1) This week, you will see a wave of Whitney Houston malware coming through, all trying to capitalize on her death. Think Before You Click!
2) Miscreants are sending tons of Valentines Day spam, laced with malicious links. Think Before You Click!
* Valentine’s Day Scams: For The Love Of Money
3) Viruses tend to come into end-user’s mailboxes between 8 and 9am EST. I told you three times… Think Before You Click!
E-Mail Viruses Most Likely To Appear In The Morning
I’m testing out Digeus Registry Cleaner Version 7.3.
I am receiving a free version as compensation for this entry and evaluation.
Here is brief information about the Product:
Digeus Registry Cleaner speeds up your computer by cleaning errors in your Windows. It removes the junk that accumulates in your Windows Registry, fixes Windows errors which results in speeding up your computer. With Digeus Registry Cleaner you just need a few mouse clicks and your computer will become as good as a brand new one.
Key features:
* Removes unused and invalid entries
* Speeds up boot up time
* Fixes Windows errors which results in speeding up your computer
* Eliminates BSOD (Blue Screen of Death)
* Invaluable when your system starts crashing, hangs, freezes and works slow
* This is one of the most popular registry cleaners on the Internet
Here are links to screenshots of Digeus Registry Cleaner:
http://www.digeus.com/products/regcleaner/images/regcleaner.jpg
http://www.digeus.com/products/regcleaner/images/registrycleaner01.jpg
http://www.digeus.com/products/regcleaner/images/registrycleaner02.jpg
http://www.digeus.com/products/regcleaner/images/registrycleaner03.jpg
http://www.digeus.com/products/regcleaner/images/registrycleaner04.jpg
For more information please visit:
http://www.digeus.com/products/regcleaner/registry-cleaner.html
OUCH! | January 2012
IN THIS ISSUE…
• Administration
• Your Network Name
• Encryption & Authentication
• OpenDNS
Securing Your Home Wi-Fi Network
GUEST EDITOR
Raul Siles is the guest editor for this issue. Raul is the
founder of and a senior security analyst with Taddong
(www.taddong.com), a SANS author and instructor, and
security passionate (www.raulsiles.com). You can follow
Raul on Twitter at @taddong and on his blog at
blog.taddong.com.
OVERVIEW
Wi-Fi networks (sometimes called by their technical name
802.11) allow people to wirelessly connect devices to the
Internet, such as smartphones, gaming consoles, tablets,
and laptops. Because Wi-Fi networks are simple to setup,
many people install their own Wi-Fi networks at home.
However, many home Wi-Fi networks are configured
insecurely, allowing strangers or unauthorized people to
easily access your home network or anonymously abuse
your Internet connection. To ensure you have a safe and
secure home Wi-Fi network, here are a few simple steps
you should take.
ADMINISTRATION
Your Wi-Fi network is controlled by something called a Wi-
Fi access point. This is a physical device you can buy at
your local electronics store or that may be built into your
Internet router. The access point is what wirelessly
connects your devices to the Internet. One of the first steps
to securing your Wi-Fi network is limiting who can
administer your Wi-Fi access point and how they can
access it. We recommend you take the following steps
when configuring your Wi-Fi access point for the first time.
• For many Wi-Fi access points the default
administrator login and password is well known. In
fact, these default accounts can often be found
listed on the Internet. So be sure to change the
default administrator login and password to
something that only you know.
• For administrative access to your Wi-Fi access
point, we recommend you disable wireless access
and instead require a physical network connection,
such as using an Ethernet cable. If you must have
wireless administrative access, then at a minimum
disable HTTP access and require HTTPS, which
supports encryption.
SETTING YOUR WI-FI NETWORK NAME
Another option you will need to configure is the name of
your Wi-Fi network (often called SSID). This is the name
your devices will see when they search for local Wi-Fi
networks. We recommend changing your default Wi-Fi
network name. Give your network name something unique
so you can easily identify it, but make sure it does not
contain any personal information. Also, there is little value
in configuring your Wi-Fi network as hidden (or non-
broadcast). Today most Wi-Fi scanning tools or any skilled
attacker can easily discover the details of a hidden network.
The recommended option is to leave your Wi-Fi network
visible, but secure it using the other steps covered in this
newsletter.
ENCRYPTION & AUTHENTICATION
The next step is to ensure that only people you know and
trust can connect to and use your Wi-Fi network and that
those connections are encrypted. We want to be sure that
neighbors or nearby strangers cannot connect to or monitor
your Wi-Fi network. Fortunately, these dangers are easily
mitigated by simply enabling strong security on your Wi-Fi
access point. Currently one of the best options is to use the
security mechanism WPA2. By simply enabling this you
require a password for people to connect to your Wi-Fi
network, and once authenticated, those connections are
encrypted. Be sure you do not use older, outdated security
methods, such as WEP, or no security at all, which is called
an open Wi-Fi network. An open network allows anyone to
connect to your Wi-Fi network without any authentication.
The recommended encryption method for WPA2 is AES
only, versus other options such as TKIP or TKIP+AES.
When configuring the password people will use to connect
to your Wi-Fi network, make sure it is different from the
administrator password and that the password cannot be
easily guessed; we recommend at least 20 characters long.
This may sound like a very long password, but remember
you most likely have to enter it only once for each of your
devices, as they will store and remember the password for
future network access. If your Wi-Fi access point is in a
physically secure location and only trusted members of your
family have access to it, one option may be to tape the user
password to the bottom of the Wi-Fi access point for easy
recall. Remember that anyone you have given the password
to will have access to your Wi-Fi network, so from time to
time you may want to change it.
Finally, we recommend you turn off or disable WPS (Wi-Fi
Protected Setup). WPS is a specification designed to ease
the process of securely setting up your Wi-Fi access point.
At the time of publishing this newsletter, recent vulnerabilities
were found that may allow an attacker full access to your
wireless network if WPS is enabled.
OPENDNS
Once you have your Wi-Fi connection configured, one of the
last steps we recommend is configuring your network to use
OpenDNS as your DNS servers. When you type a name into
your browser, DNS is how your browser knows which server
on the Internet to connect to. OpenDNS is a free service that
helps ensure you connect only to safe websites. In addition,
OpenDNS gives you the ability to manage what websites your
family can connect to. If you want to filter and block
objectionable material, this is a great resource. The
OpenDNS website walks you through step-by-step how to
configure your Wi-Fi access point to use OpenDNS.
RESOURCES
Some of the links shown below have been shortened for
greater readability using the TinyURL service. To mitigate
security issues, OUCH! always uses TinyURL’s preview
feature, which shows you the ultimate destination of the link
and asks your permission before proceeding to it.
OnGuard Online Wi-Fi Security:
http://preview.tinyurl.com/7sylsul
Security Encyclopedia:
http://preview.tinyurl.com/bpc2h23
WPS Vulnerability:
http://preview.tinyurl.com/cjs4l4w
OpenDNS:
http://www.opendns.org
Common Security Terms:
http://preview.tinyurl.com/6wkpae5
LEARN MORE
Subscribe to the monthly OUCH! security awareness
newsletter, access the OUCH! archives, and learn more
about SANS security awareness solutions by visiting us at
http://www.securingthehuman.org
OUCH! is published by the SANS Securing The Human program and is distributed under the
Creative Commons BYNC-ND 3.0 license. Permission is granted to distribute this newsletter
as long as you reference the source, the distribution is not modified and it is not used for
commercial purposes. For translating or more information, please contact ouch@securingthehuman.org.
Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Lance Spitzner
© The S A N S Institute 2012 http://www.securingthehuman.org
If you live in the East Lovejoy area of Buffalo, NY (aka Iron Island, Iron City), try a local merchant for your floral needs. 30 years experience shows that they do it right!
They’re located at 1180 Lovejoy Street, Buffalo, NY and can be reached toll free at
1-800-472-1841
Cyber Security Tip ST11-001
Holiday Traveling With Personal Internet-Enabled Devices
The internet is at our fingertips with the widespread use of
internet-enabled devices such as smart phones and tablets. When traveling
and shopping anytime, and especially during the holidays, consider the
wireless network you are using when you complete transactions on your
internet-enabled device.
Know the risks
Your smart phone, tablet, or other internet-enabled device is a full-fledged
computer. It is susceptible to risks inherent in online transactions. When
shopping, banking, or sharing personal information online, take the same
precautions with your smart phone or other internet-enabled device that you
do with your personal computer — and then some. The mobile nature of these
devices means that you should also take precautions for the physical
security of your device (see Protecting Portable Devices: Physical Security
for more information) and consider the way you are accessing the internet.
Do not use public Wi-Fi networks
Avoid using open Wi-Fi networks to conduct personal business, bank, or shop
online. Open Wi-Fi networks at places such as airports, coffee shops, and
other public locations present an opportunity for attackers to intercept
sensitive information that you would provide to complete an online
transaction.
If you simply must check your bank balance or make an online purchase while
you are traveling, turn off your device’s Wi-Fi connection and use your
mobile device’s cellular data internet connection instead of making the
transaction over an unsecure Wi-Fi network.
Turn off Bluetooth when not in use
Bluetooth-enabled accessories can be helpful, such as earpieces for
hands-free talking and external keyboards for ease of typing. When these
devices are not in use, turn off the Bluetooth setting on your phone. Cyber
criminals have the capability to pair with your phone’s open Bluetooth
connection when you are not using it and steal personal information.
Be cautious when charging
Avoid connecting your mobile device to any computer or charging station that
you do not control, such as a charging station at an airport terminal or a
shared computer at a library. Connecting a mobile device to a computer using
a USB cable can allow software running on that computer to interact with the
phone in ways that a user may not anticipate. As a result, a malicious
computer could gain access to your sensitive data or install new software.
Don’t Fall Victim to Phishing Scams If you are in the shopping mode, an
email that appears to be from a legitimate retailer might be difficult to
resist. If the deal looks too good to be true, or the link in the email or
attachment to the text seems suspicious, do not click on it!
What to do if your accounts are compromised
If you notice that one of your online accounts has been hacked, call the
bank, store, or credit card company that owns your account. Reporting fraud
in a timely manner helps minimize the impact and lessens your personal
liability. You should also change your account passwords for any online
services associated with your mobile device using a different computer that
you control. If you are the victim of identity theft, additional information
is available from http://www.idtheft.gov/.
For even more information about keeping your devices safe, read
Cybersecurity for Electronic Devices.
_________________________________________________________________
Produced in 2011 by US-CERT, a government organization.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST11-001.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.
Blog posted using Windows Live Writer
#Computers #Internet #Security
OUCH! | December 2011
IN THIS ISSUE…
• Phishing
• Scams
• Protecting Yourself
E-mail Phishing and Scams
GUEST EDITOR
Pieter Danhieux is the guest editor for this issue. He works
for BAE Systems stratsec in Australia (www.stratsec.net)
and is an instructor for the penetration testing courses at
the SANS Institute.
OVERVIEW
E-mail is one of the primary ways we communicate. We not
only use it every day for work, but also to stay in touch with
our friends and family. In addition e-mail is how companies
provide many products or services, such as confirmation of
an online purchase or updates to our bank account. Since
so many people around the world depend on e-mail, it has
also become one of the primary methods cyber criminals
use to attack others. In this newsletter we explain these
dangers and steps you can take to protect yourself.
PHISHING
Phishing is one of the most common e-mail based attacks.
It uses social engineering, a technique where cyber
attackers attempt to fool you into taking an action. Phishing
was a term originally used to describe an attack designed to
steal your online banking login details. However, the term
has evolved and now refers to almost any cyber attack sent
by e-mail. A phishing attack begins with an e-mail
pretending to be from someone or something you know or
trust, such as your bank or your favorite online store.
These e-mails then try to entice you into taking an action,
such as clicking on a link, opening an attachment, or
responding to a message. Cyber criminals craft these
convincing e-mails and then send them out to thousands, if
not millions, of people around the world. The criminals do
not have a specific target in mind, nor do they know exactly
who will fall victim. They simply know the more e-mails
they send out, the more people they may be able to fool.
Phishing attacks often have one of the following objectives:
. Harvesting Information: The cyber attacker’s
goal is to fool you into clicking on a link and taking
you to a website that asks for your login and
password or perhaps your favorite color or mother’s
maiden name. These websites may look legitimate
with exactly the same look and feel of your online
bank, but they are designed to steal information
that could give them access to your online account.
. Controlling your computer through malicious
links: Once again, the cyber attacker’s goal is for
you to click on a link. However, instead of
harvesting your information, the goal is to infect
your computer. If you click on the link, you are
directed to a website that silently launches an
attack against your browser, and, if successful,
these cyber criminals have full control over your
computer.
. Controlling your computer through malicious
attachments: These are phishing e-mails that have
infected attachments, such as infected PDF files or
Microsoft Office documents. If you open these
attachments they attack your computer, and if
successful, give the attacker complete control.
SCAMS:
Scams are nothing new; these are attempts by criminals to
defraud you. Classic examples include notices that you’ve
won the lottery (even though you never entered it) or that a
dignitary needs to transfer millions of dollars into your
country and would like to pay you to help with the transfer.
They will then tell you that you have to pay a processing fee
before you can get your money. After you pay these fees
the criminals disappear, never to be heard from again.
PROTECTING YOURSELF
In most cases simply opening an e-mail is safe. For most
attacks to work you have to do something after reading the
e-mail (such as opening the attachment, clicking on the link,
or responding to the request for information). If after
reading an e-mail you think it is a phishing attack or scam,
simply delete the message. Here are some indications if an
e-mail is an attack.
. Be suspicious of any e-mail that requires
immediate action or creates a sense of urgency.
This is a common method used to trick people.
. Be suspicious of e-mails addressed to “Dear
Customer” or some other generic salutation.
. Be suspicious of grammar or spelling mistakes,
most businesses proofread their messages very
carefully.
. If a link in an e-mail seems suspicious, hover your
mouse over the link. This will show you the true
destination where you would go if you actually clicked
it. The link that is written in the e-mail may be very
different than where it will actually send you.
. Do not click on links. Instead copy the URL from the
email and paste it into your browser. Even better is
to simply type the destination name into your
browser. For example, if you get an email from UPS
telling you your package is ready for delivery, do not
click on the link. Instead, go to the UPS website and
then copy and paste the tracking number.
. Be suspicious of attachments; only open attachments
that you were expecting.
. Just because you got an e-mail from your friend does
not mean they sent it. Your friend’s computer may
have been infected or their account may have been
compromised, and malware is sending the e-mail to
all of your friend’s contacts. If you get a suspicious email
from a trusted friend or colleague, call them to
confirm that they sent it.
Ultimately, using e-mail safely is all about common sense. If
something seems suspicious or too good to be true, it is most
likely an attack. Simply delete the e-mail.
RESOURCES
Some of the links shown below have been shortened for
greater readability using the TinyURL service. To mitigate
security issues, OUCH! always uses TinyURL’s preview
feature, which shows you the ultimate destination of the link
and asks your permission before proceeding to it.
How Phishing Works: http://preview.tinyurl.com/853xj85
OnGuard Online – Avoiding Scams:
http://preview.tinyurl.com/6vfoljs
Anti-Phishing Working Group: http://www.apwg.org
Phishtank: http://www.phishtank.org
Security Terms & Definitions:
LEARN MORE
Subscribe to the monthly OUCH! security awareness
newsletter, access the OUCH! archives, and learn more
about SANS security awareness solutions by visiting us at
http://www.securingthehuman.org
OUCH! is published by the SANS Securing The Human program and is distributed under the
Creative Commons BYNC-ND 3.0 license. Permission is granted to distribute this newsletter
as long as you reference the source, the distribution is not modified and it is not used for
commercial purposes. For translating or more information, please contact ouch@securingthehuman.org.
Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Lance Spitzner, Carmen Ruyle Hardy
© The S A N S Institute 2011 http://www.securingthehuman.org
#computers #e-mail #email #internet #security #phishing
OUCH! | November 2011
IN THIS ISSUE…
• Staying Current
• Plugins and Add-Ons
• Security Features
• Privacy
Browser Security and Privacy
GUEST EDITOR
Mike Poor is the guest editor for this issue. He is a senior
security analyst for the consulting firm InGuardians Inc.
(www.inguardians.com). Mike is also a senior instructor for
the SANS Institute and the track lead for one of SANS’ top
courses, SEC503: Intrusion Detection In-Depth.
OVERVIEW
Your Internet browser, such as Internet Explorer, Firefox,
Chrome, or Safari, is one of the primary tools you use to
interact with the Internet. Cyber attackers know this, which
makes your browser one of their primary targets. Also, your
browser may collect a great deal of personal information
about you that you may not be aware of. In this newsletter
we cover the steps you can take to protect both your
computer and your privacy.
KEEPING YOUR BROWSER CURRENT
The first step to protecting yourself is always using the
latest version of your browser. It does not matter which
browser you use; what is important is that you use the most
recent version of your browser. Cyber attackers are
constantly searching for, and finding, programming errors
and other flaws in browsers. These mistakes (often called
vulnerabilities) can be exploited, giving attackers access to,
and sometimes even complete control, over your system.
The companies that developed your browser (such as
Microsoft, Google, or Apple) release patches to fix these
vulnerabilities. By always having the latest version, you
ensure your browser has these known issues fixed. To
ensure your browser is updated, make sure the auto-
update feature is always enabled in your browser and
operating system. Some browsers, such as Chrome,
automatically update themselves every time you restart the
browser.
PLUGINS AND ADD-ONS
Plugins (sometimes called Add-Ons) are additional
programs you can install in your browser. The problem
with these additional programs is they can expose you and
your system to greater risk. Each program you add to your
browser has its own unique vulnerabilities or weaknesses.
Install only the plugins you absolutely need and be sure you
download them from well known, trusted sites. At times a
website may ask you to install a plugin. Be careful –these
can be attempts to fool you to install infected software.
When possible, always download and install a plugin from
the original vendor’s site. For example, always download
or update your Flash player from the Adobe site
www.adobe.com. Once you have installed a plugin you
have to ensure that you keep it up to date, just like your
browser. This can be challenging as many plugins have
no automatic updating capability; you have to manually
check and update them yourself. If that is the case, we
recommend you check the status of your browser plugins at
least once a month. In the resources section are several
trusted websites that will help you do this.
SECURITY FEATURES
Each browser has its own unique security features. Be
sure to take a moment and review your browser’s security
preferences or options. A key feature that almost all
browsers support is warning you when you visit potentially
malicious websites. Your browser maintains an updated list
of thousands of known websites that are malicious or
attempt to harm people. If you attempt to visit any of these
known malicious websites, your browser will stop you and
present a warning banner. When you get a warning
banner do not proceed to the site. Keep in mind, though,
you still always have to be careful about the websites you
visit. Your browser cannot keep up with cyber criminals; it
will not know all sites that are malicious.
PRIVACY
You may not realize it, but your browser may store a great
deal of information about your online activities, including
cookies, cached pages, and history. Cookies are small
data files that websites send to your browser and can make
using the web easier, such as storing your preferences.
But cookies also allow companies to track your movements
across the web. Cached pages are stored copies of
websites you have recently visited. They are used to
improve your system’s performance but also might be
accessed by unauthorized users. Finally, many browsers
save the history of all the websites you have visited to take
you more quickly to the websites you visit the most.
To protect your privacy you can disable some or all these
features. In addition, some browsers support the ability to
manually erase any stored data, or automatically erase stored
data every time you close your browser. Finally most
browsers support a privacy mode where all data collection is
turned off, including caching, cookies, and history. This
ensures no information is collected about your browsing
activities; however, this can also limit your ability to interact
with some sites. Check your browser’s privacy settings to
change any of these features.
Finally, whenever possible make sure your browser
connections are encrypted. This helps ensure your online
activity cannot be monitored or captured. Encrypted
connections are often called HTTPS. For example, sites
such as Twitter, Facebook, and Google allow you to set your
personal settings to ensure you are always using HTTPS
(encryption) when communicating to these sites. In addition,
whenever banking or shopping online, make sure your
connections are encrypted. To confirm this, look for https:// in
the browser and a lock.
RESOURCES
Some of the links shown below have been shortened for
greater readability using the TinyURL service. To mitigate
security issues, OUCH! always uses TinyURL’s preview
feature, which shows you the ultimate destination of the link
and asks your permission before proceeding to it.
Browser Plugin Check:
http://preview.tinyurl.com/3m9gjr5
Firefox Plugin Check:
http://preview.tinyurl.com/3ojhl69
Chrome Browser Security:
http://preview.tinyurl.com/36sgakv
Internet Explorer 9 Security:
http://preview.tinyurl.com/3ly6wyv
Safari Browser Security:
http://preview.tinyurl.com/aesqpl
Firefox Browser Security:
http://preview.tinyurl.com/6ee3kx6
LEARN MORE
Subscribe to the monthly OUCH! security awareness
newsletter, access the OUCH! archives, and learn more
about SANS security awareness solutions by visiting us at
http://www.securingthehuman.org
OUCH! is published by the SANS Securing The Human program and is distributed under the
Creative Commons BYNC-ND 3.0 license. Permission is granted to distribute this newsletter
as long as you reference the source, the distribution is not modified and it is not used for
commercial purposes. For translating or more information, please contact ouch@securingthehuman.org.
Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Lance Spitzner, Carmen Ruyle Hardy
© The S A N S Institute 2011 http://www.securingthehuman.org
#computers #browsers #internet #security
