Day: June 3, 2011

Hackers stole classified information from two Canadian ministries

Posted on Updated on

The hackers sent e-mails to staff that seemed to come from senior managers, the Canadian Broadcasting Corp. reported. When recipients opened the attachments, the hackers got a path into the federal network.

Stockwell Day, then the Treasury Board president, told the CBC Thursday he was not told of the breach.

“Certainly, on the information that I got, I had full confidence that the systems had moved quickly to shut down, that significant information had not in fact been carried away, and that the ongoing assessment of that by the technicians continues,” he said.

The Department of Finance and the Treasury Board were still restricting Internet access for their workers Thursday. The agencies now have separate computer stations disconnected from the main government network.

A secret May 2010 memo from Canada’s spy agency warned that cyberattacks on government, university and industry computers were growing “substantially.”


Contact me at :

Facebook phishing: Can you spot the difference?

Posted on

by Graham Cluley on June 3, 2011

We’ve seen some messages being spread on Facebook in the last day or so, claiming to link to a video of Barack Obama. Most of them appear to have been cleaned up by now (presumably by Facebook Security) but there are still some remnants lying around.

Here’s a typical message:

Facebook phishing message

hello have you seen this recent video on the president? What is he doing in it?! LOL


What's the president doing in this video. OMG LOL!

Some versions of the message give away that the link will ultimately take you to a website ending with Almost all of the links we see in SophosLabs which end with “” contain “bad stuff”. Perhaps it would be simplest if everyone simply avoided links (and close cousins such as as they are tainted by association.

And what sort of name is hzjqorbbmdnf anyway?

Regardless of the dodgy-looking nature of the link – what happens if you click on it?

Well, you will be redirected to what appears on first glance to be a Facebook login page. However, in reality, it’s a phishing page designed to steal email addresses and passwords from users who are so keen to see a video of their president that they’ll type in their credentials without thinking.

Here’s the fake login page:

The fake Facebook login page

And here’s Facebook’s genuine login page:

The real Facebook login page

Did you spot all the differences?

Here’s the ones I found – well done if you spotted even more!


Starting at the very top -

1. The genuine login page calls itself “Log in” in its title bar. Amusingly, the real Facebook is inconsistent as to whether you “Log in” or “Login” to Facebook as later in the page it refers to “Facebook Login”. It’s odd to see a phishing page be more professional than the real thing.

2. That’s clearly not Facebook’s genuine URL. Interestingly, other pages on the domain contain clickjacking scams.

3. The real page gives me more language options – including UK English and Welsh which aren’t available on the phishing page. It’s possible that the real Facebook is doing some GEO-IP lookups and determined that I’m visiting from the UK – maybe users in other countries don’t see those options.

4. The phishers have the copyright date incorrect, believing it to be 2010 rather than 2011.

5. There are many more link options made available to me in the footer of the real login page, including “Badges”, “Mobile”, “People”, etc.

There’s bound to be more differences than the ones I spotted though. So, leave a comment below if you find any more.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Update: Wow! I can always rely on the eagle-eyed Naked Security readers who spotted some other differences.

More differences

Contact me at :

Here’s The Fake Gmail Site Chinese Hackers Used To Steal U.S., Activist Data

Posted on

Look at the two Gmail login pages in the image below, (click to enlarge them) and ask yourself: Would you have spotted the difference?

On Tuesday, Google revealed on its official blog that it had been the target of a phishing campaign seemingly originating in Jinan, China, and aimed at gaining access to the accounts of senior officials in the U.S., Korea and other governments, as well as those of Chinese activists.

The attack worked–at least in part–by sending the victims spoofed emails, often from accounts that appeared to belong to coworkers, family or friends. Those emails contained links to the spoofed Gmail sites, which harvested the usernames and passwords of anyone fooled by their realistic appearance.

The hackers then used those login details to forward all mail coming into the account to a third party, or in some cases gathered information about contacts to use in other phishing scams.

Google credits the discovery of the scheme in part to the blog Contagio, where a detailed analysis of the scam including images of the spoofed emails and the fake login page above were posted in February.

This kind of phishing scheme isn’t new, and Google warned in its high-profile revelation of Chinese hacking in January of last year that it–like all webmail services–was vulnerable to this sort of spoof attack. But the company has never before revealed so much about its phishing attackers, nor has it shared images of the fake login pages those phishers use.

Contagio points to subtle differences in the two login pages, including the destination of links and small design contrasts. But given the spot-on accuracy of the fake Gmail gateways above, Google isn’t depending on users to tell the difference. Instead, it suggests using its two-factor authentication system, which sends a code to a user’s phone that he or she needs to use to log in. If a user has set up that safeguard and no code appears when he or she is prompted to log in, then the login page might be fake.

Google is also suggesting that users watch for suspicious forwarding settings that might indicate an intruder is copying their mail, as well as a red warning at the top of the page that indicates Google has detected “suspicious activity” that might signal a hacker has gained access to the account.

Contact me at :

Facebook Privacy: 10 Settings Every User Needs to Know

Posted on

Facebook Privacy Image

Facebook’s privacy settings are extremely detailed, giving you the ability to fine-tune the privacy aspects of almost every little part of your Facebook account. Unfortunately, for most users, this level of micromanagement makes Facebook’s privacy settings a convoluted mess.

Even worse, these settings change often; you may think you know everything there is about them, only to be greeted with a completely different layout and a bunch of new options the next time you visit the dreaded Facebook Privacy Settings page.

So, what do you do when you’ve got over 170 options to choose from? You focus on the most important ones. We’ve entered Facebook’s maze of privacy options and came out on the other side bruised, battered, but with 10 essential settings in our hands. Disregard them at your own peril!

1. Sharing on Facebook





Account > Privacy Settings > Sharing on Facebook

Controlling how you share content is quite complex and will probably make your head hurt, but it’s essential that you take a good look at the settings and decide for yourself what you want to share and with whom.

Facebook gives you the easy way out: You can share content with Everyone, Friends of Friends, or Friends only. However, if you’re using lists (see item number eight on this list), you might want to customize the settings and set a certain type of content to be visible to the people on some of your lists, and invisible to others. For example, only my close friends can see all my photos, while business associates can see just a few.

It’s important to note the “Preview my Profile” option which lets you see your profile as someone else would. Setting all the options just right can sometimes be tricky. When in doubt, defer to this option.

2. Existing Photos





Account > Privacy Settings > Sharing on Facebook > Customize Settings > Edit album privacy for existing photos

Settings for sharing content on Facebook can be treacherous as they don’t always apply to all your existing photos. With this setting, you can go through your old albums and change the privacy setting for each one, including your Wall Photos.

3. Checking In to Places

Account > Privacy Settings > Sharing on Facebook > Customize Settings > Friends can check me in to Places

Another setting under Sharing on Facebook often goes unnoticed, and it can be very important, as it lets your friends check you in to Places. Having someone else telling the world where you are can be unpleasant and even dangerous in some cases. If you want to avoid it, disable this feature.

4. Connecting on Facebook





Account > Privacy Settings > Connecting on Facebook

Privacy settings for sharing content on Facebook are separated from the settings for connecting, which basically means sharing information about you: Your photo, gender, age, education, hometown etc.

Furthermore, these settings determine how people can find you on Facebook. Can they do it simply by searching for your name? Can anyone add you as a friend, and send you a message?

Here, you can change those settings to Friends Only, Friends of Friends, Everyone or — in some cases — customize them. For example, if you get pestered by too many anonymous messages, you might consider letting only your friends send them. Be careful: If you set everything to the strictest available privacy setting, people may have a harder time finding you on Facebook.

5. Apps You Use





Account > Privacy Settings > Apps and Websites > Apps You Use

This is another painful setting as it usually means wading through dozens of apps and either removing them or editing the privacy settings for each of them individually.

We suggest removing all of the apps you’re not using (hint: If you can’t remember what it is, you probably don’t need it), and carefully reviewing the permissions you’ve given each individual app. For example, some apps like to post on your Wall even though they don’t require the option to function.

6. Instant Personalization





Account > Privacy Settings > Apps and Websites > Instant Personalization

We’ve covered this setting in-depth before. For detailed info on what it does, check out this article. Essentially, it lets third-party websites personalize your experience, which can be nice, but it also allows access to your personal data.

You can opt-out of Instant Personalization on individual third-party websites, such as Pandora, simply by clicking on “No Thanks” when asked about it. However, on Facebook you can completely disable it by leaving the checkbox before “Enable instant personalization on partner websites” unchecked.

7. Info Accessible to Your Friends





Account > Privacy Settings > Apps and Websites > Info accessible through your friends

This is where Facebook’s privacy settings get really tricky, and most users don’t realize it. No matter how tight your privacy settings are, you’re still sharing some of your content and info with a group of people, even if it’s only your closest friends. However, what you share with them doesn’t necessarily end with them, especially iftheir privacy settings are lax. In the end, your friends might be sharing your info with third-party services, which is precisely what you want to avoid.

With this setting, you can set exactly what information is available to apps and websites if your friends use them.

8. Public Search





Account > Privacy Settings > Apps and Websites > Public Search

When someone searches for you on a search engine, they might get a preview of your public profile which, in some cases, can be very revealing. If you don’t want that to happen, you should turn this option off.

9. Friend Lists

Friends > Edit Friends > Create a List

If you’re a typical Facebook user, you have 130 friends, and it’s very likely that you don’t want to share every detail of your life with all of these people.

This is where Friend Lists come into play. By creating lists of — for example — your family members, close friends and business acquaintances, you can finely tune the details you want to share with each list (as explained above).

Creating lists can be a bit dull at first, especially if you start doing it when you already have hundreds of friends, but once you set them up, it’s easy to add each new friend to a particular list.

10. Enabling HTTPS





Account > Account Settings > Account Security > Secure Browsing (HTTPS)

The last setting we’d like to highlight has more to do with security than privacy. However, if someone hacks into your account or sniffs your data (which can be easily done with an app like Firesheep), all the privacy settings in the world won’t help you protect it.

Recently, Facebook started introducing HTTPS support, which makes it a lot harder for someone connected to the same network to sniff your password and other data. It makes Facebook a bit slower, and certain features don’t work yet, but we highly recommend it as HTTPS is essential to online security on all web services, not just Facebook.

If the option isn’t available to you just yet, don’t worry. Facebook promised it will gradually roll out the feature in the following weeks.

Contact me at :

Apple security update bypassed after 8 hours

Posted on

It took only eight hours for the malware developers behind the MacDefender and its variants to come up with a way to bypass thesecurity update pushed out by Apple.

According to Chester Wisniewski, a new variant of the malware has sprung up and it manages to infect the updated systems without asking for the administrative password.

How does it manage to bypass the protection Apple put in place? The malware developers have changed tack: a downloader program is installed first, and it then retrieves the actual malicious payload.

This way, they can make endless small changes to the downloader program and few to the actual malware – and still be successful. “If the bad guys can continually mutate the download, XProtect will not detect it and will not scan the files downloaded by this retrieval program,” he explains. “Additionally, XProtect is a very rudimentary signature-based scanner that cannot handle sophisticated generic update definitions.”

Apple has also reacted quickly and has updated XProtect to detect the current downloader:

The 2011-003 update also makes systems check for new updates to the File Quarantine malware definitions every 24 hours. Let the cat-and-mouse games begin.


Contact me at :

“World’s hottest female hacker” to face NYC court

Posted on

Kristina Svechinskaya – who has been dubbed the “world’s hottest female hacker” – recently appeared in a NYC courtroom to face charges of stealing $35,000 for the notorious Eastern European ZBot cyber-criminal gang.

According to the NY Observer, the crying Svechinskaya approached the bench wearing skin-tight jeans and slinky, calf-high boots.

Sexy, eh? Definitely!

World's hottest female hacker appears in NYC courtStill, as Sophos senior security researcher Graham Cluley notes, the jury is still out on whether or not the fetching Svechinskaya is actually a bona fide hacker.

“Kristina has been charged with one count of conspiracy to commit bank fraud and one count of false use of passports. [Yet], that’s not how I would define hacking,” opined Cluley.

“[Yes], prosecutors claims that Svechinskaya was recruited to join a ‘mule’ organzation that had numbered over two dozen participants and had contact with computer hackers and individuals who could provide fake passports.

“[Nevertheless], there’s nothing really there to suggest, even if she was proven guilty, that she’s a hacker.”

Fair enough.

But that isn’t really the point of Kristina Svechinskaya or her photos, is it?





Contact me at :