Archive for RB

| April 9, 2011
Comments Off on Cameron Diaz Most Dangerous Celebrity in Cyberspace

Cameron Diaz Most Dangerous Celebrity in Cyberspace

Charlie’s Angels and Shrek actressCameron Diaz Most Dangerous Celebrity in Cyberspace Cameron Diaz is the most dangerous celebrity in cyberspace according to the 4th annual McAfee Most Dangerous Celebrities study. Ms. Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee, Inc. (MCFE).

McAfee logoFor the fourth year in a row, McAfee researched popular culture’s most famous people to reveal the riskiest celebrity athletes, musicians, politicians, comedians, and Hollywood stars on the Web. “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.”

Cyber-criminals use celebrity as lure

Cyber-criminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content. “Cyber-criminals follow the same hot topics as consumers, and create traps based on the latest trends,” Dave Marcus, security researcher for McAfee Labs said, “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.

Cameron Diaz Most Dangerous Celebrity in CyberspaceMcAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a ten percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware. These fans are at risk of running into online threats designed to steal personal information. Clicking on these risky sites and downloading files like photos, videos, or screen savers exposes surfers or consumers to the risk of downloading viruses and malware.

Mr. Marcus continues, “ … consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.

The study uses SiteAdvisor site ratings, which indicates which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage.

 

1Cameron DiazSearching for Ms. Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, “Knight and Day” and “Shrek Forever After.” When “Cameron Diaz and screensavers” was searched, 19% of the sites were identified as containing malicious downloads
2Julia Roberts The Academy Award-winning actress is one of America’s sweethearts, and was recently in the spotlight with her upcoming release of “Eat, Pray, Love.” The overall risk of searching for Roberts is 9%, yet searching for “Julia Roberts and downloads” results in a 20% chance of downloading a photo, wallpaper or other file laden with malware.
3Jessica BielLast year’s Most Dangerous Celebrity fell 2 spots with searches resulting in fewer risky sites this year. Her on-again, off-again relationship with Justin Timberlake, keeps M. Biel iin the spotlight along with her 2010 appearance in “The A-Team.". While her overall search risk is 9%, searching for “Jessica Biel and screensavers” results in a 17% chance of landing on a risky site.
4Gisele Bündchen The world’s highest-paid supermodel moved up 2 spots since last year. Searching for “Gisele Bündchen and screensavers” can prove risky, 15% of the search results for this beauty can put spyware, malware or viruses on your computer.
5Brad Pitt Mr. Pitt is often in the spotlight with news of his movies and his personal life. It’s no wonder why this leading man has been in the top ten for the past 3 years. He moved up in rank 5 spots this year. Downloading photos, screensavers, or other files of the actor can potentially put adware or spyware in your computer.
6Adriana LimaSearching for downloads of this Brazilian beauty can direct users to red-ranked sites. Ms. Ms. Lima is best known for being a Victoria’s Secret Angel since 2000.
7Tie- Jennifer Love Hewitt and Nicole Kidman Searching for these Hollywood starlets resulted in an equal number of risky download websites.
8 Tom Cruise With recent buzz around his MTV Awards performance as well as his movie, “Knight and Day,” Mr. Cruise rises to the top ten.
9Tie - Heidi Klum and Penelope Cruz Both of these women are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Ms. Klum hosts “Project Runway” and Ms. Cruz has been in the spotlight recently for her role in the “Sex and the City 2” movie and is expected to star in the fourth film of the “Pirates of the Caribbean” series.
10Anna PaquinThis “True Blood” star is as dangerous on the Web as she is on the screen. Searching for screensavers of Ms, Paquin can lead you to downloads filled with malware.
49President Barack ObamaSearchs for Mr.Oboma is not that risky.His rank of 49 places him in the bottom of this year’s results, moving even lower on the list compared to last year.

rb-

McAfee released this celebrity list just minutes before it announced Intel was buying the company for nearly $8 billion.

Just pointing out the timing, maybe marketing is why McAfee was able to get $8 billion from Intel for the company.

What do you think?

Cameron Diaz? Really?

Is the anti-virus industry based on marketing?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| April 6, 2011
Comments Off on BP Data Spill

BP Data Spill

Data breachNational Public Radio (NPR) reports that British Petroleum‘s (BP) problems in the U.S. now include a data spill as well as the oil spill. BP is paying compensation amounting to $4,000,000,000 to victims of its mishap incident disaster in the Gulf of Mexico last summer. Now BP has lost the personally identifiable information (PII)  on approx. 13,000 of its victims are seeking compensation for oil spill damages. NPR reports that names, addresses, phone numbers, and social security numbers, were lost opening these people to identity theft.

BP Gulf of Mexico oil spillBP spokesman Curtis Thomas told NPR that the oil giant mailed letters to roughly 13,000 people whose data was stored on the missing computer, notifying them about the potential data security breach and offering to pay for their credit to be monitored. The company also reported the missing laptop to law enforcement, he said. The laptop was password-protected, but the information was not encrypted, Mr. Thomas said.

The employee lost the laptop on March 1 during “routine business travel,” said BP’s Thomas, who declined to elaborate on the circumstances. “If it was stolen, we think it was a crime of opportunity, but it was initially lost,” Thomas said. Asked why nearly a month elapsed before BP notified residents about the missing laptop, Mr. Thomas said, “We were doing our due diligence and investigating.”

Matt O’Brien, the part-owner of Tiger Pass Seafood, a shrimp dock in Venice, La., who said he had filed a claim with BP, told an AP reporter this was the first he had heard about the possible compromise of his personal information by BP. “That’s like it’s par for the course for them.” Mr. O’Brien said of BP, “They can’t seem to do nothing right.”

Once again, 13,000 lives are disrupted because a single laptop that was not encrypted, was lost or stolen “during routine business travel.” SophosNaked Security blog pointed out in 2008 that laptops are easy to lose. The security vendor cited a survey that found that 12,000 laptops are lost every week at U.S. airports alone.

In that 2008 survey, almost three years ago now, 53% of people said that their laptops contained confidential business information, with two-thirds having taken no measures to secure their data. Clearly, some companies still aren’t taking proper measures.

rb-

As BP again has demonstrated, we all need to lift our game, As Sophos says, even if your organization is willing to take risks with your own data, firms have a clear moral duty not to take risks with data you keep about other people.

During these economic times, many organizations are saving a few pennies by doing as little as possible about encryption-related security. Why not consider the value of encryption to your business, instead of considering only the cost?

What do you think?

Oil spills, Data spills, Outrageous gas prices – Is BP out to get the U.S.?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , ,
| April 5, 2011
Comments Off on Barracuda Networks No Limits tour in Ann Arbor

Barracuda Networks No Limits tour in Ann Arbor

Attended the Barracuda NetworksNo Limits” tour in Ann Arbor on Friday. Good presentations and good food!

They have grown beyond the spam firewall.

Barracuda Bus in Ann Arbor

Cudos to ‘Cuda for supporting Michigan.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| April 4, 2011
Comments Off on IPv4 Address Worth $11.25

IPv4 Address Worth $11.25

IPv4 Address Worth $11.25Now that the last IPv4 addresses are gone, the Internet numbers are increasing in value. Microsoft is spending $7.5 million for 666,625 IPv4 addresses from Nortel (NRTLQ). As Google (GOOG) and Apple (AAPL) fight over Nortel’s 4G bones (which I noted earlier), DownloadSquad reports that Microsoft (MSFT) jumped all over Nortel’s stash of IPv4 addresses when they became available for purchase through bankruptcy proceedings.

NORTELMicrosoft ponied up $7.5 million for the Nortel pool, which works out to $11.25 per IP address. There were 13 other interested buyers, but only Microsoft and three others actually submitted bids according to DownloadSquad. With the last block of IPv4 addresses already issued (which I wrote about when it happened), snatching up over 666,000 IPv4 addresses in one fell swoop is a smart move by Microsoft.

rb-

Microsoft CEO Steve BallmerCould Ballmer‘s boys be planning a cloud-based IPv6 <–> IPv4 transition service?

Are they trying to jump-start an IPv4 address space underground economy?

As the authors say, we’ll just have to wait and see.

What do you think?

What is Redmond up to?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| April 2, 2011
Comments Off on Adobe Notes

Adobe Notes

Malicious PDF Files Becoming the Attack Vector of Choice

Adobe PDF ZDNet points out a report from Symantec’s MessageLabs that malicious PDF files outpace other malicious attachments used in targeted attacks and now represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.

The report says that office-based file formats are a popular and effective choice used in some targeted attacks. Cybercriminals attempt to bypass spam and email filters by distributing the ubiquitous PDF that is often allow to pass through these layers of protection. In 2009, about 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010, an increase of 12.4%. MessageLabs Intelligence Senior Analyst, Paul Wood says,

PDF-based targeted attacks are here to stay, and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware

Adobe Posts Its First Billion-Dollar Quarter

The New York Times reports that the software maker Adobe posted its first $1 billion quarter in Q4-2010. Revenue rose 33 percent to $1.01 billion from $757 million last year. Adobe, which is based in San José, CA makes Photoshop, Acrobat, and Flash software.

Targeted attacks exploiting PDF bugs are soaring

Help Net Security reports that Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Help Net Security references a report from F-Secure’s Lab which says that Adobe Reader exploits are becoming the weapon of choice for many cybercriminals.

F-Secure

This makes patching and updating eminently important. As an example the latest critical vulnerability (CVE-2010-0188) which Adobe warned users to update the software to the latest version. Users who missed the memo are vulnerable, F-Secure (FSC1V) warns it is being exploited in the wild.

Upon loading the PDF file, an embedded executable is dropped on the victim’s hard disc and it immediately tries to connect with tiantian (.) ninth (.) biz to download other files.

F-Secure has warned long ago about security problems plaguing Adobe’s most famous software. The security firm has even advised users to start using an alternative PDF reader. According to Help Net Security Adobe’s, decision to schedule their updates to follow Microsoft’s Patch Tuesday is a step in the right direction.

Malicious PDF spam with Sality virus

Help Net Security highlights a Sophos warning that a malicious email containing the following text has been dropped into inboxes around the world:

Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok..

Sophos logoYou surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls(.)pdf attachment, but don’t let your innate curiosity get the better of you.

The attached file can exploit a vulnerability in how Adobe Reader handles TIFF images and proceeds to download and execute a Trojan that loads the Sality virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit, and kills anti-virus applications.

Sophos reminds everyone that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.

Adobe, The New King Of Security Holes

Information WeekAdobe reports that Microsoft (MSFT) has spent more than a decade improving its secure software development and its response to security exploits. As a result, Microsoft is losing the lead in security vulnerabilities and being replaced by Adobe (ADBE).

With Microsoft’s improved response to security holes, the pickings in Windows itself are getting slimmer. Attackers don’t have brand loyalty, so they’ve moved on to another company with lots of PC installed base: Adobe. Security holes are being exploited in Adobe Reader and Illustrator. Adobe makes this problem worse because it has bundled unwanted applications and their AIR software platform with their free applications like Adobe Reader. Adobe is looking to create an attractive installed base for their developers, but they are also creating an attractive attack surface for the bad guys.

Protecting yourself from Adobe’s security holes can be difficult.  There are non-Adobe solutions such as Foxit Reader, which is much faster and lighter than Adobe Reader but has had problems with  PDF documents with editable fields. InfoWeek provided some specific tips that may help avoid security problems.

  • Uninstall any Adobe Reader version earlier than 9,  and install version 9.
  • With ver. 9 go to the Edit/Preferences menu. Make sure that Security(Enhanced) is turned on; (Adobe ships it turned off).
  • Launch the Updater and be sure you’re checking for updates, install updates ASAP.
  • Go to Trust Manager and uncheck the option for “Allow opening of non-PDF file attachments.”
  • Finally, unless you know you need JavaScript in your Acrobat documents, disable JavaScript.
  • RB- Don’t go to ver. 10, I hate it.
Related articles
  • Iranian Nuclear Program Used as Lure in Flash-based Targeted Attacks (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »