoo! and AOL, would be well advised to follow suit. (I have been spoofed many times on AOL, with a particularly massive incident in 2006, but never had the account taken – particularly dreaded in early days when my publications were on Hometown AOL.) Shared hosting ISP’s might also start using it; most have recently started to require strong passwords on everything. Would it be practical for Facebook and Twitter? Probably not – if mobile access is part of your strategy, how do you require the user to have a second device on hand?

(Second photo: from the DC Metro, Jan., 2012).

Update: Jan 27, 2012

Today, I couldn't physically grab my cell phone to open the text message from Google quickly enough, and it sent me a second text. When I finally opened it, Google still took the first verification code, which continued to work on the same computer (and same browser, Chrome; different browser will generate another code request). I'll have to make sure the code "stays down" today.

Site redirection to surveys occurs with wrong tld's on popular sites (as well as phonetic misspellings); Brazil reports DNS cache poisoning crisis, could spread to US?

2011-11-07T09:42:00.000-08:00

Today, there was an odd incident trying to access the “Khan Academy” online school, which was reported on CNN last night by Fareed Zakaria.

I found an old link to this site which, on my on May 30 posting on the Bill Boushka blog which, when I clicked on it, apparently took me to an online survey site. (This has been a problem when misspelling Facebook). I checked again on firefox and found that today the correct name is khanacademy.org, (the misspelling with "kahn" and .org resolves to “rm.910587.kahnacademy.org” but sometimes won’t load and leads to a connection reset -- again, suspicious behavior which should lead a surfer to suspect misspelling).

A Webroot scan subsequent to the accident found multiple spy cookies but no viruses.

If you enter KhanAcademy .com in Mozilla, it resolves to org. I also found fake entries for the .com version in Facebook.

It now looks like the wrong sites came from misspelling "Khan Academy" as (incorrectly) "Kahn". I also found fake entries for the misspelled .com version in Facebook. (I also corrected the Khan spelling on a May 31 post on the my main blog.) It's easy to scramble unpronounced letters in other languages.

Again, it seems that hackers to usurp unused tld’s of popular sites, as well as likely misspellings. "Social surveys" usually try to collect personal information and make money my gang-sending cell phone texts, as well as install spy cookies.

And now Net-Security is reporting that Brazilian ISP’s are encountering “DNS cache poisoning attacks” when visitors go to common sites like Google and Facebook, putting up fake pop-up windows with fake anti-virus software. The report posted today is here. Kaspersky has been reporting on the problem.

Is there any chance that the cache poisoning is happening to popular sites in the US, in order to implement crude hacks to get personal information?

Check my posts on the DNS crisis in 2008 in August 2008 on my "id theft" blog. Some attorneys with a technical and security background have warned that the SOPA or Protect-IP legislation now proposed in Congress could encourage DNS cache poisoning.

Android offers trojans that you have to pay for

2011-11-05T17:01:00.000-07:00

Webroot has an important story by Armando Orozco and Nathan Collier (on Twitter today) about websites dedicated to selling only rogue Android applications with Trojans. Not only that, the applications have legitimate versions often available for free. And users are cajoled into sending at least three premium rate SMS text messages. This sounds like a very bizarre scheme to be sure. You get what you pay for, all right (and that wasn’t always the case in my early days of buying classical music records).

Here’s Webroot’s link.

I don't think any of this applies to my "Obama-owned" Verizon Blackberry -- yet.

Web publishing industry could face existential threat from "malvertisements" -- malicious adware the gets past screening by major sites, publishing services

2011-11-03T10:47:00.000-07:00

Byron Acohido has a major front page story in USA Today on Thursday Nov. 3, “’Maldavertisements’ take their toll; tainted ads infect computers, send victims griping on Twitter”.

A security film “RiskIQ” (link) reports the spread of up to 15000 tainted ads from supposedly legitimate sites in May 2011.

It’s not absolutely clear from the story whether users were infected merely by the embedded display if the ad, or only when they intentionally or willingly visited the ad. The story seems to suggest that for a couple hours visitors could be infected merely by visiting a site called SpeedTest (link), which measures the effectiveness of broadband connections. Fortunately, the company caught the problem quickly. I just checked the site on Mozilla and found it has good trustworthiness ratings from everyone, including MyWOT.

Another firm reporting serious risks to home users is Stach & Liu, (website url) link.

The most common complaint seems to be “ransomware”, that locks up a user’s computer until the user pays a “ransom” by credit card for fake anti-virus “protection”, rather like an on-line Mafia protection racket. These ads have also been common in “spam” comments on blogs, but they are easily avoided when webmasters monitor comments before allowing posting.

USA Today also reports that users are complaining on Twitter (rightfully so), causing loss of readership and revenue for some sites. MyWOT reviewers often downgrade sites merely for carrying ads.

It’s pretty easy to see how this problem could become an existential threat to the whole website advertising industry, which supports “self-publishing” by newbies (apart from social networking).

Major companies do screen the ads, but criminals have been finding ways to get around screening procedures, as detailed in the USAToday video. Some ads are sold through networks of “middlemen” (or maybe like novelist Thomas Costain’s “moneyman”). Some find ways to mimic “legitimate” sources with a process that seems to resemble sender-spoofing in email, leading to spam.

The New York Times had a major incident in the fall of 2009 with a malware that pretended to come from Vonage. It’s not clear if the malware was launched merely by visiting the NYT web page. Ashlee Vance has a story Sept. 14, 2009, here. I see that I have a blog posting on that incident Sept. 14, 2009 here.

It’s not clear if Mac users have been affected much.

The link for the USA Today story is here.

MyWOT, Mozilla, Webroot mark wel-lknown advertising service, on well-known sites, as unsafe

2011-11-01T12:35:00.000-07:00

Today, when I went to RogerEbert.com on Mozilla and looked up a review of the “4M’s” movie, I got an interruption warning from MyWOT about zedo, which is a company that delivers “advertising technology solutions” to publishers. The way MyWOT seems to interact with Mozilla and Webroot, it left the impression that continuing was very dangerous. I found this hard to believe from a well-respected site. When I checked MyWOT on zero, I found merely yellow warnings from users, here.

I can only add that Webroot is very strict about certain kinds of advertising cookies being used, when other security software allows them.

I find that some of my blogs get marked down for "vendor reliability" by MyWOT merely because of the ads that they accept.

Cyclist implicated in hacking scandal, attack on drug-testing company in Europe

2011-10-27T07:56:00.000-07:00

Well, apparently cyclist Floyd Landis didn’t stop at shaving his arms and legs for competitive edge, or even at using performance enhancement steroids. He’s accused by French authorities of employing a hacker from Kargus Consultants to plant a Trojan to lift documents from the anti-doping lab. A story connects Kargus to breaking into Greenpeace and French utility EDF. The story by Greg Masters is on SC Magazine and was tweeted yesterday by Webroot, link here.

Sophos (the anti-virus company for Webroot) has a story here.

CIO has a more detailed story by John Dunn explaining how an email transmitted the Trojan, link here.

Webroot warns on sites no one else objects to; Norton warns on the MacBook on an Apple subsite!

2011-10-18T09:07:00.000-07:00

Recently I have noticed that Webroot Security (Spysweeper) also places site warnings on MSN and Google search results in Firefox and IE9 (not Google Chrome). I have also noticed that once in a while Webroot provides a yellow level warning (that the site exhibits behaviors similar to other sites known to have spyware, malware or viruses) on some sites allowed by McAfee and MyWOT. For whatever reason, Webroot seems to be stricter than some other services. It could be related to advertising accepted on the site.

For now, I won’t give a link to a site warned by Webroot; if a reader finds this in one of my postings, he or she can search quickly in Firefox to get the warning and decide for the self.

When in Bing, Webroot will sometimes give me two icons, a green OK one, and a yellow warning in the same, in IE (but in Mozilla I just get the warning icon).

Kaspersky does not warn on these sites.

On the Apple MacBook, Norton had no objection to these sites under Safari browser. But Norton warns on Apple’s own “Time11” app on the Steve Jobs page.

At more than one Best Buy store, Geek Squad employees have told me that both Webroot and Kaspersky catch many more threats than McAfee and Norton.

Site rating services could gradually become a problem for "amateur" bloggers and other webmasters, because one's site can get downgraded by linking to other sites that someone has downgraded.

Update: It's not over for today. Now, Chrome and IE are warning on some security certificates from Twitter links, even without https. Chrome talks about a domain name mismatch (like the 2008 "big problem" that caused a conference at Microsoft). Maybe everybody is getting stricter. In one case, the Tweeter does everything on MacIntosh (I know the person) and may not even be getting the error.

Second update: Webroot scan found (and quarantined) an unusually large number of spy cookies, but no viruses. I have not heard of a lot of the cookies. It may well be that Webroot has tightened its standards for what it considers acceptable cookie behavior. Probably the spam email in my in-basket will go down.

Cyberbullying said to be the main reason school bullying is worse than ever in some communities

2011-10-15T13:21:00.000-07:00

Today, AOL and Everyday Health offered a 5-point essay by Allison Takeda, “The Hidden Dangers of Bullying: 5 Reasons Why Bullying Is Worse than Ever”. In a word, Cyberbullying, because so far it has been so easy to do it anonymously, and 24x7. I suppose kids could just stay off the computer at home, except for homework, to get away from it.

Again, there are real questions as to what age kids should be able to have social networking accounts, and good questions, that go both ways, about anonymity. And there are good questions about the authority of schools to police activity that happens off campus, and off hours.

The link is here.

Webroot security rejects some shortened url's for twitter supplied by well-known sites; they work in tinyurl

2011-10-12T08:49:00.000-07:00

A story by televisions station WJLA in Washington on a major incident on the DC Metro Tuesday (here) involving the safety of patrons, came with a short url for tweets that Webroot flagged with orange as associated with spam and identity theft. When I used tinyurl to generate a shortened URL, Webroot accepted it. I don’t know why Webroot security package rejected a shortened URL that the WJLA site had itself generated for use in tweets.

As for the story itself – it’s not really an Internet matter – but the DC Metro should consider putting in plexiglass panels to protect the tracks, as is done on some lines in London and Paris. And why do Metro computers shut down the escalators when the station is crowded, trapping everyone?

I have to add one other comment. I wasn't there, fortunately. But it could have been me getting trapped in Rosslyn. I could have wound up with the heart attack or stroke because of someone else's "attempt" to take his own life. The loss would be irreversible.

USAF drones infected by a computer virus; related to protests? to Assange?

2011-10-10T11:20:00.000-07:00

This little story is irresistible. RedOrbit reports that US Air Force drones, similar to those used by the CIA for hits against terrorists overseas, have been infected by a computer virus. So far, effectiveness of operations has not been affected, and classified information has not leaked. This sounds like a “proof of concept”. The link is here.

The original story was by Noah Shachtman on Wired, here. Curiously, this story hung in Windows 7 IE 9 with a “long running script”, for me at least (disable scripts before viewing).

Could this drone infiltration be related to Julian Assange’s group, to “Anonymous”, etc?

Or could it relate to the “presence” of CIA drone models at many “Occupy” demonstrations recently, or attempts by activists to break in to the Air and Space Museum Saturday where a drone model was on exhibit?

Webroot ran the tweet on the story today.

Details Magazine has a guide to "hackproofing your digital life"; also a guide to cloud storage

2011-10-06T07:20:00.000-07:00

The October 2011 issue of Details has black page (58), “A User’s Guide to Protecting Your Privacy”, with the online blog report here.

There are devices for the cell phone (Lookout Mobile Security), home (Dropcam camera), Laptop (Prey), Car (Viper SmartStart GPS), web browsing (Cocoon), and passwords (Last Pass). I’m not sure I’d want all my Internet browsing rerouted to someone else’s server, or all my password signons dependent on an outside service either.

The printed version also compares four off-site cloud storages (Apple, Amazon, Google, Windows Live). It doesn’t compare off-site backups (Carbonite, Mozy, Webroot). Do you need both? Do you want to depend on your broadband to be up all the time to access your own data?

Firefox security upgrades knock off website rating plug-ins

2011-10-03T09:30:00.001-07:00

Once again, Firefox interrupts me to upload a security update. Then it tells me that it has to drop the plug-ins MyWOY (My Web of Trust) and Webutation. MyWOT came back on its own, but not Webutation.

I’ve noticed that if you accept ads, even if you don’t sell your own products directly – or if you sell through Amazon but not on your own site – some visitors will mark you down on “Vendor Reliability” or “Privacy” in MyWOT even though you don’t collect any personal information or require signon.

Compromise of digital certificate authorities (CA's) leading to fake blogs, fake social networking profiles, to steal PII and phish

2011-09-28T10:11:00.000-07:00

Byron Acohido has an alarming story on the front page of USA Today on Sept. 28, “Hackers shake web to core: security at top levels questioned” in print, and “Authenticity of web pages comes under attack” online, here.

The story concerns the hacking of at least three companies that function as Digital Certificate Authorities, or CA’s. At least one firm in the Netherlands was put out of business by the hack.

More interesting is that hackers don’t seem to be targeting services that banks and payment service use. Instead they seem to be going after social networking and blogging sites, sometimes impersonating legitimate sites or blogs, apparently as another scheme to harvest PII (personal information). It sounds as if this activity links into the problem of “spam blogs” and associated “link farms”, since these are often formed by scraping legitimate blogs and are difficult to detect reliably (this was a big issue for bloggers in the summer of 2008, including an incident where fake reports on a couple of disturbing national security-related slayings in the DC area were circulated). It would also bring up the subject of faked or hacked profiles.

For example MSNBC today reported a Facebook scam where a woman was conned out of $2000 by someone impersonating her sister, link here.

McAfee gives incorrect warning of no Internet access on old XP laptop

2011-09-27T05:48:00.000-07:00

An odd event occurred Sunday as I maintained my own 2006 Dell Inspiron laptop, which has Windows XP and McAfee.

It gets slow in both downloading Microsoft updates and running McAfee’s scan. This time, I had pulled some old data off and copied it onto a flash drive, while the McAfee scan was unusually slow and started with the HLKM’s, which I thought were the Windows registries. Finally I canceled the scan and let the updates install. Then I got a low on memory warning, and the Internet notification icon started blinking. I tried to restart using the update start button, and it wouldn’t. So I pressed the off button.

It rebooted normally, and seemed OK, and the wireless Internet connection with Verizon MIFI came up. But this time McAfee flashed the red “Your computer is not secure” and saying it could not check for updates and was not connected to the Internet, when the Internet browsers (Firefox) worked on uncached materials. A quick scan ran normally and found no problems.

WSJ says naive employees make themselves targets for corporate hackers, both with "professional" blogs and with at-work behaviors

2011-09-26T14:28:00.000-07:00

Geoffrey Fowler has a stinging article in today’s Wall Street Journal, indicating that the biggest security threat for most firms is gullible and loquacious employees (“YOU”), with the link here. Webroot tweeted this link today.

I was surprised to read how easily employees are fooled by phishing attacks from the outside and click on links. But when I worked for ING-ReliaStar-USLICO, most of the emails I received were internal. In fact, until about 1995, most of the emails came on the mainframe from SYSM (as a CICS region).

One issue is how much information employees post themselves, even for “professional” purposes on sites like LinkedIn. Blogs are an issue, but social networking sites like Facebook and Twitter may pose less of a targeting risk than the more “professional” ones. Employers would need to consider these exposures with their blogging policies.

Customer service workstations could get infected by trojans that would scrape personal information from clients or customers in the general public.

At ING, we actually were infected with a virus called “Magister” three business days before 9/11 in 2001, and my work station remained clean. It was a big deal, but it would all be forgotten the following Tuesday.

Austin TX police department had planned to warn residents about unsecured WiFi routers

2011-09-24T07:53:00.000-07:00

Electronic Frontier Foundation is reporting about a plan by the Austin TX police department to “test wardrvie” in residential and commercial neighborhoods and look for wireless routers that are not properly secured (presumably with passwords and desired to levels of encryption).

Police were going to issue warnings to residents and local business owners with unsecured WiFi conncections.

Rainey Reitman has the story for EFF here.

The story doesn’t note where Texas has a downstream liability law that could hold residential WiFi users responsible for illegal use of their connections. Whether there should exist such a law would set up a real debate, but EFF calls this a “Tragedy of the Commons” (Wiki article url ).

The Austin Police have postponed the plan.

KVUE has a story on the incident here.

MiFi devices for travel may be safer because they require a long random code for entry to activate (unless they are physically lost).

EFF tweeted the story today. Let’s see if Webroot also tweets it.

Wikipedia attribution link for downtown Austin picture. My last visit was in 2005.

Fake surveys -- they're back (this time on tinyurl misspelling)

2011-09-21T11:21:00.000-07:00

“It” happened again today. I went into tinyurl.com – don’t see how I misspelled it, but maybe I did – and I got directed to one of these “social rewards” surveys – intended to spam your cell phone with “guessology” and the like and run up your minutes and bill. I had accidentally gone into the 64 bit Internet Explorer instead of the usual 32 bit one, but I don’t see how that makes a difference.

Watch your spelling!

Citibank-imitation phishers tout solutions to "identity theft"

2011-09-19T07:03:00.000-07:00

Here’s another wrinkle today on phishing. I get an email from Citibank, or was it Citicards (where I have an Master Card account) titled “identity theft solutions”. Inside is a not very transparent attempt to get personal information. This one didn’t both to copy the trademark (which the Bank of America phishers do.)

The abuse department of Bank of America always responds to forwards of phishes, but I haven’t found that other banks (Wells Fargo and Citibank) respond.

NBC News Twitter feed hacked

2011-09-18T09:23:00.000-07:00

The Twitter account of NBC News was apparently hacked with bogus reports of another attack at Ground Zero, according to a story in the Huffington Post this morning, here.

NBC discovered the hack and removed the posts quickly, and apologized to readers.

A group called “Script Kiddies” claimed credit. We’ve heard of them before.

Was NBC using Twitter exclusively under https?

A license for webmasters? Obama administration debates stiffer penalties for hackers, stricter security standards for sites

2011-09-10T08:52:00.000-07:00

The “Hill’s Technology Blog” is reporting that the Obama administration is considering recommending much tougher sentences for those convicted of participation in hacking and various fraud schemes, link here.

It should be noted that usually when people are arraigned for computer crimes and get bail, they are required to stay off the Internet completely even before conviction, under probable cause.

There is also debate on whether to hold companies (those who process consumer PII) to specific standards of security. Although the article focuses on large companies, especially financial institutions, rules could affect ordinary webmasters, at least if they take credit cards. Whether downstream liability should be tied to adhering to certain standards is being discussed.

Are we heading toward a day when one will need a “license” to have a web site?

Webroot tweeted this story early Saturday.

New Jersey students discuss new anti bullying law, which covers cyberbullying off campus

2011-09-07T16:53:00.000-07:00

In this web-only NBC Nightly News clip, New Jersey high school students talk about cyberbullying, both on Facebook and especially Formspring.

One boy said that kids tend to believe, “If it’s on the Internet, it must be true.”

New Jersey, in the wake of the Tyler Clementi case at Rutgers (university) has passed the toughest anti-bullying law in the country, incorporating off-campus Internet activity, too.

Visit msnbc.com for breaking news, world news, and news about the economy

Do auto insurance companies, like banks, eschew getting info from customers by email?

2011-09-03T16:10:00.000-07:00

Today, I received an email from Geico asking to link to a questionnaire for an update of records.

My insurance would renew in January, so it’s early. But I did change it last Spring for business use.

The email, however, gave a spelled out https link which, when I went to Geico’s site that way, found no such questionnaire, just the usual information on one’s policy and its billing or paid-up status as well as coverages.

I thought insurance companies would contact you by US mail to update information, not email; pretty much as with banks.

I didn’t click on the main link, I just went to the site myself.

This is an odd one. It arrived on a Saturday, too. I would certainly call Tuesday and check something like this. The email asked for a reply within 30 days. Again, odd.

Reformed hacker Kevin Mitnick publishes his "code of conduct"

2011-09-01T05:30:00.000-07:00

The National reports that formerly imprisoned computer hacker Kevin Mitnick has a new book, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker”, published by Little Brown, Amazon link here.

The news story about the book, tweeted yesterday by Webroot, speaks of Mitnick’s “code of conduct”.

Mitnick was released from federal prison in 2000 and has become trusted as a security consultant.

One of the most memorable lines in the opening sequence of the film "The Social Network" was "let the hacking begin!" There is still a cultural idea that "hacking" is something that "real programmers" should prove they can teach themselves to do.

Pictures: The Jail Museum in Warrenton, VA. A friend in Minneapolis, a stand-up club comic, used to say "Stay out of jail. Stay out of the penitentiary."

Facebook notification emails invite spammers to imitate

2011-08-29T15:07:00.000-07:00

Webroot has tweeted along a link to a Zdnet story giving examples of phishing attempts that imitate legitimate Facebook notifications. The link is here.

The complicated URL’s used by Facebook, and the buttons can appear on legitimate notifications, a possibility that invokes criticism for the story writer Ed Bott. But users can also check with their mouse without clicking whether links are legitimate.

Newer browsers, including Safari, Google’s Safe Browsing and Microsoft’s Smart Screen are supposed to be able to detect the phishing attempts. Many email programs like AOL will not correctly identify all of them.

What Bott offers her e is a good true-false quiz. It’s rather like a TSA quiz of employees expected to identify dangerous carry-ons.

A few months ago, spammers propagated a scam involving site “guessology” and fake surveys when misspellings of “Facebook” were keyed in. I reported this (Feb. 27, 2011) and some people confirmed running into this.

Security risks increase on social networking sites because of natural human gullibility

2011-08-19T07:35:00.000-07:00

A story by Steve Ragan in Tech Herald maintains that “many social networking platforms are still a gold mine for criminals online”, link (website url) here.

The report cites a study by Webroot (tweeted yesterday), which examines the natural tendency for people to trust their “friends”. But you can’t know a thousand people well enough, and that’s where the crooks can get in.

People who use the web more as a publishing platform and who network passively seem to be at less risk.

Younger adults -- professionals and college students, especially talented, attractive or popular “kids”, often attract hundreds of friends or followers. So do people whose business is to build client leads and sell to them, like insurance agents. The problem is that among so many people, a few will be untrustworthy. It can be dangerous, for example, to announce vacation plans or when you will not be home.

Webroot reports that over 18% of social networking users have been infected by Koobface viruses.

Pew did a study on the perception of Internet users on their friends’ “trustworthiness”.

In a public Wi-Fi environment, be wary of how you count on https

2011-08-16T09:09:00.000-07:00

Here, from “The Insider Online”, is another summary on the question, “Are free public wi-fi networks safe?” That includes “free wireless Internet” in many hotels (only a few offer Ethernet cable, which is safer; that’s what I had at a Holiday Inn in New York City in June, and it was great).

The link for the article is here.

The upshot is, no it isn’t, for entering anything with personal information or pw’s. In a public wireless environment, even "https for logon only" is not safe enough; do personal stuff only if the entire site is https (with SSL).

Here’s a little article on how Firesheep works, and a Wiki article on it, too.

A safer option for travel is a personal MiFi "secure" hotspot, for example, the Verizon device shown here.

I have used hotel WiFi (before I got the MiFi) without any incidents. However I find a MiFi card works very well on the road, and will operate on battery for some time in an airport lounge.

Security of client data when people telecommute is becoming a bigger issue; a Seattle hospital gets hit

2011-08-15T10:13:00.000-07:00

People who work from home may be inadvertently exposing clients of their employers to theft of information. A news story in SC Magazine reports how an employee accidentally exposed data on patients of a Seattle hospital through changes in his home network, link here.

Although it has become popular for some employers to expect associates to supply their own systems for work-from-home jobs, security standards for these arrangements don’t seem to have gotten the systematic attention they need.

It may be less of an issue as long as the employer supplies the laptop (which may have been the case with the hospital in this story), but employee home networks could be subject to Wardrive attacks if not properly password protected and encrypted.

A safer solution is for the employer to use a reliable and totally separate and encrypted online access, such as Verizon cellular wireless, with RSA Tokens for sign-on. Using an employee's hardware (even cell phones, with the saving of phone numbers and messages in memory) always adds to potential security threats.

Media reports are mixed on "Anonymous" threat to Facebook, scheduled for Nov. 5

2011-08-10T10:56:00.000-07:00

There are wide reports that elements of the hactivist group “Anonymous” have threatened to invade and shut down Facebook on Saturday, Nov. 5, 2011.

For example, here is the CNET story by Chris Matyszczyk, with some mention of the WB film “V for Vendetta” here.

Chloe Albanesius has a more analytic article at PC Magazine here.

Business Insider has a briefer story with a portrait of Mark Zuckerberg, and a disclaimer from Anonymous leadership, here.

The original YouTube video complains that Facebook continues to sell personal information and that information cannot be deleted even by closing an account.

Ironically, Facebook has recently been arguing in public that anonymous use of the Internet should be banned, despite the importance of anonymous speech in the recent "Arab spring" and for civil disobedience against authoritarian regimes.

Las Vegas Black Hat convention: possible remote threats to PC batteries, cell phone and cellular wireless transmission

2011-08-05T14:07:00.000-07:00

Some scary stuff is coming from the Black Hat security convention in Las Vegas. According to a CNN story, a hacker has developed a way to interfere with the battery charging technology in a Macbook remotely (presumably this could be done with a PC, also), to cause the computer to stop running or conceivably even explode. This sounds like the stuff of a sci-fi channel movie, but it could happen.

Another exhibit showed how homemade drone “airplanes” could disrupt cell phone towers, and probably cellular wireless transmission particularly popular with telecommuting arrangements with employers.

About two years ago (and discussed earlier in these blogs), the Washington Times had discussed military microwave weapons that, of acquired illegally, could destroy all the electronics in a neighborhood of a city.

The CNN story link is here.

Somini Sengupta has a Business Day New York Times story today “Guardians of Security are Targets”, link here about hacker attacks aimed at antvirus and Internet security companies themselves as well as government agencies.

Amy Winehouse tragedy inspires rather obvious phishing scams

2011-08-02T07:09:00.000-07:00

Webroot is warning users of widespread Trojans spread by phishing emails exploiting the death of Amy Winehouse. Phishing based on celebrities, especially when they run into tragedy, is nothing new. Back in 2000, a major corporate partner of mine was fooled by a virus involving a tennis player, in a time before phishing was widely understood.

This time the hackers are focused in Brazil as well as China and are mainly motivated to invade bank accounts, as usual.

But it’s an easy ruse to miss. Just don’t click on links in unsolicited emails, and as usual, mark suspicious emails as spam. Let’s see if the ISP’s catch this one automatically.

The link for the tweeted Webroot story is here.

A note on interpreting MyWOT ratings.

2011-07-24T11:39:00.000-07:00

I’ve noticed something about MyWOT (My Web of Trust) ratings. Generally, I find I get green (good or excellent) on trustworthiness everywhere, but sometimes yellows on vendor reliability and privacy items on blogs that have ads and particularly those with many third party gadgets around the margins for decoration. MyWOT will provide the description "unsatisfactory" on the "yellow" subcategory even if it shows "good" for the site as a whole.

Also, if any subcategory is “yellow” or less, the MyWOT report will display a warning from Panda Security that the site could have content of questionable safety and recommend purchase of the security package for browsing. I use Webroot and McAfee and sometimes do get warnings (especially from Webroot) of sites known to be unsafe. I have MyWOT installed with Firefox. (I'm no longer able to find "Webutation").

I don’t sell anything directly on any of my sites or take any information from users. (I do link to e-commerce, including Amazon and iUniverse for my own products.) Gadgets, however, and of course ads, might themselves encourage visitors to make purchases or supply personal information. Visitors who rate sites, as well as automated rating programs, may react negatively to the presence of some of these items in deciding ratings.

Some visitors may wonder about the safety of embedded videos, especially those not from well-known services like YouTube and Vimeo, but perhaps those from movie sites. Some embeds may have adult content when the blog invoking them does not.

My flat sites have “good” on trustworthiness but no ratings at all on reliability, privacy, or child safety. Recently, MyWOT seems to have recalibrated some ratings. And many sites that I visit do not have ratings at all.

Some of my blogs do have “good” on these intermediate subcategories, but some (not all) say they inherit ratings from blogspot.com.

This link discusses WOT’s components (look for that string of words).

By the way, Facebook gets a “low” excellent on all subcategories (meaning it isn’t perfect). Twitter’s scores are a little higher (but I actually think Facebook is safer personally). Myspace gets green everywhere, but “barely”.

Tales of the MacBook and Norton et al; small businesses now at more risk from hackers, with "investigations" at their own expense

2011-07-21T17:54:00.000-07:00

I finally got around to putting Norton on my MacBook today, as I prepare to use it more. Pretty simple, but the restart takes a long time for a Mac. I opted out of the LiveUpdate until I have it on a better connection. The whole product seemed minimalist. I still do 95% of my stuff in Windows (on a Toshiba notebook when I travel), but my habits will change.

I noticed something else with iMovie: it won’t find movies to import from a camera unless you connect through USB before starting iMovie. Instead, it will invite you to film yourself with the webcam. And if you disconnect, Apple tells you to go into File with Finder and Eject, but sometimes the Eject is grayed out.

Today, the Wall Street Journal had a disturbing story in print, “Hackers Shift Attacks to Small Firms”, with online video here; the story is by Goeffrey A. Fowler and Ben Worthen. It related a small business, City Newstand, which was forced to spend $22000 for MasterCard for an investigation when hackers stole consumer information and sent it to Russia. I have never taken credit cards or solicited personal information on my sites; I leave that to Amazon and other e-commerce vendors.

Webroot quarantines bizarre-named virus "Af770ecl"

2011-07-20T21:06:00.000-07:00

Today, Webroot ran its scheduled can, and took a long time to display only four of the six items it said it had found. I looked at the quarantine, and at one point recently it had found “Af770ecl” and labeled it as a virus. Spysweeper did not have a record for this virus in its database (so I presume Sophos doesn’t, either).

But I found this report in the middle of the page for where “dharmadave” writes “Also, every time I boot up, Webroot says that "a serious threat has been Quarantined." There are two it keeps identifying as five-bar threats: af770ecl and Troj/Fake AV-ECB.” The link is at a UK site called “Free Help”, link here.

I haven’t noticed the symptoms he mentions. I have Windows 7 Professional rather than Vista.

Does anyone know anything about this "virus"?

Android security has become a big topic

2011-07-19T20:48:00.000-07:00

Today some media outlets discussed an Android smartphone security suite from a company called Lookout, CEO John Herning (link).

Malware authors have been providing infected applications mimicking those provided by banks and other legitimate companies, resulting in serious threat to loss of personal information and financial passwords for people who bank with smartphones.

AndroidGuys has a story explaining how typical android Trojans, like “GGTracjer”, work, link here.

The latest phish: a full AOL mailbox warning

2011-07-15T07:10:00.000-07:00

Here’s the latest silliness in the world of phishing. Some sends me an email saying that my AOL mail box is full, with a link.

Of course, if it were full it wouldn’t have shown up. It’s true, AOL stopped deleting recent messages a couple years ago, and I have about 4000 messages. And AOL is a bit slow, and AOL repeatedly fails to catch spam about its own billing system.

But the “full mailbox” is a new one.

Tech Republic has video on home, small business wireless security; consider recent industry initiatives to give owners more downstream responsibilities

2011-07-13T08:41:00.000-07:00

Bill Detwiler (same last name as a promising Washington Nationals’ pitcher) gives an informative presentation on home and small business wireless security in this Tech Republic story, link; it'a 5-minute video.

His presentation is based on an earlier piece by Brian Posey of “10 best practices”; the closest original I could find was a Wordpress "Technology to Business" blog entry here.

Detwiler warns small businesses and homeowners against using old or recycled routers, of not resetting admin names and passwords of reused routers, of possible dictionary attacks, and against relying on Mac address filters. He also warns against leaving routers “abandoned” and still on (unused for many days or weeks, as on vacation).

I reported Friday July 8 on my main “BillBoushka” blog about a recent industry initiative that could hole home and small business wireless router owners responsible for copyright infringements done by “wardrivers”, a danger that could also exist with downloading child pornography with someone else’s router (this has happened, at least in Florida and in New York State). The law may be evolving on potential downstream liability for router owners for inadvertently contributing to a crime or tort.

"Smishing" attacks now mimic Facebook "notifications" from administrators, not just "Friends"

2011-07-05T17:03:00.000-07:00

Here’s a new one. Phishers sent you Facebook a “Facebook notification”. If you cursor over the link, it is to something else (offshore). If you copy the web address, it’s not on Facebook. This one is pretty “good”, copying the Facebook trademark and automated email scheme exactly.

This seems to be a variation of “smishing”, where fake emails are sent to “Friends” lists of hacked accounts. Instead of coming from a “Friend”, it appears to come from a Facebook administrator – until you notice that the actual URL is offshore. Maybe China really does “want” Facebook after all.

IMDB official site link leads me to a rogue survey; a DNS spoof?

2011-07-01T12:07:00.000-07:00

Today, while I was looking at the Imdb entry for the horror film “Psychosis”, I clicked on the “official site” link and was taken to “Vividthemovie.com” which attempted to lure me into a survey. On Mozilla, I found no entry in MyWOT. I wonder if this is an instance of some kind of “DNS spoofing” that was considered a security threat in 2008, precipitating a security forum at Microsoft that summer, and written about in my “identity theft” blog in August of 2008.

I did not click on the survey or do anything. Remember, last winter (see Feb. 27 here) there was a fake survey that was launched by misspellings of “Facebook”, resulting in unwanted cell phone spam (which fortunately can be stopped before it causes charges to mount). A hard reboot and Webroot virus scan found nothing except a couple of unusual spy cookies, which were quarantined.

AOL targeted by phishing attacks bigtime tonight

2011-06-30T20:22:00.000-07:00

This evening, I noticed two emails claiming I had recently contacted AOL support. I’ve gotten aol billing emails that seem to be phishing, this is the first time I’ve seen a boorish email mentioning tech support. My email suppresses html display, and a link. This time, the email program did not show the actual link when I passed the cursor over it.

Is public WiFI OK if you use https?

2011-06-28T19:07:00.000-07:00

Webroot passed around a link “5 Tech Mistakes Travelers Make on Vacation” on Tech News Daily, here.

Of course, we know that free wireless networks are unsecured, but I thought it was OK to use https, encrypted logons, for sensitive stuff. The article says use public wireless only for kids stuff.

I would add the advice, to have a secure MiFi card for a hotspot, which you can take through TSA security with your laptop and cell phone, no problem. By definition, it’s more secure that a public network. And MiFi is getting reasonably fast, although not as good yet as broadband cable or home wireless directly connected to broadband.

Some security experts are saying never to post travel plans online in public sites.

But answer the question: is it OK to use public wireless hotspots with personal information if you use encrypted logons, https?

I’d add a couple other things. Remember that car keys and house keys fall out of pockets in taxicabs, especially if carrying bulky old European hotel keys. If you lose rental car keys, sometimes you can lose your travel insurance on the rental.

Families still at risk from kids' surfing other home computer practices; inability to maintain antivirus software found by GFI

2011-06-27T07:38:00.000-07:00

AOL, on Monday June 27, led off the day with a basic article on family online safety by Denna Glick, “Study Finds Teens, Parents Take Online Risks”, link here.

Even though kids may be more tech savvy, they may be exposing families to substantial risks in terms of potential identity theft, bank losses, or home security problems. GFI Software, from Cary, NC, (website url link) )commissioned a study and found that about two-thirds of homes did encounter computer viruses on home or “family” computers. It found that many parents are careless in allowing kids to use work-related computers, which may be corporate or government laptops, or sometimes are desktops set up for work at home or telecommuting (or oncall support). It also found that many, perhaps most, families did not keep anti-virus software updated properly. This could put families at legal risk. One problem may be the ability of anti-virus problems to fix problems easily when problems occur; many parents don't understand how to work with tech support and do complicated diagnostic downloads, or may not have stable enough high speed connections.

GFI provides a link to a related UK story on surfing by John Leyden, “Survey scammers target Doctor Who fans”, here.

"Phishing" gets supplanted by "smishing": social media phishing could be much more dangerous than email's was

2011-06-22T12:11:00.000-07:00

According to a Webroot blog story tweeted recently, the latest variation on “phishing” is now “smishing” or social media phishing, sometimes from hacked Facebook accounts, with the Ian Moyse (EMEA) story URL here.

It seems as though there is a black market in Facebook logons, which could result in tarnishing the reputations of the targets, their accounts being wrongfully closed or accusations being made against them, although in the email world that concern (over sender spoofing) hasn’t really materialized.

It seems as though any online user needs to check all his or her accounts frequently. In the mainframe work world, back in the 80s, we used to be concerned that fraud could be committed in your name if you left your terminal logged on when you weren’t there.

Odd anti-virus renewal problem; Another phishing strategy

2011-06-17T19:42:00.000-07:00

An interesting thing happened on the way to a forum. I took my Toshiba laptop, W7, with Kaspersky. Kaspersky immediately told me that the subscription renewal (due June 28) had failed. When I tried to fix it, I got a 403 forbidden error on its site.

The problem all went away when I logged on to the hotel’s wireless gateway, entered the password code and accepted its TOS. But it’s an odd way for an anti-virus program to report a “false positive” problem.

In the phishing arena, the latest is for a party to emulate Wells Fargo, and claim an SSL socket layer update, complete with WF stagecoach trademark logo.

Kaspersky offers unusual email anti-spam training on my old XP machine, requires use of Outlook

2011-06-06T19:56:00.000-07:00

Today, when I came back from vacation and booted up an older Dell 8300 desktop with “just” Windows XP and Kaspersky (installed by Best Buy/Geek Squad at the end of 2009 after a hard drive crash and replacement), I got a notification message from Kaspersky of “mandatory training on non-spam emails”. I don’t know what this could mean. I tried the wizard, and it wanted access some emails in Microsoft Outlook. I don’t use Outlook, so I closed the wizard.

I always do get warnings to update the Kaspersky database, which happens automatically. But the email notification makes no sense. I have a small travel laptop, Toshiba, with Windows 7 Starter and Kaspersky, and get the normal updates, but have never seen this email thing there. On the Toshiba machine, Kaspersky always offers to scan any thumb drive used to transfer or backup files.

One other oddity I've noticed: a few sites can be communicated with only by Outlook. They don't tell you an email address you can paste into AOL or Yahoo! or Gmail, and don't offer a special script to avoid spam (the way most newspapers to). But I still haven't bothered with Outlook. I don't think we should need it. It used to be the target of every spam virus in the world.

Debate on FBI's tackle of Coreflood botnet rages; :spearfishing" to get govt info from employee personal computers

2011-06-01T13:53:00.000-07:00

SC Magazine has a “pro and con” debate on the FBI shutdown of the Coreflood botnet, apparently by executing attacker code and affecting some US machines. Jim Bardin from Treadstone 71 argues for it, whereas Chris Palmer from Electronic Frontier Foundation argues against. The link for the article is here and was tweeted by Webroot today.

There’s another “pro” column by Bruce Schneier here.

Any course of action was risky.

eWeek has a more detailed article by Rashid as to how the counterattack worked, as it was complicated by “beacons” and rebooting machines, link (April 28, 2011) here.

Google today announced some opportunities, including 2-step verification, to tighten up Gmail after it researched a phishing and malware scheme that had originated from China and that was apparently used to track people, possibly political dissidents. The official corporate blog entry is here and it was announced on Twitter today. The extra steps of security verification would include receiving a text on your cell phone.

CNN described a technique called "spearfishing" (or spearphishing) to try to get government or business information from employee's personal computers. The attacks seem to have involved government executives and perhaps others at contractors and may originate particularly fro China.

Webroot produces video on firewalls

2011-05-31T06:53:00.000-07:00

Monday Webroot tweeted that it had produced a 4 minute YouTube video “Webroot Threat Reply: Firewalls” (actually the word "Threat" is spelled "Thre@t"), with Armando Orozco, directed by Andrew Brandt.

The video makes the point that additional vendor firewalls (above the level provided by Windows Vista and 7) prevent outside Internet contacts from using authorized programs on your computer. It’s normal to want your browser to have access to most executable applications, but not for other programs to.

The video also shows Webroot’s headquarters on the plains near Denver. It also makes the physical analogy, through animation, to Medieval moats and castle walls.

The low-down on Mac security is crawling out of the woodwork

2011-05-24T19:47:00.000-07:00

PCWorld and InfoWorld have a story by Robert Grimes assessing the situation with Malware and Mac OS X, here. There is a general feeling that the Apple’s “sudo” approach to privileges makes it less easy a target than Microsoft’s UAC (user account control) concept.

There was also a major story in Computer World by Greg Keiser about fake anti-virus software for the Mac here. When I bought the MacBook in February, I did pick up a Norton Security Suite, but I haven’t installed it yet. I haven’t really used the Mac that much, so I ought to get with it. Will report on it soon .

Many of the security concerns have to do with phishing and sites with poor reputations, which could affect either platform. And now we have a new topic, which doesn't even require your PC to be on: home router safety.

Update May 25:

Yahoo! has a news story saying that Apple will soon release patches to OS X "feline" operating systems to deal with MacDefender. The link from Digital Trends is here. This story will surely develop further.

Windows 7 hibernation and security

2011-05-19T12:35:00.001-07:00

Noticed something interesting about Windows 7 today. I left the computer idle for a while, and when CNN tried to reload a webpage, it said “network access suspended” because of hibernation.

I’ve never seen that before. Usually, when I come back to the computer and unlock it, all websites (such as Weather channel animated storm maps) are current.

But it is safer that it behaves this way. It could prevent malware from being loaded. Maybe this is a function of Webroot and not Windows 7 firewall, not sure.

Some corporate Facebook accounts take users out of https

2011-05-17T06:47:00.000-07:00

Today, I logged onto Facebook in a normal way with https, and when I searched for an insurance company, its Facebook site insisted on logging me out of https, promising I would go back to https after leaving. I did so. But the next time I went to Facebook, it defaulted to http. No problem, I can still key in https. But I wonder why companies don’t want https for their Facebook accounts.

I have also not been able to make automatic https work for Twitter. I have to key it in.

White paper discusses who "crimeware" works

2011-05-14T06:17:00.000-07:00

There is a white paper by Gunter Ollman, VP Research Damballa, “Behind Today’s Crimeware Installation Lifecycle: How Advanced Malware Persists to Remain Stealthy and Persistent”, link here.

Ollman discusses “droppers” and “downloaders”, their ability to disable anti-virus programs and run at the command of master servers, often to participate in DoS attacks. The packages are “rented” by criminals from the “authors”, and activated by CnC (command and control) orders. They may send personal information to organized crime even when disabled by home or business users.

As with wireless wardriving of routers (which does not happen on your computer and is not affected by antivirus software), the enterprise raises questions whether users could become viewed as liable for allowing their machines to be used for criminal purposes, inviting lawsuits and visits from police, often on legally incorrect grounds. Of course, there is “plausible deniability”.

New computer warranties may not cover covert virus infection, and many services will not remove viruses without wiping out hard drives.

CircleID has an introduction page for the story, here.

The summary story was tweeted by Webroot.

AOL on "why do I get spam from myself?" You don't

2011-05-11T06:05:00.000-07:00

AOL has a useful article this morning, “Why am I getting spam from myself?” You aren’t, and after all these years the email industry doesn’t have a consistent Sender-ID technology that had been proposed eight or so years ago.

Email sender spoofing is convenient and seemingly legitimate, as in sites that let you send reminders to yourself and let you fill in your email ID as a sender.

The link for the article is here.

It points out that reporting email with your address as sender as spam, you are not “reporting yourself” or incriminating yourself.

If also recommends removing your own email address from your address book.

FBI warns of viruses purporting to show pictures of Osama bin Laden; "Blackhole" exploit may be involved

2011-05-05T05:57:00.000-07:00

The FBI is warning home computer users about the circulation of computer viruses, worms and Trojans purporting to contain images or videos of Osama bin Laden’s corpse; most or all are likely to include malware. The FBI blog link is here.

The FBI blog entry (May 3) focuses on emails with links and attachments. It also mentions firewalls and the importance that website owners be wary of how others are allowed to update content on their sites (with comments, forum postings, blog postings, and the like) or the possibility of compromise of their social media sites. The posting doesn’t discuss the adequacy or Windows’s own firewall (in XP, Vista, or W7).

Stashank Stekhar has a story in “Mid-Day”, “Steer clear of ‘Osama’ virus”, link here.

The story discusses Kaspersky Labs investigation (I expect to see tweets from Webroot soon), and mentions the possibility that he blog of the person in Pakistan who live tweeted the raid, Sohaid Ahtar (“@RallyVirtual” on Twitter) may have been compromised with the “Blackhole exploit kit”, and that visitors to his site early Monday may be silently infected. However, I just checked the “reputation” of the site in Google through Firefox 4 and it still gets a green light from McAfee SiteAdvisor and MyWOT.

There is a discussion (Feb. 2011) of Blackhole on Websense here.

Tech Herald, in a story by Steve Ragan, has a story about an infection of the United States Postal Service (USPS) Rapid Information Bulletin Board System (RIBBS) by the Blackhole exploit, here. Apparently a similar infection of the Houston International Film Festival site took place.

It’s not clear what the virus would do on “ordinary” sites; it might not be noticeable. Apparently many AV programs have not been able to detect it n home or small business machines, and its scope may be limited.

IBM publishes white paper on website and web application security for (small) business

2011-05-04T07:49:00.000-07:00

IBM has published, through Tech Republic, a brief white paper, “an Executive’s Guide to Web Application Security”. You can download it from (url) here, free, but you may have to fill out a survey.

Generally, the paper says that most corporate applications have vulnerabilities in several areas, including SQL databases themselves (injection attacks), cross-site scripting, “cookie poisoning” (which could compromise visitor or consumer locational privacy and even PII) , and parameter tampering.

Some of the vulnerabilities result from “unsafe code”, and others may result from less than airtight procedures in making deployments of web applications to production (the latter well known from the mainframe world).

Small businesses, many of whom may hire contractors to write their applications that deal directly with consumer interfaces, need to be wary also.

"MS Removal Tool" or "AntiVirus 2011" can be particularly dangerous ransomware; discussion of Malware Bytes

2011-05-02T19:09:00.000-07:00

James Derk has an important article “Virus helps scammers get credit-card data” syndicated by Scripps Howard, printed recently in many newspapers (p D7 May 2 in the Richmond Times Dispatch, for example). Here Is an original link. A symptom of infection is sudden change in desktop background and a popup.

He discusses a particularly disturbing rogue or ransomware virus which locks up your computer (called “MS Removal Tool”, “AntiVirus 2011” or Tool 2011” and demands that you enter a credit card to activate it. It also disables your anti-virus software. He suggests that the victim look (on another Computer) for a product activation code for it on the Web and enter the code as if you had really purchased it. He also recommends a product called “Malware Bytes” (website link).

Here is another writeup on the virus. Not all versions of the virus completely lock up your computer. This writeup also discusses Malware Bytes.

One time a couple weeks ago, a picture that I had taken and clicked on in Explorer became my desktop background (in W7), but I just changed it back and nothing else happened. Webroot showed no infection.

Webroot and Firefox flag "geoiplookup" on image license pages on Wikipedia; a false alarm?

2011-04-30T15:36:00.000-07:00

Recently, in Firefox 4 only (not in earlier versions and not in Chrome or in Internet Explorer), I have been getting warnings from Webroot on links to this site “Geoiplookup.wikimedia.org” embedded in some pages giving license information for images. It seems to have to do with locating countries associated with images and for fundraising and appears to be harmless to the average user. Maybe on a mobile device overseas it could matter.

Here is a reference from Wikipedia.

Here is a mention in “adblock”, link; here’s a similar explanation at “gossamer threads” link.

More rogue "anti-virus" worms make their rounds; how to look at your Application Folder

2011-04-26T11:00:00.000-07:00

Brenden Vaughn and Andrew Brandt have a useful entry on the Webroot threat blog (developed by the company’s “Advanced Malware Removal” team), about how to inspect your Applications Folder for illegitimate executables, which generally should not exist on an XP, Vista or W7 machine. Legitimate applications put their stuff inside more folders.

The authors also discuss a new “total security” fake anti-virus rogue software, which may incorporate the name of the host’s operating system as part of its application name when it installs. A related fake rogue is “Antivirus IS”, which pretends to have a convincing-looking “trademark”. I dount USPTO has heard of it. (That’s an idea: if you see a product advertised and are suspicious, look it up at the Patent Office datatbase uspto.gov; legitimate companies will register trademarks or patents on their products.)

The link for the story is here.

Visitors get a bonus today: photos from a trove of my parents' photos from the 1930s; I'm trying to get a few of them put up quickly on several blogs. Not much to do with Internet security, except that one of them kept rotating once when imported; I had to rotate back and rotate forward; probably has something to do with my digital camera.

Is it a crime to poach on an unsecured wireless network?

2011-04-22T11:59:00.000-07:00

Here’s another discussion of whether it’s illegal to point your laptop to an open Internet WiFi connection without password requirement, on Wired, by Ryan Sigel, link here.

Remember the Michigan man prosecuted in 2006 for sitting outside a coffee shop, using the wireless, and never buying anyting?

But the Computer Fraud and Abuse Act of 1986, USC 1030, (Cornell website url text ) might be construed as making this a prosecutable crime. Theoretically, the way the iPhone operates might be in violation of the Act.

In the mid 1980’s, as I recall from my job in Dallas at the time (Chilton), states and the federal government (as did Texas in 1985) were concentrating on mainframe computer crime.

In practice, wireless network owners (including at home) should require passwords to prevent possible criminal abuse by others up to a few hundred yards away. MiFi devices usually require passwords or long pin codes (assigned to individual devices) for use.

"Webutation" plugin and site combines several website site safety reports

2011-04-20T05:30:00.000-07:00

Firefox has another plugin, “Webutation” (link), which calls itself “Open Website Reputation against fraud & malware”. You can look up any website. It will list several items, including MyWOT, Website antivirus (I’m not sure which vendor), Child safety, and Safe browsing. Some sites will give an overall rating of “pending”, especially if no one has written a review. Some will display “100” in Firefox toolbar with a “pending” when looked up.

FBI intervention to stop CoreFlood botnet raises downstream concerns

2011-04-19T19:04:00.000-07:00

The Tech Herald has an article explaining how the FBI, with minimal court supervision, shut down the CoreFlood botnet. It’s true that it was malicious, but by routing transactions through its servers so it could put some processes “to sleep”, the FBI has instantiated a monitoring technology that could be used against other problematic software (like Wikileaks) or might compromise legitimate web traffic of small businesses without their knowledge. The story by Steve Ragan is here.

The New Haven, CT office of the FBI in fact has a press release explaining how it did this, here.

Security flaw in Dropbox, maybe popular with small businesses, reported

2011-04-17T07:26:00.000-07:00

Some small businesses or even home users may use a product called Dropbox to access their private files from any computer they own. Christopher White has an article at NeoWin about a major security hole that could expose all of someone’s private memos to anyone on the Internet, with the story “Major dropbox security flaw discovered”, link here. The most practical recommendation might seem like overkill to most home users – encrypt everything on your computers “anyway”. But the fix is not as simple as changing a password.

Twitter users: Beware of "Profile Spy"

2011-04-04T20:26:00.000-07:00

Sophos security (and Webroot) are warning Twitter users not to allow the “Profile Spy” application to have access to your account. If you do (after receiving a tweet inviting you to), it will spread virally to all or your followers, probably ticking them off. You should revoke access to the application and change your Twitter PW immediately.

The application purported to tell you who had looked at your Twitter profile. Not legit.

The Sophos link is here.

Twitter itself gives you the ability to limit who can see your tweets to a closed list (as does Facebook; so does Blogger, although using the privacy feature would seem to defeat the purpose of blogging on a public platform with instant search engine classification).

I haven’t found that the automatic https parameter works. If I want https on Twitter, I still have to key it.

VIPRE apparently detects false "keylogger" on some laptops with Microsoft Live Application

2011-04-01T06:33:00.000-07:00

There is a bizarre story on Networkworld that Samsung has issued some laptops with keylogger software installed, perhaps “inadvertently”. However Samsung has issued a statement that a security program called VIPRE can be fooled by Microsoft Live Application into detecting a false positive for a keylogger during the VIPRE security scan. Samsung’s statement is here.

It reminds me of another question: how does Webroot decide what is a “spy cookie” (it considers doubleclick to be one) versus a regular cookie?

More experts say that US, West are vulnerable to cyberattack: workplace computer policy is part of problem

2011-03-31T17:22:00.000-07:00

Ken Dilanian has an article in the Tennessean (Gannett) describing concerns about vulnerabilities of major public utilities and infrastructures to cyberattack, link here.

One major problem is that employees can log on to work computers at utilities from home computers, rather than properly secured and separate corporate laptops. Other vulnerabilities could exist from employees’ use of their own cell phones or Internet connections. Generally, of course, utility infrastructures are not supposed to be accessible from the public Internet.

This is also true overseas. The end result is a kind of vulnerability not encountered even during the Cold War.

MSN publishes table on how long automated password cracking really takes: with 8 character "random" pw's of all possible chars, you're pretty safe

2011-03-27T18:35:00.000-07:00

MSN, in a series of stories about home and computer security, offers a chart on how long it would take a hacker to crack a password of any given length and all possible upper and lower case letters, numbers, and special characters. The link is here.

Passwords that appear totally random and that are not reused anywhere else are stronger. Strings that help a user remember the complete password should be significant (as code words for things) only to the user and not be published or discussed with others.

With only lowercase characters, for an 8-character password, it’s about 2 days; but with all possible characters, it’s about 200 years.

TOR and EFF report major breach with https CA's, possibly linked to Iran

2011-03-25T06:13:00.000-07:00

Electronic Frontier Foundation has a story this morning about how a HTTPS/TLS certifying authority (CA) got duped into issuing phony certificates recently, apparently by hackers in Iran (probably connected to its government), which EFF warns threatened an “internet-wide security meltdown”, in a story March 23 by Peter Eckersley here.

The TOR Project also has a blog entry story about this here.

EFF goes on to give some discussion of DNSSEC-PKI (link), and refers to questions about the underlying security of the domain name system, which erupted in a major security crisis in the middle of 2008.

It’s still very much an open subject.

HTTPS is absolutely essential to surfing and entering any passwords or personal information in a wireless environment.

Curiously,this morning, on my Windows 7 Pro machine, I had trouble getting to EFF from Google Chrome, but it worked in Mozilla, and on a nearby XP machine in Chrome. There could be a subtle issue with https, Windows 7 and Chrome together in some circumstances.

Another list of common ways PC's get infected

2011-03-23T06:19:00.000-07:00

Here’s another list of “10 Common Ways your PC Gets Infected with Viruses” at the “Internet Service Guy” site, link.

The most important may be not activating anti-virus protection on a new computer, or letting subscriptions expire (they get confusing and some antivirus companies have trouble billing properly after the “free” period), or not getting updates run properly, which may be more of a problem on older backup PC’s not used all the time.

It’s disturbing to see the comment that small business or personal sites may be more dangerous because they don’t have the high level of security. This may be less the case if they are hosted by a reputable share hosting provider (which you can look up under “WhoIs” as technical contact). I generally don’t use my credit cards except on large well-established sites (Amazon) or when redirected to them by smaller sites (as for fundraiser chargers).

A number of nasty shakedown malware threats: to computers, mobile phones and cars (Webroot tweets)

2011-03-22T17:09:00.000-07:00

Webroot has tweeted three particularly scary stories.

One concerns a man in Los Angeles who was convicted of hacking into computers through P2P, and trying to extort users into sending him porn after finding it on their computers. Imagine how this could go into the area of frivolous prosecution. The CBS LA station story is (website url) here. A variation of this theme would be a kind of ransomware or shakedown, locking files on your computer until you log on and pay a hacker, or even threatening to do so if you don’t download something illegal.

Then All Voices reported a story from Russia about malware, somethimes spread through Bluetooth, which could disable a car’s antitheft system and that thieves can even “trade” among themselves, (website url) here.

AOL also offered an article “Celebrity Phone Hacking 101”, with mention of Bluetooth to place spyware on the mobile devices, link (website url) here. One point to remember is GPS; someone could follow someone else’s location for targeting reasons.

Washington Post reviews "do not track" and Adobe security updates of major browsers

2011-03-21T10:05:00.000-07:00

Rob Pegoraro has a “Fast Forward” story in the Washington Post Sunday March 20, in which he compares the security aspects of Internet Explorer 9, Mozilla Firefox 4, and Google Chrome, “Internet Explorer, Firefox updates offer more with less, “ link here.

He does explain the two separate “do not track” features of IE9: the “blacklist” (or “tracking protection list”) which actually stops sites from using cookies (especially spy cookies) to track you. But it also has a “last minute” ability to tell every site you visit not to track you, which he says is similar to the touted option of Firefox 4. Since this latter feature is “voluntary”, it will work only as sites feel “political pressure” to honor it, or know that Website safety rating programs like McAfee SiteAdvisor and MYWOT are likely to follow this behavior and score it separately.

Pegoraro prefers Google Chrome for security in that it automatically installs security updates to the Adobe Flash Player and PDF reader, whereas, he says, IE doesn’t warn you you’re out of date, and Mozilla makes you read it.

I find when I boot up, Adobe often offers updates right away, but that may be because I use Chrome a lot.

Webroot flags and "antenna" javascript element on a newspaper page

2011-03-18T17:52:00.000-07:00

Today, while visiting a web page of a well-known newspaper, Webroot, in Firefox, warned me that it had blocked “js.dmtry.com/antenna2.js”. This occurred on a Windows 7 machine. An XP machine protected with Kaspersky did not give the warning, although Firefox blocked a popup.

I could not find much on this javascript element, although it appears from the name that it would be trying to capture consumer or visitor IP information for adware.

The only analysis I could find was at “Malware-Control Analysis”, for example, here.

(Note: next sign on, Blogger has disabled my cookies, which a repeat sign-on has restored. Might have happened because I accessed the script in Chrome where Webroot didn't catch it.)

Twitter says it now offers automatic https (Ashton Kutcher tweet!)

2011-03-16T05:45:00.000-07:00

Yesterday, Ashton Kutcher (the champions Twitter-master) sent a tweet (“aplusk”) advising everyone about the availability of https on Twitter. The Twitter blog entry is here.

To set it, go to your profile and then Edit (on the left). I had to try twice to get in. It will ask for your password. But afterward it didn’t automatically change me to https; it did work it I keyed https. By comparison, Facebook always takes me to https now.

McAfee SiteAdvisor restores green status to many "smaller" sites

2011-03-15T19:08:00.000-07:00

McAfee Site Advisor has restored “green” status to many smaller sites marked “gray” for the past few weeks. I’m not quite sure what had caused the gap; maybe it was a concern about links from sites, which would be very hard to monitor from “amateur” sites since they are likely to vary widely and go to less “reputable” places. The green ratings also appear on Firefox Google searches.

The MYWOT (Web of Trust) reports, even in detail, seem to remain the same over time.

Picture: very much from the "real world"

School systems push up efforts to intervene against cyberbullying

2011-03-13T07:25:00.000-07:00

The Sunday Washington Examiner has an important story by Emily Babay, “Officials push to combat cyberbullying”, link here.

The story refers to the president’s own admission that he was once a victim of the playground-recess kind because of his big ears.

But the big question is how well school districts can educate kids to stop this and take action for bullying that takes place online from home.

One school in New Jersey asked all parents to ban kids of middle school age from having social networking accounts. Even Michelle Obama says that online social networking is not needed at this age, as she forbids her own two daughters from it yet,

Home routers not protected by passwords could be hijacked for criminal purposes: downsteam liability question?

2011-03-09T17:08:00.000-08:00

NBC today had a story about a man in Sarasota, FL who was briefly and falsely accused of distributing c.p. (the FBI came to his home pounding on the door) when his wireless signal was used from a building hundreds of feet away, possibly with a Pringles device. He had not password-protected his home wireless signal.

Wireless routers generally provide a step for a user to supply a password as part of setup. If you have to use such a password to add additional (laptop) computers to your router home network, it is protected (although the password ought to be strong).

This is not the same issue as Firewall protection of outbound wireless protection from your laptop, especially in a public place. This is the router itself.

Home users could face considerable expense in defending themselves if their wireless router signals were borrowed for any illegal purpose. Whether a home router owner could face civil risks for negligence for not protecting a router if it were hijacked could be an interesting question. It’s not necessarily true that your ISP is involved, because this just about the router itself, which does not need to use the ISP’s Internet connection. If it were involved, there could be a TOS issue with not protecting a router.

Visit msnbc.com for breaking news, world news, and news about the economy

Firewalls will become much more heuristic; NBC reports on attack by Anonymous on HBGaryFederal

2011-03-08T18:18:00.000-08:00

Webroot tweeted today a major PCWorld article on “new Firewalls” and their use of heuristic analysis of application behavior to improve protection, by Mathias Thurman, link here.

I don’t see an obvious connection to the Firewall issue in my previous post, or maybe I do. Maybe the Webroot firewall doesn’t like my “behavior” with Internet requests, and I need to set up a new user. Haven’t tried it. But it could be a “heuristic” false positive. The other possibility that it could excluding a particular exe necessary for Internet access.

The buzzword here is “United Threat Management”, as in a linked Computer World article here.

NBC tonight reported on the hactivist group “Anonymous”, with the attack on “HBGary” (basic link) (try the url for “hbgaryfederal”). The story indicates how dangerous collective indignation can become. Come on Barrett Brown, don’t smoke im your interviews with reporters; that’s depressing. The group’s latest cause is to come to the “aid” of PFC Bradley Manning.

Visit msnbc.com for breaking news, world news, and news about the economy

There's a great line spoken by actor Jesse Eisenberg early in "The Social Network": "Let the hacking begin."