Watch What You Click: Part 6,452 -- Redmondmag.com

Watch What You Click: Part 6,452

By Lafe Low
08/29/2007

How many times have you had to tell your users not to click on unknown links, not to open attachments from unrecognized addresses, and so on? Are they listening? They may well be. Even if they are, though, a new threat reported by Exploit Prevention Labs still gets around even the sharpest common sense with a sneaky bit of social engineering.

Apparently, the perpetrators try to get you to click on what looks like a normal YouTube address. The trouble is -- it's not. You're sent to a different address that hits you with a lovely bouquet of threats like keyloggers, spyware and rootkits. Yikes. That's like going in to watch Shrek the Third and seeing Saw III instead.

It's classic social engineering -- preying on users' trust and getting them to do something they think is completely safe. But then, we're never really completely safe on the Internet any more, are we?

You can check out the blog by EPL's Roger Thompson for more on the YouTube spam exploit. And watch what you click.

Have you fallen victim to something like this? Have your users? How do you go about protecting your users from social engineering like this? Send your tales of horror (rated PG-13 or lower) to [email protected].

Microsoft Release Updates
Our buddies in the Pacific Northwest have been mighty busy. There's news about two of the major releases coming in the fourth quarter of 2007 or the first quarter of 2008 (which I've heard several Redmondians refer to as Q5).

System Center Configuration Manager is coming soon. And, of course, the one, the only...Windows Server 2008 (previously called "Longhorn"). Microsoft's long, dusty cattle drive is actually nearing completion.

Microsoft just announced the RTM (release to manufacturing, which means it's mostly done noodling around with the code -- mostly) of SCCM 2007. Check out the System Center Web site for download details.

The new SCCM 2007 has several major upgrades:

Comprehensive deployment and update tools
Enhanced insight and control
Extensible optimization for Windows
Server, client and mobile device management

We hear Microsoft will soon be announcing a release candidate for Windows Server 2008. Originally scheduled to be rounded up by the end of the year, it looks like it has slipped into Q5, or "early" 2008. Dare I say Q1 2008?

What are your plans with all the new, major releases coming from Microsoft? Have you upgraded? Do you plan to upgrade? Wait and see. Please let me know as we'll be covering the acceptance and deployment of the big guns quite a bit in the coming months. Release your thoughts at [email protected].

More on Monster
This Monster.com breach debacle keeps getting more interesting. Apparently, Monster waited for up to five days to inform users about the recent security breach.

Hackers got in and grabbed confidential information -- like names, physical addresses, phone numbers and e-mail addresses -- from nearly 1.3 million job seekers. Monster first learned about the breach from Symantec investigators on Aug. 17, and Monster and Symantec security forces were able to shut down the attack by late in the day on Aug. 20.

However, it wasn't until last Wednesday, Aug. 22 -- after the dust had settled -- that Monster posted a warning on its Web site. So those affected job seekers were blissfully ignorant of their compromised information for an extra couple of days.

Monster maintains a database of nearly 73 million resumes, so that 1.3 million might not sound like a very big slice of its pie. Still, I wouldn't want anyone to grab my resume unless they were planning on adding me to their payroll and letting me take over the corner office.

Does your organization have a policy on reporting security breaches? Have you ever gone through this process, either on the corporate end or the customer end? What do you think Monster should have done? Don't wait two days; tell me now at [email protected].

Laptop Data Theft: Part 2,432
Seems like there's a story every other week about the theft of a laptop or mobile device packed to the gills with the public's personal information. Here's this week's installment:

The names and Social Security numbers (that's the golden nugget for ID thieves) of more than 106,000 registered taxpayers in Connecticut were on a laptop recently stolen from the Connecticut Department of Revenue's headquarters in Hartford. The laptop in question is indeed password-protected and, starting today, citizens can log on to the DoR's Web site to see if their names were among the purloined.

At least this wasn't a case involving unnecessary risk, like carrying around an entire agency's or citizenship's personal data on a mobile device like there's nothing to it. Still, there clearly needs to be stronger, physical data protection measures in place to protect people. We've spent so much time, money and effort on electronic and online protection that sometimes the gates, guards and guns get forgotten. Here's a plea to those who maintain public data: When you leave your desk to go to lunch, please lock up your laptop.

Have you ever been part of one of these public disappearing data debacles? Are you charged with maintaining public information? How do you physically safeguard you devices? Let me know -- then lock up your laptop -- at [email protected].

Mailbag: Acer Grabs Gateway, Monster's Monster Problem
Yesterday, Peter reported on Acer's acquisition of Gateway. Here are some of your thoughts on the buyout -- and the PC maker with the memorable cow-themed boxes:

I hope Gateway quality does not suffer. All of the Acer PCs I have seen, including some just a year ago, were poor quality like they have always been.
-Jim

My first computer was a Gateway, in late 1993. I think it was a 486MHz and I remember being concerned that it was "Pentium-ready" (it was). I eventually got the processor overdrive thingy. It had 16MB of RAM and I think a 320MB hard drive. I spent almost every evening sitting at that PC, eating my dinner from a plate in my lap, in order to learn "computer skills" like typing. That Gateway served as the domain controller for my NT domain which I built in order to learn about the technology.

It finally died at some point, but it lasted for years. I was pretty sad when I took it to the recycler. Felt kind of like I was abandoning it.
-J.C.

Gregory gives us his 2 cents on the Monster.com phishing saga:

I just wanted to let you know that I received a bogus e-mail from Monster back on April 8 wanting me to download a job tool if I wanted to continue accessing my account with Monster. Everyone is saying this started in June, but I suspect this has been happening for much longer. I received two or three of these e-mails, I think, before the one I kept in April.
-Gregory

Got something to add? We want to hear it! Leave a comment below or send an e-mail to [email protected].

About the Author

Lafe Low is the editorial liaison for ECG Events.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.