Wi-Fi Hotspots Vulnerable to Computer Hackers

May 30th, 2008

ImageThe FBI recently issued an alert warning that wireless Internet networks, often called Wi-Fi hotspots, are more vulnerable to hackers than most users probably realize.

Often the security of the free public networks is low and this setting make it very easy for a hacker working from anywhere around the world to use computer codes to peek into your computer and steal sensitive information.

Here are some tips from the FBI and the Florida Department of Law Enforcement on how to keep your personal computer data safe:

  • Make sure your laptop security is up to date. That includes firewall, anti-virus and anti-spyware software. Spyware is a kind of program that can collect information from your computer without your knowledge. It’s sometimes used by companies that want to collect marketing information about people who log on to their Web site, but spyware has also been used by hackers who want to mine information from someone’s computer.
  • When using a public Wi-Fi service, avoid logging into financial accounts of any kind because hackers might be able to monitor your computer from another location to see what you are typing and steal your login information. For the same reason, you also want to avoid logging into e-mail accounts and instant messaging services.
  • When logging on to a site, glance at the address bar to check that you’re at an authentic Web page. Hackers set up fake Web pages that look like the real thing to trick people into typing in their log-in information. But you can tell which are the fake pages by glancing at the address bar. If the address is different from what you originally typed, don’t enter your personal information. Close your browser and leave the Wi-Fi network.
  • Don’t use the same password for all your online accounts. That way if hackers steal a password, they won’t be able to use it at more than one Web site.
  • Make sure your computer does not automatically log on to wireless networks. You can do this by adjusting the Internet security settings on your computer. As an added precaution, turn the computer off when you’re not around to ensure that it’s not picking up a wireless network signal.

source: bostonherald.com/business/technology/general/view.bg?articleid=1096994

Protect Your Online Privacy - Useful Tips

May 22nd, 2008

Tips and guides to protect your online privacy when you are surfing the net - When you venture online, the markers of your identity shrink greatly, and you are known only by your digital, electronic signatures. Any one who can mimic these can claim to be you, and wreak havoc on your financial affairs. That is why it is becoming more and more necessary to be able to protect your privacy on the internet and on your computer.

The average Joe Sixpack who uses a computer knows very little about its internal workings. Neither does he need to know anything about that, because everything is taken care of by the underlying Operating System, while he is left with click-click-clicking on the pretty icons in front of his face.

While this type of computing has made information technology available for the masses, it has also made them greatly vulnerable as regards their need for privacy. Often they have no clue that their personal data is being used by unauthorized persons for financial or other kinds of benefit, to their detriment.

How do you prevent unauthorized use of private data? There are a number of procedures that experts recommend. You cannot totally control whether your data will be stolen or not, but following these shall at least minimize the risks.

Primarily, you should use passwords to lock down all aspects of your computer and your online presence. You need to be specially careful about your social security number and your credit card number. Your telephone accounts can also some time be under threat, so it is best not to ignore those either.

Read the rest of this entry »

PayPal Plans to Ban Unsafe Web Browsers

May 19th, 2008

ImagePayPal announced plans to ban older and unsafe Web browsers in an effort to provide anti-phishing protection with the use of EV SSL certificates.

PayPal, the world’s largest online payment service, announced on Thursday that it is working on a plan to block users from making transactions from unsafe Web browsers.

PayPal released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don’t support EV SSL certificates.

PayPal’s chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn’t have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.

Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft’s Internet Explorer and Apple Safari which offers no anti-phishing protection and doesn’t support the use of EV SSL certificates.

Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.

Another recommendation outlined in the PayPal white paper is the “creative use of new email signing standards and cooperation with major ISPs to block unsigned email” that looks to be from PayPal, but isn’t, before it even reaches the customers.

Barrett says that if phishmail never makes it into a customer’s inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.

source: www.halflifesource.com/paypal_targets_phishing_epidemic/article2390.htm

Spyware Blocker - How to Combat Spyware

May 18th, 2008

One thing is certain. You have to fight spyware, there is no alternative. You cannot leave the issue aside, you cannot say that, “let it stay the way it is.” I mean, you can always say that if you like, but the risk might be a bit too high. You live the issue as a side one, you do not think about it at all, it’s a lot of trouble, you think, and all of a sudden you realize that the actual trouble is beginning now. Maybe somebody from Bangladesh has your bank pin number. And maybe they want to use it for siphoning some money out of your savings account.

You never know, and how will you? Did the people at Troy discover the Trojan Horse as what it was? They revelled in short lived pleasure and later paid dearly for their foolishness. You might have to pay dearly too, mind you that, in the literal sense of the word.
Know first what a spyware is. That, of course, should be the very first step to combating it. To fight anything, you have to have knowledge over it, you cannot box the shadow warrior! Or can you?

Read the rest of this entry »

MySpace Sexual Assault Lawsuit Dismissed

May 17th, 2008

ImageA federal appeals court has ruled that MySpace.com is immune from a lawsuit over the alleged sexual assault of a teenage girl by a man she met on the social networking Web site.

The Texas girl’s family had sued MySpace and its parent company, News Corp., claiming that MySpace didn’t protect young users from sexual predators.

Girl’s family claim MySpace didn’t protect young users from sexual predators. The girl was 14 when a 19-year-old man she met on MySpace allegedly sexually assaulted her in a Travis County parking lot in May 2006.

Court notes girl circumvented Web site’s safety features by lying about her age. The girl was 13 but misrepresented herself as 18 years old when she created a MySpace profile in 2005.

MySpace applauded court’s ruling, saying it takes safety of users very seriously.

Cyberstalking - How to Stay out of Danger

May 16th, 2008

Cyberstalking has recently made its place among the most notorious and destructive crimes that involve the use of the internet. And not unlike real life stalking, it is also perhaps the most terrifying.
Cyberstalking occurs when a person is able to gain personal information about you through the internet and online sources, and then uses that knowledge to harass and intimidate you. You wouldn’t believe how much information bout you may be freely available on then net; just do a search on your name at any competent search engine, and you’ll be surprised. And experienced cyberstalkers have advanced electronic methods at their disposal that will reveal even more.
Your cyberstalker’s geographical location is arbitrary. The internet is a medium that makes nothing of a million miles. You never know who is stalking you. In real life cases of stalking, you are sure that it must be someone who lives near you, very probably in the same city or maybe even on the same street. In case of cyberstalking, your enemy might as well live at the opposite end of the earth – you’d never know, and neither would it really matter. He or she can continue to haunt you from wherever they are.

Many cyberstalkers are adept enough that they do not even have to do the harassment themselves. They can easily make other people do their job for them unknowingly. For instance, they could make a false and disparaging comment about you on a public forum, and provide your business e-mail address. This will normally result in a huge flood of hate mail that will simply drown out normal, useful mail, and maybe make it necessary for you change your address, breaking important correspondence for weeks.

Read the rest of this entry »

MySpace Wins $230 Million from Spam King Sanford Wallace

May 15th, 2008

myspaceSpam king Sanford Wallace and phishing buddy Walter Rines hijacked some 300,000 MySpace accounts and sent hundreds of thousands of spam messages and comments across the service. They got their punishment: a whopping $225 million judgment in favor of MySpace, Information Week reports.

MySpace decided to sue when it discovered the duo had lured MySpace users into revealing their login information through phishing sites. After obtaining user IDs and passwords, the pair distributed messages to the users’ friends list with links to various Web sites involving gambling, pornography and ringtones. According to court documents, Wallace and Rines distributed 735,925 messages during the scam and earned over $500,000 in the process.

A blog purporting to be from Sanford Wallace (The site registration address matches the address on the court docuuments.) Says:

I am amazed whenever I read an article written about the latest crimes I’ve committed and the latest court orders I’ve broken.

I don’t even learn about most of these claims until I read about them somewhere on the Internet. I live a low profile life. In the meantime, the world around me apparently still blames me for every spam and phish page on the Internet.

Please, move on to the real spammers.

..I am still waiting to be served. And I haven’t been hiding either. The whole case was one big PR move..

source:

www.crn.com/security/207800154

government.zdnet.com/?p=3813

blogs.pcworld.com/staffblog/archives/006956.html

http://en.wikipedia.org/wiki/Sanford_Wallace

Worms Spread Via MSN Messenger - W32/MSNworm.EI.worm

May 15th, 2008

W32/MSNworm.EI.worm, which spreads via the MSN Messenger and displays a funny picture of a little pig sending you a kiss while it is infecting your computer.

MSNworm.EI is a worm whose main objective is to spread and affect as many computers as possible. The means it uses to spread is the instant messaging program MSN Messenger.

Additionally, it downloads the backdoor detected as IRCBot.BWB to the affected computer. The variants belonging to the IRCBot family are designed to connect to several IRC servers and receive remote control commands.

MSNworm.EI is easy to recognize, as it reaches the computer via the instant messaging program MSN Messenger, in an instant message which contains a file.

When the file is run, the following image is displayed:

Image

source: www.pandasecurity.com | pandalabs.pandasecurity.com

Instant Messaging IM Worms - Get the Facts

May 14th, 2008

You’ve taken this course in internet safety and learnt all that there is to learn about how to avoid viruses and worms. You have installed advanced virus scanners, so nothing can pass through your email program and infect your Operating System, nor be downloaded from the internet or from a removable medium. You have installed the latest and the greatest in firewalls, so no worm can take advantage of open ports on your system. You are careful not to download, execute or use programs from any source other than well known, trusted groups or companies, like the vendor of your Operating System, or maybe the Free Software Foundation. All in all, you have got your system locked down very tightly, and fully expect to remain free of malware for the rest of your days.

Read the rest of this entry »

US Tax Rebates Phishing Scam

May 14th, 2008

The scams rely on a technique known as social engineering to trick computer users into divulging personal information that the cybercriminals or their customers can use to bilk unwary taxpayers.

The new phishing scams use spam e-mails to gull prospective refund recipients into providing their bank account information and other personally identifiable data via a fraudulent form that is attached to the original message by a hyperlink.

“To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check,” the bureau said in a warning.

The bureau urged people to use caution when dealing with e-mail from unknown senders, repeating the frequently heard warning that such electronic messages often include malware. The FBI notice also included examples of the types of deceptive wording the phishing e-mails have used.

The latest FBI warning about the online flood of fraudulent tax refund e-mails comes on the heels of a rising tide of IRS-related online fraud, as reported by GCN. The recent notice follows earlier warnings on the same topic by MX Logic, which predicted the fraud tactic earlier this year.

The bureau’s fraud notice also echoes IRS’ own anti-phishing warnings and actions against IRS spoof sites. The IRS recently stated that the number of bogus IRS sites has increased twelvefold this year over last year.

source:

FBI Warns of Phishing Scam Related to Economic Stimulus Checks

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

www.gcn.com/online/vol1_no1/46255-1.html