Mike's Mostly Tech blog

New Mac Trojan horse and Security tips from the NSA

There is a new Mac Trojan horse masquerades as virus scanner – read about that here . This is another example of social engineering – tricking users into making security mistakes.
Users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing this. Essentially this is ‘ransomware’. It requires payment to ‘stop’ the ‘infection’. AND the payment information is often then sold to other nefarious people.

Remember that NO operating system is immune to attack. And since every system is utilized by humans they remain the biggest weak link – humans that is.

Also in other security news the NSA has released some good advice and documents for better security practices with your home network, and Operating Systems (including Mac OSX).
Read about that here. [via PCMAG Security watch blog].

Nearly all of this contains information that I and other security people have been saying for years but is well worth reading.

Your iPhone Is Secretly Tracking Everywhere You’ve Been

I am not sure how many have heard about or actually even care.
But, this does sound scary as sh*t to me! It’s time that we as consumers have more choice on what information we choose to ‘share’ with providers and vendors. Things like this should be disclosed to consumers.

“Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronized.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.” [from here]

So if someone were to get a hold of either your phone or gain access to your computer they could find out where you go often, what time and how often.

If you want to actually see what is there you can (and should!) check out this open source freeware application.

Gizmodo.com has a super article on this too, check it out here.

Massive Data breach again – protect yourself

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as College Board students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.

The list of companies is HUGE! TiVo, JP Morgan Chase, Capital One Financial, US Bank, the Kroger grocery chain, teleshopping company HSN Inc., Verizon Communications Inc, Blackstone Group LP’s Hilton Hotels, Kraft Foods Inc, and AstraZeneca and more.
According to the reports only email addresses and name information was stolen. So you may just get an extra does of spam. But you can never be sure.

You can read more about it HERE and HERE.

Update Even more news here!

My advice is to reset your account passwords if you use any of these merchants and as always, use extremely strong passwords – preferably using applications like LastPass or KeePass to create super strong passwords and manage all your accounts information.

Either of these apps should be used by EVERYONE anyways. LastPass being the easiest for most.

Keep safe folks!

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Mac OS X Trojan catches Sophos’ eye

Two very recent article point out what most security people know and the rest should know – NO technology, especially computers connected to any network, are completely secure!

An article here points this out:

"It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share."

And from another one here:

"More than half of Americans believe that PCs are "very" or "extremely" vulnerable to cybercrime attacks, while only 20 percent say the same about Macs, according to this ESET survey.
(Credit: ESET)"

ESET released the results of a survey in November related to awareness of cybercrime in the U.S. The survey of more than 1,000 people found that while both PC and Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found. "Viruses are a diminishing percentage of what we’re seeing," said Randy Adams, director of technical education at ESET. "A lot of attacks have to do with social engineering and that kind of attack is platform agnostic."

Please folks, practice safe computing practices. I’ve written extensively on that so I won’t go into that here, just search my blog(s) for security items.

For those of you that are interested in an antivirus product for Mac Eset makes a fantastic one. You can check it out here.

By the way Eset’s products are top notch! If I were to buy a security solution it would be theirs.

Keep safe folks.

More Maleware in the wild ‘E-Card’

Hi folks just thought I’d pass this on.
The folks at Shadow Server have found this propagating.
There are loads of new security threats – many using tried and true vectors.
This one uses the ‘E-Card’ email route.
One that STILL somehow get people! Please NEVER, EVER, EVER open up these type of links!
They often look like this.

Microsoft also has information on this latest threat here:

http://blogs.technet.com/b/mmpc/archive/2010/12/31/unhappy-new-year.aspx

Please folks be careful and exercise caution when opening email or ‘clicking’ on links. and keep your systems up to date.

Electronic Pickpockets

This is some pretty scary stuff.

Many new credit cards carry an RFID chip for ‘fast pay/swipe pay’.

RFID stands for Radio-frequency identification. RFID is a technology that uses communication via electromagnetic waves to exchange data between a terminal and an electronic tag attached to an object, for the purpose of identification and tracking.

Here is a video showing a technique of stealing your information with out you even knowing it. Sadly this has been known for quite a while and not publicized much. I have seen many security related articles on this but I guess the public is just now being made more aware of it. And I think that is good. Be careful out there folks.

Another reason to use Firefox and Add-ons/Extensions

As I’ve previously written more than a few times I use Firefox as my primary Internet Browser because of extensive amount of add-ons and scripts available. This helps to make the browser a ‘super tool’ for me. With Firefox I can block unwanted adds and scripts, stop annoying ‘auto play’ music and videos, download just about any video, picture or file, FTP from within my browser, download/convert to PDF nearly any web page and many other cool and productive things.

Now I can add virus scanning files BEFORE I download files to that list.
The VTzilla Firefox extension adds a Scan with VirusTotal option to Firefox’s right-click context menu and file download dialog that allows you to scan any file for a virus before you commit to downloading it to your computer.

VirusTotal is a service that analyzes suspicious files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and web analysis toolbars.
It’s a brilliant web service that scans any file you send it against 42 of the best malware scanners available.

They now have an add-on for Firefox that let’s you scan via a simply ‘right-click’ on a file you intend to download.

Get Started

The first thing you must do is to install the add-on itself, you can do this by clicking on the following this link while visiting this site with Firefox.

Note: By default, VTzilla turns on a new toolbar in Firefox. To disable it, navigate to View -> Toolbars, then uncheck VirusTotal Toolbar.

After installing the component you will have to restart Firefox to start making use of it, below you can find some examples of use.

Scan suspicious links with VTzilla

Imagine you have logged into your Gmail account and you have received a suspicious email from your bank. The email is informing you about an unauthorized access to your account and is asking you to follow a link and provide your credentials to view the account access log.

Since you are a smart guy, you know that this mail is probably a phishing case. Even though you know that this is a scam, you are committed to help others, hence, you right click on the suspicious link and select the Scan with VirusTotal option from the context menu:

This will open a new tab in the same browser window, such tab will show the report for the requested URL scan. Note that the scanning process will also download the file/site of the target link, so do not forget to click on the View downloaded file analysis link.

Scan downloads before storing them

Let us suppose your good friend John Doe has sent you an email with a slide presentation. You know that very often these slides contain exploit code that will compromise your computer. When you click on the slide presentation in your webmail a download dialog appears, you are a cautious user, you therefore decide to scan the file first with VirusTotal:

Once you have checked the file, you will decide whether or not to download it to your PC.

Simple.

Warning!!: VirusTotal is not a substitute for any antivirus software installed in a PC, since it only scans individual files on demand. It does not offer permanent protection for users’ systems either.

Some simple privacy and security tips

Besides my many previous tips on keeping your Browsers(and plug-ins like Flash), Operating Systems, Anti-Virus/Anti-Spyware, and other productivity applications here are some other things you can do to help keep yourself even more secure and less likely to be ‘compromised’. Please read my previous articles on security and follow those tips first. The things here are some ways to ‘clear/delete’ temporary files that may contain sensitive information or possible a trojan/virus that is just ‘waiting’ to launch from a temporary location.

First

Every time I close my internet browser(s) (IE, Firefox, Opera etc.) I run CCleaner. Actually I run a ‘batch file’ that runs CCleaner and clears my network cache settings too. You can, and I recommend you do, simply run CCleaner every time you shut your browser. If you would like to use/create my batch file simply copy the information between the ‘start’ and ‘end’ into a text file and rename it with a .bat extension. Example copy the file into notepad and save the file with a name of clean.txt. Then rename the file clean.bat.

For XP

Start:

"C:\Program Files\CCleaner\CCleaner.exe" /AUTO
arp -d
nbtstat -R
ipconfig /flushdns
nbtstat -RR
ipconfig /registerdns

Finish

for Window 7

Start:

"C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO

arp -d
nbtstat -R
ipconfig /flushdns
nbtstat -RR
ipconfig /registerdns

Finish

Second

Some third-party programs can temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of the Windows virtual memory architecture, this information can be present in the paging file.

Although clearing the paging file is not a suitable substitute for physical security of a computer, you might want to do this to increase the security of data on a computer while Windows is not running.

   1. Start Registry Editor (Regedt32.exe).
   2. Change the data value of the ClearPageFileAtShutdown value in the following registry key to a value of 1:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
      If the value does not exist, add the following value:
      Value Name: ClearPageFileAtShutdown
      Value Type: REG_DWORD
      Value: 1

This change does not take effect until you restart the computer.

Hope this helps some of you.

Real Credit Score Answers

Identity theft is all over the TV adds, and internet these days. Making it seem as if everyone will be a victim whereby they lose all their money and have their credit completely ruined.

Truth is this will probably NOT happen to the vast majority of people EVER! Heck, my own brother had his messed up by an illegal alien not 20miles from his home – and the police could do nothing but tell him to ‘start watching’ his credit more and put fraud alerts on his accounts! It does happen, just not that often and the results can usually be resolved fairly easily – not quickly but easily.

Don’t get me wrong you should still be careful.

But remember your bank and credit card company already have some pretty strict identity theft protections in place already–they’re the ones who usually wind up footing the bill, after all. But beyond that there are some pretty simple steps that you can take yourself, such as getting your annual credit report, regularly checking your bank statements for odd charges.

But please don’t get suckered into things like ‘LifeLock’.

This March, LifeLock had to settle with the Federal Trade Commission for $12 million amidst charges that they were lying about what their services could do, mainly because they were. According to the chairman of the FTC, Jon Leibowitz, LifeLock’s protection "left enough holes that you could drive a truck through it,"

The sort of thing LifeLock protects you from is mainly people opening up new credit accounts, which is only 17 percent of existing identity theft. If someone used your identity to get medical care, a new job or even if they just took your credit card for a joyride, you wouldn’t hear a thing until the bank showed up to repossess your new car that you didn’t know you bought.

I admit, your credit score determines some rather important factors in your life, such as how easily you can get a loan, or buy a house. But it is not all that mystical and flowing. And it is very easy to get your current status and learn how to clean up your credit by yourself.

There are hundreds of companies offering to ‘give’ you a ‘free credit report’ if you sign up for their monthly service – usually at an incredibly high right (average of $15/mo).

The amazing thing is, you can get your credit report completely free at AnnualCreditReport.com. You can do this once a year, which may not sound like much, but your credit score really doesn’t change very rapidly. Right Here:

https://www.annualcreditreport.com/cra/index

This central site allows you to request a free credit file disclosure, commonly called a credit report, once every 12 months from each of the nationwide consumer credit reporting companies: Equifax, Experian and TransUnion.

Here is what they are about:

https://www.annualcreditreport.com/cra/helpabout

Ok let’s start.

Select your state and start the process. I am going to show most of the process and explain where you should take care to open the reports in a separate window for printing so you won’t ‘lose your place’ on the original web site.