Friday, January 29, 2010

Blocking the most common type of spam

To Beat Spam, Turn Its Own Weapons Against It

Researchers from the International Computer Science Institute and the University of California, San Diego have developed a method for blocking the most common type of spam. The researchers employed a trick that spammers use to defeat email filters. Each spam message is generated from a template that specifies the message content and a slight variation used to bypass the filter.

The researchers analyzed the messages to reveal the template that created them, and since the template describes all the emails a bot will send, possessing it might provide a method of blocking all spam from that bot. After testing, the team was able to block spam from a specific bot with 100 percent accuracy.

In addition, the new system did not produce a single false positive in more than a million messages, says team member Andreas Pitsillidis. This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters.

Refer here to read more details.

Tuesday, January 26, 2010

Computer Network Terrorism - Biggest Challenge

Today's Threat: Computer Network Terrorism

The University of Haifa's Yaniv Levyatan says that cyberterrorism is just as much of a threat to today's governments as more conventional forms of terrorism.

"A fleet of fighter planes is not necessary to attack a power station; a keyboard is sufficient," Levyatan says. "And if you don’t have the skills, there are enough mercenary hackers who can do it for you." Among international hackers, there is a growing trend to threaten national infrastructures for ransom, he says.

Recently, most online fighting has focused on attempts to immobilize leading Web sites, but the next step is to target systems controlled by computer networks such as financial systems, power stations, hospitals, television broadcasts, and satellites, Levyatan says.

If someone still thinks that this is science fiction, Dr. Levyatan notes how just recently, in November 2009, Brazil’s electricity was blacked out for more than an hour. “It is still not clear what happened, but one assumption is that it was a cyber -terror attack,” he suggests, adding that in 2007 Estonia’s computer infrastructures were attacked, most likely by Russian hackers, bringing the country to a near standstill for about 48 hours.

The next stage is the attempt to cause damage to systems that are operated by computer networks, such as financial systems, power stations, hospitals, television broadcasts, and satellites. “A fleet of fighter planes is not necessary to attack a power station; a keyboard is sufficient. And if you don’t have the skills, there are enough mercenary hackers who can do it for you,” says Dr. Yaniv Levyatan.

Refer here to read more details.

Monday, January 25, 2010

498 incidents in the 2009 Data Breach Report

Year of the Hack: Review of 2009 Data Breaches

There were
62 data breaches involving financial institutions in 2009 - three of them occurring in the last month of the year.

These breaches represent only a portion of the total of 498 incidents compiled in the 2009 Data Breach Report compiled by the Identity Theft Resource Center (ITRC), based in San Diego, CA. But the largest of them, the Heartland Payment Systems breach, involved an estimated 130 million credit and debit card numbers taken, accounting for more than half of the 222 million records potentially taken in 2009.

The breakdown of the types of the breaches shows these numbers:

Insider Threat - 16;
Missing Paper Documents -15;
Skimming - 8;
Stolen or Missing Hardware - 8;
Outside Network Intrusions - 5;
Unknown Cause - 4;
Exposure of Data on Web - 4;
Accidental breach - 2.

For details on each of the 2009 data breaches, please refer here.

Saturday, January 23, 2010

New York Bank Suffers Online Breach

8300+ Customers Compromised by Hack

New York bank announced this week that more than 8,300 of its online banking customers had their log-in credentials stolen in a data breach that occurred last November.


The bank says it has notified the consumer reporting agencies (Experian, Trans Union and Equifax) of the incident, along with the Office of the Comptroller of the Currency, its primary regulator; the New York State Consumer Protection Board; the New York State Office of Cyber Security & Critical Infrastructure Coordination; and law enforcement agencies. It also sent letters to all affected customers on Monday.

The bank has also arranged for credit monitoring services for two years for impacted consumers. The business customers that were affected will receive Positive Pay service from the bank, or Deluxe Security Checks, with the bank paying for those services.

Additionally, the bank says it has taken a number of additional steps to minimize any possible effect of this incident on its customers. It says it immediately launched an aggressive investigation of the incident with assistance from outside experts in forensics.

Download the full press release from here.

Thursday, January 21, 2010

Risk of IE 0-day vulnerability - Don't Panic

IE Vulnerability: Going Out of Band

Roger Halbheer and Microsoft would like to ensure if everybody have notice that Microsoft have just released a Security Advisory 979352 – Going out of Band. Extract from his post:

Quoting the blog:

Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.

[…]

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

Symantec explains, "there's a hole in Internet Explorer which a cybercriminal can take advantage of by creating a malicious threat that targets anyone who is using the vulnerable browser and is not protected".

Linked to the attacks on Google, although those were of a more targeted nature than consumers will ever experience, the cyber crims have created a new Trojan that exploits the vulnerability, something that has led to the French and German governments and specially Australian Government advising not to use Internet Explorer.

Please follow the following recommendations:

1) Deploy the Security Update as soon as it is out
2) Upgrade to Internet Explorer 8 asap

Tuesday, January 19, 2010

Top-Five Facebook Scams

You Should Protect Yourself From hackers and spammers

As Facebook has grown in popularity, it has also become a primary target for hackers and spammers. An increasing number of Facebook users are having their accounts compromised. Each newly compromised account is then used by the hackers and scammers to propagate their scam further. You don’t need to be an idiot to have your account compromised. If you are caught off guard for a second, you may accidentally fall for one of these scams.
  1. IQ Quiz Adds

    While Facebook has spent the past year trying to cut down on the number of misleading advertisements on the site, the fact remains that a small percentage of users still get duped into purchasing services they don’t really want. The IQ Quiz Scam has become ubiquitous on the Facebook Platform, and those users who install applications can expect to see an advertisement for an IQ Quiz Scam at some point. In December one application was discovered in which developer was using spammy techniques to get new users to install their application and ultimately click on the IQ Quiz advertisements.

    As soon as you click on one of the ads, you’ll be brought to a site where you’re asked up to 10 questions which are relatively easy to answer. You will then be prompted to enter your phone number to view the results. Don’t enter your phone number! If you do, you will be charged upwards of $10 a week directly to your phone bill. While most phone companies are willing to refund you for your first purchase, they won’t do it after the first occurrence. That’s because the phone companies generate billions of dollars each year off of these types of transactions.

    If you want to protect yourself from IQ quiz scams, do not enter your phone number into any sites outside of Facebook.

  2. I’ve Been Robbed! Western Union Me Money!

    You’re browsing around Facebook and suddenly one of your friends IMs you to tell you that they’re stuck in another country; they’ve been robbed, don’t have a wallet, and need money to get out of the country. It’s a horrible situation but what are the odds that they found a computer to log on to in order to instant message you? Even worse, what are the odds that one of your friends who was travelling abroad got robbed and wasn’t able to find anybody to help them out?

    I’ve been with people who’ve lost their wallet abroad and needed to get money sent via Western Union, however if the person can get access to Facebook, they probably can access a phone. While you should always help out your friends, you can avoid being duped by international fraudsters by asking your friend to call you in order to wire the money. Unless your friend is in the middle of a jungle in the Congo, they should be able to call you.

    Most of the times in such incidents, it is a scammer who has stolen your friend’s account and is systematically going through and IMing each of their friends to try and get money wired to them. Don’t fall for it, try to talk to them on the phone before offering any help.

  3. Facebook Phishing Landing Pages

    One of the most common ways Facebook accounts get compromised is through simple phishing scams. The way it works is that a user’s account is compromised by a hacker and the hacker then uses that account to automatically post links on each of that user’s friends’ walls. Sometimes the system will send messages to the friends such as “Check out this funny video of you!” with a link that redirects to a page with a fake Facebook login page.

    It’s pretty straight forward, and it’s easy to avoid, however countless people have fallen for this scam. The easiest way to tell if it’s a scam is by looking at the URL of the page you land on. The best way to protect yourself is, anytime you see a Facebook login page, leave it and go to http://www.facebook.com in your browser. This way you can ensure you are logging in to the correct site.

  4. Koobface Worm That Automatically Hijacks Your Account

    Facebook has worked aggressively to prevent this worm, it still continues to spread rapidly. The scam is pretty straight forward. In this attack, a user will receive a message from what appears to be one of their friends. The message will say things like “Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments” and many others.

    Included in the message will be a link to a page which appears to be a YouTube video. If you click on the video, you will be prompted to “upgrade your Flash player now” and will ask to download a file which contains the Koobface worm. If you download and install the file, your computer will automatically log in to Facebook and send similar messages to your friends.

    The best way to avoid this scam is to avoid all links that are posted on your wall or in your inbox that are out of the ordinary. Also, never download a file / codecs after clicking on a link.

    To learn more about the Koobface worm, check out the information at the
    Kapersky Lab.

  5. Other Malware Applications And Links

    While we’ve attempted to highlight the primary scams, hackers and scammers are constantly evolving their strategies to steal passwords, and take over computers. The best thing to do is always be careful of strange links posted to your profile or messages sent to your inbox. While many of the scams on Facebook are harmless to your computer, it's still important to protect yourself against any viruses and worms.

    Some Facebook applications have used toolbars among other things to make money from their application. Some of these toolbars will significantly damage your computer.

The bottom line is: be on guard any time you see anything suspicious. If you do notice anything suspecious or happen to fall for a scam, make sure to immediately change your password. If you aren’t able to access your account because you were phished and your password was changed, fill out this form, which might help you get your account back.

Thursday, January 14, 2010

Smartphones will be the next prime target for the bad guys

BlackBerry Messenger Hoax is a sign of more to come for smartphones

Security software vendor McAfee is warning social networking fans -- particularly those who like to access their accounts and instant messaging applications through their smartphones -- that hackers will increasingly target them for a variety of scams and hoaxes as the popularity of these mobile devices continues to explode.

This week, McAfee Labs researchers debunk a new BlackBerry-borne hoax in a
blog posting by security researcher Oliver Devane.

The unsolicited message sent via BlackBerry Messenger (BBM), warns the user that his or her account will be hacked if the user accepts a new contact. Worse, it claims that if one of the user's existing contacts accepts this new contact, the user's account information will be hacked.


Monday, January 11, 2010

Top 10 Facebook and Twitter security stories of 2009

Social Networking Hacks

Facebook and Twitter was highly in news throughout 2009, and naturally the social networking sites became magnets for hacker attacks and sparked other types of privacy concerns. CIOs have expressed doubts about the social networking sites, and these stories show there is good reason to be worried. Here, in chronological order, are the top 10 security and privacy stories concerning Facebook and Twitter from the past year.

Jan. 6: Hackers hijack Obama's, Britney's Twitter accounts

Hackers gained control of more than 30 famous Twitter accounts, including those of Barack Obama, Britney Spears and Fox News. Twitter locked the accounts down quickly and restored control to their rightful owners, but not before the hacked accounts were used to send out nasty messages.

Twitter said the accounts were hacked into using the company's own internal support tools. The breach was considered serious enough that Twitter took the support tools offline until they were secured.

April 11: Twitter wrestles with multiple worm attacks

Worm attacks kept Twitter's security team busy for several days, as the site scrambled to identify infected accounts and delete rogue tweets. "Early on Saturday, April 11, the Mikeyy worm started to spread via Twitter posts by encouraging you to click on a link to a rival micro-blogging service StalkDaily.com," PC World reported. "As soon as you clicked on the link your account would be infected and begin to send out similar messages encouraging your followers to visit StalkDaily. Then your followers would become infected and the worm's infection rate would grow. You could also catch the worm by viewing infected profiles on Twitter.com."

Four attacks were launched between April 11 and 13, but no user account information was stolen.

May 18: Phishers, viruses target Facebook users

This headline could probably be written any day of any year, but we'll just pick a story from May, when identity thieves hit Facebook with phishing attacks designed to gain passwords for profit. Other examples from 2009: A password reset e-mail reported in October turns out to be a virus; again in October some hacked Facebook applications were leading users to fake antivirus programs; and in November hackers used a sexy photo of a woman to lure people to an attack Web site.

July 15: Twitter/Google Apps hack raises questions about cloud security

Twitter executives were victimized when a hacker obtained and distributed more than 300 confidential documents that concerned Twitter's business affairs and were stored on the hosted Google Apps service. Insufficient password strength seemed to be the root cause, and Twitter co-founder Biz Stone said Google was not to blame. The hacker reportedly also claimed to have compromised the Twitter accounts of co-founder Evan Williams, his wife and several employees. Williams denied this, but said his wife's e-mail account was compromised.

Aug. 4: High-profile organizations ban Facebook, Twitter

The U.S. Marine Corps formalized a ban on social networking sites such as Facebook and Twitter, saying "these Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries." The ban applies to Marine Corps networks, but does not prevent Marines from posting to social networks on their own time.

The Marines were not alone in taking such action. More than half of CIOs have completely prohibited use of social networks during company time, according to a Robert Half Technology survey of more than 1,400 CIOs from U.S. companies with at least 100 employees.

Aug. 6: Twitter victimized by distributed denial-of-service attack

Twitter was taken offline for two hours by a distributed denial-of-service attack, the first Twitter outage lasting longer than five minutes since June 16. Twitter continued to battle the distributed DoS attacks for several days, experiencing several more short outages. The same attack also targeted Facebook, but merely slowed the site down rather than taking it offline. The attack was reportedly politically motivated, and may have been related to the Russia-Georgia conflict. Politics may also have contributed to another Twitter outage on Dec. 18, in which a group called the "Iranian Cyber Army" claimed to take Twitter offline.

Aug. 14: Twitter used to manage botnet

A security researcher at Arbor Networks found that hackers were using Twitter to organize a botnet, the name given to a network of infected computers that does the bidding of bad guys who manage it.

"Botnet owners are continuously working on finding new ways of keeping their networks up and running, and Twitter seems to be the latest trick," the IDG News Service reported. "A now-suspended Twitter account was being used to post tweets that had links [to] new commands or executables to download and run, which would then be used by the botnet code on infected machines."

The account was suspended and investigated by Twitter's security team, but appeared to be one of a handful of similar malicious Twitter accounts.

Oct. 30: Facebook awarded $711 million in spammer case

Facebook used the legal system to fight back against a spammer who had gained access to user accounts, winning a judgment of $711 million against one Sanford Wallace. Wallace allegedly obtained login credentials for user accounts, and used those hijacked accounts to send spam that linked to phishing sites, sought to collect more Facebook account credentials, or linked to commercial Web sites that paid spammers for referrals.

"While we don't expect to receive the vast majority of the award, we hope that this will act as a continued deterrent against these criminals," Facebook said. Wallace may also face jail time.

Dec. 8: Facebook shuts down Beacon program, donates $9.5 million to settle lawsuit

Facebook found itself on the other side of the courtroom when plaintiffs filed a class action lawsuit alleging privacy violations in Facebook's Beacon program, which let third-party Web sites -- such as Blockbuster, Fandango and Overstock.com -- distribute "stories" about users to Facebook. Facebook did not admit to any wrongdoing, but ultimately agreed to shut the Beacon program down and donate $9.5 million to create a nonprofit foundation to promote online privacy, safety and security. The same week, Facebook also set up a new advisory board designed to improve user safety.

Dec. 9: Facebook unveils controversial new privacy settings

Facebook unveiled new privacy settings that it said were designed to give users more control over what information they share, but users reacted in anger after the overhaul led many to inadvertently expose content that was previously set to private.

"Great ? job. Now everyone who isn't even my friend can see my profile," one user complained.
Some of the problem came down to confusion over how to apply the new settings.


If used correctly, the settings do allow users to hide most of the content on their profiles. Still, the incident led to some negative attention for Facebook, and the site backtracked somewhat, making it easier for people to prevent others from seeing their friend lists. The story isn't over, as the Electronic Privacy Information Center has asked the Federal Trade Commission to investigate the changes in Facebook's privacy options.

These stories was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.


Friday, January 8, 2010

Sophisticated Banking Trojans

SQL injection attacks are increasing dramatically

A trojan is traditionally a piece of software that the user has been tricked into installing. Once on the PC, it becomes a back door, letting the criminals steal information like passwords. But through, SQL injection, the latest Trojans can be delivered to a PC from a legitimate website, without any action by the user. How?

Criminals usually inject a Java script redirector into a legitimate website. When a user visits that website, he is unknowingly redirected to the criminal's website, which locates a vulnerability in his browser that allows the download of the Trojan onto his PC.

SQL injection attacks have increased dramatically. According to IBM X-Force Trend and Risk Report, they were seeing a few thousand SQL injection attacks a day last year, whereas now they see hundreds of thousands of these attacks each day.

These Trojan attacks are a threat to more than just banks and their customers. That's because any corporate website vulnerable to SQL injection can become a carrier of Trojans than then infect everyone who visits it. If your website is compromised by an SQL injection attack, then you end up putting your customers at risk.

Wednesday, January 6, 2010

10 Fool-proof Predictions for the Internet in 2020

Researchers expect more users, sensors. But will the `net be more secure?

Network World offers 10 “surefire bets” about what the Internet will look like in 10 years.

They include:
  1. As computer scientists work to improve the Internet's design, the global network is expected to change dramatically over the next 10 years. The Internet currently has about 1.7 billion users, but the U.S. National Science Foundation (NSF) expects the Internet will have nearly 5 billion users by 2020

  2. The Internet also will be more geographically dispersed in 10 years, spreading to more developing regions.

  3. Ten years from now, the Internet will be a network of things, not computers. Today, the Internet has approximately 575 million host computers, but the NSF expects infrastructure sensors alone to surpass the number of host computers by several orders of magnitude

  4. The Internet also will carry more content. Cisco estimates that global Internet traffic will increase to about 44 exabytes per month by 2012.

  5. In 2020, the Internet will be wireless. In the second quarter of 2009, the number of mobile subscribers hit 257 million, representing an 85 percent increase year-over year for high-speed data networking technologies. By 2014, approximately 2.5 billion people will subscribe to some form of mobile broadband, according to Informa.

  6. More services will use cloud computing. The NSF is encouraging researchers to develop better ways to map users and information in a cloud-computing infrastructure.

  7. Ten years from now, the Internet also will be greener. Future Internet architecture needs to be more energy efficient, as the amount of energy used by the Internet doubled between 2000 and 2006, according to the Lawrence Berkeley National Laboratory.

  8. Network management will be more automated in 2020. The NSF is researching new network management tools for the future Internet, including automated reboot systems, self-diagnosis protocols, finer-grained data collection, and better event tracking.

  9. The Internet will not rely on constant connectivity. Researchers are studying communication techniques that can handle delays or easily forward information to different users.

  10. The Internet will attract more hackers, and computer scientists will work to make it more secure.
Refer here to read more on this research.

Monday, January 4, 2010

Almost 16 million use same password for every website

It can be very difficult remembering so many passwords these days but it is vital

The research found 46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website.

Some 29 per cent use variations of the same password, for example using days of the week or adding numbers to the end of a word. Memorable dates, children's names and mother's maiden names are each used by one in 10. One in five users sign in with their pet's name.

Users are advised to keep passwords secret but 40 per cent admit disclosing them to friends or family while two per cent say their former partner still has access to their accounts.

One in ten users have had an account hacked. Of these, 18 per cent had goods bought in their name, 12 per cent had money taken and five per cent had their identity stolen.

No sensible person would use the same key for their house, car and garage. In the same way, we shouldn't use the one password for everything. If possible people should use multiple passwords with a combination of letters and numbers, which should be difficult to crack.

An online fraudster who manages to find your single password will have the keys to your entire online life. They can then do everything to your accounts that you can. This could lead to money being stolen from bank accounts, fraudulent purchases via online shops or identity theft.