Archive for category Application Filtering
Social Media Scammers – New Frontiers of Aggravation
Posted by cmannon in Application Filtering, Malware, Privacy, Social Networking, Web Security on March 28, 2012
Any veteran of social media has at one time or another put face-to-palm when they see another one of their contacts trying to distribute yet another scam through their profile. There is no escaping it. Whether it’s a third-party application that promises free coupons or a tweet promising a free iPad, illegitimate offers wanting your PII (Personally Identifiable Information) are everywhere. If this were 10 years ago, you would hear me complaining about e-mail or IM spam. Sure these spam attempts still happen, but that is broad attacks at best. E-mail or IM spam doesn’t even know your gender most of the time, let alone what demographic you may fall under. That’s what makes Social Media spam such a lucrative trade. Never before have people been so compelled to give away so much information about themselves. The content that we end up posting on social network sites is so descriptive of our personal lives that even corporations are asking for your content during the interview process.
It’s not difficult to tell if someone close to you has been hit by a spam attack. If their profile has been hijacked, then you can expect to see the same messages to several friends – always with a shortened URL link. Your best defense is to be weary of links that you receive, even if they are from trusted sources. You should also take a moment to explore what privacy settings you already have in place. The goal should be to make sure that your information is not accessible without your explicit knowledge.
You should look at all social network privacy settings, not just Facebook.
Spammers are able to find you and send targeted attacks, if you share all of your information with the open web. Any kind of application that you use to access a social network is acting as the middleman for your data. This usually means that you are allowing them access to your data in exchange for their ‘free’ service. What they do with that information after they provide their service is up to them.
The application above collects basic information. This means any information that you have made public.
Before you click that link, be more skeptical. Does this person really want to give me free money? Unfortunately, we don’t live in that kind of world. The more likely answer is that they are looking to sell your information to advertisers for other scam attempts. I could be wrong of course. A smartly-dressed woman could always show up in a diamond -crusted Bentley with $500 and a promise of a new monetary system that will work out in my favor.
If it's a new cash system, why is she holding the old cash?
Let’s use a recent scam example seen on Facebook. A common attack method on Facebook is to create a third-party application that immediately redirects the user away from Facebook. This could be as harmless as trying to build SEO tracking to a site or propagating something malicious to your PC. In this case, it’s just a scam to get more traffic to a site selling shoes. It starts as most of these scam attacks start: a buddy clicked something they should not have and now a third-party application on Facebook is posting messages as them. To make sure that their friends view the content, they tag them in a picture.
41 lucky people got a free picture of gold shoes!
Now they’ve got you on the hook. If you happen to click that link, you are navigated first to a Facebook Application page that only redirects to a site not belonging to Facebook.
The Facebook page immediately redirects the user to another site not controlled by Facebook.
Applications like this one are a dime a dozen. Facebook has been under heat in the past for allowing this kind of activity. This is an unavoidable side effect whenever you provide an open web platform for users to create their own applications. Facebook deletes the malicious ones, but they haven’t done an outstanding job of policing these in the past. In this case, the user is immediately taken to a blogger page that looks like this:
SCAM DUNK
There are a few tools that you can use in your browser to make sure your exchanges on social media are kept as private as possible. I recommend Ghostery for detecting any invisible trackers that exist on most web pages. These are usually advertisers trying to capitalize on your digital presence. Unless you intend to read a 30-page EULA describing what they are allowed to do with your data afterwards, just block it. Another useful tool is called LongURL. This allows you to see the link you are about to click. It will also help you avoid getting hit by that one friend that is always rickrolling people.
Keep It Simple, Stupid
Posted by nleong in Application Filtering, Compliance, Employee Behavior, Enterprise 2.0, Enterprise IM, Malware, Unified Communications on February 24, 2011
We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.
To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.
What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.
Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.
We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.
What’s in a name?
Posted by Kailash_Ambwani in Application Filtering, Compliance, Electronically Stored Information (ESI), Enterprise 2.0, Enterprise IM, New Internet, Public IM, Social Networking, Trends, Unified Communications, Web 2.0, Web Security on January 25, 2011
“What’s in a name? That which we call a rose By any other name would smell as sweet” –
Juliet in Romeo and Juliet by William Shakespeare
Juliet knew that Romeo would be the same great guy even if he had another name.
And, this is what is occurring for us today…same great company, just with a new name.
But first, the why…
FaceTime’s business and offerings have changed dramatically since the turn of the century. We began as a provider of security and compliance solutions for public Instant Messaging networks, such as AOL, MSN and Yahoo. Today, we are a trusted partner to large enterprises, delivering platforms that enable them to cope with the explosion of new communications channels – from Unified Communications systems, such as Microsoft Lync Server, OCS, IBM Sametime or Cisco CUPS, to social networking channels such as Facebook, LinkedIn and Twitter.
Our current customer roster includes 9 of the top 10 banks, all 5 top Canadian banks, 3 of the top 5 independent energy companies and a myriad of large enterprises across all industries. These companies seek to leverage the New Internet to foster more collaboration internally and with partners, gain more customers and increase customer satisfaction. They rely on FaceTime to provide the security and compliance framework to ensure the safe use of these networks and channels.
Our promise to our customers is “You worry about the policy, we’ll worry about the channel.”
To deliver on this promise, we have greatly expanded our capabilities. Now our platform supports all the major IM networks, all the major Unified Communication platforms, popular VoIP networks, including Skype, widespread social networks such as Facebook, LinkedIn and Twitter. We also support financial networks like Reuters and Bloomberg, and Web 2.0 channels, such as Youtube, webmail, blogs and Wikis, to name but a few.
We’ve evolved over the last decade. And, we’re not done yet – this year we will launch support for various collaboration platforms and even more Web 2.0 networks. Because of this metamorphosis, we have changed our name. Oh, and there is this small company based in Cupertino, California that launched a video chat application by the same name (yes, we were aware of it in advance) and I hear that it’s catching on…
Few companies have the opportunity to select a new name for a thriving business and we wanted one that would better reflect what we do today and our vision for tomorrow.
Changing our name….
We started mid-last year by rebranding one of our two core platform offerings from IMAuditor to Vantage. The dictionary defines a vantage point as “…a position that affords a broad overall view or perspective, as of a place or situation.” Vantage and USG provide an overall view of all the communications in your enterprise. But more than just a view, they give you the ability to ACTIVELY ensure COMPLIANCE with your security, management and regulatory policies.
Mark the words: ACTIVE COMPLIANCE. That’s what we enable: Thus we are Actiance.
Welcome to Actiance…it’s still a great company.
Social Media – guilty of being in the clear
Posted by actiance in Application Filtering, New Internet, Social Networking, Web 2.0, Web Security on September 27, 2010
Today we welcome Chris Mannon, head of the FaceTime Security Labs.
Chris Mannon has been an integral part of FaceTime’s security research team for over five years. During this time Chris has guided FaceTime’s international team, helped to develop FaceTime’s application detection through multi-inspection point and has been instrumental in providing technical knowledge on new security threats to other researchers such as Christopher Boyd (a.k.a PaperGhost) and Wayne Porter. His specialist subjects include Wireshark analysis, IDA pro reverse engineering, Malware Removal, Threat Assessment and Application Detection.
Nearly every day you hear about an incident involving a stolen social networking password. More often than not it is the user’s fault. They fall victim to a phishing scam or are redirected to a bogus website and almost willingly give up the email address and password they usually use. No one snatches it, figuratively speaking, out of their hands. Interestingly enough, it is often the social media sites themselves that allow that to happen.
Here’s a prime example of how it happens. Look at the screen capture below. It shows the information transferred as I link my LinkedIn account to my Twitter account, highlighted in blue is the critical point. I’ve blacked out my username, but right next to that is my password – facetime. Yep, it’s all there in plain text for anyone to see, just waiting to be grabbed.
Twitter has recently switched over to using OAuth for authentication with third party apps. In theory this makes it more secure because the user’s Twitter credentials aren’t stored in the third party app. I say in theory, because OAuth transfers the information in plain text.
Now admittedly, it is not the average person that would know where to look or how to view this kind of information, but for a hacker or a bored administrator looking for a little mischief, tracking it down using tools such as Wireshark is child’s play. From there, all you need is a search engine and a little imagination to break into different accounts owned by the victim, because despite constant reminders not to, most people use the same password at least a couple of times.
Sending confidential information in plain text is far more prevalent than one would hope it would be. FaceTime currently lists eight-five internet applications that we class as “sending information in the clear” and many of them are prominent websites such as the Twitter example above. So next time you’re linking up your social networking accounts, seriously consider if it’s really necessary.
Alternatively, maybe you have nothing to fear, because you don’t use the same password more than once do you?
Secure and Enable the New Internet
Posted by actiance in Application Filtering, Compliance, Enterprise 2.0, New Internet, Web 2.0, Web Security on December 7, 2009
Last month we announced that Check
Point Software Technologies had purchased our application database for use in
their products. According to Check Point, this technology will “… provide
businesses unparalleled granular control over application usage and enable
security administrators to prevent threats associated with the use of certain
Internet applications. Check Point will offer this new level of security
controls as a Software Blade that will be available for all gateways.” (read their
release here: )
This deal reaffirms our leadership
in the Web 2.0 security space. More importantly, it highlights the growing need
for network solutions that provide visibility and control at the application
level not just at the port & protocol level. Check Point sees this need and
will use our database to provide application level control. Application level
control will become the price of entry in the Firewall
market.
But beyond visibility and control,
what enterprises are asking for is “enablement”.
- How do I allow access to Facebook or
LinkedIn and stay in compliance with FINRA or FERC or HIPAA or PCI or [insert
your favorite regulation here]?
- How do I allow access to YouTube
videos but not the inappropriate stuff?
- How do I allow access to blogs and
wikis and webmail but ensure that confidential information if not getting
posted?
Our customers realize they can’t
block access to the New Internet
- they must enable it.
Which is why our mission statement
reads “Secure & ENABLE the New Internet”
How are you and your organization enabling the new Internet? What tools and applications do you need to secure to effectively enable your team?
Why China’s Web Filtering Plan Won’t Work
Posted by actiance in Application Filtering, New Internet, Privacy, Web 2.0, Web Security on June 22, 2009
As you’ve no doubt already heard, China recently announced plans mandating that all new computers sold in that country – including imported PCs – be delivered with pre-installed and pre-configured Web filtering technology beginning July 1, 2009.
Branded Green Dam-Youth Escort, China’s foreign ministry spokesman defends the software claiming it’s “aimed at blocking and filtering some unhealthy content, including pornography and violence” in an effort to protect children.
Putting aside the obvious discussions of censorship versus freedom of information, there’s a fatal flaw in China’s plan. Maybe we shouldn’t tell them this, but Web filtering software alone doesn’t block people from visiting Web sites and/or accessing Web applications.
Surprised? While the Internet used to be primarily about transmitting and accessing fairly static information via HTTP, FTP and e-mail it’s now dominated by Web 2.0 applications such as instant messaging, P2P, VoIP and social networking sites. Savvy Internet users already use tools like anonymizers to mask their browsing habits, and real-time communications and Web 2.0 applications are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling, onion routing, etc. – after all, their goal is to grow their communities and ensure users have the full experience.
From what I’ve read, neither China nor the media has considered or addressed this. I’m certainly not in favor of China to block access — yes, FaceTime helps organizations control employee Web browsing and use of Web 2.0 applications, where visiting certain sites or using certain applications may be inappropriate in the workplace, put the company at risk or impact productivity — but the Web sites you choose to visit and applications you use at home are for you to decide and parents to control.
The backlash over China’s censorship plans is widespread, including nearly 20 trade groups representing technology companies calling on the Chinese government to reconsider the mandate contending that it “raises significant questions of security, privacy, system reliability, the free flow of information and user choice.” There’s also the California company that claims the mandated Internet filtering software contains stolen programming code. Other articles say the Chinese government has already backed down, retreating on its controversial new web filtering plan, saying the software can be uninstalled or switched off.
It’s not clear yet how all of this will play out, but you have to ask, if China’s mandate won’t be effective, why do it at all?
Workplace Internet Leisure Browsing and Employee Productivity
Posted by actiance in Application Filtering, Employee Behavior, Social Networking, Trends, Web Security on April 7, 2009
A study released last week by the University of Melbourne’s Department of Management and Marketing maintains that workers who engage in ‘Workplace Internet Leisure Browsing’ (WILB) are more productive than those who don’t.
Well, that’s good news for the 51 percent of workers who access social networking sites at least once a day while at work – not to mention the 50 percent that check their Facebook pages and the 69 percent that watch videos on YouTube several times a day, according to FaceTime’s Collaborative Internet Survey published last fall.
The University’s Dr. Brent Cocker says:
“Firms spend millions on software to block their employees from watching videos on YouTube, using social networking sites like Facebook or shopping online under the pretense that it costs millions in lost productivity, however that’s not always the case.”
We couldn’t agree more. The whole blocking strategy just doesn’t seem to work in the real world.
At the same time, the results of the Melbourne study directly contrast some news that broke in the UK this last week – where students at Bournemouth University have been complaining that they can’t get work done because other students are hogging University computers to use Facebook and Twitter.
Visibility into what employees (and students in this case in Bournemouth) are accessing, is crucial not just to an effective IT security approach, but also it seems to ensuring productivity. If you don’t know that 69 percent of your workforce is watching YouTube, how will you know that’s the cause of your bandwidth spikes? What if you could give them a bandwidth allotment for such activities, and when their quota is reached, its bye bye water skiing squirrel videos?
It sounds like the folks at Bournemouth Uni’s IT team could do with not just controlling the bandwidth taken up by some students, but also the time that they’re allowed to be on Facebook!
Watch this space for upcoming announcements about gaining greater visibility into what’s really happening within corporate and organizational networks.
