Archive for the ‘Hackers’ Category

iPad Security Breach – At least 114,000 Owners Exposed!

Thursday, June 10th, 2010

new ipad

So you may have thought that the “lost” iPhone 4’s were a bit of an embarrassment for Apple.  How about having at least (these are the ones we know about) 114,000 iPad owners private information exposed?  This included celebrities, government officials (see below) and the Department of Defense! (see more below).

some emails

According to reports on Gawker the breach has exposed the email accounts and the chip ID’s of the early adopters of Apple’s new iPad.  Emails such as those of New York Time’s CEO Janet Robinson, Diane Sawyer of ABC News, Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel.  There were also a number of DARPA domain addresses which is the advanced research division of the Department of Defense.  One of those email addresses belonged to the highly respected William Eldredge who “commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force.”

DARPA emailsBreach Details: Who did it, and how

The group who did this call themselves Goatse Security who claim to be security experts/hackers looking for flaws so they can be closed and we know they have highlighted vulnerabilities in Firefox and Safari recently.

The group obtained its data through a script on AT&T’s website which was accessible to anyone on the internet (we understand this has now been removed).  They guessed some data, made a fake “iPad request” which allows iPad users to connect to the websites and then wrote a script to harvest this information.  They say that the script had been shared with other parties prior to AT&T closing it down so it is not known how many users were compromised.

Goatse also say they informed AT&T though AT&T claims a customer informed them.  I doubt the latter unless the customer was extremely computer savvy, or was informed by Goatse or a 3rd party with access to the script.

AT&T has confirmed the breach (and the closure) and is investigating the damage.

Apple on the other hand have made no comment.  This is unusual, as to be fair, they have no involvement and it wasn’t the iPad that was breached but the AT&T servers, but we would have thought they would have at least made a statement.

Some Ramifications

There are some serious ramifications here.  AT&T are playing it down saying it is only email addresses.  This time is was – but next time?  Also having an email address of some of these VIPs is worth a lot of money.  And having an email address can lead to much more (just ask the Twitter executives when their emails were all hacked – from one simple email address).  Then there is the DARPA emails.

Worse, AT&T still haven’t contacted customers about the breach!

The New York Times has sent an email to its staff to “turn off your access to the 3G network on your iPad until further notice” and we suggest you all do the same.

Finally, one last food for thought for Apple and AT&T.  If you force people to give you private information (and we are directing this at Apple who force you to buy an iPad with a credit card or other private information so they can monitor your account) then make sure you keep it safe!

We sincerely hope that the extra money AT&T is going to be making with its new 3G data plans will be spent on upgrading its security for iPad owners.

Images courtesy of Gawker.com

Tags: , , , , ,
Posted in AT&T, Hackers, Hardware, apple | No Comments »

Warning: Facebook Virus – “Don’t Laugh” – AND DON’T CLICK!!!

Friday, May 21st, 2010

A new malware attack is spreading via Facebook’s news feed.  A number of Twitter users are reporting this virus.

The attack will show up on your news feed starting with the phrase “try not to laugh xD,” followed by this link (do NOT click go to this link): “http://www.fbhole.com/omg/allow.php?s=a&r=72306″

The attack, which appears to repost your message without your permission uses an old trick, often seen with fake anti spyware/anti virus messages. Once you click the link it will pop up the windows message and grey out the Facebook page.  If you click ANYWHERE (not just the OK button), you will repost the link because your click will land on a moving iframe with very low opacity. By clicking on it you are actually clicking the “publish” button on Facebook.  The best thing to do in this situation is to close your browser without clicking on the page.  If you cannot do that then restart your computer.

We checked the root page of the site (www.fbhole.com) and it only contains the phrase “My Facebook” and a link to a non existent profile.

We have seen similar attacks before and have also written a blog previously about avoiding malware on social networks. If you have seen this or other similar attacks recently, please let us know in the comments so others may be aware.

Tags: , , , ,
Posted in Hackers, Social Networking | No Comments »

Microsoft To Release Out of Band Security Update to Internet Explorer

Monday, March 29th, 2010

Tomorrow Microsoft will be releasing an Out Of Band Security Update for their Internet Explorer web browser.  This will fix the recently disclosed Zero-Day flaw.

From their site announcing the update they say it addresses …

… a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers.

We also recommend users upgrade to IE 8 or use another browser such as Google Chrome which is proving the be the most secure of them all so far.

Tags: , ,
Posted in Hackers, Microsoft, Software | 8 Comments »

If the Mac ads on TV are to be believed then why was the iPhone and Safari first to be hacked?

Monday, March 29th, 2010

If you watch the Mac ad’s and listen to all the Mac users you would think that Windows is the only system that can get viruses and be hacked.  We have always advised Mac users to be careful but they scoff at us.  Yes we are mainly a Windows based network, because our customers are mainly Windows based.  But we have Mac’s, Linux and other systems (including the new Google OS).  But with all of those systems we are never complicit about security and vulnerability.

At last weeks pwnToOwn competition in Vancouver the fully patched iPhone was hacked very quickly and all the SMS database was collected along with all the text messages.  Now if I was an iPhone user I would be very wary.  Second to fall in the competition was the Safari browser on a Mac.  Admittedly Internet Explorer was next and lastly Firefox, but they were not as fast as the iPhone and Mac.

Interestingly enough our preferred browser Google Chrome was not hacked.  This does not mean it is 100% safe but it does mean it will not be so easy to get past and will therefore not be as much of a target.  And as far as we are aware the Google Android was not hacked either.

It should also be noted that Linux and its offspring Ubuntu were not there this year and neither was Opera.  The organizers are quoting lack of market share but we suspect that no one was willing to sponsor a prize for them.

So all you iPhone and Mac users – please take notice that you are not safe and at least take care of where you visit and what you open.  At least Windows users are aware of the possible attacks for the most part and try to stay safe!  Somehow I can’t see the Mac ad’s reporting this competition’s results – can you?

Tags: , , , ,
Posted in Hackers | 4 Comments »

What Spammers Don’t Want You To Know About Blocking Their Emails!

Wednesday, December 23rd, 2009

Warning: Spam e-mails are not only annoying and time consuming, but they’re also becoming more dangerous to your personal privacy and the security of your computer. Millions of computer users are getting infected, spoofed, and tricked by spam e-mails every year, forcing the user to pay hefty fees to clean and restore their PCs back to working order.

There are 3 NEW dangers that all computer users must be aware of:

1. An increase in hijacked and spoofed e-mail addresses. Spammers have discovered new ways to make it appear as though their spam e-mail is coming from YOUR computer. This could result in having your Internet connection terminated or put on hold by your ISP – all without your knowledge. That is why good spam blocking software will not only block inbound spam from your inbox, but also unauthorized outbound spam from your serves.

2. An increase in viruse-carrying spam. Accidentally open a spam e-mail carrying a nasty virus and you can end up with big problems ranging from the slowing of your system to more serious threats such as system crashes, data loss, identity theft, redirecting your web browser to porn sites, and more.

3. Phishing spam. A phishing e-mail appears to be a legitimate e-mail from a bank, vendor, friend, or other trusted source. The purpose is to trick you into giving confidential information such as bank accounts, social security numbers, passwords, and credit card information. You’ve probably already received a PayPal or bank spam e-mail that said your account was going to be closed unless you verified your information. It then directs you to a very convincing web site where you input certain information the spammer is trying to glean. In reality, this is a malicious third party that is going to use your information to open credit card accounts, access your account, steal money, and cause you other major identity and financial problems.

So what can we do about this?

First and foremost, it’s absolutely critical that you get a quality spam blocking software installed as a first line of defense. New government regulations haven’t done a single thing towards preventing or stopping spammers so the responsibility lies on your shoulders.

Next, you want to make sure you don’t throw yourself under the bus by getting on a spammers list in the first place. Once you’re on a spammer’s list, it’s impossible to get off; and changing your e-mail address can be a major inconvenience especially if you rely on it to stay in touch with important business and personal contacts.

To reduce the chances of your e-mail address getting on a spammer’s list, here are 5 simple preventative measures you can take that will go a long way in keeping not-so-delicious spam out of your in-box.

1. Use a disposable e-mail address.

If you buy products online or occasionally subscribe to web sites that interest you, chances are you’re going to get spammed.

To avoid your main e-mail address from ending up on their broadcast list, set up a free Internet e-mail address with Hotmail, Gmail, Yahoo or Juno etc. and use it when buying or opting in to online newsletters. You can also use a throwaway e-mail address when making purchases or subscribing to newsletters (see #4 below).

2. Pay attention to check boxes that automatically opt you in.

Whenever you subscribe to a web site or make a purchase online, be very watchful of small, pre-checked boxes that say, “Yes! I want to receive offers from third party companies.”

If you do not un-check the box to opt-out, your e-mail address can (and will) be sold to every online advertiser.  To avoid this from happening, simply take a closer look at every online form you fill out.

3. Don’t post your main e-mail address on your web site, web forums, or newsgroups.

Spammers have special programs that can glean e-mail addresses from web sites without your permission. If you are posting to a web forum or newsgroup, use your disposable e-mail address instead of your main e-mail address.

If you want to post an e-mail address on your home page, use “info@” and have all replies forwarded to a folder in your in-box that won’t interfere with your main address.

4. Create throwaway e-mail accounts.

If you own a web domain, all mail going to an address at your domain is probably set up to come directly to you by default.  For example, an e-mail addressed to anything@yourdomain.com will be delivered to your in-box.

This is a great way to fight spam without missing out on important e-mails you want to get. The next time you sign up for a newsletter, use the title of the web site in your e-mail address. For example, if the web site is titled “www.greatwidgets.com,” enter “greatwidgets@yourdomain.com” as your e-mail address. If you get spammed, look at what address the spam was sent to.

If greatwidgets@yourdomain.com shows up as the original recipient, you know the source since that e-mail address was unique to that web site. Now you can easily stop the spam by making any e-mail sent to that address bounce back to the sender.

5. Don’t open, reply to or try to opt-out of obvious spam e-mails.

Opening, replying to, or even clicking a bogus opt-out link in an obvious spam e-mail signals that your e-mail address is active, and more spam will follow.

The only time it is safe to click on the opt-out link or reply to the e-mail is when the message was sent from a company you know or do business with (for example, a company that you purchase from or a newsletter you subscribed to).

Have a safe and happy holiday!

Tags: , ,
Posted in Best Practices, Hackers | 2 Comments »

Malware on Facebook and Twitter – Some Best Practices To Avoid It

Monday, November 2nd, 2009

With the ever growing popularity of social networking sites like FaceBook and Twitter, it was inevitable that hackers would devise ways to exploit the sites’ numerous users in order to infect their computers. This malware is designed to do a number of things to your computer ranging from identity theft to turning it into their remotely controlled machine which they will “lease” for others to use.

Without up to date anti-virus and malware protection programs installed, social networking users can easily become prey to these ever resourceful attacks. While no computer is really safe, the best way to avoid becoming a victim yourself is to know what is out there and the type of things you should avoid, or at least be ware of. The following are some of the best practices you should use on Facebook, Twitter and other social networking sites (such as MySpace, Bebo etc.).

Avoid Malicious Links

The easiest way for a hacker to infect your machine is for you to do the work for him. This is by posting malicious links to Twitter or your Facebook wall. In the past, these links were fairly easily identified as the had a phrase, followed by a url (link). However, security researchers at Kaspersky Lab are telling use that these easy to identify messages are not so common any more. It is much harder to spot malicious links thanks to two newer methods that are described below:

Method 1: Hijacking Twitter’s Trending Topics

This first technique started to become popular in August of this year. This involves the hackers creating new Twitter accounts and then using the Trending Topics (in Twitter you can mark a post with a topic by using the # in front of it – e.g. #hacking would be a topic about hacking. The tweets with the most of these topics are called trending topics and appear on your Twitter sidebar). This allowed the post to be aggregated in the search results making it more likely users would click on the topic and hence the included link, taking them to the infected website.

Method 2: Hijacking Legitimate Accounts

This second method involves hackers taking over peoples accounts. The main way to do this is by phishing methods where they get a user to unknowingly give them their username and password to their Facebook or Twitter account. They hacker then has control over the account and can post as if they were the account owner sending out links to infected sites. The account owners Twitter followers or Facebook friends would see the link and think it was safe as they trusted their friend – not realizing the account has been compromised.

Email Links

Still around today is the problem of infected email links. Most users are wise to these emails and spam mails, however hackers fake emails from Facebook and Twitter and send them to users to asked them to update their account or open attachments. Again these are designed to phish for account information to take over (as in method 2 above) or to infect you with a link. Although many people are now aware of these types of emails, we still see so many of these techniques in the wild, it is clear they must still be working.

So How To Stay Safe – Some Best Practices

As we said before there are no fool-proof ways to stay safe, but by following these best practices you will reduce your chances of an infection:

  1. Don’t assume a link is “safe” just because a friend sent it: As pointed out in method 2 above, your friend’s account may be infected or has been taken over by a hacker. You should never assume a link from anyone is safe just because they tweeted it or posted it to your wall. Try and use some common sense. If it sounds like something they wouldn’t normally send you or say in the message then be wary and don’t click. If you are unsure then try to contact them through other means (email, phone call) and ask them if it is legit.
  2. Don’t assume Twitter links are safe just because Twitter is screening for malware: In August, Twitter teamed up with Google to use Google’s Safe Browsing API, a technology that checks links against Google’s Blacklist. This prevents spammers posting malicious links but does not stop them using link shorteners (such as tinyurl.com) which direct users to the same malicious websites. It is better than no protection at all but be very wary of shortened urls.
  3. Don’t assume Bit.ly links are safe either: Bit.ly is Twitters default url shortening service and earlier this year they began warning users of malware. They also use Google’s Safe Browsing API along with two other blacklists to identify malicious url. The service does NOT prevent users from posting the malicious links, however it does warn you when you click one of the shortened links that the site being linked to is infected. However this is not 100% effective and Kaspersky have identified a number of malicious links that Bit.ly did not block. However, you can assume that Bit.ly is safer than other url shortening services because it is using this technology and it appears that hackers are avoiding this service because of the built in protection.
  4. Use an Up-To-Date Web Browser:We recommend using the latest version of your preferred web browser and keeping it updated. For Internet Explorer that means Version 8, and as this is the most popular target for attacks (just because it is the most used browser) you must keep it up to date from Microsoft Update. Firefox is currently the second most attacked browser and it has a self updating feature – make sure you keep it on. Google Chrome is our preferred browser and it also has a self updating feature as well as “sandboxing” (restricted access to your pc) plugins. This means if an attacker was to exploit the browser and run some malicious code it would be isolated to this sandbox and cannot infect the entire machine. Opera and Safari are also good browsers and should be kept updated.
  5. Keep Windows Up to Date also: As always, we recommend keeping windows up to date with the latest patches from Microsoft. Automatic updates should be turned on (unless you are using a service such as our support service where we maintain the patch, browser and virus updates for you).
  6. “I use a Mac so I am safe!” – WRONG! While it is true the Mac users are less targeted than Windows users they are not immune to malware, despite what the TV ads say. Although Apple have added some malware protection in their latest software it only protects against TWO Trojans! According to Kaspersky there are currently a couple of hundred trojans designed to target the Mac specifically. In fact they believe there may be as many as a thousand but there are unable to identify them all as most Mac users do not have anti-virus software, which is where most of the data is collected from. Hackers are getting so industrious now, when a user goes to an infected website the hacker can tell whether they are using Windows or a Mac and change the Trojan accordingly. The only way to tell if your Mac is not infected is by running anti-malware but most Mac users won’t do this because they believe the commercials saying they are not at risk.
  7. Keep Adobe Reader and Flash Up To Date: Currently Adobe Reader and Flash are the two most targeted programs by hackers. A major exploit was recently uncovered and Adobe had to rush out an update to fix some very serious flaws. Other methods of attacks is to send you to an infected website and the prompt you to update your flash or reader. Never do this as you will be downloading malware. Always update from the Adobe website or using the build in update mechanisms in these programs.
  8. Be wary of emails saying they are from social sites: It is very easy for a hacker to spoof an email from Facebook or Twitter. As with all emails, you should never open any attachments or click on any links, especially those which tell you to update your account or to login to carry out some action. If you do click a link and it takes you to a site (especially one that looks like the real site) and it asks you to update or login – DON’T DO IT! You will be handing over your password to hackers who would then start posting links to entice your friends to the infected site also. You should always access sites by typing the link in the address bar in the browser or by adding sites to your favorites and clicking those links.

Hackers are always trying to keep one step ahead

As we have shown you there are many ways to protect yourself, but hackers are always trying to find new ways to trick you. Keep alert, follow ALL of the best practices we have outlined, not just one or two. Don’t assume anything is safe and if in doubt then don’t click the link or open the attachment. The same practices work for normal web sites (especially banks) but it gets harder when social networking sites are involved as you trust your friends and these links appear to come from them.

Stay Safe!

Posted in Best Practices, Business, Hackers, Social Networking | 4,255 Comments »