A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

Source

Kelihos was never big compared to a lot of the botnets. Despite it’s size, it was extremely active. Spam and malware go hand in hand. Much of it is infected links in email which is the easiest way to infect the individual computer user.

The hard way that provides more computers for the bot-herder is injecting a web site. Not just any website will do. Google and most search engines, carry a list of known infection sites to block or refuse to connect to. That list is updated regularly. Most of them aren’t reputable sites to begin with and lack certificates, making them easier to identify. Certifications were covered in an earlier article here at Security on steroids.

The valuable site to inject, is the one with a good reputation. Inserting an i Frame of no size, makes it invisible to the eye but not to the computer. So getting a piece of internet real estate is essential to those plans.

Every time someone shows up, the i Frame redirects the computer for an adjacent web stream unknown to the user. It will then download and install the root kit for the bot. Once that is done for all practical purposes it is invisible to the user and to most malware hunters. After the installation, updates can be done at any time through the command and control servers. The bot-herder then has control of the computer without the knowledge of the owner.

Spam prevention is a major headache. In 2011, in the US alone the total estimated spam traffic for the year was around 7 trillion messages. The estimated costs vary between 1/2 million and 3 1/2 million depending on which country and source you refer to.

It also seems that spam grows with time. The first year a company has to deal with spam, it might only be 10 a day. By the third year that has rising exponentially to an estimated 1000 a day according to on line sources.

Bill Gates had one solution to spam, charge for an email, like you would a stamp on a letter. The cost doesn’t have to be big but it does have to have a cost. For those that send a few emails a week, you wouldn’t notice the cost really. For those sending out 1000′s of emails a day, the cost would be quite heavy. The main problem with putting that into service is that most individual users have no idea their computer is infected. Receiving an email bill for a $1000 would be a serious shock.

Spam economics work out because of the low delivery costs. If 7 to 10 reply out of a 1000, that will pay for itself and give some profit.

My cure would not work for businesses. I no longer use email to any degree and thereby save all sorts of time in not dealing with spam. When I must use an email, it is usually a one time usage address.

But even if a fake email is so well designed that is able to lure an unconscious user to click a link, the browsers or antivirus software have protection mechanisms in place as URL reputation for example, blocking the user to navigate to a known malicious domain. The method used by hackers to avoid this inconvenient detection, is to hack a website with a good reputation and serve the malicious webpages from there.

This was what happened a few days ago, when a lot of WordPress-based websites running the obsolete 3.2.1 version and two exploitable plug-ins(Spam Free and UPM Polls), were hacked using SQL injection and malicious files with random names(osgik.htm, agoku.htm, kaxyv.htm and so on), uploaded in wp-content/uploads WordPress folder. Then the hacker’s campaign goes further by sending bulk emails which contain links to the malicious HTML web page previously uploaded. Finally, this page contains obfuscated code which runs a hidden iFrame, so while the user see only these words “You are redirecting….Loading…Please wait…), the iFrame is connecting in the background to Phoenix Exploit Kit hosted in a Russian domain called horoshovsebudet.net.

Phoenix Exploit Kit is very effective, able to exploits vulnerabilities  Microsoft Internet Explorer, Adobe PDF, Flash and Oracle Java including the most recent vulnerability, Java Rhino vulnerability, which allows a Java Applet to run arbitrary Java code outside the sandbox with full privileges. Further, if the exploit kit discovers a vulnerability, use it to deliver its payload which can be any type of malware, very often being used info stealers.

Until now, it seems that more than four hundred WordPress websites were compromised using the above mentioned vulnerabilities.

The conclusions speak for themselves:

•  Never open attachments or click links in emails received from untrusted or unknown sources;
• Check regularly to see if there are updates for your WordPress version and used plug-ins and update them if it’s the case;

Sources:

 http://labs.m86security.com/2012/01/massive-compromise-of-wordpress-based-sites-but-‘everything-will-be-fine’/

 http://community.websense.com/blogs/securitylabs/pages/phoenix-exploit-s-kit.aspx

 http://schierlm.users.sourceforge.net/CVE-2011-3544.html

 http://labs.m86security.com/2011/12/prevalent-exploit-kits-updated-with-a-new-java-exploit/

 http://community.websense.com/blogs/securitylabs/archive/2012/01/26/phoenix-phoenix-i-need-help.aspx

Keep safe !

Affected Windows operating systems components are as follows:

Windows Media Library and DirectShow components:

•  Windows XP Service Pack 3
• Windows XP Media Center Edition 2005 Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista Service Pack 2
• Windows Vista x64 Edition Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for Itanium-based Systems Service Pack 2

Only DirectShow component:

•  Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
• Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows Media Center TV Pack for Windows Vista (32 and 64-bit editions) is also affected by this vulnerability.

Trend Micro security researchers already found this vulnerability used by the hackers to upload and execute a credentials stealer trojan in the infected computers. This malware serves to steal only credentials related to certain Korean online game sites but of course more nefarious and diversified uses can be expected in the near future.

How the attack works? The user navigates unknowingly to a web page whose HTML source contains malicious code, identified as HTML_EXPLT.QYUA by Trend Micro security vendor. This HTML code calls another malicious component, a specially crafted MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA. You know already that the MIDI file component is used to trigger the Windows Media vulnerability while the malicious JavaScript is used to decode the shell code embedded in HTML_EXPLT.QYUA.

The decrypted shell code in its turn downloads from a site, decrypts and executes a malware,  TROJ_DLOAD.QYUA which uses two components: RTKT_MDIEXP.QYUA used for its rootkit capabilities able to hide its presence on the infected system and TSPY_ONLING.KREA, the main payload used to steal the credentials for that Korean online game site as I said above. It’s a typical drive-by download attack where no user interaction is needed to succeed, other than visiting a malicious web site. The stolen credentials are sent to the attacker Command&Control server.

Online Korean game? No big deal you could say. This vulnerability it’s a big deal for its immense potential it can represent for the hackers and maybe the next malware exploiting this vulnerability will be related to your online banking credentials and not Korean games.

Therefore, it’s advised for all the Windows users to immediately patch(update) their systems, if they have not already done so, visiting this address: http://technet.microsoft.com/en-us/security/bulletin/ms12-004

Sources:

http://technet.microsoft.com/en-us/security/bulletin/ms12-004

http://blog.trendmicro.com/malware-leveraging-midi-remote-code-execution-vulnerability-found/

Keep safe !

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

Source

What started out as a way to provide a cheaper phone is now becoming a headache. Licensing is a heavy hitter in the cost of a phone. Manufactures pay serious money to use propitiatory software by Apple or Microsoft. Using Android, a derivative of Linux sourcing, provides FLOSS software. The headache with it is that the changes in OSS must be posted to the public for it’s use. This means anyone with a programmer’s background understanding Linux can also research it’s weaknesses.

Android has taken the smart phone market by storm because it’s cost conscious. This is not to put down on any of the other makers, they all have their fanboys. But the market always looks at costs when it comes time to pay the merchant for the goods. This is a problem for the official Android Marketplace where you buy your apps at. So far 13 apps have been identified with this malware. That’s somewhere between 1 million and 5 million downloads. There’s a handy chart of publisher/app name/type at the source and if you have bought and downloaded any apps from the Android App Store it might be a smart move to go check it out for your own piece of mind.

Now this is not the first time around with malware in the official store and not just with Android. No doubt more will be discovered. The problem with OSS is the securing the OS, since by it’s nature the source code is exposed. At some point they will get serious with locking the phones down before it costs them too much business.

The talk presented the findings of “Project Basecamp,” a volunteer-led security audit of leading programmable logic controllers (PLCs). The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code.

Source

This opens a whole new field of malware attack area of opportunity. It’s been coming for a long time with claims surfacing of possible hacker attacks into infrastructure that could literally effect your way of life.

To start out with, SCADA (Supervisory Control and Data Acquisition) and it’s hand in hand component PLC (Programmable Logic Controllers) are obsolete telephone technology. The telephony no longer uses them but now industry does. It’s been one of the main ways to eliminate jobs. People are no longer needed to monitor and adjust equipment on site at the component. The SCADA does that monitoring and adjusting and can be done from any where in the world or at multiple sites, including on site. It has a second appealing part in the elimination of physical panel boards and components used to operate industrial processes and changing them is a much lower expense, than altering a physical control board. It’s pretty much all virtual.

You have remote sensors that could check pressures, temperatures, levels, or tolerances. You have a SCADA rack consisting of PLC racks of plug in units that the remote sensors connect to, and you have the Programmable Logic Unit that carries the ladder logic circuits for the PLCs in the rack. All of these are hooked to a computer as a human/computer interface, where the operator interacts with the programming/GUI.

Instead of needing people at 10 different stations (which could be feet or miles apart) you have one operator at the computer checking all the data as overseer, while the logic circuits look for out of tolerance conditions. As long as no out of tolerance conditions occur, everything functions as it should. If out of tolerance conditions occur, depending on severity, either human interaction or automatic functions trigger to bypass or shutdown mechanical systems.

In addition, you could have an engineer concerned with over all plant functioning and quarterly data gathering for efficiency look at the processes in the regional central office, perhaps several states or even countries away from where the data is collected at. He too could have control with human/computer interface tied in.

So why is all this important? Well, if you live in the modern world, you get your electricity from a fairly modern power plant. That plant is very likely wired to the gills with SCADA/PLC controls. If you receive city water, that too is under the same set up. If you get city or natural gas to your residence, again, you are most likely receiving it from such a setup. You drive the roads today, very similar operations control entire red light operations through out the city for traffic control to ensure the traffic moves as smoothly as possible. Food, such as milk processing, oil platforms and refineries are included in this adaptation to SCADA/PLC. The manufacturing and service centers across the first world nations are now pretty much all wired up this way. It’s just another way of saying the entire infrastructure of major cities and manufacturing are now becoming interactive.

While all the corporations have jumped on the bandwagon of labor saving operations, security hasn’t followed suit. I am sure you have all heard of the Stuxnet worm and it’s attack on Iranian centrifuges doing nuclear enrichment concentrations. That’s all done with the same sort of setup for control and monitoring. Security for the SCADA/PLC systems are near non-existent for buffer overflows. Once in, an overflow will give access provided you have everything you need to break security and reprogram. Of course it isn’t as easy as just talking about it. There is a lot of data you have to have before hand. But if you have it, the way is open for access. The Stuxnet worm has shown the way to enter the systems. In the next few coming years, hackers will be studying these methods of access, just like they did the spyware/datamining efforts to learn how to infect computers by you just showing up at a site. The Stuxnet worm opened the door.

The testing of SCADA/PLC for basic security by a security team came back with this report.

“It’s a blood bath mostly,” said Wightman of Digital Bond. “Many of these devices lack basic security features.”

You will be hearing more of these issues in the coming years. This is just the skin off the tip of the iceberg, not the heart of the matter.

The indictment was filed in The United States District Court for The Eastern District of Virginia, Alexandria Division. Dotcom and three other members were arrested Thursday, January 19 in Auckland, New Zealand and Megaupload Ltd. and its children websites caused more than half a billion dollars in harm to copyright owners and generated more than $175 million in criminal proceeds, according to the authorities. Megaupload Ltd. earned more than $110 million over five years in membership fees and other payments via a PayPal account. Megaupload Ltd. is already engaged in a legal fight with Universal Music Group about a video uploaded to youtube.com , where UMG simply requested the video to be taken down by Youtube under a private agreement that the company says exists between it and YouTube. The UMG lawyer Kelly Klaus sent a letter to Youtube stating that UMG has the right to take down videos on Youtube  “Not limited to copyright infringement” only. Of course Youtube refuse them and stated for Arstechnica:  “Our partners do not have the right to take down videos from YouTube unless they own the rights to them or they are live performances controlled through exclusive agreements with their artists, which is why we reinstated it.”. The controversed video continues to be online.

We won’t discuss here if the charges are founded, why the New Zealand authorities arrested so quickly Non-American citizens at the FBI recommandation or other legal aspects.

You can see here on youtube:  First video: Megaupload founder Kim Dotcom appears in court

Somehow expected, a Megaupload successor, in reality a fake Megaupload website appears  on the Internet. I’m expecting to see many more in the near future.

Several hours ago a tweet of @ YourAnonNews Twitter user announced that Megaupload is back under a different address: http://megavideo.bz. To visit this page is needed to ignore the Opera browser security warning:

 Fraud Warning

This site has been reported as fraudulent. Exchanging sensitive or confidential information with this site could put you at risk for identity theft and/or financial fraud.
Opera Software strongly discourages visiting this page.

How the page looks like?

megaupload.bz

It’s at least curious if not a paradox why the page states that there is not yet a domain name but the website responds requesting http://megavideo.bz which is clearly a domain name. What the website does? Not very much but it tracks the visitors, you can see in the source page how an image 1×1 pixel is accessed from http://nht-2.extreme-dm.com host to track the visitors:

source_page

And the browser request:

browser request

http://www.extreme-dm.com is redirecting to http://extremetracking.com/ which is used to collect informations about websites visitors.

The IP used by the “successor” megaupload website (megavideo.bz or 109.236.83.66) is located in Netherlands (customer.worldstream.nl). It is rated as Suspicious by http://urlquery.net, a scanning&deobfuscating websites service. Here is the analysis report at Anubis:

http://anubis.iseclab.org/?action=result&task_id=179d0ec959aa04f148d8957b8fe8312b7&format=txt

anubis report

My advice is to stay away from this website, for me it seems fake, anyone can make a clone with megaupload.com website look and claims that: “Megaupload.com is back!”. And who is feeling comfortable knowing that his visit is tracked down?

Keep safe !

Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers.

Data exposed by the breach may have included emails, technical specifications and operational information as well as login credentials. The space agency has reset potentially exposed passwords while it continues to investigate the scope of the breach.

Source

It’s often in today’s connected world that we hear of servers, networks, and individual computers hacked into or that have picked up some malware. Mostly it tends to deal with money, banks, and financial houses.

Ever so often it deals with cyber-espionage and attempts to steal technological and trade secrets. Years of research stolen over a few months or years, depending on how good the hack was. One has to ask ones’ self, who would benefit? Who needs to know this info and maybe doesn’t have it and sees stealing it as the quicker way to obtain it? What real world consequences could such actions have?

As for who would benefit, those not in the loop of the JAXA (Japanese Aerospace Exploration Agency) would probably be the most likely candidates, Russia, China, even possibility the US or India.

China is on a learning path for space with an aggressive line towards getting there in a hurry. Much of China’s moves are headed in the direction of getting out of third world and into first world position, where it believes it should be.

The US had the technology to reach the moon in the 60′s. While it hasn’t lost it, it has lost the ability to return as a manned mission. The best we’ve managed with manned has been LEO since. No doubt we do well with robotics as that is space exploration on the cheap. What purpose to explore if we are not going there in person? While the US has spent a good bit of time in research, over time the leading edge the US enjoyed in advanced technology has now eroded as the government funding for the space program hasn’t been with a serious commitment. It’s sort of languished along without real goals for the future of manned exploration.

India has a fledgling space program, just starting to flex it’s muscles. It’s not yet really up to speed, but it’s coming along. Any data it could get without having to pay for it would certainly speed things along.

Russia collapsed and has returned to the space effort. So much so that while the US no longer has a reusable ship to send and retrieve the astronauts still on board the ISS nor to supply them with resources such as food and oxygen. We are now dependent on Russia to preform that task. Russia recently lost one of the resupply vessels intended for that mission. The second attempt was successful.

Each of these countries could use new research they didn’t have to pay for. There are probably a handful of other countries that would like to know as well, considering their own space programs.

Given that these programs are launching tons of materials into orbit, what happens when undetected malware inserts itself into the launch sequence or into the operational software of the rocket itself? Money is one thing but now we are talking lives which takes malware to a whole different level. If one of these rockets failed to make orbit, with a malfunction along the way, where does it come down at?

The US’s long range satellite probes going out to different planets, especially the distant ones of the outer system, won’t receive enough sunlight to power them by means of solar. Probes like the Voyager twins went out 30 years ago. There’s not enough sunlight at the fringes of the solar system on the edge of it’s boundary to power it. They used nuclear for that.

One of the big fears at the time was the blowing up of the rocket and scattering radioactivity through the atmosphere. Supposedly that has been address with a design reportedly that would survive reentry intact. What if it blows up? There are several countries that wouldn’t mind embarrassing the space efforts with such. In today’s infections of malware, that’s not out of consideration.

Malware has grown along with the computer age but it hasn’t reached the end of it’s potential. That should be a worrying problem for anyone.

Stefan Viebhock claims that all Wi-Fi routers studied by him(Cisco/Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL) have WPS activated by default and are suffering of  a grave design and implementation flaw which enable an attacker to gain access to an otherwise sufficiently secured wireless network. It’s estimated that 95% of home wireless routers come with WPS enabled by default.

The PIN number(8 digits) is divided in two parts, 4 digits each and the last digit(8th) is the checksum of first 7 digits. If an attacker introduces the wrong digits for the first part of the PIN he will receive an EAP-NACK(negatively acknowledge, equivalent of connection refused error in our case) message and the same for the second part. Knowing that the last digit is the checksum of the first 7 digits and making the calculations, there are needed only 11,000 attempts to find the correct PIN, making a brute force attack(“guessing attack”) likely to succeed in less than 4 hours. Even if the routers have a blocking mechanism to prevent brute force attacks, the lockout phases are not long enough and the brute force attack still succeeds in less than a day. When the correct PIN is found, the wireless router(or Access Point) send to the attacker the WPA/WPA2 PSK(pre-shared key) needed to connect to the network.

A tool which comes in two versions was released to automate the brute force attack: Reaver, a open source software based and Reaver Pro hardware based. Both versions are able to perform the brute force attack and when the correct PIN is found, the WPA/WPA2 passphrase is extracted and disclosed to the attacker. That’s all, the attacker has gained access to your home network.

I was thinking what can be the consequences of a succeeded attack against your home wireless router. It’s not only that somebody is stealing your bandwidth, but an attacker can use your wireless router implicitly your IP to perform illegal transactions or other nefarious things, so the threat is very serious. Nobody wants to risk waking up with the Police at  the door.

How can we mitigate this kind of brute force attack? The first thing we can do is to disable the WPS as advised by US-CERT. Also it’s recommended to use WPA2(not WEP or WPA) encryption method as authentication mechanism, to enable MAC filtering and to turn off the SSID( Service Set Identification) broadcast from your wireless router(make SSID invisible).

Source: http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

Keep safe !

Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.

“Given the outright mismanagement of our networks, if someone’s information is stolen, are we liable for that?” Jackson asked.

Source

So for 10 years or so, the Russian Business Network has been in the data banks of City College, along with the other usual suspects.

What none of the antivirus/malware programs can do, is prevent stupid behavior by the computer user. Somehow, that a user should never click on that naked_lady.exe image just never gets through. Social engineering pushing the user to just go ahead and click seems to be so strong that no malware protection program and keep up with it all.

There is one thing I can guarantee if you want to keep your money safe. If you never put it on a computer network and you never access online banking, your money is safe from your end. You can’t protect the bank, you can’t protect the credit card company to prevent your data from being stolen but the chances are good, it’s your computer the data will come from, not theirs. You see, they have money riding on the line in large amounts making it a constant target for hackers and scammers. So it’s smart business to hire the professional to get the job done on security. But you the individual don’t have that sort of back up for your equipment.

If you do bank on line, don’t do it with a computer that ever surfs the net. Within minutes of hitting online, is about all the safety margin you have. Once you get out of the https you’re open for whatever comes down the pipes, no matter how good your security is. Ask City College who thought they had it down.

If you are a business in the US, the banks no longer have to reimburse you for a security leak from the internet. In order to even qualify for consideration, you must run a strong A/V program and have a computer that does nothing other than financial. If it ever once, surfs the net, the bank has a way out to not pay back the loss to a business.

So far for personal accounts this isn’t the case. I would strongly recommend if you do business on line you have a dedicated computer to do that and nothing else. No playing games, no listening to music on it, no surfing the net. On the face that might sound like an expensive solution. Think of it in other terms. What would it cost you to go without whatever is in your bank account for several months before you could terminate online connections to your account? What would that mean in terms of survivability for you and your family when it comes to eating, paying bills, and going to work. Looking at it that way, it might be cheaper than it appears on the surface.

This business of malware isn’t going to go away, until software houses get serious on security. If they get it tight enough to prevent the accidental install of malware, you won’t like the product from that results. Mainly because it will be so locked down and limited in what it can do that it will be near worthless for most computer users.

The computer is a marvelous and flexible tool. It can be used for work, for entertainment, the replacement for a trip to the library to learn something, or a replacement for a trip to the grocery store or for shopping. To secure all that means to take choices out of the hands of the user. No one has yet designed the malware program that does that effectively and yet when done, leaves the user the freedom to use the computer as they so desire.

Multiply those vulnerabilities by a network full of users and suddenly you come up with the nightmare this college is now facing.

Joe Barton, a Texas Republican, and Edward Markey, a Massachusetts Democrat, are complaining Facebook is not answering questions about how the company tracks its users via cookies.

Source

In my mind, security and privacy are two sides of the same coin. To have privacy means you must have security to obtain it. Should security demand access to your data for security reasons, then privacy is invaded.

A good demonstration of that in practice, is laws on the books involving sexual harassment, the liability that corporations bear in providing emails and communications between workers, and the ability to disprove sexual harassment charges by being able to show the source info through investigation. In order to have the data to investigate any such charges, the company hosting the email must have access to the data, meaning that any communications you have over a company network will have no personal privacy.

Where the edges get blurred between privacy and security is in places like social sites. When you see a privacy policy put up by a website or social site, do not think for a moment they are concerned with your privacy. The policy is there to provide legal means to access your data, not to protect it. Anytime a privacy policy has more than a few sentences to describe it’s workings and what it means, it means you are giving up your right to privacy to access said site. Big written policies merely mean they have to have somewhere to hide it.

Social sites such as Facebook are free for a reason. Since you are not paying for use, you the user, are the cash cow. This has been demonstrated time and again. Facebook tried in the past to put over a spy program called Beacon. You can search the term and find out all about it and the stink it raised. Beacon followed you where you went on the net, determined what you bought, and made recommendations to your friends based on that…it’s called advertising. In just such a manner, a young lady found out her boyfriend had purchased a ring for her, right after he had done so, and knew ahead of time what was going to happen. So much for privacy eh? Beacon was killed because the members of the site raised so much cain over being spied upon in that manner. Naturally Facebook was getting paid to release this info so they did not do so willingly.

This issue with the Like button did not start up in the US. It first surfaced in Germany where privacy laws are stronger. Facebook, under German court order is required to remove data links for datamining purposes to it’s Like button on other websites.

Ireland followed with their own investigation of Facebook and the Like button. It two required Facebook to remove the datamining from the button that allowed Facebook to follow it’s members offsite.

This is why Facebook now says it has fixed the problem. Facebook doesn’t want to give up this spying because they have contracts with third party putting money in their pocket. Cancelling contracts means at the least giving back the money or at the worst paying for breaking the contract.

I personally will never use Facebook or other similar social sites. I resent the intrusion into my privacy. I am not fool enough to think that I can escape all privacy violations but I am sure of one thing. No one will protect your privacy for you if you are not concerned enough to do so yourself.