June 2011 - Posts
This 22 page in-depth report evaluates two popular mobile security solutions:
A Window Into Mobile Device Security
(Examining the security approaches employed in Apple’s iOS and Google’s Android)
QUOTE: The mass-adoption of both consumer and managed mobile devices in the enterprise has increased employee productivity but has also exposed the enterprise to new security risks. The latest mobile platforms were designed with security in mind—both teams of engineers attempted to build security features directly into the operating system to limit attacks from the outset.
However, as the paper discusses, while these security provisions raise the bar, they may be insufficient to protect the enterprise assets that regularly find their way onto devices. Finally, complicating the security picture is the fact that virtually all of today’s mobile devices operate in an ecosystem, much of it not controlled by the enterprise—they connect and synchronize out-of-the-box with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise’s control.
Trend Labs documents a new Android based malware attack where the phone can pass text messages in a stealth like manner from unauthorized users as if it were a "man in the middle". Infected users could incur higher future bills for these hidden text messages passing through their phone systems.
Android - Malware turns phone into a proxy relay device
QUOTE: I have seen Android malware delete and send SMS messages but this is the first time I saw an Android malware act as an SMS relay. My colleagues and I were recently able to analyze a sample of an Android malware that uses an infected device as a proxy for sending and receiving messages. Unlike most Android-specific threats we have recently seen, this one does not piggyback on legitimate Android apps. Once installed, it displays a blank window for a split second then immediately closes it.
This malware may be used for three particular reasons:
1. First, it can be used to abuse premium services. The malware author can command the backdoor to enroll the infected device in a specified premium service. The user will not have any idea that it has already been enrolled since the malware also deletes the SMS notifications for the said service.
2. Second, it can be used to spy on the targeted device. The malware author can set a specific number. Once an SMS message is received from that number, the SMS body is uploaded to its server.
3. Finally, it can be used as an SMS relay (like a proxy server for SMS messages). The malware author can send and receive SMS messages through the infected device.
The said malware is now detected as AndroidOS_CRUSEWIN.A. Trend Micro also offers protection for users of Android-based mobile devices via Trend Micro™ Mobile Security for Android.
It is preferrable to share vacation information and photos once you return from vacation, rather than sharing plans in advance. If you want to share with your closest friends, use email or the phone instead. While one might feel comfortable in sharing with friends, accounts may not be locked down to prevent access by the general public. Also, computers aid criminals in the 21st century and there are actually some who monitor and look for these situations.
Facebook - Dangers of posting Summer Vacation plans in advance
QUOTE: Facebook can be a dangerous place. You have a lot of very personal information on there. It can be a lot of fun but you have to be careful that you are not taken advantage of. Watch who is on your friend list there and how much information you give out. Not everyone is bad or out to hurt you. There are many good people on there.
The danger I am talking about is with spring and summer coming and vacations coming up. Watch how much information you post about going on vacation and leaving your place vacant. Last year there was many break ins. The people were using the information off of Facebook to break into your place.
In researching Facebook security issues, I discovered this new resource which shares new developments, best practices and security information
AllFaceBook.com - Best Practices and Security Information about Facebook
QUOTE: AllFacebook.com launched in 2007. AllFacebook.com aims to cover all issues pertaining to Facebook including new applications, general news, and analysis about the future of social media. We also welcome contributions from experts in social media, especially posts that provide advice on how to make the best use of Facebook.
Facebook has implemented a new enforcement system to shutdown spam posting broadcasts from applications. A number of Facebook applications have been disabled which manipulate member accounts and broadcast to all contacts.
Facebook Shuts A Large Number Of Applications For Spamming
QUOTE: Many Facebook application developers had their applications terminated by Facebook this week without any clear warning, according to All Facebook. Among those shut are Photo Effect, Social Interview, and Good Reads.
Facebook has, for some time, tried to find and block spam coming from applications to users' feeds and walls. In recent days, Facebook said in a statement to All Facebook, the amount of spam complaints from users had spiked. In response they turned on a new enforcement system which took user feedback heavily into account. "This resulted in a number of applications with high negative user feedback being disabled or having certain features disabled." Facebook created an appeal page where developers can plead their case.
Facebook and MySpace were rated as having good security. However highly locked down settings are required to achieve this. Users must alter settings beyond original defaults and exercise best practices while connected.
Zone Alarm evaluates security for 8 Social Networking sites
QUOTE: Deciding which social networking sites to avoid or use can be a challenge. Discovering what privacy settings they have, or don’t have, can be even more cumbersome. Here, we rank eight of the most popular social networking sites according to their privacy and look at some of the most famous security attacks from 2010.
Webmasters should ensure that secure web pages (https) avoid offering mixed content, as standard pages (http) could comprise security. Browsers are strengthening controls in the newer releases with beneficial warning messages. IE9 blocks these types of pages by default and the user must then decide whether to override this.
Web Development - The need to re-engineer insecure content on secure websites
QUOTE: Recently I noted that Google is strengthening the error messages and other protections in Chrome for when web sites mix HTTP with HTTPS content. I should have gone further. Microsoft is even more aggressive with Internet Explorer 9 and Firefox has some minimal protections. Safari is barely in the SSL game at all. The trend in browsers is clear. In the past you might have gotten away with mixed content and your users wouldn't notice, but that won't be the case for long.
Effective policies and standard conventions are always beneficial for an organization. They are especially required for difficult tasks like employee terminations where emotions may supercede good judgment. Companies should protect themselves defensively in these situations. In doing so, they also protect the employee from potential liability.
Best Practices - Corporate Termination Policies
QUOTE: It is important to have a policy for limiting access to corporate technical resources after an employee has been terminated. Some basic step include: disabling user account(s), changing or locking all the passwords the former employee had access to, disabling corporate e-mail access and locking down access to their personal workstation.
An email from HR using a pre-configured template to all key stakeholders with a mean of reporting back to HR, confirming the work has been completed, would help prevent this kind of malicious activity. Of course, the account(s) should be monitored to detect potential unauthorized access.
Please update any of the products noted below to ensure proper protection:
QUOTE: Apple has released Mac OS X v10.6.8 and Security Update 2011-004 addressing a total of 39 vulnerabilities in OS X 10.5.x and 10.6.x. Note that if OS X 10.7 Lion is released soon
Mac OS X Server 10.6, Mac OS X 10.4, Mac OS X Server 10.4, Mac OS X 10.6, Mac OS X Server 10.5, Mac OS X 10.5, Product Security, AirPort, Apple TV, iPhone, iPhoto, iPod touch, iTunes, QuickTime 7, Safari
Hopefully, our government agencies will be successful in this new campaign, designed to reduce and eventually eradicate Fake AV attacks
QUOTE: Department of Justice and the FBI announced “Operation Trident Tribunal,” a coordinated, international law enforcement action that disrupted the activities of two international cyber crime rings involved in the sale of scareware. The groups are believed responsible for victimizing more than one million computer users and causing more than $74 million in total losses.
How to spot scareware on your own computer:
- Scareware pop-ups may look like actual warnings from your system, but upon closer inspection, some elements aren’t fully functional. For instance, to appear authentic, you may see a list of reputable icons—like software companies or security publications—but you can’t click through to go to those actual sites.
- Scareware pop-ups are hard to close, even after clicking on the “Close” or “X” button.
- Fake antivirus products are designed to appear legitimate, with names such as Virus Shield, Antivirus, or VirusRemover.
An interesting and well done illustration related to the concept of BOTNETs and the associated dangers when infected.
McAfee - How my PC became a ZOMBIE
QUOTE: Even folks in the security industry–have a hard time explaining botnets (robot networks of infected computers) in a way that your Uncle Joe or Aunt Betty can understand. Is it really a big deal? Yes, it is. With the rapid growth in malware and bot infections we’re seeing, it’s important for everyone to get up to speed on this threat vector. So we got colorful and created an “infographic” that, we hope, nails the botnet lifecycle and economics just right–not too technical, not too simple.
McAfee - Full sized version of Botnets illustrated
Last week, Adobe released important security updates for Flash, Acrobat, and Shockwave as noted below. These should be promptly applied as applicable:
Adobe Releases Patches for in Numerous Products
QUOTE: Adobe released security patches for Acrobat, Adobe Reader, BlazeDS, ColdFusion, Flash Player, LiveCycle DataServices, LiveCycle ES, and Shockwave Player today. 13 vulnerabilities were patched in updates to most versions of Reader and Acrobat. Some of these are fixes to Flash vulnerabilities which apply to PDF readers because PDF files support Flash content. Many of the vulnerabilities are critical and can lead to remote code execution. PDFs are still a favorite vehicle for attack, so it's important to apply these updates as quickly as possible. A single critical vulnerability in all versions of the Flash Player was also patched. The Android update is not ready, but should be available by the end of the week. The Shockwave update addresses 24 vulnerabilities, all of which appear critical.
The ISC emphasizes the best practice of thoroughly checking security logs on a daily basis. Major security breaches and leakages of customer data continue to be reported. Discovering issues very early can greatly reduce the impacts associated with unauthrozied access.
Log files - are you reviewing yours?
QUOTE: Logs review should be a intrinsic routine performed by everyone, daily if possible. Whether it be a visual, line by line review* or by using grep, a simple batch script or a state-of-the-art security information and event management system ... This should be part of the working day process for all levels of support and security staff; drinking that morning coffee while flicking through the highlights of systems should be part of the job description.
Applying this security update will better protect your system.
Several key patches were released this month:
Microsoft - June 2011 Security release
More Posts Next page »