Helpful Computer News to keep your computer up and running. Provided by Beacon Technology Solutions LLC. Serving Metro Detroit.

Computers

Mac OS X backdoor Trojan, now in beta? | Naked Security

 

by Chester Wisniewski on February 26, 2011

It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share.

Mac OS X backdoor Trojan, now in beta? | Naked Security

Facebook ‘Instant personalization’ launches: How to disable it, and why | ZDNet

By Zack Whittaker | February 2, 2011, 11:18am PST

Summary

Facebook’s instant personalization feature becomes available today. But to avoid your data being handed over to partner websites, here’s a quick tip in how to disable the feature entirely.

 

Facebook ‘Instant personalization’ launches: How to disable it, and why | ZDNet

Wifi Hotspots No Longer Secure (FireSheep)

Unless they turn on WPA encryption and make you enter a simple password at a wireless hotspot (Like Starbucks, Biggby), it could happen to you. Firesheep makes session hijacking easy for the novice. So the chances of it happening to you are high. I just checked to see how many people downloaded FireSheep while I type this blog post. FireSheep has been downloaded 742,072 times. Now, how many of those are just toying with it to see how it works or testing it out live spying on people and ones using it to post bad things on someone’s Facebook or Twitter account?

More Info: Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

Tools to help:

  • Firefox This is needed for the plugins below. I highly suggest using Firefox while at a hotspot.
  • BlackSheep Will tell you if anyone is using it on the wireless network you are connected too.
  • HTTPS Everywhere This will ensure you are connected securely (HTTPS) on common sites.
  • Force-TLS This will force HTTPS, but you will have to manually add the websites. How To Configure.
  • Google Chrome plug-in: KB SSL Enforcer

VPN Services (VPN, or Virtual Private Networks creates a secure connection between your computer and the VPN server. This means your Internet traffic goes over the Wifi securely to this VPN server, then out on the Internet. Then the requests come back the same way. You do not need to worry about the above if you use one of these, but most are paid services or you need to setup the VPN connection to a home pc which you must leave on.

  • HotSpot Shield There is a free and paid version. Just remember to sign in to it when you are using a public Wifi hotspot. It works, a little slow and puts anoying ads at the top of websites. Besides their big ad, you have the websites and it takes alot of space and scrolling. (This is the only one I tested.)
  • TrustConnect A pay service I have not tried. Company is reputable.
  • WiTopia – Paid
  • HotSpotVPN – Paid
  • PacketiX.net – Free
  • UltraVPN – Free France VPN service.
  • CyberGhost – Free VPN service from Germany which routes you through a German IP. The free service is limited to 10GB traffic every month, which is more than enough for surfing on websites, chatting and email.
  • TorVPN – Free VPN access is restricted to 1GB per month and works on Windows, Mac, iPhone & iPad.
  • SecurityKISS – Free VPN Service
  • Your-Freedom – The free service lets you use it for 6 hours a day (up to 15 hours a week). Windows, Mac & Linux platforms are supported.
  • OpenVPN This one you setup to use your own PC as a VPN. No costs here and no potential privacy issues. Other downside, you leave your PC at home on all the time wasting electricity when you are not using it.

Podcast:

  • Security Now #272 Here Steve Gibson, well known in computer security, talk about it with Leo Laporte. Transcripts also available.

During the podcast, they were concerned about someone’s password could be changed on Facebook. Then the other said, no because you would have to know the current one before changing it. Well, I think it could happen and here is how:

  1. User Logs into Facebook or other social networking site.
  2. Someone uses FireSheep and are in.
  3. User logs into e-mail account.
  4. The same person uses Firesheep and are in.
  5. The bad person logs off of Facebook
  6. Requests a forgot password
  7. Waits for e-mail.
  8. Clicks on link to reset password in e-mail.
  9. Deletes the e-mail in hopes user does not see it.
  10. Continues on with resetting password.
  11. Logs back in to Facebook

Now the poor users Facebook account is stolen can now pretend to be that someone and / or demand ransom…

I tested the following services I have an account with to see if they support HTTPS.

Webmail with HTTPS:

  • Google Gmail – All the time.
  • Windows Live Hotmail – Off by default. Can login by typing HTTPS or turning it permanently on in the settings.

Webmail without HTTPS: I added S to HTTP and got error messages.

  • Comcast (The largest cable Internet provider in the US)
  • Yahoo Mail
  • AOL /AIM

Holy Zeus! Popular Botnet Rules As New Exploits Come Online – botnets/Vulnerabilities – DarkReading

 

Trusteer, AVG identify new botnets with different features, both built on Zeus technology

Aug 04, 2010 | 05:43 PM

By Tim Wilson
DarkReading

If there’s a "fashion trend" among botnet builders, Zeus is the new black — but its popularity is making many users and security professionals see red.

Zeus, a Trojan horse that spreads bots quickly, can be adapted for multiple purposes, is available in botnet-building kits, and serves as the platform for a growing number of botnets and sub-botnets that are being exploited across the globe, according to experts. In the past two days, researchers at Trusteer and AVG revealed details about two new instances of Zeus-based botnets, suggesting the Trojan is becoming more popular than ever.

Holy Zeus! Popular Botnet Rules As New Exploits Come Online – botnets/Vulnerabilities – DarkReading

Laptop theft can be reduced by turning off WiFi

02 March 2010
Credant Technologies, the endpoint data security specialist, has warned laptop users to turn off their WiFi signals when not in use to prevent the use of low-cost scanners tracking down the machines.
www.infosecurity-magazine.com/view/7750/laptop-theft-can-be-reduced-by-turning-off-wifi/

15 Major Reasons Businesses’ Security Gets Compromised

Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives

Posted by Adrian Kingsley-Hughes @ 10:04 am

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.

http://blogs.zdnet.com/hardware/?p=6655&tag=nl.e589

10 email scams to watch out for

Date: December 19th, 2009
Author: Debra Littlejohn Shinder

If it seems like you’re getting hit with more email scams than ever, you’re right. Deb Shinder explains what you and your users should watch out for to avoid being duped.
http://blogs.techrepublic.com.com/10things/?p=1227&tag=nl.e101

AP IMPACT: Framed for Child Porn _ by a PC Virus

AP IMPACT: PC owners caught with child porn loaded on their computers _ by a computer virus
By JORDAN ROBERTSON AP Technology Writer
November 8, 2009 (AP)
The Associated Press

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.
http://abcnews.go.com/Technology/wireStory?id=9028516

Malware Conceals Itself as Boss’s Letter

Trend Micro threat analysts found spammed messages that pretend to be a letter coming from the “boss”. It bears the subject “get back to my office for more details” and instructs users to read the attached ZIP file, which contains a letter. The ZIP attachment is, of course, not a letter but an .EXE file (info.exe) detected by Trend Micro as TROJ_CUTWAIL.GT.

Read more: http://blog.trendmicro.com/malware-conceals-itself-as-bosss-letter/#ixzz0Vkvmeie4