Monday, January 30, 2012

Yahoo! email account(s) cracked and potentially incriminating spam sent (case I know of personally); Gmail usage phishing scam is out there, too

Yesterday I learned of a case where an individual’s Yahoo! email account was cracked, and where undesirable emails were sent to others on a list in her name.  This is a situation where the actual account was used, not just where the sender-id was spoofed.  I’m not aware that Yahoo! offers the two-step verification that Google’s gmail does.

In the past, there have been cases where people have been held liable for content sent when their email account was actually cracked.  It’s still an ambiguous situation legally. 

The individual said it took a whole day for the problem to be fixed (apparently by virus removal). The individual says that the password wasn’t cracked by guessing, but probably picked up by a Trojan keylogger or virus.

In a two-step system, the attacker would not be able to log on to a different computer without another verification code sent to a cell phone or stored on a separate list.  But in some scenarios an attacker  (like a “Lisbeth” or a “Nolan” from popular movies and shows) might be able to log on to the user’s system through the Internet (as with buffer overflow) and actually use the target’s computer, an issue typically addressed by regular security updates to an operating system.  

Update:

There is a phishing scam telling users their Gmail space quota is exceeded, with a phony link to click on to increase it pretending to be at Google. Of course it is not.  Major email filters are not marking this one as spam yet.

Friday, January 20, 2012

Kaspersky again complains about Facebook plugins in XP only; spammers trying to leverage Assange-mania

Once again, Kaspersky, on an older XP machine, gives me “access to requested object is forbidden” and a warning about spyware associated with this plug in on a few sites, such as DC examiner:

The warning looks like this:
http://www.facebook.com/plugins/activity.
php?site=examiner.com&width=300&height=
350&header=true&colorscheme=light&
recommendations=true”

  
I don’t get this in Windows 7 on another machine with Kaspersky. Webroot also did not give this problem.
  
Also, when I try to review the “Report”, Kaspersky stopped responding, and the machine had to be restarted.

I presume that most companies now have Facebook plugins and they should not be a problem.  I didn’t try logging on to this different Machine; I always use Facebook from a different computer.

One other little “current event”: Last night, I got an email saying, “Classified information, please open attachment”.  Yes, that sounds like obvious spam, trying to load a trojan in an attachment with social engineering based on anti-government sentiment.  But what if someone really is trying to lack classified information this way?  I’m not sure what the law is, on “possessing” classified information you know was offered to you “illegally”. 

Update:  Now Kaspersky on this older computer is not updating properly.

Tuesday, January 17, 2012

Signs your computer is "balding"; liability for bank account drains; phishing proof-of-concept education

Webroot treated us to a couple of important tweets today. One is by Davey Alba of Laptop Magazine, “Five Signs that your PC is infected”, (website url) link. I’d be a little surprised that people discover repeated unauthorized withdrawals from their bank accounts. Yes, that’s bad, but you shouldn’t let your bank get away from you. 

Do banks have to reimburse customers?  In the US, generally yes for individuals, no for businesses.  (For someone who works at home with a proprietorship earning some money from blogging, I suppose that could get tricky.)  In the UK, it appears businesses have two days to find it.  Who foots the bill for better security?  It’s an existential problem.  Here’s an informative link on liability.   The risks are increasing especially with mobile banking.  The biggest risk would seem to come from keyloggers. 

The rest of his suggestions are rather routine. Of course, slow machines, and unwanted popups and website jumps are suspicious. 

There’s also a rogue effort to educate banks and other companies on who easily criminals can mimic them with phishing attacks, with a “proof-of-concept” training exercise, described here by Brian Krebs on his new site, link.   

Monday, January 16, 2012

Zappos is latest corporate victim of hack

The latest incident seems to be an attack on Zappos, with the company’s explanation here. Zappos even asks for twenty minutes to read the posting!

MSN has a “Redtape” story by Bob Sullivan about the incident (website url) here.  24 million customers had personal information (including last 4 of credit card numbers only) stolen.

It makes you glad not to be “working” now in a conventional company.

I don’t store any visitor information at all (other than through cookies associated with Blogger, as explained in the Privacy Policy).    All credit transactions are outsourced to e-commerce sites.   

I personally didn't shop at Zappos; "Sartor Resartus" belongs in college literature.  

Thursday, January 12, 2012

Adobe Reader update fails this morning - related to AV?

Today, a security update to Adobe Acrobat reader failed due to lack of “permissions” on my Windows 7 Professional XPS machine, where I just use a generic user.  This is the only machine with Webroot Secure Anywhere.   The older version of Reader still works normally on this machine.

On a Windows 7 Starter Notebook (Toshiba) yesterday, a similar update succeeded (Kaspersky).  Oddly, when a PDF was read with the updated Adobe, a few lines of text were distorted until the cache was filled, then it looked OK.

A similar update on an older XP machine worked, absolutely normally (also under Kaspersky).
   
Adobe has been criticized for adding capabilities of questionable value to the Reader, increasing the opportunity for exploits. 

Saturday, I found that I've lost the ability to print from Adobe on this machine because of the aborted update -- I get a memory access error.  So I'll have to get this figured out.

Update (Jan 16): It's looking as though Adobe won't update now on a home machine with only an unprotected default user of "Owner" in Windows 7.  It looks like a pw-protected Administrator has to be set up.  Maybe that helps explain why the legacy Webroot firewall suddenly started blocking everything last year.  Will look some more.  Adobe's explanation is here

Sunday, January 08, 2012

Comcast XFINITY offer "Constant Guard", with some controversy

Telecommunications providers are offering their own security services. At least, Comcast XFINITY offers “Constant Guard”, link (web url) here. Notice the specific reference to “bot assistance”.

But many computer owners already have contracts with “regular” providers, often set up when they purchase their computers, such as form BestBuy (which in recent years has promoted Webroot and Kaspersky, instead of McAfee and Norton).
  
But one source (Digital QA) also notes that Xfinity often provides Norton, and advises against adding Constant Guard, link here  The reviewer talks about the possibility of “re-imaging his machine” and of some sites not working properly (confusing alphakeys with numeric).  I have never heard of this with a security protection suite.
PC Mag explains the relationship between Constant Guard and Norton (web url) as follows. Norton provides conventional notification of problems; Constant Guard has the customer working directly with Comcast.   It would appear that Constant Guard places a focus on problems that consumer network resources (such as botnets).

Some banks offer online customers anti-virus products “free”, such as McAfee from Bank of America (link). The problem is that it might conflict with other products already purchased from the PC vendor. 

Saturday, January 07, 2012

Google Chrome fixes vulnerabilities, offers Beta version

Google Chrome, probably the fastest browser to load most web pages (I find Firefox slower), has  new fixes to three or more possible security vulnerabilities, in version 16.0.912.75.

An article in InfoSecurity, tweeted yesterday by Webroot, briefly discusses the fixed problems here.

Google’s technical post describing the security fix  (the “Stable Channel Update”) is here.   Apparently the fixes download automatically when a new Chrome window is opened.  The problems involved two kinds of buffer overflow and a “user-after-free” in animation frames.  I don’t know whether the “controversial” keyloggers identified by Webroot in the past were addressed.

“Buffer overflow” is a bit of a mystery to novices.  But once, while working for ING back around 2000, I saw a demonstration in a one-day security forum at the University of St. Thomas in St. Paul MN. 

That page gives a subordinate link to another page , the “Chromium Security Page”,  (link) which explains how the public can get involved in problem detection and in proposing fixes.   (I didn't need the "You're awesome" greeting.)  However, to get involved, one needs to apply and demonstrate a background with the relevant technical experience.

Google is also offering a beta release  for  Version 17, which is supposed to improve speed while retaining all the security fixes.  A different Chrome blog posting, “Speed and Security”, Jan. 5,  describes the release here.

I tried download the Beta on an older Windows XP machine.  I found Kaspersky Security interrupted it, and the download proceeded when allowed.  The product is not telling me that it is the Beta version, as far as I can see. 

Google Chrome has a late 2010 YouTube video explaining Sandboxing:

Friday, January 06, 2012

Court computer infection gets defendant new trial; does Webroot Secure Anywhere do a registry fix?

Here’s an interesting story tweeted by Webroot, from itword: a defendant in Miami FL got a new trial because the court reporting machine got infected, and the court reporter didn’t make proper paper machine backups,  meaning the state can’t prove the trial was fair, link here. One wonders why the Court system didn’t have a better automated cloud-based or off-site backup of the reports.

A follow-up on the Webroot Secure Anywhere. I’ve noticed that Windows 7 bootup is much faster (and initial Internet connection is usually faster).  I don’t know if Secure Anywhere does a registry cleanup.  I haven’t had a Windows Update that requires configuration since Dec. 16, and the Webroot update occurred Dec. 27.  I noticed the faster boot-ups the next day. 

Sunday, January 01, 2012

Stuxnet is setting an example for many more industrial worms

Again, in the “tradition” of reporting news that I personally witness, I happened to sit on the Metro, going into the New Year’s Eve party, next to a man who said he was an Internet security expert, and that corporations don’t know what is about to hit them.  He mentioned the Stuxnet Worm as one of many such exploits around.
Stuxnet is said to be the first worm to include a “rootkit” for a “programmable logic controller”.  It is said to have been detected first by Kaspersky.

It’s thought to have come from Israel. But the greatest danger for American companies would probably come from China and Russia.  As Donald Trump says, the Chinese are not our friends.

But the speaker on the Metro made it sound as if the kind of hacking done by Lisbeth in “The Girl with the Dragon Tattoo” is now commonplace.  (Or for that matter, Jesse Eisenberg’s impersonation of Mark Zuckerberg at the beginning of another Fincher film, “The Social Network”. That is, “let the hacking begin.”  It takes a certain focus for people to learn to do this, but somehow the rewards (and asymmetric power) become greater than from anything else.

We talked a little about Bradley Manning, and I said that 90% of the government’s secrets are probably overclassified.

A strange thing happened on the way to the "forum", that is, another thing.  As I turned off the last Chrome window on an XP machine last night (before leaving the house for the Metro ride to the Party), Chrome told me it was downloading something.  Downloading what?  I don’t do a lot on the machine, and the last download from Chrome had come in July.  I shut down the machine for the evening, to play it safe while I was out, and when I brought it up this morning, the issue did not recur.  Kaspersky gave me no warnings.