That means Facebook’s system will be able to recognize not only yours but the faces of its other 500 million to 600 million users worldwide. The company will be able to identify you simply by your face. Facebook stated in its blog that starting in just a few weeks, its system will scan all photos posted to Facebook and will offer up the names of the people who appear in the frame. All of Facebook’s users are automatically being added to the database.

The facial recognition feature is automatically turned on. Users who don’t want the service must go in to their privacy settings and manually opt out of it.

So, how can you disable this new “feature”? Just follow these steps:

• From your Facebook home page, click on “Account” in the top right corner, and then click on “Privacy Settings”.
• Scroll down to the bottom of the page and click on “Customise settings”.
• Scroll down to the section titled “Things others share”. You will find a setting named “Suggest photos of me to friends”. Click on the “Edit settings” button.
• On the right side of the settings window, click on “Enabled”, and then click on “Disabled”.
• Click on “OK” to save the new settings.

Apple and Google are well aware of the fact that mobile devices are a prime target. Both companies screen apps for malware before allowing them to be sold on their app stores. While this may not catch ALL instances of malware-infected apps, it’s good to know that “someone is minding the store”. But what happens when the user decides to break the security model of the mobile device or download apps from a less trustworthy source? For example, a typical iPhone security configuration restricts the installation of apps to those available on Apple’s App Store. But a user can “jailbreak” the iPhone and install apps from third-party app stores. The problem is that many of these third-party app stores are not as diligent on preventing the spread of malware embedded within mobile apps.

A new trojan has been identified that targets the Android platform. This trojan, called “Geinimi”, gathers device information and personal information, then transmits it to a number of remote servers. This trojan has been called ‘the most sophisticated Android malware we’ve seen to date’ by the security company Lookout Mobile Security. What makes this trojan significantly different than other mobile malware is not the fact that it transmits data to remote servers, but the way the malware receives updates and attempts to hide itself from detection. “In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted,” says Lookout. This method is similar to the process used by the Stuxnet worm that apparently targeted Iran’s Uranium enrichment centrifuges.

For now, Geinimi appears to target Chinese-speaking users of Android. The malware is found embedded in legitimate apps offered on third-party web sites with Android applications that have not been vetted for security.

So, what can the typical user do to protect themselves against this threat? Consider downloading and installing a security program designed specifically for mobile devices. Lookout Mobile Security offers a free download for Android, Blackberry and Windows Mobile. NetQin also offers a free download for their product that supports Android, Symbian and Windows Mobile.

More Info:
Lookout Mobile Security
Trend Micro 2011 Threat Predictions
Trojan can take over Android phones
Android mobile malware has botnet-like traits

Usually, security flaws have been associated with “jail-broken” phones, which bypass the Apple security model. However, I have verified this vulnerability using an iPhone 3G and iPhone 3Gs, both running iOS 4.1, and neither of them were jail-broken.

So, how does it work? Here’s the steps:

• Press “emergency call” from the Password screen
• Push the pound key three times
• Hold down the green key, and the moment you let it go, you push the lock (power) button.

It may take you a few tries to get it just right, but by unlocking the phone in this manner, you gain access to all of the information available when the device is in “phone mode”. This means you can see who is saved as Favorites, recent calls, all contacts, the keypad (to dial any other number), and voicemail.

It appears that you do NOT gain access to any other applications on the device. However, the “auto lock” feature is disabled, and the phone will not lock on its own if you have a preset time (i.e. two minutes).

There are two different ways to get out of this mode. The first is to power off the device by holding down the lock/power button until the “slide to power off” control appears. Power down the device, and then turn the device back on as you normally would. The second method is to place a call. The phone returns to locked mode once a single call is completed, and can be unlocked using your password.

This vulnerability emphasizes the need to maintain physical control over your mobile devices, regardless of how secure you think they may be. It should also serve as a good reminder to keep your software patched as well, because Apple will (hopefully) be issuing an update in the near future to correct this issue.

More Info:
Careful, iPhone Owners: Simple Backdoor Lets Anyone Bypass Password Protection
iOS 4.1 Security Issue – Bypassing the Lock Screen to Make Calls

An angry “friend”, for example, can broadcast to everyone (including your boss) that you are in a coffee shop, competitor’s office, or local bar – even if you are sitting in your cubicle working. Even if you haven’t agreed to use Facebook’s location service. And even if you are not logged in to Facebook.

The new Places tool was released last week, and is already integrated into the standard Facebook mobile application. Places does offers users quite a bit of control over when they tell others where they are. Users must actively check-in – as opposed to being automatically checked in – as they move around.

But here’s the problem: By default, friends can “check you in” whenever they want, and wherever they happen to be. While checked-in friends don’t appear in the Places tool without their approval, the check-ins are announced to the world on the friend’s wall through status updates. Further, those updates are controlled by your friend’s privacy policies, not yours.

In other words, Facebook’s tool makes violating your friends’ privacy easy.

So, not interested in having your friends shout out where you may or may not be? Here’s how to take back control of this “feature”:

1. Select “Account”, then “Privacy Settings”
2. Click on “Customize Settings” at the bottom
3. Scroll down to “Things Others Share”
4. Find “Friends can check me in to Places” and select “Disabled”

If you’re not interested in using Places at all, then follow these steps:

1. Select “Account”, then “Privacy Settings”
2. Click on “Customize Settings” at the bottom
3. Scroll down to “Things I Share”
4. Find “Places I check in to” and select “Custom”
5. The form will show “Make this visible to: These people:” and select “Only Me”
6. Make sure none of your networks are selected
7. Click on “Save Settings”

While you’re at it, take a good look at what other information you might be sharing that could put you at risk for identity theft. For example, instead of sharing your full birthdate, just share your month and day. Identity thieves just LOVE it when you hand over your name and full date of birth (it makes their job easier…).

More info:
Facebook Places: Be your friends’ ‘Big Brother?’

Industrial control systems consist of Programmable Logic Controllers (PLCs), which can be thought of as mini-computers that can be programmed from a standard computer (in this case, a Microsoft Windows system). These PLCs contain special code that controls the automation of industrial processes—for instance, to control machinery in a plant or a factory. Programmers use software (e.g., on a Windows PC) to create code and then upload their code to the PLCs. In a previous article, we described how vulnerabilities in these systems allowed for the distribution of malware targeted at these industrial platforms… which is now the foundation of a botnet called Stuxnet.

Previously, Symantec reported that Stuxnet can steal code and design projects and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.

So, what’s the big deal, right? Now we have another botnet that is propagated through sneaker-net and USB drives. Well… consider this. By writing code to the PLC, Stuxnet can potentially control or alter how the system operates. A previous historic example includes a reported case of stolen code that impacted a pipeline. Code was secretly “Trojanized” to function properly and only some time after installation instruct the host system to increase the pipeline’s pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.

More info:
Stuxnet introduces the first known rootkit for industrial control systems
Stuxnet could hijack power plants, refineries (cnet.com)
Threat Write-up:W32-Stuxnet (Symantec.com)

First, the malware takes advantage of a zero-day vulnerability in Microsoft .lnk shortcut files, and infects Siemens WinCC Scada software running on Windows 7 Enterprise Edition x86 systems. It spreads via USB drives and runs automatically when a shortcut icon is displayed on a user’s screen, thereby circumventing preventative measures such as disabling autorun and autoplay in Windows.

Second, the malware is using digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan – RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos. It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.

Third, the malware takes advantage of hard-coded default password in Siemens’ Simatic WinCC software to access the control system’s Microsoft SQL database, which has reportedly been available on the Internet for several years.

The malware steals industrial automation layout design and control files specific to control systems, encrypts it, and then attempts to upload it to a remote server. As with most new malware, it checks for a response from the server, which may contain more commands. The countries hardest hit by this exploit are India, Indonesia and Iran, with the United States being sixth on the list.

More Info:
Details of the first ever control system malware (FAQ)
Trojan-Spy.0485 And Malware-Cryptor.Win32.Inject.gen.2 Review (.PDF)

Chris Carboni isn’t sure you would know. Chris wrote a blog entry for the SANS Institute’s Internet Storm Center, where an online poll was taken in June that allowed readers to report their experiences with malware on mobile devices. As of July 12, Chris reported the following:

Only 15.3 percent of readers are scanning mobile devices for malware.
Of those who are, however, 18.1 percent are finding it.
But 84.6 percent are not even looking.

Now, the poll has a very small sample (statistically speaking), with only 540 responses by July 12th, but at first glance, the results indicate that the mobile platform is a target-rich environment.

However, he added, “I have been monitoring the statistics as responses are entered and the percentage of people reporting they found malware consistently ranged from 15-20 [percent] so 18.1 [percent] seems to be a reasonable number. Likewise the percentage of people who were not scanning ranged consistently from 82-86 [percent]. Based on those numbers, 83 of the 457 people who responded who were not looking for malware would be infected. Ouch.”

What’s worse is that as smart phone processing power increases, more activities are conducted through the phone instead of the desktop, to include online banking, email, and social networking. What took years to develop and fine-tune for the desktop computer is happening practically overnight with the mobile platforms.

More info:
Is your smart phone infected with malware?
Thoughts on Malware for Mobile Devices – Part 2

Security company Trusteer, which is very familiar with Zeus/Zbot bank Trojan activity, reports that the latest attack is aimed at customers of 15 unnamed US banks.

How does this type of attack work? Zeuse works by exploiting what’s called a “man-in-the-middle browser attack”. If a PC is infected, then the trojan monitors web traffic. When the user attempts to login to a desired banking site to enroll their new credit cards, the malware intercepts and spoofs the enrollment process, throwing users a convincing screen that is used to collect the information. These attacks are occurring for both Visa and MasterCard credit cards.

More info:
Trojan attacks credit cards of 15 US banks
Zeus: King of the Bots