05. September 2010 · Comments Off on Ping drowning in scams and spam · Categories: Fraud · Tags: , , , , ,

Via NetworkWorld, Sophos is reporting that Ping, Apple’s new social network add-on to iTunes, is “drowning in scams and spam.”  Sophos says, “Apple has not implemented any form of automated spam or URL filtering in Ping,” although they do appear to be filtering profile photos for obscenity and copyright infringement.

This comes on top of other generally negative reviews of Ping:

Can Ping be saved?

Apple’s Ping is a big pile of steaming dung

Ping is neither social, nor is it a network. Discuss.

The biggest issue seems to be lack of integration with Facebook.

02. August 2010 · Comments Off on To block or not to block social media like Facebook · Categories: Palo Alto Networks, Policy Management · Tags:

Via ReadWriteWebEnterprise, Cisco’s Mid-Year Security Report notes that:

50% of end users admitted to accessing social media tools at work, in spite of company rules, at least once a week. Another 27% have changed the settings on a company device to access prohibited sites or applications. The report notes the security risks, and potential for lost productivity, Facebook and other social media sites present, but doesn’t recommend enterprises block social media sites entirely.

Citing both worker morale and the potential to use the tools for work-related activities, Cisco recommends better security education and social media policies in the work place instead of technical restrictions that employees would likely route-around anyway.

The article also notes Palo Alto Networks’ social media policy capabilities. We believe that Palo Alto Networks, our partner, by far has the most complete social media policy options available.


02. August 2010 · Comments Off on Details of 100 million Facebook users published – lazy consumer marketers love it · Categories: Privacy, Security-Compliance · Tags:

ITPRO reported that Ron Bowes, a hacker/security consultant from Skull Security, gathered the personal details of 100 million Facebook users from Facebook’s user directory using Facebook’s standard APIs, and published them in a downloadable file on Pirate Bay.

I suppose that Ron only got 20% of the Facebook population is a reflection of how most people have set their privacy settings. This jives (via ars technica) with a study conducted by researchers at Northeastern and Harvard and published in First Monday showing that college students do in fact care about their privacy on Facebook.

Or maybe Facebook does not really have 500 million users.

What’s even more interesting, are the lazy consumer oriented companies that downloaded the file! I say lazy because they could have done the same thing themselves. Gizmodo, published the list of companies!

05. July 2010 · Comments Off on Koobface trojan continues to plague Facebook · Categories: Malware, Next Generation Firewall, Palo Alto Networks, Security-Compliance, Social Engineering · Tags: ,

Trend Micro’s research lab is reporting that the Koobface trojan continues to put unsuspecting Facebook users at risk. Because Koobface is really a bot, its Command & Control infrastructure can and does change the message and the link you receive to lure you a page that will download the Koobface trojan onto your system.

You could ask, why can’t Facebook eradicate Koobface? Apparently, they are not seeing a significant number of users canceling their accounts due to Koobface and other malware to warrant the investment.

Why not simply block Facebook? If the business side of the organization (sales and marketing) is OK with that, then blocking Facebook in the office is a reasonable step. There are two issues to consider:

  1. Increasingly, sales and marketing departments want to take advantage of Facebook and other social networking sites to reach current and prospective customers.
  2. Even if you do block social networking sites in the office, laptop users who travel or just use their laptops at home are at risk of being exploited by malware from social networking sites.

Palo Alto Networks’ next-generation firewall solves the first issue today and has announced GlobalProtect, which will solve the second issue in its next release at the end of 2010.

26. April 2010 · Comments Off on Google discovers privacy flaw in Facebook Graph API · Categories: Privacy · Tags: , , ,

The UK-based Guardian posted a story today that an engineer from Google discovered a flaw in Facebook's Graph API where all events you have participated in or are planning to participate in cannot be kept private.

My reactions are (1) given Facebook's privacy policy trajectory, I am not surprised, and (2) given the threat that Facebook represents to Google, I am not surprised that a person from Google found the flaw.

If anything is going to blunt Facebook's popularity, it's going to be privacy issues. And I say this despite the long history of consumers willingness to give up privacy to gain convenience, e.g. Debit Cards.

Symantec's Hon Lau, senior security response manager, is reporting that the Koobface worm/botnet began a new attack using fake Christmas messages to lure Facebook users to download the Koobface malware.

This again shows the flexibility of the command and control function of the Koobface botnet. I previously wrote about Koobface creating new Facebook accounts to lure users to fake Facebook (or YouTube) pages.

These Facebook malware issues are a serious security risk for enterprises. While simply blocking Facebook altogether may seem like the right policy, it may not be for two reasons: 1) No access to Facebook could become a morale problem for a segment of your employees, and 2) Employees may be using Facebook to engage customers in sales/marketing activities.

Network security technology must be able to detect Facebook usage and block threats while allowing productive activity.

22. November 2009 · Comments Off on Koobface botnet creates fake Facebook accounts to lure you to fake Facebook or YouTube page · Categories: Botnets, IT Security 2.0, Malware, Network Security, Next Generation Firewalls, Risk Management, Security Policy · Tags: , ,

TrendMicro's Malware Blog posted information about a new method of luring Facebook users to a fake Facebook or Youtube page to infect the user with the Koobface malware agent. 

The Koobface botnet has pushed out a new component that automates the following routines:

  • Registering a Facebook account
  • Confirming an email address in Gmail to activate the registered Facebook account
  • Joining random Facebook groups
  • Adding Facebook friends
  • Posting messages to Facebook friends’ walls

Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook. All Facebook accounts registered by this component are comparable to a regular account made by a human. 

Here is yet another example of the risks associated with allowing Facebook to be used within the enterprise. However simply blocking Facebook may not be an option either because (1) it's demotivating to young employees used to accessing Facebook, or (2) it's a good marketing/sales tool you want to take advantage of.

Your network security solution, for example a next generation firewall, must enable you to implement fine grained policy control and threat prevention for social network sites like Facebook.

I just received an email advertisement from a "Web 2.0 security" vendor recommending that I use its product to block the evil Facebook. This is rather heavy handed.

Sales and marketing people want to use Facebook to reach prospects and interact with customers.
Sure there are issues with Facebook, but an all-or-nothing solution does not make sense. A more granular approach is much better. I discussed this issue recently in a post entitled, How to leverage Facebook and minimize risk.

17. September 2009 · Comments Off on How to leverage Facebook and minimize risk · Categories: Application Security, IT Security 2.0, Network Security, Web 2.0 Network Firewalls · Tags: , , , ,

Marketing and Sales teams can benefit from using Web 2.0 social networks like Facebook to reach new customers and get customer feedback. It's about conversations rather broadcasting. So simply denying the use of Facebook due to security risks and time wasting applications is not a good option, much as in the 90's denying access to the Internet due to security risks was not feasible.

IT Security 2.0 requires finer grained monitoring and control of social networks like Facebook as follows:

  1. Restrict access to Facebook to only those people in sales and marketing who legitimately need access.
  2. Facebook is not a single monolithic application. It's actually a platform or an environment with many functions and many applications, some of which are pure entertainment and thus might be considered business time wasters. Create policies that restrict usage of Facebook to only those functions that are relevant to business value.
  3. Monitor the Facebook stream to detect and block incoming malware and outgoing confidential information.

Palo Alto Networks, which provides an "Application/User/Content aware" firewall (is that a mouthful?), appears to be able to provide such capabilities. Perhaps we might call it a Web 2.0 network firewall.

Is anyone aware of another firewall that can provide similar functionality?