J. D. Fielder: Cybersecurity

Cybersecurity

30 September 2010

Leveraging the Science and Technology of Internet Mapping for Homeland Security

Another informative briefing from The Cooperative Association for Internet Data Analysis (CAIDA):

Leveraging the Science and Technology of Internet Mapping for Homeland Security

Presented at the DHS Cybersecurity PI Meeting at SRI Roslyn in September 2010.

Addressing (Inter)national Security Need: To develop and implement new measurement and data collection technologies and infrastructure to improve DHS' situational awareness and understanding of the structure, dynamics and vulnerabilities of the physical and logical topologies of the global Internet.

Posted by J.D. Fielder on 30 September 2010 at 15:43 in Cybersecurity, Information Technology, Infrastructure, Internet, Law | Permalink | Comments (0) | TrackBack (0)

29 September 2010

Video: Cybersecurity and Innovation in the Information Economy (Part I)

Part 1 of a 9-part series on YouTube, posted by usnistgov:

"As part of its initiative to ensure that the Internet continues to spawn growth and innovation, the U.S. Dept. of Commerce held a symposium on "Cybersecurity and Innovation in the Information Economy" on July 27, 2010 in Washington DC. This segment includes remarks by Patrick Gallagher who then introduces Gary Locke, the Secretary of Commece who provides some opening remarks about the importance of public-private sector cybersecurity Internet initiatives."

Posted by J.D. Fielder on 29 September 2010 at 17:36 in Cybersecurity, Information Technology, Infrastructure, Internet, Law, Malware, Research | Permalink | Comments (0) | TrackBack (0)

Link: McAfee Threat Center and Threat Information Library

Looks like a useful resource for you virus heads out there:

The McAfee Avert Labs Threat Library has detailed information on viruses, Trojans, hoaxes, vulnerabilities and Potentially Unwanted Programs, where they come from, how they infect your system, and how to mitigate or remediate them.

McAfee Threat Center and Threat Information Library

Posted by J.D. Fielder on 29 September 2010 at 05:32 in Cybersecurity, Featured Links, Malware, The Zombie Apocalypse | Permalink | Comments (0) | TrackBack (0)

17 August 2010

On the Facebook "Dislike Button" Scam

You've probably already seen this--but just in case:

CNN: Watch out for posts that look like this, he says: "I just got the Dislike button, so now I can dislike all of your dumb posts lol!!"

That statement on Facebook is typically followed with a link, Cluley writes, that takes people to a fake Facebook application.

Instead of installing a dislike button, Cluley says, the application uses a person's social network to continue spreading the fake program. CONTINUED

Indeed, this is similar to my previous post on "Lifejacking"

I rarely install FB apps, and while joining groups on FB used to be an amusing minor diversion, I no longer trust them thanks to the proliferation of malapps (hey-I think I just coined a new term!). I also dislike (pardon the pun) how interests are now linkable items and not plain vanilla text. I don't want to automatically hook up with others interested in, say, yellow-bellied marmots simply because I indicate and interest in yellow-bellied marmots on my profile.

But I digress--my broader argument here (and a common theme of mine) is to refrain from rashly trusting apps or groups, even if close friends link to them.

Posted by J.D. Fielder on 17 August 2010 at 18:12 in Cybersecurity, Malware, Online Behavior, Online Privacy, Social Networking | Permalink | Comments (0) | TrackBack (0)

13 August 2010

Photography and Geotagging: A Personal Risk?

Where have I been, you ask? On vacation in Oregon! Left on 28 July and returned 8 Aug, and visited Eugene, Yachats and Portland. Was a fantastic family trip.

The posts between 28 July and 8 Aug? I pre-posted them before I left. Just as I leave random lights on, park my second car outside, halt my mail, and hold my paper subscription, I try to avoid publicizing when we're away (I'm certainly not perfect, as I posted on Facebook occasionally from Oregon).

Thus, what a timely article to find this morning! From the NY Times:

"Security experts and privacy advocates have recently begun warning about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online." CONTINUED

Am I being a pessimist here? Perhaps... after all, as I like to say on the job, "hope and optimism have no place in geopolitical analysis." Information is raw data to some, and a useful tool for others--heck, I'm still bent out of shape that Google Street View took a picture of me drinking a beer outside a neighbor's house in Colorado (and no, I'm not posting it here!).

I'm sure whomever dreamed up geotagging had their heart in the right place. But now geotagging is actionable intel for certain... niche users.

My advice? Turn it off, unless you like leaving a trail behind you.

Posted by J.D. Fielder on 13 August 2010 at 02:26 in Cybersecurity, Online Privacy, Social Networking | Permalink | Comments (0) | TrackBack (0)

28 July 2010

PC World: Fake Femme Fatale Shows Social Network Risks

Classic social engineering--but Web 2.0 style:

PC World: Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking.

In a conversation with Computerworld, Thomas Ryan, co-founder of Provide Security, said he used a few photos to portray the fictional Sage on Facebook, LinkedIn and Twitter as an attractive, somewhat flirty cybergeek, with degrees from MIT and a prestigious prep school in New Hampshire. Then he established connections with some 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors.

The goal, said Ryan, was to determine how effective social networking sites can be in conducting covert intelligence-gathering activities. CONTINUED

Posted by J.D. Fielder on 28 July 2010 at 02:36 in Collaboration, Cybersecurity, Online Behavior, Online Privacy, Social Networking | Permalink | Comments (2) | TrackBack (0)

20 July 2010

Phishing: an Email Example

Recieved the following in my university email:

FROM: John Doe [john.doe@xxx.edu.au] (named changed to protect the fellow who probably has no idea his email's been hijacked)

Your mailbox quota has been exceeded the storage limit which is 20GB, You cannot send or receive mail when your mailbox reaches 20.9GB. You are currently running on 20.8GB You may not be able to send or receive new mail until you reduce your mailbox size.

To make more space available, Do click the link below;

http[NULL]://www.eformit.com/eform.aspx?and878712 (null added to render link unclickable. I don't advise removing the [NULL] and clicking out of curiosity...)

Failure to do so may result in the cancellation of your account. You must click the link above or the space will not be freed.

Click the link above for Help and more information.

Localhost

Looks legit, doesn't it? I'm sure some users are going to fall for this, too.

But a discerning eye will notice the email comes from outside the organization. Why would someone from an Australian university (.au) be sending this to the University of Iowa?

Who's John Doe, or Localhost for that matter? I know who most of the admins are, and this name doesn't ring a bell. The admins also have signature blocks identifying their office locations and phone numbers.

Also, admins typically ask for users to manually delete items. Why a script? Who/what is "eformit?" What is it supposed to do? It's also not a secure site.

The short lesson: don't take security messages for granted. Pay attention to who's sending it, where they're sending it from, and the type of file attached or linked. Be a pessimist, and when in doubt, contact your administrator! Better to take an extra moment's precaution then to potentially muck up your folders--or even your network--for hours.

Posted by J.D. Fielder on 20 July 2010 at 18:00 in Cybersecurity, Malware | Permalink | Comments (1) | TrackBack (0)

10 July 2010

CNET: Top June Malware Reports

Are your virus definitions up to date? I hope so...

From CNET: June proved to be another hot month for malware with by a surge in attacks by a password-stealing bot and the return of old nemesis Conficker, according to a report released Tuesday by security software maker Sunbelt.

Designed to ferret out cached passwords and log-in credentials for banking sites, "Trojan-Spy.Win32.Zbot.gen" was the second-most prevalent piece of malware detected by Sunbelt last month, up from the No. 5 spot in May. The top spot, grabbing more than a quarter of all detections, was held by "Trojan.Win32.Generic!BT," a generic form of malware with hundreds of variations and sometimes associated with scareware and rogue security software, noted Sunbelt.

The month also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following the path of the original Conficker, the new variant jumps on a weakness in Windows Server that allows code to be executed remotely when file sharing is turned on, according to Sunbelt. This strain also takes advantage of weak administrator passwords to disable certain Windows services and anti-malware protection. CONTINUED

Posted by J.D. Fielder on 10 July 2010 at 23:38 in Cybersecurity, Malware | Permalink | Comments (0) | TrackBack (0)

06 July 2010

Cold-call "Tech Support" Scam in Britain

How long before this scam crosses the pond?

Short lesson: as with email, don't trust any unknown tech support minion who calls out of the blue. I mean, think about it: how would Microsoft know what your phone number is?

PC Pro: They take mere hours to set up and they’re near impossible to shut down: a pernicious new type of scam is targeting British computer owners.

The con is both fiendishly clever and ridiculously simple. The fraudster cold-calls the customer and tells them that Microsoft has detected a virus on their PC, then invites them to download a piece of remote-assistance software. No doubt reassured by the lines of indecipherable code flitting across their screen, the caller assures the customer they can make the virus vanish – but first, of course, they want payment. £185 to be precise. CONTINUED

-

Posted by J.D. Fielder on 06 July 2010 at 21:52 in Cybersecurity, Malware | Permalink | Comments (0) | TrackBack (0)

25 June 2010

Facebook 'Likejacking' Scams

Retweeted this from danielkennedy74 this morning:

Facebook 'likejacking' spam scams continue: "The latest scam has appeared as a potentially funny web site. The site in question, which tempts Facebook users with a note in a friend’s news feed, claims to show the “15 worst construction mistakes EVER!” Users are greeted with a picture of two urinals placed precariously close to one another, and the instructions direct readers to click on the picture for more. Not only does clicking on the picture lead users to a journey down pop-up boulevard, but it automatically places a “like” note in that users own Facebook feed, with the intention of enticing that user’s friends to do the same." Continued at ZDNet (ironically, most of the article comments are spam messages).

Always did think those links looked fishy. It helps that I'm not big on joining FB groups (not for security reasons, but laziness).

Posted by J.D. Fielder on 25 June 2010 at 05:05 in Cybersecurity, Social Networking | Permalink | Comments (0) | TrackBack (0)

J. D. Fielder

Contacts

Connect

Archives