The Security Pub

Random Thoughts About Security

Category Archives: Featured

Video Game Phishing

US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service.  In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE.  Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.

Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.

US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:

 

Apple Lied: Filed Patent for Mobile Device Tracking

Apple’s claim that the geolocation tracking of its customers via a stealth file maintained in devices running the iOS operating system are, well, “patently” false.

The stealth iOS file records geolocation information derived from triangulating the location of a device using the signals from the closest cell phone transmission towers and Wi-Fi access points. The data is continuously collected and recorded regardless of whether the user has chosen to disable location services features on their mobile device.

Apple released a statement earlier this week that claims the data collection is caused by a software bug that will be remediated in a soon to be issued update to the iOS. Apple admitted that the information was being sent to the company, but they maintain that they are unable to trace the data a particular phone or user.

Apple CEO Steve Jobs even stated directly that “We don’t track anyone. The info circulating around is false.”

Reports have now surfaced that demonstrate these assurances are false.

Apple filed for a patent in September of 2009 titled “Location Histories for Location Aware Devices” with the intent to develop services based around the company’s ability to locate and track mobile devices running the iOS operating system.

 

Check out the full article here at InfoSec Island

Sony Admits PlayStation Network Compromised

 

 

Sony has confirmed that a data breach was the cause for the PSN outage. In a vague letter to customers, the gaming giant warned that 70 million users’ personal information was compromised. In addition, it fears credit card details were also included in the loss.

On April 17, an unknown number of PSN and Qriocity accounts were compromised. As a result, Sony shut things down in an attempt to mitigate the situation, allowing it time to correct underlying issues and launch a full investigation. Initially, the service outage was blamed on Anonymous, considering the group’s past actions against the Japanese electronics giant.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained,” Sony’s letter explained [click here for the full letter].


 

 

Government To Issue Terror Alerts On Facebook

The U.S. Department of Homeland Security will begin issuing terror alerts via Facebook and Twitter starting the end of this month.
Color-coded alerts will be a thing of the past, and instead of five different warning levels, only two will remain — elevated and imminent — and the public will only hear about them some of the time.

These changes would all go into effect by April 27, according to the Associated Press.

To read more about this click here.

Facebook Scam – Facebook is Closing All Accounts Today

There is yet another viral scam being spread across Facebook by a rogue application, tricking users into believing that Facebook is closing all accounts today.

Many Facebook users have found that their profiles have been updated with a message which reads:

 

 

 

Facebook is closing all accounts today. They can’t handle so many accounts. Most of the old accounts are not active, so they are deleting everything. If you want your account alive please confirm your activity. This is the final notice! [LINK]

They may also see a message reading:

Final Notice – Confirm your activity today!
In order to keep your account alive you must verify your activity!
Your account will be permanently disabled if you don’t take this step.

The sad thing is that there are many Facebook users who can be fooled by a cunning piece of social engineering like this, as their addiction to the world’s most popular social network outweighs their skepticism about Facebook killing off accounts.

If you think you may have clicked on a link for a rouge application, check out my post on securing facebook profile.

Fake Facebook Application that Steals Login Information

Yet another fake application that is stealing Facebook users’ login credentials has recently been discovered by Symantec researchers.

This application lures in users with videos titled “Tornado Randomly Appears During Soccer Game” or “Video: This is the best April Fools’ prank ever!”, when the user clicks on the message an automatic download of a script that logs the user out of Facebook and then displays an Error message inviting him to log in in order to continue:

For more information regarding this “Fake” Facebook application click here.

Report: NSA Looks Into NASDAQ Hack

The National Security Agency, the top U.S. electronic intelligence service, has joined a probe of the October cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion by hackers was more severe than first disclosed, according to people familiar with the investigation.

The involvement of the NSA, which uses some of the world’s most powerful computers for electronic surveillance and decryption, may help the initial investigators — Nasdaq and the FBI — determine more easily who attacked and what was taken. It may also show the attack endangered the security of the nation’s financial infrastructure.

“By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” said Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, now at the Washington offices of the law firm Cooley LLP.

Check out the entire article – Bloomberg