The anatomy of Flashfake
Every time there is an article on a new Microsoft trojan the comments area is always littered with the predictable
sanctimonious entry from a Mac user. It seems that the "Times They Are a-Changin'" and our
pretentious friends will now have to be a little more alert to the dangers of Malware.
Alexander Gostev [Kaspersky]
examined the Flashback/Flashfake trojan that recently infected 600,000 Mac OS X systems.
He details how specially crafted WordPress pages were used to attack Mac users with four different Java
applets, initially in order to install a custom downloader.
Find out here if your Mac is infected – and welcome to the club.
Eugene Kaspersky has stated that the Apple is ten years behind Microsoft in terms of security.
Malware was always going to become a growing concern for Mac users, and if you own a Mac it might be time to start
thinking seriously about security. Read the article
here.
If It Ends in .Com, It's .Seizable
When U.S. authorities shuttered sports-wagering site Bodog.com, it raised eyebrows across the net because the
domain name was registered with a Canadian company, ostensibly putting it beyond the reach of
the U.S. government. Working around that, the feds went directly to VeriSign.
The controversy highlights the unique control the U.S. continues to hold over key components of the global
domain name system, and rips a Band-Aid off a historic sore point for other nations.
That cemented control of all-important .com and .net domains with a U.S. company – VeriSign – putting every
website using one of those addresses firmly within reach of American courts regardless of where the owners
are located – possibly forever. VeriSign, for its part, said it is complying with U.S. law.
Read the full story at Threat Level
here.
EasyDNS, an internet infrastructure company, protested that the "ramifications of this are no less than chilling and
every single organization branded or operating under .com, .net, .org, .biz etc. needs to ask themselves about their
vulnerability to the whims of U.S. federal and state lawmakers".
But despite the outrage, the U.S. government says it's gone that route hundreds of times. Furthermore, it says it has the
right to seize any .com, .net and .org domain name because the companies that have the contracts to administer them are based
on United States soil.
The controversy highlights the unique control the U.S. continues to hold over key components of the global domain name system.
Take a look at the list
here of all the TLD's that are
controlled from within the US. Using it's usual
bully boy tactics, the US, in its belief
that it rules the world, can bring the internet to a virtual stop. In 2008 the state of Kentucky tried to
seize 141 domain names and in 2007
Dell filed suit against three domain registrars. There have been many such incidents, but as we all know, the US is always right
and never makes mistakes.
Why should I care?
Many of you use websites for storage of various items – photos, information, backups. As is you didn't have enough
problems with security, you now have the added problem of losing everything because the US "didn't make another
mistake ". At this website we are all about prevention. While access to your stored materials from different sources and
locations is very convenient, please make sure that this is not your only depository. Make sure you have physical backups
on external hard drives or bluray discs – not sitting alongside your computer but somewhere safe.
Antivirus Apps For Android
I don't do mobiles at this website – but, and there is always a but – my wife needed something for her phone.
While I am a strange creature in that I only use my mobile for phone calls, others make use of all the options available to them.
One of those options is to be a target for malware. So, reluctantly, I did a quick search to find that someone had just the hard
work for me. Independent test lab AV-Test.org
released
the results [PDF] of their first Android antivirus test. Only 3 products scored 100%, and they were of course, three of
the best known names in security. You decide which product to use.
And, while I'm on the subject of mobile phones...
Are mobile password apps pointless? Yes, so it seems.
This report analyzed 17 popular password management
apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single
password keeper app provides a claimed level of protection. But,
this pattern screen lock
provided such an effective barrier to unauthorized access that even the FBI is forced ask Google for help in unlocking a phone.
Security pros say that hackers have the upper hand
The numbers don't lie: now, more than ever,
security professionals feel outgunned by attackers
and the level of automation employed in most campaigns against enterprise IT infrastructure.
RSA has advised security professionals that the new fact of life for IT organizations is a state of persistent, dynamic, intelligent
threats in which it is no longer a matter of if an organization will be compromised,
but more likely when and how.
How safe do you think
your details are now?
All the large companies use the same line.
You can trust us.
We own lease space in a big building.
As well as being very prudent where you use your credit cards, or reveal any personal details about yourself, you must also
be vigilant in your daily online activities.
Most users
get hacked at high rates
even when they do not think they are engaging in risky behavior. Social networks make obtaining sensitive background information
on people as a prelude to stealing their identities – and running attacks on corporations –
easier than ever before.
Microsoft's Security Intelligence Report [volume 11] found that less than 1 percent of exploits in the first half of 2011 were
against zero-day vulnerabilities. In contrast, 99
percent of all attacks during the same period distributed malware through familiar
techniques, such as social engineering and unpatched vulnerabilities.
You can have no expectation of privacy for anything you put on the internet.
Months of investigations by the Guardia Civil in Spain, the FBI and security firm Panda Security and
Defence Intelligence, led to the
takedown of the 12.7 million strong Mariposa botnet.
Spanish police said they recovered the personal details of 800,000. This was a very large takedown
that took months of work but has only made a minor dent in our security problems.
The Rustock botnet, made up of an estimated 815,000 compromised computers, which was responsible at its height for
sending 30 billion spam emails a day,
also went silent.
The 2.3 million Coreflood botnet has also been disabled.
The takedown of the Rustock botnet earlier this year has had ripple effects throughout the malware and spam
ecosystems, with some large reductions in spam levels and attacks. However, some of the components of the malware
machine driven by Rustock are beginning to come back online now. Researchers say that the
Harnig
pay-per-install malware is making a comeback.
As researchers and law enforcement agencies have become more active in their fight against botnets by working with
hosting providers and obtaining warrants to take over those servers, life has become more and more difficult for
botnet operators. Those obstacles clearly extend to the affiliate networks and pay-per-install malware gangs
putting pressure on those groups to find new ways to turn a profit.
Security is a process, not a product
The ability to use the internet while staying secure has always been a concern.
The online threat landscape is changing, and it is critical for computer users
to arm themselves against these threats that put their digital lives at risk.
Cybercriminals are now much more sophisticated and the security threats are becoming
more malicious and pervasive. They are also targeting users
where they feel safe – their mobile devices and their social networking sites.
When we purchase a motor vehicle we realise that a certain amount of maintanance will
be required. Auto maintenance is the act of inspecting or testing the condition of car
subsystems (engine) and servicing or replacing parts and fluids. Regular
maintenance is critical to ensure the safety, reliability, drivability, comfort and
longevity of a car. The problem for home computer users arises when that maintanance
is due. While auto owners are willing to have their vehicles serviced regularly, they
consider their computers as self sustaining. Most owners do nothing
(or very little) to ensure the "safety, reliability, drivability, and
longevity" of their computer. The safety aspect can be automated (to a certain
extent) with the use of a
Software Inspector and Windows Update.
They will help to reduce the security risk but a certain amount of effort will also be
required from the computer user. Although you are able to have your car serviced at
home or at work there are still functions you must perform. You must still manually
fill your car with fuel when required. You perform this task without giving it a second
thought because you realise that if your car runs out of fuel it will stop. Now give a
thought to what would happen if someone stole your identity or accessed your financial
details and stole your money. Your life will not stop, but it will certainly feel like it.
The bottom line is that your computer is not a "set and forget" piece of equipment.
It will require some input from you.
It is vital that you give it that input.
That is why now,
more than ever, there is a definite
need to create and maintain a culture of security.
We are under a constant barrage of
threats, many of these due to the software (Java, Real Player, Adobe Reader and Flash Player) we
run on our computers. Those of you that visit and purchase goods from
e-commerce Web sites
must also be very alert.
We've been able to change our approach to various things by listening to reinforcing messages.
Seat belts – terrific example. When seat belts first came out, they were a pain in the ass.
Everyone wanted to take them out of their car. Now, you don't even think about it.
You get in your car and you buckle up.
It's now the time to approach computer security in the same way. If you conduct any sort of
business online, and that includes banking or bill paying, then you must take a serious
approach to security, or pay a heavy [financial] price.
At this site you will find information on how to help you:
- become anonymous
- secure your communications from third parties
- protect your computer files
- avoid email and Internet crime and scams
- keep thieves from secretly tracking your keystrokes
- knock out viruses, worms and trojans
- erase data for good before giving away an old computer
- limit access to your computer from family, workers, and friends
- not become a victim of identity theft
- as well as many other important security aspects that may arise when you are on the Internet
Anonymity
Browse the web with complete Anonymity!
Learn to give sites you visit the appearance that you reside in
a foreign country. Get through to web sites blocked by your ISP. Visit the web sites you
want to with ease. There are many reasons to hide your real identity when you use the Internet.
You might want to protect yourself against an oppressive government, or post personal messages to a
Usenet newsgroup without identifying yourself to the whole world.
The anonymity index covers instructions and explanations
on how to be anonymous on the Net. Several options are available, ranging from simple
pseudonymous servers to the almost impregnable anonymity offered by Mixmaster remailers.
Privacy
Although everyone takes privacy in normal life for granted, trying to get the same level
of privacy on the Internet (or even on your own computer) is a little less accepted,
and sometimes a bit more complicated. While the general attitude is hard to change,
many ways exist to enhance your privacy online.
Steganography takes one piece of information and hides it within another. Computer files contain unused or
insignificant areas of data. Steganography takes advantage of these areas, replacing them with information.
These files can then be exchanged without anyone knowing what is really inside of them.
Learn how its done here.
Security
When dealing with computers, security and privacy are almost synonyms. This explains why the
security index has some overlap with the privacy section. However, protecting your site against
unauthorized intruders is a very important aspect of security.
The security risks associated with SPYWARE are becoming more serious
and widespread each day. This section also offers programs to wipe sensitive files
from your computer. It also lists various FAQs and
indices for security protocols.
Miscellaneous Tips
Webcams. Most of us never use them. If you are on of the few that does, then
be careful.
If, like me, you never use the webcam, then
disable it.
Spam
What is it?
How do they do it?
What do I do about it?
This is the spam tutorial.
Passwords
Despite the huge advances in security technology, we have not yet found a true substitute
for passwords. They remain pivotal to any security system.
Most people are too predictable in their choice of passwords. Left to their own devices,
they often choose a password that is to short or to easy to guess.
So, where do we start?
Internet Fraud
The Internet is now a dangerous place to visit.
Just as there are areas in many cities it is unwise to visit, the same now applies to the Internet. The big difference is that you are
probably aware of where not to go in the city. Not so on the Internet. On the Internet, these places mask themselves as providers of
services you may think you need.
The more you use the internet, the more you appreciate its convenience and access to services like banking and shopping. Unfortunately,
the internet is also exploited for frauds that can sometimes look surprisingly genuine.
Viruses earn no money, but rogue software does.
The sole purpose of all these scam websites [and fraudulent emails] is to access your financial details.
If you conduct any financial transactions online [banking – shopping – billpaying] you must be very diligent.
Also – let's set the record straight here and now about emails!
#
No financial institution – bank, eBay, PayPal, Visa – will ever send you an email asking you to renew your password or to verify/update
your account. Microsoft also never sends updates via email. If you ever receive emails like these, they are fakes – DELETE them.
These are "phishing" scams - the use of email, to lure computer users to click a link which will then take them to
look-alike websites, where they are deceived into downloading software that will reveal your personal financial data.
#
Also very popular is the ploy of displaying pop ups indicating you may be infected with a virus. You are then encouraged to
download a virus remover, which, in fact, instals malware onto your computer.
No genuine providers of anti virus/spam/malware products ever use this method to promote their product.
If it pops up – it's a fake, and
it spells trouble. These rogue providers also use many other methods to try and entice or scare you into downloading their malware.
Your computer may be infected with Spyware, Viruses or Trojans by just visiting a website that's been exploited with
malware – either accidentally or deliberately.
Take the tests
Of course, you may think that you are smart enough to avoid all these dangers.
Then, why not try this test:
#OnGuard Online
#Bright Hub
#OpenDNS Phishing Quiz
Learn more on Internet Fraud HERE
Parents
The Internet is a great resource for kids; it's not only educational but also used for
entertainment, communication and interaction with others. As a parent, you must be concerned
with the dark side of the Internet. If you are tired of encountering websites that you want
to prevent your family from seeing, or are concerned about the negative effects that the
Internet may have on your children, then these programmes allow you to control what you and
your family see on the Internet. What I refer to as "Parental Control Software" is becoming
common place in homes with both young and teenaged children.
Setting up your new computer
Just bought a new PC or upgrading your current setup.
Don't know where to begin?
This guide will walk you through the steps to configure your PC into a usable and safe workstation.
Of course, not everyone has the exact same needs.
This is just a guide to get you started.
Facebook
 Last and least is Facebook. Social networking sites
are a
security disaster waiting to happen.
Type "facebook security issues" into a search engine then wade through over 2 million results. There probably are situations
where a Facebook page is helpful, but does your dog, or cat, really need
their own page? Facebook is an ongoing security
nightmare with countless websites and blogs dedicated to
Facebook security.
Facebook activities have grown in popularity along with its social networking site. However, many cases involve potential grooming
offences which use the Facebook platform need to be investigated. As various activities such as instant chats, wall comments and
group events could create a number of footprints in different memory locations, the purpose of
this study [Facebook Forensics] is to discover
their evidences on various platforms or devices. Facebook has revealed that every 24 hours
600,000 Facebook accounts are subject to
attempted hacking or violation.
Cloud computing
Cloud computing is the delivery of computing as a service rather than a product. It is a general term for the various components
that are available. With cloud computing becoming increasingly
popular, sensitive information is being shared daily that may be accessed by an unauthorized visitor.
Dropbox is one of the tools available online today and is in many ways the first step in cloud computing. Sadly the
question of the
security and
privacy of users files is in question. All cloud computing services have serious security qustions that need to be answered. The
security pros would have you believe that everything is
under control, but as we know, their
past history leaves a lot to be desired.
|
Vanish.Org |
Copyright © 2006 |
All rights reserved
|
|
