Tag Archive for Security

| April 9, 2011
Comments Off on Cameron Diaz Most Dangerous Celebrity in Cyberspace

Cameron Diaz Most Dangerous Celebrity in Cyberspace

Charlie’s Angels and Shrek actressCameron Diaz Most Dangerous Celebrity in Cyberspace Cameron Diaz is the most dangerous celebrity in cyberspace according to the 4th annual McAfee Most Dangerous Celebrities study. Ms. Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee, Inc. (MCFE).

McAfee logoFor the fourth year in a row, McAfee researched popular culture’s most famous people to reveal the riskiest celebrity athletes, musicians, politicians, comedians, and Hollywood stars on the Web. “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.”

Cyber-criminals use celebrity as lure

Cyber-criminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content. “Cyber-criminals follow the same hot topics as consumers, and create traps based on the latest trends,” Dave Marcus, security researcher for McAfee Labs said, “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.

Cameron Diaz Most Dangerous Celebrity in CyberspaceMcAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a ten percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware. These fans are at risk of running into online threats designed to steal personal information. Clicking on these risky sites and downloading files like photos, videos, or screen savers exposes surfers or consumers to the risk of downloading viruses and malware.

Mr. Marcus continues, “ … consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.

The study uses SiteAdvisor site ratings, which indicates which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage.

 

1Cameron DiazSearching for Ms. Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, “Knight and Day” and “Shrek Forever After.” When “Cameron Diaz and screensavers” was searched, 19% of the sites were identified as containing malicious downloads
2Julia Roberts The Academy Award-winning actress is one of America’s sweethearts, and was recently in the spotlight with her upcoming release of “Eat, Pray, Love.” The overall risk of searching for Roberts is 9%, yet searching for “Julia Roberts and downloads” results in a 20% chance of downloading a photo, wallpaper or other file laden with malware.
3Jessica BielLast year’s Most Dangerous Celebrity fell 2 spots with searches resulting in fewer risky sites this year. Her on-again, off-again relationship with Justin Timberlake, keeps M. Biel iin the spotlight along with her 2010 appearance in “The A-Team.". While her overall search risk is 9%, searching for “Jessica Biel and screensavers” results in a 17% chance of landing on a risky site.
4Gisele Bündchen The world’s highest-paid supermodel moved up 2 spots since last year. Searching for “Gisele Bündchen and screensavers” can prove risky, 15% of the search results for this beauty can put spyware, malware or viruses on your computer.
5Brad Pitt Mr. Pitt is often in the spotlight with news of his movies and his personal life. It’s no wonder why this leading man has been in the top ten for the past 3 years. He moved up in rank 5 spots this year. Downloading photos, screensavers, or other files of the actor can potentially put adware or spyware in your computer.
6Adriana LimaSearching for downloads of this Brazilian beauty can direct users to red-ranked sites. Ms. Ms. Lima is best known for being a Victoria’s Secret Angel since 2000.
7Tie- Jennifer Love Hewitt and Nicole Kidman Searching for these Hollywood starlets resulted in an equal number of risky download websites.
8 Tom Cruise With recent buzz around his MTV Awards performance as well as his movie, “Knight and Day,” Mr. Cruise rises to the top ten.
9Tie - Heidi Klum and Penelope Cruz Both of these women are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Ms. Klum hosts “Project Runway” and Ms. Cruz has been in the spotlight recently for her role in the “Sex and the City 2” movie and is expected to star in the fourth film of the “Pirates of the Caribbean” series.
10Anna PaquinThis “True Blood” star is as dangerous on the Web as she is on the screen. Searching for screensavers of Ms, Paquin can lead you to downloads filled with malware.
49President Barack ObamaSearchs for Mr.Oboma is not that risky.His rank of 49 places him in the bottom of this year’s results, moving even lower on the list compared to last year.

rb-

McAfee released this celebrity list just minutes before it announced Intel was buying the company for nearly $8 billion.

Just pointing out the timing, maybe marketing is why McAfee was able to get $8 billion from Intel for the company.

What do you think?

Cameron Diaz? Really?

Is the anti-virus industry based on marketing?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| April 5, 2011
Comments Off on Barracuda Networks No Limits tour in Ann Arbor

Barracuda Networks No Limits tour in Ann Arbor

Attended the Barracuda NetworksNo Limits” tour in Ann Arbor on Friday. Good presentations and good food!

They have grown beyond the spam firewall.

Barracuda Bus in Ann Arbor

Cudos to ‘Cuda for supporting Michigan.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| April 2, 2011
Comments Off on Adobe Notes

Adobe Notes

Malicious PDF Files Becoming the Attack Vector of Choice

Adobe PDF ZDNet points out a report from Symantec’s MessageLabs that malicious PDF files outpace other malicious attachments used in targeted attacks and now represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.

The report says that office-based file formats are a popular and effective choice used in some targeted attacks. Cybercriminals attempt to bypass spam and email filters by distributing the ubiquitous PDF that is often allow to pass through these layers of protection. In 2009, about 52.6% of targeted attacks used PDF exploits, compared with 65.0% in 2010, an increase of 12.4%. MessageLabs Intelligence Senior Analyst, Paul Wood says,

PDF-based targeted attacks are here to stay, and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware

Adobe Posts Its First Billion-Dollar Quarter

The New York Times reports that the software maker Adobe posted its first $1 billion quarter in Q4-2010. Revenue rose 33 percent to $1.01 billion from $757 million last year. Adobe, which is based in San José, CA makes Photoshop, Acrobat, and Flash software.

Targeted attacks exploiting PDF bugs are soaring

Help Net Security reports that Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Help Net Security references a report from F-Secure’s Lab which says that Adobe Reader exploits are becoming the weapon of choice for many cybercriminals.

F-Secure

This makes patching and updating eminently important. As an example the latest critical vulnerability (CVE-2010-0188) which Adobe warned users to update the software to the latest version. Users who missed the memo are vulnerable, F-Secure (FSC1V) warns it is being exploited in the wild.

Upon loading the PDF file, an embedded executable is dropped on the victim’s hard disc and it immediately tries to connect with tiantian (.) ninth (.) biz to download other files.

F-Secure has warned long ago about security problems plaguing Adobe’s most famous software. The security firm has even advised users to start using an alternative PDF reader. According to Help Net Security Adobe’s, decision to schedule their updates to follow Microsoft’s Patch Tuesday is a step in the right direction.

Malicious PDF spam with Sality virus

Help Net Security highlights a Sophos warning that a malicious email containing the following text has been dropped into inboxes around the world:

Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok..

Sophos logoYou surely don’t remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls(.)pdf attachment, but don’t let your innate curiosity get the better of you.

The attached file can exploit a vulnerability in how Adobe Reader handles TIFF images and proceeds to download and execute a Trojan that loads the Sality virus into your system’s memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit, and kills anti-virus applications.

Sophos reminds everyone that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette – the odds are stacked heavily against you.

Adobe, The New King Of Security Holes

Information WeekAdobe reports that Microsoft (MSFT) has spent more than a decade improving its secure software development and its response to security exploits. As a result, Microsoft is losing the lead in security vulnerabilities and being replaced by Adobe (ADBE).

With Microsoft’s improved response to security holes, the pickings in Windows itself are getting slimmer. Attackers don’t have brand loyalty, so they’ve moved on to another company with lots of PC installed base: Adobe. Security holes are being exploited in Adobe Reader and Illustrator. Adobe makes this problem worse because it has bundled unwanted applications and their AIR software platform with their free applications like Adobe Reader. Adobe is looking to create an attractive installed base for their developers, but they are also creating an attractive attack surface for the bad guys.

Protecting yourself from Adobe’s security holes can be difficult.  There are non-Adobe solutions such as Foxit Reader, which is much faster and lighter than Adobe Reader but has had problems with  PDF documents with editable fields. InfoWeek provided some specific tips that may help avoid security problems.

  • Uninstall any Adobe Reader version earlier than 9,  and install version 9.
  • With ver. 9 go to the Edit/Preferences menu. Make sure that Security(Enhanced) is turned on; (Adobe ships it turned off).
  • Launch the Updater and be sure you’re checking for updates, install updates ASAP.
  • Go to Trust Manager and uncheck the option for “Allow opening of non-PDF file attachments.”
  • Finally, unless you know you need JavaScript in your Acrobat documents, disable JavaScript.
  • RB- Don’t go to ver. 10, I hate it.
Related articles
  • Iranian Nuclear Program Used as Lure in Flash-based Targeted Attacks (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| March 28, 2011
Comments Off on Cyber Attack on Google, Yahoo, Skype Certs

Cyber Attack on Google, Yahoo, Skype Certs

TechyEye says that the Iranian paramilitaryBasij” group appears to have its own cyber warfare division which is launching attacks on the websites of Iran’s “enemies.” TechEye says the paramilitary group is an arm of the Revolutionary Guard.

Iran flagThe Associated Press cites General Ali Fazli, acting commander of the Basij, in the state-owned IRAN paper as saying Iran’s cyber army consists of university teachers, students, and clerics. He said its attacks were a retaliation for similar attacks on Iran. The AP quotes Fazli, “As there are cyber attacks on us, so is our cyber army of the Basij, which includes university instructors and students, as well as clerics, attacking websites of the enemy … Without resorting to the power of the Basij, we would not have been able to monitor and confront our enemies.”

Iran has sought to master the digital world as a crucial step to prepare for what it calls “soft war”, which includes fighting against cyber attacks such as the Stuxnet computer worm that Iran said was aimed at sabotaging its uranium enrichment program.

Until now the secretive “Cyber Army” that emerged to fight opposition websites and blogs after President Mahmoud Ahmadinejad’s disputed re-election in 2009 was believed to be part of the Revolutionary Guard. However in February according to the AP, General Mohammad Ali Jafari, signaled that the Revolutionary Guard supports the cyber army, describing it as a “defensive, security, political and cultural need for all countries”. Jafari claimed at the time that the Guard has been successful in cyber warfare.

Comodo logoIn another article TechEye recounts a possible Iranian cyber-warfare success. The article identifies Iran as the “state player” which hacked important Certificate Authority (CA) certificate information at Comodo. Digital certificates are used to vouch for the authenticity of a site owner and secure encrypted communications between sites and their users. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals’ accounts, Mikko H. Hypponen, chief research officer at F-Secure, said in a blog post.

Security researcher and Tor developer Jacob Appelbaum found the compromise and alerted  Google and Mozilla.  USERTRUST Network, a part of Comodo issued the compromised certificates. Writing from his blog Mr. Appelbaum initially suspected the hack “was taken by a state-level adversary.” Comodo confirmed the attack and issued a statement naming Iran as the country it suspects. According to the Comodo blog, the incident happened on March 15th, when unknown attackers managed to get access to one of the user accounts for the RA.

An attacker obtained the username and password of a Comodo Trusted Partner in Southern Europe.  We are not yet clear about the nature or the details of the breach suffered by that partner other than knowing that other online accounts (not with Comodo) held by that partner were also compromised at about the same time.

The attacker used the username and password to log in to the particular Comodo RA account and effect the fraudulent issue of the certificates.

F-Secure logoAccording to F-Secure, the targets included Google (GOOG), Microsoft (MSFT), and Yahoo (YHOO):

  • login.live.com,
  • mail.google.com,
  • www.google.com,
  • login.yahoo.com,
  • login.skype.com,
  • addons.mozilla.com, and
  • “Global Trustee.”

Google patched Chrome last week and Mozilla managed to include the blacklist in Firefox 4.

rb-

It appears that Comodo did the right thing and made a responsible disclosure. According to reports, immediately after the breach was identified, they contacted the browser publishers and domain owners and filled them in on the situation.

As for the why? There is speculation that the Iranians wanted to control their internal dissidents. If they compromise the certificates, they could set up man-in-the-middle attacks by faking some of the world’s leading sites.

Some are speculating that it was China and not Iran behind this attack. The logic being, if they are good enough to take out a security company’s certificates, they are smart enough to spoof a few IP addresses as a decoy for investigators.

What do you think?

Did Comodo act fast enough?

Are Certificate Authority structures to complex for their own good?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| March 26, 2011
Comments Off on iPad Notes

iPad Notes

Researchers Outline iOS Attack to Access Stored Passwords in Six Minutes

Researchers Outline iOS Attack to Access Stored Passwords in Six MinutesFierceCIO reports that researchers from Germany’s Fraunhofer Institute for Secure Information Technology say (PDF) they can break into an Apple (AAPL) iOS device (iPhone or iPad) to extract stored passwords in just six minutes. The attack requires physical access to the iOS device. Once boosted, large swaths of the iOS file system could be swiftly pried open by hackers.

Data that can be exploited include account passwords for MS Exchange ActiveSync, LDAP, VPN, and Wi-Fi. A successful attack starts with a jailbreak, followed by installing an SSH server to load a script to get access to the keychain entries which contain the passwords.

Based on this weakness, the author says that iOS needs work, “… a proper implementation of security using best practices could require a rewriting of key security components in Apple’s iOS.” He concludes that “… organizations deploying the iOS hardware at the moment might find it prudent to perform encryption at the app level instead of relying on the iPhone’s or iPad’s broken passphrase system.”

iPhone Password Hack Shows Flawed Security Model

iPhone Password Hack Shows Flawed Security ModelArs Technica has a different article on the latest iOS vulnerability. Ars argues that the attack isn’t entirely new, and is actually a product of Apple’s “DRM approach” to security. Forensics expert Jonathan Zdziarski told Ars that similar exploits have been around since Apple introduced the iPhone 3G. According to Mr. Zdziarski,

The real problem is that Apple hasn’t yet fully implemented a truly secure environment for iOS. Apple has … been relying on their DRM know-how, and just erasing the label that says ‘DRM’ and calling it ‘security. The problem with this is that DRM only makes things a little more difficult for hackers.”

“Real security relies on the strength of the key, and the secrecy of the key,” Mr. Zdziarski continued. “And as long as the keys are all stored on the iPhone and don’t rely on a user password, they can easily be compromised.”

The Ars article says that while Apple has continually improved the iDevices information security, they all have the same flaws. Mr. Zdziarski told Ars he believes Apple is pushing to make iOS devices compliant with the FIPS 140-2 (PDF) security standards. However, he warns that. “… at the end of the day … Apple will need to abandon their DRM approach if they want true security, as opposed to just some fancy marketing strategies.”

VMware Unleashes Virtual Desktops for Apple iPad

VMware Unleashes Virtual Desktops for Apple iPadNetwork World is reporting that VMware (VMW) has released VMware View Client for iPad to the Apple App Store. “We’ve been working on it since the middle of last year,” says Pat Lee, director of end-user computing clients at VMware.

VMware said it had trouble making Windows work as a virtual desktop on the iPad. “Windows really isn’t touch-savvy,” Lee says. VMware tried to adapt the iPad experience to Windows. “We spent a lot of time building custom gestures to make sure it blends into the iOS experience,” Lee says.

VMware created a virtual trackpad that can appear on the screen. “We want it to be as logical as possible,” Lee says. VMware promised “instant-on” access to Windows desktops from the iPad, as well as support for Bluetooth keyboards. VMware is using  PCoIP to deliver the remote desktops and says the client will offer a secure connection to server-hosted desktops.  The View client for iPad will be free for existing users, who are charged either $150 or $250 per seat.

The VMware announcement comes after Citrix (CTXS)  released Receiver for iPad, and Parallels developed Parallel’s Mobile, an iPad desktop application.

Contracts HD for iPad: Give Contracts the Finger

Contracts HD for iPad: Give Contracts the FingerHat tip to AppScout for finding Contracts HD for iPad. They say that it is one of those apps that is breathing life into the existence and usefulness of the tablet device. Contracts HD is designed to allow any Apple (AAPL) iPad user to create, collaborate, sign, and email completed contracts using iPad’s dynamic touch-screen interface. The app also provides a database of contract templates for which anyone can add an addendum to all existing contracts, auto-fill appropriate fields within the contract with your exact information, and allows both parties to sign contracts safely and securely by using a fingertip.

Once the contract is signed, and all parties have received their PDF copies via email, you can save contracts to a secure archive for easy access later. Contracts HD also has a little brother app for iPhone that enables you to synchronize contracts between devices.  Contracts HD for iPad is $9.99 in the iTunes App Store ($4.99 for the iPhone version).

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »