Better Safe Than Sorry

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Phishing Targets Tweeter

The popular mobile service Tweeter has been hit with phishing messages. Nothing new about this. It is a good time to remind folks about the devious nature of these evil doers. Any method will be used to induce the unwary or stupid to visit sites that will attempt to upload all kinds of malware, spyware, trojans, etc. to your PC, smartphone or other device. The vector for this specific attack is the very popular 'TinyURL' online application that turns large, unwieldy URLs such as “http://www.somewhere.orf/really/long/directory/” into something such as “http://tinyurl.com/4d4a2” which can be remembered long enough to key into a browser. The problem is that the TinyURL could lead one to evil sites. Very bad. TinyURL's solution, which folks either don't know about or don't use or understand is to use the Preview TinyURL. In our previous example one should append the TinyURL with preview: “http://preview.tinyurl.com/4d4a2”. This will allow for the best practice of safely viewing a rendering of the intended target before actually visiting it.

iPhone Released

It's from Apple. It's cool. It's got a few neat ideas few of which are truly new. It's joined at the hip with Apple exactly like Microsoft software yet this linkage is muted because, well, with Apple this is a feature. Sure. For business users it holds nothing except promise in that you know version 2.0 will build on the hype (and, by this time, sales) to leveredge Apple into a nice position to take a run at the dying Music Industry.

Cellphones Disable Nissan Car Keys

If you drive either a 2007 Nissan Altima sedan or a Nissan Infiniti G35 sedan you will want to keep your car keys well away from your cellphone. Reports from Nissan conclude if the keys and cellphone are touching when any incoming or outgoing call is initiated the data on the car keys can be erased. No keys, no entry or ignition! Those of you who don't drive these makes or models would do well to consider the greater significance of two electronic devices colliding. Always be aware of the potential for unexpected results when dealing with the ever present digital geegaws and thingamajigs. NOTE: Contrary to the Heading this is NOT an actual product recall . . . for now.

Toronto Wi-Fi Now Available!

Woo hoo!

Persistent data indeed

Remember to always wipe the sensitive data from old devices such as cell phones and PDA's before you part with them. The Globe and Mail has the story here.

Kaspersky AV Mobile (BETA)

Kaspersky Labs is offering a BETA version of its Anti-Virus for cell phones using the Symbian OS. Sign up and offer feedback to help improve this application and you may receive a free version of the commercial version.

Dude, where are my icons?

After installing todays Microsoft updates confirm your taskbar icons are still visible. If you are a notebook user you may need to see the power meter ;-)

Flexispy.A Symbian 60 Trojan / Keylogger

This nasty litle piece of work is actually a commercial product named Flexispy! It records information about voice calls and text messaging sessions. The information is sent to a company server where it can be viewed on the web. Now, I can imagine many scenarios where this type of application could be used in a positive manner but lets get realistic and assume it will be used for nefarious purposes. F-Secure has all the details.

Toronto to get Wi-Fi

Accoording to numerous sources the entire city of Toronto will join other hotspots to provide Wi-Fi. Woo-hoo! Wait? What's that sound I hear? Why, it sounds like Ted Rogers upchucking!

Java Trojan RedBrowser-A Targets Cell Phones

Evildoers have created a Trojan that targets cell phones running Java. Found by Kaspersky Lab this puppy infects any device capable of running Java applications. The text is only in Russian so far so the chance of running into this outside of that country is small. The threat is that someone may reverse engineer it for other countries so keep on your toes. This Trojan pretends to be a WAP browser offering free browsing via SMS messages. Since many companies the world over offer cheap or free SMS the victim is tricked into believing they are able to browse the Web for free. In reality the trojan sends SMS messages to one specific number that will charge back a premium amount on the victims cell phone bill. Best Practices circa 1878: If it sounds to good to be true it probably is. Best Practices circa 2006: If it sounds to good to be true Google it.

First Symbian Trojan Targeted at the PC

A report from F-Secure details the first known attempt of a virus threat on the PC coming from a mobile phones memory card. While it seems unlikely to cause damage (read why here: http://www.f-secure.com/weblog/#00000659) this is still something to take note of for the future. Remember: Security is an ongoing process - you must be aware at all times of the potential for mischief in seemingly unrelated items. Because, cough, Better Safe Than Sorry, cough.

Bell & Rogers = Inukshuk

In a bid to stifle any competition where WiFi is concerned, Bell and Rogers have formed a new entity, Inukshuk, to spread a $200,000,000.00 wireless network across Canada. Each partner will be allowed to use 50% of the others network but such items as billing and tech support will remain distinct. How soon until each will overload the others network and blame the problem on their partner has yet to be seen. How soon until tech support and billing issues (neither of which is a strong suit for these companies) are simply blamed on each other is unknown at this time. How long before extra charges, inept installation and all network issues being blamed on each carrier remains to be seen. Watching the canabilization of each companies customer base OR the amazement of the public when the rates for this access are announced should prove highly amusing.

New Symbian Trojan

What would you do if the new application you just copied to your Symbian cell phone caused the fonts to disappear? Well, if you insist on visiting dodgy sites to download pirated software you may son have real world experience on the issue. A new trojan named SymbOS/Blankfont.A is waiting for you at a Warez site now!

Todays lessons learned:

• Never install an application on any device unless you have searched the Internet and came up blank on horror stories.
• Do not use pirated software.
• Stay away from sites that have evil intent or conduct illegal activities.

Mabir.A Virus Spread Via SMS & MMS

Cabir Mobile Phone Virus Found in US

Future Threats

New Cabir Variants are Spreading Fast

Trend Micro Mobile Security

Skulls Trojan horse carries Cabir.B cellphone worm

Trojan Targets Symbian Handhelds