Paul's Tech Talk

Facebook Phish : “Look at this!”

PaulMay 1, 2009

Facebook seems to be coming the most widely used Social Website around right now, I went to Alexa to see what it said about how many users go there a day and I find this:

So No wonder there are a lot of people who want to get your personal information. Yesterday there was a new email that was spreading with the Subject “Look at this!” and it points to fbstarter.com. When you go there you will find it looks really like Facebook but your not really at facebook sign in page. They want to use your Facebook account to gather information about your email account, or who your friends with. They also might try doing the old Scam of asking for Money because they are someplace and can’t get home without your help. They could also want to spread a [intlink id=”2249″ type=”post”]virus through your account[/intlink], or [intlink id=”2958″ type=”post”]steal your identity[/intlink].

[ad#cricket-right-ez]At the time of writing this the site is active and looks like Facebook but really isn’t. You should always login in to Facebook the right way by going to:

http://www.Facebook.com

https://www.facebook.com

If you have went to that site and entered your password in there, I know it happens to even Journalists. You can reset your password. This way you can make sure the people behind that site don’t have your password. I do suggest however you start using a more secure password. You should always use both Numbers and letters in your password. Use a different password for each place your signup for. I suggest [intlink id=”2646″ type=”post”]Roboform[/intlink] to better help you protect your password and it helps make up a secure password for you. The nice thing about Roboform is that you don’t have to write down your password on a piece of paper, but you do have to remember to [intlink id=”3171″ type=”post”]backup your passwords[/intlink] from time to time. Facebook is looking to be more and more a targeted for the criminals activity, and you should watch what you do online.

Another Facebook Phishing going on again! (fbaction.net)

PaulApril 29, 2009

(Click image to enlarge it)

[ad#cricket-right-ez]

It looks like site fbaction.net (Don’t go there) is a phishing site for people today. It looks like it would send out an Email with the Title being “hello'” and a link to this website. This is being sent from people friends and should not login to Facebook through this site. Remember the other [intlink id=”3008″ type=”post”]Phishing sites that happen with Facebook[/intlink].

Someone is wanting your password to either spam others or to use it for other nefarious means. For the time being anyone sending your a link should be sent through facebook and you will examine them one at a time. You should not got this site.

Some other things you can do if you have done this is to reset your password. You could also change it manually but you might not be able to use your current password because the Nefarious person has changed the password. This will allow you to change the password without the current password. You should also consider using a good [intlink id=”2646″ type=”post”]Password Manager[/intlink], this will help you identify a fake Facebook site really easily.

If you use a good strong password, one with both Upper and Lowercase with Numbers and symbols, you will have a password that most people will not be able to guess. This will help protect your account from being compromised.

Also with people sending files, it is also recommended that you install some [intlink id=”2205″ type=”page”]free Anti-virus and Free firewalls[/intlink] to help prevent people from sending malware to your computer.

Hijacked Accounts being used to spam

PaulApril 29, 2009

I just read this from Security Fix and Thought I should talk about it some to better help people fix this:

Dear Friend,

New shopping new life!

How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.

Look forward to your early reply!

According to Security, they are advertising the Easylifeing.com domain and have compromised GMAIL and Yahoo Mail. This resembles the ones that happen to some other Accounts. Check [intlink id=”3330″ type=”post”]Yahoo article[/intlink] and the [intlink id=”3233″ type=”post”]Hotmail Article[/intlink] for other example of compromised accounts.

I must keep reminding people that you shouldn’t have a easy password for those account it shouldn’t be anything someone can guess like a name or place or even a word. It should be something with Letters and Number, both lower and higher case. You should also consider not writing it down where people can see it just in case you have visitors. Probably best to use a [intlink id=”2646″ type=”post”]password manager[/intlink] to keep your passwords from prying eyes.

We know that this all comes down to either a dictionary attack or a phishing attack. You can decide which, but I am going to assume it was someone Phishing for your password. If you only use one password for several accounts that can be very dangerous, you should not keep the same password for each account. Just like people phishing for your [intlink id=”2650″ type=”post”]Twitter account[/intlink] or your [intlink id=”3008″ type=”post”]Facebook account[/intlink], if you use one password for all then he has that password for every account.

I can see why spammers are going to be using this heavily in the the coming months to years because these will not be thrown into the spam folder, being that you know the person or persons sending the email. You probably have it set up to not put it in the spam. The more eyes who see this more chance that they will get someone to buy something, and the more people who see it the more money they make.

Your best bet is if you see someone doing something like this you should contact them by phone if possible, or you should email them back and tell them to change there password. This I am sure will be an even harder job for the IT guys because they will have to start monitoring this type of traffic more often then not. Although it isn’t a bad idea to have a[intlink id=”2205″ type=”page”] Free anti-virus or a Free Firewall[/intlink] installed just to be on the safe side.

Adobe PDF Zero Day Warnings : Experts agree

PaulApril 29, 2009

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

F-secure

Graham Cluely’s Blog

Sans Internet Storm

[ad#cricket-right-ez]As you can see this seems to be one of those Adobe problems we had in the past with [intlink id=”2963″ type=”post”]Javascript[/intlink]. They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again. Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails. I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems. This will most likely mean that even Macintoshes could be used to [intlink id=”2173″ type=”post”]create even more botnets[/intlink] and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves. This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some [intlink id=”2205″ type=”page”]free Anti-virus and Free Firewalls[/intlink] to help protect your system from becoming a botnet.

Microsoft sends out KB955430 to get ready for SP2

PaulApril 29, 20093 Replies

This looks like it is to help with some problems with other issues of updates that they have been having. I am unsure of why they are wanting to install this update but it doesn’t look to be harmful. I am betting this is to fix a flaw that has been exploited by the warez community to make them either pay for there copy or go with another OS. For the one fact that this “will enable future updates” and “This update may be required before selected future updates can be installed“.

[ad#cricket-right-ez]I went to KB9555430 support page:

Updates to the Windows Vista and Windows Server 2008 installation software are included in this update. The installation software is the component that handles the installation and the removal of software updates, language packs, optional Windows features, and service packs. This update is necessary to successfully install and to remove Windows Vista SP2 and Windows Server 2008 SP2 on all versions of Windows Vista and Windows Server 2008. This update is not necessary to successfully install the service pack if you install the full file version of the service pack. The full file version of the service pack includes this update.

This is probably to get ready for the Service Pack that they are going to release soon for Vista. So I am guessing this will be required when the Service Pack comes out.