Phishing is a huge threat, and has been in the past as well. Security professionals are worried that Presidential candidates in the 2008 may have problems with these attacks, and they could potentially disrupt their campaigns. Canidates websites are a very big target for these crimes to be deployed against. They can also make websites that seem to be legit campaign websites, and ask for contributions, getting donations to the campaign and credit card numbers of those who contribute. They also fear that they could use these methods to pose as one candidates website get donations that are suppossed to be for that canidate and give it to the opposing canidate they are in favor of. They can do this by making a site that it one letter off, from the real site domain name such as hilaryclin.com apposed to hilaryclint.com, and use typos to reek their havoc. Or they can use domains that appear to be an extent from the orginal such as hilaryclin.donate.com. These seem to be an extention of the real site, but are in fact a phishers' websites. The 2008 candidates were warned about the risk that they may be targets but few have acted on these warnings. They need to know how much this can have an impact on their campaign and how they can fix it.
Wednesday, October 10, 2007
Tuesday, October 2, 2007
Encryption faulted in TJX Hacking
For the past eight months, the Canadian government has been investigating an incident of millions of credit card numbers being stolen from two Marshalls department stores in Miami. The company that owns Marshalls, TJX Companies, is in trouble for several reasons. One reason is for the companys lack of upgrading encrypted software, which made this hack relatively easy. Another reason is because the company had gathered too much personal information, and had kept it for too long. Some of the banks that the credit cards are used through have been notified of the hack and will be looking for fraudulent charges.
Survey: Consumers Only Think They're Cyber Safe
In a survey taken by the National Cyber Security Alliance , many people said they think that there computer is safe against threats such as viruses or spyware, but truth is over half surveyed only thought that they were secure. 90% of the people surveyed store sensative information and do their banking, etc, online, which makes them even more vulnerable to falling in the wrong hands. The NSCA is a group of companies and government officials that educate people about computer security. In reality they were lacking an antivirus, antispware, or firewall. What does this mean? More than likely you aren't as safe as you think you are. There's a good chance that your computer doesn't have the proper defenses in place or they aren't being updated properly. This month is National Cyber Security Awareness Month. The NCSA is urging people to take time and learn what you can do to protect your pc. Greg Garcia, assistant secretary for cybersecurity and communications at the U.S. Department of Homeland Security, says that we must both have security in the enterprises as well as on our personal machines. I advise all of you to learn as much as you can so, you can truely protect your systems.
Saturday, September 29, 2007
"Death and Taxes"
After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $268.32.
Please submit the tax refund request and allow us 3-6 days in order to
process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.
Regards,
Internal Revenue Service
© Copyright 2007, Internal Revenue Service U.S.A. All rights reserved.
Turns out, when you click on that link. It takes you to a Russian site. Last time i checked the IRS didn't have a Russian Branch.
Click here for the article.
Wednesday, September 26, 2007
Mortgage data leaked over file network
A disgruntled employee strikes again... A former employee of ABN Amro
Mortgage Group put up a spreadsheet with more than 5,000 Social
Security Numbers on the file sharing network 'BearShare'. A Pittsburgh
based company called Tiversa Inc., discovered that the path came from
an ABN Florida computer that had ShareBear installed on it. It was
then discovered to be traced from the employees home computer. It is
now believed that identity theives have these SSN numbers and plan to
use them in their favor. ABN says that it plans to further investigate
the issue.
Thursday, September 20, 2007
Do not be a Victim of Social Engineering
In the past few months, not only was Monster.com attacked but also was Ameritrade. In both situations most of the information that was reported stolen by these companies were names and email addresses, not extremely confidential information but, a starting place for scammers out there that would love to steal your identity. In the case of Ameritrade, they found out their database has been breached by a few of their customers because they had received junk mail they felt was unusual to be receiving and reported it to the company. Once Ameritrade investigated it, they determined there was a breach in to their database exposing information about 6.3 million clients.
It is very important now for customers to be aware of the type of emails they get from Ameritrade and do not give out any additional information about themselves in these emails. In most cases, the cyber thieves will be trying to send phishing emails that look very real and will be trying to get the recipients of these emails to provide personal information to be used to try to steal their identity for the thieves’ individual use or to sell to others and make money. Ameritrade should be advising their clients never to give out personal information via emails but if they have not advised their clientele of these standards the client themselves needs to be very careful and call Ameritrade directly if they feel something is not right. Social engineering is very difficult to stop and anybody is capable of social engineer because it does not require technical knowledge so as the consumer you must be aware and careful to protect yourself against a social engineering attack.
Wednesday, September 19, 2007
New Zero-Day Hole in Windows XP
Brand new “zero-day” vulnerability has been discovered in XP. It hasn't been made official yet but a hole was discovered by Jonathan Sarba of GoodFellas Security Research Team. The hole is vulnerable to a buffer overflow attack that exploits an HP All-in-One Series Web Release software/driver installer (version 2.1.0) and an HP Photo & Imaging Gallery (version 1.1) program. The flaw is considered fairly critical because, when exploited, it could lead to a complete compromise of a PC. Microsoft was made aware of the hole back in June but is still investigating it further, so no patch or workaround has been released as of yet. If you are running either of these pieces of software on your PC or on your network, please be aware of any unusual activity and maybe stay away from using those versions of the HP drivers and programs.
For more information, check out the original article by clicking this hyper link http://blogs.pcworld.com/staffblog/archives/005477.html
Online crooks getting more professional
Computer criminals are making money be selling pre-made software to
other computer criminals. Symantic Corp. has reported that middlemen
are buying malicious software and spam in order to distribute it to
consumers in hopes, in some cases, to steal identities, and important
information. There programmers are getting contracts with the
middlemen in order to frequently distribute the software as soon as a
new program is created. On a lighter note, Symantic says that because
of the contracts, it may be easier to track the path from the
distributer,and perhaps even the creators of the software.
Friday, September 14, 2007
“There is a place in New Zealand called…”
Taumatawhakatangihangakoauauotamateaturipukakapikimaungahoronukupokaiwhenuakitanatahu. It’s also true that on September 10th the New Zealand government’s computer systems was breached.
From the article: “New Zealand Prime Minister Helen Clark confirmed Tuesday that foreign spies had tried to hack into government computers but said they had not found out any state secrets. The Dominion Post newspaper quoted Tucker saying government departments' websites had been attacked, information stolen and hard-to-detect software had been installed which could be used to take control of computer systems. There was evidence foreign governments were responsible for the attacks, he said, but did not name the countries concerned, although he did refer to comments by Canada's security service about Chinese spying activities. Reports have also alleged China hacked into government computer systems in the US, Germany and Britain.”
Pretty crazy, eh? I know when most people think about hacking they think about corporations getting attacked or maybe you hacking your buddy’s machine. But can you imagine government verses government attacks? Holy Government Espionage, Batman!
You’ll find the full article here.
Thursday, September 13, 2007
Pentagon email System Breached
Last week, the Pentagon released information stating that an unclassified email system had been hacked. The system was immediately taken off line, and did not fully come back for three weeks. There was a lot of speculation that the Chinese government, as well as the Chinese People's Liberation Army were responsible for the attack, though there is no evidence. A Beijing spokeswoman said that it is all speculation, and the Pentagon has not said anything one way or another. Though the information was not released until last week, the invasion happened last spring. It was also noted that there was no threat to the classified system. There was also a security hack with with information pertaining to the German government, who also claimed that China was responsible. China denied this claim as well. The Pentagon has attempted hacks everyday with many failures to get in. There was no information on how the hacker had gotten as far as they did.
