Last week Twitter announced that they had installed a service that will inspect some of the URLs that are submitted through its systems.  The issue they’re trying to solve is primarily in shortened URLs which hide the destination address.  It’s been used by bad guys to hide malicious destinations.  Dave mentioned this technique a couple weeks ago and gave some great tips on how to avoid the being a victim.  Maybe the Twitter security crew was listening?

In the announcement, Twitter mentions that they’ll focus on direct messages and email notifications about direct messages.  I applaud the effort and hope it’s effective.  I wanted to point this out and give Twitter props for working on the problem.  We’ll have to see how effective it is but it’s great to see an attempt toward progress.

Hopefully we’ll see more news like this from other social media providers.

Before we get started, are you running a Windows operating system with anti-virus software that’s up to date?  No?  Please stop reading this and go get that under control.  If you need AV software, see Dave’s post on FREE AV.  We’ll wait for you

We’ve talked about the current malware trends and I’m sure that’s not a surprise to anyone but I saw a couple reports recently that did surprise me.  Malware is being found in some very odd places.

Symantec researchers discovered malware lurking in software that monitors the charging status on a USB battery charger

Panda labs discovered malware on a new cell phone distributed by Vodaphone. They discovered variants of the mariposa bot and conficker…

It’s not clear how this happened but it’s obvious that the affect of malware is far reaching and can leak into our lives in unlikely ways.  It’s not the first time malware has been discovered in pre-packaged devices.  In 2008 there were reports of malware showing up in digital picture frames.

Message: Be cautious! Make sure you have anti-virus software running and keep it up to date.

Have any interesting virus stories? We want to hear about it.

Which One Are You?

The Attention Whore:
Attention Whores are most commonly found on social networks that allow numerous photo uploads: MySpace, Facebook, Flickr, TwitPic et al. Typically teenage girls (and boys) who have no shame in posing half or fully naked in their messy bedrooms, with pouty lip poses and too much mascara. They will be informed on the next job interview that their likeness appeared on the cover of a GGW video

The Over Sharer:
The Over Sharer has no understanding of “TMI”. Their profiles have far too much personal data: from their cell numbers to their home address to their last bowel movement to links to their family tree on Ancestry.com. In short, everything needed for identity theft! These are people stupid enough to post their personal data over Twitter because, “I only have 16 followers and I know all of them.” The Over Sharer will suffer identity theft twice in one year.

The Snitch:
The Snitch is the company douchebag. He (and it’s usually a he) feels compelled to leak company intel such as layoffs, pitches and new product releases to industry blogs and forums. No one knows what drives this dirtbag to destroy the job security of his coworkers, nor why he does it. There is no fame (tips are anonymous) and no pay. If you’re going to screw your company over, at least have the smarts to get paid for it! This type is easily caught by IT despite the Snitch’s clearing his browser cache. Alas, he forgot to remove his IM logs.

The Plugin Nazi:
“OMG, you must get this plugin!” This type downloads every blog plugin known to mankind, beta or official, tested or not. No review is too unfavorable to dissuade this dolt from installing the latest. Sadly, installing the latest does not include security plugins. They just “don’t make your blog look cool.” The Snitch blames his constant MySQL errors on “the hackers” when it’s more likely just incompatible plugins.

The “Spook”:
The Spook is not really in any sort of intel group, nor has s/he ever worked for any government agencies requiring any sort of clearance. But the Spook wants you to believe s/he has top security clearance. In fact, the Spook cannot resist letting you know that they know something you don’t know, but they can’t tell you why or how they know what they know. You know? Spooks are basically liars that can rapidly be exposed by anyone really in the industry with a few standard questions. Eventually, the Spook will lie on the wrong forum and get taken out by the real spooks.

The Skeptic:
The Skeptic is the sort of person who basically never worries about security. Nothing bad can ever happen to them: their password is secure and besides: they have a great security question! No one knows their dog’s name. Except their friends on Dogster. And maybe their 973 Facebook friends. But besides that, no one knows. The Skeptic will be the sole person in their hometown made an example of by the RIAA for downloading one song illegally.

The Forwarder:
The aunt or mother who forwards you every chain letter email, every reforwarded joke , every “wait for it and scroll down” message. The Forwarder has no concept of scams, has never been to Snopes.com and can’t wait to send you the next good luck email that you must respond to in 24 hours, lest you suffer a broken leg and seven year’s bad luck. Worse than this person’s inability to strip out other forwards from an email, is this person’s gullibility. The Forwarder will disappear one day, only to be found dead in Nigeria after looking for the reward from a certain prince they shared an account with.

Which personality type are you?

Wow, busy week for feds and hackers alike!

Mariposa Botnet netted and doused in formaldehyde

UPDATE: New details have emerged about the size and complexity of the Mariposa botnet. Apparently Mariposa dwarfed the attacks from Estonia and Georgia, and contained details on over 800,000 people.

Investigators in Spain shut down the Mariposa botnet, finding out the perps weren’t the sophisticated geniuses they expected.

“They’re not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime,” said Cesar Lorenza, a captain with Spain’s Guardia Civil.

Blippy = TMI

For the life of me, I cannot figure out why anyone would use this service. Blippy allows you to post your purchases—in real time—to credit cards, ecommerce sites, etc., publicly and let your friends like or comment on your purchases. Seriously. Dancho Danchev’s post, Does Blippy really pose a security risk? is a must-read wake-up call for anyone using or planning to use this service. Hint: Don’t. Even Web Celebs like Leo LaPorte post rather sizable purchases on Blippy, making question whether or not he realizes what a target he is making himself into.

Botnets are ruining your inbox

Good lord. As if Mariposa wasn’t causing enough mischief, two other botnets, Grum and Rustock are accounting for nearly half of all spam, most of it Canadian pharma scams.

iPhones users targeted for scams

This scam is pretty ingenious in an evil way. According to the MarkMonitor blog,

“This recent attack also stands out because it utilizes some advanced technologies and suggests possible directions of future cybercriminal activity. First, the attack uses server-side logic that hides the phishing site unless it is accessed through the browser produced by the smartphone company. Second, the attack uses additional protective technology in the form of a fast-flux network, which hides the phishing site behind a dynamic network of ever-changing proxies. These two smart technologies demonstrate how cybercriminals continue to focus their efforts on making their attacks targeted, stealthy, and resilient.”

Choosy hackers choose PDF

According to a recent report of more than a trillion Web requests, PDFs were responsible for a staggering 80% of all exploits targeted at Adobe Reader vulnerabilities. The report (ironically itself a PDF) mentions that Flash-based attacks actually dipped from 40% to 18% in Q4 2009 while malicious PDFs rose from 56% to 80%.

More stories tomorrow. Lots going on! What do you think of Blippy? Too much info? Let us know!

Something Dave and I have been talking about a lot is trust.  This is an old topic that is coming into sharper focus as the years go on.  In simple terms, a trusted environment is one in which other members can be assumed to be who and what they appear to be:  that email from your Mom’s Facebook account, is legit, right?  The problem is that the Internet is not a trusted environment and requires validation.  How far we validate and require people to authenticate depends on the amount of risk we want to accept.  Reading a text based email from a long lost friend is probably ok but opening an attachment … probably not.

I’ve been reading some great work by Daniel Solove about the history of some of the issues we’re experiencing on the Internet.  (Props to David Mortman for making me aware of this guy)  Solove talks at length about how some social dynamics are distorted on the Internet in ways they aren’t in the physical world.  An ill-advised comment on Twitter could haunt you forEVER!

When we started using the Internet it was an insulated place and although true authentication was difficult, there were so few people using it, a phishing email would have seemed absurd.  Many people who are using the Web today, see it in terms of social media;  the friendly screens of Facebook or Twitter.  This is a confusing mix of real world friends and family and typical Internet ‘friends’.  Though even our relationships with some of these remote acquaintances is that of close friends.  Seen through the lens of Davezilla (click image for larger, downloadable version):

Part of the problem is that we’ve lost the healthy fear we once had of the Internet.  One of the results is that bad things are becoming more frequent.  Symantec’s Threat Report tells part of the story:  Between 2002 and 2008, new malware reported each year is exploding.

To be clear:  I think the benefits of all of the technology far outweigh the problems.  We just need to make sure we’re following some basic rules for this bad neighborhood.  We’ll never be able to eliminate all of the risks of using the Internet.  But you can reduce it to a manageable level making it much less likely that you’ll have problems.

Commonsense Media has a some great resources for Internet safety.

What are your thoughts about how we should be approaching this issue?