IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
A blog from V3.co.uk

« January 2010 | Main | March 2010 »

Twitter attacks snare senior politicians

The Secretary for Energy and Climate Change, Ed Miliband, and Dunfermline and West Fife MP Willie Rennie are among the large number of Twitter users that have been snared by the latest Twitter phishing attack.

The two politicians sent their followers corrupt links, along with a message that reads:

"Hhey, i've been having better sex and longer with this here."

Miliband was quick to respond to the scam earlier today. "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam," he tweeted.

He then used the publicity to his advantage. "Now I've got your attention - I want your ideas for the manifesto," he wrote.

According to STV News, Rennie's Twitter account was linked to all his social networking accounts and so the message was sent to thousands of his followers.

Rennie told the broadcaster that he assumed most of his followers would know the link is a scam and not a genuine tweet. Unlike Miliband, he has chosen not to post any Tweets about the scam in his feed.

Graham Cluley from security firm Sophos warned that unless Miliband has "a strong and different password for every web site" he uses, he may have allowed hackers to access other more sensitive accounts. "Basically, his entire online life could be handed over to hackers," he wrote.

The news of the phishing scam comes as the Lord Chancellor is reportedly investigating fake Twitter accounts that have been set up for all of the Merseyside and NorthWest MPs.

February 26, 2010 | | Comments (0)

What to do when your social networking account gets hacked

Security-as-a-service firm ScanSafe, now part of the Cisco fold, has decided to share some advice on what users should do if they fall victim to a phishing scam pushed out via social networking sites.

Phishing scams are becoming increasingly popular via social networking sites, as they try to tap the implicit trust users have in their friends' or followers' messages.

By hacking users' accounts, sending out messages to their friends and using social engineering techniques to get them to click on malicious links in these messages, cyber criminals have been able to harvest a rich bounty of user credentials - many of which can then be exploited on other sites such as online banking.

According to ScanSafe senior security researcher Mary Landesman, there should be an ABC of proper etiquette after suffering one of these scams: acknowledge the attack to anyone affected; be detailed in telling them what might have happened as a result; use the attack as an opportunity to caution friends/followers in case it happens again.

If sending out an apology to their followers after their account has been hacked and malicious messages sent out, users should never stick another link in the message, she advised.

"Using as few words as possible, try to include enough details about the message sent so folks can identify it, ended with a brief 'I'm sorry'," said Landesman.

Another best practice tip Landesman gave was that when sending legitimate links, users steer clear of generic messages, which are usually used by cyber criminals.

"Get in the habit of including some identifying info so that the recipient can tell that the human you really did intend to send it," she said. "For example, instead of sending 'check out this funny video', always include more specifics like, 'funny video - reminds me of that crazy guy we saw on the beach in the Bahamas.'

"If enough folks adopted this habit, it would become much easier to distinguish the really generic messages as being likely phishing/malware attacks."

All good advice, although some stronger content filtering technology from the likes of Twitter would also help matters no doubt.

February 23, 2010 | | Comments (0)

Webroot says that Web 2.0 terrifies businesses

New research from Webroot tells us that enterprises are deeply concerned about the impact that social networking has on their security.

In a new blog posting the security firm released the results of research conducted with 800 IT professionals in the UK, UK and Australia, in which it found that over three quarters of them think that Web 2.0 malware will be the biggest issue they face this year.

"Eighty per cent of those who responded anticipate Web 2.0-based malware threats will be among their biggest challenges, and 73 per cent said these types of malware are much harder to manage than email-based threats", wrote the firm.

Those firms that are confident they are sufficiently protected seem to be living under an illusion, according to the survey. These firms also admitted to a number of security problems, including attacks from viruses (60 per cent), spyware (57 per cent), phishing attacks (47 per cent), hacking attacks (35 per cent), and SQL injections of their Web sites (32 per cent).

None of which really tally with any "sufficiently protected" claims, although it is kind of in Webroot's interests to paint this rather depressing picture, given that such a strategy is likely to shift a few more units.

February 18, 2010 | | Comments (0)

Iceman hacker gets 13 years

A notorious hacker has been sentenced to 13 years in jail on charges of wire tapping and identity theft.

A court in Pittsburgh said that Max Ray Vision - nee Butler - pleaded guilty to charges last year and had now been sentenced to the jail time, fined almost £20m in repayments to his victims and will face an extra five years of supervised release.

When Vision, who went by the psuedonym Iceman, was arrested he had the details of almost two million card holders on his home computer; card details which he was using on his trading site cardmarket.com.

We do not know how much money he made through the site, but the size of the fine suggests that it was a significant ammount. Court reports say that the fine was based on the $25 cost card companies faced with replacing a lost or stolen number, adding that it was estimated that the Iceman has personally stolen some 1.1m IDs himself.

This is not the first time Vision has been arrested. Having started his career in crime early by writing a backdoor program that could be used to access federal machines, he was sent to jail for 18 months. And this after doing volunteer work at the FBI.

Having served this time he was unable to find any other work and was, he said in a memo to the court, unable to pursue any other career than that of a life of crime. His punishment will be a lesson to some, although the rewards that Iceman clearly enjoyed before his arrest will be enough to persuade the rest that cyber crime is worth the risk.

February 15, 2010 | | Comments (0)

Fake Firefox site pushing out adware

Security experts are warning that adware and spyware pushers are trying to bundle their wares into the latest version of Firefox in order to trick users into downloading the software.

A new blog posting from network security firm eSoft explains that adware pushers are trying to capitalise on the success of Firefox 3.6 in order to extend their reach.

The fake Firefox download site uncovered by the firm has been designed to fool users hoping to upgrade, but contains the spelling errors which are often a tell-tale sign of a scam site, said the blog posting.

"Victims of this scam install the 'Hotbar' toolbar by Pinball Corp, formerly Zango," the post noted.

"Not only are users subject to the annoying toolbar, they're also barraged with pop-up ads and host to a new Hotbar weather application running in the system tray."

ESoft warned users only to download software directly from the publisher, where possible.

February 3, 2010 | | Comments (0)


Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093