Beware LinkedIn scammers wanting your company’s services

Just a quick heads up on this one. I was sent a LinkedIn connect request by someone from a state-level sporting organisation who had a title of Finance Manager. We had a Group in common, so I accepted.

This was quickly followed by a message from him, stating that he was interested in our IT services. I was a bit surprised as he was in a different state, but the main alarm bell ringer was the slightly poor English phrasing. He made a point of telling me that NSW is in Australia. Would you seriously do that to someone you connect to who is in Queensland?

So I visited the official website for the organisation, found a contact email address and asked them if the guy really worked for them. Surprise surprise – they’d never heard of him. And you would think they’d know who their finance manager was.

Delete. Un-connect. Good-bye, mate.

Moral of the story – when those spidey senses are alerted, do some research before proceeding!

-SCuffy

 

BigPond ADSL – Your ADSL Service Cancellation Notice email

Disturbing email doing the rounds over the long Easter weekend in Australia, pretending to be from BigPond. I’m blogging about this in the hope that you’ll find this entry if you receive that email and Google it first.  It’s a scam, and a very clever one.

First the details: sender address ebilling@bt.com (that’s your first alarm bell-bt.com is not a bigpond or telstra domain name)

Subject: Your ADSL Service Cancellation Notice (second alarm bell – I am not and have never been a BigPond ADSL customer)

Text: Dear BigPond User,

Telstra BigPond is sending you this e-mail to inform you that our service to you could be suspended. This might be due to either one of the following reasons:

1. You have changed your billing address.

2. You have Submitted incorrect information during bill payment process. (third alarm bell – bad english & capital letter in middle of sentence)

3. Your credit/debit card has expired.

4. You didnt update your bigpons profile. (fourth alarm bell-missing apostrophe and now bigpond has lost its capitals)

According to above(more bad english), and to ensure that your service is not interrupted, we request you to confirm and update your billing information now BY CLICKING HERE. (another alarm bell-Telstra will never ask you to do this and definately never in capitals)

If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.

Regards,

Telstra

Billing Department

Thanks for your co-operation

Accounts Management As outlined in our User Agreement, Telstra (r) will periodically send you information about site changes and enhancements.

OK, so there are a few things in there to make you question the email, but the real surprise is the lengths they have gone to with the fake website, and what they have the cheek to ask you for.  When you click on the link, you are taken to a page that looks very much like a Telstra website:

The logo is there and the links at the bottom even point to pages on the real Telstra website.  But the big alarm bell here is this statement: “This is a secure page. Telstra has implemented SSL security technology designed to prevent unauthorised people from reading this page, or the information you send to us via this page.”  Ah no, actually that page is not secured by an SSL certificate, as the address at the top does not appear as https:// and there’s no little golden locked padlock showing in my browser.

So let’s see how far we can push this thing?  Enter a username & password – just anything, make it up .. and you get to page 2 – Thank you for confirming your identity.  And now the fun begins. They want your name, credit card details, billing address, phone number, home phone, date of birth and drivers license number.  Excuse me? I don’t think so.

So we make up some more fake info and submit it, and we get a short confirmation page which then redirects us to the real Telstra website.

Apart from wondering how on earth it can validate a completely made-up username and password, there are elements in there to really make you think it is legitimate.  The site is hosted by e3event.com which is in Indian company.  I’ve forwarded this email to Telstra to get their comment, but I’m betting my money it’s a fake. And if it is, it’s a good one.

The best scammers know that instead of spending their time trying to break technology’s security measures, they just need to take advantage of our human nature and gain our trust. With a few chosen words and a carefully placed logo, we believe they are Telstra and we’re going to lose our internet connection. The easiest way for them to gain access to your personal information is for them to to ask you for it. 

Another concern is the timing of this. It was reported to a few Computer Troubleshooters franchisees as appearing over the Easter long weekend, which was a 5 day public holiday in Australia this year due to the ANZAC Day commemoration.  The billing departments of all corporations were closed (internet providers only run technical support on weekends) and who wants to be without their internet for 5 days because you decided to wait & phone Telstra to check it out first?

So, now you’ve been warned, and you’ve seen why I think this is a scam. I’ll let you know Telstra’s reply when I get it (hopefully tomorrow – at 9pm their privacy department isn’t open).

-SCuffy

Issues with security update patch for IE7 WinXP KB2416400?

Our friends at the Kaseya NOC have decided not to rollout out a Microsoft security patch just released for Internet Explorere 7 machines (on Windows XP).  They’ve seen some issues once it’s been installed and there are a few blog sites with people reporting problems.  Suggest hold off installing this one for a while until it’s sorted:

“Post: We have noticed that after applying the patch KB2416400 (MS10-090), when browsing a particular site, all links stop working following clicking a link to open a java script pop-up window. Hitting F-5 to reload the page restores functionality of the links. So to avoid this miss-functionality we have denied this patch from all Virtual Manage machines.

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/eec87070-61eb-4fbd-aa45-911206f7039b

https://blogs.technet.com/b/wsus/archive/2010/12/16/important-questions-regarding-ms10-090-kb2416400-internet-explorer-cumulative-security-update.aspx

https://blogs.technet.com/b/sus/archive/2010/12/16/update-on-a-couple-issues-we-are-seeing-related-to-detection-and-installation-of-ms10-090-kb2416400.aspx

-SCuffy

Protect your PC Against Adobe PDF Reader Security Flaws

Not an original blog entry this time, but advice definately worth sharing from the security experts at AVG – thanks Lloyd!

Melbourne and Amsterdam, 13 August 2010 – It should go without saying that the best way to deal with malware is, of course, not to get infected in the first place.

Lloyd Borrett, Security Evangelist for AVG (AU/NZ) says, “Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites.”

Attackers send a file that has malicious code embedded in it. Once the file is opened, the computer is infected, typically with some form of identity theft malware that then steals data.

The Adobe PDF and Adobe Flash browser plug-ins are also used in “drive-by download” attacks where malware is downloaded onto the PC while the user is surfing the web.

“Adobe products, just like Microsoft Windows and Microsoft Office, have near universal use on home and business computers making these applications prime targets for the bad guys,” Borrett continues. “Unfortunately, since the bad guys realised this and turned their attention to finding security holes in them, they have been very successful.”

Of course, the easiest way to avoid the risk of being compromised via these Adobe products is not to install them! However, this is virtually impossible for most home and business Internet users.

So if you must use Adobe Reader, then please take the time to secure it.

How to secure Adobe Reader  

  1. Open the Adobe Reader application and choose ‘Edit’ and then ‘Preferences’.
  2. On the left you will see several different categories of options to modify.
  3. Under the ‘JavaScript’ category there is a checkbox ‘Enable Acrobat JavaScript’. Make sure this checkbox is not ticked/selected so that you disable Adobe Reader’s ability to run dangerous JavaScript from a PDF.
  4. Under the ‘Security’ category, to specify that digital signatures are handled securely make sure the ‘Verify signatures when the document is opened’ checkbox is ticked/selected.
  5. Under the ‘Security (Enhanced)’ category, make sure the ‘Enable Enhanced Security’ checkbox is selected to help with data protection and privacy.
  6. Under the ‘Trust Manager’ category we’d recommend you disable Acrobat’s ability to call external applications to handle non-PDF file attachments. So, after the ‘PDF File Attachments’ heading, make sure the ‘Allow opening of non-PDF file attachments with external applications’ checkbox is not ticked/selected.
  7. Then click on ‘OK’ to exit changing the preferences.

Adobe is working to address the security vulnerabilities in its products, so it’s vital to make sure you regularly check for updates to Adobe Reader, Adobe Flash and other Adobe applications. Turn on the automatic updates so that your Adobe software stays up-to-date.

Borrett adds, “And also don’t forget to install a complete security suite solution like AVG Internet Security that will provide you with total protection as you work, shop, bank and play games online.” 

AVG (AU/NZ) has a comprehensive range of security tips for home and business users on its web site at www.avg.com.au/resources/security-tips/.

About AVG (AU/NZ) Pty Ltdwww.avg.com.au

Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of Anti-Virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety. 

AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.

Talk to Us

Siobhan MacDermott

AVG Technologies – Investor Relations

E-mail: siobhan.macdermott@avg.com

US Mobile: +1 415 299 2945

For more detailed information please contact:

Lloyd Borrett         AVG (AU/NZ)      03 9581 0807

Shuna Boyd         BoydPR      02 9418 8100

MYOB & Vista & Forms …

Today’s MYOB/Vista trick – logged onto my lapatop with a new user account that is NOT a domain administrator (trying to be all security conscious and the like).  Then MYOB v17 refused to see my custom forms (incidentally, the business fie is on a shared drive).

Log on as the old, domain admin user – no problem.

Turned out to be file security (surprise).  By default, the local Users group (which contains the Domain Users group) does not give full control or modify access to the Forms directory and files.  Change this to allow full control to the forms, and hey presto, my non-domain admin user is now accessing branded invoices in MYOB once again!

-SCuff 

Messaging, instantly.

Once upon a time, internet chat rooms were pages of text that you had to ‘refresh’ to see a new message, and anyone could intrude on.  Fast forward to today, and instant messaging gives us our own private chat rooms (or are they private?) with only the people we want to communicate with (if we select the right settings).  There are many pros and cons of instant messaging, and I for one am a believer that it can benefit businesses, if done properly (i.e. securely).

My main gripe about the likes of MSN Messenger (or Live Messenger, as the latest version is called), is that because it is a free Microsoft product, it’s damn hard to get any help from Microsoft if it doesn’t work.  Case in point are recurring sign in problems with errors like “the service is temporarily unavailable” when we damn well know it’s not.  These are frustrating for the resident teenagers of the household, not to mention the growing number of businesses that are now relying on this medium for communication with staff and customers.  Sign in error 8004888d alone will return over 4,000 results in Google, many of them being forum posts with multiple people experiencing the same problem and looking for an answer.

My shining ray of hope on Messenger problems is the Messenger Support Space (http://messenger-support.spaces.live.com/)  which, amongst other things, lists this as a possible fix for that particular error code (all credit to them):

“This problem occurs if the Secure Sockets Layer (SSL) libraries are corrupted.  Please try the following steps in the order they appear to help resolve this issue:

 1. Reregister the SSL security libraries.
To reregister each file in the following list, click Start, click Run, type the command, and then click OK.

REGSVR32 softpub.dll
REGSVR32 wintrust.dll
REGSVR32 initpki.dll     ——–Please note, when I typed this one in I did not recieve confirmation like all the others just the hour glass but it still works
REGSVR32 Rsaenh.dll
REGSVR32 Mssip32.dll
REGSVR32 Cryptdlg.dll
REGSVR32 Dssenh.dll
REGSVR32 Gpkcsp.dll
REGSVR32 Slbcsp.dll
REGSVR32 Sccbase.dll 

2. After each command runs successfully, you will receive a “DllRegisterServer succeeded” message.
Wait until you receive this message before you run the next command
 
3. Restart the computer. 

4. Try to sign in to Windows Live Messenger again.

And, from a poster named Alison … 

Go to Start Menu-Run

Type in: regedit

Say OK

Plus sign of HKEY_LOCAL_MACHINE

Plus sign Software

Plus sign Policies

Plus sign Microsoft

Plus sign System Certificates

Plus sign of Trusted Publisher

You will see a “safer key folder”

Delete that folder

Reboot

Try to re-login to Windows Messenger.

(Relevant disclaimer here about you wandering around in the registry at your own risk and not blaming me if you really, really break something).  I’m 100% sure of the changes I make to my registry settings – if I’m not, I don’t change them .. or I make sure I’ve got some way to undo any damage I cause.

Corrupt SSL libraries are an interesting discussion point in their own right because of how much impact they can have.  Prior to the reregister fix above, I saw the strangest thing with MSN Messenger being extremely slow to accept the typed input of the username.  SSL is also used when you try to do anything with a secure web page (e.g. online shopping and banking sites .. anything that wants to play as https://) and gets it’s claws into Windows Updates too.  So, if you have corrupt SSL libraries, you may have problems with more than just messenger.

On the good side though, I’ve had a lot of experience with IBM’s secure collaboration tool (and my Microsoft friends are going to say that the corporate version of Live Messenger is even better).  Instant messages fall nicely between the gap of not being as interruptive as a phone call (if you can ignore the blinking on your screen for a while) but being more interruptive than email (if you don’t live in your Inbox).  Presence awareness is one of the major benefits with instant messaging programs, as you can see when the other person is at their computer and available to talk, without needing to phone or email them first.  Corporate IM programs can embed this into email and other areas, so if you sent me an email yesterday, I can read it today and automatically see if you are online for me to talk to you about it.  And, I love the fact that I can see when the other person is typing a response … I know I’ve got their attention and they haven’t left me to go and make a cup of coffee. 

As I said before though, if you are talking ‘shop’ or credit card details over the free instant messaging programs … just be aware that “hack msn messenger” on google gives 191,000 results.  Like email (yes, scary thought), instant messages zooming around the internet can be “sniffed” and read by someone else with enough knowledge.

So, embrace the possibilities of instant messaging for keeping in touch with people, but don’t let it give you a false sense of security.  Only talk to people that you know and allow on your contact list (as it can also be used to transmit viruses).  And don’t let it be the tool of choice for transmitting office gossip or telling your boss that you quit …. if you work in the same physical location, get up from your chair and go and talk to one another!!!