Friday, July 29, 2011

UK says they are sure they caught the right hacker

 A lot of people are wondering if the UK police have caught the right hacker. However according to a report the UK police are sure they have caught the right person. The article is even reporting that they have no doubts that this is the right person. To be honest I do not know if this is the right guy or not because I do not have enough information. Just to add the Lulzsec twitter has been very silent on the issue. So we shall she how this ends up.

Wednesday, July 27, 2011

Lulzsec hacker possibly arrested? Lulzsec boycotting Paypal?

 It is being reported by Sky news producer via twitter that they have have arrested another Lulzec/Anonymous hackers. According to what is being reported it was Lulzsec member "Topiary" and Sophos did confirm that the user "Topiary" was working with the hacking group in the past. it is also being reported that another 17 year old is being questioned, however he has not yet been arrested.

 In other news LulzSec and Anonymous released a message calling for the boycott of Paypal. A few of the people leading this boycott of Paypal may be related to the denial of service attacks on PayPal late last year. Now this boycott is all over how they treated Wikileaks a while back. According to an Anonymous tweet about 35,000 Paypal accounts have been closed so far. I have no idea if that is true so we will have to wait and see if PayPal comments. I have also seen reports that PayPal has shut down the ability to close accounts online. However the number to call to close down accounts has been tweeted over and over again.

Tuesday, July 26, 2011

Do you monitor your Kids social network use?

 I was going through my twitter feed today when I saw a link talking about kids fooling their parents on social media use. So I took a look at the article and thought I would share some of my thoughts on it plus share some of my thoughts on kids on social media. Please note you don't have to read everything your Child does if you trust them, I just thought I would throw that in there.

 First off I agree with the article saying just friending your child does not mean you know everything your child is doing. You need to make sure you set ground rules of what they do on the social network. First make sure they set their profile on private, the whole world does not see everything they post. Remind them that what they post online can not be simply erased. They can harm chances at jobs later on in life with what they put on social network sites.


 Next make sure you (the parent) are a leader and not a follower. Just because your 12 year old or younger child tells you that all their friends have (insert social networking site here) does not mean they need to break the 13+ TOS and get one. Now this point is a very big deal because a lot of parents go out and help their kids get one then complain when something happens to their privacy. They have 13+ TOS for a reason and you should be an example to them by not bypassing that rule. I strongly disagree with anyone who say's my kids needs social network (name here) because everyone else does.


 I do have some disagreements with the part about kids misusing Google Plus. Because if your kids are misusing Google Plus you have other lie issues to worry about. Why you may ask? Google Plus is an 18 or older social network site. So if they are accessing Google Plus that means they have already went through the steps to get a Google Account which says they are 18 or older. So if you see your kids on Google Plus make sure you talk to them about tells lies to get past TOS of some sites.


 So what do I recommend to do to stay safe on social networks? Here are some tips:


  1.  Make sure you know what social networks your children are on. You are the parents so you have the right to know.
  2. Be a leader and not a follower. Do not let your kids access social networks till they are atleast the right age. No need to set them on path of lies at an early start.
  3. Be involved with your kids social networking. If they get on twitter make yourself a twitter account. If they get a Facebook make yourself a Facebook account

Saturday, July 23, 2011

Scammers targeting those tempted to click on Norway videos

 With the attacks going on in Norway a lot of people are looking for information on what has happened on Facebook and twitter. However spammers and scammers are targeting those people with Facebook scams. Scammers have made posts on twitter saying "Click here to see raw footage of Norway attacks". Its sad they would take advantage of people in this sad situation but it seems like they don't care about these types of attacks. If you try to click the video you will be lead to a site asking you to take a survey the earn the spammer money. If you see anyone posting this I highly recommend you tell them its a scam/spam and not to take the survey. 

Amy Winehouse death video scams on Facebook

 Today Amy Winehouse has been found dead, and scammers are already taking advantage by posting scam/spam posts on Facebook. What are they posting on Facebook you may ask? Here are some of the scams/spam posts going around I have found:

 The Reason Amy Winehouse is Dead see the video: Bad link

 The Amy Winehosue Death Video RELEASED warning: may be upsetting (bad link)

 The links lead to random domains such as this (don't worry that link just leads to WOT) one where you will be asked to take a survey to make the scammers some cash. Watch out for scams like these when events like this happens. If you see this post (or posts like it) on your friends wall warn them that it is a scam.

IGL-Security now a news source on Trove!

  A few months ago The Washington Post launched "Trove" a free personal social news site. On the day it launched I sent a request in to see if I could get IGL-Security blog posts into the news sources. Well I did that and talked to one of the staff for a bit and waited for it to be added. That was a few months ago. Well I was doing some searching of IGL-Security today on some search engines. While I was looking at the results  I see a result leading me to the Trove website. So I log into Trove to see that IGL-Security now has a Trove news channel and is in Troves database of news site. For those of you who have not used Trove before I highly recommend you take a look at it. If you are already on Trove I recommend you follow the IGL-Security channel or even add the IGL-Security blog to one of your channels.

Friday, July 22, 2011

Facebook security gonna shut you down.....not really

 Facebook security sends you a message, they tell you that you have 24 hours to send them your credit card number or else your account will get shut down. What do you do?? Well what you should do is ignore it and do not send them your credit card information. Facebook never asks for your credit card information. How can Facebook verify that it is your if they never had your credit card in the first place. Some have reported these coming from people that sent you add requests in games so remember: Only add people you know to your Facebook friends list.

Should Google allow people under the age of 18 on Google Plus?

  I really enjoy using different social networks, however their is one social network that I really don't like hearing about much and that network is Google Plus. Why do I not like hearing about Google Plus? Its because I can not even access it. Its not that I have not gotten an invite, its because Google has set a 18+ age limit for the social network. Every other part of Google I have ever joined said you only had to be 13+ to join but Google Plus is different. I honestly have not seen a reason of why it has to be 18 or older. Facebook, twitter, about every other popular social network has a 13+ age limit so why does Google Plus need to be 18 or older? Its not that people under the age of 18 can't help test a beta product, I have seen people under that age beta test.

 Now y'all know my views on people under the age of 13 being on Facebook. I agree with that age limit being 13 but I honestly think 18 or older is way to high. However please remember I am not the only one with this view. So below in the comments please share your views. Do you believe people under the age of 18 should be on Google+?

Tuesday, July 19, 2011

Lulzsec to release more stuff hacked from The Sun?

 According to reports on The register they have gained access to a database of emails and they are planning on releasing it today. The Register also has some information on how the hack took place. The Sun now has control back of its site and the site seems to be running stable again. I will keep my eye out to see if they release the emails but so far its not been confirmed that they have them.

 To everyone who has the same password on different sites. Now would be a good time to make sure you don't have the same password on different sites.

Monday, July 18, 2011

The day of returns: LulzSec is back

 Well first we have the return of Rebecca Black with a new song and now we have the return of Lulzsec with a new hack. According to ZDNET they hacked into the Sun Newspaper website redirecting them to articles that say Rupert Murdoch has been found dead. Now for y'all that have not been paying attention to the news Rupert is in the middle of a phone hacking scandal over in the U.K which is most likely what caused them to become a target. Just to add for all you wondering he is not dead and it was a fake story placed by the hackers.

 For those of you who have forgotten who Lulzsec is they are the ones that hacked Sony, and a whole bunch of other places around the net. Eventually they disbanded but now apparently they are back. Now this does not mean they are back for good so time will tell if this was a one time only thing or they are coming back for good. 

Watch out for Rebecca Black spam on Twitter

 So for those of you who have not heard Rebecca black released her new song My Moments on her YouTube channel. Now you are most likely wondering "I am at a computer security blog why am I reading about Rebecca black"? Well the reason is simple, while reading what people are saying about the video on twitter I noticed some spam/scam links being posted so I just wanted to make you all aware to watch out for the spam. If you want to see the video go to her official YouTube channel don't just start clicking links on social networks.

Toshiba US Server Hacked

  It is being reported that Toshiba U.S servers have been hacked and hackers have gotten access to Email Address and passwords of Toshiba customers. No credit cards or social security numbers were on the server according to the report.

  However if your Toshiba password was the same as another one of your accounts passwords I highly recommend you look into changes all the sites that you used the same password. Remember its never a good idea to use the same password on different sites.

Sunday, July 17, 2011

Should I use IE?

 Internet Explorer is one of the most popular web browsers, that is because it comes pre-installed on every Windows machine. However is it safe to be using? ComputerWorld has posted an article on that  very fact and I decided to take a look into what reasons they had. Now some of the points I agree on while others I don't so lets take a look. Now I am not going to go over each point but I will go over a few of them:

 1. You are safer by avoiding software that bad guys target. Mac users benefited from this for years. Windows users can lower their attack surface (be less vulnerable) by avoiding popular software. Internet Explorer is popular, so bad guys exploit known problems with the browser. No thanks. 

 Firefox and Chrome are also both popular tools, so I should stay away from them also? What should I use then? Java is very popular and some games only work in Java so I just have to give up in Java games. While staying away from popular applications can lower your chances I don't see how its possible. However I think you should make sure you keep each program updated.

 2. Microsoft fixes bugs in Internet Explorer on a fixed schedule. But, bugs are not discovered on a schedule which means IE users remain vulnerable to know bugs until the next scheduled bug fix roll-out. Neither Firefox or Chrome, my preferred browsers, are locked into a schedule. 

 Microsoft does not have to release things on a schedule that can't release out of cycle patches.

3. In addition, I get the feeling that Microsoft is just slow in fixing Internet Explorer bugs. The last release of IE patches included a fix to a bug that Microsoft had been told about six months ago. 

 Now you can't tell me every other dev is fast. I have waited a long time for other companies to also fix bugs. You can't place this all on MS.

 8. The most popular operating systems are, I believe, Windows XP, Windows 7 and OS X. Of these, the latest version of Internet Explorer, version 9, runs on only one. Many people use more than one computer and are likely to deal with more than one operating system. Firefox and Chrome provide a cross-platform experience (including Linux) that Internet Explorer does not. 

 Yes but remember Windows XP is a pretty old OS. It was released in 2001 and can not be supported forever.

 9. And, if you use multiple computers, both Firefox and Chrome have built-in features to synchronize bookmarks and more between different instances of the browser. Internet Explorer (at least up to version 8) can't do this. 

  I have yet to meet one person that actually uses this. Yes I am sure somewhere people use it but why is it needed if not everyone is using it. 

  Now lets look into some positive reasons that were not mentioned in the blog post.

  1. SmartScreen protection:

 Lets not forget Microsoft has a pretty good malware protection system built into IE known as SmartScreen. The SmartScreen filter has been known to be pretty good for blocking malware downloads and bad sites.

  2. It works with a majority of sites
  
       Internet Explorer is preinstalled on almost every install of Windows. Which means web devs make sure to take time to check IE compatibility.

 Now I am not trying to turn people away from IE or turn people to IE. Some people I know will only use IE, I honestly prefer Firefox, and then I have friends who will only use Google Chrome. Its all up to the person using the browser their is not really one browser better then another. Some fit other people better.

 You can read the full post here on the Computer World site. Make sure you leave a comment here on the IGL-Security blog with your thoughts.

Saturday, July 16, 2011

Rootkits getting tougher and tougher

 Rootkits are one of the worst types of malware you can get on your machine in my opinion. Rootkits are tough to removes, can damage a machine pretty badly, and are just plain terrible to remove. On the bright side OSes are getting tougher to infect (UAC added protection to Windows OSes) however the rootkits are getting tougher and tougher. The Webroot team did some analysis in the new ZeroAccess rootkit. In fact the ZeroAccess rootkit kills the security software found on the machine it infects. Now my parents machine was infected with an early version of TDSS which killed the security software but it was easy to bypass it to get it back up and running again. However the rootkits are getting tougher to simply bypass and boot time scanners now have to be used in many cases to scan the machine. Even then they are not fool proof and guaranteed to fix the machine.

 So what do I recommend to stay safe from these rootkit threats? First make sure you keep your machine updated. The less amount of vulnerabilities the better. Then make sure keep your security software updated so it can detect the latest threats.

Big wave of who viewed my profile spam hits Facebook

 Another big wave of "Who viewed my profile" posts are going through Facebook. How do I know this? Because I have been watching my blog stats and I have seen a large increase of people looking for information of Can I see who viewed my Facebook profile. So I took a look into whats going through Facebook and found these posts:

 WOW I cant believe that you can see who is viewing your profile!I just saw my top 10 profile peekers and I am SHOCKED from who is viewing my profile!You can also see WHO VIEWED YOUR PROFILE

 Please remember you can not see who is viewing your profile.

Thursday, July 14, 2011

Spotify launches in US, watch out for Spam/Phish posts

 Today Spotify has finally made the move to open up in the USA. That is great for all those looking for a legal (and I recommend all things legal) music service. However since the free version is invite only people had started posting phishing pages in comment sections of articles about Spotify and while I was on twitter I noticed topic spam being posted using the #Spotify hash tag. So as you are all on your hunt for a Spotify invite code (like I was till I finally was able to get one) I highly recommend you look out for scam/spam pages trying to get people looking for codes.

 Also for everyone coming here looking for a code try tweeting saying you are looking for one. Someone may see your tweet and send you a code. That is how I was able to get a code.

Wednesday, July 13, 2011

Watch out for Google+ spam invites on Facebook

 Google+ (Googles popular new Social network, which sadly can't be used by those under 18) is a network that everyone is trying to get into. How as reported by Sophos you need to be on the look out for spam/scam invites to join Google+ spreading around Facebook. As you may have noticed in the Sophos article is showed a photo of a fake fan page that had 80,037 "likes" of people trying to get that invite. Well I was able to find the same page and it had 80,601 "likes" at the moment. That goes to show people are willing to allow random Facebook apps access their account to they can gain access to this invite only social network by Google. If you see this inform them that liking that page will not get them access to Google+

 Also in case you are wondering no I have not tried Google+ yet due to the fact you have to be 18 or older to try out the service. When they remove that restriction I will try it out.

Tuesday, July 12, 2011

Anonymous has released more Gov data

 Once again Anonymous has released more government data, this time 90,000 Military passwords were released. According to them this is part of their AntiSec movement. Hack attacks seem to have really been getting worse recently. With game devs losing data, government sites being knocked off-line, and now government data being released publicly online in a torrent file.

 Once again this is a reminder if you run a web server/web site now would be a good time to recheck for vulnerabilities, just to be on the safe side.  

Monday, July 11, 2011

GM of CO.CC responds to Google about sites being removed

A post on the Google Webmaster Help forum coming from someone claiming to be a GM on the CO.CC service has responded to Google about the removal of CO.CC sites from Google Search results. Now you can read the full post over on the link I just posted but this does lead to some interesting question.

 1. Was it a good idea to remove the CO.CC sites from the search results? In fact Trend Micro researchers have already found that the cyber criminals are already jumping to other services.

2. Should blogspot be deindexed? They made a claim in the post that most Blogspot blogs are low quality content. As I write this on a blogspot blog I am going to have to say I have found many blogspot blogs with information I need. I do not want to see them all deindexed.

Sunday, July 10, 2011

Google Dropping CO.CC from results

 Google is deciding to take a big swing at the Malware/Scammer problem in search results. They have decided to remove all bulk sub-domain services (like co.cc) from results of Google Search. In fact Google has reported that have found 50K malware domains from one bulk providers. In my research I have found co.cc did have a lot of malware domains but I guess people out there were using it for clean reasons. If you were using a bulk provider for your domain I would recommend looking into another .(something) domain for your site if you want to stay on Google results.


 -Source: Google Online Security Blog: Protecting users from malware hosted on bulk subdomain services

Always check the URL

  A friend was receiving spam URLs the other day from a hacked friend and he gave me the URL that was being submitted. Now I don't have the URL in front of me any more but from some basic research it seemed to be a AOL Phish. Now some of you may be wondering: "Why does he think that?"

 1. The domain was aol(something).cz instead of the real true AOL home page.

 2. It was being spread via a hacked/malware infected machine
 
 So I would just like to remind y'all to make sure you double check what URL you really are at before you go and start typing user ID information on some site with nothing related to where you are trying to go.

Friday, July 8, 2011

Big "Whoa my profile was viewed.." spam wave hitting Facebok.

 A large wave of "how many profile views" spam posts are going through Facebook at the moment. It is spreading the following message:

 WOAH! my profile was viewed (random number) times JUST TODAY, and I can see that I have quite a few stalkers LOL! Find out yours here (bad link)


 They are spreading using a large number of app names so I am not going to take the time to list a large amount of 100% random names. Once again I would like to remind you that no app can tell you who is viewing your profile. I highly recommend you ignore any messages you see about it.

Computer Security Guide: Backup tools

 Its never a good idea to put all your eggs in one basket, that saying also goes towards computer security setups. You should not rely on one product to be able to detect all malware that you may find attacking your machine. A lot of tools to to backup your AV are out there but only so many are good. So here are some tools I thought you would like to help extend your computer security setup.

 Malwarebytes is one of the most popular on-demand scanners. A lot of people use it to remove malware.

 SuperAntiSpyware is a great tool for removing malware traces and cleaning up your machine.

  HitManPro lets you use a couple of different antivirus engines to check for malware on your machine.

 Panda Security Toolbar helps prevent your computer from loading malware filled urls.

 I always recommend you keep programs to extend your protection of your computer installed on your machine in case you run into the need for them.

Tuesday, July 5, 2011

PayPal UK twitter account hacked

 It seems sites are not the only target of hackers now. Today Paypals twitter account was hacked. As the site was hacked it was posting messages trying to send them to an Anti-Paypal site dedicated to exposing Paypal.

 That means we have had two popular twitter accounts (fox news and now PayPal UK) hacked. If your company is running social pages then make sure you take the same steps to secure then as you would your own companies. Twitter accounts and other social media accounts should be treated as if they are part of your own site with steps taken to protect them. Which means using a strong password and making sure only the people who need access to it have the password.

Monday, July 4, 2011

Apple being targeted in hacker attacks

 It seems hackers have now set their sites on Apple Inc. Anonymous (the group that is picking up now that Lulzsec has disbanded) has posted a small amount of data from an Apple server according to a report. This just goes to show although we have had a slow down the past few days of number of sites hacked they are not done hacking.

 We all will have to wait and see how Apple responds and if this was going to be the only Apple Hack or more or on the way. Anonymous did say this was just something simple and that they had their eyes set elsewhere but if that will be true is the question.

Fox News Twitter Account hacked

 Hacks, Hacks, and more hacks. It seems that is the only thing I write about anymore. Now the Fox News twitter account was hacked by a new hacking group. Also just in case you were wondering that hack has nothing to do with LulzSec but according to the hacking group that does have to do with that AntiSec hacks that Lulzsec was talking about.

 What other hacks that they will preform in the future is unknown but as I here about them I will blog about them. Also Happy 4th of July everyone!