Social networks might be transforming from friendly, “where everybody knows your name”-type places into playgrounds for malware authors and spammers. New data from Sophos shows that there has been a significant increase in the number of attacks against social networks’ users, at least. Spam, Malware Become More Common On Social Networks Sophos recently talked to individuals representing about 500 organizations, and according to a formal statement, “57% of users report they have been spammed via social networking sites, a rise of 70.6% from last year.” Also, “36% reveal they have been sent malware via social networking sites, a rise of 69.8% from last year.” Obviously, that isn’t good, and since people can let down their guards while using social networks, could be quite bad. So which social network is the worst in terms of spam and malware? Interestingly, 60 percent of respondents identified Facebook as the biggest security risk. But that may be due more to issues of market share (the most popular place is the most popular target) and familiarity (people don’t visit many social networks other than Facebook) than any huge flaws. Regardless, the data serves as a good reminder for people to stay on their toes while using Facebook, Twitter, LinkedIn, and the like.

See original here: 
Spam, Malware Become More Common On Social Networks

Another security scare spread through the Twitter community this morning. Emails sent by Twitter advising members to reset their passwords created a bit of a stir, as account lockouts were occurring simultaneously and people were concerned that the messages had come from phishers. Twitter Affected By Phishing Scare The emails stated in part, “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser.” Of course, as it turns out, the emails were legitimate, and the links led people to the official Twitter site. So the bit about the phishing attack occurring off-Twitter should comfort everyone who was anxious about the situation. Still, it’s understandable that the mention of phishers put a lot of folks on high alert. Furthermore, the word “Twitter” wasn’t capitalized in the subject line of the official email, and typographical slipups of that nature often act as red flags. Anyway, Twitter wants everyone to know that only a small number of accounts were affected, and that its @help and @spam accounts are useful resources under conditions like these. Twitter provided the standard tips about password strength, too.

Original post:
Twitter Affected By Phishing Scare

The Infineon SLE 66 CL PE chip can be found in a lot of products, including smart cards, the Xbox 360, and normal computers. It’s a good chip, too, with lots of security measures in place. But it could perhaps use a few more, as a researcher has figured out how to compromise it. Infineon Chip’s Weakness Discovered Christopher Tarnovsky, who works for Flylogic Engineering, employed electron microscopy to achieve the feat. Tim Wilson reports, “Using a painstaking process of analyzing the chip, Tarnovsky was able to identify the core and create a ‘bridge map’ that enabled the bypass of its complex web of defenses, which is set up to disable the chip if tampering occurs.” Then, “After creating the map, he used ultra-small needles to tap into the data bus - without disturbing the protective mesh - and essentially ‘read’ all of the chip’s stored data, including encryption keys and unique manufacturing information.” Obviously, this isn’t a quick, easy, or inexpensive procedure. It took Tarnovsky about nine months to perfect his approach, and electron microscopes don’t exactly litter the floor of the average hacker’s house (new units often sell for at least $70,000). It looks like Infineon either has some work to do or some admissions to make, though.

More here: 
Infineon Chip’s Weakness Discovered

Fair warning: this isn’t yet official, and the original whispers about it didn’t come from anyone who’s willing to be named. Still, a report’s indicated that Google and the National Security Agency are prepared to work together for the sake of online security. Google, NSA May Team Up The Washington Post’s Ellen Nakashima wrote this morning, “[T]he National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter.” She then continued, “The objective is to better defend Google - and its users - from future attack.” In theory, this would benefit everyone. The NSA is of course an expert on matters pertaining to espionage and communications, so the organization’s insights could be valuable. Both Google and the average individual (to say nothing of Chinese dissidents) stand to lose a lot when information is compromised by hackers. At the same time, the deal that’s under discussion supposedly wouldn’t give the NSA access to any data that could compromise individuals’ privacy, so people who are worried about the U.S. government’s interest in their activities would be covered. It should be interesting to see what happens. Google’s got something of a reputation for not cooperating with government agencies, and altering that pattern could have a negative effect on public opinion and its market share. Or other search engines might lose if people feel they’re not making enough of an effort on the security front. Unfortunately, Nakashima wasn’t able to provide a timeframe regarding when something will be announced. “[T]he deal is taking weeks to hammer out,” she reported, and at this point in time, it “is still being finalized.”

View original here: 
Google, NSA May Team Up

Around 4,600 Firefox users who followed the rules in terms of acquiring add-ons (meaning not getting them from all over the ‘Net) may still have picked up some malware. Mozilla admitted today that two add-ons available through the official Add-on for Firefox page came with unwelcome companions. Firefox Add-Ons Caught With Malware Master Filer and Version 4.0 of Sothink Web Video Downloader contained Trojan code aimed at Windows users, according to a post on the Mozilla Add-ons Blogs . It explained, “If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system.” Another troubling fact is that the add-ons were available for a very long time (Mozilla cited download numbers from 2008 and 2009 in addition to this year). Fortunately, a relatively large number of antivirus programs can detect the malware. Antiy-AVL, Avast, AVG, GData, Ikarus, K7AntiVirus, McAfee, Norman, and VBA32 products have all proven capable of sniffing it out. Also, as of now, Mozilla’s using three scanners to inspect add-ons that are uploaded to its site. Just one was in place when Master Filer and Sothink Web Video Downloader 4.0 were introduced.

See original here: 
Firefox Add-Ons Caught With Malware

StopBadware, an anti-malware effort started at Harvard University’s Berkman Center for Internet and Society, has announced it has begun operating as a standalone non-profit organization. StopBadware Goes Independent Google, PayPal, and Mozilla have committed the initial funding to support the launch of StopBadware, Inc. StopBadware began four years ago as a Berkman center project aimed at engaging the Internet community in fighting software such as viruses or spyware that disregard a user’s choice about how their computer or network connection will be used. StopBadware works with its network of organizations and individual volunteers to collect and analyze data, to build community momentum for fighting badware. “If we want to put an end to badware-or even put a dent in it-we have to change the attitudes and behaviors of individuals, organizations, and governments,” said Maxim Weinstein, StopBadware’s executive director. “That’s no small task, but we know progress is possible by combining the creativity and passion of our BadwareBusters.org community members with the hard facts derived from our Badware Website Clearinghouse.” The decision to spin StopBadware off from the Berkman Center was made in recognition of the effort’s evolution from research project to mission-driven organization. “There is still much to do. Badware remains a growing problem, but in the past few years, there’s also been a growing sense that this is a problem we-the Internet community-can and should work together to address. StopBadware is committed to making that happen,” said Weinstein.

Originally posted here: 
StopBadware Goes Independent