Tag Archives: Facebook

April 17th updates

Updates to Anti-Social Media 

Brian Krebs: Deleted Facebook Cybercrime Groups Had 300,000 Members – “Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups … who flagrantly promoted a host of illicit activities on the social media network’s platform … The average age of these groups on Facebook’s platform was two years.”

Updates to Meltdown/Spectre and other chip-related resources

Note that this page’s name has now been changed to reflect the fact that it addresses a wider range of chip issues and news than Spectre and Meltdown, as witnessed by these links.

[News and general resources section]

Help Net Security: Rambus launches fully programmable secure processing core – “At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU.”

The Register: Microsoft has designed an Arm Linux IoT cloud chip… – “Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.”

Paul Ducklin for Sophos: Could an Intel chip flaw put your whole computer at risk? – “Well, the spectre of CIH is back in the news following a recent security advisory, numbered INTEL-SA-00087, from chip maker Intel.”

Updates to (new page) Internet of (not necessarily necessary) Things

  • National Cyber Security Centre: Advisory: Russian State-Sponsored
    Cyber Actors Targeting Network Infrastructure Devices
    “Since 2015, the US and UK Governments have received information from multiple sources including private and public sector cybersecurity research organisations and allies that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide. The US and UK Governments assess that cyber actors supported by the Russian government carried out this worldwide campaign. These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals.”
  • Commentary from Help Net Security: US, UK warn Russians hackers are compromising networking devices worldwide

Trend Micro: Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware – “What is the most common internet-of-things (IoT) device across network infrastructures, whether in homes or businesses? Answer: the router.”

Updates to Mac Virus

Security Research Labs: Mind the Gap – Uncovering the Android patch gap through binary-only patch analysis (HITB conference, April 13, 2018)

Commentary by Help Net: Your Android phone says it’s fully patched, but is it really?

E Hacking News: New malware strikes panic among B’luru bank customers – “The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts … The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders.

Kaspersky: GOOGLE PLAY BOOTS THREE MALICIOUS APPS FROM MARKETPLACE TIED TO APTs

 

David Harley

Advertisements

Would the last security guru to leave Facebook please turn out the lights?

Veteran (in the nicest possible way) security commentator Graham Cluley is no longer maintaining his Facebook page, saying: ‘For years I’ve been uncomfortable with Facebook, and called them out for their exploitation of a userbase which is mostly unaware of how their personal information is being exploited … Quitting Facebook is hard enough for many people, I don’t want to give anybody another reason to stay.’ In his article An apology to my Facebook followers he does, of course, point out all the other ways in which his opinions and advice (always worth reading) can be followed. 

And he has a point: while my own Facebook audience is much smaller and probably more specialized, I’m considering (again) doing the same thing. (Which would also have the advantage of reducing the number of places where I have to flag my own posts, he said selfishly.) But if the entire security community heads for the exit, that might not be a Good Thing for all the people who rarely use anything but Facebook and who might actually be benefiting occasionally from sound security comment published there. 

(And no, I’m absolutely not trying to say that Graham – or the rest of us – shouldn’t leave.)

David Harley

Resource updates: April 5th-7th 2018

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Only distantly related, but…

Updates to Specific Ransomware Families and Types

[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”

Updates to Mac Virus

 

David Harley

Resource updates 1st April 2018

Updates to Anti-Social Media 

Updates to Meltdown/Spectre – Related Resources

Updates to Mac Virus

[Android]

Virus Bulletin paper on ‘app collusion’

Sometimes Virus Bulletin publishes papers outside its normal yearly conference cycle, and they’re always worth reading: New paper: Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach.

It’s a follow up to this conference paper: VB2016 paper: Wild Android collusions. (Which I missed at the time – I don’t often get to conferences nowadays, though I did present at VB2017 – so I’m glad of the opportunity to catch up with it.)

David Harley

Resource updates March 29th 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

  • Security|DMA|Hacking: Total Meltdown? (Analysis of the Windows 7 Meltdown patch fiasco)

David Harley

Resource updates 28th March 2018

Updates to Anti-Social Media

Updates to Specific Ransomware Families and Types

Updates to Meltdown/Spectre – Related Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

iOS

Android

Updates to Chain Mail Check

New information/resource page: [anti-]social media

[This article is itself the first entry on the new page Anti-Social Media.]

Like many others, I’ve been at least partially assimilated by the social media Cookie Monster. Once upon a time I opened accounts on sites like Facebook and Twitter, so as to find out about their implications for security. (Like many others in the security profession, I suspect.) They also quickly became integrated into my armoury as a means of exchanging and disseminating information, whether it’s a matter of hard data or work-oriented PR. And when friends, colleagues and fellow musicians (some people, of course, are members of two or all three of those sets!) found me on those platforms, it would have been churlish not to have accepted invitations to link up there. (Besides, you can’t tell as much about Facebook’s workings, for instance, if you don’t actually have any Facebook friends…)

However, I’ve always borne in mind the wider implications of membership of such platforms (sociological, psychological, and security-specific), and have often written on those topics. (I’ll probably look back at some of those posts and see if any of them are worth flagging here.) But with the excitement over the Cambridge Analytica, it’s self-proclaimed success at social engineering, and its alleged misuse of data harvested from social media, I can’t help but notice that people who’ve previously expressed no interest in privacy and security have started to voice concern. So I’m going to use this page to flag some news and resources of interest. Starting with a minor deluge of advice from various quarters:

David Harley

VB Seminar 2010

I spoke at the VB 2010 Seminar in London on ways that Social Engineering can affect your business’ users.

During the talk, I used some links for demos (many thanks to my good friend Dave Marcus for originally showing me a few of these). For those that are interested, here are the links:

 

Andrew Lee
AVIEN CEO

You can’t always read Facebook on a train

When I saw an MSN article headed Facebook friendships ‘not real’, I was expecting something about lack of validation of Facebookers’ identities. Which is indeed an issue, though not a new one. “On the Internet, nobody knows you’re a dog.” Or, indeed, a wolf in sheep’s clothing.

But no… All this time we’ve been making a fuss about the lack of security and privacy on social network sites, it seems that we’ve been getting it wrong. The problem isn’t security at all.

According to a recent survey, most of us see our friends much more on Facebook than we do in person. Apparently, this becomes truer as you move up the age range. Well, I guess you have to meet your friends in order to get smashed with them.

Anna Richardson, described by MSN as a “Channel 4 presenter and relationship expert” apparently commented:

A Facebook friendship is a poor substitute for actually meeting up with a friend as you miss out on the personal engagement and real connection that you need to build a strong friendship.

It is difficult to make time for friends when juggling busy lives, but without making the effort, there’s a danger that precious friendships are becoming lost in the digital era.

Her advice is to log onto http://www.railcards.co.uk/, buy a railcard and… oh, wait a minute. You can apparently get taxis, finance, holidays, accommodation, broadband, car insurance and many other things at railcards.co.uk, but not railcards. I guess she (or more probably MSN – nice proofing, guys…) meant http://www.railcard.co.uk/, which offers a range of discounted passes for rail travel in the UK. OK, so I should login and buy a railcard (yes, Ken, I am eligible for a Senior Railcard: don’t rub it in…) at www.railcard.co.uk… oh, wait another minute. Isn’t that who commissioned the survey? Well there’s a coincidence….

So I get my railcard and wander down to the station, and get on a train at a reduced rate, and go and see my Facebook friends.

“I’d like a ticket please, to Western Australia, Pennsylvania, Bratislava, Florida, San Diego, the Philippines, Helsinki, Reykjavik, Chennai…”

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

With all the Buzz, some education is in order

So, the not very surprising news that Google has once again attempted to launch a social networking site – following its spectacularly unsuccessful 2004 launch of Orkut (no, unless you live in Brazil or India, you won’t have heard much about it either).

The new network, called “Buzz” integrates directly into the Gmail email client. To me this just opens up lots of new ways to exploit the users – although if you are using Gmail to do anything private or confidential, you already do need to have a brain check (more-so now the NSA will be ‘helping’ to secure it). It looks like Google want some of the big dollars that Facebook and Twitter make – and of course everything will be searchable and exploitable for ad companies to target.

All the fuss around social networking has  really highlighted to me the need for good security education – we’ve moved into a new world, one where children are growing up with social networking and mobile phones etc as an integral part of life. I can’t imagine how my parents ever managed without being able to contact me by phone, or being able to look up my status on Facebook, but somehow they did. Parents have a different problem today, one of how to preserve the privacy of their families and children while taking advantage of what these new technologies offer. The sad fact is that in many cases, the kids know much more about the technology than the parents, but neither the parents or the children understand the threats. I’m often called paranoid, but it’s my belief that in some ways you can’t be too careful; our privacy and therefore our rights to a private life for ourselves and our progeny are daily being eroded by the whim of government and the campaigning of large corporations. It’s therefore refreshing that the British government has got behind a new campaign to highlight the dangers of the online world; targeting children as young as five. While the campaign understandably does focus on protection from paedophiles, the advice has wider use, though sadly it doesn’t seem to stretch to take in malware issues.

While I’m encouraged that the government is finally doing something, I’d be much happier to see a comprehensive plan in place that focuses on education in schools where security is taught as a discipline along side all IT classes. We’re a long way from that, but I (and several others who blog here) will keep tilting at that particular windmill.

Andrew Lee
CEO, AVIEN & CTO K7 Computing