Esteemed military bank, USAA was recently targeted by an email phishing scam. Thankfully, USAA has an incredible security team, who discovered it and warned their members before anything happened. Details of the email can be found on their site.

Last week Twitter announced that they had installed a service that will inspect some of the URLs that are submitted through its systems.  The issue they’re trying to solve is primarily in shortened URLs which hide the destination address.  It’s been used by bad guys to hide malicious destinations.  Dave mentioned this technique a couple weeks ago and gave some great tips on how to avoid the being a victim.  Maybe the Twitter security crew was listening?

In the announcement, Twitter mentions that they’ll focus on direct messages and email notifications about direct messages.  I applaud the effort and hope it’s effective.  I wanted to point this out and give Twitter props for working on the problem.  We’ll have to see how effective it is but it’s great to see an attempt toward progress.

Hopefully we’ll see more news like this from other social media providers.

Before we get started, are you running a Windows operating system with anti-virus software that’s up to date?  No?  Please stop reading this and go get that under control.  If you need AV software, see Dave’s post on FREE AV.  We’ll wait for you

We’ve talked about the current malware trends and I’m sure that’s not a surprise to anyone but I saw a couple reports recently that did surprise me.  Malware is being found in some very odd places.

Symantec researchers discovered malware lurking in software that monitors the charging status on a USB battery charger

Panda labs discovered malware on a new cell phone distributed by Vodaphone. They discovered variants of the mariposa bot and conficker…

It’s not clear how this happened but it’s obvious that the affect of malware is far reaching and can leak into our lives in unlikely ways.  It’s not the first time malware has been discovered in pre-packaged devices.  In 2008 there were reports of malware showing up in digital picture frames.

Message: Be cautious! Make sure you have anti-virus software running and keep it up to date.

Have any interesting virus stories? We want to hear about it.

Something Dave and I have been talking about a lot is trust.  This is an old topic that is coming into sharper focus as the years go on.  In simple terms, a trusted environment is one in which other members can be assumed to be who and what they appear to be:  that email from your Mom’s Facebook account, is legit, right?  The problem is that the Internet is not a trusted environment and requires validation.  How far we validate and require people to authenticate depends on the amount of risk we want to accept.  Reading a text based email from a long lost friend is probably ok but opening an attachment … probably not.

I’ve been reading some great work by Daniel Solove about the history of some of the issues we’re experiencing on the Internet.  (Props to David Mortman for making me aware of this guy)  Solove talks at length about how some social dynamics are distorted on the Internet in ways they aren’t in the physical world.  An ill-advised comment on Twitter could haunt you forEVER!

When we started using the Internet it was an insulated place and although true authentication was difficult, there were so few people using it, a phishing email would have seemed absurd.  Many people who are using the Web today, see it in terms of social media;  the friendly screens of Facebook or Twitter.  This is a confusing mix of real world friends and family and typical Internet ‘friends’.  Though even our relationships with some of these remote acquaintances is that of close friends.  Seen through the lens of Davezilla (click image for larger, downloadable version):

Part of the problem is that we’ve lost the healthy fear we once had of the Internet.  One of the results is that bad things are becoming more frequent.  Symantec’s Threat Report tells part of the story:  Between 2002 and 2008, new malware reported each year is exploding.

To be clear:  I think the benefits of all of the technology far outweigh the problems.  We just need to make sure we’re following some basic rules for this bad neighborhood.  We’ll never be able to eliminate all of the risks of using the Internet.  But you can reduce it to a manageable level making it much less likely that you’ll have problems.

Commonsense Media has a some great resources for Internet safety.

What are your thoughts about how we should be approaching this issue?

I’ve recently been noticing a lot of complaints from my facebook friends about the changes to the Facebook User Interface (UI). Along with the UI changes, Facebook has also changed their privacy policy over the last 6 months. What’s happening is that people are getting confused by the changes and assuming that the privacy and security settings are also changing. Added to this, Facebook is being used to distribute malware through their messaging system. This is a very bad combination.  

This morning I read an open letter to facebook on Computerworld that describes Facebook being used to distribute fake anti-virus pop ups to distribute malware by bad guys. I hadn’t seen this activity yet. If you have, I’d love to hear about it. I hope Facebook responds to these issues and is able to turn things around.  It’s an incredible resource and it’s a shame to see it falling into these practices. 

What do you think about Facebook’s security and privacy practices? Is it really that bad?