May 2011 - Posts

This is an interesting development and am hopeful they will be successful:

Apple advisory on "MacDefender" malware
http://isc.sans.org/diary.html?storyid=10918

QUOTE: Looks like Apple noticed that "MacDefender", a fake anti-virus tool that we covered earlier, is indeed starting to make inroads on the Mac user community. They have published an advisory today that describes how to "avoid" or "remove" the threat.

The advisory also states "In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware" which might turn out to be the first glimpse of an acknowledgment that yes, Macs can also have malware, and yes, Macs might even need a tool to remove malware.

Please avoid spammed messages features a new Facebook music player feature. This will compromise your Facebook account plus it may create malware infections on your PC as well.  Trend Labs warns of this new attack below:

Trend Labs - Facebook Spam Now Plays Your Favorite Music
http://blog.trendmicro.com/facebook-spam-now-plays-your-favorite-music/

QUOTE: Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site?  Unfortunately, spammers also find this cool. We recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature.

The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features.

Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read: “FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]“ All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.

A new version of EMET has been released with the following new features

Microsoft - New EMET version available
http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx

QUOTE:  The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making “current” exploitation techniques harder and less reliable. Users interested in finding out more about EMET can read more here.  Today’s release comes with some new features:

  • EMET is an officially-supported product through the online forum
  • “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
  • Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
  • Improved command line support for enterprise deployment and configuration
  • Ability to export/import EMET settings
  • Improved SEHOP (structured exception handler overwrite protection)  mitigation
  • Minor bug fixes

CERT has issued a recent warning to be careful with recent disasters and other news events.  These are often used to trick individuals into revealing sensitive information or accepting malware on their systems.

Mississippi Flooding Disaster - Scams and Malware attacks
http://www.us-cert.gov/current/index.html#mississippi_flooding_disaster_email_scams

QUOTE: Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

It is always important to verify URLs and a slightly mispelled version of MySpace could trick users into sharing the email, cell phone number, or other senstitive information.

Every day is a Birthday Party 
http://sunbeltblog.blogspot.com/2011/05/every-day-is-birthday-party-at.html

QUOTE: You'd have thought Myspace would have snapped up myspac(dot)com, but it seems to have scampered past them in the night like a small scampery thing that scampers. This site will bounce you through a whole bunch of different locations. When you hit that last one, the "Social Reward Center" tries to make you feel all bad about not taking part in their birthday celebrations. Did I say "birthday celebrations"? I sure did, because it's their sixth birthday!  You're then asked to hand over your mobile number and email address. Not sure I'll be signing up to this one anytime soon, especially as the Site Advisor user reviews are so positive.

Microsoft's CEO has officially announced a target of 2012 for Windows 8.

Ballmer: Windows 8 is Coming in 2012
http://www.cio.com/article/682792/Ballmer_Windows_8_is_Coming_in_2012

QUOTE:  Microsoft's (MSFT) next version of the Windows operating system, dubbed Windows 8, will debut in 2012, company CEO Steve Ballmer said Monday. Ballmer made the announcement in Tokyo, speaking to an audience of software developers.  Observers had been expecting the next version of Windows next year, but this is the first time that the company has officially confirmed the 2012 date.

Ballmer told the developers, "as we look forward to the next generation of Windows systems, which will come out next year, there's a whole lot more coming," according to a transcript of his speech posted to Microsoft's website.  "As we progress through the year, you ought to expect to hear a lot about Windows 8. Windows 8 slates, tablets, PCs, a variety of different form factors," he added.

A good resource with 3 pages of links

CIO Magazine - Complete Guide to Windows 7
http://www.cio.com/article/496464/Windows_7_Bible_Your_Complete_Guide_to_the_Latest_Version_of_Windows

QUOTE: From pricing questions and a rundown of interface features to upgrade concerns and challenges presented by the iPad, CIO.com's Windows 7 Complete Guide covers it all. Our guide delivers expert reviews, advice on planning and rollout, opinion pieces and news analysis on Microsoft's latest client operating system.

According to early reports, tablets and mobile devices will also be a focal point for this new operating system

Windows 8 Coming in At Least 4 Versions
http://www.cio.com/article/682543/Windows_8_Coming_in_At_Least_4_Versions

QUOTE: Microsoft will make at least four different versions of Windows 8 for devices with ARM processors, but you won't be running older Windows apps on any them, according to an Intel executive. Renee James, Intel's senior vice president and general manager of Software and Services Group, also reaffirmed that Windows running on ARM devices will be focused on tablets and other mobile devices, according to Bloomberg.

In the Account Settings, users can opt to get a special password code delivered in text to their mobile phone to strengthen login authentication.    You must register your mobile phone with Facebook for this feature.  This is documented below.

Facebook goes two-factor
http://isc.sans.org/diary/Facebook+goes+two-factor/10909
https://www.facebook.com/note.php?note_id=10150172618258920

QUOTE: Facebook is now offering a new feature called "Login Approvals".   I call it part-time two-factor authentication mechanism.  Andrew Song of Facebook states:  "Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer."  I have downgraded it to "part-time" because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list.  I clarify "browser" because you will be forced to re-auth from a different browser.

This article from the McAfee blogs highlights the danger associated with using shared Internet facilities in a library, hotel, restaurant, or executive lounge.  Some key points include:

* It's always important to LOGOFF all environments after checking email or other activity.

* Users should avoid sharing sensitive information

* Users should avoid e-commerce transactions

* In these less trusted settings, there are even dangers of keyloggers or wireless interception capabilities

* There are dangers in plugging portable media (USB devices) into public computers as they could be potentially infected

*  Finally, if you see that the last user is still logged on, please do them a favor and log them off  

Public Internet Facilities - Dangers in using shared devices
http://blogs.mcafee.com/mcafee-labs/the-dangers-of-shared-devices-and-exec-lounges

QUOTE: One of the perks of travel is access to Executive Lounges. One of the perks of Executive Lounges is that they often have VERY cool devices on display for the weary traveler to use. In one particular lounge I am currently in resides a very nifty Motorola XOOM:

I am kinda torn on the idea of shared devices. It’s great to have access to cool technology in a lounge or a store but you would kind of hope there would be SOME kind of protection or device management/lockdown going on. Who in their right mind would log into a wide open device and use it for their private email, twitter or Facebook use right? I think you guessed…. quite a few people.

This particular XOOM (and there were several in this lounge as well as at least one Motorola ATRIX) had what you would expect: Twitter, YouTube, FaceBook and such. All of these has multiple logins with the account data saved (which I will NOT show for obvious reasons) but in truth this was not what surprised me. Poking around I quickly noticed that I had full access to the main account that the device used.

Windows 8 is currently being developed by Microsoft.  Below are some of the possible forthcoming features:

TechTarget - A first glimpse at Windows 8
http://searchenterprisedesktop.techtarget.com/feature/A-first-glimpse-at-Windows-8

QUOTE: Windows 8 has been the topic of speculation for many months now, but as was the case with Windows 7, Microsoft is pretty tight-lipped about what's to come in the next version of its flagship operating system. However, early information has emerged over the past few weeks. 

Here's a rundown of exactly what we know at this point about Windows 8:

* Cross-platform operating system - Windows 8 will run not only on Intel chips, but also on ARM processors, which are popular in tablet devices, smaller netbooks and other portable devices.

* New (or improved) user interface - Microsoft has gone on to develop other interesting user interfaces (UIs) such as Kinect and the Windows Phone 7 operating system's Metro UI, which has also drawn positive reviews. Expect to see enhancements and flashes of those two UIs, along with iterative improvements that will be native to the final builds of Windows 8 as they become more mature.

* Will MinWin and a Hyper-V client hypervisor debut in Windows 8?

* Windows 8 getting a ribbon interface overhaul

* Internet Explorer 10 - Although Internet Explorer 9 was just released a couple of months ago, the IE team is hard at work on the next version of Microsoft's browser, one of the cornerstones of Windows 8. IE10 is expected to have increased support for the HTML 5 standard and enhanced compatibility for key Cascading Style Sheets and properties, such as gradients and a flexible box layout.

* A touch interface will also be included, since most features in Windows 8 will have multi-touch capability.

* Enhanced security - Each version of the Windows operating system has included improved protection from both local and remote attacks, and it looks like Windows 8 will be no exception.

* History Vault - Similar to Apple's Time Machine feature is Microsoft's History Vault. Apple introduced Time Machine in 2007 to enable its OS to automatically make copies of important data files at regular intervals and make them available for easy restoration.

* Operating system application store - Microsoft is following the example of the newer Mac App Store by making software purchases and downloads possible from directly within the Windows user interface.

* Additional features - the following minor features might grab end-user attention:

-- Quicker installation
-- Built-in PDF reader
-- Ability to mount ISO files directory to the file system
-- "Restore factory settings" function to revert to a clean slate
-- Integrating Microsoft Kinect directly with Windows (and not just Xbox)
-- Integration with Windows Live ID service

For now, Microsoft is still in the development stage with Windows 8, but the expected release date is rumored to be sometime next year.

 

Below are some interesting statistics related to Internet Explorer's SmartScreen protection:

SmartScreen Application Reputation in IE9
http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx

QUOTE: Through the SmartScreen Filter, IE has been effective at blocking socially engineered malware attacks and malicious downloads – IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. IE is still the only major production browser to offer this kind of protection from socially engineered malware. From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.

Originally, SmartScreen protection was URL-based. IE7 introduced protection from phishing attacks by integrating a cloud-based URL-reputation service. IE8 added another layer of protection, also based on URLs (or Web addresses), to protect users from sites that offered malicious downloads and used social engineering techniques (“Run this to watch movies for free, download this security software to clean your machine, or get great emoticons!”) to get users to download and run them. URL-based protection from socially engineered malware attacks is an important layer of defense for consumers today on the Web.

That said, IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded - this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation. When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision. Application Reputation also addresses a limitation present in all block-based approaches that happens at the beginning of new attacks, before a Web site or program has been identified as malicious.

Last week, Firefox 5b was installed and it is working well in early testing.  Currently, no extensions are being used as that is often a root cause for incompatibility issues. As with any beta version, only experienced professionals who can resolve technical issues should test this new product.

Mozilla delivers Firefox 5 beta on schedule
http://www.computerworld.com/s/article/9216923/Mozilla_delivers_Firefox_5_beta_on_schedule

QUOTE: As befits the more frequent release schedule that Mozilla staked out last month, Firefox 5 sports relatively few major changes. The two that Mozilla called out in a blog post Friday were support for the CSS (cascading style sheets) animation standard -- which has yet to win formal approval from the W3C (World Wide Web Consortium) standards group -- and the inclusion of a "channel switcher" that lets users flip between Firefox's three editions of Aurora, Beta and Release.

Google's Chrome and Apple's Safari already support CSS animations. Firefox 5 contains many more under-the-hood changes than Mozilla called out, however. The company listed 1,053 stability and other fixes in the detailed release notes accompanying the preview. Firefox 5's user interface is identical to its predecessor, Firefox 4, which launched two months ago.

Under the new Firefox development regime, Mozilla engineers will add features as they're completed, rather than hold them while all work on the next upgrade is completed. If a feature presents problems during testing -- say in the Aurora channel -- it will be yanked, then re-inserted into a later cycle after fixes have been applied.

From a security awareness perspective, these are indeed good and easy-to-follow guidelines for staying safe when using the Internet:

Internet Safety - Krebs’s 3 Basic Rules for Online Safety
http://krebsonsecurity.com/2011/05/krebss-3-basic-rules-for-online-safety/

QUOTE: Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.

1. “If you didn’t go looking for it, don’t install it!” A great many online threats rely on tricking the user into taking some action — whether it be clicking an email link or attachment, or installing a custom browser plugin or application.

2. “If you installed it, update it.” Yes, keeping the operating system current with the latest patches is important, but maintaining a secure computer also requires care and feeding for the applications that run on top of the operating system. Bad guys are constantly attacking flaws in widely-installed software products

3. “If you no longer need it, remove it.” Clutter is the nemesis of a speedy computer. Unfortunately, many computer makers ship machines with gobs of bloatware that most customers never use even once. For example, Java is a powerful program and Web browser plugin that most people have on their machines but seldom use (the bulky program also adds itself to the startup menu in Windows every time you update it). Meanwhile, attackers are constantly targeting systems with outdated versions of this software.

Technet offers some excellent security recommendations for protecting Windows 7 and Server 2008 environments

Windows 7 - Recommended Security Settings
http://technet.microsoft.com/en-us/library/hh125921(WS.10).aspx

QUOTE: This guide is a reference to the security settings in Windows Server 2008 R2 and Windows 7 that provide countermeasures for specific threats against the current versions of the operating systems.Many of the countermeasures that are described in this guide are not intended for specific computer roles in the companion guides, or in some cases, for any roles at all. These countermeasures help ensure compatibility, usability, manageability, availability, or performance. Generally, as security increases, functionality decreases, and vice versa. However, there are exceptions, and some security countermeasures actually help improve functionality.

More Posts Next page »