Jun 12 2013

Why you should care about your digital privacy?

Category: Information Privacy,Information SecurityDISC @ 4:25 pm
English: Infographic on how Social Media are b...

English: Infographic on how Social Media are being used, and how everything is changed by them. (Photo credit: Wikipedia)

Surveillance Countermeasures

When we use internet browser for a web search, social media site, communication (skype), buy something from a site, we are leaving digital tracks all over the internet. Your service provider of the above services have access to this information because they are collecting  this treasure trove to identify and figure out what you like and don’t like so they can serve you appropriate ads and services accordingly. Most importantly they want to know that what you may buy or do next on the internet.

Well now we know that our government is utilizing that data as well from these providers to figure out if you may have some ties with the bad elements out there. To elaborate a bit at this point, for example, if a bad guy call you and left a message on you voice mail, you are presumed guilty by association and you and your friends may come under heavy surveillance after this incident.  So far all this collection and analysis of data has been done without your knowledge and permission.

As Mark Zukerberg said that Facebook only provide information which is required by law. Well in this case the law (PRISM) wants everything without warrant. By using social media we create a treasure trove of data, which can be analyzed to figure out patterns, one may deduce what that person may do next. You may want to remember that when you post next time on a social media.

Tags: Business, facebook, Internet Marketing, PRISM, Social media, Social network, Twitter, YouTube


Jan 11 2011

Biggest mobile malware threat

Category: Malware,Smart Phone,Web 2.0DISC @ 2:39 pm
Image representing Facebook as depicted in Cru...
Image via CrunchBase

Facebook is biggest mobile malware threat, says security firm
Researcher claims bad links on Facebook responsible for much higher infection rate that targeted mobile malware

By Joan Goodchild -CSO

The biggest mobile infection threat isn’t malware that specifically targets mobile devices, according to new research from security firm BitDefender. Malware that targets Facebook is a far bigger problem for mobile security, the firm claims.

Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs.

BitDefender officials point to Google statistics, which reveal almost one quarter of Facebook users who fell for a recent scam on the social network did so from their mobile device. The URL that was studied was one that claimed to show users a girl’s Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme.

“When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source — the social network,” said George Petre, BitDefender Threat Intelligence Team Leader.

Mobile Malware Attacks and Defense

The Truth About Facebook – Privacy Settings Every Facebook User Should Know, and Much More – The Facts You Should Know

Tags: facebook, Google, Koobface, Malware, Mobile device, Mobile operating system, Social network, Uniform Resource Locator


Dec 14 2009

Viruses That Leave Victims Red in the Facebook

Category: MalwareDISC @ 3:21 pm

5 Ways to Cultivate an Active Social Network
Image by Intersection Consulting via Flickr

By BRAD STONE – NYTimes.com

It used to be that computer viruses attacked only your hard drive. Now they attack your dignity.

Malicious programs are rampaging through Web sites like Facebook and Twitter, spreading themselves by taking over people’s accounts and sending out messages to all of their friends and followers. The result is that people are inadvertently telling their co-workers and loved ones how to raise their I.Q.’s or make money instantly, or urging them to watch an awesome new video in which they star.

“I wonder what people are thinking of me right now?” said Matt Marquess, an employee at a public relations firm in San Francisco whose Twitter account was recently hijacked, showering his followers with messages that appeared to offer a $500 gift card to Victoria’s Secret.

Mr. Marquess was clueless about the offers until a professional acquaintance asked him about them via e-mail. Confused, he logged in to his account and noticed he had been promoting lingerie for five days.

“No one had said anything to me,” he said. “I thought, how long have I been Twittering about underwear?”

The humiliation sown by these attacks is just collateral damage. In most cases, the perpetrators are hoping to profit from the referral fees they get for directing people to sketchy e-commerce sites.

In other words, even the crooks are on social networks now — because millions of tightly connected potential victims are just waiting for them there.

Often the victims lose control of their accounts after clicking on a link “sent” by a friend. In other cases, the bad guys apparently scan for accounts with easily guessable passwords. (Mr. Marquess gamely concedes that his password at the time was “abc123.”)

After discovering their accounts have been seized, victims typically renounce the unauthorized messages publicly, apologizing for inadvertently bombarding their friends. These messages — one might call them Tweets of shame — convey a distinct mix of guilt, regret and embarrassment.

“I have been hacked; taking evasive maneuvers. Much apology, my friends,” wrote Rocky Barbanica, a producer for Rackspace Hosting, an Internet storage firm, in one such note.

Mr. Barbanica sent that out last month after realizing he had sent messages to 250 Twitter followers with a link and the sentence, “Are you in this picture?” If they clicked, their Twitter accounts were similarly commandeered.

“I took it personally, which I shouldn’t have, but that’s the natural feeling. It’s insulting,” he said.

Earlier malicious programs could also cause a similar measure of embarrassment if they spread themselves through a person’s e-mail address book.

But those messages, traveling from computer to computer, were more likely to be stopped by antivirus or firewall software. On the Web, such measures offer little protection. (Although they are popularly referred to as viruses or worms, the new forms of Web-based malicious programs do not technically fall into those categories, as they are not self-contained programs.)

Getting tangled up in a virus on a social network is also more painfully, and instantaneously, public. “Once it’s delivered to everyone in three seconds, the cat is out of the bag,” said Chet Wisniewski of Sophos, a Web security firm. “When people got viruses on their computers, or fell for scams at home, they were generally the only ones that knew about it and they cleaned it up themselves. It wasn’t broadcast to the whole world.”

Social networks have become prime targets of such programs’ creators for good reason, security experts say. People implicitly trust the messages they receive from friends, and are inclined to overlook the fact that, say, their cousin from Ohio is extremely unlikely to have caught them on a hidden webcam.

Sophos says that 21 percent of Web users report that they have been a target of malicious programs on social networks. Kaspersky Labs, a Russian security firm, says that on some days, one in 500 links on Twitter point to bad sites that can infect an inadequately protected computer with typical viruses that jam hard drives. Kaspersky says many more links are purely spam, frequently leading to dating sites that pay referral fees for traffic.

A worm that spread around Facebook recently featured a photo of a sparsely dressed woman and offered a link to “see more.” Adi Av, a computer developer in Ashkelon, Israel, encountered the image on the Facebook page of a friend he considered to be a reliable source of amusing Internet content.

A couple of clicks later, the image was posted on Mr. Av’s Facebook profile and sent to the “news feed” of his 350 friends.

“It’s an honest mistake,” he said. “The main embarrassment was from the possibility of other people getting into the same trouble from my profile page.”

Others confess to experiencing a more serious discomfiture.

“You feel like a total idiot,” said Jodi Chapman, who last month unwisely clicked on a Twitter message from a fellow vegan, suggesting that she take an online intelligence test.

Ms. Chapman, who sells environmentally friendly gifts with her husband, uses her Twitter account to communicate with thousands of her company’s customers. The hijacking “filled me with a sense of panic,” she said. “I was so worried that I had somehow tainted our company name by asking people to check their I.Q. scores.”

Social networking attacks do not spare the experts. Two weeks ago, Lee Rainie, director of the Pew Internet and American Life Project, a nonprofit research group, accidentally sent messages to dozens of his Twitter followers with a link and the line, “Hi, is this you? LOL.” He said a few people actually clicked.

“I’m worried that people will think I communicate this way,” Mr. Rainie said. “ ‘LOL,’ as my children would tell you, is not the style that I want to engage the world with.”

Tags: Antivirus software, Computer virus, facebook, Google, Kaspersky Lab, Malware, malware 2.0, Online Communities, San Francisco, Security, Social network, Social network service, Spyware, Twitter


Nov 10 2009

Facebook, MySpace users hit by cyber attacks

Category: CybercrimeDISC @ 1:27 am

facebook
Image by sitmonkeysupreme via Flickr

NZ HERALD reported that Facebook users – already being targeted in a malware campaign – are now under threat from a phishing scam.

Security specialists Symantec report that the company’s systems have picked up fake messages that appear to be sent by the social networking service.

Users will receive an email that looks like an official Facebook invite or a password reset confirmation.

If a duped user clicks on the ‘update’ button they will be redirected a fake Facebook site. They will then be asked to enter a password to complete the updating process.

As soon as the unwitting Facebook user does this, their password is in the hands of cybercriminals.

Dodgy subject lines for the phishing emails are: ‘Facebook account update,’ New login system’ or ‘Facebook update tool’.

The malware campaign that is still targeting Facebook is also propagated via email. This time, the message looks like a Facebook notification that the recipient’s password has been reset.

It includes a zip file that, if opened, launches an .exe file, which Symantec’s Security Response centre says is a net nasty called Trojan.Bredolab.

Once a users’ machine is infected by this malware, it secretly dials back to a Russian domain and, Symantec says, “is most likely becoming part of a Bredolab botnet.”

But it isn’t just Facebook that is being lined up by cybercriminals, News Corp’s MySpace is also under attack.

Potentially dangerous email subject lines to look out for are: ‘Myspace Password Reset Confirmation,’ ‘Myspace office on fire’ and ‘Myspace was ruined’.

Symantec believes their will be another attack on MySpace in the next day or two. “We also think that social networking sites with huge user bases are currently being targeted to infect maximum machines or gather passwords for more malicious activities in future,” the security team said in a statement.

It advised users to be extra-careful of suspicious attachments, especially those including password reset requests. Legitimate websites will not send an attachment for resetting a password, it said.

– NZ HERALD STAFF

Reblog this post [with Zemanta]

Tags: botnet, facebook, Malware, MySpace, News Corporation, phishing, Social network, Social network service, trojan, Website


Apr 15 2009

Growing social networks and widening threats

Category: Information Privacy,MalwareDISC @ 2:08 am

Jump on the social media bandwagon
Image by Matt Hamm via Flickr
The worm targeted a social network Twitter with four attacks and created havoc for couple of days. This worm happens to self replicated itself when clicked on but didn’t steal 6 million users personal information.
According to SF chronicle article by Michael Liedtke (Apr. 14 2009, c2) Twitter deleted 10,000 tweets after a worm makes a squirm.

“The worm was intended to promote a Twitter knock off, StalkDaily.com. It displayed unwanted messages on infected Twitter accounts, urging people to visit the website.”

With all the resources of a big company Twitter was unable to quarantine the worm and the only way to get rid of the worm was to delete 10,000 Twitter messages, known tweets. The social network growth is widening the threats and making an inviting target for hackers and scam artist with a treasure trove of personal information. People personal and in some cases private information is up for grab unless we enact policy protections against these scam artists to pursue legal action.

How to clean Twitter worm “StalkDaily” aka “Mikeyy”

Reblog this post [with Zemanta]

Tags: facebook, San Francisco Chronicle, Social network, Twitter


Apr 09 2009

Social networks and revealing anonymous

Category: Information PrivacyDISC @ 3:02 am

Image representing Twitter as depicted in Crun...
Image via CrunchBase

Privacy is a fundamental human right and in US a constitutional right. Advancement in technology are breaking every barrier to our privacy; at this rate individuals will be stripped of their privacy unless we enact policy protections. In this situation we need to define reasonable privacy for a society in general while keeping threats and public safety as a separate issue. Social networks are becoming a repository of sensitive information and usually privacy is anonymize by striping names and addresses. Fake profiles have been created on social network to be anonymous and a user may create multiple profiles with contradictory or fake information.

Arvind Narayanan and Dr. Vitaly Shmatikov from Univ. of Texas at Austin established an algorithm which reversed the anonymous data back into names and addresses.

The algorithm looks at the relationships between all the members of social networks an individual has established. More heavily an anonymous individual is involved in the social media, easier it gets for the algorithm to determine the identity of anonymous individual.

One third of those who are both on Flickr & Twitter can be identified from the completely anonymous Twitter graph, which deduces that anonymity is not enough to keep privacy on social network. The idea of “de-anonym zing” social networks extends beyond Twitter and Flickr. It is equally applicable in other social networks where confidential and medical data can be exposed such as medical records in healthcare.

“If an unethical company were able to de-anonymize the graph using publicly available data, it could engage in abusive marketing aimed at specific individuals. Phishing and spamming also gain from social-network de-anonymization. Using detailed information about the victim gleaned from his or her de-anonymized social-network profile, a phisher or a spammer will be able to craft a highly individualized, believable message”

Now is it reasonable to say that social network wears no clothes?

Personally identifiable information
California Senate Bill 1386 defines “personal information” as follows:
• Social security number.
• Driver’s license number or California Identification Card number.
• Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Names, addresses, email addresses and telephone numbers do not fall under the scope of SB 1386.

HIPAA Privacy defines “Individually identifiable health information” as follows
1. That identifies the individual; or
2. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
The term “reasonable basis” leaves the defining line open to interpretation by case law.

Arvind Narayanan and Dr. Vitaly Shmatikov paper.


Social network privacy video


httpv://www.youtube.com/watch?v=X7gWEgHeXcA

Reblog this post [with Zemanta]

Tags: Anonymity, Flickr, Personally identifiable information, privacy, Security, Social network, Twitter, Vitaly Shmatikov


Mar 20 2009

Web 2.0 and social media business risks

Category: Web 2.0DISC @ 3:01 am

A tag cloud with terms related to Web 2.

Web 2.0 is major force and has numerous business benefits but it is posing companies to potential new risks.
Social networking sites, such as Facebook, LinkedIn and Twitter, have become the preferred method of communication for a whole generation of people and the ability to post “Status Updates” is fast becoming the new Email. Linkedin is adding one user per second and Facebook has reached 150 million users in just five years.

Some of the associated risks which organizations face as a result relate to phishing, harvesting of email addresses and of course the dangers of (relatively) simple social networking, not only to hack the employee’s present organization, say, but to the organization of losing an employee and all their leads because clients follow ‘their man/woman’ to their new job by tracing where they are at through sites such as LinkedIn. Hackers can follow the conversation on social media to identify the user problem or pain point and pretend to offer a solution which happen to be a malware to steal private and confidential data.

And then of course there is the downside of staff using bandwidth and their work time for purposes other than for which they are employed, and possibly preventing others (due to bandwidth/processing restrictions) from doing what they should. Many of these sites openly encourage people to download video clips.

The solution?
Usually the controls in ISO 27002 code of practice can be selected and applied in a manner to address the associated risks through a combination of management and technical policies, but of course this should be as the result of a risk assessment and should balance the three attributes of C, I and A.

Web-20

For clear best practice guidance on how to tackle ‘Threat 2.0’, you should download
Web 2.0: Trends, benefits and risks!




This 112-page best practice report from IT Governance separates the hype from the tangible reality and provides:


1. A workable description of what ‘Web 2.0’ is and what it means, within the business environment, complete with a glossary of Web 2.0 terms.
2. A description of the business benefits to be derived from Web 2.0 technologies, with examples taken from real-life case studies.
3. An identification and discussion of ‘Threat 2.0’ – the information security risks inherent in Web 2.0 technologies, together with latest best-practice recommendations for mitigation.

During financial crisis when companies are cutting budgets. It is imperative that information security will have some budget cut but any drastic budget cut might not be wise. A major security breach might put the organization in irrecoverable situation. In this tough economy security professionals have to do an extraordinary job to sell the security to management and show them how security due diligence can make business safe, successful and compliant.

Do you think the advantages of social media outweigh the potential risks?

Reblog this post [with Zemanta]

Tags: facebook, iso 27002, linkedin, Security, Social network, Social network service, Twitter, Video clip, Web 2.0