Cavu Labs

Epic Breach of Email Lists - Epsilon Data Management

2011-04-05T14:00:00.000-07:00

As part of modern-age business practices, large corporations will hire third-party marketing solutions to maintain large databases of customer contact information, and although most large email hosting and marketing services tout major security precautions to ensure the privacy of customer data, sometimes breaches of security occur.

Epsilon Data Management, subsidiary of Plano, Texas-based Alliance Data Systems, is a major multichannel marketing group, and calls itself "the world's largest permission-based email marketing provider", have recently admitted to a security breach which comprimised the email addresses of millions of users. While nothing more than names and email information was leaked, unfortunately a lot of people across the internet are going to have to expect a surge in spam email.

Epsilon supposedly sends out over 40 billion emails annually, and counts over 2,500 clients, 7 of which are Fortune 10 companies which allow Epsilon to host their customer databases.

According to Securityweek.com:

"Some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing attacks to customers who expect communications from these brands. Being able to send a targeted phishing message to a bank customer and personally address them by name will certainly result in a much higher “hit rate” than a typical “blind” spamming campaign would yield. So having access to this information will just help phishing attacks achieve a higher success rate."

You can keep up-to-date on this breach of security with updated lists of corporations affected at SecurityWeek.com.

http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands

Also, here are some other sources of information concerning the breach:

http://nakedsecurity.sophos.com/2011/04/04/epsilon-email-address-megaleak-hands-customers-customers-to-spammers/

http://www.washingtonpost.com/blogs/faster-forward/post/epsilon_mail_marketing_firm_exposes_millions_of_names_addresses/2011/04/04/AFEPbabC_blog.html

To setup email filtering and security services for your small to medium-sized business, please contact us at Cavu Networks to get started and prevent the hassle of being on the receiving end of spam and undesireable emails.

Office and Outlook Corrupt Installations - Missing Files

2011-03-30T09:42:00.000-07:00

Every so often we must upgrade our Office or Outlook products to the latest and greatest version, or uninstall a product we no longer use because we've switched over to a new solution. Sometimes when we go to remove, repair or upgrade Microsoft Outlook or Office we run into a snag where the system tells us it cannot complete the function without the missing file known as SKU011.CAB, because it cannot be found.

The dialogue window which opens can be misleading, telling us we need to place the installation source disc in the machine and browse to where the missing file is located. If you are like some small to medium-sized businesses which have just recently gotten around to focusing on updating your software products, you may find that the original discs have gone missing, or the IT personnel you used when the business was a fresh start have disappeared or are no longer the same folks you use to perform your technology duties, and the software actually was with them.

In the case above, there is actually a simple and easy way to work around this issue by modifying the Windows registry. This corrupt installation issue is actually due to a value in the registry not being "0".

Now, before attempting to modify any registry data, check to see if you have staff comfortable doing this task as it can wreck your Windows profile if changes are made in error or if items are deleted by accident. Windows registry is no joke, it is literally a database of all the different components which Windows uses to function properly. Check to see if you have an assigned IT person, and if not, backup your registry before modifying any registry keys.

FIRST: BACKING UP WINDOWS REGISTRY DATA:

To backup Windows registry is a very simple matter which takes only a minute or two. Any time you need to edit the registry, you go to Start > Run, and in the dialogue box type "regedit" (without the quotation marks), and press Enter.

Open the Registry Editor by clicking the Start button , typing regedit into the Search box, and then pressing ENTER.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Locate and click the key or subkey that you want to back up.
Click the File menu, and then click Export.
In the Save in box, select the location where you want to save the backup copy, and then type a name for the backup file in the File name box.
Click Save.

Note:

Although you can back up more than the registry key or subkey that you are modifying, doing so adds to the size of the backup file.
Before editing the registry, it's a good idea to create a restore point using System Restore. The restore point contains information about the registry, and you can use the restore point to undo changes to your system. For more information, search Help and Support for "System Restore."

Fixing The Irritating Missing File Issue:

1. Click on your Start menu and select “Run…”

2. Once the dialogue box appears, type in 'regedit' and click “OK”

3. In the left tree structure, navigate to HKEY_LOCAL_MACHINE -> Software->Microsoft -> Office -> 11.0 -> Delivery.

4. There should be one entry under Delivery folder (e.g. {91E30409-6000-11D3-8CFE-0150048383C9} ), select that directory. (Don't select any other directory but this one, as this is specific to the issue shown at the top! If you cannot find it or are unsure, consult an IT professional!)

5. On the right side of the window, right-click on CDCache and select the first menu item ‘Modify’.

6. An ‘Edit String’ dialogue box will appear on your screen. Make sure to note the current value in this box incase you want to revert the changes that you have made. Change the value in the ‘Value Data:’ field to 0 and click ‘OK’. Once this is done, your registry will have been updated.

7. This completes the necessary changes that need to be made in order to fix the error message that appears in figure 1. Now that you are done, close all the windows that you opened and restart your Microsoft Office product.

An excellent resource for screenshots so that you may follow the steps visually can be found here at http://www.sku011cab.com/

Now you should be able to add/remove, change, repair or upgrade the Office product without that nasty error popping up.

Again, make sure you or someone in your office is comfortable backing up and modifying the registry data, it could save you much time and frustration going forward!

Clickjacking on Facebook

2011-03-01T08:45:00.000-08:00

Another week is here with another means for scammers to utiliize Facebook's user-interactive malady, the "Like" button. Apparently, Facebook rightly seems to consider having to confirm that you "Like" something a little time-consuming. Due to this, it is a prime candidate for scammers to use for their ill-intent.

Lots of people follow celebrity goings-on and are excited when they think they're being directed via a Facebook fan-page to a rare video clip or photo which wasn't published through the normal, official channels. Because of this, misuse of such false links has become viral.

As explained in the following article by Sophos, a user can more easily protect themselves by installing the "NoScript" add-on for Firefox and the similar "NotScripts" for Google's Chrome browser. This allows you to choose when and where you want scripts to run so if you catch yourself on a page which looks a bit ...off...or not what you expected when you clicked the link to take you there, it is already blocking scripting until you give it the OK.

- Matthew Siers

*****************************************************

http://nakedsecurity.sophos.com/2011/03/01/lost-all-respect-for-emma-watson-facebook-clickjacking-attack-spreads-virally/

From Sophos' Naked Security: News. Opinion. Advice. Research

Lost all respect for Emma Watson? Facebook clickjacking attack spreads virally

Hi there! If you're new here, you might want to subscribe to the RSS feed for updates. X

by Graham Cluley on March 1, 2011 | Comments (1)

Filed Under: Featured, Social networks, Spam

Emma Watson, the actress who plays the part of Hermione Granger in the Harry Potter movies, has found herself the subject of a clickjacking scam on Facebook.

Users of the social network have seen messages posted by their online friends claiming to have lost all respect for Emma Watson, after watching a video starring the young actress.

I lost all respect for Emma Watson when I seen this video! Outrageous!

If you're curious enough to click on the link, your browser will be taken to a webpage which pretends to be a YouTube-style video site called FbVideo.

If you've got this far, you'll probably be tempted to click to view the video. However, like the many clickjacking attacks we saw on Facebook last year, you will be invisibly clicking on a "Like" button without your knowledge, sharing the link further with your friends.

The page is designed to display a survey scam, which both earns money for the scammers and can trick you into handing over your mobile phone number to sign you up for a premium rate SMS service.

You can protect yourself from clickjacking threats like this by using browser plugins such as NoScript for Firefox.

But wouldn't it be great if Facebook required users to confirm that they wished to "Like" a webpage? That would make scams like have a harder time spreading virally via the social network.

By the way, other versions of the scam are using the names of Miley Cyrus.

If you find you have accidentally "Liked" an offending webpage, remove references to it from your wall and check your profile settings.

As Chet pointed out with a similarly-themed Justin Bieber clickjacking scam on Facebook, it can also make sense to logout from Facebook when you are not actively using it to reduce the chances of you being tricked into "Liking" things you don't really like.

If you're a Facebook user and want to keep up on the latest threats and security news why don't you join the Sophos Facebook page?

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

About the author

Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which is very cool. His awards cabinet bulging, he was voted "Best Security Blogger" by the readers of SC Magazine in 2011. You can contact Graham at gc@sophos.com, or for daily updates follow him on Twitter at @gcluley.

View all posts by Graham Cluley

Major Changes at Facebook, Be Prepared!

2011-02-15T14:45:00.001-08:00

There are some major changes brewing behind the doors at Facebook, wherein the designers have planned to mesh together all the various forms of internet-based communication in order to solidify the trend of "all-in-one-social-network-computing". One main portion is there will be new Facebook email accounts. You may wish to read the pros and cons of such a move, because it will affect you or someone you know, and it's best to be aware of both the threats and the benefits before it becomes widely implemented.

Unfortunately, there is a general misunderstanding of the proper use of privacy settings and overall social-network security. Even if you have your account locked down with privacy settings you feel safe with, those in your networks often do not, and these people have access to your page.

To read more detail about the upcoming changes, please check out the article written at Sophos below.

http://nakedsecurity.sophos.com/2010/11/15/faq-security-and-facebooks-new-messages-system/

Outbreak: United Parcel Service notification malware attack

2011-02-14T12:01:00.000-08:00

Be careful about any notifications from UPS via email about a delivery they are trying to make to you. The bad guys are an image this time which tricks you to click on a link. Be safe and read the details on the excellent security site from Sophos.

- John

That's Not Pizza In The Oven! - Interesting Approach to a Printer Fix

2011-02-10T10:15:00.000-08:00

Ever have an epic failure in an electronic device which you simply couldn't resolve and knew it would cost more to get it fixed than to have the device repaired?

Even as an IT professional, this will occur once in a while. Sometimes you're given a 'bricked' device to dispose of or fix.

One client of ours had a failed printer, and after much poking, prodding and analyzing we simply couldn't get a response from the printer which was recognizable in the support documentation. The light status was completely wonky and in order to get further support assistance, we'd have had to spend money. However, John got online and did further due-diligence and discovered that this particular printer has a very interesting resolution for the symptoms we were seeing.

The printer is a HP Laserjet P2015dn. Apparently the formatter board on this model often fails as the lifetime of the machine progresses. We found some suggestions that you can remove the circuit board from this thing, and bake it in the oven for 8 minutes at 350 degrees, it would fix the problem. The heat softens the soldering so that it flows just enough to improve the connection of the circuitry. John rolled up some aluminum foil and placed it on the four points of the board to keep it off of the cookie sheet itself.

Yesterday we were laughing about this solution he found online. I thought to myself: "No way: this sort of thing has got to be a prank." I was wrong! Today I re-attached the formatting board he baked last night, and the printer is now functioning as expected. Go figure.

Is Comcast helping fake-AV criminals?

2010-10-04T22:33:00.000-07:00

From our friends at Sophos, Chester Wisniewski's blog post from October 4th, 2010 discusses Comcast's announcement that they are beginning a nationwide roll out of their "Constant Guard" botnet detection service. He points out a real concern raised by Comcast's plan: that this is creating a tremendous opportunity for fake AV/scareware criminals. Click the link below to read more.

http://www.sophos.com/blogs/chetw/g/2010/10/04/comcast-provide-opportunities-fake-av/

Important: ASP.NET Security Vulnerability

2010-09-23T09:54:00.000-07:00

Microsoft has released a Microsoft Security Advisory about a security vulnerability in ASP.NET.

This vulnerability exists in all versions of ASP.NET and will effect web based applications.

Scott Guthrie from Microsoft has written a good blog about this vulnerability here, including a FAQ here

HIPAA Compliance with Privacy and Security Rules

2010-08-08T22:05:00.000-07:00

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 allow the federal government to mandate the ways in which health care organizations store and transmit individuals’ personal health information.

Your Information technology (IT) partner should understand how The Privacy Rule and The Security Rule effect implemented systems and software.

The Privacy Rule

The Privacy Rule establishes minimum Federal standards for safeguarding the privacy of individually identifiable health information.

Health plans, health care clearing houses, and certain health care providers my comply with this Rule.

Individuals are given certain rights by the Privacy Rule including access to health information records and when certain types of health information is shared with other people and organizations.

The Security Rule

Companies who are covered by HIPPA are also required to take specific steps to protect Electronic PHI (ePHI).

All security requirements can be defined as one of three basic safeguards:

administrative

physical

technical

Basic requirements include

Adopting policies and procedures to protect ePHI

Adopting policies and procedures to protect the security of patient information, including a policy on workstation use

Developing and implementing data access control procedures

Implement technical mechanisms to prevent unauthorized access

Establish a reporting and response system for confidentiality violations

The HIPAA Privacy and Security Rule requirements are designed to be technology neutral and scalable from the smallest to the largest companies and organizations. It is typically a custom combination of software and process which allows companies to be in compliance with the requirements of the Privacy and Security Rules.

I'll follow-up with another article describing more

2009 Annual Report on Computer Security

2010-01-20T16:49:00.000-08:00

PandaLabs, part of Panda Security, a leading provider of computer security solutions, has released their 2009 Annual Report on computer security.

Bottom line: It is pretty scary reading. 2009 was, without a doubt, a record-setting year for the creation of new threats and security issues. Cyber-criminals have become much better at making money from their malware and avoiding detection.

To read the report makes you feel that there is no way to be a user of computers safely these days. That isn't true (yet) but new solutions and security approaches are required as new threats are created. The amount of money made from malware in 2009 was more than any previous year so it is safe to safe that we will be seeing more of the same in 2010 and beyond.

Here are some highlights of the report:

25 million new strains of malware were identified in just one year, compared to a combined total of 15 million throughout the rest of Panda Security’s 20-year history.
Banker Trojans and fake antivirus programs topped the threat ranking
Social networks (Facebook, Twitter, YouTube or Digg) and SEO attacks were favored by cybercriminals for spreading malicious code
Politically motivated cyber-attacks significantly increased throughout 2009

Stayed tuned for my analysis as I read through the report but if you want to read it yourself you can find the pdf file here: 2009 Annual Report from PandaLabs.

Using Backup Assist with rSync.net servers

2010-01-15T12:04:00.000-08:00

I have been a fan of rsync.net services for a few years now and have always been looking for ways to improve automating backups to their servers. Backup Assist recently added Rsync protocol support in their v5 product and I've been eager to get it to work.

rsync.net's servers do not allow open access via the shell so I had to use the following steps to manual create and move the .ssh keys to the server:

1. Move any existing files out of the default location where Backup Assist stores the SSH keys.

Windows XP: “C:\Documents and Settings\All Users\Application Data\BackupAssist v5\.ssh”
Windows Vista/7: “C:\Programdata\Backupassist v5\.ssh.

2. In Backup Assist, configure the rSync server credentials and click on “Register with server” and ignore any errors.

3. Verify that three new files have been created in the local Backup Assist .SSH directory listed above. The files are:

Ba_id_dsa
Ba_id_dsa.pub
known_hosts

4. Rename the file “Ba_id_dsa.pub” to “authorized_keys”

5. Use WinSCP to connect to the rsync.net account you are configuring

6. Copy the local “authorized_keys” file in to the remote .ssh folder

7. Click on “Test connection…” in Backup Assist to confirm this worked.

8. If the test fails, restart at step 1 and verify that file time stamps on the local machine are current.

9. Disable the media usage report in the "rsync options" settings tab. The restrictions on the rsync.net server mean that the media usage report won't work either, but rsync.net provide other methods for getting server disk usage information.

Hope this information helps someone else!

Facebook Scam Artists Snag the F.C.C. Chairman

2010-01-04T09:49:00.000-08:00

This article in the New York Times is a good reminder of how easy it is for Facebook users to be tricked into compromising the safety and security of their Facebook accounts. Read about the Chairman of the F.C.C.'s travails here.

Facebook Privacy Changes Go Live; Understand the 'Everyone' settings

2009-12-09T11:38:00.001-08:00

Facebook has made important changes to their privacy options and every Facebook user should be aware of them.

The changes give users much better control of who sees your information, including being able to restrict viewing to an individual if you desire.

Settings include "only friends" and "friends of friends." A "customize" option allows users to show or hide a post from specific individuals or user-created lists. The options are available by clicking on a new "lock" icon that appears next to the "share" button when a Facebook user updates their status. Any setting may be chosen as a default and the default option may be changed as desired.

Especially important is the new "everyone" setting that determines whether a Facebook post will be seen on other services, such as in Google search results. Here is a description of the "Everyone" setting:

"Information set to 'everyone' is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations.

The default privacy setting for certain types of information you post on Facebook is set to 'everyone.' You can review and change the default settings in your privacy settings. If you delete 'everyone' content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook."

Read this post from Facebook to learn more.

New Security Alerts for Adobe Flash

2009-12-08T17:20:00.001-08:00

Adobe has released a new security bulletin titled: "APSB09-19 - Security updates available for Adobe Flash Player" which warns of "Critical vulnerabilities that have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system."

Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted.

Be careful at the Adobe Flash Player Download Center page as they will ask if you want to download and install a McAfee security scan program at the same time. If you have a working anti-virus solution, which is up to date with definitions, you should uncheck the option to download the McAfee program.

On-line safety - Firefox and NoScript

2009-11-15T20:24:00.000-08:00

If you've been a client of Cavu Networks then you have been told that running Firefox as your primary Internet browser is preferred. There is a terrific Firefox Extension called NoScript that makes it even safer and is highly, highly recommended.

The NoScript Firefox extension provides extra protection for Firefox. This free, open source add-on stops potentially dangerous scripts and applets (JavaScript, Java, Flash and other plugins) from being run. NoScript also provides the most powerful Anti-Cross Site Scripting (XSS) protection available in a browser.

You can download and install NoScript here: http://noscript.net/. You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon. There is also a good video called "Using NoScript" on YouTube which describes how to use NoScript which was contributed by John Wilkerson.

Voice-over-IP Helps Pediatrics Clinic Manage High-demand for H1N1 and Seasonal Flu Vaccines

2009-11-12T18:07:00.000-08:00

One of Cavu Networks' clients is a pediatric clinic which has been working very hard to distribute seasonal and H1N1 flu vaccines to their patients in a fair and timely manner.

Last year, when there were no H1N1 issues, they were successful in having "drop-in flu clinics" using a first-come-first-served model. This year has been very different.

The problems this year are multiple: they have very little notice when they will be receiving vaccines from the state (H1N1 or seasonal), they don't know what form it's in (nasal mist or injection), they don't know how many doses they are going to receive and the demand for the vaccine has been very high.

A little more than a week ago they held a drop-in, first-come-first-served flu clinic and the turnout was overwhelming: 300 patients with 400 shots given in 3 hours with long lines of 1-2 hours leading to total staff and MD exhaustion. The line of people literally went out the door and around the building forcing families with young children to wait outside, though luckily, the weather was mild and dry. It was obvious that it was not a sustainable model.

Trying to pre-schedule patients for future flu clinics became the objective. There wasn't enough time to implement a self-scheduling website, but there was time to develop a telephone based scheduling system.

Their existing telephone lines were already clogged by people calling the main numbers to ask if there was flu vaccine available and when the next clinic would be. We decided to use a SIP trunk to provision a new telephone number. Using the VoIP capabilities of their Talkswitch small-business phone system to handle the new number was simple. Viola! A "Flu Hot Line" was created.

The flu hot line number was published on their website and added to the opening message of the main numbers. When the next batch of vaccines arrived they used the capabilities of the Talkswitch to direct the incoming flu hot line callers to a staff member who scheduled the caller. This kept the main telephone numbers clear of flu vaccine and flu clinic related calls.

After a flu clinic is scheduled the doctors are able to review each patient's electronic chart and flag if the patient will be receiving the seasonal flu, the H1N1, or both vaccines. The result: minimal waiting for families; prepared doctors and staff; and an efficient, smooth and calm 3 hour flu clinic. Success!

Fake Facebook e-mail “Subject: updated account agreement”

2009-11-08T11:20:00.000-08:00

The latest actions directed towards Facebook users is an email telling the users that their Facebook agreement has been modified and they need to accept the new agreement. The agreement is attached as a .ZIP file.

It goes without saying (I hope) that this is fake and malicious and that users should never open file attached from someone they don't personally know and expect an attachment from. If this attachment is run it installs a trojan on the user's computer.

The e-mail looks like this:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

Thanks to the Sophos Labs blog for this valuable information.

Fake Microsoft Outlook Security Update

2009-06-25T11:43:00.000-07:00

There is an e-mail circulating with the subject "Microsoft Outlook Critical Update" which is very real looking, but very fake and dangerous.

The URL pointing to the "critical update" looks legitimate, but hovering over the hyperlink (or checking the source code of the mail) will show that the link leads to a totally different destination.

Sophos Labs indicates that the URL leads to the download of "a backdoor banking Trojan which allows a remote user to access and steal sensitive data and provides an intruder with remote access to the compromised system."

Remember that Microsoft will never send updates via a direct e-mail. Updates should be installed directly from the official Microsoft Update website at http://update.microsoft.com.

Welcome to the Cavu Networks blog

2009-06-25T10:22:00.000-07:00

Welcome to the blog for Cavu Networks. We will use this blog to present and discuss information, tips and news worthy items about small business technology to our customers and colleagues.