CAUCE NORTH AMERICA NEWS, Vol 14, No 2, 19 2013

[CAUCE North America]

CAUCE

CAUCE News, Volume 14, Number 2
February 19, 2013


IF YOU DON'T KNOW WHY YOU GOT THIS MESSAGE: Please see the "About This
Message" section at the end. See [1]our web site for the most recent
updates.
__________________________________________________________________

Facebook, their Walled Garden, and McAfee Anti-Virus - What Really
Happened
On Sunday, a number of Facebook users reported being locked out of the
system. When they attempted to log in they werepresented instead with
the a series of screens, informing them that their computer was
infected, and providing a link toa free scanning service by McAfee
antivirus software.


[2]Facebook screens
Being locked out [3]upset people to no end, because it was the first
they had heard about their computer being infected.

It appears that Facebook users on a grand scale are
receiving a notice that their account is temporarily locked and
could be infected with a virus. These users are then encouraged to
download a free tool by McAfee to scan their system.
There has been much speculation on the issue. Our best guess is that
there is a bug in Facebook's filters or algorithms
that is yielding a false positive malware result for a large
portion of these users. We have reached out to Facebook
regarding the matter and will update this thread if we hear
anything back.

Other users with Mac computers [4]insisted they were safe.

[5]Jason_michael


If only that were true. Over just these past few weeks we have read
about [6]Facebook itself being hacked due to a vulnerability in
Oracle's commoncross-platform (Windows, Mac, UNIX) software component
Java. Media-player [7]Adobe Flash has had a tough time of it toobeing
repeatedly patched, then re-hacked within days, and that runs on all
sorts of computers. One Adobe rep, lookingvery tired, said recently
that things were so busy with security issues staff had taken to
sleeping at the office. Like,as in `moved in'.
Our point? It was entirely reasonable to think that Facebook was
detecting infected computers trying to log into their systems.
Wait what? Facebook is scanning their users computers? Yes, they are.
This isn't a new activity. For example, [8]Google and Facebook helped
quell a massive infection called DNSChanger by diverting infected users
to special pages with disinfection information U.S. Cable ISP behemoth
[9]Comcast also scans their users' computers and in the case of
repeated, untreated infections, user accounts are placed in a so-called
`walled garden' limiting Internet access until they can be fixed.
Walled Gardens are a reasonable approach, and an effective way to deal
with the rampant levels of compromised computers that can damage
networks, and the users' themselves, by stealing personal information
on the machine. In fact, CAUCE has representation on the FCC's
[10]Communications Security, Reliability and Interoperability Council
(CSRIC) working group advocating a similar approach industry-wide.
CAUCE has also been involved in parallel discussions in Canada, where
the idea is still nascent, but is likely to take hold shortly.
But what does all this have to do with Facebook Users? Facebook scans
computers connecting to their network for infections, and places
compromised user computers in a walled garden until the problem can be
remediated. They offer free tools to help. They write certain rules for
the scanning engine to detect the infections Reasonable enough.
According to a Facebook rep., speaking on condition of anonymity said
the problem last Sunday was a new employee wrote rules that were a bit
too aggressive, and they incurred many false positive results, falsely
indicating computers were infected when they were not. After a couple
of hours, the error was caught, and initially they withdrew the rules,
and then began to find, and reverse the suspended status of those users
they had initially blocked. This lead to what users were experiencing -
log in once, you are told you are infected, log in again, no such
notice. This is what is known in the computer industry by the technical
phrase `oops'. CAUCE congratulates Facebook (and others) on their
efforts to help mitigate computer compromises by this approach. While
it is irksome, and sometimes scary to be locked out, and told your
computer is infected, the worst-case scenario is that you were unable
to post cat and baby photos for a short time on Sunday, and had to run
a harmless anti-virus scan.
__________________________________________________________________

What happens when people respond to pharma spam?

NPR's Planet Money did a remarkable piece yesterday, based on research
by reporter Brian Krebs and UCSD professor Stefan Savage, looking at
pharma spam (black market pharmacies selling prescription drugs), who
sends it, and what happens when people respond. The most surprising
discovery was that, for the most part, people...

Read more: [11]What happens when people respond to pharma spam?
__________________________________________________________________

Are You Donating to a Real Charity?

Please share this post. After a tragedy, many of us want to donate to
funds and charities to show our support for a community. However, scam
charities immediately pop up, looking to steal your well intentioned
donations. There are at least 30 newly-registered domains created in
the past 48 hours...

Read more: [12]Are You Donating to a Real Charity?
__________________________________________________________________

TEN STEPS : What To Do if Your Data is Being Held for Ransom

We have your data. Fork over the money! For the past few months,
so-called 'Ransomware' has been very popular among online criminal
gangs. A computer is infected with malware which encrypts some or all
of the data on the computer, and the criminals demand a payment to
restore the machine...

Read more: [13]TEN STEPS : What To Do if Your Data is Being Held for
Ransom
__________________________________________________________________

FBI Agent Thomas X. Grasso Receives First J.D. Falk Award

News Release For Immediate Release FBI Agent Thomas X. Grasso Receives
First J.D. Falk Award for Establishing DNS Changer Working Group and
Protecting End-Users Baltimore, Maryland, Oct. 25, 2012 - Convincing
competitors, disparate business entities and researchers to collaborate
- many donating their services and resources - to protect millions...

Read more: [14]FBI Agent Thomas X. Grasso Receives First J.D. Falk
Award

About This Message:

This message was written and sent by CAUCE North America. It is � 2013
by CAUCE North America, Inc.

Consider supporting CAUCE by becoming a free or supporting individual
Member or an organizational Sponsor: [15]Join Here. Organizations can
support CAUCE at several levels, starting at $5,000 per year. Sponsors
may enjoy a range of benefits, including logo placement and recognition
in our periodic newsletter. Please contact us via e-mail at
orgm...@cauce.org for additional information.

We encourage redistribution of this message, as long as it is not
spammed anywhere, is on-topic for any forum to which you send it, and
includes our copyright notice. When in doubt, post the URL of our site
(http://www.cauce.org) instead, or put it in your signature. Press,
broadcast, and Internet media may treat this material as they would a
press release.
__________________________________________________________________

You have received this message because your address was signed up for
the cauce-us-announce mailing list. If you do not want to receive any
further messages from this list or think you were subscribed without
your knowledge, please send a message containing "unsubscribe" to
[16]our list management system or use [17]the list's home page, or
contact owner-cauce...@lists.cauce.net to be removed manually.
We exist to eradicate unsolicited bulk e-mail, and, unlike spammers,
will honor "remove" requests.

On the other hand, if a friend passed along this message to you and you
would like to receive the CAUCE North America News in the future, visit
[18]the CAUCE web site to join or to subscribe to the mailing list. For
other questions or comments about this message, contact
[19]comm...@cauce.org
__________________________________________________________________

This newsletter made possible in part by the support of our members.

Sponsor members
MailChimp MessageBus Return Path

References

1. http://www.cauce.org/
2. http://cauce.typepad.com/.a/6a012875e4169d970c017d4128f65a970c-pi
3. https://www.facebook.com/Facecrooks
4. http://www.techydad.com/2013/02/the-facebook-mcafee-lockout/
5. http://cauce.typepad.com/.a/6a012875e4169d970c017d4128f899970c-pi
6. http://www.bankinfosecurity.com/interviews/facebook-hack-what-breach-tells-us-i-1796
7. http://tech.slashdot.org/story/13/02/08/1751237/new-adobe-flash-vulnerabilities-being-actively-exploited-on-windows-and-os-x
8. http://www.pcmag.com/article2/0,2817,2406720,00.asp
9. http://www.dslreports.com/faq/13104
10. http://www.maawg.org/system/files/20120322%20WG7%20Final%20Report%20for%20CSRIC%20III_3.pdf
11. http://www.cauce.org/2013/01/what-happens-when-people-respond-to-pharma-spam.html
12. http://www.cauce.org/2012/12/how-to-donate-safely-to-charity.html
13. http://www.cauce.org/2012/12/ransomware.html
14. http://www.cauce.org/2012/10/fbi-agent-thomas-x-grasso-receives-first-jd-falk-award-.html
15. http://www.cauce.org/cauce/join.html
16. mailto:cauce-us-ann...@lists.cauce.net
17. http://lists.cauce.net/cgi-bin/mj_wwwusr?list=cauce-us-announce&func=unsubscribe
18. http://www.cauce.org/join.html
19. mailto:comm...@cauce.org
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly