Archive

Monthly Archives: October 2010

Halloween – History and Tradition

Halloween is an annual holiday observed on October 31, primarily in the United States, Canada, Ireland, and the United Kingdom.

The word Halloween is first attested in the 16th century and represents a Scottish variant of the fuller All-Hallows-Even (“evening”), that is, the night before All Hallows Day. Up through the early 20th century, the spelling “Hallowe’en” was frequently used, eliding the “v” and shortening the word. It has roots in the Celtic festival of Samhain and the Christian holiday All Saints’ Day, but is today largely a secular celebration. Common Halloween activities include trick-or-treating, wearing costumes and attending costume parties, carving jack-o’-lanterns, ghost tours, bonfires, apple bobbing, visiting haunted attractions, committing pranks, telling ghost stories or other frightening tales, and watching horror films.

Symbols associated with Halloween formed over time encompassing customs of medieval holy days as well as contemporary cultures. Images of Halloween are derived from many sources, including national customs, works of Gothic and horror literature (such as the novels Frankenstein and Dracula), and classic horror films (such as Frankenstein and The Mummy). Elements of the autumn season, such as pumpkins, corn husks, and scarecrows, are also prevalent. Homes are often decorated with these types of symbols around Halloween. The souling practice of commemorating the souls in purgatory with candle lanterns carved from turnips, became adapted into the making of jack-o’-lanterns. In traditional Celtic Halloween festivals, large turnips were hollowed out, carved with faces, and placed in windows to ward off evil spirits. The carving of pumpkins is associated with Halloween in North America where pumpkins are both readily available and much larger – making them easier to carve than turnips. Many families that celebrate Halloween carve a pumpkin into a frightening or comical face and place it on their doorstep after dark. Black and orange are the traditional Halloween colors and represent the darkness of night and the color of bonfires, autumn leaves, and jack-o’-lanterns.

Trick-or-treating is a customary celebration for children on Halloween. The practice of dressing up in costumes and begging door to door for treats on holidays dates back to the Middle Ages and includes Christmas wassailing. Trick-or-treating resembles the late medieval practice of souling, when poor folk would go door to door on Hallowmas (November 1), receiving food in return for prayers for the dead on All Souls Day (November 2). It originated in Ireland and Britain, although similar practices for the souls of the dead were found as far south as Italy. Shakespeare mentions the practice in his comedy The Two Gentlemen of Verona (1593), when Speed accuses his master of “puling [whimpering or whining] like a beggar at Hallowmas.” The custom of wearing costumes and masks at Halloween goes back to Celtic traditions of attempting to copy the evil spirits or placate them, in Scotland for instance where the dead were impersonated by young men with masked, veiled or blackened faces, dressed in white.

adapted from wikipedia.org

Seven Ways to fight Scare-Ware

Have you encountered this before: a pop-up pops and it looks like a window on your computer. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your computers characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your computer. And for low price of “$49.95” you can download software that magically appears just in time to save the day. If you not to  download and install the software, your computer goes crazy and pop-ups will invade you like bedbugs in New York City hotel.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their computer.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your computer, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

1. Use the most updated browser: Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser. Also keep Flash and Adobe Reader (Acrobat) up to date.

2. Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scare-ware.

3. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

4. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

5. Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

6. Install the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

7.  Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Don’t click the little red X in the upper right corner. Alt-F4 should close the pop-up window, and if it does not, then Ctrl-Alt-Del and use the Task Manager to kill the whole IE/FF browser etc (including any other running copies)

adapted via finextra.com.

  • 10/29/2010
  • IT

Fake Browser Warning Pages Distribute Malware

Security researchers warn that a new malware distribution campaign uses fake versions of the malicious site warnings commonly displayed by Firefox and Google Chrome.

Both Chrome and Firefox tap into Google’s Safe Browsing service in order to check if the accessed URLs are known attack sites.

If such malicious pages are detected, both browsers block them and display warning messages.

In such circumstances users are normally given the option to either leave the site or override the block and continue to load the page.

The pages look exactly the same as the real thing, except for a button that reads “Download Updates,” suggesting that security patches are available for the browsers.

The executable files served when these buttons are pressed install rogue antivirus programs, which try to scare users into paying a license fee.

Such attacks target vulnerabilities in outdated versions of popular software like Java, Flash Player, Adobe Reader or even the browsers themselves.

Successful exploitation results in malware being installed on the target computer in a way that is completely transparent to the victim.

Users are advised to keep their antivirus programs up to date and if possible to use script-blocking technologies available to their browsers, such as the NoScript extension for Firefox.

adapted via news.softpedia.com

  • 10/28/2010
  • IT

Guard yourself from Firesheep and Wi-Fi snooping

The abundance of free/cheap and open Wi-Fi networks in restaurants, airports, offices and hotels is a great perk to the traveling user; it makes connectivity and remote access much easier than it used to be. But you need to be informed and understand the risks.

Unfortunately, most of those “Open” networks don’t employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that’s transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open.

Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be ‘sniffed’ by someone on the same network segment; that’s what Firesheep does automatically. With the cookie in hand, it’s simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites.

The solution

USE SSL/HTTPS only if the website supports it — is quite simple: after you connect, the site should keep your session secure using SSL or https. Some sites, including most banking sites, already do this. However, encryption requires more overhead and more server muscle, so many sites (Facebook, Twitter, etc.) only use it for the actual login. Gmail has an option to require https and has made it the default setting, but you should make sure that it’s enabled if you use Gmail (Google Apps has a similar feature). This also doesn’t necessarily help if you’re using an embedded browser in an iPhone or iPad app, where the URL is hard-coded.

Protecting yourself from Firesheep if you use Firefox or Chrome is possible with extensions like the EFF’s HTTPS Everywhere, Secure Sites or Force-TLS. These work by forcing a redirect to the secure version of a site, if it exists. The obvious problems with these solutions are: a) you have to install one for each browser (and we have not yet found one for Safari), and b) it only works if a secure version of the site exists.

Even better.

A) Don’t use open networks.
B) Use a SOCKS proxy and SSH tunnel.
C) Use a VPN.

adapted via tuaw.com

  • 10/26/2010
  • IT