Facebook and Twitter are Popular among Hackers and Thieves

No Comments

  IT security firm Sophos revealed Monday in its Security Threat 2010  that Facebook and Tweeter are not only for social networker, it is extensively used by cybercriminals. The survey also said that spamming on social networking sites went up to 70%. 57% of the users said that they have been spammed through social networking …. Source


Ask the IT Security Experts: Top Queries of June, 2009

No Comments

Got a question about IT security? The experts at ITSecurity.com can help. Issues ranging from data security to sexuality hit the experts each month.Here are the top queries from June, 2009:Husband den…

View original post here:
Ask the IT Security Experts: Top Queries of June, 2009


Three Persistent Security Myths

No Comments

I have this cousin, and you probably have someone like this in your family too—the one that is always sending forwards even though you asked them to stop 10 years ago, and even though you’ve told them that forwarded messages can present safety risks online.

Besides the fact that netiquette has been well established and widely understood for years, and these relatives (or friends) are being impolite by spamming you, the more important fact is the messages also present a security risk, for individuals as well as organizations.

After the most recent forwarded link, I mentioned to my cousin that I hoped she had good security software. Her response: “My friend sent this to me. It’s a valid clip/link and virus free.”

And I just had to shake my head at the security fallacies in those brief statements. I hate to be the smart-ass of the family who tries to lecture or educate the less tech-savvy, but I also don’t want to see my relatives fall victim to dumb social engineering scams. Now, this particular link probably was virus-free and safe enough, but when someone continually sends links and forwards, I start to worry they don’t know how to stay safe online.

So, what’s a conscientious security professional or blogger to do?

Clearly my relatives don’t read my blog, so I’m mentioning it here! I’d love to hear your approaches and comments on this topic. For now, I’m going to try breaking down the myths that seem to persist, and see if I can think of a way to quietly explain the issue.

1. “My friend sent this to me.”

Of course you trust your friend, but that doesn’t make it safe to always trust the links they send out. First, the link could contain a virus or malware that your friend doesn’t know about either. Say your friend’s coming down with a cold, but doesn’t know it yet. You both share a drink at a café—two days later, you both get sick because your friend passed the cold on to you. Same idea.

In computers, it’s even more dangerous, because you may never know you’re sick. Spyware, for example, is designed to watch what you do and send information to the hackers about your online behavior, or even about your passwords. Malware can install itself on your computer without your even knowing. Many people get infected with software that forms a network with other computers, called a botnet. When the hacker contacts all those computers, they can be activated and do whatever he wants—like send messages from your computer to your friends.

These hackers don’t want your or friends to know you’ve been hacked. Your computer might just slow down a few hours a day…because it’s being used secretly by someone else. They can change your security settings, see your passwords, or even corrupt your files and shut down your computer without your permission.

If your password information is stolen, hackers can access your accounts and send forwarded links and emails to your friends without your even knowing. Those messages can contain more malware that installs on your friends’ computers, or spreads through your accounts.

Of course we trust our friends. But that doesn’t mean that our friends won’t have problems online, or that they won’t get infected.

2. “It’s a valid clip/link.”

Images, documents, and all sorts of valid files are used to send viruses and malware to users. The most popular are pdfs and Microsoft Office documents lately, but picture and video files can also be suspect—and for many years it was images most of all that were most dangerous. The link might contain something useful, entertaining, or even work-related. Just because the link works and does what you expect it to, doesn’t mean that it’s safe. It could also contain other problematic files– while you’re being entertained or even learning a fun factoid, something bad might be happening in the background…

3. “And it’s virus-free.”

Again, just because it works and your friend sent it, you can’t assume it’s virus free.

First, did you scan it for viruses? If your scanner says it’s virus-free, how well do you trust your scanner? Many well known and popular anti-virus programs, even if they’re mostly reliable, can’t pick up every infection. Additionally, viruses aren’t the only problems you have to worry about online.

Everyone—hey, even mac users—should get themselves a good anti-virus/malware program and check regularly for updates. But it’s also good to keep in mind that even the best program won’t always protect you. The best defense is being careful about what you click, and what the source is.

More here:
Three Persistent Security Myths


Novel Uses of Facebook…Security and More

No Comments

Remember when the iconic phrase for the internet was, “You’ve got mail!”? Today, it may as well be, “You’ve got friends!”

Last week I blogged about the anti-virus software available for the Mac, and the possibility that viruses and malware aren’t just for PCs anymore. Part of the problems for mac users, though, is that the risks on the Internet are often based on Internet or application vulnerabilities rather than OS-based vulnerabilities. Social engineering is going to be a risk, no matter what OS you use, and it may be on the rise because social networking is on the rise. Who do you trust? Your friends.

But on the net of course, it’s a lot harder to know who your friends are, and even if it’s really your friends on the other end of the line. Some of the Facebook stories lately show people using FB in new ways–some of them for good:

For example, the guy who bought targeted ads to try to land a Microsoft job after graduation

Or, law enforcement tracking down fugitives who left the country with a ton of cash, by looking at their FB status updates

Then there are more insidious and evil uses for facebook–

A generic phishing scam recently logged by PhishTank.org suggesting that Safari users are targeted

Scammers pretending to be your friends to get money from you.

Facebook is definitely on the rise, and the news media is representing it through all these stories of different uses and scams on the site.

Read the original post:

Don’t Let Anyone Take a Bite Out of Your Apple—Anti-Virus Options for Mac Users

No Comments

I’ve been a Mac user for years, relying on Macs for both work and play. Although the experts and pundits today are quick to warn that hackers are about to start infiltrating our systems, I have yet to hear about an active virus or malware attacking the Mac OS specifically that wasn’t designed, distributed, and contained by the IT Security research community.

Still, any day now I’m sure there will be some nasty thing worming its way through Apples, and when the time comes I’d like to be prepared. It’s going to hit some mac users pretty hard if they’re not expecting it (in the ego, maybe).

I’ve been poking around the Internet to find a list of some free Mac A/V and anti-malware programs. Today there’s a new one on the list, since F-Secure has just released a Mac A/V program—in beta. They promise prizes and a subscription to anyone willing to provide “active feedback” to improve the software.

About.com also has a decent list of Mac security programs with brief reviews detailing how well each protects against various threats. It’s not as research-intense as the PC A/V reviews I posted last week, but simply describes the scope of how the software blocks—or ignores—different types of threats.

Here’s a list of some of the free Mac-based products out there:

The problem with some of the free programs is they focus solely on Mac issues and won’t clean the PC-viruses that some files harbor. If those infected files are sent to a PC, they could still pose a threat.If you use a dual boot or are working closely with other Windows machines, it may be more helpful to get a program for Mac users bundled with the Windows version, such as Norton AntiVirus.

Or if you want the best protection for the Mac, the product that looks the most comprehensive is Intego’s Virus Barrier. The company focuses only on Mac issues, which has disadvantages for those who switch systems, but may be ideal for people working in a Mac-only environment. And a huge plus is that the system uses heuristic scanning, checking for behaviors that resemble threats before they are identified. At $70, it’s a bit pricey, but if you’re the type who wants to be fortified and absolutely prepared, that might be your best solution.

Read more from the original source:

Citizens Needed to Fix Broken IRS System

No Comments

Some clever, benevolent hacker ought to do all U.S. citizens a favor and hack into the I.R.S. system, to fix their outdated accounts—just like one DSL customer did to his Internet hosting company.

The customer had paid for some changes to his account and service, got frustrated waiting for the company to deliver the service, and so he hacked in and just did the job on his own. Maybe the web company should think about offering the guy a job—to beef up security and fix others’ customer service issues.

It’s not unusual for small hosting companies to have trouble meeting their customers’ security and service needs, unfortunately. What’s more unfortunate is that the IRS apparently has about as many problems. Recently it came to light that they’ve been sending stimulus checks to dead folks—even workers that have been dead up to 35 years.

Is any concerned taxpayer willing to volunteer to hack in and clean up their system? Unlikely. It’s unclear whether the IRS would thank the hacker for the help (as the hosting company did for its customer), arrest them for an act of terrorism, or just fail to notice. My guess is the latter—if they didn’t realize those people had been dead for so long, how would they even notice if the accounts were deleted altogether?

The story doesn’t speak well for the government’s organization skills. No wonder we’re in such a financial pickle—well, you know, besides the billions donated to the war, and all the other reasons…

Read the original here:
Citizens Needed to Fix Broken IRS System


Federal Agents Interrogate Amateur Biologists About Harmless Experiments

No Comments

Imagine you’re exploring a new hobby that’s a bit esoteric, and Federal agents call to ask you some questions, but won’t tell you whom they represent–only that they think you might be a terrorist.

If it were me, that sort of Big Brother tactic would freak me out and I might even worry they’d come and whisk me away from my home and hold me captive next, without actually bothering to find out that the experiments are harmless.

This has indeed happened to at least one “biohacker”–an amateur scientist using synthetic DNA and organisms in experiments performed in home labs, built out of equipment bought on Ebay or other consumer sites.

Most of these experiments are totally harmless, yet government agents appear concerned anyway.

Carl Zimmer, a well-known biologist and science writer, points out that at least one amateur biologist was arrested and charged for his lab experiments, held under arrest even without cause. Even though artist Steven Kurtz’ experiments were allegedly harmless experiments in soil bacteria, the people who put him on trial did not have enough knowledge of basic biology to realize this.

This is the real danger in an age where an amateur biologist can work on lab experiments from home, that uninformed security administrators are so afraid of knowledge and experiments that they assume that any type of basic science can be dangerous.

It’s the same sort of mystery that appears to hang around the computer technology sphere– as if there’s a force-field of awe around certain types of technology, whether it’s computers or biology, that makes people assume it’s all-powerful and incomprehensible, and therefore something to fear.

Authorities can waste so much time interrogating well-meaning scientists, they’ll fail to really do their research and find out what’s actually dangerous and what’s not– and then they could miss a real threat.

The WSJ article paints a picture of how confusing the current regulation and atmosphere is around this issue:

Currently, regulation of labs like these is murky. It’s unclear what agency, if any, is responsible.

So far, most garage biologists playing around with synthetic DNA are simply adding a gene or two to an existing organism, a fairly standard scientific practice involving some test-tube mixing, and not something biosecurity experts are very worried about. But technology promises to allow the creation of entire organisms from scratch — something academics are aiming to do in university labs — and that has some experts worried.

Their final comment in that paragraph bothers me — I can’t say for certain, not being an expert myself, but it seems to me that academics working in university labs generally have access to much greater resources, financial support, and equipment than the average home do-it-yourselfer. Creating an entire organism from scratch (well, you’d need existing DNA, etc.) may be possible, but still requires a lot more knowledge and equipment than merely mixing a few things together in a test tube with some soil. It’s not comparable to the experiments that amateur biohackers do in their garages with an old centrifuge off ebay.

The idea that creating new life is possible seems to come attached, for many people, with a very emotional and irrational reaction–it’s scary, it’s wrong, it’s dangerous. Maybe it’s this emotional reaction that causes people to jump to conclusions, and take aggressive action, before analyzing the actual probability of how likely it is for a home DIY scientist to accomplish that feat. It’s that irrational response that causes people to investigate experiments that are clearly harmless, and make uninformed allegations.

To be fair, there is a danger that a scientist with the wealth, expertise and resources could pull a frankenstein maneuver–or more likely, create a bacterial warfare threat. I’m not saying that the government should ignore the possibility. But clearly it’s not being handled all that well, and the public has to start questioning what the qualifications of these “experts” really are–biology, or interrogation tactics?

I also find it pretty humorous that the article, although being a little alarmist, also has a sidebar that lists experiments people are doing at home for fun. Extracting strawberry DNA, anyone? Sounds tasty.

View original here:
Federal Agents Interrogate Amateur Biologists About Harmless Experiments


Do People Need Landlines for Emergency 911 Calls?

No Comments

I knew it was going to come up after my last post, where I wrote that landlines are pretty much obsolete, and many people use cell phones because they offer the mobility and privacy people need nowadays.

Emergency 911 calls are the one reason people argue that landlines are still highly important to keep around. Today the Consumerist wrote a post to that effect: “landline connections do have one important advantage over cells: They’re safer.” They also posted asking what people think–and overwhelmingly, the initial responses suggest people don’t think 911 issues are a reason to keep their landlines.

Apparently many who call 911 from cell phones get put on hold for long waits, or the officials are not able to locate where the call originated from, so they aren’t able to get help as quickly.

Sounds scary, but I have to say that’s not always the case — I’ve called before and received a response immediately. (I cut off the end of my finger but still had plenty of time to tell them my address.)

In fact, I’m not sure that the argument holds much water. I imagine that if I’m ever in a really bad emergency situation, it will be while I’m out somewhere, either in a car accident, injuring myself while hiking or bicycling, or otherwise doing something active. Then, a landline isn’t going to help me, but having a cell phone is critical.

If I’m at home and there’s an accident, most likely I’ll still be conscious and awake and able to make the call–or hopefully have someone with me who can go for help.

The worst case scenario is something really bad happened and I’m in danger of passing out. But if I’m badly injured, am I going to be able to get to a landline any more than a cell phone? Chances are if I can get to a phone, have time to dial, I’ll also have time to tell someone where I am.

If I’m really bad, and the cell phone has a wait time, and I pass out before they pick up, I could be screwed. But I can’t really imagine many scenarios where that’s the case. What’s going to happen to me while home? I could get burnt, fall, inhale bad chemicals, etc. Most cases I can think of, either I pass out immediately and can’t get to a phone anyhow, or I’m pretty much conscious, so I have time. I have to say, in the nearly 30 years I’ve been alive, I’ve never had that kind of problem.

It only has to happen once, sure, but risk analysis is all about probabilities. Essentially, keeping a landline around for that specific reason is a form of insurance–it’s a bet that something might happen to you and a way for you to stop it. I think I’d rather buy renter’s insurance, or disability insurance.

I’m sure the case may be different for different demographics. Your elderly grandmother is more at risk, but then again, with a stroke or heart attack or broken hip, they aren’t getting time to call 911 anyway. People who have those risks find more comprehensive options, such as a special device they wear at them at all times, linking to the landline to call 911. And that’s an age group that, by and large, hasn’t given up their landlines anyway.

Here is the original:
Do People Need Landlines for Emergency 911 Calls?


Why Renters and Young Adults Go Cell-Phone-Only: Mobility and Privacy

No Comments

Ars had an article today giving a fascinating statistic: 20% of all U.S. households rely exclusively on cell phones and have no land lines.

The main groups that make up that 20% are youth aged 18-29, one third of which are cell-phone-only, and adults that share housing, of which 60% use only cell phones. Additionally 25% of all Hispanics are also wireless-only.

Their data is good, but their conclusions overlook the obvious. Ars says the groups that make up the 20% are “lower income.” That may be true, and the reasoning is solid: tech-savvy youth are adopting the trend, Hispanics are traditonally lower income, and the logic holds that it doesn’t make a lot of sense to pay for a landline if you can use a cell phone.

But for some reason, I’m guessing the writer of the article is a 40-something, U.S.-native, home owner long removed from the process of moving and sharing housing. Because economics and tech-savvy aren’t the only reasons why renters and youth rely on cell phones. I think mobility and privacy are actually the deciding factors, at least from my experience–being one of those 29-year-old renters who exclusively uses a cell.

If you’re sharing housing, having your own phone means you don’t have to rely on roommates to give you messages, and your roommates don’t hear your personal messages. And even if you don’t share housing, but you’re young or renting, you’re more likely to be moving from apartment to apartment every few years. It’s not always your choice–a landlord can just decide to kick you out so their friends can move in to your apartment. It’s happened to me.

If you buy into a landline, then you have to go through the hassle of calling the phone company, resetting the wires, and telling all your friends about your new phone number when you move. If you have a cell phone, it’s no hassle and no change– whether you move down the block or across the country, your friends still have your number and you still have theirs.

It was nice of Ars to notice the socioeconomic issue in this case, that renters, Hispanics, and youth are traditionally lower income. But if you ask many cell-only homes, many might say that a new landline would not be high on their list of their priorities if they did have money. Instead, the fact is that these groups are more mobile, move more often, and share living spaces with a greater number of people–so, they have different needs out of a phone service.

Case in point — in the last 6 years, since I’ve been out of college, I’ve moved 6 times, but not regularly once a year. Sometimes 10 months, sometimes 6, sometimes 18. I finally got a cell phone when I had to move from Santa Cruz to the South SF Bay area for work, and I needed a cell phone to call prospective housemates and landlords from Craigslist. Since then, I only had a landline once, when it was already installed in my new apartment because my housemate had set up DSL. Neither of us ever used the phone and it couldn’t make long distance calls. Since I got a cell phone, I’ve had the same phone number and it hasn’t been a hassle.

In fact, you’ll find that a growing number of youth and renters like me are not low-income groups. Affording to buy a condo or home has become cost-prohibitive, whether or not you make a decent wage, and jobs are not as secure as they once were. In this recession, people are valuing mobility because they may have to move to find work. Many young people and adults bounce from jobs to jobs every few years. However, loan agents often won’t take people unless they can show they have worked for the same employer for the last few years–whether or not they have made a steady, sufficient wage at a steady stream of jobs, as many young people have. In the age of pink slips and home foreclosures, fewer and fewer people can afford homes, and more and more people will value and demand mobility.

And, more and more people of all stripes will probably come to see that their land lines are obsolete.

Why Renters and Young Adults Go Cell-Phone-Only: Mobility and Privacy


In-Depth Anti-Virus Software Comparison

No Comments

While reading about the self-destruction of the Zeus botnet recently, I came across a link to this great comparison report from AV Comparatives that tested 17 popular anti-virus products on the market today.

The test appears to be quite comprehensive, and creates a rating for software based on their detection rates for malware, their speed in testing, and the rate of false positives that lower accuracy. Apparently this is an ongoing test performed four times a year, in February, May, August and November. The February 2009 test was the first in which the researchers calculated false positives and lowered the software scores based on that data.

The findings of the February 2009 test (No. 21) shows the following A/V products in the lead. They tested at an average or fast speed, with at least a 97% malware detection rate, and fewer than average false positives.

  • Kaspersky AV 8.0.506a
  • McAfee Virus Scan + 13.3.117
  • NOD32 Antivirus 3.0.684
  • Norton Anti-Virus

If you have one of these products, great! although, keep in mind that you would need to have the same version, testing at the same level, and just as up to date to achieve the same results.

Anti virus software that’s out of date, without the latest signatures, is just not going to be as effective… So, the word of the day: update, update, update.

Originally posted here:
In-Depth Anti-Virus Software Comparison


Older Entries