Wednesday, 10 September 2014

News: Dyre Banking Trojan gathers pace [Guest Post]


Image: safe6 from keyservice.kiev.ua
The malware, also called Dyreza, designed to bypass SSL and steal login credentials, is prompting sofware vendors to email clients a "not us, guv" denial.

The Dyre banking trojan which was reported at the start of the Summer (source article: Security Researchers Warn of New Dyre Banking Trojan (eSecurityplanet) by Jeff Goldman, June 20, 2014) appears to be gathering pace such companies such as Salesforce this week felt compelled to mass-mail customers to tell them there is no specific vulnerability in their software.

Rather the Dyre or Dyreza trojan is designed to bypass SSL protection and steal banking credentials. Delivered via phishing emails with the subject lines "Your FED TAX payment was Rejected" and "RE: Invoice" the attack emails links to zip files on LogMeIn's Cubby.com file storage service.

Opening the zip file installs the malware, which  then monitors all of the victim's browser traffic, including SSL traffic and inserts itself in the stream, redirecting supposedly encrypted SSL traffic to its own page. Using a technique called browser hooking, Dyre intercepts the un-encrypted traffic which it can then record  and scan for financial details.

Apparently sufficient scare stories have spread over the Summer that Saleforce needed to point out that its software has not been compromised but does not go so far as to say "its you, dummy!" Which would be of more use, since Dyre relies entirely on social engineering of human beings for it's attack vector. If no one felt the need to open suspect emails and click on unsolicited links, without checking or scanning them first, this kind of malware would sit uselessly on the servers.

Security site PhishMe recommends taking the following five steps to mitigate the threat from Dyre:

  1. Remove the phishing emails from inboxes 
  2. Check proxy logs for traffic to Cubby, downloading zip files containing the name “documents” or “invoice” 
  3. Search for traffic / block the IPs 85.25.148.6, 217.12.207.151, and 192.99.6.61 
  4. IDS rules looking for double POST within a short period of time (this will catch copycats, too) 
  5. Look for zip files containing .exe or .scr files (Web, IDS, host-based, etc) 

However, repeatedly hitting users over the head with a printout of "its you, dummy! Do NOT open suspect emails, DO NOT click on unsolicited links, CHECK and SCAN all downloads before opening" wrapped around a length of two by four until they remember some basic email security rules - that MIGHT, just might have an effect. AJS

About Allan J. Smithie
Allan J. Smithie is a journalist and commentator based in Dubai.

Monday, 1 September 2014

Full Circle Magazine 88 is out now


Full Circle Magazine issue 88

The independent magazine for the Ubuntu Linux community

This month:
  • Command & Conquer
  • How-To : Minimal Ubuntu Install, LibreOffice, and GRUB2.
  • Graphics : Blender and Inkscape.
  • Linux Labs: Ripping DVDs with Handdrake, and Compiling a Kernel
  • Arduino
plus: Q&A, Security, Ubuntu Games, and soooo much more.

ALSO: Don’t forget to search for ‘full circle magazine’ on Google Play/Books.

Download issue 88: http://fullcirclemagazine.org/issue-88/

Thursday, 28 August 2014

How-to: Remove UbuntuOne


Canonical's valiant cloud storage service has now gone to that great silicon graveyard in the sky: but on my Ubuntu 14.04, the UbuntuOne application still waits forlornly for the sync' message that will never come...

Time to remove the UbuntuOne application from my desktop.

The most important step, right click on the icon and turn it off first!

Thursday, 21 August 2014

How-to: Use 1 and 1 Website Analysis


How-to: Use 1and1 Website AnalysisIf you host your website with UK outfit 1and1, you'll find some tools in the back-end, one of which is a little Mickey Mouse Website Analysis tool. In theory you can point it at anything, but I suspect it's geared toward sites hosted by 1and1.

The initial scan of the site's meta-data prompted some interesting questions, particularly if you're thinking of search engine optimisation.  

'Title (If you've added a title for your website, how many words and characters did you use?)
Your website has a title with 18 characters and 2 words. You should use between 30-66 characters and 5-10 words.'

So that's where Google, Microsoft and IBM have been going wrong all these years... Seriously, though, Microsoft now has a pithy title 'Microsoft - Devices and Services.' Done and out. Amazon, on the other hand, goes the whole hog 'Amazon - Low prices in electronics, books, sports equipment and more.'

Wednesday, 13 August 2014

Opinion: The Dark Side of Social Media Settings Part II [Guest Post]


The Dark Side of Social Media Settings by Paul LevyArticle originally  appeared as; The Dark Side of Social Media Settings on Digital Inferno by Paul Levy, founder of CATS3000 and Rational Madness.

No one claims to understand the majority of settings available to them on the social media platforms they use.

What’s the solution? In platform induction, start with the settings. Training in becoming familiar with the role, risks and language of settings should be taught in interesting ways. Cyber security and social media “gardening” can be engaging. Settings is a key social media skill and should be recognised in appraisal and reward systems. We should value the role and importance of setting our social media garden mindfully and skilfully. Often the senior managers are the worst exemplars. Lead from the top, blah, blah.

Saturday, 9 August 2014

Opinion: The Dark Side of Social Media Settings Part I [Guest Post]


The Dark Side of Social Media Settings by Paul LevyArticle originally appeared as The Dark Side of Social Media Settings on Digital Inferno by Paul Levy, founder of CATS3000 and Rational Madness.

I’ve just carried out a non-scientific poll of a dozen friends and professional colleagues. Not one claims to understand the majority of settings available to them on the social media platforms they use.

 Big deal? Well, let’s see if there is a deal to worry about…

Wednesday, 6 August 2014

Humour: iPad fitting experience


iPad fitting experience - Clarks
iPad fitting experience - signage at Clarks Village, Street, Somerset

The cyborgs are here, and they're powered by Apple. Question is where are they having the iPAD fitted?!?! RC