Posts tagged security
Spammers adopt new attack strategies for ‘New Year’
Feb 9th
by Paul Wood
The New Year saw an increase in global spam levels as spammers continued to take advantage of holidays and major current events in an effort to entice users to click on links in email messages. Attracting email recipients with tempting content is a popular social engineering tactic used both in spam, scams and other types of malicious attacks. The email messages are designed to have some relevance to the recipient in order to increase the chances of them unknowingly clicking on the links and visiting spam websites or potentially becoming infected in a drive-by attack.
Paul Wood
Symantec’s January Intelligence Report found that the New Year event itself presented an opportune theme for spammers. Symantec Intelligence identified a new tactic in spam emails that included URLs that related to more than 10,000 unique domain names. Each of these domains had earlier been compromised and the URLs pointed to PHP-based scripts hosted on the compromised websites, many of which referred to “New Year” in the file name. Some examples include, “HappyNewYear.php,” “new-year-link.php” or “new-year.link.php.” The PHP scripts simply redirected the visitor to the real spam website, but the potential for malicious use also exists. Read the rest of this entry »
It’s NOT “just a number!”
Jan 26th
by Ann Cavoukian
I am becoming increasingly concerned about the lack of understanding of a key privacy issue – the ease of data linkages in an ever-increasingly online world, that renders otherwise non-identifiable information, identifiable.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
New analytic tools and algorithms now make it possible, not only to link a number with an identifiable individual, but also to combine information from multiple sources, ultimately creating a detailed personal profile of a personally-identifiable individual.
In this information age, people are sharing personal information about themselves in new ways, including through personal blogs and social networking sites. Imagine a scenario where your “anonymous” comments on a newspaper website or in an online chat forum could be tracked back to you personally, simply by linking your IP address and browser data across multiple platforms. Read the rest of this entry »
5 reasons why SOPA has to die
Jan 22nd
If you are wondering what SOPA is then you probably didn’t Wikipedia last week when it shutdown in protest. SOPA is a bill which the UScongress wanted to pass and it stands for Stop Online Piracy Act (SOPA).
It sounds harmless enough, after all we all want to stop piracy…don’t we! While we are against piracy we certainly aren’t against FREE SPEECH and SOPA takes it too far suggesting a China like authoritarian rule where record labels and cable companies have the power to shut down website because of alleged piracy acts, no matter how small the piracy act is….it may be as simple as you uploading a video of you and your family at a family bar-b-que with Lady Gaga playing in the background. You may be in violation and your website may be shut down.
Still not convinced, here are 5 reasons why SOPA needs to die…
Should You Feel Bad About Blocking Online Ads?
Jan 12th
by Claudiu Popa
I’m not a fan of banner ads, browser pop-ups nor of what’s come to be called behavioural advertising. I find that such promotion largely falls into two categories. The kind that has nothing to do with what I’m interested in, and the kind that is surprisingly well targeted to my personal interests.
Claudiu Popa
Since the former is irritating and the latter is downright creepy, I’m not likely to click on any online ads anytime soon. And I don’t think you are either.
That said, I’m certainly not against commercial promotion and far be it from me to pass judgment on one of the most profitable ways to spend – and make – money online ($25B in 2010 and an estimated $31B in 2011). I’m even sympathetic to the argument that online advertising keeps the Internet humming along as the subsidized services we practically depend on in turn depend on advertising dollars to resist the temptation to charge us. Read the rest of this entry »
3 awesome security tips for 2012
Jan 3rd
by Claudiu Popa
Everything I’m reading these days indicates that hacking and malware infections are going to increase in 2012. I don’t need to provide references here because everything you’re reading does too. Yet all the software you need to secure computers, both corporate and personal, is available for free. There’s everything from scanning and blocking to diagnosing and disinfecting the computing devices you depend on.
Claudiu Popa
So how come we’re poised for continued growth in data theft and general cyber-mischief?
In short, you’re the weakest link. If it weren’t for you, your computer would have a much higher chance of leading an infection-free existence, gracefully growing old and slowly descending into obsolescence. Instead, you may hear yourself thinking out loud: “it was fast at the beginning, but now it’s so slow I’m thinking of getting a new one”. This platform-independent mantra is no doubt very depressing for laptops and smartphones to overhear and even the shiny new tablets, smug in their reliance on a firmware-based operating system, aren’t too far behind.
What are your options? Panic? Trade in your new tablet for a stone tablet? Pester the one social recluse in your family with open-ended questions?
The latter is always a good idea (although you can’t go wrong with the first two either). Make sure you corner him (it’s always a ‘he’) at the family party this holiday season and don’t let him take another sip of the eggnog until he makes an effort to put his answers into plain English. Pull up a chair, make him feel special, for once!
Stone Tablet
In the failing case, here are three (because no one can really retain more than that anyway) tips for you to better understand computing security in general, and in particular over the next few months, as the reliance on technical attacks on all platforms (not just on mobile devices, PCs, or ‘in the cloud’) gives way to plain old abuses of trust). At the very least, you’ll sound smarter about this stuff, so here’s some sage advice:
1. Sometimes things that increase convenience may increase your security risk
Just one example: URL shorteners. These handy little tools (aside from the fact that they build clickthrough statistics) may send you to malicious destinations and may contribute to the security problems that plague social networking sites. So click wisely.
2. Sometimes it’s better to focus on the things that go out of your computer
We’re on the Internet for a reason: to explore and access information. Each click is a request, an a consensual invitation, an implied permission and an open door to receiving information. So when that response happens to be malicious, it’s difficult to see exactly what it’s doing inside your computer, but it’s relatively easy to block unauthorized software from ‘calling home’ and initiating outbound connections of its own. So look for personal firewalls with egress filtering and be cautious about approving connection requests.
3. Sometimes things that protect your privacy may decrease your security
You know that little ‘lock’ icon everyone tells you to look for when completing online purchases? And the ‘secure tunnel’ your IT guy tells you about when installing your remote access VPN into the office (so you can be ‘productive‘ from home, naturally)? Those are great things. They protect the confidentiality of the data that you exchange with the big bad Internet, and also serve to protect your privacy. But they also make it next to impossible for security tools to inspect data traffic, see malicious code and the details of hacking attacks as they come and go. So use with caution, and appreciate that once encrypted, both good and bad data is protected from prying eyes (and be sure to have a memory resident scanner to detect the latter just before or immediately after scrambling).
Enjoy 2012 and if you know someone who could use the information, don’t hesitate to suggest this blog.
Targeted attacks and how they’re happening now
Dec 13th
by Paul Wood
Targeted malware and advanced persistent threats (APTs) have been big news in 2011, particularly in the wake of the Stuxnet attacks of 2010, and the recent discovery of Duqu.
Paul Wood
Though the term has been overused and occasionally misused, it is undeniable that APTs represent a significant threat to some companies and industries. Symantec.cloud found that the number of APTs detected worldwide increased fourfold from January to November of this year. So as 2011 comes to a close, we thought it would be a good idea to use our November Intelligence Report to take a closer look at what have been dubbed “advanced persistent threats”. Read the rest of this entry »
NFC the next big thing? Do it right – embed privacy from the start
Dec 4th
by Dr. Ann Cavoukian
There was a lot of buzz about Near Field Communications (NFC) at The Future of the Internet Congress this week in Ottawa. NFC is an emerging short-range wireless technology being built into the latest generation of smartphones, allowing users to bridge the real and virtual worlds with simple “Tap ‘n Go” gestures.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
NFC holds tremendous potential to change the way we interact with our physical environments, acquire and share information, access facilities, and pay for goods and services (to name just a few interoperabilities), using now-ubiquitous mobile devices.
Illustrative Uses Cases
At the Congress, I made available a new paper, entitled Mobile Near Field Communications (NFC) “Tap ‘n Go” – Keep it Secure & Private, that examines the technology’s potential in four illustrative use cases:
Securing the Ubiquitous iPhone
Nov 21st
by Claudiu Popa
According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more rational than in the paragon of mobile digital success: the iPhone.
Claudiu Popa
Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a strategy of built-in obsolescence.
It follows then that each of these areas corresponds to ways to specific security controls at that level, tactically building a ‘defense in depth’ approach to securing the iPhone. In the name of brevity, here are these safeguards: Read the rest of this entry »
New fraud scheme targets lawyers
Nov 14th
by Monica Goyal
If you are not a lawyer, you may not have heard of this fraud.
Generally, the purpose of the scheme is to persuade a lawyer to take them on as a client in a settlement case, and then steal their money.
Monica Goyal
Here is an example email:
“De: John Fischer
Fecha: Mon, 12 Sep 2011 15:09:41 +0000
Para:
Asunto: YOUR LEGAL ASSISTANCE IS NEEDED. Read the rest of this entry »
A new twist on shortened URLs as spam carriers
Nov 2nd
by Paul Wood
For some time Symantec has been warning social networking users to beware of shortened URLs as sometimes it can be hard to see where the link will actually lead.
Paul Wood
Spammers have been taking advantage of shortened URLs, and during a three-month period in 2010, Symantec found that two-thirds of malicious links in social networking news feeds used shortened URLs. Seventy-three per cent were clicked 11 times or more, with 33 per cent receiving between 11 and 50 clicks. Only 12 per cent didn’t receive any clicks.
Now Symantec is seeing a new trend and it’s a new way spammers are trying to get victims to click on links in e-mails. Read the rest of this entry »
