Saturday, July 31, 2010

Hacking smartphones

In this article on NetworkWorld, the author speaks about the ever growing field of smartphone hacking. The 'Android' is specifically mentioned, but I would assume all smartphones are open to attack. The latest developments were brought to light at this year's DEFCON conference, and mentions how a bad guy can own your phone and basically send all info stored on it anywhere they want.

The fix?

As usual, just be careful what you download. Is it a free wallpaper app, or a free ringtone? Chances are, if it's free, it's gonna cost you in the long run.

Monday, July 26, 2010

Facebook launches security page

According to this article, Facebook has launced a new safety page.The article states that this page is dedicated to staying safe on the Internet, and asks if it "is enough?" Of course it's not enough, but it's a good addition to practicing safe 'Interwebbing.' The Facebook page has links to organizations that can help parents keep their children (and themselves) a little safer online, such as Childnet International, the National PTA, and Wired Safety.

Thursday, July 22, 2010

Home routers hackable

In this article a security researcher has been working on hacking home routers, and says millions are succeptible. The researcher will be speaking at the upcoming Black Hat conference. I'll be interested in the details. However, I'm assuming this is only possible if the router is externally accessible, but as I'm a customer of Verizon (specifically mentioned in the article) I'll be interested to see the details.

Monday, July 19, 2010

Secure Passwords

In this article, the author discusses techniques to create more secure passwords. For those of us who have had a Gmail or Facebook account hacked (myself included), it may be time to think about a way of creating more secure passwords. There are even tools available, such as Keepass to store all of your passwords. This way we don't feel the need to use the same password for multiple sites.

The author states that one of the major issues with user passwords is their simplicity. While I agree that this is a major problem, I think the largest problem is that of using the same password for multiple sites. Think of what would happen if you used the same password for gmail, ebay, facebook, and your banking site. If your gmail account is hacked, the bad guy can surf through your email, find out what bank you're a mamber of, (you get email notifications from your bank, right?) and it's all downhill from there.

Saturday, July 10, 2010

A Q&A discussion on "secure Browser connection" warnings

Check out this article for s simple explanation on what it means when you get the "There is a problem with this site's security certificate" browser warning.

It's usually just a matter of a site not having "www" in the certificate title, but it could also be a phishing or man-in-the-middle attack. As always, just be wary of who/which companies you trust online.

Friday, July 9, 2010

Yet another phishing technique

In this article the FBI is warning users that bad guys are cracking email (web-based) usernames and passwords and spamming the user's contact list with a sob story about being stuck in a foreign country with no money. This is similar to an attack on an Iowa Senator's email account earlier this week.

I'm sure it goes without saying for most of us that if you get an unsolicited email from anyone requesting money, it's most likely a phishing scheme. But these scammers are obviously on to something because it seems to keep working for them. Otherwise, they would have quit long ago. Warn your friends, warn your parents, who may not be Intarwebs savvy. Do not, under any circumstances, send money to anyone, without knowing who you are sending it to.

Wednesday, July 7, 2010

Tired of having to remove spam from your Facebook page?

According to this NY Times article, a well-known web-filtering company, Websense is offering a beta-version of a program to help track and quarrantine spam, scams, phishing, and 'questionable' content from your Facebook account. While it is still in Beta, it is free for all to use. Once the beta release is retired, it will be a pay service, but only if you're a corporation or a celeb. I'll defeintely be giving this program a try.

Based on the article, all you have to do is go to Defensio's web site while logged into your Facebook account, click on sign up, then click the big Facebook icon (or you can just do a search for Defensio on Facebook, then click on go to application).

This will take you to Defensio's Facebook page, where you'll enter your email address, then you can configure your settings. I highly recommend this to all you parents out there who's kids are on Facebook. You can block things from simple profanity to porn. Keep Facebook safe for your kids.

Tuesday, July 6, 2010

What the hell is Tabnapping?

It's one of the newer techniques employed by phishers. According to this article, a phisher can modify an open tab in your browser that is currently inactive. It works like this:

1. You log on to hotmail, gmail, or facebook, as receive what you believe to be a legitimate message with a link in it.

2. You rejoice at the fact that you can now open this link in a new tab, without having to spawn a new browser window, so you right-click (or something else for you Mac users), and select "Open in new tab."

3. The web page reads a settings telling it which site you came from; e.g. Hotmail, gmail, etc...

4. While you are browsing this web page, unaware of the fact that there is some malicious javascript on this webpage, the javascript reads the setting of which site you came from and changes the contents of your original tab, back to what looks like the login page for that site (but is actually something like http://amazon.evil.com).

5. You finish browsing, and close out your new tab, and return to what looks like your login page, and think "Oh, my session must have just timed out."

6. You log in, and kiss your account username and password goodbye.

Man those bad guys are sneaky...

Monday, July 5, 2010

US leads in Cyber Attack Traffic

Softpedia Cyber Attack study

U...S...A... U...S...A...

I call BS! This study is based solely on originating IP. While it may be true that US PCs are the majority of the hardware behind the attack,it does not take into account the number of zombies or bots. So sure, according to this article, US PCs may be responsible for the majority of attacks, but that does not mean US citizens are responsible for the majority of attacks.Of course we also have almost 6 TIMES the number of IPs as any other country. This is just like saying Windows is less secure than Mac just because the majority of attacks are against Windows machines. Correlation does not always equal causation.

We are also responsible, according to some, for the majority of spam. However, according to a different site we aren't even on the Top 10 list of spammers.

I swear IT studies are turning into something akin to ranking the Top 10 rock bands of all time -- Less objective, more subjective. The facts are, PCs in all countries are responsible for vast numbers of Cyber-attacks, as well as spam, but the US is always an easy target seeing as we (Al Gore) spawned the Internet Revolution.

U...S...A... U...S...A

Sunday, July 4, 2010

Bank of Glen Burnie Phishing scheme

Local story from Maryland

For those of you who don't know what a phishing scheme is, check the definition here:

What is phishing

Beware of emails with embedded links. They're usually bad news -- Especially if they ask for personal information.

Bank of Glen Burnie phishing scheme

iTunues Accounts being hacked

Do you use iTunes? Might want to check your account. It seems some folks have had their accounts hacked -- mostly people that have debit card information saved in the iTunes app itself.

iTunes accounts hacked.

Saturday, July 3, 2010

Watch out you Farmville freaks

Luckily I found the setting to disable getting Farmville updates, and generally I think the people who play Farmville non-stop are crazy. However, no one deservers to be hacked simply for having an addiction. So all of you Farmville crazies, be careful which gifts you accept.

Farmville scam