Caller: “Hello, this is your Internet security team” (in a strong Indian accent)

 – (Woah, I have an Internet security team? Awesome!)

Caller: “Am I speaking to the account holder”

 – (Which account?)

Me: “Yup, that’s me”

Caller: “Excellent, now please do not be alarmed but we have detected many virus’ on your computer”

Me: “Oh no! Whatever shall I do?”

Caller: “Don’t worry sir, we are here to help”

After playing dumb a little bit, the caller got me to turn on my laptop, and in typical fashion open the ‘Event Viewer’. This is the place on a Windows PC where any system notifications/alerts are stored. Unfortunately, it can look scary (which is what the caller is banking on) and make you believe your machine is truly “full of the virus”.

Once the caller truly thought I had taken the bait, may call was escalated to the “senior technical advisor”. I assume this was the guy who was going to attempt to get into my laptop. Unfortunately, I was caught unaware with the phone call, so didn’t have time to set up a test machine to see what they would actually do.

So, I thought I’d attempt to see what they would do when challenged with proving they knew which machine was mine. Obviously, they can’t know the IP address of my machine, and when confronted they said much to the same. Although, they had another way of proving they know my machine! Amazing! So I asked. THe nice senior advisor got me to open a command prompt, and type “ASSOC”, then press enter. I know what this command is, but I’m sure 99% of people won’t. They want you to look at the bottom of the list, like so:

This is the value they want you to believe is uniique to your machine, therefore if they know it they must be trusted. Wrong, this value is NOT unique and will be the same across most Windows machines.

At this point I realised I had been stringing this out for close to 50 minutes and the pub was calling (being Christmas and all). I vented a little bit of anger, told him I knew exactly what he was attempting, why I knew it, and that I hadn’t fallen for it but it had been a fun 50 minutes. Even after this he was still attempting to convince me he was helping me.

I left the phone on the side, with him still talking, and went to the pub.

Please, anyone reading this make a note of the tricks they used, and hopefully you won’t fall victim.

The post Scammers beware! appeared first on Security For Non It.

DNS works as a look up service for the Internet. What you know as www.google.co.uk, a computer knows as 209.85.148.106. These numbers are known as an IP address. Every website on the Internet is actually contacted via its IP address. DNS is the bridge between the easily readable website address and the numbered IP address. What had happened in this attack was a Turkish hacker changed the DNS records for all these sites so they pointed to a webpage of their choosing.

Luckily, it was quite obvious that you weren’t on the correct site if you loaded one of the ones hijacked during this attack, but what if the plan was to pretend to be a website in order to collect your personal information? A convincing phishing attack coupled with a DNS attack could cause some people massive problems. Fortunately, this hack was detected and the correct DNS entries restored.

The post DNS hijack, say what? appeared first on Security For Non It.

Most non-tech people I have spoken to don’t understand what SSL certificates are, let alone the ramifications of a rogue, fake SSL certificate for *.google.com. Before we can understand the impact we need some background.

Basically, SSL is a form of encryption used on the Internet to protect communications, for example online banking. you can check quickly if a website is encrypted by checking if the website address is prepended by “https://” as opposed to http://. Often there will be  a padlock icon as well. See below:

SSL certificates are used to verify who you are sending your private data to, to ensure no one apart from the sending and receiving parties can see it (basically). These SSL certificates are issued by certificate authorities (CA), who are trusted to verify who is asking for the certificate is who they say they are. Google uses SSL to encrypt its Gmail service, G+ service and various others. The problem we have is someone (or some country….) has, in their possesion, a fake Google SSL certificate for any subdomain of Google.com, including mail.google.com and plus.google.com. Now, if this person (or country……) can get you to connect to a server of their choice when you  browse to https://mail.google.com, the SSL certificate presented will appear to be real and your web browser will happily send all your data along. Scary huh?

The above is a very simplistic view of the issue, but I hope it explains the issue a little more. I imagine web browser vendors will be issuing updates to remove any trust for these  rogue SSL certificates over the next few days, but if you are extra paranoid (and use Firefox) try following this guide:

http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Luckily, this attack only seems to be affecting users in Iran, but awareness of this issue needs to be raised as I’m sure most people just click through SSL certificate warning when browsing on the web. SSL certificates are there to protect you, let them help you. Any questions feel free to leave a comment or drop a line on Twitter, I could drone on in more technical detail of needed

For more technical details check out the Naked Security post on the subject here:

http://nakedsecurity.sophos.com/2011/08/29/falsely-issued-google-ssl-certificate-in-the-wild-for-more-than-5-weeks/

The post Fake SSL certificate, say what? appeared first on Security For Non It.

RDP is used (as the name suggests) to remotely connect to a machine and have control over the desktop. This shouldn’t be enabled by default on most new installations of Windows, but it is always worth checking. If you need to use RDP for whatever reason, make sure the administrator account has a very strong password. I have been ranting about passwords for a while now, and the spread of this worm shows the extent to which poor passwords are being used. Having an administrative account with a password of “admin” or “letmein” is asking for trouble. This worm doesn’t just log in, it also downloads more code. This code can be used to make your machine attack other machines on the website as part of a DDOS attack. The worm then scans for other targets to infect.

The scary thing is (as I’ve already said) the prevalence of weak passwords. Passwords really are the only defence for a lot of systems and they must be created with a bit of thought. I’ve spoken about how to create strong passwords here, and they really don’t have to be difficult for a human to remember.

I’m sure antivirus companies will start picking this up soon, but even so, check your passwords!

For more technical information on the worm check out this ThreatPost article:

http://threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811

The post A new worm, who would have thought it? appeared first on Security For Non It.

http://www.eff.org/https-everywhere

The post HTTPS Everywhere leaves beta stage! appeared first on Security For Non It.

The below does have a comedic element, which I think drives the message home better than one of my meandering rants. If you haven’t seen xkcd and you are a little geeky go check it out http://xkcd.com/.

The post Password Strength a la xkcd appeared first on Security For Non It.

Dragon is based on the Chromium browser (specifically version 13.0.782.107), so any users of Google Chrome’s browser will feel right at home here. The differences? Well, it is more secure, and that’s a good thing. The privacy options are beefed up significantly, with a special mode called “incognito mode”, which blocks all website tracking completely, a Godsend for all the privacy advocates out there. There is also the option to use Comodos Secure DNS servers for filtering known domains containing malware. All these options can be found through the usual Chrome standard menu.

From a useability point of view, I have found it just as quick as Google Chrome, although I haven’t performed any benchmarking. Comodo state most popular Chrome extensions will work, and everything I tried worked perfectly.

So all in all, I think ComodoDragon is a worthy browser for home users, it looks good, is fast and has some excellent security settings. It is definitely being added to my preferred browser list. for more information jump over to Comodo’s website:

http://www.comodo.com/home/browsers-toolbars/browser.php

The post Comodo Dragon appeared first on Security For Non It.

Check out the infographic below, there is some good information to read, whether you use Android, iOS, Windows mobile or Symbian, the same ideas apply. There is also some scary information, such as “10% of iPhone users use 0000 or 1234 as their password”, I mean 10%? 73 million iPhones sold up to 2010, you do the maths. And if you are one of these 10%, then channge your password Pay special attention to the dos and don’ts at the bottom of the page, some really great advice, some of which I outlined here.

Please pass this around to anyone else you know with a shiny new smartphone, you may be their saviour.

The post Smartphone Malware, Information Galore appeared first on Security For Non It.

Another awesome source of info is the SANS Ouch! newsletter. SANS offer many services (I am actually in the middle of one of their courses right now), but Ouch! is aimed at “ordinary computer users”. Check out their blog post on the matter.

If you are only going to read a couple of sources of information, choose one of the above and keep reading my blog But my recommendation is you read at least these three.

If anyone has any other recommended reading feel free to let me know, my “News Sources” page is still a work in progress.

The post Help, I need somebody! appeared first on Security For Non It.

Ad Block – Does exactly what it says on the tin.

Web of Trust – A user based rating system for web sites. Very cool for seeing what others think of a particular site.

Notscript –  Very similar to Firefox’s NoScript, with the idea to block everything unless specifically allowed. I wrote a little about NoScript here.

Secbrowsing – Secbrowsing sits in the background and checks the version number of your installed Chrome plugins. When out-of-date plugins are found it will alert you, helping you keep everything up-to-date.

There are hundreds more plugins, but these four will give you a good start.

Many people still use Internet Explorer, just because it comes bundled with Windows. I personally don’t use Internet Explorer (probably a little biased though), and find Chrome much, much faster. It is definitely worth giving it a trial run.

The post Securing your browser pt 2 (Google Chrome) appeared first on Security For Non It.