Security

Has your Gmail been compromised?

Do you have Gmail?

“Last account activity: 5 hours ago on this computer. Details.”

How often do you check if your account has been intruded?

You should do so often! These are links I got my information:

But I don’t go to bad sites or give out my password so I don’t have to worry!

What? Are you seriously that naive? I have a good password and good security and even I, a few days ago, found this in mine:

Unknown    China (119.39.21.154)    Jan 17 (3 days ago)

http://i.imgur.com/CaBGx.jpg

As you can see it is first accessed through one IP (66.212.31.35) through a browser and then sold to someone else (someone in China (119.39.21.154) who bought the info) who checked it through a browser as well to make sure he could access it, and then accessed it on his own (shown by Gmail highlighting it in dark red) through some “unknown” means.

Actually I am assuming that is what happened as I have no hacking experience what so ever.

So what can be done once you find out someone has accessed your account????

Well you first scan your computer to make sure it doesn’t have a Trojan or key-logger on it giving out your login information. You scan first because if you are infected with those then no matter what you change your login information to they will know it.

And then what? What if it is clean?

Then you access through a clean computer and change your Password AND your Security Question. Make it unique and one that has NOT been used on ANY other sites!

Is that all?

Next I went through my emails looking for any information they could use (such as log ins or emails from sites verifying my log ins) and changed my password and security question with all other sites. I didn’t wait for any other intrusions or invasion of my privacy!

Here is more reading that will help you:

How to recover a Hacked or Compromised Gmail Account
By The “C” Man and Brett Carver

http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info:  http://www.google.com/help/security/
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments:  http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70

And even more reading (originally found posted by the same guy (bkc56) at https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en):

Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password.  Never follow a link that doesn’t go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380

Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.

Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154

Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
- Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095

Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).

Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of malware type scanners is good too.
- Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760

Password guessing
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Server attack
* When someone compromises a company’s server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.

Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.

Am I actually supposed to read all that?

Yeah I know it is long but trust me, you will wish you had read them after you find out your account has been accessed without your permission. The indented parts are quotes of some of the links I checked out myself. Very informative information by The “C” Man and Brett Carver! The rest of the info I found doing Google Searches and the links to those are listed at the top of the blog. Just be glad I did this searching for you! Or else it would take you longer than just reading this!

- K

Has your Gmail been compromised? :  http://wp.me/pQWLB-2v

January 21, 2011 | Categories: Security | 6 Comments »

Symantec warns of new Cutwail URL tactics

Symantec warns of new Cutwail URL tactics

Today, 11:30 am

V3.co.uk Shaun Nichols in San Francisco

Retail spammers are using new URL shortening to fool existing security systems, say researchers.

Security vendor Symantec has spotted a new round of spam emails believed to be connected to the Cutwail botnet.

Researchers say that the messages attempt to thwart security protections by combining a number of free hosting sites with link-shortening services and JavaScript coding tricks.

According to Symantec Hosted Services senior software engineer Nicholas Johnston, the spam operation begins by directing the user to a link which has been concealed by the use of a URL-shortening service.

Upon clicking on the link, the user is directed from the URL-shortening service to a site created through a free hosting site. Within the free hosting site is specially crafted JavaScript code which redirects the user to yet another site which hosts the actual retail page.

Further complicating matters, the JavaScript code on the page has been obfuscated in an attempt to hide the code from security researchers.

The company said the sites all advertise holiday shopping and gift ideas.

URL shorteners have emerged of late as a favourite tool for spammers to hide the addresses of their pages from users and security protections. Specially crafted and obfuscated JavaScript has also been a favourite technique among cyber criminals.

This latest attack, however, combines the two techniques to add an additional layer of insulation between the spammer and the actual spam email.

“Redirecting users in this way shows that spammers are going to considerable lengths to hide the addresses of their actual spam sites, and actively trying to make detection by anti-spam companies more difficult,” said Johnston.

Originally posted: http://uk.news.yahoo.com/16/20101213/ttc-symantec-warns-of-new-cutwail-url-ta-6315470.html

http://yhoo.it/e21nBf

December 13, 2010 | Categories: Security | Tags: | Leave A Comment »

Beware of URL Shortener Links and where they take you

Be wary of any Shortened webpage link

Scammers use url shorteners just like bloggers do … to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.

The redirection happens as quick as a flash and will not be noticed by the caller.

For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don’t question it and follow the link out of curiosity. But you don’t expect where it is taking you and wish you never followed that link!

Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as “Long Url Please

Bit.ly is different though when it comes to security!

There is one I came across. Bit.ly actually does have warnings! Check this out: http://bit.ly/cgBT8e brings you to this warnings page:
https://bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to http://5z8.info/cockdock.gif_z7g9w_openme.exe

(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to http://safeweb.norton.com/ and is safe)

Also Bit.ly tells us on their blog (http://blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
https://addons.mozilla.org/en-US/firefox/addon/10297/

And if you add a + at the end of any bit.ly url you will get more info on where it will take you.

Continue reading about this here:

http://kasha.freeforums.org/be-wary-of-any-shortened-webpage-link-t14.html

 

There is also a write up about url shorteners / redirecters here:
“How to Avoid Being Caught by Bad Tiny URLs”
http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

What is the issue, why is it a problem, and what can we do about it?

Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.

So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.

When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.

Sounds good so far, right?

The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.

A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.

Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.

You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.

To continue reading the rest go to http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

December 13, 2010 | Categories: Security | Tags: | Leave A Comment »

Don’t Fall For Facebook Profile Scam

This is very important as I know Facebook is VERY popular and used by a lot of people who are NOT net savvy.

Because of this I wanted to share this here that was posted on consumeraffairs.com.

Don’t Fall For Facebook Profile Scam

Despite scammers’ claim you can’t see who has accessed your profile

Mark Huffman
ConsumerAffairs.com

October 12, 2010

Most people are curious about who might be curious about them. So when they log onto their Facebook account and see a new tool that will reveal who has accessed their profile, it might be tempting to click on it.

Big mistake.

Graham Cluley, security expert for Sophos software, says scammers are once again using Facebook as a lure for new victims.

“Right now we’re seeing messages spreading across Facebook claiming to have found a way to allow you to sneakily tell who has been looking at your profile,” Cluley writes in his blog. “And it’s no shock to see that many people are intrigued as to who might be checking them out online.”

However, Cluley points out that this is not new legitimate functionality that Facebook has built into its social network. Instead, if you click on the link you are taken to a third-party website which, to the untrained eye, may at first glance appear to still be on the real Facebook site, but is in fact designed to trick you into sharing their link further.

A typical message reads:

See who viewed your profile original version 2.0:
now you can see who viewed your facebook profile
<LINK>

“As we’ve seen in the past in connection with other scams, the page encourages you to ‘like’ it and ‘share’ it numerous times before it will hand over the ability to see who has viewed your Facebook profile,” Cluley warns. “This should, frankly, be enough to trigger your suspicions and have you rapidly retreating.”

Cluley says so far, many Facebook users appear to be falling for the ruse. In doing so, he says, they are helping scammers spread their links across the Internet.

“Ultimately you have to have your wits about you to avoid scams like this,” he said.

Report Your Experience: www.consumeraffairs.com/php/a_report.php

If you’ve had a bad experience — or a good one — with a consumer product or service, we’d like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

(more…)

October 12, 2010 | Categories: Security | Tags: | Leave A Comment »

Making a Bootable USB key

How can i install windows on a netbook that doesn’t have a CD player?
-Bryan F. Ontario, Canada

Well you can use diskpart to make a USB key from wich you can boot from BIOS. This also enables instant slipstreaming.

Here’s a quick look at the process:

  • First, you’ll need the DiskPart utility on the system you will use to prep the thumb drive. This is a free disk partitioning utility that is likely already installed on your Windows system. If not, you can download DiskPart here.
  • Launch the DiskPart utility by typing diskpart at the Start Menu.
  • Then run the list disk command to check the status of your drive.Video

    Dennis Chung, an IT Pro Evangelist at Microsoft, demonstrates how easy it is to prepare a USB thumb drive and use it to install Windows 7.

  • Now run select disk 1 where the “1″ is actually the corresponding number of your USB drive.
  • Run clean.
  • Once the thumb drive is clean, you can run create partition primary.
  • Now make the partition active by entering active
  • Then you need to set up the file system as Fat32 by runningformat fs=fat32 quick (quick, of course, specifies that you want to perform a quick format to speed up the process).
  • Entering the assign command gives the USB drive a drive letter, making it easy to access from Windows Explorer
  • Then you can copy/paste everything from the Windows 7 installation DVD onto the USB key (a simple drag and drop will do).
  • Now you can insert the thumb drive into the system you want to install Windows 7 onto and boot the system. The installation will now proceed as usual—but faster.

If you would like to ask a question too you can send us an email on the contact page!

August 12, 2010 | Categories: Security | Tags: , , , | 1 Comment »

A little note about Identity Theft

A research from Verisign done by YouGov revealed the minimum set of information needed to steal someone’s identity in the US and Canada.

  • Full Name
  • Date of birth
  • Address
  • Full name of mother before marriage.

As you can see, that set of information is pretty easy to gather on a person especially with sites like facebook and the white pages.

A fake phone polling session would gather this information about 45% of the time said Verisign. And this is bad news for us because it makes it a lot harder to protect our identity.

The US and Canadian laws state that if someone is caught making a fraudulous phone poll, that person can get up to 5 years in prison and 100,000$ fine. Note that you only have 1 year to complain about someone at the police. And proving that you are good willed and that he is the bad guy you have to prove there is defamation, falsification or a recording of illegal questioning. And if you fail to give this proof and you attacked that person, they can make sure you get fined for attack of their character.

Things you can do to protect yourself

  1. Install an anti virus on your computer.
  2. Before entering any information in a website, check the certificate of the website and the address.
  3. Modify your passwords often.
  4. Secure your wifi.
  5. Clean up your social networks and other profiles.

August 8, 2010 | Categories: Security | Tags: | Leave A Comment »

Tabnapping : Phishing 2.0 will break all multitaskers!

So imagine you go on a website and an ad pops up, you don’t notice it. You close the first website and suddenly Gmail asks for your credentials. You enter them.

Congratulations, you just been socially engineered.

It is even easier to trick you because all the current browsers use a file called History.js that saves all the website addresses you ever visited. (the same technology that makes blue links go purple after you went to it) So the hacker can ask that file if you went to specific addresses and then change itself when it sees you went to a specific site. And all this works even if NoScript is installed. So what all this does is that any ad you leave open could change into a site you visit often without your knowledge!

How The Attack Works

  1. A user navigates to your normal looking site.
  2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
  3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of JavaScript that takes place instantly.
  4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and mouldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
  5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful

Source : http://www.azarask.in/blog/post/a-new-type-of-phishing-attack

A Popup appears!

Untitled-1

You dun care and take focus away and open a new tab. The website sees that and changes it’s title and skin.

Untitled-2

You come back and enter your credentials.

Untitled-3

August 8, 2010 | Categories: Security | Tags: , , , | 1 Comment »

Follow

Get every new post delivered to your Inbox.