Surfers urged to take Phishing IQ Test

March 8, 2008 – 4:00 PM

A new website has been built to educate British online consumers about the dangers of phishing scams.

The Phishing IQ Test has been set up with faux emails from banks and e-commerce vendors, and users are invited to judge whether they are legitimate or not.

A results page reveals the correct answers and gives detailed information on how to identify a phishing attack.

“Whilst we recognise that phishing has been a US-driven phenomenon, we are increasingly seeing UK-focused scams which use a different kind of language, and by which people in the UK are more easily tricked,” said Vanessa Wade, managing director of email security vendor MailFrontier which set up the site.

“We developed the test specifically for the UK, as English is still the main language being used by phishers. We hope that this test gives people more confidence when deleting, ignoring or reporting cases of phishing in the UK in future.”

Over 300,000 people have viewed the American version of the site since its launch in June last year. A worrying 96 per cent of those people got at least one of the questions wrong.

http://www.vnunet.com/news/1162237

Spam Is All Your Fault, Says Study

March 8, 2008 – 3:59 PM

So says the Radicati Group, which Wednesday released preliminary results of a survey showing that it’s bad behavior on the part of users — us, in other words — driving the spam and virus threat.

And you thought it was spammers and hackers.

“Frankly, it surprised us that users are still responding to [spam], and opening [unsolicited] mail,” said Sarah Radicati, the chief executive of the Palo Alto, Calif.-based market research firm which conduced the online poll.

According to Radicati’s survey, 31 percent of those polled have clicked on embedded links within spam at one time or another.

“Clicking on embedded links helps spammers determine ‘live’ accounts, which encourages repeated spam attacks,” said Radicati. And enterprises can be compromised by a single miscreant. When an active account with a domain is identified, organizations are at greater risk of follow-up directory harvest attacks.

Eighteen percent of users admitted that they’d clicked on the “unsubscribe” link in spam, another behavior that’s exploited by spammers, who then know the address, and perhaps the entire domain, are active and so potential targets for follow-on spam campaigns. Even worse, spammers sell and trade lists with virus writers eager to accumulate bots, so by telling a spammer they’re “live,” users increase their risk of later receiving worms and viruses.

But the most stunning statistic, said Radicati, was the last: more than 10 percent of the respondents have purchased products advertised in spam.

“With the near-zero cost of sending out huge volumes of spam, the fact that more than one in ten users are purchasing products is clearly continuing to drive the economics of spam,” said Radicati.

“Although one person’s spam may be another person’s information,” she said, “it’s clear that education isn’t working. Either the spam product offers are just too good to pass up, or users still have an enormous lack of awareness of the danger of clicking on e-mailed links.”

Companies need to do a much better job, she said, of educating their employees. “They’re not,” Radicati said. “They may say ‘don’t do this’ and ‘never do that,’ but there’s simply not much formal training.”

Our continued bad habits, she said, explains why e-mail security threats — spam, worms, phishing — continue to explode.

“Anti-spam technology routinely achieves 90 percent plus catch-rates, yet no technology in the world can protect an organization if users exercise bad e-mail behavior.”

http://www.securitypipeline.com/159905059

Hackers target browsers to dodge firewalls

March 8, 2008 – 3:58 PM

Hackers are increasingly using attacks that exploit browsers rather than trying to batter through firewalls and other network protection devices, according to security firm Symantec.

Nearly half of the vulnerabilities reported by Symantec in its six-monthly Internet Security Threat Report covering July to December 2004 centre on web applications, and the numbers are rising quickly. Last year such threats accounted for barely a third of all vulnerabilities.

“These web attacks are the wave of the future,” said Olaf Linder, director of Symantec’s security services.

“They allow hackers to go straight through the browser, which is where most people input their data anyway. All the firewall protection for servers will not stop the individual losing their machine.”

Information is till the key target for hackers. Over half of the top 50 malicious codes detected last year were designed to capture personal information, and a third of those on the list were Trojans that would allow remote access to an infected PC.

Malicious code is also moving onto mobile devices with increasing speed. The report recorded 21 separate viruses for mobile devices in the last six months of 2004 and warned that they are becoming increasingly efficient.

The report also highlighted a potentially devastating problem for music companies, in that hackers are working on methods of embedding malware in music files.

http://www.vnunet.com/news/1162073

Controversial Report Finds Windows More Secure than Linux

March 8, 2008 – 3:57 PM

Contrary to popular wisdom, Windows appears to be more secure than a popular version of Linux, according to an upcoming report from two security researchers. The researchers found that Windows Server 2003 actually had fewer security vulnerabilities identified last year than Linux and that the holes in Windows took less time to patch.

But the study is already attracting controversy for its methodology. Linux proponents note that the two systems have different configurations and are not easily comparable since they contain different functionality out of the box.

“A lot of people are under the impression that one platform has more advantages,” said one of the critics, Max Clark, a network consultant with Intercore, a Los Angeles-based consulting firm that provides support for both Windows and Linux systems. “The expertise of the person deploying it is what matters. The default configurations are important, but once you start consolidating software on top of the system, the system is only as secure as what’s running on it.”

The study, which compared Windows Server 2003 to Red Hat Enterprise Linux ES3, was conducted by Dr. Richard Ford, a research professor in the computer sciences department at the Florida Institute of Technology’s College of Engineering, and Dr. Herbert Thompson, director of research and training at Security Innovation, a security technology provider.

Linux advocates criticized the study over allegations that the researchers accepted funding from Microsoft, a criticism also leveled at earlier studies finding Windows security superior to Linux.

The researchers declined to comment on whether Microsoft is funding the current study, saying they will disclose funding sources when the study is published finally. They defended the study, saying they are interested in hearing feedback from others willing to test their research findings to see if they are sound.

http://www.securitypipeline.com/159402994

Epidemic Of Firefox Spyware Infecting Computers Worldwide!

March 8, 2008 – 3:57 PM

Quick! Run for the hills! Firefox spyware is running rampant and infecting every computer in sight!

*sigh*

Sometimes I just want to bang my head on the desk and keep doing it until the desk surrenders unconditionally. If you were to believe several online news sites, there is an epidemic of spyware infecting Internet Explorer by way of Firefox. If you were also to believe that these accounts were written by competant journalists who have checked their facts, you would be wrong on both counts.

The situation to which these people are “reporting” (to use the term loosely) is about a malware installer using Sun’s Java runtime environment. Let me explain what Java is.

Java is similar to Microsoft’s .Net environment. It is a programming language which requires the user to have the “runtime environment” files installed on the computer. It also is similar to the Visual Basic runtime environment. You have to have Windows Scripting Host installed for visual basic files to run. For .Net or Java programs to operate, you have to have the proper files for those programming environments installed.

All current graphical web browsers include support for a Java “plug-in”. What that does is allow small Java programs, or applets, to be run inside of a web browser window. You can do some pretty cool things with java applets. These applets are being run by the Java environment installed on the computer, not by the browser.

Normally, a Java applet runs in a “sandbox”, a protected area of computer memory that cannot interact with the rest of the system. Unlike ActiveX, a Java applet can’t install software without explicit permission because of this sandboxing. If a Java applet tries to access the system outside of its sandbox, a security alert will pop-up warning the user and asking if the user wishes to allow the action.

The Java applet causing the current ruckus installs a number of spyware and adware programs. However, before it can do that, a security prompt pops up. The pop-up is labeled “Warning – Security”. It warns that the “Publisher authenticity can not be verified”, that “the security certficate was issued by a company that is not trusted” and that “the security certificate has expired or is not yet valid”. Under no circumstance does this rogue Java applet install software without the user giving it permission to do that. And to be honest, you’d have to be pretty dense to click “Yes” to such a prompt arriving out of nowhere.

What is truly sad here is that the news sites I mentioned earlier are portraying this as a spyware targeting and infecting the Firefox web browser. These news sites are doing a grave disservice to their readers by misleading them. This is not a problem with Firefox or with any other web browser.

It is Java running this installer. In fact, Java is doing exactly what it was designed to do by popping up the security warning when the installer attempts to bypass the protected sandbox. This is the very reason the sandbox exists, to stop malicious software exactly like this. This is an extra layer of security beyond what you’d see with ActiveX. With ActiveX, you either let it run or not. With Java, you either let it run or not and it also warns you when the Java applet is trying to do something suspicious after it has started to run. Yes, this sandboxing can be bypassed if a flaw exists and is discovered. Be sure you keep your installation of Java up to date because Sun fixes these flaws when they are discovered.

Whether or not this is a problem with Java is debatable. Personally, I don’t see this installer as a problem. It can’t do anything unless the user ignores a very stern security warning. Still, people can debate this all they want.

My frustration with this is that people are calling it a problem with Firefox. That is patently untrue. Every single browser is going to pop up a similar warning when it encounters this particular Java applet. If this had been labeled a problem with all web browsers, it still would be untrue, but at least it would not slander a particular browser. The people publishing this libelous nonsense should be ashamed of themselves and should print a prominent correction.

http://www.spywareinfo.net/mar13,2005#firefox