Symantec’s MessageLabs Intelligence has intercepted Easter ‘e-card’ spam emails offering a ‘2010 Easter 3D e-Card,'” a representative for Symantec tells WebProNews. “Spam authors are attempting to use the recent surge of interest in 3D media to increase the likelihood of people falling for their scam. The links that are supposed to allow the recipient to see the fabulous 3D card in reality link to a malicious executable file. Anyone who runs it hoping to see their card will be disappointed, as all they will get is an infected computer.”
In an exclusive interview, Dawn Cappelli of Carnegie Mellon University’s Software Engineering Institute, discusses:
- Insider threat trends;
- Biggest challenges for organizations looking to prevent crimes;
- Steps organizations can take to reduce risk.
Insider crimes are among the biggest threats to public and private sector organizations, yet too many groups continue to struggle to prevent or even detect these crimes. Dawn Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University’s Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT’s insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT.
Stay clear of Facebook Pages that offer $500 Whole Foods gift card giveaways. Several have been identified and shut down by facebook and Whole Foods employees, but scammers keep creating new ones.
The fan page asks Facebook users to add it as a fan, pushing awareness of the page through their Facebook networks, and then asks them to fill out a credit assessment and other forms that request personal information. The scam then uses a form of malware to crash users’ computers and the information they have entered is left vulnerable. Whole Foods and Facebook are taking action. It might be best to be wary of other giveaways on Facebook since the scammers could adapt their tactics.
Anyone that has read this blog for more than a week should be aware of the importance of running as a “normal user” instead of as root (UNIX/Linux) or administrator (Windows). It’s often hard to illustrate just how important this simple precaution is. To aid in that illustration, a report by BeyondTrust looks at how many security bulletins issused by Microsoft are mitigated by simply not running as administrator.
Despite the advances made by Microsoft to secure Windows by default, the fact remains that the first account created on a new system always has administrator capabilities. Most Windows users will take the first account available rather than think ahead and setup a less powerful account for everyday use, and will end up running as an administrator. That is convenient, but incredibly insecure.
Microsoft published 190 security vulnerabilities last year, and 121 of them are thwarted by running without administrator rights. That’s 64% mitigated by removing administrator rights! Breaking it down per product, the figures become even more interesting.
- Microsoft reported 55 Office vulnerabilities in 2009, and all of them are mitigated by removing admin rights.
- Of the 33 Internet Explorer issues reported, 94% were thwarted by removing admin rights.
- For Internet Explorer 8, 100% would be thwarted by removing admin rights.
- If we restrict the vulnerabilities to just Windows, we see that 53% can be mitigated by not running as admin.
The threat posed by the highest risk vulnerabilities, the ones that would allow arbitrary remote code execution, can be greatly reduced by not running day-to-day operations using an admin account: 87% of these attacks are ineffective when you simply do not run as administrator. All the more reason for Microsoft to stop making the administrator account avaialble as the first user created. Force the user to create a normal account after password protecting the admin account.