9 total posts
Outlook.com gets anti-phishing and scam-deterrent support
Microsoft has given Outlook.com protection against phishing emails and scam sites with the introduction of two new security features.
Microsoft said on Tuesday Outlook.com now has support for the DMARC (domain-based message authentication, reporting & conformance) standard, which governs how email systems authenticate incoming messages. [Screenshot]
DMARC is already supported by Facebook, Paypal and LinkedIn, and aims to make it harder for individuals to deliver phishing or spam emails.
"Our DMARC implementation helps protect you by making it easier to visually identify mail from senders as legitimate, and helps keep spam and phishing messages from ever reaching your inbox. If a sender supports DMARC, we put a trusted sender logo next to their email indicating it is legitimate. The effect is cumulative; the more the email sending services that use DMARC, the broader the protection offered against phishing," Krish Vitadevara, Outlook.com's principal group program manager, wrote in a blog post on Monday.
The second security feature to be announced this week is support for extended validation (EV) certificates, which aim to prevent websites imitating or pretending to be other sites - for example, when a scammer puts up a fake version of a retailer's website.
Continued : http://www.zdnet.com/outlook-com-gets-extra-anti-phishing-and-scam-deterrent-support-7000008612/
Related: Outlook.com given security boost by Microsoft
Malicious QR codes pop up on traffic-heavy locations
QR codes - those matrix barcodes that you can now find almost anywhere - are very handy for directing users to specific sites by simply scanning them with their smartphones.
But the ease with which this technology works has made it also a favorite of malware peddlers and online crooks, which have taken to including QR codes that lead to malicious sites in spam emails.
They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic, The Register reports.
According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them.
Continued : http://www.net-security.org/secworld.php?id=14099
Kelihos Update Includes New TLD & USB Infection Capabilities
There's a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft's high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 using dynamic fast-flux techniques to avoid detection and further shutdowns.
As 2012 winds down, Kelihos is still going strong, now relying on double fast-flux domains to spread spam and malware. According to an analysis from a researcher at abuse.ch, Kelihos has also switched top-level domains, moving to .ru from .eu. More insidious, however, is that it now has the ability to spread via removable drives such as USB storage devices.
Once this latest update of Kelihos infects a computer, it connects with a .ru domain hosting its command and control looking for updates. The .ru domain is double fast-flux hosted, the researcher, who preferred to not be identified, said. Once an updated version of Kelihos is sent to the infected machine, it will infect any removable drives attached to the computer by exploiting the same vulnerability as Stuxnet. CVE-2010-2568 is a Windows Shell vulnerability that would give an attacker remote access via a malicious .LNK or .PIF shortcut file that is not properly handled by Windows Explorer during icon display. Malware exploiting this vulnerability and CVE-2010-2772 in Siemens WinCC SCADA systems was found in July 2010.
Continued : https://threatpost.com/en_us/blogs/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112
A Closer Look at Two Bigtime Botmasters
Over the past 18 months, I've published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. I've since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters.
n March 2011, KrebsOnSecurity featured never-before-published details about the financial accounts and nicknames used by the Rustock botmaster. That story was based on information leaked from SpamIt, a cybercrime business that paid spammers to promote rogue Internet pharmacies (think Viagra spam). In a follow-up post , I wrote that the Rustock botmaster's personal email account was tied to a domain name ger-mes.ru, which at one time featured a resume of a young man named Dmitri A. Sergeev.
New Research on GPS Reveals Major DoS Vulnerability
From Bitdefender's "HOTforSecurity" Blog:
In a world where global positioning is key in a wide range of critical operations such as missile launches, space missions, or rescue operations, attacks against the GPS system can have unforeseen consequences. In a joint paper, security researchers from the Carnegie Mellon University and GPS specialists from Coherent Navigation have described new attack mechanisms that can paralyze GPS devices and take them out of order.
Since the GPS positioning systems rely on radio waves to communicate with satellites, they are known to be vulnerable to jamming (by sending strong white noise to mask the satellite signal) or to spoofing (receiving forged signals that result in mapping a bogus location). New research however shows that sending specific signals can cause the GPS receiver to lock or malfunction, taking it completely out of business.
To achieve the denial of service condition, researchers spoofed the signal a satellite usually sends, but, rather than encoding the position of the satellite on the orbit, they made it look as if the satellite was located in the center of the Earth. The wrong satellite position caused an exception in the GPS software that leads to restarts. Since the distance between the satellite and the Earth rarely changes, the information becomes persistant in the device's memory, which results in endless reboots.
Continued : http://www.hotforsecurity.com/blog/new-research-on-gps-reveals-major-dos-vulnerability-4778.html
FTC Launches Investigations into Mobile Apps for Kids
The Federal Trade Commission on Monday said it's launching "non-public investigations" to determine if mobile application providers are violating federal laws by collecting information on children without their parents' permission.
That sample represents a fraction of the apps available. As of September 2012, when the survey was conducted, there were over 700,000 apps available in Apple's App Store -- a 40 percent increase since December 2011. Google Play also has some 700,000 apps available, which represents an 80 percent hike since early 2012.
Continued : https://threatpost.com/en_us/blogs/ftc-launches-investigations-mobile-apps-kids-121012
10 security stories that shaped 2012
"From a major malware attack on the Mac OS X to state-sponsored cyber-espionage attacks, IT security in 2012 will be remembered as the year that piqued the imagination."
At the end of last year, I wrote the The Top 10 Security Stories of 2011, an article that summarized 2011 in one word: "explosive." Back then, the biggest challenge was how to narrow down all the incidents, stories, facts, new trends and intriguing actors into just 10 top stories.
Based on the events and the actors who defined the top security stories of 2011, I made a number of predictions regarding 2012:
• The continued rise of hacktivist groups.
• The growth of Advanced Persistent Threat (APT) incidents
• The dawn of cyber-warfare and more powerful nation states jostling for dominance through cyber-espionage campaigns.
• Attacks on software and gaming developers such as Adobe, Microsoft, Oracle and Sony.
• More aggressive actions from law enforcement agencies against traditional cybercriminals.
• An explosion of Android threats.
• Attacks on Apple's Mac OS X platform.
How did these predictions work out? Let's take a look at the top 10 security incidents that shaped 2012...
Continued : http://www.zdnet.com/10-security-stories-that-shaped-2012-7000008576/
Vote ends on Facebook privacy changes, for good
"Apathetic users mean vote falls far short of forcing Facebook to keep old rules"
The vote, which ended Monday at 3 p.m. ET, showed 589,141 users opposed to the change and 79,731 in favor. At first glance, you'd think that means Facebook won't be able to move ahead. That's just not the case, though.
According to Facebook's standing rules, if more than 30% of all active registered users vote, the results are binding. If the voting turnout is less than 30%, the vote is nothing more than advisory. Since Facebook has more than 1 billion active users, more than 300 million people needed to vote for the decision to count.
As a result Facebook will be able to push through its policy change, which means users' comments will be less important and they'll no longer get a say on upcoming changes.
Continued : http://www.computerworld.com/s/article/9234561/Vote_ends_on_Facebook_privacy_changes_for_good