Mobile Malware
Reports have surfaced this week indicating that Samsung’s S8500 Wave handsets were shipped with a malware-infected microSD card. Reportedly, some German models of this device are affected. Once the device is connected to the computer, it automatically installs a Trojan using a file called “slmvsrv.exe.”

While this is an example of a mobile device being shipped with malware, there are ways that attackers can utilize different functionality to distribute their malware. For instance, the Multimedia Message Service (MMS) can be used as a vector for sending malware to unsuspecting victims. Many mobile phones and PDAs available today are capable of communicating via Bluetooth, a protocol designed for short range communication between electronic devices. Simple social engineering attacks have effectively convinced Bluetooth users to pair their devices with complete strangers, giving them unrestricted access to data on the victim’s phone. Additionally, many modern mobile phones and PDAs now run robust, feature-rich operating systems and offer the same or similar applications as PCs. Individuals increasingly use them to store personal data and conduct financial transactions which gives attackers more incentive to find and exploit vulnerabilities in the software.

Several major security vendors now provide security applications and anti-virus software for mobile users. Cellular service providers also offer some protection to their customers automatically by scanning for specific types of malicious code as data traverses the network. Bluetooth should be disabled while not in use and should never respond to unsolicited connection attempts. Although the level of mobile attacks is currently relatively low, it is still important for organizations to be aware of the potential threat.
http://www.engadget.com/2010/06/02/samsung-wave-shipping-with-infected-microsd-card/
http://www.f-secure.com/weblog/archives/00001959.html

http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx

2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
Microsoft Windows is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MPEG Layer-3 audio codecs when handling malicious files. The vulnerable MPEG Layer-3 audio codecs are the MPEG Layer-3 Audio Codec for Microsoft DirectShow. Successful exploitation of this issue would provide an attacker with complete control over the endpoint target. The use of malicious media files like images and movies has been prevalent in the past years.

http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx

Adobe Reader and Acrobat Security Update
Adobe has addressed multiple critical vulnerabilities affecting Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. The most severe of these issues could allow a remote attacker to execute arbitrary code on a vulnerable system. Refer to the “Solution” section of the Adobe Security Bulletin for information on remediating these issues.
http://www.adobe.com/support/security/bulletins/apsb10-09.html

Microsoft April 2010 Security Release
Microsoft released eleven security bulletins today. There are five rated Critical, five rated Important and one rated Moderate. We encourage our customers to apply the patches and IBM product coverage where applicable. Please, review the break-down below.
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

Microsoft Maximum Severity Rating: Critical
Microsoft Security Bulletin MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Vulnerabilities in Windows Authenticode Verification could allow a remote attacker execute arbitrary code on a vulnerable system.
CVE-2010-0486
CVE-2010-0487
http://www.microsoft.com/technet/security/bulletin/ms10-019.mspx

Microsoft Security Bulletin MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Multiple vulnerabilities affecting Microsoft Windows could allow remote code execution. Successful exploitation can occur if an attacker can convince a user to initiate an SMB connection to a specially crafted SMB server.
CVE-2009-3676
CVE-2010-0269
CVE-2010-0270
CVE-2010-0476
CVE-2010-0477
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx

Microsoft Security Bulletin MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
A remote code execution vulnerability affects Windows Media Services running on Microsoft Windows 2000 Server. The Windows Media Unicast Service fails to properly handle specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default.
CVE-2010-0478
http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx

Microsoft Security Bulletin MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx

Microsoft Security Bulletin MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
The Windows Media Player ActiveX control is affected by a remote code execution vulnerability.
CVE-2010-0268
http://www.microsoft.com/technet/security/bulletin/ms10-027.mspx

Microsoft Maximum Severity Rating: Important
Microsoft Security Bulletin MS10-021: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
This bulletin addresses two vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege. In order to exploit these vulnerabilities, an attacker must have valid logon credentials and be able to log on locally.
CVE-2010-0236
CVE-2010-0237
http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx

Microsoft Security Bulletin MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
A vulnerability affecting VBScript on Microsoft Windows could allow remote code execution. This vulnerability requires user interaction and cannot be exploited on Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
CVE-2010-0483
http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx

Microsoft Security Bulletin MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Microsoft Office Publisher is vulnerable to a remote code execution issue. An attacker could exploit this issue by creating a specially crafted Publisher file and sending it in an email or hosting it on a Web site.
CVE-2010-0479; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx

Microsoft Security Bulletin MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
1. Denial of Service Conditions in Microsoft Exchange and Microsoft SMTP Service
http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx

Microsoft Security Bulletin MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Vulnerabilities in Microsoft Office Visio could allow remote code execution if a user opens a specially crafted Visio file.
CVE-2010-0254; IBM Product Coverage: CompoundFile_Shellcode_Detected
CVE-2010-0256; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx

Microsoft Maximum Severity Rating: Moderate
Microsoft Security Bulletin MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
A spoofing vulnerability exists in the Microsoft Windows IPv6 stack which could allow an attacker to impersonate an address to bypass edge or host firewalls. CVE-2010-0812
http://www.microsoft.com/technet/security/bulletin/ms10-029.mspx

http://www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb

Pay attention to what you post and upload. Social networking is public.

• Consider images, videos, and information you publish
• You shouldn’t publish your address, date of birth, etc.
• Use a nick-name that only your friends know.

Choose your friends with care.

• Do not accept friend requests from people you do not know
• Verify all your contacts

Protect your work and environment and avoid reputation risk

• When joining a social networking site use your personal e-mail address
• Be careful how you portray your company online
• Do not mix your business contacts with your friend contacts

Protect your mobile phone and the information saved on it from any physical intrusion

• Do not let anyone see your profile or personal information without consent
• Do not leave your phone unattended
• Do not save your passwords on your mobile phone
• Use the security features available on your mobile phone

Turn off Location Aware Services

• Twitter, Google Buzz, Foursquare and new Smart-phones will publish your location when you post an announcement. Letting the entire world know you aren’t home. See the website http://pleaserobme.com/
• Instead of using a GPS to mark your home location, have your GPS set home to a familiar landmark near your home, such as a corner store. If a thief breaks into your car, not only do they know you aren’t home, but they will have access to your garage door opener and turn by turn directions to your front door.

When Planning Vacation

• Do not post dates and times you will be away, rather write posts as a journal of events that have happened so it’s a surprise that you were gone for a period of time.

Please see the following flowchart for procedures on anti-phishing for email.

A hacker found a personal email account. Similar to the Sarah Palin Yahoo! account hack, the hacker researched social networking sites to find the answers to the “secret question” required to reset the account’s password. In going through the emails in the account, the hacker apparently found the password used for Twitter which was linked to Google.

Therefore, when you are asked secret questions while setting up an account, do not use your mother’s maiden name when asked for your mother’s maiden name. Use nicknames for your mother’s maiden name or question if you really need to have that account created.

The safety of our information at work requires us all to have separate passwords from those in our personal lives. If you have separate passwords for your MySpace and your Online Banking, then great! If your logon to Yahoo! email and your work account are different, then congratulations! You are practicing safe computing!

Identity Theft – Protect Yourselves
Here is a list of ways you can stop identity theft from happening to you:

• Destroy private records and statements. Tear up — or, if you prefer, shred — credit card statements, solicitations and other documents that contain private financial information.
• Secure your mail. Empty your mailbox quickly, lock it or get a P.O. box so criminals do not have a chance to snatch credit card pitches. Never mail outgoing bill payments and checks from home. They can be stolen from your mailbox and the payee’s name erased with solvents. Mail them from the post office or another secure location.
• Safeguard your social security number. Never carry your card with you, or any other card that may have your number, like a health insurance card. And do not put your number on your checks. It’s the primary target for identity thieves because it gives them access to your credit report and bank accounts.
• Don’t leave a paper trail. Never leave ATM, credit card or gas station receipts behind.
• Never let your credit card out of your sight. Worried about credit card skimming? Always keep an eye on your card or, when that’s not possible, pay with cash.
• Know who you’re dealing with. Whenever anyone contacts you asking for private identity or financial information, make no response other than to find out who they are, what company they represent and the reason for the call. If you think the request is legitimate, contact the company yourself and confirm what you were told before revealing any of your personal data.
• Take your name off the marketers’ hit lists. In addition to the national Do-Not-Call registry (1-888-382-1222), you can also cut down on junk mail and opt out of credit card solicitations.
• Be more defensive with personal information. Ask salespeople and others if information such as a Social Security or driver license number is absolutely necessary. Ask anyone who does require your Social Security number — for instance, your insurance company — what their privacy policy is and whether you can arrange for the organization not to share your information with anyone else.
• Monitor your credit report. Obtain and thoroughly review your credit report, now available for free at Annualcreditreport.com or by calling (877) 322-8228, at least once a year to look for suspicious activity. If you spot something, alert your card company or the creditor immediately. You may also want to subscribe to a credit protection service, like Experian’s CreditCheck, which alerts you any time a change takes place with your credit report.
• Review your credit card statements carefully. Make sure you recognize the merchants, locations and purchases listed before paying the bill. If you don’t need or use department-store or bank-issued credit cards, consider closing the accounts.

Some good news … Albert Gonzalez, the Miami man who stole and resold 170 million cards and ATM numbers, has pleaded guilty and is awaiting sentencing in March.

Increases in Phishing Attacks
Identity theft is expected to increase again this year. With the bad economy in 2009 came a huge reduction in the workforce. Many of those who were unemployed invested in starting online businesses to make ends meet. These unskilled “webmasters” may have great ideas, but many are uneducated in privacy and security leaving identifiable information out there for criminal minds with access to the Internet. Names, addresses, phone numbers, notes on prospective clients all are jumping off points for spear phishing attacks.

There were many phishing attacks against financial institutions in 2009, about a 600-percent increase over phishing attacks in 2008. Spear phishing is becoming more popular as hackers target businesses where an attacker can access business accounts and initiate money transfers via wires or ACH to steal large sums of money at once or over time.

Information Security to businesses means protecting information about business’ customers, finances, new products or face lost business, law suits and even bankruptcy.

Information Security to individuals usually relates to privacy which can be viewed differently by culture.

How do businesses keep secure? How do individuals keep secure? The answer for each question is defined by how much their information is valued or cherished.

From a business perspective, and this depends on where the business is located, there are some things that are identified by the Government that the business must hold securely and for how long. I’ll definitely get into this later.

From an individual perspective, this really depends on level of income and ethics. A homeless person probably doesn’t care if his or her identity is stolen, or if someone is using their social security number. Nor does a famous movie star who is plastered over every source of media. I would find it hard to walk into a Jaguar dealership and claim I’m a famous movie star. Even if I had all their personal information.