November 8, 2008

Happy Birthday…I’ve stolen $2500 from your account

October 27th, 2008

Posted by John Carroll

Identity theft is a fast-growing problem, and I’ve taken it seriously for quite awhile. I pay to have people monitor my credit to ensure someone doesn’t open accounts in my name, and I try to use temporary credit card numbers when I make online purchases. I shred personally identifiable information that I receive by mail, the better to deter “dumpster divers” who might use it. I’m also a stickler for using complex passwords on any site that provides access to financial information.

There are many, many ways, however, to have your identity stolen, and though from hindsight this should have seemed an obvious possibility, it wasn’t something that I had taken sufficient care to avoid.

As the title of this post implies, someone managed to fraudulently withdraw $2500 from my bank account using an ATM card that was a clone of the one my wife and I have in our wallets (I’m not sure whose card was the original source of the information). This was discovered the night before my birthday, and though I am sure to get all the money back (banks do insure for these kinds of things), it did mean that I spent all day Friday running around faxing, mailing, and filing police reports, which cialis 2.5mg wasn’t exactly the way I intended to spend the day.

According to a detective at the West Hollywood Sherrif’s department, a group of individuals had apparently installed a device inside a gas station pump in the area. This device had access to all information entered through the payment point. This includes full details of information stored on the magnetic strip on the back of cards (why, oh why, aren’t smartcards as common here as they are in Europe), as well as anything entered via the keypad, such as a PIN number or a zip code. The device included a wireless transmitter that broadcast 300-400 feet, allowing someone seated in a car located nearby to capture all the information generated at the pump. At the end of a hard day’s work, the thief would use this information to print the data onto card “blanks.” Given that my information was for an ATM card, they used it to visit bank machines far from my area of town.

I was somewhat surprised, however, that my bank’s fraud detection routines did not flag these transactions. The individual (or individuals) who made the withdrawals took out nearly the maximum amount that was allowed in a give day, and did so repeatedly over the course of three days. Perhaps the first transaction would have been overlooked, but the second and third (followed by a fourth and a fifth a few days later)?

What brought the problem to my attention was the fact that my ATM card was not working, though oddly enough, not because of the fraudulent use of my account.  Rather, the block was placed due to a “suspicious” transaction that sent some money overseas, and which was made by my wife. Foreign transactions, apparently, trigger a lockdown in ways that three straight days of withdrawals from my account (each of which was close to the daily limit) did not. I sure hope I never lose my ATM card in Las Vegas.

Anyway, I really should have been checking my bank account more frequently, and from now on, I’ll be a lot more careful about where I use an ATM or credit card. In fact, I used to be a lot more particular about that in the past. What changed, I think, was gas prices. Before, it never took more than $20 to fill my car.  More recently, the cost was often more than I had in my wallet as cash.

I should, in other words, make it a point to have more cash on hand, though it does occur to me that that has its own security issues. People can spike ATM machines with card detection devices as well. ATM machines, however, tend to be a bit more secure because they contain large quantities of cash. Barring an epidemic of electronically-altered ATM machines, I’m unlikely to go truly old school and wait in line to withdrawal my money from a human teller.

It is odd, however, to think that modern technology is creating its own hindrance to a cashless society. I certainly carry less cash on hand these days than was the case before, as digital payment alternatives have spread their reach over the years. Such payment mechanisms’ popularity, however, rests squarely on our ability to trust in their security. Credit cards and bank ATMs may be willing to reimburse us for fraudulent charges in order to encourage us to use them, but it is still wise to reduce our dependence on them. Perhaps this will motivate more bulletproof security mechanisms, provided security problems prove a sufficient inconvience to trump the convenience of easy digital payments.

By the way, I’ll be at the Microsoft PDC in Los Angeles this week, thus continuing a trend wherein I opportunistically attend conferences as a member of the press when they come to my home town. I’ll be sure to write about anything I discover there (though keep an eye on Mary Jo Foley’s and Ed Bott’s blog, too, as they are both rumored to be in attendance).

Permalink • Print • Comment

November 6, 2008

Zombie PCs: ‘Time to infection is less than five minutes’

October 21st, 2008

Posted by Andrew Nusca

A fascinating — and horrifying — new article in The New York Times offers the lowdown on “zombie computers,” the half-a-million-or-so machines that are converted, assembled into systems called “botnets” and forced to do a shadowy figure’s bidding, namely in the form of automated programs that send the majority of e-mail spam, illegally seek financial information and install malicious software cheap generic cialis on still more PCs.

Lock up your Windows and children!

In what sounds like the plot of 28 Days Later — computer “rage,” anyone? –  the Times reports that botnets are alive and strong, according to shadowserver.org, a site that tracks such things:

“The mean time to infection is less than five minutes,” said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators. The team is tackling a menace that in the last five years has grown from a computer hacker pastime to a dark business that is threatening the commercial viability of the Internet.

Great Scot! The simple reality of these bots is terrifying to the security-minded: Any computer connected to the Internet can be vulnerable. Botnet attacks can come with their own antivirus software, permitting the programs to take over a computer and then effectively remove other malware competitors.

According to the article, Microsoft investigators “were amazed recently to find a botnet that turned on the Microsoft Windows Update feature after taking over a computer, to defend its host from an invasion of competing infections.”

Good lord. What’s more, botnets have evolved quickly to make detection more difficult, recently using “fast-flux,” a technique that generates a rapidly changing set of Internet addresses to make the botnet more difficult to locate and disrupt.

Yikes. So what’s a user to do?

First, take Microsoft’s Malicious Software Removal Tool out for a ride. Then make sure your firewall is up and you’re up to date with all security patches.

Then pray. Because these zombies are hard to find, much less kill. Just last week, Secunia, a computer security firm,  tested a dozen leading PC security suites and found that the best one detected only 64 out of 300 software vulnerabilities.

Permalink • Print • Comment

Bill O’Reilly’s web site hacked, attackers release personal details of users

September 24th, 2008

Posted by Dancho Danchev

Fox NewsIn what is slowly turning into a endless loop of hacktivism activities, Bill O’Reilly’s BillOreilly.com has been compromised during the weekend, with personal details including passwords in plain text for 205 of the site’s members already leaking across Internet forums, as a response to his remarks regarding Wikileaks as a “one of those despicable, slimy, scummy websites” which recently published private information of Sarah Palin’s private email.

On Friday, Wikileaks issued the following press release :

“Fox News demagogue, Bill O’Reilly, has been hacked and the details passed to Wikileaks. Wikileaks has been informed the hack was a response to the pundit’s scurrilous attacks over the Sarah Palin’s email story–including on Wikileaks and other members of the press, Hacktivists, thumbing their noses at the pundit, took control of O’Reilly’s main site, BillOReilly.com. According to our source, the security protecting O’Reilly’s site and subscribers was “non-existent”.

The following image, submitted to Wikileaks and confirmed by Wikileaks staff, offers proof of the hack. The image, clearly obtained from BillOreilly.com’s administrative interface, shows a detailed list — including passwords — of BillOreilly.com subscribers. Although Wikileaks has only released one page, it must be assumed that Bill O’Reilly’s entire subscriber list is, as of now, in the public domain.”

How did they do it “this time”?

 

According to the article at Wikileaks, the hacktivists seem to have been brute forcing the URL for the administration panel, and once successfully finding it, access the unencrypted data :

“According to Marston, the hackers were able to access the list by trying a large number of variations of the website’s administrative URL. He said all affected members have received an email and a phone call informing them of the breach and urging them to change their password. The site has since been completely locked down, Marston said.”

Moreover, it’s also worth pointing out that the passwords were stored unencrypted, evidence of the practice can also be seen within the screenshots of the admin panel. As far as the website’s administrative URL is concerned, it has since been changed once it leaked online (w3.billoreilly.com/pg/jsp/admin/managecustomers/newpremiummembers.jsp), which isn’t excluding the opportunity for abuse of the subscribers email addresses in spear phishing attacks, “for starters” since some of the users have already admitted of using the same password at different web sites, including PayPal.

The impact of the breach, and the measures taken to notify the victims according to the site :

“The BillOReilly.com site experienced a minor hacking incident on Friday, September 19th, 2008.

** ALL CREDIT CARD INFORMATION FOR EVERY MEMBER IS SAFE
** NO MEMBERS WHO JOINED BEFORE WEDNESDAY, SEPTEMBER 14th, 2008 WERE AFFECTED AT ALL.
** 205 new Premium Members who signed up last week had their name, hometown, email address, & BillOReilly.com password stolen.
** We have contacted those 205 members by email and telephone.
** We are working with the proper authorities to track down the perpetrators. “

Another personal message issued by Bill O’Reilly regarding the process of tracking down the “perpetrators” was posted on Sunday :

“The FBI and Secret Service are close to indicting some of the perpetrators and we will keep you posted when the arrests are made. All premium members receive the full backing of our legal team and if anyone is hassled in the least, please inform us immediately. In the latest case, no proprietary information was obtained by hackers and we have safeguards in place to protect everyone who does business with us.

Rest assured that we are on this. Our defense of Sarah Palin has led some criminals to attempt to disrupt our enterprise. At this moment federal authorites and our attorneys are compling information against these people. Again, if any person is bothered in any way – please let us know. We stand behind our products but, most importantly, we stand behind you. We’ll get the bad guys. Count on it.

Bill O’Reilly
9/21/08″

Who’s claimed responsibility? 4chan members planning at Ebaumsworld using “secret words” :

“According to my source this is a common tactic among the secret hacking group hidden amongst the users of ebaumsworld. he states “yeah we will start planning on 4chan so ebaums doesnt get in trouble…we use secret words and stuff to let the others know who we are” when i asked why he was telling me all this he said “man this has just gone too far.. at first it was a joke then we found out that the same usernames and passwords worked for those peoples paypal accounts and im afraid of what they will buying cialis without prescription do.”

It appears that the “forum fraction” is also planning a DDoS attack against BillOreilly.com according to this interview, which wouldn’t be the first time the site has been under DDoS attack, and definitely not the last. From an analyst’s perspective, nation2nation hacktivism conflicts always provide the best and most accurate understanding of a particular’s country’s capabilities into this space, compared to hacktivism actions basically sticking to the standard practices as DDoS attacks, which just like any tip of the iceberg receive most of the attention due to the ease of measuring their impact next to the rest of the hacktivism tactics used.

The bottom line – good time to point out why you shouldn’t use the same password on different web services, and that the big picture having to do with Wikileak’s vision of a little less secrecy, and a little bit more transparency, ultimately better serves the world and gives power to the people whose collective consciousness, if not brainwashed, is supposed to be shaping the way we live.

Permalink • Print • Comment

October 10, 2008

Pharming

No, I didn't spell it wrong! Pharming (with a "ph") is actually a term used in the computer world. I know you've heard of phishing before, because we've talked about it in the newsletter and well, pharming sort of goes along with that. It's just another example of how hackers try to manipulate computer users via the Internet. Keep reading for a more detailed definition!

Basically, pharming is the act of redirecting users to fake Web sites, without them ever knowing it happened. When you want to visit a Web site, you type its domain name into your Web browser and that is then translated into an IP address by the means of a DNS server. After all of that goes through, the information is then stored in your computer's DNS cache. Hackers then use that to redirect you to a false site, one determined by the hacker.

Pharming can also occur as an e-mail virus that can destroy a user's DNS cache. Other pharmers can ruin whole DNS servers as well. Luckily, most DNS servers have good security features, where to buy generic propecia but it still doesn't make them immune. So, if you're on a Web site that looks strange, you may be caught in a pharming incident. If that happens, restart your computer to reset your DNS settings, run your antivirus scan and then try going to the same site again. If it still looks odd, contact your ISP and tell them what's been going on. No, pharming is not as commonly known as phishing scams, but it can still be very dangerous. So, always be on the lookout and keep yourself safe!

Permalink • Print • Comment

October 5, 2008

Don’t fall for bogus antivirus downloads

Scott Dunn By Scott Dunn

A new virus strain pretends to remove malware but actually does just the opposite: it infects your system.

Fortunately, you can use a few simple steps to tell the difference between these rogue antivirus programs and legitimate security software.

Antivirus apps may be malware in disguise

A dangerous new virus is making the rounds in the guise of a legitimate antivirus program. Going by such names as "Antivirus XP 2008" and "XP Antivirus 2009," this malware, as described in a recent Computer Associates advisory, succeeds by looking like a legitimate Windows program.

The Internet security blog Donna's SecurityFlash reports that rogue antivirus programs such as these are being promoted through spam messages that link to an automatic download of a virus installer.

With such aggressive methods afoot to fool security-minded users, how do you know when an antivirus product is legitimate? Use the following guidelines to ensure that the security products you download are legitimate.

Choose your security vendor deliberately

Be careful how you select a security vendor. Just because you see an ad for a vendor or product on a highly reputable site doesn't mean the advertiser is reliable.

Conversely, an ad for a reputable product or service on an unfamiliar site doesn't mean that you can trust the site. Advertisements are often distributed by third parties beyond the editorial control of the hosting site. That's why real propecia you may find ads for untrustworthy products on legitimate sites, and ads for legit products on bogus sites.

Services such as the free McAfee Site Advisor and the Web of Trust add-on for the Firefox browser evaluate beforehand the safety of the site you're about to visit. (Windows Secrets contributing editor Becky Waring reviewed Web of Trust in her July 17 column.)

Because the ratings generated by these tools may be based on out-of-date reports, they aren't perfect. But they serve as a useful line of defense.

Another way to evaluate sites before you visit them is with the free LinkScanner Lite application. Rather than rely on second-hand reports, LinkScanner analyzes the code of a given site to check for stealth downloads and other malicious behavior.

The free version of the program requires that you right-click a link manually to get a risk analysis before you surf to the site. If you want your Google and Yahoo search results to be scanned automatically (in addition to other added features), buy LinkScanner Pro for $20.

Published reviews praise LinkScanner for detecting hacked sites, although the program fares less well when rated for detecting phishing sites. CNET's review gave LinkScanner an overall rating of 7.5 out of 10. PC Magazine's evaluation was similar, awarding the program 3.5 out of 5 stars.

Finally, never visit a shopping site by clicking a link in a spam message. Even if the message claims to be pitching a reputable product, such as one from Symantec or ZoneAlarm, the link may actually take you to a counterfeit site.

Color-coding the good guys and bad guys

One site that has been tracking rogue anti-malware products since 2004 is Spyware Warrior. If you're considering a product whose validity is not certain, your first screening step should be to search Spyware Warrior's blacklist. Although Spyware Warrior focuses on identifying fake antispyware apps, the service's blacklist of suspicious sites and products also includes a lot of rogue antivirus applications.

Additionally, consult a whitelist of products that have been certified by a reliable independent organization. One such organization is ICSA Labs (formerly the International Computer Security Association), an independent research and certification division of Verizon Business. On its site, ICSA maintains a list of antivirus products it has certified according to its criteria.

Once you've validated a product to your satisfaction via these resources, you're probably safe downloading it directly from the vendor. But to be extra cautious, consider going to a reputable download source that scans every item before placing it in its library. Such sites include CNET's Download.com, the Downloads page of PCWorld.com, ZDNet's Downloads page, and Tucows.com's security section.

These days, every PC user needs security software to protect against online threats. But when the security software itself becomes a threat, the solution becomes a problem.

Fortunately, with a little care, you can dramatically reduce your risk when shopping for safe and effective security products.

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and an easy to use WordPress theme • Sky Gold skin by Denis de Bernardy