The Security Pub

Random Thoughts About Security

Monthly Archives: August 2010

Fake TweetDeck Update

tweetdeck Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package.

 

Malware lures pose as messages such as "Critical tweetdeck update Bank Holiday", a reference to a national holiday in the UK that may suggest the miscreants behind the ruse are based in Britain, net security firm Sophos notes.

 

Twitter is in the process of resetting the passwords of presumably compromised accounts distributing the dangerous links, which expose visitors to possible infection by Trojan horse malware.

 

Meanwhile TweetDeck – which has not issued an update – reiterated its standing advice that users should visit its website for patches. By default, TweetDeck updates are offered automatically following the publication of a security or stability update to the software, on Macs at least. ®

 

Source – The Register

Wireshark 1.4.0 is Released

wireshark Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

The following features are new (or have been significantly updated) since version 1.2:

  • The packet list internals have been rewritten and are now more efficient.
  • Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header.
  • Preliminary Python scripting support has been added.
  • Many memory leaks have been fixed.
  • Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems.
  • Packets can now be ignored (excluded from dissection), similar to the way they can be marked.
  • Manual IP address resolution is now supported.
  • Columns with seconds can now be displayed as hours, minutes and seconds.
  • You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater.
  • TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now.
  • Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater.
  • You can play RTP streams directly from the RTP Analysis window.
  • Capinfos and editcap now respectively support time order checking and forcing.
  • Wireshark now has a “jump to timestamp” command-line option.
  • You can open JPEG files directly in Wireshark.

You can download the latest version from The Security Pubs Toolbox.

Are You Disclosing Personal Information on Social Network Sites?

socialnetworksites Social networking users should be careful when accepting friend requests and to be conscious of the data they share. According to a new study by BitDefender, social network users do not appear to be preoccupied with the real identity of the people they meet online or about the details they disclose while chatting with total strangers.

The study revealed that 94 percent of those asked to “friend” the test profile, an unknown, attractive young woman, accepted the request without knowing who the requester really was. The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.

In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

The study showed:

  • More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security
  • The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent)
  • After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc – information usually requested as answers to password recovery questions
  • Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.

Security Awareness Topic 2 – Social Engineering (1 of 2)

What is Social Engineering?

Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. - Wikipedia

Background

Like fraudsters generally, social engineers take advantage of human gullibility.

blackboard SE Social engineers manipulate people into revealing or allowing access to information assets by taking advantage of psychological traits (i.e., trust). Social engineering attacks play directly on the most vulnerable part of our information security framework: you and me. We are the weakest link in information security’s chain.

In a corporate context, social engineering is a factor in many information security incidents, including (perhaps especially) those perpetrated by insiders. Associates have plenty of opportunities to use social engineering on each other, whether under the guise of casual inquiries or even jokes. An example might be (“Oh go on – I bet your password is something easy to guess like your cat’s name…”). They have the perfect cover story and plenty of opportunities to exploit their co-workers if desired.

Social Engineering Impacts

Social engineering techniques give unauthorized access to information.

‘ [1] Pretext calls’ by internal users can be particularly convincing as they already have access to vast amounts of internal information to build their credibility. They can browse the email address book for telephone numbers and job titles to pick out suitable targets. Picking up the name of sensitive systems and projects is a breeze for insiders as well.

nophishingFinally, we come to the personal impacts of social engineering. Identity theft for instance, is a fact of modern life. Some identity thieves use social engineering methods such as pretexting as part of their repertoire and [2] phishing methods to actively exploit our gullibility though social engineering.

1. Pretext — An effort or strategy to conceal something.

2. Phishing — An attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used.

The Security Pubs Security Awareness Series will continue talking about “Social Engineering” by discussing the risks, threats, and what we can do to help detect and avoid social engineering. So be on the look out next month.