Posts Tagged ‘Symantec’

Microsoft Security Roundup

Major Nelson says we weren’t hacked, in reference to accusations that some accounts were hacked into and taken by other users, and says there is no evidence that there was any compromise at all of their security on Xbox Live.

Despite some recent reports and speculation, I want to reassure all of our 6 million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of the Xbox Live Network or Bungie.net. There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their LIVE account. This is a good time to remind our members that they should never give out any of their personal information. Additionally it may be a good idea to download this free PDF file from Microsoft.com ‘ Help Protect Yourself Against Identity Theft? that gives you some excellent information and tips on how to protect yourself. Source: Xbox Live Security

But this website, Security Focus, lists how you do it, and it is a simple social engineering technique, you call them up and say hey, my Xbox crashed or my friend changed my password, of course, they won’t do it for you right off the bat, you need to keep calling and picking out bits and pieces of the info that you need.

“We here at Infamous steal at least 10 accounts a day depending on there (sic) levels,” claimed a site belonging to Clan Infamous, which bills itself as “the best account stealing + boosting clan” in Halo 2. “If you talk s**t we will mod on your account until it is banned. If the levels on it are good, we will use the Credit Card on your account to then change the gamer tag.”

The clan’s Web site, however, does detail the method its members use to steal accounts. Rather than hacking computer servers, the clan’s account stealers claim to rely on social engineering to convince support personnel at Microsoft—and its subsidiary Bungie Studios, the creator of the Halo game series–to help the attackers take control of the accounts. To do so, the players spin a story about something going wrong with their account–from a crashed box to a sibling changing the password–and ask for help “recovering” the data.

“You call 1-800-4my-xbox, pretend to be that person, make up a story about how your little brother put in the information on the account and it was all fake,” stated the Clan Infamous Web site. “You might get one little piece of information per call, but then you keep calling and keep calling, every time getting a little bit more information … once you have enough information you can get the password (and) the Windows Live ID reset.” Source: Account pretexters plague Xbox Live

So, no, they weren’t hacked, technically, but they are being socially engineered out of the info and helping them take the accounts. One would think that Microsoft would keep record of the calls made about each account, then it would be easy to tell if this is really happening.

And other news I’m sure Microsoft is just loving, they were declared Most Secure OS by Symantec, a company who isn’t to happy with Microsoft right now because of the Patch Guard stuff. The report is Internet Security Threat Report, and it is summed up nicely on the Internet News site.

The report found that Microsoft (Quote) Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.

During this period, 39 vulnerabilities, 12 of which were ranked high priority or severe, were found in Microsoft Windows and the company took an average of 21 days to fix them. It’s an increase of the 22 vulnerabilities and 13-day turnaround time for the first half of 2006 but still bested the competition handily.

Red Hat was next requiring an average of 58 days to address a total of 208 vulnerabilities, Mac OS X had 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes and HP-UX from Hewlett Packard and Solaris from Sun, HP-UX had 98 vulnerabilities in the second half of 06 and took 101 days to fix them, while Sun took on average 122 days to fix 63 vulnerabilities. Sun said they don’t know where Symantec got their numbers because they were way off.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 22, 2007 at 8:31 pm

Categories: Microsoft News, Security   Tags: , , , ,

Internet Security Threat Report and How to Avoid Most Threats

Symantec has released the latest copy of their Internet Security Threat Report, and, not surprisingly, the nature of the threats are becoming more economical in nature. As more and more criminal activity moves to the web, it will just keep getting worse and worse, it’s too easy for people to take advantage of other people in today’s internet, I can make a fake email right now for paypal and spam it around the internet and probably have people’s login details the first day, and I’ve never, ever done anything like that before, that’s how easy it is. It’s way to easy to fashion a piece of spyware as well, distribute it through security holes and other bad websites across the web and be knocking down great money in no time.

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, and future trends. The latest report, released March 7, is now available.

This volume of the Internet Security Threat Report offers an overview of threat activity that took place between July 1 and December 31, 2005. In this edition, the new threat landscape is shown to be increasingly dominated by attacks and malicious code that are used to commit cyber crime, criminal acts that incorporate a computer or Internet component. Attackers have moved away from large, multipurpose attacks on network perimeters and toward smaller, more focused attacks on client-side targets.

The threat landscape is coming to be dominated by emerging threats such as bot networks and customizable modular malicious code. Targeted attacks on Web applications and Web browsers are increasingly becoming the focal point for cyber criminals. Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud, for financial gain.

Over the last six months of 2005, Symantec detected an average of 1,402 Denial of Service (DoS) attacks per day. This is an increase of 51 percent from the first half of 2005, when Symantec detected an average of 927 DoS attacks per day. Source: Symantec.

I wish I could teach everyone how to use the internet in one big session, but I’ll try to do as many here as I can.

1) Never, ever click on any links in your emails, like the ones you get from eBay and paypal, etc, always type it in the address bar in internet explorer or fire fox, or whatever browser you are using. It’s way to easy to make a fake email that looks like it came from paypal, you click on a link and try to login to a website that looks like paypal, and they have your paypal info right then and can start spending your money immediately.

2) You can see exactly where a link goes on any webpage, all you have to do is hold down the mouse button when you click on a link, and you can see where the link goes in the bottom of internet explorer, if you want to go there, simply release the button, if you don’t, keep the button held down and slide your mouse away from the link, and it will not cause the click to happen.

3) Nothing is free on the internet, it will cost you in some way. Most, not all, but most, free screensaver sites load some form of adware or spyware if it doesn’t cost you anything to purchase it. A lot of game sites, and celebrity sites will do the same thing, as they have to pay for all the bandwidth they are using.

4) When installing software, there is always a license agreement, read it. I know, I know, no one reads these things, but at least scan through them as they are supposed to list in it if they install any other software.

5) Do NOT forward anything that says forward to everyone or ten people or whatever. None of it works, none of it is true, it’s sole reason for existing is to waste bandwidth, and that is exactly what happens when you forward this latest email to everyone you know.

6) When posting on forums or wherever, do a search while you are there first, if it is a common question, the answers will already be there and no one will be calling you noob or newbie and telling you to search for the answer first.

7) Don’t believe everything you read, even the big news sites get things wrong some days, although they are usually the most trustworthy, just like this site. ;)

8) If you like a site, support it by buying stuff through their links, or donating if they have a donate button. It does cost money to run a website, and the more popular it is, the more expensive it is.

9) Always have an anti virus program and an anti spyware program, the ones I like are Panda for anti virus, that link is for their free online scan, and X-Cleaner for anti spyware.

10) If you use a peer to peer network to get music, movies, whatever, you will end up with loads of spyware and you may get caught and possibly fined by the RIAA, or whoever is trying to stop the file sharing now. You have been warned.

Of course, these are for newbie?s and non technical people, if you know anything about computers, then you probably already know these.

Symantec’s latest Internet Security Threat Report, to be issued on March 7, 2006, analyzes data collected from over 24,000 security devices deployed in over 180 countries. It covers the six-month period from July 1 ? December 31, 2005 and includes analysis of network-based attacks, a review of known vulnerabilities, highlights of Adware, Spyware, and malicious code, an analysis of Spam and Phishing data and a forward looking analysis in Future Watch.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 9, 2006 at 12:10 pm

Categories: Reviews, Spyware Info, Tech News, Virus Info   Tags: , , , , , , ,

John Thompson is no Complainer

In an article posted at news.com, John Thompson, CEO of Symantec, says we’re not going to whine about Microsoft competing with us in the security arena, and let’s face it, given Microsoft’s record with security, you can’t really blame him.

Microsoft is set to enter the security arena next year, but Symantec won’t compete by complaining to antitrust regulators or suing the software giant.

“We’re not looking to go whining to the EU or the DOJ for anything,” Symantec Chief Executive Officer John Thompson said Tuesday, referring to the European Union and the U.S. Department of Justice. Thompson was responding to questions from reporters after an event at the Commonwealth Club here.

Symantec, based in Cupertino, Calif., has responded to questions from EU competition authorities about its role in the security industry but has no intent to file a complaint about Microsoft, Thompson said.

“We’re not involved with anything with the EU,” Thompson said. “We don’t need competition in the courtrooms.” Instead, Thompson said Symantec will compete with its products, which he said are superior those Microsoft has yet to launch.

My experience with Symantec’s antivirus products has generally been good and a positive experience overall, although we did standardize on McAfee VirusScan, which I think is a better product. BUT, that does not be any stretch mean I wouldn’t dump them for a better product from Microsoft, especially if that product came already installed and ready to go. Microsoft may not do everything well, but they aren’t afraid to buy a company who does do it well and go from there. I like their anti spyware product and it’s ease of use, even though I don’t like some of the companies they mark as ignore, so there are tradeoff’s in almost every product. I’ll be cautiously pessimistic as always and try it out when they release it.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 12, 2005 at 1:04 pm

Categories: Microsoft News, Virus Info   Tags: , , , , ,

Mozilla More Vulnerable than IE

A report from Symantec has stated that Mozilla Web browsers are currently potentially more vulnerable to attack than Microsoft’s Internet Explorer (IE), and it also said that today’s hackers are still focusing their efforts on IE. This makes sense since that’s the largest installed base and a bigger target for hackers, virus writers, etc. Whatever browser has the most users will have the most people trying to hack it, it won’t matter how good their security is, they will still try to find a way to exploit the browser.

Mozilla browsers, such as the popular Firefox, have always been seen as more secure than IE, which has suffered many security problems and exploits in the past. Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, insisted earlier this year that all of the Mozilla browsers were fundamentally more secure than IE, and would not face as many problems as IE even as their marker share grows. But Symantec’s Internet Security Threat Report Volume VIII contains data for the first six months of this year that may not agree with this perception.

There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.

Sure. There are always different ways you can spin stories, and always something that’s not included. From, news.com.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 19, 2005 at 10:23 pm

Categories: Tech News   Tags: , , ,