Share |

InfoSec News

Jim Handy, of Objective Analysis, and Tom Coughlin, founder of Coughlin Associates teamed with Calypso to compile a study on SSD performance that involved 18 different drives. No two drives had the same performance.
 
We have mentioned the Microsoft Support scams a few times over the last 6 months or so (http://isc.sans.org/diary.html?storyid=10135), but a recent change in their operations grabbed my interest. A colleague of mine mentioned that other day that he had been the recipient of the mystical Microsoft Support call to inform him that they had received an alert from his computer. It was the usual scenario, with a twist.
In previous iterations of this scam the person on the phone would get you to click through to the event viewer to find something red. Strangely enough there is usually something red in most people's event log log. However, do not despair if you don't have anything red, yellow is just as bad. Once the problem (well any problem) was identified your support would have expired and they redirect you to a web site where you can part with your money and download some version of malware.
The new iteration of the scam goes one step further. Rather than get the victim to look, they get you to install teamviewer (although no doubt other similar tools are likely used). They take control of your machine and start moving the files across. Manually infecting, sorry fixing, your machine. In this particular instance they noticed they were in a VMand promptly started removing the files they had moved, before the link was dropped and the phone call terminated.
The scam is obviously still working. It seems they have figured out that users can't be trusted to click a link, but installing remote control software and getting you to install the malware for them is ok.
If you've received one of these calls and taken them to the point where they have started installing things and you still have those files, please let us know. If they have used things other than teamviewer I'd be interested as well. In the mean time remember to teach mums, dads, aunts, uncles, etc that it will be a cold day in, you know where, when Microsoft will call you out of the blue to help you fix problem with your computer.
-Mark H- (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

The Tech Herald

Seven security incidents in two months - Sony's nightmare grows
The Tech Herald
Recently, security firm SecurEnvoy sent The Tech Herald an interesting press release based on research at InfoSec Europe. In it, Steve Watts, the co-founder of SecurEnvoy called Sony inept, when speaking about how they addressed the two largest data ...

and more »
 
Facebook is now offering a new feature called Login Approvals. I call it part-time two-factor authentication mechanism. Andrew Song of Facebook states: Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer. [1]
I have downgraded it to part-time because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list. I clarify browser because you will be forced to re-auth from a different browser.
On the upside however, it is an easy and ubiquitous solution that many people are inclined to incorporate in order to protect their Facebook account. Login Approvals can be turned on in the Account Security section on the Settings tab of your Facebook Account Settings.



[1] https://www.facebook.com/note.php?note_id=10150172618258920





Kevin Shortt

--

ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 


Internet Storm Center Infocon Status