iPad owners targeted by hackers

It was just a few weeks ago that security experts announced the first ever virus targeted at an Apple iPad, only to admit very quickly that it wasn’t really targeted at the iPad but iPad owners.

There’s always a time lag between the launch of an exciting new product and the launch of a hack or virus by criminals targeting that product and its users. So experts were relieved that so far, the iPad doesn’t seem to have been compromised.

I wish I could say the same for iPad owners. In April, thousands of iPad users received an email with an attachment claiming to be an “iPad Software Update.” Anyone clicking on the attachment instead found their (Windows) computer infected with a backdoor data stealing program. Then earlier this week hackers managed to steal the email addresses of more than 100,000 iPad users by hacking into the servers of AT&T.

But rather than exploit the stolen addresses, at least for now, the hackers shared the information with the media. And what a haul! The list of hacked iPad email addresses included employees from financial firms Morgan Stanley, Citigroup, and Goldman Sachs, the Departments of Justice and Homeland Security, and celebrities like New York Mayor Michael Bloomberg and White House chief of staff Rahm Emanuel.

It’s no surprise that if hackers can’t attack the iPad yet, they’ll settle for the next best thing – iPad owners. And why not. Just like Facebook, hackers go where the crowds are, and with iPads now selling around the world at the rate of one every 37 seconds, successful attacks against the iPad aren’t far behind.

Lessons learned?

• If you have to be amongst the first to own the latest and greatest tech tool or toy, expect to be amongst the first to be targeted by thieves.
• Not all attacks are high tech, and there are growing reports of “snatch and run” thefts of iPads used in public places. So be careful where you use it.
• Expect you and your information to be exploited before your iPad and because of your iPad.

iPad Users Targeted by Hackers
http://www.telegraph.co.uk/technology/apple/7638376/iPad-users-targeted-by-hackers.html

Hackers hijack search results to trap you

It’s World Cup frenzy again (in case you missed it that’s the Soccer World Cup, being played out in South Africa) and all over the world millions of web users, from die-hard fans to just the mildly curious, will be turning to search engines like Google for the latest news, scores, and rankings.

So too will hackers. Not so much because they’re fans of soccer, but because they’re fans of global news events that they can exploit. One of the most popular and dangerous tricks is called search engine or SEO hijacking – breaking into the boiler-rooms of the most popular search engines, and manipulating the system so that their malicious links and web pages show towards the top of search results.

Sounds complicated but it’s actually very simple. For some reason web users seem to automatically trust web pages that appear at the top of their search results. If hackers can inject their pages into the top results of a search on something like the World Cup, they can use those pages to redirect surfers to malicious web sites or trick them into downloading malicious software.

The strategy isn’t new, and hackers seem to turn to it every time a major news story captures the public interest. Before the World Cup, hackers were placing fake stories and web sites about the French tennis open to trap users, and before that the hurricane in Guatemala.

And of course the tragic BP oil spill in the Gulf is being used around the clock by hackers to feed fake stories and trap unwary users.

Lessons learned?

• Don’t assume that if something you search for appears at the top of your search results, it should be assumed to be legitimate. Always use caution.
• Consider using one of the many free browser security tools, like Finjan’s Secure Browsing, that will alert you about a suspicious web page before you click on it.
• Keep your anti-virus software constantly updated and your computer constantly patched. Many of these attacks exploit computers that have security holes or vulnerabilities left unpatched.

Beware of strangers (and friends) bearing gifts

If you’re a regular Facebook or Farmville user, you might have come across a message from your friends recently, warning that an offer of a “White gift box” circulating on Facebook is actually a virus and therefore you should not click on it.

Hundreds of thousands of FB users have apparently received such a warning and yet the security industry knows nothing about it. Except that they think it’s probably either a hoax or a case of mistaken identity. So far, security experts have not been able to find any malware connected to the white box message in circulation, and are speculating that it all boiled down to a case of mass hysteria.

Which brings up an interesting point. Should we rely on users and the public, who can often make mistakes, to spread warnings about online threats and therefore use the power of millions to keep our communities informed, alert, and safe?

Or should we leave such alerts to the experts, who can first verify if the threat is real before warning the world to batten down the hatches?

One of the problems that arises is user fatigue. If there are too many instances of fake viruses, users may just switch off, and either not share any future warnings or alerts or not pay any attention to warnings they receive.

A quandary.

Lessons learned?

• Before you share a warning about any security issue or threat, do a little research to make sure it’s not a hoax.
• If you receive such a warning, do the same – verify first – before you act on it or pass it to others.

White Gift Box With a Blue Ribbon? Farmville virus or hoax?
http://www.sophos.com/blogs/gc/g/2010/06/09/white-gift-box-blue-ribbon-farmville-virus-hoax/

Related posts:

1. Weekly News Wrap-Up for 4 June 2010
2. Weekly News Wrap-Up for 17 May 2010
3. Weekly News Wrap-Up for May 10, 2010
4. Weekly News Wrap-Up for 28 May 2010
5. Weekly News Wrap-Up for 19 April 2010