Friday, February 20, 2015

Lenovo computers seem to come with preinstalled spyware


US Cert (United States Computer Emergency Readiness Team) at Carnegie Mellon  in Pittsburgh has a story today about Lenovo computers (from China) having the “Superfish Visual Discovery” pre-installed, which would allow users to be spied on and to be vulnerable to SSL spoofing attacks, with the story here.  CERT has a detailed story on the vulnerability and recommendations to remove.  More info on CERT here . (I may know someone there). 
 
 Apple Insider has a story by Sam Oliver on the pre-packaged vulnerabilities, here.  These are more likely to affect users in the developing world than in the US and Europe and other “western” countries.  

My own HP Envy came with some unwanted "bloatware." 
     
Why would an ordinary user in the IS buy a Lenovo?  
  
Wikipedia attribution link for Lenovo headquarters in Beijing by Corymgrenier, Creative Commons 3.0 unported  license 

Thursday, February 19, 2015

Webroot reports on (political) hack threats to share-hosted sites; Facebook friend request spoofing seems more sophisticated now


Webroot is advising webmasters that there is shelf software in the underworld that criminals can use to hack sites on shared hosting servers.  It has to do with “account privileges” and use of FTP and SSH, and “iframe embedding” (that’s how Youtube videos are embebdded), link here
  
I don’t pretend to understand all the coding details shown here.
  
However, people who use regular shared hosting and use FTP to update content should be aware of the risk, and spot check and monitor their sites, especially more obscure or less-used or older links, periodically.  It wasn’t clear if Windows or standard Unix hosts were more at risk.  Such hacks might be politically motivated instead of money schemes.  I had one such hack, in April 2002, on a Unix site no longer active, on a passage dealing with 9/11 and nuclear weapons threats. 
  

I’ve also noticed that sometimes I get fake Facebook comments or friend invites, which could contain malware.  Today I got an email offering a friend request, even from a Facebook email, but there was no such request when I went to Facebook and the person did not exist on Facebook.  The cursor test had passed, so this might be a more sophisticated hack, involving redirection.  I don’t know how Facebook goes after this abuse.  

Monday, February 16, 2015

Trend Micro analyzes my own use of one social networking site -- an experiment


Tonight, I tried, as an experiment, a little experiment where I let Trend Micro analyze my “privacy” in my use of Google+.  I suppose it will give similar reports for Facebook and Twitter, but I’ll have to look into that.
  
The report suggested I was quite exposed.  But in my circumstances, I never post anything on any social media site that it isn’t OK for anyone to see.  But not everyone is in those circumstances.  I am “retired” and not in a circumstance where this could conflict with any job now.
   
But in fact, practically all journalists have their own social media feeds, and practically have to follow the same “rules”.  

Friday, February 13, 2015

Reprise: Do Mac OS computers need anti-virus and firewall software?


Given a recent purchase of an up-to-date MacBook (for film and piano music), with OS 10.2 (Yosemite), I still wonder about the need for an anti-virus program and firewall.  Two different Apple store employees said it wasn’t needed. 
  
An article in CNET, by Topher Kessler, from Jan. 31, 2014 takes a middle ground and says, well, maybe.  Here’s the link. It also says that Symantec (Norton) and McAfee didn’t work as well as some other ones, some of them free.  I see Sophos in the recommended list, and I thought that Sophos provided the engine for Webroot.
  
I would think that if you were uploading files to other companies’ servers, they would want you to have protection. 

Thursday, February 12, 2015

Fake PayPal phishing scams are coming back


Webroot reports that researchers at OpenDNS Labs have discovered a new phishing scam that sends out legitimate-looking PayPal pages.   The link is here.  
  
Typically the email arrives with a message suggesting something is wrong with the PayPal account, and a link to a fake logon page.
  
I used to get these messages a few years ago.  Recently, I reactivated PayPal, to facilitate selling my own books, and because there are a few activities that don’t take credit cards but do take PayPal, over concerns over being responsible for consumer information.  But large ISP’s offer merchant accounts to take care of this, often for little more cost than a regular account. 
 

Wednesday, February 11, 2015

Hack on Forbes feature could install drive-by malware on users; Microsoft,Adobe vulnerability patches fix it


Forbes’s website, specifically the “Thought of the Day” feature, was compromised for a few days in late November by hackers from China, according to a Washington Post story by Andrea Peterson, p. A14, link here. Ordinary users could be affected by drive-by downloads from this feature.  Fixes to Adobe Flash (implemented Dec. 9) and Microsoft Internet Explorer (patched Feb. 10 and just applied here at home) should protect users of Windows systems.  But the malware seems mostly aimed at industrial espionage and might not have affected home or small business accounts notably (except for becoming “bloatware”).  

Sunday, February 08, 2015

New phishing scam warning of offenders moving into area works around the usual "cursor" test


A particularly nasty phishing scam has been reported by Webroot and in PCWorld, article by Tony Bradley, as part of the "Threat Response" series,  link here
    
The scam is more intricate in that the email link actually goes to a legitimate website and moving the cursor over it won’t detect that it is fraudulent.  But in the interim, it is redirected through several other sites that inject malware into a Windows system for pilfering banking or credit card information. It isn’t clear how well anti-virus software yet detects the scam.
  
The source is made to appear to be “Family Safety Notice_Kids*Live*Safe” with a subject line “Public Notice: A Sex Offender Alert for your Area”.  Variations are likely.  But the actual site has nothing to do with the email, even though the user ultimately does wind up going to the site.
  
Browser history will show intermediate sites visited, which may contain the malware.  

Friday, February 06, 2015

EFF publishes security training guide for journalists, confronting "adversaries"


Electronic Frontier Foundation has published an extensive guide of Internet and information security for journalists, link here.

It’s quite detailed and gets into what encryption (https) and other techniques accomplish, and don’t do.  One topic that gets a lot of attention is deleting data so it can’t be recovered, and safely discarding hardware and disk drives.
  

What’s striking is that the publication assumes journalists will have adversaries, which is most likely for those who live in or travel to authoritarian countries or to conflict areas.  But the possibility that adversaries will attack those in western countries, in a way beyond just the usual spam and ransomware and various scams (basically the business model of countries like Russia and China in dealing with individuals in the west), but out of actual political or religious hostility, seems likely to increase in the future.  Of course, these concerns also affect the sources for reports, which often must remain protected, and the journalists themselves.  

Wednesday, February 04, 2015

Fake anti-virus schemes try harder to fool experienced users


Tyler Moffitt has an article on the Webroot Threat Blog detailing “improvements” in fake anti-virus software aimed at making them more likely to fool an “experienced” user, link here. Most of them have control panels that simulate the “real” ones.  
   
The latest technique for trying to deliver them may be with misspelled website names (such as “bews” instead of “news” on many news sites).  This might happen with some parked domains.  Also, some of them pop up a webpage claiming you are infected without actually delivering a payload, and some browsers may freeze.