Tech a byte

Philippines dot ph (.ph) domain was recently listed this year by the virus company McAfee as one of the Top Ten Most Risky Domains using its SiteAdvisor and TrustedSource technologies. As summarized on below reports, dot ph (.ph) ranked 6th (overall worldwide risk) and ranked 4th (by country) with 2,272 risky domains.

http://us.mcafee.com/en-us/local/docs/Mapping_Mal_Web.pdf
http://us.mcafee.com/en-us/local/docs/Mapping_Mal_Web_Summary.pdf

Computerworld.com.ph website has been tagged as 'harmful' in Google SERP.


Update:
(11/5/2009): Computerworld.com.ph is unlisted in Google SERP as a 'suspicious' site.

Twitter introduces a new feature to block spammers. This can be done by clicking the 'Report [profile name] for Spam' button under Actions section of a profile's sidebar. With this, suspicious profile will be blocked on following or replying you.

This feature has not been applied automatically so that it will not be abused by twitterers who will intentionally report profiles as spam for those they don't like. Besides, reported spam profiles will be scrutinized manually by Twitter's Trust and Safety team for authentication.

Keep updated, follow me on twitter.

Windows 7 Community Launch Party
WHEN: OCTOBER 22, 2009
TIME: 7pm - 10pm
WHERE: 16th Floor Conference Rooms, Microsoft Philippines, 6750 Ayala Ave, Makati

Source: http://msforums.ph/forums/t/53441.aspx

PinoyGreyHat Gathering 2009:The Beginning
WHEN: DECEMBER 12, 2009
TIME: 4pm - 12mn
WHERE: BayView Hotel, 1118 Roxas Blvd. cor. U.N. Ave., Manila

Source: http://www.pinoygreyhat.org/xml/events/

I stumbled on this site (StaySafeOnline.org) and it has lot of tips on how to stay safe while online. Protecting oneself while surfing the Internet does not need any technical knowledge. Just learning and applying the basic security practices can make a big difference in keeping oneself safe from Internet threats.

Hey, what's wrong with Google? Just visited the site and I'm shocked. Looked at the spelling?!?



I quickly check the image and it's a prank. Today, is Google's 11th Birthday (double letter 'l' represents number '11').

Hahaha, nice done Goooooooogle!

Yes, you heard it right. Users are now able to attach up to 100MB of files to their email using Drop.io’s new Attach Large Files application, one of the newly-added apps to Yahoo! Mail a couple of weeks ago.

And so here's a video tutorial.

While thousands of people lined up the streets in Manila to witness the funeral procession of former Philippine President Corazon C. Aquino, millions of Filipinos here in the country and in other parts of the world are deeply relying on television and mostly on the Internet in keeping them up-to-date on the latest news on the last farewell of the "Icon of Democracy". That is why cybercriminals are taking advantage by exploiting the news from Cory Aquino's death up to her funeral day by poisoning search engine results that leads to malicious links and redirect users to malware distribution sites. These Blackhat SEO attacks are not new as these were used even on the deaths of famous people like Michael Jackson and Farrah Fawcett. Here are some additional search queries or words that I used to locate suspicious websites similar to what Trend Micro Labs has found:


"corazon aquino funeral"
"corazon aquino burial"
"cory aquino funeral"
"cory aquino burial"


Security experts advise users to exercise extreme caution in searching for related news and information. Keep antivirus up-to-date and not to click or try to visit unknown websites even if the links are posted in emails, tweets, live streams and social networking sites.

Google currently listed Datablitz.com.ph - the books, games and software distributor - as a 'Suspicious' site that may harm its visitors' computer. According to the Safebrowsing Diagnostic Page report, the malicious software is hosted on 1 domain, davtraff.com.


On the other hand, the Unmaskparasites report indicates two catalog index pages of Datablitz suspected to have malicious content. Website Administrators should constantly check the site and ask Google for a Malware review if listed as a suspicious site to avoid panic on its visitors.

Update:
(8/17/2009): Datablitz.com.ph is now unlisted in Google SERP as a 'suspicious' site.

Check out Twitter's redesigned look on its front page. Cool.

Twitter, the popular social networking and micro-blogging service, has currently took over security by cleaning up spam accounts. With this, you may lose followers who are not 'real people' as these accounts are bots that automatically follow Twitter users expectedly used for spamming, phishing and malware-related distribution.

Yesterday, I have posted that the PRC website was injected with malicious code. And now, Google has tagged the site as 'harmful' as it may hosted malicious software. I can't imagine how risky this will be on its users once the June 2009 Nursing Board Examination Results will be published. AFAIK, there are about 80,000 who took the June 2009 NLE exams.


By looking at Google Safebrowsing Diagnostic report, the malicious code is hosted on two domains -- gamemaill.com and f1y.in. Don't visit these sites.

Updates:

(7/19/2009): Site is currently offline.
(7/25/2009): Site is up and running. However, the malware warning in Google has not yet removed.
(8/27/2009): Malware warning was removed.
(9/2/2009): Site is again listed as 'suspicious'.
(9/4/2009): Malware warning was removed.

If you tend to visit the PRC website (www.prc.gov.ph), noticed that you can never get through on the examination results page? Does it mean that it is down? No. The site is hacked again. WTF! Damn, this is the 3rd time (1, 2, 3) that the site was hacked within this year. Looking at the status bar of the screenshot, you will notice a website hosting a script containing malicious codes. This script was injected not only on the exam results page but also on some Quick Access links. See below Google Safebrowsing diagnostic page report.

(Screenshot courtesy of DEFCONPH)

Commission on Elections (COMELEC) will have to tap about 80,000 IT Professionals on the forthcoming 2010 Automated Elections. See below for full story.

************************************************

MANILA, Philippines — With the obstacles to poll automation for the 2010 elections almost all cleared, the Commission on Elections (Comelec) is now looking for information technology (IT) people to handle the voting machines.

Comelec Commissioner Rene Sarmiento on Thursday said at least 80,000 IT personnel are needed to assist board of elections inspectors (BEIs) in the forthcoming polls.

Anticipating the possibility that not enough public school teachers would be able to fill the required staff, the Comelec plans to tap IT personnel from various government agencies.

Should that still not be enough, the Comelec might tap the private sector, Sarmiento said.

He explained that the Comelec is allowed to tap IT-capable persons to be present in each precinct during Election Day.

Only those accredited by the Department of Science and Technology (DOST) would be tapped, he added.

Sarmiento said the mechanics of tapping IT people will be up for discussion at the Comelec very soon.

With the signing of a contract designating Smartmatic and Total Information Management (TIM) as the automation partner of the Comelec for the May 2010 elections, the poll body said it will go ahead with the clustering of the 250,000 precincts used in the 2007 polls to reduce these down to only 80,000 precincts.

Under the P7.2 million contract, Smartmatic and TIM will supply the 82,500 voting machines for the 2010 elections, with 2,500 machines serving as backup. One precinct count optical scan (PCOS) machine is to cover about 1,000 voters.

Aside from the reduced number of precincts, the number of personnel manning the precincts will also be significantly reduced.

In the 2007 elections, the Comelec had to tap private school teachers to serve as members of the BEIs due to lack of public school teachers.

Records of the Department of Education (DepEd) showed that it had only 500,000 teachers during that most recent election, short of the 750,000 teachers required to serve as election inspectors.

While Smartmatic Corp and TIM have promised to send their own computer technicians to manage the voting machines, the Comelec said such technicians won’t be allowed inside polling precincts.

Sarmiento said the law is specifically states that only BEI members and the IT-capable person are allowed inside polling precincts.

Source: GMANews.TV

Don't visit the site as it is currently infected with malware.




Update --
(7/18/2009): It is now safe to visit the site.
(8/8/2009): Oishi.com.ph is listed again in Google as a 'suspicious' site.
(8/22/2009): Warning sign has been removed on SERP.

Search engine giant Google will sooner launched its newest project - the Google Chrome OS. It is an open source and lightweight OS whose primary key aspects are focused on speed, simplicity and security. Source code will be open-sourced later this year that is initially targeted to netbooks. Any questions? Visit FAQ.

LONDON - The wife of the new head of Britain's spy agency has posted pictures of her husband, family and friends on Internet networking site Facebook, details which could compromise security, a newspaper said on Sunday.

Sir John Sawers is due to take over as head of the Secret Intelligence Service in November. The SIS, popularly known as MI6, is Britain's global intelligence-gathering organization.

In what the Mail on Sunday called an "extraordinary lapse," the new spy chief's wife, Lady Shelley Sawers, posted family pictures and exposed details of where the couple live and take their holidays and who their friends and relatives are.

The details could be viewed by any of the many millions of Facebook users around the world, but were swiftly removed once authorities were alerted by the newspaper's enquiries.

"There were fears that the hugely embarrassing blunder could have compromised the safety of Sir John's family and friends," the newspaper said.

Publishing the story on its front page and the pictures on a double-page spread, the Mail on Sunday said the information "could potentially be useful to hostile foreign powers or terrorists."

It was the latest in a string of security blunders, lapses and leaks by British officials that have embarrassed the government of embattled Prime Minister Gordon Brown.

Source: ABS-CBN News Online

*********************************

A big slap on spy chief's face. Lesson is, Information Security and privacy should have taught to family members when using social networking sites as well as tight secrecy of one's role to avoid security leaks or exposure.

Well, I'm not sure if deleted photos mentioned were really 'deleted' in Facebook.

Released last June 30 for public download, Mozilla will soon release its first patch on mid-to-late July to fix several bugs and "topcrashes".

Yahoo! Mail is up-to-date in filtering email with subject line connected to Michael Jackson's death as a spam. Replying to a spam email will then confirm that the email address is active and will be used by spammers in their future activity. Even receiving a forwarded message (see above screenshot) is likely to be cautioned as well and advised not to open such if it came from a unknown sender.

Think again. Visit this article from Computer World. Users are warned to scan virgin systems for malware before connecting them to the Internet as advised by Kaspersky Labs Researchers.

To ensure that a new PC is malware-free, Schouwenberg recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer and transferring that update to the new system, then running a full antivirus scan.

"That's the best course of action, even though it sounds like a lot of work," said Schouwenberg.

As recorded by Zone-h, a total of 100 government sites was defaced yesterday (May 21) by 3 known foreign hackers: ISCN Team, Cyber-Hero and Black.Spook. Black.Spook rooted 91 sites, 6 sites by Cyber-Hero and 3 sites by ISCN Team. All of these defaced sites were running FreeBSD servers.

Browser security is a serious issue nowadays but oftentimes overlooked by users. Hence, there is a free online service that offer safety by checking and testing browser(s) for up to date flaws, exploits, bugs or vulnerabilities. This service does not collect any data from your computer upon testing nor install any viruses thus the test is safe.

Browser Security Test


Visit the FAQ for additional information.

MANILA, Philippines—Senator Alan Peter Cayetano has filed a resolution setting aside P100 million as an incentive to anyone who can convincingly demonstrate the weakness of the automated poll system.

Cayetano, at a press conference Friday, said that if any IT expert can establish that the system to be used in the 2010 polls is not secure from fraud and tampering, "Comelec should cancel the contract, save the P11 billion and sue for damages the contractor in the event of such successful hacking."

He said he would rather revert to the manual counting of votes if the computerized system would lead to wholesale cheating.

Cayetano said the resolution, which he would file on Monday, was in response to a statement by a Comelec official challenging cyber security experts to test the system for weaknesses.

"The most effective way to test if indeed a system is credible, reliable and tamper-proof or fraud-proof is to offer a sizable prize to whoever can hack and convincingly show the weaknesses of the system," Cayetano said in his draft resolution.

"To make the said incentive system work, there is a need to authorize the Commission on Elections to set aside the amount not exceeding P100 million to be utilized as a prize money for the said successful hacker," he said.

If the system is successfully hacked, the Comelec will then be authorized to cancel the contract and sue the winning bidder.

Despite repeated assurances poll automation will significantly curb cheating, Cayetano said there are fears it might actually induce a "bigger and more sophisticated method of election cheating if the system is vulnerable to manipulation."

Source: Inquirer.net

The US Department of Homeland Security released a tool on Monday to detect whether a computer is infected by the Conficker worm.

Full Story

Conficker's routine on the April 1st with its newest variant dubbed as "Conficker.C" is still a mystery to security researchers.

PCs infected with Conficker.c, the third version of the worm that first appeared late last year, will use a new communication scheme on April 1 to establish a link to the command-and-control servers operated by the hackers who seeded the malware. The date is hard-coded into the worm, which in turn polls any of a number of major Web sites, including Yahoo, for the date, said Stewart.

"So far, we haven't seen any evidence [on those machines] of what it will do April 1," added Stewart, although that's to be expected. "It's not April 1 yet, so they're not going to put something online, where it might be found. In fact, it's almost a little risky for us to try to look for those sites, since it might give away that we have some bots in their network."

However, on F-Scure's notes on their blog, nothing is likely to happen on the said date. Hopefully.

Gmail is already up after an outage occurred last Tuesday at approximately 0930 GMT leaving millions of people worldwide disrupted on their access for about two and a half hours.

Phishing Scam hits Twitter last week as users received direct messages from friends to open a blog which directed them to a bogus Twitter website, giving away their user name and password once they logged in. Website address may look like this:

http://twitter.access-logins.com/login

Note: Don't try to access above site


Though the hit is not as big compared to Myspace, still users are warned to be careful and be vigilant when encountering suspicious messages or websites.

Source: Twitter Blog

Malicious code circulating through spam messages in relation to Israel-Hamas conflict (Gaza War) was launched yesterday by spammers (which reportedly hosted in China) at around 9 a.m. EST.

Information about these spam messages

• These fake emails are disguised and appear to come from CNN with subject lines "Israel offers short respites from strikes".
• The body of the messages indicates a link to a legitimate-looking CNN website where a news story about the war can be found.
• This bogus website additionally contains a video of the said war and when user attempts to watch it, a pop-up message appears to tell the user to update their Flash player. This is not a legitimate update, but instead a malicious code will be downloaded and may cause serious problem.

Preventive measures to mitigate the security risks

• Keep antivirus updated.
• Do not open open nor unsolicited email messages and links.
• Do not visit untrusted websites.
• Obtain software applications/patches/updates directly from the vendor's website.