IT Security Blog

‘Link Hack’ points MySpace users to malicious Phishing site

By

myspace.jpgTo think the attacks over the internet would end, users of MySpace have been hit by a termed “Link Hack” which was discovered and is being studied by Websense which found the hack to re-direct the parsing process from the MySpace profile page, to the malicious site them back to the said legit page. The hack allows malicious code to be attached to all aspects of the MySpace page (such as the View Pictures, View Profile and other such legitimate functions that are normally used on the social networking site but instead of doing the requested operation, the user is re-directed to another site which prompts the user to click the back button or try to figure out what the hell just happened with the malicious phishing site getting all the info it needs and the cycle continues again and again.

The hijack process comes in stages and all the while the misguided clicks always execute a piece of JavaScript which re-directs the user to a page that seems to be the MySpace site but actually isn’t. The problem has seemingly dropped traffic due to the shutting down by the phishing site. Websense has informed the MySpace people regarding the matter and they are surely taking action to provide measures to ensure the privacy (which may be next to impossible to such open sites) of their subscribers. Symantec has also raised the alarm and has released information that can help users avert the disclosure of personal information to the said phishing site. MySpace has also identified several individuals who might be involved in the attack and have suspended their accounts as they continue to investigate the actions of these errant users and what part they had with the attach on the social networking site.

OS Updates, Patches and Service Packs – What they’re not telling you (Part 2)

By

privacy.jpg
Some of these updates and patches are well publicized and known to media and IT circles while others are not. The real truth, not all users want to know the details of the several updates and patches that are being installed as long as they get to use the internet and other software without issues. This is a dangerous tightrope to walk for like the Facebook incidents and MySpace problems, and yes even Google (with their customer purchase tracking system which they took out of service as people took notice and were pissed they were being monitored as to shopping habits etc).

Even the most popular web search engines have come under fire when people took notice of their tracking systems and how that information is used to target them for advertising campaigns. The web is a true and proven signal of unparalleled freedom for it allows you to get information all with the press of a few buttons. But the battle begins at your desktop or laptop where the OS resides and is installed on making it the root of all possible problems. Yes, Attacks do come from the net but they are targeted at your home or office desktops using them as propagation tools to spread them all over the globe. Privacy and the right to know is quite battered on these fronts with many problems being discovered at every turn. People love intrigue and they will continue to scrutinize and criticize the work of others may they be friends or foes. On goes the OS wars and we are on the sidelines waiting to suffer all the fallout of their drive to be the first to release the most innovative and feature loaded software (with bugs and system crashes all bundled and included in the box, well till they release the respective fixes and patches to remedy them).

OS Updates, Patches and Service Packs – What they’re not telling you (Part 1)

By

autoup.jpg
Everybody on this earth who uses the internet has to begin with a device (PC, Laptop or Mobile Phone) that has a form of operating system that gives the machine (computer/device) the ability to function as it does. May it be from Microsoft (Windows XP or Vista), Apple (OS X Leopard and prior versions) or Linux-Based operating systems, all these programs get their fair share of patches and bug fixes that are essentially damage control measures that hopefully correct programming errors before they cause too much harm to the user and the computer they are installed on.

These patches and updates are available for free for most licensed users but for those who still use bootlegged software, well, they are a bit too difficult to get hold of for the move of OS manufacturers to install (sometimes without you even knowing it), validation tools that check via the internet if the copy of your OS is licensed and legit. These underground updates are not always so discreet for some do get out and are found by users, programmers and other people who rely heavily on their computers for their everyday existence. Some get blown out of proportion sending them into the headlines as unwanted and unauthorized processes that you get to see on CNN and the BBC.

Software development firms are businesses and they do try their best to keep ahead of the pack (competitors) when it comes to the complexity and capabilities of their products. The competitiveness goes as far as the early release of a product before all testing and real-world simulations have been completed opting for patches and updates to correct them well after the product has been released into the wild (for public use). Some problems associated with them are so critical that the developers are so ashamed to admit they overlooked them that they opt to update these files without the user’s knowledge (have you ever seen your OS getting updates from the web as you get to go on your coffee break, sometimes so discreetly you even fail to notice, returning to a computer that tells you your system has been updated and a restart is needed for them to take effect?)

New Email Scam

By

email3.jpgemail2.jpgemail1.jpg
A new twist into the old email scam books, the fraudulent scam that asks for money from unsuspecting friends and acquaintances listed in your address books. True, many have been victimized by the said ploy wherein people gain access to your address book and sending out email that solicits cash funds to be wired to a location somewhere around the world. The scam began in Africa when a journalist began receiving unexpected calls and email regarding his misfortune in the African continent where he was supposedly on vacation and stuck in a hotel without any cash funds or other form of identification.

The incident used Yahoo which the perpetrator has broken into and taken the liberty of obtaining all the names and email addresses contained in the popular email facility service’s files. These addresses were then sent fake email messages telling the unfortunate story of you getting into misfortune somewhere and that you are in dire need of cash which you are supposed to pay back as soon as you return from the said trip ending the ordeal. It is a fake emergency message though and there have been many reports of similar cases happening using all the email services around. How the thieves got into the address book getting the necessary information is still a mystery and the guy who reported it first (who happens to be in the journalism business) had to go through a long process of getting all the account information from yahoo through phone after a lengthy conversation to prove that he was actually who he claimed to be. So, people be alert for the said scam and be sure to verify all incidents with the senders as well as alert all members of the family and your friends of such crazy behavior.

Handhelds : Still the Biggest threat to Corporate Security

By

hh3.jpghh3.jpghh2.jpgEmployee’s love them, Network Administrators hate them, the advent of more function packed handheld devices have sparked a re-evaluation of the threat these small devices pose. Traditionally, networks were quite safe for to gain access to it you needed to be hooked up to the network, physically with a LAN cable. Now that the shift to wireless has become the network engineer’s best friend the network has surely been simplified and companies are switching to the new technology. Thy no longer needed wires and all existing computers are either replaced with ones that support Wi-Fi or bought individual dongles that allowed connection within the office. That was still an easy security agenda for they usually had a range of a couple of hundred feet.

Then came wireless internet hotspots which commercial developers started to put up to get more workers out of the office into their shops allowing them to work while, say having coffee. That’s where the problems began for the more office correspondence left the walls of the office, the more harder was it to secure. VPN’s were implemented that allowed a secure channel within existing networks making it a bit better. But that was still quite vulnerable to attack and security experts needed a better way of securing corporate data where-ever the user might be. Projections by business and security analysts estimate volume to increase to 100 million email transactions to and from outside the office locations that is still causing nightmares as the next step is found in the drive to secure this network without physical bounds.

[tags]Handheld Computing, Mobile Computing[/tags]

Disable that Shared Folder

By

Shared Folders

It would only be normal to find shared folders in the default setup of Windows operating systems. This can be easily seen once a person would go to the explorer option of his computer where shared folders are waiting to be accessed. This is automatically made for access if people connect to a network and would not set the security policies and accessibility on a restricted basis which only allows administrators to access them.

The importance of setting security levels to avoid such access to folders is important. Not al people are aware of the harmful things an unauthorized user may do once he gets the chance to intrude in another person’s workstation. Aside from probable back-ups, a person may lose the files contained in such folders if he is not careful. Hence it is best to do the precautionary measures before hand to avoid unwanted avoidable circumstances would ensue.

[tags]shared folders, security policy, network security[/tags]