Spyware, viruses, & security forum: NEWS - December 21, 2012

From SANS ISC:

Earlier in the week we've mentioned that people should be on the lookout for "fake" charities trying to exploit the Sandy Hook tragedy. About 150 or so domains have been registered that are "suspect" and about a dozen I can safely say are fraudulent. Some basic steps we already know about how to deal with this:

• Only deal with charities that are already known to you (i.e. the Red Cross) or that you have a personal relationship (your church or church-related organization, local civic group, etc).
• Don't donate to charities simply by clicking on an e-mail; affirmatively go to website to donate directly.
• Always be sure to check for real contact information, if you don't see anything, don't donate.

That said, let's say you find a website and you want to "verify" whether it is suspect or not. There are several things you can do. Advance warning, this is US-centric mostly because I don't know "charity" laws in other countries, if someone would like to clue me in how to do similar in other countries, feel free to contact me directly.

• Check the domain registration using WHOIS. One online WHOIS tool is here. If it is a "private registration", it is suspect and move along.
• Check with the IRS whether the organization is, in fact, tax exempt. Their lookup tool is here. If the website doesn't have an organization name, it's suspect. If they are talking to you, try to get their tax ID (or FEIN) number. Ask for a copy of their IRS Form 990 (which they are required to disclose). Many states also require charities to register themselves and you can search those filings online as well.
• Check with Guidestar which is sort of a Consumer Reports / Better Business Bureau for charities.

Continued : https://isc.sans.edu/diary.html?storyid=14737

.. extension

The end of one year and the beginning of another strikes a lot of people as the perfect moment to change something in their life and start with the proverbial clean slate. This need to change something - anything - has seemingly not gone unnoticed by cyber scammers.

In the last few days, Facebook users have been hit by two malicious offers to change how they and others see their Facebook accounts.

First there was the offer of seeing how Facebook will supposedly look in 2013, and then the well-known "Change your Facebook color theme" scheme that is trotted out every few months.

The lure in this last scheme is always the same, but what it requires users to do changes according to occasion - sometimes the cyber crooks want users to use a bogus app that will be able to post spam on their behalf, other times it leads to phishing pages.

Continued : http://www.net-security.org/secworld.php?id=14157

Bed Edelman and Wesley Brandi:

"Twenty oft-found Commission Junction and LinkShare affiliate violations"

Our automation continuously scours the web for rogue affiliates. In our query tool, we provide a basic sense of how much we've found. We have also written up scores of sample rogue affiliates, but the holiday season provides an impetus for more: Thanks to high online spending, affiliate fraud at this time of year is particularly profitable for perpetrators -- and particularly costly to merchants.

Below, we report the ten Commission Junction affiliates and ten LinkShare affiliates most often seen by our automation. We focus on affiliates whose conduct violates the plain language of networks' posted terms and conditions, specifically spyware and adware, cookie-stuffing, and typosquatting. Click an affiliate summary for details about the violation, a packet log showing the network traffic that performs the violation, and, for many affiliates, screenshot or video confirmation.

Continued : http://www.benedelman.org/affiliate-top10/

The U.S. Federal Communications Commission is advising smartphone users on how to protect their mobile devices and data from mobile security threats.

The Commission released an online tool called the "Smartphone Security Checker" on Tuesday that outlines a 10-step action plan that mobile users can follow to prevent their personal data from being exposed in case their devices get infected with malware or are lost, stolen or resold.

The tool provides recommendations including: locking access to the phone with PINs or passwords; avoiding changing the phone's factory security settings or rooting/jailbreaking the phone; backing up the phone data regularly in the cloud, on a computer or on a removable memory card; installing apps only from trusted sources and after checking their user reviews; reviewing and understanding the permissions requested by applications before installing them; installing the firmware updates issued by the manufacturer; installing security apps that allow remote locking and wiping of the phone; avoiding connecting to the Internet from untrusted wireless hotspots; wiping data from the phones before reselling; donating or recycling devices; and reporting stolen devices to the authorities and the operator for inclusion in a national database of stolen smartphones.

Continued : http://www.computerworld.com/s/article/9234928/FCC_offers_security_advice_to_smartphone_users

.. can hack it

Attacking strong crypto may soon become a script kiddie exercise. [Screenshot]

Cracking PGP, TrueCrypt, and other strong encryption packages just got more affordable, with the release of a $300 package that can pluck decryption keys out of computer memory in certain cases.

Thursday's release of the Elcomsoft Forensic Disk Decryptor poses the biggest threat to people who leave their pre-OS X 7.2 Mac laptops or FireWire-equipped PCs in hibernate or sleep states while encrypted drives are mounted. It has long been possible to use the FireWire or Mac Thunderbolt interfaces to retrieve the contents of volatile memory on machines that are password-protected but not powered down. But until now, it has cost closer to $1,000 for an easy and reliable way to use that data against people using strong full-disk encryption programs.

Continued : http://arstechnica.com/security/2012/12/cheap-app-cracks-pgp/

Also: World's Most Used Encryption Technologies, Cracked in No Time with $299 Forensics Tool