| Update: Travelers alert concerning fake update alert popups |
[May. 14th, 2012|02:25 pm] |
Recently the IC3 released an advisory containing sparse detail that travelers abroad are being infected via fake update alerts for unnamed products that were being delivered over compromised hotel connections. I wrote a speculative article about this, and wanted to provide some clearer detail about what appears to be happening.
First: It does not appear that the "real" update mechanisms for any of the likely products are compromised. I still can't recommend you do *any* updates while traveling. Do them before, or after. Besides, who want's to download a large update over what is typically a slow connection at that overseas hotel?
Second: Through either captive portal DNS, or via Javascript injection delivered by the compromised guest connection, these popups are being delivered primarily through the browser - just like "normal" malware popups. I speculate that there may also be a class of these threats that try to take advantage of unpatched systems -- just like the ones you see from compromised websites or from clicking the wrong spam email link.
More . . .
http://networkdefend.blogspot.com/2012/05/update-travelers-alert-concerning-fake.html |
|
|
| Add system updates to your travel preparation list |
[May. 9th, 2012|11:30 pm] |
It's come to this, a problem that I first thought of several years ago (that blog is dead or I would link it) has finally come to pass.
Updates for certain common plugins are being spoofed on guest connections at hotels, airports and probably other Wi-Fi hotspots. And you should not assume it's just Wi-Fi, it could also be an Ethernet cable connection in the hotel room, or at the guest services room at the conference center.
Travelers to (for now*) undisclosed foreign countries have become victims to malware being presented in a popup window that claims to be a well known and frequently updated plugin. I would guess Adobe Flash, could also be Adobe Reader or Oracle Java.
It's become serious enough that the IC3 and the FBI have posted a travelers advisory about the issue.
Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections
Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.
Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.
* I'm going to extrapolate into the future a bit: It's only a matter of time before this a) spreads to the US and b) expands to include Windows Updates and other popular updates.
What should you do to protect yourself?
Remembering that it's become vitally important to stay patched for all MS products, Adobe products and Java - and that you should be as current in your updates as possible, it may be better to delay patches if they come out during your travel.
Better yet, add system maintenance to your list of things to complete just before you depart for your trip! Do it from a trusted Internet connection: home or work.
And a short reminder of the top four items to check at least monthly:
1) Microsoft Updates: released every second Tuesday of each month.
2) Adobe PDF and Flash updates at www.adobe.com: no set release schedule, but check monthly. (I do this for manual patched systems on the same day I deploy MS patches.)
3) Java (now from Oracle) at www.java.com.
4) Firefox (if you are a fan).
And during the trip? From now on: IGNORE update reminders when connected to a guest Internet service.
|
|
|
| Happy Obligation Day |
[Feb. 14th, 2012|10:15 am] |
[smirk]
I really want to link something, but it's very NSFW.
Google Obligation Day and Oglaf.
You have been warned.
On a safer note: Prisoners Dilemma aka Valentine over thinking.
http://xkcd.com/1016/ |
|
|
| Spam has brought me back |
[Feb. 4th, 2012|05:30 pm] |
I've been away a while I know.
This week I suddenly got a ton of emails from LJ notifying me of new comments on very old posts on this site.
All spam.
Is there anyway to change old posts to "no comment" all at once? Or do I need to go through them all to change that setting manually. Ugh.
On a brighter note, if you wondered if I am still alive -- I am! :) |
|
|
| Bio-malware opens exploit in human defense system - no patch pending |
[Jul. 11th, 2011|02:30 pm] |
Sometimes the news articles I read inspire a flash of futuristic vision.
Excerpt from http://www.msnbc.msn.com/id/43689581/ns/health-sexual_health/
For several years, public health officials have been concerned that gonorrhea, one of the most prevalent STDs in the world, might become resistant to the last widely available antibiotics used to treat it, a class of drugs called cephalosporins.
Now, it has.
Really this is just a repeat event: we've seen this before as certain strains of disease evolve into resistant super-infections.
What makes my brain tingle with . . . fear? Computer malware is morphing so quickly that our global network is starting to resemble our biological interconnectedness. We have infections, and counter-agents to those infections. The complexity of this interaction is quickly becoming so dense that it's hard not to imagine the hypothetical awaking of the Internet won't be when all the smart servers start communicating behind our backs, but when the billions of agents begin to link to one another in unpredictable ways beyond our control.
Then the question may become: who's really in charge here?
. |
|
|
| National Academies Press Makes All PDF Books Free to Download |
[Jun. 5th, 2011|10:27 pm] |
From http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=06022011
The National Academies Press Makes All PDF Books Free to Download;
More Than 4,000 Titles Now Available Free to All Readers
WASHINGTON -- As of today (June 2, 2011) all PDF versions of books published by the National Academies Press will be downloadable to anyone free of charge. This includes a current catalog of more than 4,000 books plus future reports produced by the Press. The mission of the National Academies Press (NAP) -- publisher for the National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council -- is to disseminate the institutions' content as widely as possible while maintaining financial sustainability. To that end, NAP began offering free content online in 1994. Before today’s announcement, all PDFs were free to download in developing countries, and 65 percent of them were available for free to any user.
"Our business model has evolved so that it is now financially viable to put this content out to the entire world for free," said Barbara Kline Pope, executive director for the National Academies Press. "This is a wonderful opportunity to make a positive impact by more effectively sharing our knowledge and analyses."
Based on the performance of NAP’s current free PDFs, projections suggest that this change will enhance dissemination of PDF reports from about 700,000 downloads per year to more than 3 million by 2013.
Printed books will continue to be available for purchase through the NAP website and traditional channels. The free PDFs are available exclusively from the NAP’s website, http://www.nap.edu/, and remain subject to copyright laws. PDF versions exist for the vast majority of NAP books. Exceptions include some books that were published before the advent of PDFs; books from the Joseph Henry Press imprint; and in cases where contractually prohibited, such as reference books in the Nutrient Requirements of Domestic Animals series.
I think my reading list just got . . . much longer. |
|
|
| Back at that EULA |
[May. 6th, 2011|08:57 pm] |
Within the EULA of Google Calendar Synch:
11. ADVERTISEMENTS
Some Google services are supported by advertising revenue and may display advertisements and promotions on the service . . . As consideration for your use of Google services, you agree . . . that Google shall not be responsible or liable for any loss or damage of any sort incurred by you as a result of the presence of such advertisers on Google services . . .
Here is my user rights assertion:
Okay fine. Then you will permit me to block any and all advertisement banners and/or links using ad blocking technology to protect my system from potential infection or damage that might be incurred when a rogue malware laden ad is served - which you so conveniently have given yourself the so-called right to deliver to me while at the same time absolving yourself from any responsibility.
All too often third party banner rotators deliver malware to end-users via "trusted" web sites.
(Firefox plus AdSubtract and NoScript rocks by the way.) |
|
|
| navigation |
| [ |
viewing |
| |
most recent entries |
] |
| [ |
go |
| |
earlier |
] |
| |
|
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=91.6){kind=small}
netdef's journal