Saturday, June 27, 2009
Along with these spamming e-mail campaigns, you will also need to be VERY careful when going to web sites on the topic of these deaths. Malicious web sites have popped up and the bad guys are using black hat search engine optimazation (SEO) to raise their malicious site's Google ranking so that their sites will come up in the top 10 web sites when you do a Google search. Only go to trusted sites if you are wanting to read more information on these current events.
Stay safe and have a FABULOUS weekend.
Saturday, June 20, 2009
First, here is the screen on Twitter showing who follows me. I see that this Ana Torres is following me. See the screen shot below.
So I clicked on the link on Ana's name. Here is what I saw.
Here you see that Ana states that if I want to see her pictures, I can click on the tinyurl listed above. So the curious guy that I am, I decided to check to see where that tinyurl led me to before actually going there. (Notice it says I must register first please, to see her pictures).
I did a preview of the tinyurl and found what the true url behind that tinyurl. I took that address and ran it through Trustedsource.org and found that the true web site behind the tinyurl is actually a porn site.
So be careful out there. Don't just click randomly on these url's trusting someone you do not know. In the next few days, Twitter will catch up with this follower of mine and they will be removed. So be aware that hot girls will not follow you if you are a computer security professional. LOL. Or any other type of Twitterer you are.
Have a great Sunday and stay safe.
The inaugural topic will be "What would a criminal hacker want with my PC?". Click here to read a post I made back in 2008. A common question I get asked is why do people write these malicious programs that infect the majority of the population. The answer is easy. It is all financial. Just think of that famous line from the movie "Jerry McGuire". SHOW ME THE MONEY!!!!
So if you are local to the Topeka Kansas area and would be interested in some great information, stay tuned. I'll be publishing more details in the coming weeks. I'll get it on the calendar and we'll see how this works.
Hope all are having a great weekend. Stay safe.
Thursday, June 18, 2009
So have you been one who has been presented with a window that tells you that your PC is full of malware including worms, trojans, and keyloggers, OH MY!
This happens sometimes when you web searches using Google and Yahoo. Other instances, you may browse to a web site and BAM! you get that same message about malware infestations on your PC.
This appears to be a message window but it is actually an Internet Explorer window. You should not click on any button or the X to close this window. In this specific case, the criminal attacker disabled the user from going to the Start Bar and right clicking on the IE window to close it. However, you can just bring up the Task Manager and under the Applications tab, close the Internet Explorer application from there. Any other clicking on this window will get your PC infected.
Stay safe out there and the weekend is almost upon us. Have a fabulous weekend!!
Have you signed up on a social networking site? If you have, you've joined literally millions of others who are on FaceBook, MySpace, LinkedIn, and Twitter just to name a few. If you've signed up for any of these networks, you have probably wondered if there are security risks involved in participating in them. There risks associated with them and they are all related in one way or another.
First, the one common thread in all social networking sites is that you can associate (network) with friends and family, or work associates and share information with them. There is an inherent trust built in that if I allow you to be in my network, I trust you that it is really you and if you post anything, I'm assuming that it is you. Criminal hackers take advantage of this trust that is built in and if they can steal your login credentials to your account, they can pose as you and send all the friends in your network a message with a link that leads to a malicious web site. If successful, your friend's PC will have malicious code installed on their PC and this allows the criminal hacker to continue to take advantage of others as this process is repeated over and over with each friend who clicks on the malicious link.
Another risk of these social networking sites is what you actually post on these sites. One of the things you can do is share pictures with family and friends. You need to think twice before publishing certain pictures. One rule of thumb you should remember before you post anything on any web site is not to post anything that you don't want everyone to see. Even if you have posted a picture as "private", there have been instances in the past where the actual site you post pictures to has vulnerability in their systems which allowed "private" pictures to be stolen.
When you sign up for these sites, you can fill out a profile of personal information that you should limit what is available. For instance, you can add your birthday and you may choose to only put the month and day and drop the year of your birthday. Your birth date is one personally identifiable piece of information used in many things and you may want to exclude sharing the year of your birth. It is also a good idea not to post your phone number or your full address.
This one is specific to Twitter. First, what is Twitter? Twitter is a micro blogging system that allows you to share your status with anyone who follows you. These are called "tweets". These tweets are limited to 140 characters. Some folks who use Twitter like to share links to web sites that give you more information on a topic. Since links to web sites can be long, they use services that take a long web address, and shorten it. There are services like Tiny URL that do this. Criminal attackers have hacked high profile accounts that include CNN, the Obama campaign, and celebrities such as Brittney Spears. With control of these accounts, they can then abuse the trust issue mentioned earlier in this article and send out malicious links.
What can you do to protect yourself? Here are a few things.
- Keep your home PC patched which includes Microsoft updates as well as Adobe, QuickTime, and iTunes, just to mention a few.
- Think twice before posting any picture. A good rule of thumb is not to post anything that you wouldn't want everyone to see.
- Limit what information you share in the profile section of social networking sites.
- Trust no one. If a friend sends you a link, treat it like you have been trained with phishing e-mails. Don't click on unsolicited links.
Saturday, June 13, 2009
I'm sure that computer security awareness was not a part of the clinic's budget. They probably didn't have much of a budget at all for that matter for computer security. This could have happened a couple of different ways. It could have been an e-mail that came in that had either malicious links or attachments that someone from the clinic clicked on. This would be my guess as to how this happened. Or, it could have been just casual browsing on a legitimate website that had been hacked and malicious code injected that redirected them to a site which attacked the computer.
This computer was probably not patched. Probably Adobe Reader was an older version, or Microsoft patches that were not up to date. It doesn't matter what the vulnerable application was, it happened and it sucks that an organization that does what the Sisters of Charity Marian Clinic does, has to suffer such a loss.
Hopefully they can find out who was behind this, but the chances are, the responsible parties are located in a country that we have no way of getting to them. Possibly and eastern European country like Romania, or possibly Russia, or China will be where they were located. Hopefully the clinic will take computer security much more serious now. Knowing Topeka, there aren't a whole lot of options for the clinic to get the education they need so they will probably turn to the Geek Squad (I really hope not).
I guess the lesson learned is if you are doing financial transactions on a PC, you really need to make sure that patches are up to date, the machine is scanned often, and don't rely on just anti-virus alone. There are other options for you that will help protect these assets so things like this won't happen again also.
Stay safe out there, and have a great rest of the weekend.
Tuesday, June 9, 2009
Have a great week!
Saturday, June 6, 2009
- Don't share passwords with anyone!
- Don't use the same password for multiple accounts.
- Don't rely on FaceBook to respond too quickly. Hacked accounts are common.
OK, well have a super fabulous Saturday night and to the rest of the weekend also. Stay safe out there.
Wednesday, June 3, 2009
Well, father Carl contacted rivals.com and confirmed that both Xavier and CJ were enrolled at KU and will be attending KU in the Fall. Of course some took this to be gospel and so the Henry's are probably not big Twitter fans.
This should be a lesson about social networking sites like Twitter, FaceBook, etc, that you really don't know who is behind those accounts. Take my advice, trust no one.
Be careful out there and stay safe.