Posted by Jason Remillard on Wed, Jan 20, 2010 @ 08:24 AM
SiteSecurityMonitor.Com Now Scans for Malware
Launched quietly last week, we are now scanning all websites for malware. What does this mean to you? Well, we now test each and every URL on your site for malware. How? Well, we use over 98,950 (count at this point!) malware patterns for our testing. We can test your code, your servers and even more importantly, your ad networks. As you know, the attack patterns are changing, and now the ‘bad guys’ are injecting malware on adnetworks. Google and others have been hit with this in recent weeks. We hope you enjoy the new service (reporting available in your online reports at: SiteSecurityMonitor.com Online Reporting).
Facebook users – Update your Security Settings ASAP!
Funny, but serious… ASAP – Review your Facebook Security Settings: Zuckerberg pictures exposed by Facebook privacy roll-back
- CEO shown ‘plastered’, possibly while devising new policy
- Illuminating pictures of Facebook chief exec Mark Zuckerberg have been exposed by Facebook’s privacy roll back
Full Story Here
True Story on Fixing a Customer's Infection – and What It Means to Web Developers and Hosters
Cross posted to thewhir.com – Hey all…I figured I would re/cross post a recent article I did on managing a customer's problems with respect to a recent malware infection. In this case, the add-on to the story that was not published was that the webhost he was on, didn’t help much. One of those ‘you’re on your own buddy’ kind of things.
Full Story Here
Amazon EC2 Used as a Safe Habor for Hackers
Security researchers have intercepted a new variant of the Zeus crimeware, which is using Amazon’s EC2 services for command and control purposes of the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they lose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts.
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:35 AM
While not particularly new anymore, online social networking is still an exciting medium. Compulsively, I check my Facebook every day, make several posts on Twitter and contribute what I can to LinkedIn and I know I’m not alone with these things. Well, now unsurprisingly a study has found that “social network users [are] more vulnerable to risks”, discovered here.
The study has its issues, but it has some important points too. Let’s start with the issues.
- "Changing passwords (64 percent infrequently or never)
- Adjusting privacy settings (57 percent infrequently or never)
- Informing their social network administrator (90 percent infrequently or never)”
While changing passwords can certainly help maintain a certain level of security, I think that a more important aspect is the quality of the password (how long it is, whether it includes capitals/numbers, and how original it is) is more valuable than the amount of times that the password is changed in most circumstances (for more information on passwords, check out my last blog post).
Adjusting the privacy settings really depends on what sort of privacy you need. If you don’t put up anything private, then obviously you don’t need strict privacy settings.
Then finally, “Informing their social network administrator.” It’s not surprising that this is 90% because I have no idea what this is even referring to. Who is the social network administrator and what do they need to be informed of? Most people are probably their own social network administrator making this question invalid.
After that the article goes on to note things like that “21 percent accept contact offerings from members they don’t recognize” — which is actually exceptionally low in my opinion. I would think more people would accept to see if perhaps they know the person but didn’t realize, then if they don’t, they delete them. Easy.
If you’re paranoid and feel that you’ll easily fall victim to some sort of phishing scam then by all means, don’t accept them. However, the article states that 55% of people have seen phishing scams, but it doesn’t state how many have really been scammed by one, so I’m guessing that number is actually much lower.
When it comes to social networking, the best thing you can do is use common sense. If someone you don’t know is asking for money or asking for your password (in all my years of having online passwords, I have never once been asked for it by a legitimate official for any purposes, so if someone is asking you, 99% of the time, it’s a scam). Also, if someone posts a link, make sure it’s from a source you trust or else you can always highlight and Google it, or if it’s a link like a couple I posted here that are shortened, there are a few things you can do. There are sites that will tell you where the link leads but if the link is from bit.ly or j.mp you can paste the link in your browser and add a “+” at the end of it and it will give you interesting details, including where the link leads (go ahead, try it out on one of the links here).
Of course, sometimes it can be difficult to realize what a scam is, as it was for Jayne Scherrman, who as I posted on Twitter a couple of weeks ago, was scammed out of almost $4,000 on Facebook: http://bit.ly/4mqZQv. However, with a single call to her friend, it could’ve been saved.
So watch out for these types of things and if a friend is asking you for money, especially large amounts of money, why not give them a call, or at least an e-mail to verify it. And if you’re not willing to give them a call, well then you’re probably not close enough to them to be giving them money anyway.