Archive | April 2013

Added Security for Twitter Users to Come Soon!

Two-Factor Authentication

From spam to ham, Twitter deals with a lot of security issues on a daily basis. What about viruses/malware? I’m sure, yes. But, more importantly: account security. What do Twitter users need? Security assurance!

Therefore, Twitter is developing and perfecting a two-factor authentication method that will allow Twitter to not only ask for a password, but also a different credential to be sure of who is accessing your account.

From recent issues with Twitter accounts being hacked, it is best to have this in place, before it happens to other high profile organizations. Some of the recent organizations hacked were high profile including the Associated Press‘s account, CBS 60 Minutes account, and the BBC’s account.

Expect a shift in all online high profile websites switching to two-factor authentication. Apparently, it is the go-to emergency security solution.

Advertisements

CISPA Bill Passed by Representatives Again – Trouble on the Horizon!

The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers.

Now, when CISPA was first passed, Senate said NO! Also, President Barack Obama has said that he’d veto the bill if it came through his office. Because of the different privacy issues, many advocates against this bill will fight it to the end.

This bill has been backed by bigwig business for a long period of time, almost since the beginning of the talks of this bill. Maybe it could be the big government contract ($$$) for these big businesses that seem attractive or maybe could be the fact that these business truly believe to end hackers’ abilities.

Will it completely stop hacker initiatives? Probably not. However, it would provide the ability to try to limit some of the bigger initiatives.

Government sectors of China, Russia, etc. are a bit of a cyberthreat to the United States, information access is what the US will need if it wants ahead of the game. Do you agree?

Of course the president of the US doesn’t want it passed if it violates the rights of citizens. But, in the end, realize that if money among other things, like personally-identifiable-information were to be stolen every year — and people would realize this, then people should have no problem with their data being accessible to US authorities rather than hackers.

The bright side would be, is if government authorities have access to your private data, it isn’t going to spread around like wildfire, unlike what’d happen if a hacker got a hold of it.

It’s easy to do an Internet search for lists of email addresses, and pull up loads upon loads of private email addresses that hackers posted in public to humiliate those that haven’t been smart enough to keep it secret.

Spammers and phishers, all the time, access your private information on Facebook, if you accidentally click the wrong link or follow a malicious email link – which asks you to ‘enter your Facebook username and password to continue.’

Some people argue that the government doesn’t care for internet users but rather cares for the money they’d get. Well, actually, if you think about it, the government is paying these big businesses to participate in the information sharing process, so the American people’s pocketbooks/wallets can be protected, and their own privacy.

Who else has protested this? Anonymous:

Even the Reddit co-founder is urging the US Government to NOT pass it.

What should be our take? You decide. My vote is neutral. I see this bill as a good thing in spots (because of potentially ending hacker initiatives and malware/virus threats), however, it poses a major privacy threat. For most advocates of privacy, I agree with them.

Your opinion matters too! Contact your local senator and let your voice be heard. It’s usually best to write a letter, which provides good results. Providing written documentation of a fair but firm protest is the best way to go.

Updated Details: Gozi Malware Back with More Money Stealing & Sophistication

It seems as if security firm, Trusteer, has identified a new variant of the Gozi financial malware. This one is more sophisticated and requires your attention. This new variant infects the Master Boot Record (MBR) on your computer — which is a boot sector software device that resides at the beginning of your hard drive that tells your computer how to boot up.

Just like TDL4, another MBR infector, this malware is hard to detect and remove. The main idea behind Gozi, though, is to wait for Internet Explorer to be launched on the victim’s machine, and malicious code is injected into the Process. This allows the malware to intercept web traffic, and inject its own code to webpages, misleading the user and collecting financial information (as well as social security numbers, birth dates, etc.).

Some speculate other developers have taken over, since apparently the main developer as well as accomplices were arrested not long ago. Looks like the new developers have a more sophisticated twist on the whole situation.

What’s different? The MBR rootkit component. This component makes the malware more sophisticated, because the removal of such threat can cause the computer to fail booting. The main problem at trying to fix infections in the MBR is that occasionally, the backup code that is placed in a different sector, is modified to not work when the infection locks in. This makes you have to keep it on the machine. However, it’s more effective to use private tools to help remove it.

One of the private tools, well sort of private, is the Kaspersky Rescue Disc. There are others that are available also, including TDSSKiller, which may or may not work out correctly.

If you need further help, we would love to assist. Please comment at any time!

Forty-Two (42) Whopping Security Holes Patched in Java

42 new security fixes are included for Oracle’s Java SE software. This new version with all security fixes included also includes a new feature to alert users of the dangers of running certain Java content.

Java 7 Update 21 was released yesterday (April 16, 2013) with all 42 bugs fixed. Most of the flaws are from exploits. Which means that visiting a hacked website can get you infected. Users running Java 6 are prompted to update to Java 7. However, Java 6 updates are still privately available (Update 45).

Anyway, the new update involves the introduction of newer security warnings as well as other message prompts. These are used for the web browsing environment to help users identify potentially risky content. See the image below for more information:

Java's New Security Warnings

Java’s new features have been pretty continuous when Oracle finally realized last year that Java was getting to be an extremely insecure plugin. Java’s not so bad when it’s running an out-of-browser application, like a program or game.

The new version, now available on Java.com will bring the current version to Java SE 7 Update 21 and Java SE 6 Update 45. It is recommended to unplug your browser from Java, at least the main one, and only use Java Runtime Environment (JRE) in a lesser-used browser. Whenever you need to use a site that required Java, use it on your rare browser, so that you don’t get tripped up by ads or other exploit sites that try to access Java on your main browser.

Additionally, make sure to occasionally clear the Java cache, which will help prevent old temporary files for Java from loading. It’ll make the Java experience a bit better. This may also help remediate issues, if a Java application doesn’t run.

Read more about Java exploit problems

Get totally protected now:
$20 OFF Kaspersky Internet Security 2016

Facebook Home complicated with security problems: better wait!

fbhome

Seems like Facebook Home, new launcher app for certain Android apps, will allow you to put updates from Facebook News Feed right onto your lock screen. While this brings Facebook to life for you, it isn’t exactly the safest. There are many reasons.

Let’s put it this way: adding a PIN code lock to your phone doesn’t keep people locked out of your Facebook account. People, even if they don’t access your phone, can still access the Facebook account on the lock screen, because the PIN code does not secure Facebook Home.

Maybe it’s a good idea to wait to use Facebook Home, so security features can be enhanced.

 

Do you have a phone enabled with Facebook Home and a PIN code? Let me know, comment below!

April Security Updates: Critically Patching Windows, Flash Player, and Shockwave Player

As usual for Patch Tuesday, many security updates were issued. I’m here to provide all the details for these critical updates. Not only did Windows get patched, but Adobe Flash and Shockwave Players did too.

Microsoft released a span of nine patch bundles, plugging security holes in Windows and other products. Separately, Adobe did its usual thing, and took part in Patch Tuesday as well for updates to Adobe Flash and Shockwave Players.

A cumulative update was made to Internet Explorer, which fixed two critical vulnerabilities present in almost all versions of Internet Explorer (in history). It should be noted that this includes IE 9 and 10.

There were many other updates for Windows worth noting.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

 

Other than that, Adobe brings an update to Adobe Flash Player for Windows and Mac to v. 11.7.700.169. Linux should be updated to 11.2.202.280. Android 4.x+: 11.1.115.54 and 2.x-3.x: 11.1.111.50.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own.

Shockwave Player should be updated as well to v. 12.0.0.122! For these updates, go to www.Adobe.com

You should be able to update to Adobe AIR, which will help secure your computer even further from vulnerability. If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Firefox 20 released, no more hanging plugins, 3 critical fixes

English: Firefox word mark. Correct clear spac...

Firefox 20 was just released yesterday, marking also the 15th anniversary. 3 critical,  11 total security fixes are in Ff 20. Also, new private browsing updates were made as well as the ability to close hanging plugins without the browser hanging.

Mozilla detailed the security fixes, which includes the critical and high risk categories:

Other than all that, there were more performance tweaks, as usual, as well as much improved HTML5 tools.

Mozilla is planning to fixes in Ff 21: known HTML5 video bug on being able to use copy actions, browsing and download history pairing, and function keys that don’t work when pressed. Other info on updates and issues, look here.

In Firefox, if you’re not automatically prompted to update, then do so as soon as possible by clicking the Firefox tab at the top left corner of the browser, hovering over Help >, click on About Firefox. You may also have to click Check for updates in the window that pops up. You should be patched.

Once you install Firefox, it will ask to restart your browser. Please allow it to do so, in order for it to finish updating and get you secure and well on your way in the dangers of the Internet.

Feel free to comment at any time.

%d bloggers like this: