Facebook Messenger warning: You should probably stop using chat app until next year
David Snelling
Facebook Messenger users might want to consider dropping the popular chat app until next year. That’s the advice coming from cyber security expert Zak Doffman, who says that using the service in its current state could be putting messages sent across the platform at serious risk of being intercepted. “You should switch your personal chats and certainly anything sensitive over to WhatsApp – or, even better, to Signal,” Doffman warned all users in an article posted on Forbes.
That sounds pretty dramatic, but he has a very good point. For those who aren’t aware, Messenger is yet to bring end-to-end encryption to its service as the default option. Without jumping into the settings, launching a new conversation – your messages will not be shielded from prying eyes. That basically means that anything sent between devices can be intercepted and read by third parties.
It’s possible to send an encrypted message via a secret conversation in Messenger but this is not switched on by default and doesn’t work with group chats.
The company is clearly well aware that it is falling short on this security measure with a recent post on its website saying: “We’re working hard to bring default end-to-end encryption to all of our messaging services.
“This will protect people’s private messages and mean only the sender and recipient, not even us, can access their messages. While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it’s a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest.”
By their own admission, Facebook Messenger looks unlikely to get any end-to-end encryption by default until late next year and that’s a long time to wait for something that many may see as an essential feature.
What makes this problem even more glaring is how much noise WhatsApp has made about the importance of this technology.
Facebook bought WhatsApp back in 2014 and all chats sent via the service are fully protected meaning nobody, except the recipient, can read them.
Earlier this year, WhatsApp reminded its billions of users about the importance of security with a post on Twitter saying: “Whatever you share on WhatsApp, stays between you. That’s because your personal messages are protected by end-to-end encryption and that will never change.”
If you are concerned that your Messenger chats need to stay private then it might be a good idea to send things via WhatsApp or remember to hit that secret mode.
Messenger is improving with Facebook recently introducing a number of privacy and safety tools, including more privacy settings, an app lock, safer message requests, message forwarding limits and more.
But it’s that encryption that is so vital and, until it’s introduced in 2022, you may well be wise to find another way of chatting with friends and family.
Archive for the ‘SME INC’ Category
Stop using Facebook Messenger
In SME INC on June 8, 2021 at 9:08 pmWhat Clients Say…
In Live Support, SME INC on December 6, 2009 at 3:14 pmI owned Carter’s Motel, RV park, and Mobile home park in Edgewater Fl when Randy stayed with us on business travel.
Before meeting Randy by chance, had 4 different supposed specialists try to provide a solid and dependable universal WIFI system for my business which covered 6 acres, and had over 70 residents not including motel and RV guests; all to no avail, and thousands of dollars spent.
Within 1 week Randy had ordered the proper equipment and had a viable system that supplied all the service we needed. He maintained and modified the system as needed from where ever he was in the world remotely, and within minutes of my call, he completed all I asked.
My opinion of Randy Vanderveer is; he is a (hyper) intelligent young man, who has laser type focus into all he delves. He is utterly obsessive about perfection in his work. He has shown me absolute promptness in returning all calls, completing work on time, and to specification, and maintaining said work with pride. You could do no better than he for computer technical work. He now maintains all of my families computers (7) remotely. He has become a close friend who will rush to our aid. This man has the highest of work ethics. By having access to my families computers he could easily abscond with exceedingly valuable information and assets at any time.
I have never had a second thought of his integrity being less than my closest confidante. Feel free to call me any time.
-Peter Gordon
Respectfully,
Peter Gordon, Vice President
Carter’s Motel & Mobile Village
2450 S. Ridgewood Ave
Edgewater, FL 32141
(386) 314-4189 Cell
H1N1 Malware Campaign Circulating
In SME INC on December 2, 2009 at 9:03 amH1N1 Malware Campaign Circulating
Original release date: December 2, 2009 at 9:56 am
Last revised: December 2, 2009 at 9:56 am
US-CERT is aware of public reports of a malware campaign circulating.
This campaign is circulating via email messages offering information
regarding the H1N1 vaccination. This email messages contain a link to
a bogus Centers for Disease Control and Prevention website. Users who
click on this link may become infected with malware. Public reports
indicate that these email messages are noted as having subject lines
such as: “Governmental registration program on the H1N1 vaccination”
and “Your personal vaccination profile.” Please note that subject
lines may change at any time.
US-CERT: BlackBerry PDF Distiller Vulnerabilities
In BlackBerry, US-CERT on December 1, 2009 at 1:50 pmResearch In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities
Original release date: December 1, 2009 at 1:58 pm
Last revised: December 1, 2009 at 1:58 pm
Research In Motion has released a security advisory to address
multiple vulnerabilities in the PDF distiller of some released
versions of the BlackBerry Attachment Service. The advisory lists the
affected versions as BlackBerry Enterprise Server 5.0.0 running on
Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server
5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server
software versions 4.1.3 through 4.1.7, and BlackBerry Professional
Software 4.1.4. By convincing a user to view a specially crafted PDF
file, an attacker may be able to execute arbitrary code or cause a
denial-of-service condition on the system that hosts the BlackBerry
Attachment Service.
US-CERT encourages users and administrators to review BlackBerry
security advisory KB19860 and apply any necessary updates.
Framed for child porn _ by a PC virus
In IT, SME INC on November 10, 2009 at 2:00 pm*Disclaimer: The details in this story are somewhat reprehensible, but true. I in no way, shape, or form condone the actions specified in this AP Story, but these are true accounts; people have had child porn appear on their pc’s after getting infected with a virus.*
Link to Ap story: HERE
Framed for child porn _ by a PC virus
By JORDAN ROBERTSON (AP) – 2 days ago
Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.
Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it’s your reputation that’s stolen.
Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they’ll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.
Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.
An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.
Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.
“It’s an example of the old `dog ate my homework’ excuse,” says Phil Malone, director of the Cyberlaw Clinic at Harvard’s Berkman Center for Internet & Society. “The problem is, sometimes the dog does eat your homework.”
The AP’s investigation included interviewing people who had been found with child porn on their computers. The AP reviewed court records and spoke to prosecutors, police and computer examiners.
One case involved Michael Fiola, a former investigator with the Massachusetts agency that oversees workers’ compensation.
In 2007, Fiola’s bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4 1/2 times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.
Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.
Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.
An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.
Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.
The Fiolas say they have health problems from the stress of the case. They say they’ve talked to dozens of lawyers but can’t get one to sue the state, because of a cap on the amount they can recover.
“It ruined my life, my wife’s life and my family’s life,” he says.
The Massachusetts attorney general’s office, which charged Fiola, declined interview requests.
At any moment, about 20 million of the estimated 1 billion Internet-connected PCs worldwide are infected with viruses that could give hackers full control, according to security software maker F-Secure Corp. Computers often get infected when people open e-mail attachments from unknown sources or visit a malicious Web page.
Pedophiles can tap viruses in several ways. The simplest is to force someone else’s computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.
“They’re kind of like locusts that descend on a cornfield: They eat up everything in sight and they move on to the next cornfield,” says Eric Goldman, academic director of the High Tech Law Institute at Santa Clara University. Goldman has represented Web companies that discovered child pornographers were abusing their legitimate services.
But pedophiles need not be involved: Child porn can land on a computer in a sick prank or an attempt to frame the PC’s owner.
In the first publicly known cases of individuals being victimized, two men in the United Kingdom were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs.
In one case, an infected e-mail or pop-up ad poisoned a defense contractor’s PC and downloaded the offensive pictures.
In the other, a virus changed the home page on a man’s Web browser to display child porn, a discovery made by his 7-year-old daughter. The man spent more than a week in jail and three months in a halfway house, and lost custody of his daughter.
Chris Watts, a computer examiner in Britain, says he helped clear a hotel manager whose co-workers found child porn on the PC they shared with him.
Watts found that while surfing the Internet for ways to play computer games without paying for them, the manager had visited a site for pirated software. It redirected visitors to child porn sites if they were inactive for a certain period.
In all these cases, the central evidence wasn’t in dispute: Pornography was on a computer. But proving how it got there was difficult.
Tami Loehrs, who inspected Fiola’s computer, recalls a case in Arizona in which a computer was so “extensively infected” that it would be “virtually impossible” to prove what an indictment alleged: that a 16-year-old who used the PC had uploaded child pornography to a Yahoo group.
Prosecutors dropped the charge and let the boy plead guilty to a separate crime that kept him out of jail, though they say they did it only because of his age and lack of a criminal record.
Many prosecutors say blaming a computer virus for child porn is a new version of an old ploy.
“We call it the SODDI defense: Some Other Dude Did It,” says James Anderson, a federal prosecutor in Wyoming.
However, forensic examiners say it would be hard for a pedophile to get away with his crime by using a bogus virus defense.
“I personally would feel more comfortable investing my retirement in the lottery before trying to defend myself with that,” says forensics specialist Jeff Fischbach.
Even careful child porn collectors tend to leave incriminating e-mails, DVDs or other clues. Virus defenses are no match for such evidence, says Damon King, trial attorney for the U.S. Justice Department’s Child Exploitation and Obscenity Section.
But while the virus defense does not appear to be letting real pedophiles out of trouble, there have been cases in which forensic examiners insist that legitimate claims did not get completely aired.
Loehrs points to Ned Solon of Casper, Wyo., who is serving six years for child porn found in a folder used by a file-sharing program on his computer.
Solon admits he used the program to download video games and adult porn — but not child porn. So what could explain that material?
Loehrs testified that Solon’s antivirus software wasn’t working properly and appeared to have shut off for long stretches, a sign of an infection. She found no evidence the five child porn videos on Solon’s computer had been viewed or downloaded fully. The porn was in a folder the file-sharing program labeled as “incomplete” because the downloads were canceled or generated an error.
This defense was curtailed, however, when Loehrs ended her investigation in a dispute with the judge over her fees. Computer exams can cost tens of thousands of dollars. Defendants can ask the courts to pay, but sometimes judges balk at the price. Although Loehrs stopped working for Solon, she argues he is innocent.
“I don’t think it was him, I really don’t,” Loehrs says. “There was too much evidence that it wasn’t him.”
The prosecution’s forensics expert, Randy Huff, maintains that Solon’s antivirus software was working properly. And he says he ran other antivirus programs on the computer and didn’t find an infection — although security experts say antivirus scans frequently miss things.
“He actually had a very clean computer compared to some of the other cases I do,” Huff says.
The jury took two hours to convict Solon.
“Everybody feels they’re innocent in prison. Nobody believes me because that’s what everybody says,” says Solon, whose case is being appealed. “All I know is I did not do it. I never put the stuff on there. I never saw the stuff on there. I can only hope that someday the truth will come out.”
But can it? It can be impossible to tell with certainty how a file got onto a PC.
“Computers are not to be trusted,” says Jeremiah Grossman, founder of WhiteHat Security Inc. He describes it as “painfully simple” to get a computer to download something the owner doesn’t want — whether it’s a program that displays ads or one that stores illegal pictures.
It’s possible, Grossman says, that more illicit material is waiting to be discovered.
“Just because it’s there doesn’t mean the person intended for it to be there — whatever it is, child porn included.”
Copyright © 2009 The Associated Press. All rights reserved.
Related articles
- Oh Sh*t: New Viruses Download Child Porn Onto Your Computer
Gizmodo.com – 25 minutes ago - AP: Virus Downloads Child Porn to Your Computer
CBS 21 – 17 hours ago - Why is Child Pornography on Your PC?
Blogger News Network (blog) – 1 day ago
New Strain of Conficker worsens infections.
In SME INC, US-CERT on April 9, 2009 at 8:45 pmConficker Worm Targets Microsoft Windows Systems added March 29, 2009 at 08:18 pm | updated April 9, 2009 at 06:44 pm
UPDATE: Researchers have discovered a new variant of the Conficker Worm on April 9, 2009. This variant updates earlier infections via its peer to peer (P2P) network as well as resuming scan-and-infect activity against unpatched systems. Public reporting indicates that this variant attempts to download additional malicious code onto victim systems, possibly including copies of the Waledac Trojan, a spam-oriented malicious application which has previously propagated only via bogus email messages containing malicious links.
US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.
Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites: http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx http://www.mcafee.com
If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection. The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet – in the case for home users.
UPDATED: US-CERT encourages users to take the following preventative measures to help prevent a Conficker/Downadup infection:
US-CERT: Economic Stimulus Email and Website Scams
In US-CERT on March 5, 2009 at 5:07 pmEconomic Stimulus Email and Website Scams
added March 5, 2009 at 04:08 pm
US-CERT is aware of reports of economic stimulus scams circulating. These scams are being conducted through both email and malicious websites.
Some of the email scam messages request personal information, which can then be used for identity theft. Other email scam messages offer to deposit the stimulus funds directly into users’ bank accounts. If users provide their banking information, the attackers may be able to withdraw funds from the users’ accounts.
The website scams entice users by claiming that they can help them get money from the stimulus fund. These websites typically request payment for their services. If users provide their credit card information, the attackers running the malicious sites may make unauthorized charges to the card, or charge users more than the agreed upon terms.
US-CERT encourages users to do the following to help mitigate the risks:
- Review the Federal Trade Commission alert about economic stimulus scams.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
US-CERT: Malicious Code Targeting Social Networking Sites
In US-CERT on March 4, 2009 at 12:53 pmMalicious Code Targeting Social Networking Site Users
added March 4, 2009 at 11:53 am
US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com.
The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.
Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.
US-CERT encourages users and administrators to do the following to help mitigate the risks:
- Install antivirus software and keep the virus signature files up to date.
- Do not follow unsolicited links.
- Use caution when downloading and installing applications.
- Obtain software applications and updates directly from the vendor’s website.
- Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
US-CERT: New Variant of Conficker/Downadup Worm Circulating
In SME INC, US-CERT on February 23, 2009 at 7:01 pmNew Variant of Conficker/Downadup Worm Circulating
added February 23, 2009 at 05:02 pm
*For Immediate remote support in removing Conficker B++, call (509) 438-0990. For more info, please visit LIVE SUPPORT.
US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with “auto-update” functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.
US-CERT strongly encourages users to update unpatched systems as soon as possible.
Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:
Install antivirus software, and keep the virus signatures up to date.
- Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
- Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.
Conficker A/B Top-Level Control Flow
Figure 1 illustrates a flow diagram of the main thread for both variants of the Conficker agent, A and B. In both cases, the Conficker agent is distributed and run as a dynamically linked library. Its base code has been compiled as a DLL and its DLLMain function initiates the main thread represented by the diagram. The agent code proceeds by first checking the Windows version, and based on this result creates a remote thread in processes such as svchost.exe. This is done by invoking LoadLibrary, where the copy of the DLL is passed as an argument. The malicious library then copies itself in the system root directory under a random file name. After initiating the use of Winsock DLL, the bulk of the malicious code logic is executed.
Figure 1: Conficker A (left) /B (right): Top-level control flow
Conficker A’s agent proceeds as follows. First, it checks for the presence of a firewall. If a firewall exists, the agent sends a UPNP message to open a local random high-order port (i.e., it asks the firewall to open its backdoor port to the Internet). Next, it opens the same high-order port on its local host: its binary upload backdoor. This backdoor is used during propagation, to allow newly infected victims to retrieve the Conficker binary. It proceeds to one of the following sites to obtain its external-facing IP address http://www.getmyip.org, getmyip.co.uk, and checkip.dyndns.org, and attempts to download the GeoIP database from maxmind.com. It randomly generates IP addresses to search for additional victims, filtering Ukraine IPs based on the GeoIP database. The GeoIP information is also used as part of MS08-67 exploit process [10]. Conficker A then sleeps for 30 minutes before starting a thread that attempts to contact http://trafficconverter.biz/4vir/antispyware/ to download a file called loadadv.exe. This thread cycles every 5 minutes.
Next, Conficker A enters an infinite loop, within which it generates a list of 250 domain names (rendezvous points). The name-generation function is based on a randomizing function that it seeds with the current UTC system date. The same list of 250 names is generated every 3 hours, i.e., 8 times per day. All Conficker clients, with system clocks that are at minimum synchronized to the current UTC date, will compute and attempt to contact the same set of domains. When contacting a domain for which a valid IP address has been registered, Conficker clients send a URL request to TCP port 80 of the target IP, and if a Windows binary is returned, it will be validated via a locally stored public key, stored on the victim host, and executed. If the computer is not connected to the Internet, then the malicious code will check for connectivity every 60 seconds. When the computer is connected, Conficker A will execute the domain name generation subroutine, contacting every registered domain in the current 250-name set to inquire if an executable is available for download.
Conficker B is a rewrite of Conficker A with the following noticeable differences. First, Conficker A incorporates a Ukraine-avoidance routine that causes the process to suicide if the keyboard language layout has been set to Ukrainian. Conficker B does not include this keyboard check. B also uses different mutex strings and patches a number of Windows APIs, and attempts to disable its victim’s local security defenses by terminating the execution of a predefined set of antivirus products it finds on the machine. It has significantly more suicide logic embedded in its code, and employs anti-debugging features to avoid reverse engineering attempts.
Conficker B uses a different set of sites to query its external-facing IP address http://www.getmyip.org, http://www.whatsmyipaddress.com, http://www.whatismyip.org, checkip.dyndns.org. It does not download the fraudware Antivirus XP software that version A attempts to download. Conficker’s propagation methods vary among A and B and are described in Section Conficker Propagation. Furthermore, a recent analysis by Symantec has uncovered that the GeoIP file is directly embedded in the Conficker B binary as a compressed RAR (Roshal archive) file encrypted using RC4 [11].
Like Conficker A, after a relatively short initialization phase followed by a scan and infect stage, Conficker B proceeds to generate a daily list of domains to probe for the download of an additional payload. Conficker B builds its candidate set of rendezvous points every 2 hours, using a similar algorithm. But it uses different seeds and also appends three additional top-level domains. The result is that the daily domain lists generated by A and B do not overlap.
Binary Download and Validation
Among the key functions of Conficker is that of probing the daily set of Internet rendezvous points for a new Windows executable file to download and execute. This mechanism provides an effective binary updating service similar to that of other traditional botnets, with the exception that the Conficker update service is highly mobile and its location (i.e., to date we have not confirmed this feature in use by the malware authors) is recomputed each day by all infected clients. Although many groups have been able to break the domain generation algorithm and registered rendezvous points, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to its infected drones.
Both Conficker A and B clients incorporate a binary validation mechanism to ensure that a downloaded binary has been signed by the Conficker authors. Figure 2 illustrates the download validation procedure used to verify the authenticity of binaries pulled from Internet rendezvous points. The procedure begins with Conficker’s authors computing a 512-bit hash M of the Windows binary that will be downloaded to the client. The binary is then encrypted using the symmetric stream cipher RC4 algorithm with password M. Next, the authors compute a digital signature using an RSA encryption scheme, as follows: M^epriv mod N = Sig, where N is a public modulus that is embedded in all Conficker client binaries. Sig is then appended to the encrypted binary, and together they can be pushed to all infected Conficker clients that connect to the appropriate rendezvous point.
Support You Can TRUST 