Facebook Password Reset Confirmation! Your Support.

WARNING: beware of email that claims to be from Facebook.

The subject line usually reads like this:
Facebook Password Reset Confirmation! Your Support.

The body of the email reads:
Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

Attachment Converted: “c:\Facebook_password_Nr63971.zip”

———————

The attachment carries a payload of malicious software. Do NOT unzip the file.

Game Theory For Security

GameSec 2010 – Conference on Decision and Game Theory for Security 22-23 November 2010, Berlin, Germany
www.gamesec-conf.org

Industry Gold Sponsor: Deutsche Telekom Laboratories
Industry Silver Sponsor: Frauenhofer Heinrich Hertz Institute

Technical co-sponsors: IEEE Control System Society, Internatational Society of Dynamic Games

GameSec 2010, the inaugural Conference on Decision and Game Theory for Security will take place on the campus of Technical University Berlin, Germany, on November 22-23, 2010.

Securing complex and networked systems and managing associated risks become increasingly important as they play an indispensible role in modern life at the turn of the information age. Concurrently, security of ubiquitous communication, data, and computing pose novel research challenges. Security is a multi-faceted problem due to the complexity of underlying hardware, software, and network inter-dependencies as well as human and social factors. It involves decision making in multiple levels and multiple time scales, given the limited resources available to both malicious attackers and administrators defending networked systems.

GameSec conference aims to bring together researchers who aim to establish a theoretical foundation for making resource allocation decisions that balance available capabilities and perceived security risks in a principled manner. The conference focuses analytical models based on game, information, communication, optimization, decision, and control theories that are applied to diverse security topics. At the same time, the connection between theoretical models and real world security problems are emphasized to establish the important feedback loop between theory and practice. Observing the scarcity of venues for researchers who try to develop a deeper theoretical understanding of the underlying incentive and resource allocation issues in security, we believe that GameSec will fill an important void and serve as a distinguished forum of highest standards for years to come.

Topics of interest include (but are not limited to):
* Security games
* Security and risk management
* Mechanism design and incentives
* Decentralized security algorithms
* Security of networked systems
* Security of Web-based services
* Security of social networks
* Intrusion and anomaly detection
* Resource allocation for security
* Optimized response to malware
* Identity management
* Privacy and security
* Reputation and trust
* Information security and watermarking
* Physical layer security in wireless networks
* Information theoretic aspects of security
* Adversarial machine learning
* Distributed learning for security
* Cross-layer security
* Usability and security
* Human behavior and security
* Dynamic control of security systems
* Organizational aspects of risk management
* Cooperation and competition in security
* and more…

Revoking Security Access Is Not Enough

A California man has been arrested for interfering with computers at the California Independent System Operator (Cal-ISO) agency, which controls the state’s power transmission lines and runs its energy trading markets. Even though Lonnie C. Denison’s security access had been suspended at the request of his employer because of an employee dispute, he allegedly gained physical access to the facility with his card key. Once inside, Denison allegedly broke the glass protecting an emergency power cut-off station and pushed the button, causing much of the data center to shut down. Cal-ISO was unable to access the energy trading market, but the power transmission grid was unaffected.

– SANS

Passwords

Use a password in only one place.
Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don’t enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.
– SANS

Census Campaign Warning

US-CERT asks users to be vigilant during the U.S. Census Bureau’s 2010 Census campaign and to watch for potential census scams.

According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to complete the census is by filling in the form using pen and ink; in some instances, census takers will be visiting households to complete the form face-to-face. It is important to understand that the U.S. Census Bureau will not, under any circumstances, be providing an online option to complete the 2010 census form.

US-CERT encourages all residents in the United States to take the following measures to protect themselves:

•Review available information about the 2010 U.S. Census on the website.
•Familiarize yourself with what information the U.S. Census Bureau is collecting on the census form.

•Do not follow unsolicited web links of attachments in email messages.
•Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
•Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Understanding Your Computer: Web Browsers

Web browsers allow you to navigate the internet. There are a variety of options available, so you can choose the one that best suits your needs.

How do web browsers work?
A web browser is an application that finds and displays web pages. It coordinates communication between your computer and the web server where a particular website “lives.”

When you open your browser and type in a web address (URL) for a website, the browser submits a request to the server, or servers, that provide the content for that page. The browser then processes the code from the server (written in a language such as HTML, JavaScript, or XML) and loads any other elements (such as Flash, Java, or ActiveX) that are necessary to generate content for the page. After the browser has gathered and processed all of the components, it displays the complete, formatted web page. Every time you perform an action on the page, such as clicking buttons and following links, the browser continues the process of requesting, processing, and presenting content.

How many browsers are there?
There are many different browsers. Most users are familiar with graphical browsers, which display both text and graphics and may also display multimedia elements such as sound or video clips. However, there are also text-based browsers. The following are some well-known browsers:

•Internet Explorer
•Firefox
•AOL
•Opera
•Safari – a browser specifically designed for Macintosh computers
•Lynx – a text-based browser desirable for vision-impaired users because of the availability of special devices that read the text

How do you choose a browser?
A browser is usually included with the installation of your operating system, but you are not restricted to that choice. Some of the factors to consider when deciding which browser best suits your needs include

•compatibility – Does the browser work with your operating system?

•security – Do you feel that your browser offers you the level of security you want?

•ease of use – Are the menus and options easy to understand and use?

•functionality – Does the browser interpret web content correctly? If you need to install other plug-ins or devices to translate certain types of content, do they work?

•appeal – Do you find the interface and way the browser interprets web content visually appealing?

Can you have more than one browser installed at the same time?
If you decide to change your browser or add another one, you don’t have to uninstall the browser that’s currently on your computer—you can have more than one browser on your computer at once. However, you will be prompted to choose one as your default browser. Anytime you follow a link in an email message or document, or you double-click a shortcut to a web page on your desktop, the page will open using your default browser. You can manually open the page in another browser.

Most vendors give you the option to download their browsers directly from their websites. Make sure to verify the authenticity of the site before downloading any files. To further minimize risk, follow other good security practices, like using a firewall and keeping anti-virus software up to date (see Understanding Firewalls, Understanding Anti-Virus Software, and other US-CERT Cyber Security Tips for more information).

School Sued for Spying on Students with Webcams

The Lower Merion School District has been accused of spying on students through webcams on their laptops.

“While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” said Superintendent Christopher W. McGinley. “This notice should have been given, and we regret that was not done.”

“Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” said McGinley.

Security Note: Beware of webcams and microphones on your computer. If they are connected, it is possible for someone to remotely control these devices. They can see you. They can hear you.

$59 Computer Scam

There is a “pump and dump” circulating about “The $59 Computer”. A pump and dump scam usually happens with penny stock trades. A stock that sells for pennies is purchased and hyped by a “research” firm. When the price goes up from the fraudulent hyping, the originator of the scam sells their stock. When they dump, the stock price takes a dive and the scammed investors lose their money.

The research firm hyping the “secret” stock is Stansberry & Associates Investment Research. The name of the company use to be Porter Stansberry, Agora Inc. Porter Stansberry was fined by the SEC for fraud.

“An investment newsletter’s publisher and its editor have been hit with $1.5 million in financial penalties after a U. S. federal judge determined they defrauded their own subscribers in a securities scam.”

They changed their name a couple times. On October 24, 2005 they changed to its current name of Stansberry & Associates Investment Research, LLC.

Beware of a newsletter that starts like this:
“The Biggest Revolution since the Internet?”
~MIT’s Technology Review New “$59 Computer”
Hitting Chinese Markets It’s not a laptop, PC, or any computer you’ve ever seen or used. But it’s now being used by more than 100 of the world’s largest corporations, the Canadian Government, and more than 10,000 small businesses. Its next stop could unleash billions of dollars – and transform one tiny U.S. company into a juggernaut.”

Understanding How Your Computer Operates

National Cyber Alert System:

The operating system is the most fundamental program that runs on your computer. It serves as the basis for how everything else works.

What is an operating system?
An operating system (OS) is the main program on a computer. It performs a variety of functions, including

•determining what types of software you can install
•coordinating the applications running on the computer at any given time
•making sure that individual pieces of hardware, such as printers, keyboards, and disk drives, all communicate properly
•allowing applications such as word processors, email clients, and web browsers to perform tasks on the system (e.g., drawing windows on the screen, opening files, communicating on a network) and use other system resources (e.g., printers, disk drives)
•reporting error messages

The OS also determines how you see information and perform tasks. Most operating systems use a graphical user interface (GUI), which presents information through pictures (icons, buttons, dialog boxes, etc.) as well as words. Some operating systems can rely more heavily on textual interfaces than others.

How do you choose an operating system?
In very simplistic terms, when you choose to buy a computer, you are usually also choosing an operating system. Although you may change it, vendors typically ship computers with a particular operating system. There are multiple operating systems, each with different features and benefits, but the following three are the most common:

•Windows – Windows, with versions including Windows XP, Windows Vista, and Windows 7, is the most common operating system for home users. It is produced by Microsoft and is typically included on machines purchased in electronics stores or from vendors such as Dell or Gateway. The Windows OS uses a GUI, which many users find more appealing and easier to use than text-based interfaces.

•Mac OS X – Produced by Apple, Mac OS X is the operating system used on Macintosh computers. Although it uses a different GUI, it is conceptually similar to the Windows interface in the way it operates.

•Linux and other UNIX-derived operating systems – Linux and other systems derived from the UNIX operating system are frequently used for specialized workstations and servers, such as web and email servers. Because they are often more difficult for general users or require specialized knowledge and skills to operate, they are less popular with home users than the other options. However, as they continue to develop and become easier to use, they may become more popular on typical home user systems.

Editor’s Note: The Linux operating system is often the most secure and inexpensive. It is almost impossible to securely connect a Microsoft computer to the Internet.

Teach Your Kids How to Stay Safe on Social Networks

Better Business Bureau — The popularity of social networking continues to grow among kids. Social networking sites can provide a secure way for kids to connect with each other, but they can also be exploited for any number of nefarious purposes. Better Business Bureau recommends parents take specific steps to keep their kids safe online.

Kids of all ages are getting into social networking. According to iStrategy Labs the number of users on Facebook that are between the ages of 13 and 18 grew by 88 percent in 2009 to 10.7 million. While Facebook and MySpace require all users to be at least 13 years old, some sites are geared for children even younger.

“For some parents, their kids know more about computers and the Internet than they do, however, it’s important to remember that kids aren’t old enough to understand all of the various threats that lurk online,” said Alison Southwick, BBB spokesperson. “Even if they’re intimidated by technology, parents need to supervise their child’s computer use in the house as well as educate their kids on how to play it safe online.”

BBB offers the following tips for parents who want to help keep their kids safe online:

Explain the Difference Between Sharing and Oversharing – While social networking is about sharing photos, thoughts and experiences, explain to your kids that they should never share personal information such as phone numbers, address, bank account numbers, passwords or their Social Security numbers. Also talk about what constitutes inappropriate photos or language and stress the fact that—while you may be able to delete them—you can never fully take them back.

“Never talk to strangers” applies online too – One of the first rules we teach our kids is to never talk to strangers; remind them that the rule holds true when online. Even though chatting with a stranger online can seem harmless, the relationship can evolve and grow until the stranger has earned your child’s trust—and can then exploit it.

Set strict privacy settings – Social networking sites let users determine who they want to share information with. Talk to your child about restricting access to his or her profile to only friends or users in safe networks such as their school, clubs or church groups.

Keep the channels of communication open – Let your kids know that you are always ready to talk if they are ever threatened, bullied or feel uncomfortable about an experience they had online.

Join them online – If you haven’t already, set up your own account in the same social networks. This will help you better understand what social networking is all about. You can also then “Friend” your child and keep an unobtrusive eye on what they are doing.

Federal law requires sites collecting identifying information from children under 13 to get a parent’s consent first. Report concerns about data collection from children under 13 to the Children’s Advertising Review Unit of the Council of Better Business Bureaus at www.caru.org/complaint.

You can learn more about how to keep your kids safe online at http://www.onguardonline.gov/topics/net-cetera.aspx.