Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....

2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)

3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.

9TH JULY 2012 : R u a Victim?

1. All the fuss about 9th July that says about the risk of "DNSChanger" malware, which will result in your computer getting disconnected from the Web on July 9 if you don't clean it up. You won't be able to go online, and you'll need to contact your service service provider for help getting the malware deleted before you can reconnect to the Internet....strange it may sound...but it is true...even the FBI has given a warning sort at its link here at https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

2.  Just to check if u r a likely victim,McAfee has created a link at www.mcafee.com/dnscheck for you to find out if u r a likely victim or not ? I checked out the same on my PC....it showed the following screen shot.....

3.   Do check out urs....and rectify if need be....

Linkedin Confirms being HACKED

1.    Most of us who surf web regularly do have our identities associated with popular social networking sites...like gmail...orkut...facebook and linkedin etc.So the latest news is that if u have a profile on LInkedin....please change ur password.....the news in brief goes like this....

2.     LinkedIn has confirmed on 6th Jun 12 that at least some passwords have been compromised in a major security breach correspond to LinkedIn accounts. First reported by Norweigan IT website Dagens IT the breach that about 6.5 million encrypted passwords were posted on a Russian hacker site.Thus those most of the users with compromised passwords noticed that their LinkedIn account password are no longer valid.The file uploaded only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data. However, the breach is so serious that security professionals advise people to change their LinkedIn passwords immediately. An SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. If your password is “test_123,” for example, the SHA-1 hex output should always be “ab7a614854d2ef5ee9d9cc30e6f2bdcd19fe49ea.” As we can see that is problematic since if we know the password is hashed with SHA-1, we can quickly uncover some of the more basic passwords that people commonly use.

3.     The most common password used was “123456,” followed by “12345″ and “123456789.” All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt–123456–every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.

4.    Another site offers you to know if ur linkedin username was actually amongs the hacked lot or not.Not sure about how genuine it is...it is available at

http://venturebeat.com/2012/06/07/was-your-linkedin-password-hacked-heres-how-to-find-out/

5.    Thanks http://thehackernews.com/2012/06/linkedin-confirms-millions-of-account.html

Malware in the name of Kim Jong-il death : BEWARE!!!

1.   A "malicious spam mail" in the name of the dead North Korean leader Kim Jong is doing the rounds of the webosphsere and biting anyone whoever clicks it.The malicious spam carries a fake name as "brief_introduction_of_kim_jong_Ill_pdf.pdf". The subject file exploits vulnerabilities in Adobe reader and leads to remote code execution in the victim PC.

2.   The emails contain a simple line of text announcing the death, likely copied and pasted from the CNN website, and carries an attachment named brief_introduction_of_kim-jong-il.pdf.pdf.Once downloaded and executed, the malicious file opens a non-malicious PDF file containing a picture and information about the deceased man in order to hide its true activity on the victims' computer.In other variants of the same theme, the attached file is named Kim_Jong_il_s_death_affects_N._Korea_s_nuclear_programs.doc and, once opened, it drops backdoor-opening malware into the system, which then connects to a remote Command & Control server for further instructions.After this much code execution...its JAI HIND.....

3.  So don't open this one from ur PC if u have read this much.....

4.  Thanks http://www.net-security.org