Blog

New Travel Nightmare: Hotel Network Malware

Posted on Sunday, May 20th, 2012 at 12:08 pm. Written by Scott Cornell No Comments

: At a hotel? Watch out for the security of your computer.

Whether you’re staying for business or pleasure, hotels will usually have a wireless network set up for your convenience. While most users may think this is just a nice and maybe necessary amenity, the Federal Bureau of Investigation is warning all travelers to look out for fake software updates on these networks that could infect your computer with malware. When using any Wi-Fi connection, you should be using a layered security approach to make sure your computer and data remain safe on a possibly shaky network.

“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel internet connections,” the Internet Crime Complaint Center said in a warning about this new, dangerous malware situation. “In these instances, the traveler was attempting to set up the hotel room internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.”

The IC3, as it is known, offered some advice for travelers taking their laptops with them into hotels, including carrying out all software updates before linking up to any outside Wi-Fi networks, checking the author or digital certificate of any download or update you are prompted about, and downloading software updates direct from a vendor’s website when on the road. Obviously there is no catch-all solution, but these should all go a long way toward helping people stay safe when they are on the road.

It’s clearly a new age of travel and a new age of technology, with new worries. Bloomberg reported that Chinese hackers have been all over companies in the United States as of late, stealing from as many as 760 firms, including through a compromise of iBahn, a broadband service offered to guests of hotel chains like the Marriott. While hotels and other businesses that carry free or paid Wi-Fi for users now need to be more careful about what comes on their network, those who bring their laptop around need to be extremely cognizant that these threats are out there.

Have any stories of malware on the road? Resent having to think about security while trying to get away from it all? Drop us a line in the comments and let us know.

Hacker Smashes The Hulk’s Twitter

Posted on Sunday, May 20th, 2012 at 8:13 am. Written by Kate Beckham No Comments

: Despite his hacker’s shenanigans, the Hulk was in good spirits after the Twitter hijacking.

A Twitter hacker recently attempted to make the Hulk angry!

Mark Ruffalo, who plays the Hulk in the recent Avengers movie, was the victim of a Twitter hijacking on March 6, according to The Hollywood Reporter. In addition to changing the star’s username from @MRuff221 to @Mark_Ruffalo, the hacker tweeted a few sexist comments and talked about credit card debt.The perp also posted links to a funny cats YouTube video and images of Sports Illustrated model Kate Upton.

The Hulk was apparently calm and did not go on a Hulk-smashing spree. Once he was back in control of his account, Ruffalo tweeted, “It’s kind of hilarious me getting hacked today. I got to hand it to the hacker. Kind of genius.” He later tweeted, “Okay all. I am fried from all this hacking and rehacking. Best to all. Actually this was kind of fun. Thanks Hacker Johnson.”

Like the fables of old, the hacker closed the evening of shenanigans with a moral by citing a poor password as the reason he or she was able to compromise Ruffalo’s account. Perhaps the hacker was just trying to deliver a message of caring to the Twitterverse by showing even high profile celebrities are vulnerable if they don’t pick secure passwords?

Ruffalo isn’t the only famous person to have his Twitter account compromised, and not the only one who has taken it in good spirits. NASCAR racer Mark Martin had his account hacked earlier this year, but he’s turning the hack into profit. The hacker, known only as “Epic Swag,” inspired Martin to start a line of t-shirts, according to a recent CBS article. Martin also featured the hacker’s name above his driver-side window during the Sprint Cup.

Ruffalo’s hacker left the world with a message about password security, so we’re curious. What measures do you take to create an unhackable password?

New Malware Locks Up Computers, Demands Ransom

Posted on Saturday, May 19th, 2012 at 12:35 pm. Written by Kate Beckham No Comments

: Being infected with malware sucks, as does a new piece of ransomware researchers have found.

Anyone who has been infected with malware knows how much it flat out sucks. Often times, a machine will be so bogged down by malware that you’ll have to run system restore and recovery.A new type of malware, known as ransomware, may be even worse than the usual breed of malware, locking people out of their own computers until they pay some ransom money to have it unlocked.

“The infection vector is a well known drive-by exploit kit called ‘Blackhole,’” said the Swiss security bog Abuse.CH. “It is sold in underground forum and used by various criminal groups to infected computers ‘on the fly’ by (ab)using one or more security vulnerabilities in the victim’s web browser (or a third party plug-in like Adobe Flash Player, Adobe Reader or Java). In this case a Blackhole exploit kit located at pampa04.com was involved to spread the ransomware.”

CNET said, as an example, that if Java isn’t up to date with the latest patches, this downloaded Blackhole file will exploit the weakness by downloading the malicious software and running it. You’ll then get a message saying you’ve been locked out of your computer for downloading pirated music, which is something that could obviously scare a number of internet users.

CNET said people in the U.K., for example, may see a message of “to unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of 50 pounds.” So far, this type of ransomware has only been reported in Europe. But this is not the first time that ransomware has reared its ugly head. As always, you should keep your browsers and computer security programs up to date.

Have you ever had your computer held hostage like this? Let us know in the comments.

Flashback Still A Problem For Mac Security

Posted on Saturday, May 19th, 2012 at 8:20 am. Written by Matt Williams No Comments

: Flashback malware is still a security threat for Macs.

Here’s one for the “no news is good news” file. Initial reports that Flashback malware attacks against Macs were in decline may have been based on a mistake caused by calculation errors, according to a recent CNET article.

Flashback is a type of malware that attempts to gather private information like passwords. It uses browsers and other web-based applications to target Mac users. As many as 600,000 Macs were infected before Apple issued a security update to address the issue, according to estimates cited by CNET.

Initial reports said the infection rate has declined since the first spike of infections, but CNET said you better not breathe a sigh of relief quite yet. Potential errors in malware rate calculations may be leading to numbers more conservative than reality.

In fact, Apple’s security update was released for OS X 10.6 or higher, which means users on older systems may still be vulnerable to Flashback! Be careful of being lured into a false sense of security, because malware can sneak in through old vulnerabilities if you don’t keep your Mac and the software on it updated. It’s also important to implement layered security, which is simply using multiple tools, such as firewalls and malware scanners, to fully secure your machine.

And the bad news goes deeper, as the security update problem may only get worse, according to a recent MacWorld UK article. The article warns that Apple will likely stop supporting Mac OS 10.6 when it launches OS X 10.8. This trend follows Apple’s tendency to only support its current OS and the one that came directly before it.

The lack of support for OS 10.6 presents a unique problem, as it will leave 48.4 percent of all systems currently in use without security updates, according to statistics released by web metrics company Net Applications.

Computer security is a pressing issue in today’s world, where cyberthreats are on the rise. How do you feel about being left in the dark if support is pulled from OS X 10.6 and earlier versions?

Guarding Against Social Engineering

Posted on Friday, May 18th, 2012 at 12:12 pm. Written by Scott Cornell No Comments

Do you know who’s reading the information you post on your Facebook page? A recent Consumer Reports study found 13 million U.S. Facebook users don’t use the website’s privacy controls! It may not seem like a big deal, but making information available to people outside your personal network of friends, family and coworkers could leave you vulnerable to something known as social engineering hacking.

What is social engineering hacking?

It’s kind of a mix between old-school face-to-face conning and technology-based hacking. A Forbes article published last month dubs social engineering as “hacking the human mind,” because it doesn’t rely entirely on malicious computer code to exploit victims. A social engineer hacker collects information about the target’s lifestyle habits and personal preferences to design attacks that specifically target the individual.

According to the Forbes article, one of the ways social engineers are collecting personal information to use against their targets is through social media. Armed with this information, social engineer hackers can mix in traditional hacking methods to compromise security and access personal information.

For example, social engineers can collect work history information from a target’s LinkedIn profile and use that to design attacks that trick users into clicking malicious links or downloading software that infects their computers.

Risks extend beyond your computer

Your privacy controls protect more than just your computer’s health, they also protect you. The Consumer Reports survey also found a 30 percent increase in the number of people who said they had Facebook-related trouble. Some users even said they had been harassed.

The problem goes back to privacy settings and limiting the amount of personal information you publish. Unless you methodically manage the information you post, even applications that your friends are using may be able to access more of your profile than intended.

How to protect yourself against social hacking

With hackers trying to hack both you and your computer, it’s easy to be a little intimidated. The Chicago Tribune recently published an article highlighting ways to increase social media security. One of the big ones is to keep your antivirus software and browsers up-to-date. Because social media applications have access to your profile, review your applications on a regular basis and delete the ones you don’t use. Remember to block applications you don’t recognize, and, If you see an interesting story posted to your friend’s wall and aren’t sure of the source, use Google to find the story on a reputable news source, so you don’t unintentionally click your way to a malicious website.

May 2012
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31