Member since: Sep 11th, 2009
Nov 6th 2009 12:54PM We talked about this here:http://www.sophos.com/blogs/gc/g/2009/11/03/hacked-iphones-held-hostage-5-euros/As we stated in the article, the hacker did take down the link and reportedly returned the money. But the concept has been proven.We've seen this tactic before. Back in 2006 we saw a Trojan thatencrypted the contents of My Documents and then dropped a file that had"instructions" on how to get your stuff back. It usually involvedsending money or buying stuff from a CanPharm page. Here's the post ifyou are interested:http://www.sophos.com/pressoffice/news/articles/2006/06/arhiveus.htmland here's the money tactic:http://www.sophos.com/pressoffice/news/articles/2006/03/zippo.html
Oct 29th 2009 10:33AM This shows that people are simply too trusting. Just because an email seems to come from Facebook, or Twitter or your bank doesn't make it so. If you are uncertain, you can always contact the support group of whoever seems to have sent the email and ask them to confirm the email came from them. Nine times out of ten, it won't be.Users shouldn't be afraid to question anything that looks suspicious or even slightly dodgy that's asking for sensitive information.
Oct 21st 2009 11:22AM There's a trust factor on Facebook, and many other social media sites. People feel that their little corner of the world is safe. They feel like these games and apps shouldn't be compromised because "Why? What value is in hacking Aquariumlife?" Kids using Facebook certainly don't think about security threats. They are simply looking for something to do.This is exactly WHY these attacks are so successful right now, just as the first email worms were 10+ years ago. Cyber-criminals know how to exploit this trust to infect more people. In time, the trust will erode to a healthy skepticism, just as it has for email and web browsing.Feel free to check out http://www.sophos.com/security/topic/facebook.html and http://www.sophos.com/security/best-practice/facebook.html to see how to lock down your Facebook access. In addition, the same best practices such as having up-to-date security software, applying OS patches, whether Mac or Windows, changing your passwords frequently (and not using the same one for everything) and simply being vigilant can go a long way.Beth Jones,SophosLabs
Oct 7th 2009 2:10PM Bear in mind this probably wasn’t a single phishing attack. From what wehere at Sophos have seen, it was more than likely a multi-vectoredattack, using email phishing, keylogging botnets and rogue socialnetwork applications, given the number of “fake” email addresses, aswell as a list of “kid culture” passwords. See our blog posts:http://www.sophos.com/blogs/sophoslab/v/post/6719http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-releaseThe rogue applications is definitely worth noting. While people may bewiser to email phishing attacks, social media sites are much newer sothe trust factor is still high. Remember what the trust factor was likein the 1990’s with email? I am on several of the social media sites andI see rogue applications that are collecting email addresses andpasswords at least a couple times a month. The whole “If you liked thisapplication, send it to your friends” is really a phishing attack - itasks for your email address and password to “send” to your friends. Thephishers then have your information.As stated above, we have also seen in the list a lot of kid culturepasswords, which lends credit to the multi-vectored attack. An emailphish wouldn’t work on a small child, but a “send this application toyour friends” would.Please be careful out there. Treat your passwords as you would your underwear:- change them often- don't share them- and don't leave them lying around for other people to see
Sep 11th 2009 11:56AM There is a need to keep your software up to date, whether it be by Sparkle, AppFresh or Software Update. I personally have used this and it's a good tool. I want to try Sparkle as well, but the important thing is to make sure that the software that you use is up to date, and if you don't use it, uninstall it.Beth Jones, SophosLabs US
Save your tabs and Panorama tab groups in Firefox 4
Amazon Appstore for Android hands-on review: Android Market is in trouble