| 

Google, Yahoo, Skype targeted in attack linked to Iran

  • Post author: Omid Farhang
  • Post published: March 24, 2011
  • Reading Time: 4 min
  • Word Count: 832 words

Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances. ...

Continue Reading Google, Yahoo, Skype targeted in attack linked to Iran

Data loss at Play.com

  • Post author: Omid Farhang
  • Post published: March 23, 2011
  • Reading Time: 3 min
  • Word Count: 475 words

Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised. Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities. Here is one of the messages that was sent out to customers by Play.com: ...

Continue Reading Data loss at Play.com

Don’t Lie to Me, Angelina!

  • Post author: Omid Farhang
  • Post published: December 15, 2010
  • Reading Time: 2 min
  • Word Count: 376 words

Earlier this year I received a Facebook invite in my Yahoo! Mail account from none other than Angelina Jolie herself. I kid you not. While it’s true that we live in the Digital Age where communicating with anyone is a mere tap of a finger away—whether it’s via email, IM, Facebook, Twitter, etc.—the chances that Ms. Jolie would randomly reach out to a regular Joe, such as myself, is still pretty darn improbable. So, the following questions raced through my mind: ...

Continue Reading Don’t Lie to Me, Angelina!

Spam Carrying WikiLeaks Worm

  • Post author: Omid Farhang
  • Post published: December 7, 2010
  • Reading Time: 2 min
  • Word Count: 226 words

Symantec Connect: WikiLeaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users’ computers. Symantec is observing a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat. The spam email has subject line “IRAN Nuclear BOMB!” and spoofed headers. The “From” header purports to originate from WikiLeaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs WikiLeaks.jar which has a downloader ‘WikiLeaks.class’ file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat. ...

Continue Reading Spam Carrying WikiLeaks Worm

Looks familiar? Yes! From Alureon!

  • Post author: Omid Farhang
  • Post published: December 7, 2010
  • Reading Time: 2 min
  • Word Count: 291 words

It’s a normal day to us. We receive a new Bamital virus sample report from a customer, and we provide an analysis. Suddenly, something interesting bursts into my eyes: What’s your thought on this code fragment? At the first glance, this piece of code looks like a non-malicious call to manipulate the Windows Printer SubSystem. But if you’ve analyzed Alureon before, it may look familiar to you. Yes, Alureon also takes advantage of the Windows Print Subsystem to install its payload. ...

Continue Reading Looks familiar? Yes! From Alureon!

Malicious Goo.gl Links Spreading on Twitter [WARNING]

  • Post author: Omid Farhang
  • Post published: December 7, 2010
  • Reading Time: 1 min
  • Word Count: 154 words

Mashable: A large number of messages containing only the link “goo.gl/R7f68” has appeared on Twitter today, redirecting the users to various malware-laden sites. The messages are mostly coming from disposable accounts, but they also appear on some accounts that appear to be genuine, which indicates that there’s a worm spreading and sending the messages from infected accounts. Furthermore, all of the messages containing the link are sent from the mobile version of Twitter. ...

Continue Reading Malicious Goo.gl Links Spreading on Twitter [WARNING]

Proxy services take novel approach to privacy

  • Post author: Omid Farhang
  • Post published: December 6, 2010
  • Reading Time: 1 min
  • Word Count: 144 words

You’ve locked down your computer. Nothing is going to bypass your privacy shielding programs. AdBlock is fully loaded, NoScript is ready to roll and RefControl is sending “Party on, Wayne” as your custom referrer to all and sundry. However, you really want to hide your IP address too and decide to load up one of the many web-based proxy services available. Something humorous I’ve noticed across many web-based proxies recently is that they’re jumping on a marketing strategy that might be slightly at odds with their attempts at privacy for the end-user. In order to keep your private details private, you have to _fill in a survey and hand over a bunch of information to third party marketers. _ Type in a URL, hit the “Go” button on the proxy and you’ll see one of these: ...

Continue Reading Proxy services take novel approach to privacy

This isn't a video, it's a phish

  • Post author: Omid Farhang
  • Post published: December 6, 2010
  • Reading Time: 1 min
  • Word Count: 74 words

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things. ...

Continue Reading This isn't a video, it's a phish

Facebook adds “new profiles”

  • Post author: Omid Farhang
  • Post published: December 6, 2010
  • Reading Time: 1 min
  • Word Count: 156 words

Avira TechBlog: Facebook offers a “new profile” feature that many users adopt very fast. It is possible to mark the best friends and family and show them more prominently with their pictures. Also, it accumulates information like the uers’ work places, where they are living and so on. Even projects and co-workers can be shown now. This may be a useful addition for many users. But it should be used with care; in the end, this feature gives Facebook a deeper insight and more valuable data. Before marking family members, friends and colleagues more prominently in the own profile, users should ask for permission. ...

Continue Reading Facebook adds “new profiles”

Stuxnet and WikiLeaks – What do they have in common?

  • Post author: Omid Farhang
  • Post published: December 4, 2010
  • Reading Time: 2 min
  • Word Count: 254 words

At first glance, two recent security stories, the Stuxnet attack on Iran’s nuclear industry and the WikiLeaks breach of US State Department communications, don’t seem to have much in common, but they do. They are united by a vector, a method of transmission and that vector is removable media. I am sure that the Iranians felt pretty secure with air-gapped systems, but like a spark from the burning house next door that finds its way into your shingles, the right USB found its way into the right PC and then suddenly all those uranium enrichment centrifuges running at 807-1210 hz started to act funny and fail in unexpected and reportedly fairly energetic ways (you can see some pics of failed centrifuges here http://web.mit.edu/charliew/www/centrifuge.html and here http://www.chem.purdue.edu/chemsafety/NewsAndStories/CentrifugeDamages.htm). ...

Continue Reading Stuxnet and WikiLeaks – What do they have in common?