The Internet Is Under Seige!

by Miles West. A Geek To Go!

Infections are rampant on Facebook with multiple accounts spewing out links to everyone in the contact list. Tread very lightly! Also, beware of any 'Windows Looking' prompt warning you of Low Disk Space. It is a VERY DANGEROUS rootkit called Win Defrag that will sense eradication efforts and will shut down if it feels threatened!

New Attack on Facebook Discovered By A Geek To Go!

11/28/10 6:35pm
by Miles West, A Geek To Go!



I have a bad habit of leaving my Facebook accounts open while I am working online. Tonight I was working on our remotely managed security when the new tone announced that someone had messaged me on instant message. Click on the image for a larger image. When I clicked back over to that tab, I saw someone (I haven't talked to in many years) had messaged me asking me to take a quiz which she did poorly on. She posted the link, which when copied into a new browser window took me to Facebook's malware/phishing warning. I knew from experience not to click on ANY link in an instant message because chances are it's a trap and once you click, then the person or computer on the other end can access your computer. This is not a new trick, but a new one here on Facebook. I can see MANY people falling victim to this. Never click a link in a message, even if you initiated the conversation. Questions? Contact A Geek To Go! through our website, twitter (#ageektogo) Facebook or just call us!

Facebook and Twitter Flunk Security Report Card

By Jared Newman

PC World -

Ignorance is bliss, so don't read any further if you don't want to panic about Facebook and Twitter security.

Digital Society, a self-professed security think tank, has given failing security grades to both Twitter and Facebook. Both sites are vulnerable to attacks that can give someone partial or full control over your account, the group claims.

According to Digital Society, the main problem with Facebook and Twitter is that neither site allows full Secure Sockets Layer (SSL) protection. Both sites create unencrypted sessions for the user by default. Although the actual logins are encrypted, they're not authenticated--which means you can't pull up security information in your browser to verify the sites' identities.

Even if you do force a secure session (by using https://twitter.com or https://facebook.com), the sites still have links to non-secure parts of the site and JavaScript code that transmit authentication cookies without SSL, Digital Society found.

These aren't new concerns, but the news fits hand-in-hand with the release of FireSheep, a FireFox add-on that lets people with limited technical knowledge hijack other people's web accounts over unencrypted Wi-Fi networks. Digital Society's report card essentially spells out what an attacker using FireSheep or another packet-sniffing program could accomplish. In Facebook, for instance, an attacker can gain access to every part of an account except username and password, allowing the attacker to send status updates and read private messages.

Of the 11 websites examined by Digital Society, only Gmail received an "A" grade. Wordpress, when accessed without SSL, received the only other "F," but Hotmail and Flickr received "D-" grades.

Microsoft has promised to fix vulnerabilities in Hotmail, and Facebook says it's beefing up security, as well. Still, that leaves plenty of sites to worry about if you're planning on using coffeehouse Wi-Fi. For more protection, consider the advice of Sharon Machlis at Computerworld and use FireSheep to make sure none of your own accounts are available for easy exploitation. You can also try FireShephard, a program specifically designed to thwart FireSheep.

And, if all else fails, plug your ears, sing in a really loud voice and hope for the best!

Look Who's Stalking!

Many people post their favorite photos on Facebook, Myspace and Twitter to let friends and family can get a glimpse of what is happening in their lives. But those innocent snapshots could be revealing much more than people think and open to the danger as well. Shanelle Gibson said she loves to take pictures with your smartphone. "I like having a bunch of pictures of my dog and post them on Twitter," she said. "I think it's cute." But one day, she got a tweet from the creator of icanstalku.com, saying he knows where he lives. "I thought it was a little scary," he said. "They were accurate at finding my house, so my immediate response was:" What happened? How do you know me? " As a result, the information contained in photos from Gibson called geotags are integrated into the GPS services for your smartphone. Each time you send an online photo taken with your phone, it is inadvertently giving your whereabouts. "The location can be as accurate as a meter, depending on the GPS signal reception of the device you are using," said Gerald Friedland, of the International Computer Science Institute. Friedland co-authored a study on the privacy implications of geotagging. Results: Most people had no idea of what is still online. "There's enough information out there that you can actually track people and do potential harm to them," he said. That's what Larry Pesce said he wants to warn people. He co-founded icanstalku to warn people after discovering a photo of your child revealed his location - and it can happen to others. "For example, let's take a picture of your nice, new plasma television 50 inches in your house," he said. "And now you're sharing the place of television and an hour later, you are sending a photograph of a 7-Eleven, and now we know that you're not at home." In addition to theft, Pesce said geotagged photos open the possibility of harassment and violence at home, and one does not need to be an expert to get the information. "Almost anyone who can operate a computer and do a few right clicks could know someone's location," said Pesce. Both Pesce and Friedland said they hope more people aware of this potential privacy problem. "In the future, we will be sharing more and more about our online lives, and we really want people to make sure they know what we are sharing," said Pesce. So what can you do about it? You do not have to stop publishing pictures - just turn off the GPS function for photos on your phone. If it does not affect the other capabilities of GPS. Gibson said she turned off her GPS functions and now posts her pictures without worry. She said she expects others to do the same. When A Geek To Go! discovered the site, it was reminiscent of a similar site called PleaseRobMe.com, that has since been taken down. Our first visit to the site yesterday unraveled a local young female writer (name withheld) bundle of personal info including last GPS location with map, a whole page of Twitter Tweets, and her photos. As of this posting, the site seems to have either been taken down, or is offline due to heavy traffic - as the site is run on autopilot by a Perl script, but we've included a sample screenshot. Please choose wisely what you offer up to the outside world!

Mac Users Warned of Growing Threat of Infections

Attacks on the Mac are important enough to warrant Apple users invest in an antivirus product, security company Panda Security, said when launching a new product that offers such protection.

Marketing of crop selection for economy Apple or caution justified? Panda points to the numbers. Currently there are 5,000 "strains" of malware that target the Mac and the company says it is seeing 500 new Mac-specific samples that appear every month.

In 2009, 34 vulnerabilities were identified in OS X from Apple, which had risen to 175 so far for 2010, with a total of 170,000 20-year macro "viruses" that affect the platform.

To be clear, these security threats refer only to desktops and laptops and not Apple iPhones or iPads unless they have been "jailbreaked" (personally hacked) or if, somehow, an application breaks offenders through the approval process.

Security firms working with Apple users is nothing new and every antivirus company now has a significant Mac products, driven in part by the user base growing a little larger in the U.S.

Many of the software vulnerabilities were cross-platform browser flaws, and is not specific to the Mac. As for the 170,000 macro viruses , while in a general sense, the malware threat is so obsolete on the PC that vendors don't even bother to count them.

The argument rests on the number of new malware threats now being seen and their complexity. So far, the evidence suggests that while the odd Trojan is now appearing, Mac malware is still a low-key threat.

"We have always held the theory that when Apple reaches a more significant market share, around 15 percent worldwide (which given its current rapid growth will be achieved shortly), hackers will begin to target attacks against this platform," claimed Panda vice president, Ivan Fermon.

"We would even say that today, the Windows operating system is more secure than Mac, simply because Microsoft has been working proactively on security for many years," he added.

Given the small but plausible nature of the threat, there is an argument that Apple itself should offer a security program as part of its offering, instead of leaving it up to third parties. It's what Microsoft ended up doing, retro-fitting a firewall to XP and more recently giving away a free antivirus program, Security Essentials.

Ironically, the reason Microsoft avoided doing such a thing in the first place was worry over antitrust probes which would have viewed such a move as anticompetitive. This free-market idea woefully misunderstood the nature of the threat and the world is still cleaning up the mess today.

For the record, both AVG and Panda antivirus for Mac offers realtime protection, file scanning and the ability to probe iPhones and iPads to ensure they are not harboring malware even if that malware can't hurt those devices.

Panda also points out that antivirus products on Macs stop Windows malware being passed on (as attachments) to PC users although it seems unlikely many people will want to buy protection for other users who probably have their own security anway.

Mac users interested in an AVG Security bundle for Mac can buy a one-year unlimited support plan with pricing based on residential or customer needs. This is a tad higher than a Windows user would pay for equivalent protection but that is the case with all Mac software. Development costs are higher for a smaller number of users.