New Mac Scareware Variant

A new variant of scareware that targets Mac users, called MacGuard, has been detected, and this version does not require users to submit administrator passwords to install. Earlier versions of Mac scareware, which have gone by such names as Mac Defender, Mac Security and Mac Protector, all required administrator passwords. Users are at risk if they have set their Safari browsers to automatically open files designated as safe.

Apple has acknowledged the scareware issue and says it will release an update to detect and remove the malware. The company has already published an advisory with recommendations for removing the malware or avoiding infection.

See the story in the news at H-Online.com and InformationWeek.com.

Microsoft Fixes Hotmail Cross-Site Scripting Flaw

Microsoft has fixed a security issue in Hotmail that was being actively exploited to steal users’ messages and contact lists.  Attackers sent email messages to targets containing malicious scripts.  Computers become infected when recipients open or preview the message.  The embedded code uploaded messages and contact lists to remote servers. The attack was possible due to a cross-site scripting flaw which has been remedied.

According to the article by the Register: “It’s unclear how many Hotmail users may have been affected by the exploits and whether Microsoft has adequately warned users they may have been compromised. Microsoft spokesman Bryan Nairn wouldn’t say how many subscribers were targeted or when the patch was put in place.”

Can Social Media Cause You Harm?

When using such social media communication tools as Twitter or Facebook, we may not always think about who will be able to see our comments and posts. As far as we know, only our friends and followers can see them. But is this true?

In two recent articles on the Boston Globe I found several examples listed of when posts made to Facebook led to job termination or other problems with employers. The lesson it teaches is that what for you might be a mechanism for venting or sharing your working situation with your trusted friends, is for others a reason to see you as unsuitable in your job.

In a perfect world, our online conversations are protected by the privacy settings on Facebook and in some cases the First Amendment protects us as well, but common sense tells us that these “protections” are not iron-clad. The internet, and social media by design, is a public forum for conversations. A secret is not a secret if it is conveyed to more than one person.

Best rule of thumb: If you don’t want even one other person knowing about something you think or feel, it’s best not to use the Internet to share those feelings and thoughts.

Read the stories at Boston.com:
Facebook comments bring firing and a fight
Teacher fired over ‘friending’

I’ve Been Hacked! Now What?

In spite of all your precautions to protect your computer from a virus, somehow one got through. Pop up windows are appearing all over the place, you can’t launch some applications, your computer is sluggish, or it’s just generally not working as it should. What do you do now??

This article from About.com shares a set of steps to take to bring your machine back to its normal state without your files being destroyed. Below is a summary of the recovery steps mentioned:

1. Isolate your computer: Isolation prevents the hacker from continuing to wreak havoc by pulling files or personal information. Network access should be cut off by removing the cable or turning off the Wi-Fi.
   

   Important Note!!: This step isn’t mentioned in the article, but if your infected MIT work computer contains the personal information or financial information of anyone other than yourself, you will want to notify your supervisor and send an email to infoprotect@mit.edu before taking any of the following steps. The IT Security team will run forensics on the drive to find out if the malware was data-seeking and will attempt to determine if the data was accessed by a third party. They will re-image the drive and return the original drive back to you as soon as possible.

2. Shut down and remove the hard drive: If you don’t feel comfortable removing the drive, take the computer to a PC repair shop or the IS&T Help Desk. (An alternative to removing the drive would be to boot the machine off a Linux Live CD with virus detecting tools and the latest virus definitions on it.)
3. Scan the drive for infection and malware: Using a separate bootable drive, scan the drive using rootkit, virus and spyware detectors. They should be able to remove the malware from the file system.
4. Backup important files if you haven’t already: You’ll want to get all personal data off the drive. Copy photos, documents, media and other personal files to a DVD, CD or other clean hard drive.
5. Reinstall the hard drive: After verifying a successful backup of your files, you can put the drive back into the computer.
6. Completely wipe the old drive (repartition and reformat): You shouldn’t trust that the malware has been cleaned off entirely. Some damage to the file system might still exist. The only way to be sure is to clean the drive with a hard drive wipe utility to blank the drive. This may take a few hours to complete. The wiping process will overwrite every sector of the hard drive.
7. Reload the OS and trusted media: Use your original OS disks that came with your computer, do not use ones from unknown origin. When attaching the computer back to the network, the first thing you want to do is accept the updates and patches. Don’t install any software yet.
8. Reinstall virus protection software, and any other security software before loading any applications on the machine. Make sure your AV software is up to date and is accepting new virus definitions on a daily basis.
9. Scan the backup disks for viruses before copying the files back onto the computer. You can never be too careful, as your backup files might have become infected during a previous backup process.
10. Going forward, back up your files on a regular basis so that if this happens again, you won’t spend as much time reloading your system.

Google Has Fix for Android Vulnerability

Google is rolling out a fix for a vulnerability in the majority of Android phones that allows attackers to access and modify users’ Google contacts and calendar when they are being accessed over unsecured Wi-Fi networks. The flaw affects versions 2.3.3 and earlier of the Android platform, which is running on 99.7 percent of Android devices. The fix does not require action from users; it will be pushed out automatically.

Read the full story at PCWorld.com.

The Sony PlayStation Network Attack

As you may have heard in the news, last month the Sony PlayStation Network — the network that gives PS3 and PSP system owners access to games, movies, music and TV programs — experienced an unauthorized intrusion of its system, possibly exposing personal data and credit card information.

A criminal investigation is currently underway to find the perpetrators and determine if sensitive information was accessed or is being sold on the black market. The network currently has 77 million registered accounts.

Sony says that the credit card data was encrypted and did not include the 3-digit security codes, so it is unlikely the attackers can use the information in the database to their advantage. But discussions on hackers forums indicate that the attackers are selling the credit card data for $100,000, and are even offering to sell it back to Sony.

For those affected, in their Q&A post Sony encourages you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information. Sony will not contact you for this information. They recommend that you change your PlayStation Network and Qriocity password as soon as possible (network access has finally been restored for some users). If you used the old password in other places, you should change it there as well. As a good habit, it is always recommended to monitor your card’s account statements and your credit reports for any suspicious activity.

White House Reveals Cyber Security Plan

A cyber security plan proposed by the Obama administration aims to protect individual privacy, federal computer networks and elements of national critical infrastructure.  The proposal includes more stringent penalties for cyber criminals; mandatory data breach reporting for organizations; placing the responsibility for defending federal agency networks from attack in the hands of the Department of Homeland Security (DHS); and improving protection for elements of the country’s critical infrastructure.  It also would establish guidelines for the government to help companies that suffer cyber incidents, and for information sharing about threats among businesses and state and local governments.

[Article source: SANS.org]

Read the full story at InformationWeek.com.

Combatting Phishing Attacks

An article recently posted on TechRepublic.com states, “Plain and simple, phishing attacks work.” They depend on people not knowing how and when to do the right thing. So how does an organization, company or university make sure its employees understand what is required?

According to the same article, the answer is training. Employees should be consistently briefed on what would qualify as “suspicious” email and what to do with it. This keeps them informed and prevents them from getting comfortable with sloppy security practices, because with these social engineering attacks, the goal is to lure you into a false sense of comfort.

IS&T has always been consistent with its message about dubious emails: no one at MIT will ever ask you through email to reply with your personal information, much less ask for your user name and passwords, or to click on a link to update your user name and password for, for instance, your email account.

If you have not done so already, learn more about phishing attacks, examples of phishy emails that appear to be coming from MIT, and how to hone your skills for recognizing phishing emails with this Hermes article.

The 21st Century Quandary

Yesterday I noticed this paragraph in an article posted by NPR about how tools like Facebook, Twitter and Google are helping to connect holocaust survivors and fill in missing pieces in history. However some people don’t want to be reminded or found:

Case in point for a 21st-century quandary: The more we engage online, the less we can control what information we find, and what finds us. In the online world, your life is everywhere, all the time, a totally open book.

I thought this succinctly sums up the situation we’re faced with with the Internet and how personal privacy is in a much different place than it was pre-Internet.

See the full article at NPR.com.

May 2011 Microsoft Security Updates

On Tuesday, May 10, Microsoft plans to issue two security bulletins for Patch Tuesday, to address three vulnerabilities.

The bulletins will address a flaw in Windows, rated critical, and the other will address two flaws in PowerPoint, rated important.

Read the full May security bulletin.