[IS&T Security-FYI] SFYI Newsletter, October 5, 2009

Monique Yeaton myeaton at MIT.EDU
Mon Oct 5 12:49:47 EDT 2009 

In this issue:

1. Scams On the Rise
2. Are Some Browsers Safer Than Others?


----------------------------
1. Scams On the Rise
----------------------------

The number of scams reported by Americans grew by 33 percent last  
year, according to the FBI-backed Crime Complaint Center. Americans  
lose hundreds of millions of dollars a year to cyber crimes such as  
Nigerian 419 fraud, also known as advance-fee fraud. Definition: <http://en.wikipedia.org/wiki/Advance-fee_fraud 
 >.

With the economy squeezing its citizens, Americans succumb more easily  
to offers of riches, according to experts. A story in the Washington  
Post looks at the people behind these scams, specifically Nigerian  
419. According to the article, 419 is cemented in Nigerian popular  
culture, and there are even pop songs glorifying the practice.

Nigeria is not alone in committing Internet fraud. According to the  
FBI, the United States and Britain are at the top of the list of  
perpetrators. But it does appear that online scam offers originating  
in Nigeria have increased in the past year.

Full story in The Washington Post:
<http://www.washingtonpost.com/wp-dyn/content/article/2009/08/06/AR2009080603764.html 
 >


------------------------------------------------------
2. Are Some Browsers Safer Than Others?
------------------------------------------------------

A report released last July by NSS Labs, an independent security  
product testing and certification organization, compared how each of  
the major Web browsers dealt with socially-engineerd malware. This  
malware is designed to install a harmful program to a target system by  
convincing a user to download a seemingly benign program from a web  
site. The lab also ran a test on phishing protection in the same  
browsers.

How do the browsers hold up? Note that the tests were commissioned by  
Microsoft, casting suspicion on the results. However, the lab did add  
their test methodology to the review to allow readers to draw their  
own conclusions.

According to the reports:
IE 8 detected and blocked the most malicious URLs linked to social  
engineering malware: 81%.
Firefox 3: 27%
Safari 4: 21 %
Chrome 2: 7%
Opera 10: 1%

IE 8 was also at the top blocking phishing URLs: 83%
Firefox 3: 80%
Opera 10: 54%
Chrome 2: 26%
Safari 4: 2%

In regards to responsiveness of browsers, the lab looked at how long  
it took for browser databases to update missing information about a  
malicious URL. Within a time limit of 5 days:
IE 8: updated its database for 92% of the threats
Firefox 3: 24%
Safari 4: 23%
Chrome 2: 19%
Opera 10: 1%

The lab also looked at how fast browsers added blocks to known  
malicious URLs:
Opera 10: added blocks within an average 5.5 days
Firefox 3: average 6.7 days
IE 8: average 9.2 days
Safari 4: average 31.5 days
Chrome 2: average 76.8 days

According to some experts, the reports do not provide a good overall  
rate of browser protection, as the items tested are only one layer in  
a system of multi-layered defense. Anti-malware software on a system  
and up-to-date patches, among others, work together with browsers to  
keep a user safe on the Internet.

You can download the reports from the NSS Labs web site at: <http://nsslabs.com/ 
 >

Read critique of the reports here:
<http://arstechnica.com/microsoft/news/2009/08/microsoft-sponsors-two-nss-reports-ie8-is-the-most-secure.ars 
 >

= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >



Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
===============================

October is National Cybersecurity Awareness Month.
Stay Safe Online!
Visit http://www.staysafeoneline.org for the latest cybersecurity tips.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091005/3df0bf67/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091005/3df0bf67/attachment.bin

More information about the ist-security-fyi mailing list