Twam, Spam, thank you Mam

The button with an emblem of an antispam on the keyboard.Twitter is hot at the moment and is taking on a  profile and importance that is up there with Facebook, MySpace etc al.  So, it comes as no surprise at all, that the spammers have looked into how they can exploit it. We have grown used to, or is that weary of, email spam. The game then moved onto blogs and the fight against comment spam. Then it was our mobile ‘phones and the rise of SMS based spam. So, there is no surprise that spam has now made its way to micro-blogging, with the target being  Twitter. We now have to mark the arrival of ‘Twam’ and ‘Twammers’. Rich Stennion published an enlightening blog post describing his research into Twitter spam.

Now, the good news is that unlike email, that is open in nature, micro-blogging sites, such as Twitter, are closed. This means you can protect your updates and allows you to screen who will receive your updates. All you need do, is ensure that  in the ‘settings’ and ‘account’ tabs, that you check the ‘protect my updates’ box.

January 28, 2009 | Filed Under Security, Spam | Leave a Comment 

Can I be hacked – Yes, you Kanye!

kanyeIt has emerged that Kanye West, the rapper, record producer and singer has fallen victim to a hacker. It appears that his Twitter, MySpace, Gmail and other personal online accounts have been compromised. As if that was not bad enough, the people who compromised his accounts, then went onto make postings and spread malicious rumours.

He is quite rightly outraged, at the fact, that he has been hacked and also about the untrue rumours. In a very emotional blog posting, Kanye West outlines, that last week saw two of the best days of his life, then followed by probably his worst, when this hack was then uncovered.

It is unclear just how these accounts were compromised. However, given that all of personal accounts were compromised almost at once, you could presume that he was probably using the same password, or an easy to guess password that could be brute-forced. It further demonstrates the need to use different passwords for the sites you log into and also that they be complex passwords.  Password managers are becoming a necessity for life on-line, given the number of sites we have to use the value of the information we store use and collect. We implemented the Norton Identity Safe to help people avoid the pitfall that has visited Kanye this week. It allows users to easy store multiple passwords in one safe place, encourages them to make use of complex passwords and is convenient and simple to use.  So, the lesson is that you can keep your identity safe on line – Yes you Kanye!

January 28, 2009 | Filed Under Security | Leave a Comment 

Is that you out there?

httpIn using instant messaging and live chat type applications, it is implicit that you know the person who you are communicating with. Pretty, obvious you would say.  You know all of the people in your contact lists and you are ,no doubt, careful as to how you build your ‘buddy lists’.  Now, if for example, I could pretend to be one of your friends, or contacts, just how far could I take this as we communicate on-line?

Could I get you to give me money? I came across this interesting article. It basically shows how a hacker who manages to get access to personal information, could then trick you to offer up money. There is a transcript, of a real life example, of an IM exchange that provides a startling insight as to how this could work. Fortunately, for the person involved, the hacker made a mistake in answering a question and then the game was up.

Socially engineered exploits like this are a warning to all of us.  To stop this type of rouse, technology alone will not protect you. You need to be aware that this can happen and you need to made sure that your passwords are safe and secure and that the amount of personally identifiable information on you is limited and controlled – technology does have a role to play here.  So, just because that picture, or avatar, is what you would expect from your ‘friend’, that alone is not enough to identify them.  Maybe, we need to adopt the approach, popularly used in spy movies, when two contacts get together and some obscure code word or phrase is exchanged? Certainly, it would make for more fun at the start of IM sessions! This sort of authentication protocol, or process, is how computers establish a secure communication between themselves. Maybe, it is something we as users need to look at.

January 22, 2009 | Filed Under Identity theft, Security | Leave a Comment 

Play your part in a safe and secure inauguration

us-presedential-sealThe inauguration of Barack Obama is capturing the attention of the world.  What I have found interesting, in the run-up to the event itself, is the sheer size and scope of the preparations. Particularly, the security arrangements that are being taken. Preparations are being made to cover all eventualities. The roads in Washington have been closed, there will be tens of thousands of Police and Army personnel deployed, with snipers providing cover from the roof-tops along the parade route. That is not to mention, the helicopters and even fighter jets that will patrol the skies and  the patrol boats monitoring the waterways.  We all hope for a safe and peaceful event.

Now, I would also encourage you to take your own security precautions in the run up to and through, what is turning out to be, a world event. The Symantec Global Intelligence is detecting and picking up a surge of inauguration themed Spam. We have written about this here.

The tactic is the well- worn one of sensationalist email headings, with an embedded link, that takes you to a web site that ostensibly looks like an official Obama campaign web site. However, it is far from that. The web site will then automatically try and attack your web browser to surreptitiously install malicious software onto your machine.  Although, your machine maybe fully patched and therefore deflect this type of attack, the site hopes that your curiosity gets the better of you, and further hyperlinks on the site points to other malicious content.  We have detected the piece of piece of malicious software being used here under the name W32.waledac.  This particular piece of malware is capable of harvesting your machine for personal information, turning it into a spam zombie and also leaving a ‘back-door’, so that the hackers can come and go from your machine and use it at their will.

January 19, 2009 | Filed Under Events, Security, Uncategorized | Leave a Comment 

Blackberry: something bad could get into the ‘walled-garden’

trojanA security notice was issued for Blackberry Enterprise Server admins and users. This is interesting in itself, never mind the broader consideration of it being, another warning, of the potential growth of malware that is starting to target mobile platforms and devices.

RIM, the makers of Blackberry, is advising its users to install a new security update for their handsets. Blackberry, to date, has not had to endure too many security related issues or incidents. Blackberry, being a closed environment, has benefited from being able to more tightly control what gets to happen in it’s own back-yard.  The security flaw, is with respect to how Blackberry software might handle a PDF.  In effect, a PDF attached to an email, may then be used as a surrogate ‘trojan’ to then exploit a flaw in the PDF distiller. This can then lead  to either crashing the sustem or to allow remote code execution. There is nothing particular new in this attack method, or genre, more that Blackberry users could now fall victim to this approach. It would appear that, as of the time of writing, this exploit has not been seen in the ‘wild’.

January 15, 2009 | Filed Under Security | Leave a Comment