GNSC Blog

Info Security Magazine recently sponsored a great online presentation addressing issues of Web 2.0 and the issues surrounding Social Network sites such as MySpace, FaceBook and LinkedIn.

If you are interested in learning about the issues surrounding Web 2.0, Generation V and Social Networking, this is a great place to start.

I work with Chris Pruetz who does the technical presentation.

You can register for it here.  Its archived so you can attend at a time that best fits your schedule.

Very informative.  Highly recommended.

If you are interested in learning more about the solution they recommend from Marshal Inc, please visit our website at www.gnscon.com

The IT security firm Kaspersky, reported today that it has discovered a malicious mini-site on Twitter. (NOTE: this link does not open to the malicious site)  Twitter is a popular social networking site, similar to MySpace or FaceBook but it’s format is short messaging, not detailed blogging. 

The site supposedly lures readers to download the latest version of Adobe Flash Player but really downloads software that steals information from your computer such as Login ID’s and passwords.

Four things are important to note here.

1. Many people are trusting of these sites since the goal is to create social networks.  Openness is their key to success and the source of their real danger.  FaceBook and MySpace have already been booby-trapped in similar ways.
2. If you are asked to download anything from a site other than the actual software vendor’s site (in this case Adobe), don’t do it.  If you get a note that your Flash player (or any other software for that matter) needs to be upgraded, don’t take the note as real. Close the dialog box and go directly to the vendor’s site and check the situation there.  If the vendor site says your software is up to date, there is a very high likelihood that the note you saw was a scam to exploit your computer.
3. Twitter and other social networking sites are not just popular with teens and college students.  Your employees are using them as well.  So realize this is not just a threat to your home computer, but your office ones as well.  Look at your web filtering reports for these sites.  Many web filters will categorize them automatically in your report.
4. This is a daily reminder of the need to keep your anti-virus and anti-malware programs up to date and why all downloads should be carefully screened. 

Ever use iGoogle? I do and I love it.  It’s as close as you can get to a personalized home page without having to know web code. However, the platform is about to be rocked by a presentation this week at Black Hat, the annual hacker conference.

According to Yahoo News, Cenzic senior security analyst Tom Stracener and security researcher Robert Hansen, better known as “RSnake,” plan to demonstrate a zero-day vulnerability that affects Google Gadgets. What this means is that they are going to announce that knowledgeable web coders will be able to inject malware into your PC, possibly beyond the realm of traditional detection with antivirus and malware protection.

So if you’re an “iGoogle-Google-Gadget-User” what do you do? 

1. The first thing is to educate your users about the dangers of installing unknown software.  This is a good practice no matter what.
2. Watch what comes out of BlackHat 2008.  Follow the mainstream IT Security bloggers as they summarize the presentations.  I’ll post more on this as it gets closer. 
3. If in your opinion the risk of iGoogle malware outweights the benefits, use your webfilter to block it.  Or block the installation of Google Gadgets.   You can still get all the benefits of Google.