Facebook? More like FakeBook.

Jordan omo

Csec

10/20/2014

              So in recent news there is a bit of buzz regrading certain Facebook accounts. Specifically Facebook accounts created by the DEA (Drug Enforcement Agency) and no, these are not accounts for DEA agents these are fake accounts used to catch other criminals. This is all coming to light because of a letter written by Joe Sullivan (CSO of Facebook) which states.

           “We recently learned through media reports that the Drug Enforcement Administration (“DEA”) created fake Facebook accounts and impersonated a Facebook user as part of its investigation of alleged criminal conduct unrelated to Facebook. Although we understand that the U.S. Department of Justice is currently reviewing these enforcement practices, we write to express our deep concern about the DEA’s conduct and ask that the DEA cease all activities on Facebook that involve the impersonation of others.”

          The DEA was first discovered doing this with an account created for a woman who was arrested using information from her phone. After creating the profile the officer added photo’s of the woman, and added friends on her behalf, including a man who is a known fugitive. All of these actions are in direct violation of Facebooks policies and terms of service.

Flashlight Apps do more than shine light

In our society today, many people have a great desire for instant gratification. With  technology expanding at alarming rates, consumers have grown accustomed to having the world at their finger tips at the push of a button. Cell phones are used for far more than making a quick phone call  or sending a text message. Many people in our society now use cell phones for mobile banking, GPS services and mini computers among a plethora of other utilities, including flashlights.

A group of researchers at Snoopwall—a technology solution that detects and blocks spyware and malware has found that some of  the most widely used flashlight apps are preforming tasks that far exceed the requirements of a flashlight. Many of the top flashlight apps request permission to use GPS location,modify storage, change display settings and view network connections  among other permissions that are not at all necessary for a flashlight. The Snoopwall study showed that it did not seem to be any more safe to download from google play than it was to get them from 3rd party websites as Google Play does not closely analyze the apps it puts in the market place. All of the top 10 google play flashlights executed unnecessary functions to various degrees. Apple devices were found to be at a slightly smaller risk due to the hardened operating systems of iOS 7 and 8.

Snoopwall recommends that users who have downloaded one of the potentially malicious apps delete them and depending on the permissions the app was given, reset the phone. The company also recommends that consumers  slow down and pay closer attention to the permissions that they give apps, disable GPS  and bluetooth services when not in use.

The full article can be found at: http://www.tripwire.com/state-of-security/security-awareness/spying-flashlight-apps-reveal-user-inattentiveness-to-cyber-security/

the list of permissions that some of the top apps that were tested can be found here: http://www.snoopwall.com/threat-reports-10-01-2014/

Ryan Stadtlander

Shutdown of Air Traffic in Chicago

http://www.cbsnews.com/news/bond-denied-for-suspect-in-chicago-area-faa-fire/

On Sept 26th one man, Brian Howard, cause the worst air traffic disruption since 9/11. Almost 4,000 flights have been canceled at O’Hare and Midway International airports sending ripples out affecting many other airports. Things are almost back to normal now, but the majority of flights at those locations are still experiencing an average of 20-30 minute delays. O’Hare had handled almost 900,000 take-offs and landings last year, making it the second busiest airport in the world.

Brian worked for Harris Corp. modernizing the Communications Network in the Aurora FAA Facility. He worked in that facility for 8 years and recently became disgruntled over the news that he would be transferred to Hawaii. He came in to work on Friday Sept 26th and set fire to the server racks in the basement, and afterwards attempted to take his own life by slicing his throat.

The head of the FAA said they will be looking into how a single person could cause so much mayhem and they will be reevaluating their security and policies to prevent catastrophes like this from happening again. They will also be looking into the lack of contingency plan which is causing the excess in time it’s taking to become fully operational again. A contingency plan is something that was supposed to be in effect on the system but was not implemented.

Brian had sent the following message on Facebook right before he set the fire: “April, Pop, luv you guys and I am sorry. Leaving you with a big mess. Do your best to move on quickly from me please. Feel like I give a [expletive] for the first time in a long time again … but not for too long (haha!) So I’m gonna smoke this blunt and move on, take care everyone.” If he’s convicted, Brain could face up to 20 years in prison and up to $250,000 fine.

TL;DL – Lack of physical security policies and contingency plan causes one of the biggest FAA disasters ever.

http://www.cbsnews.com/videos/air-travel-still-slow-after-chicago-air-traffic-center-fire/

- Chad Johnson

The “Shellshock” Bug

This past week a new bug has been discovered. It has been nicknamed the “Shellshock”. The bug is a glitch within bash in the Unix command shell. Basically, the command line will run a function but after the function is over it can continue to run code.

shellshock_bash

 

This is an issue that has gone unnoticed for almost 25 years. There are few issues. if a hacker get to your home computer, can simply run a function and some some malicious code and infect your system. However, if you are using a firewall it is not as big of a concern. Servers though are a little bit different. They are easier to infect since they aren’t protected by firewall and little complex to fix.

Good news is there are many patches already released since the discoverer, so fixing the bug will require a system update.

 

http://www.engadget.com/2014/09/25/what-is-the-shellshock/

Home Depot contains malware, but not before 56 million cards were impacted.

A few weeks ago, there were evidence that Home Depot had a security breach when credit cards were put up for sale on a black market website. This was already covered by this blog in this post. Since then, Home Depot has not only confirmed a breach, but that it had existed from April to September 2014. The release also tells that the malware was found in American and Canadian stores installed in the self-checkout machines, and have been removed from use. There were no signs of data breaches in normal checkout machines, Mexican stores, American or Canadian online websites. Despite card information being compromised, there were no signs that PIN numbers were recorded. Home Depot has also finished installing enhanced encryption in U.S stores on September 15 and Canadian stores are expected to be finished in early 2015. The breach was closed but after 56 million cards were affected. The malware used in this breach was reported to not have been seen in other attacks, however there are signs that this breach was done by the same group of hackers responsible for Target last year. According to Krebsonsecurity.com, the thieves were stealing card information up to five days after first signs of the breach on September 2nd. As of September 22, 2014, Home Depot holds the record for the largest retail card breach. Second place goes to TJX with 45.6 million cards and third place goes to Target with 40 million.

-David Mauriello