iWay-Safety.com: Crime & Punishment News & Views

Anti-virus software isn't the only computer security tool

Fri, 13 Jun 2008 01:37:58 GMT

... get in the habit of quickly installing all software program updates ... beyond that also consider:

Certified e-mail [?? Seems off the point since these services are directed at businesses not individuals]

Web page scanners ... tools using varying technologies to gauge the reputation of most Web pages. EG AVG's LinkScanner, ScanSafe's Scandoo, Trend Micro's TrendProtect, McAfee's SiteAdvisor [which I use] and Finjan's SecureBrowsing grade Web pages as safe, unsafe or questionable.

Browser security tools ... anti phishing filters

[In other words a toolbox instead of a tool.]

SANS OUCH! Newsletter - Volume 5, Number 5 May 2008

Thu, 12 Jun 2008 21:30:35 GMT

OUCH!

SANS Institute Security Newsletter for Computer Users

Volume 5, Number 5 May 2008

************************************************************************

In This Issue

1. Eight Surefire Ways to Become an Identity Theft Victim - 2. Malware

- - 3. Scams and Hoaxes - 4. Microsoft and Apple Security Updates - 5.

Security Newsbytes

************************************************************************

A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch.

You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.

************************************************************************

1. Eight Surefire Ways to Become an Identity Theft Victim

- --Practice unsafe surfing. When you purchase a new computer, go online without activating the firewall, or purchasing protective software.

Further expose yourself digitally by sharing a wireless connection with the entire neighborhood. Without digital encryption, you can share the contents of your hard drive with anyone on the street. For maximum risk, do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions.

- --Skimp on anti-virus and anti-spyware protection. Courting disaster online is easy. Invite malicious code to attack your computer simply by doing nothing. Antivirus programs can be pricey, and the maintenance of constantly downloading updates is time-consuming. Combine that with the security updates from Microsoft or Apple and it's enough to seriously annoy anyone.

- --Passwords are a pain! Make life easy for yourself by using the same password for EVERYTHING, and make it something easy to remember, like your first name or 'password'. Just in case, make sure you write it down on a yellow sticky and put it somewhere easy to see.

And don't forget to have your browser set to 'remember password' to make life easy for you - and the cyberthief.

- --Peek at junk email and open attachments from unknown sources. Open attachments from strangers, secret crushes, long-lost friends saying "what's up," or strangers hawking cheap drugs -- you'll never know unless you peek at that email. One of the many fun things that can happen when you open an attachment containing malicious code is infecting your computer with a Trojan horse or virus, which can easily lead to identity theft.

- --Stuff your wallet with juicy identifying tidbits. Wallets and purses are more than just handy cash-carrying devices. They often have credit cards, identification, insurance information and even Social Security cards. Obviously, more is better if you'd like to become the prey of fraudsters. Losing or misplacing a wallet or purse can cause more problems than just the hassle of replacing all those cards and buying a new bag. Armed with your date of birth, Social Security number and mailing address, there's no limit to the damage thieves could cause.

- --Make your checks payable to criminals. If you're like most people, you wouldn't post your checking account information on your front door, though you should if you'd like to be a victim of fraud. Similarly, checks reflecting the same information can be dropped casually into unsecured mailboxes. Statistically the chances of your mailbox being targeted by criminal elements are low, but not that low. According to the 2008 Identity Fraud Survey Report from Javelin Strategy and Research, almost 1 in 10 victims of identity theft who can pinpoint the scene of the crime say that it happened at the mailbox.

- --Opt out? Opt in! While you're mailing checks from the unlocked mailbox, go ahead and get credit card companies to send you all the pre-approved offers that the postman can cram into the box. Similarly, don't get credit card statements online; leave them on the side of the road so that they're more convenient for fraudsters who lack the technical knowledge or follow-through to launch complicated hacking schemes.

- --Nothing is too good to be true. Everyone wants to feel special and maybe more importantly, filthy rich. When reading an emailed proposition from an African business tycoon, an imperiled prince or downtrodden heiress offering millions of dollars in exchange for some small measure of assistance, it's difficult not to wish it were true. Falling for the story will undoubtedly lead to unpleasantness.

More information:

http://finance.yahoo.com/banking-budgeting/article/104894/7-Surefire-Ways-to

-Become-an-ID-Theft-Victim

************************************************************************

2. Malware

- --Zeus. A Trojan being spread by the so-called "Rock Phish" group of Russian criminals through phishing scams. Zeus is designed not only to trick victims into clicking on a link in a phishing email to give up personal information, but also to drop a Trojan on the victim's computer at the same time. The new attacks combine phishing and the Zeus Trojan to steal personal information and spread financial crimeware. Zeus can steal personal data such as usernames, passwords and Social Security numbers entered by the user while interacting with other websites.

More information:

http://www.scmagazineus.com/Rock-Phish-gang-adds-malware-download-to-attacks

/article/109240/

- -- RaceForTibet. Rootkit* malware that surreptitiously installs a keystroke logger on end users' PCs once they open a Flash movie file which uses a cartoon to mask its malware payload. The captured data is reportedly sent to a computer in China. The cartoon ridicules the effort of a Chinese gymnast and then displays images supporting a free Tibet.

The malware is being distributed as an attachment called RaceForTibet.exe.

More information:

http://www.itpro.co.uk/wireless/news/187935/tibet-supporters-targeted-by-tro

jans.html

* Rootkit: http://en.wikipedia.org/wiki/Rootkit

- -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.

More information:

http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/

************************************************************************

3. Scams and Hoaxes

- --Economic Stimulus Refund Phishing Scam A number of phishing scam emails are currently targeting US taxpayers by offering bogus refund payments as bait. This email, purporting to be from the Internal Revenue Service (IRS), claims that the recipient is qualified to receive the 2008 Economic Stimulus Refund. The recipient is instructed to follow a link in the message in order to fill in an online form, ostensibly to allow the refund to be processed. The email includes the IRS logo and copyright notice and is from a seemingly genuine IRS email address. However, the email is not from the IRS.

More information:

http://www.hoax-slayer.com/economic-stimulus-refund-scam.shtml

- --United States District Court Subpoena Malware Email This seemingly official email purports to be a subpoena sent by the United States District Court. The message claims that the recipient must testify before a Grand Jury at a specified place and time. The recipient is instructed to follow a link in the message to download and print a complete copy of the subpoena document. However, the message is not from the United States District Court. In fact, the message is an attempt to trick recipients into installing information-stealing malware on their computers.

More information: http://www.uscourts.gov/newsroom/2008/alert.cfm

http://www.hoax-slayer.com/subpoena-phishing-scam.shtml

- --Visa Personal Password Phishing Scam An email claiming that recipients can protect their Visa credit card for online purchases by clicking a link in the message and creating a personal password. However, the message is just another phishing scam and was not sent by Visa. Those who fall for the ruse and click the link will be taken to a very sophisticated, but fraudulent, website that has been designed to closely resemble the genuine Visa website.

More information: http://www.hoax-slayer.com/visa-password-scam.shtml

- --Mail Server Report

According to this warning message, a dangerous virus is being distributed via emails with the subject line "Mail Server Report". The warning claims that opening attachments that come with the email will first display a message saying "It is too late now, your life is no longer beautiful" before destroying all files on the infected computer and stealing personal information. However these claims are untrue.

There is not, nor has there ever been, a virus like the one described in this bogus warning message.

More information: http://www.hoax-slayer.com/mail-server-report-hoax.shtml

************************************************************************

4. Microsoft and Apple Security Updates

Microsoft and Apple provide free security updates for their software products.

Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is May 13th. Check manually too, once every two weeks, to make sure all of the updates have been installed.

More information: http://www.microsoft.com/athome/security/default.mspx

OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).

More information: http://www.apple.com/support/downloads/

iPhones: Must be updated manually:

http://docs.info.apple.com/article.html?artnum=305744

************************************************************************

5. Security Newsbytes

- --Hannaford to Spend Millions on IT Security Upgrades After Breach Executives at Hannaford Bros. Co. have said that the grocer expects to spend millions of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices with encryption support in store checkout aisles. Hannaford also has signed on IBM to do around-the-clock network security monitoring.

More information:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&;arti

cleId=9079652

- --Microsoft Reports 300% Increase in Trojan Downloaders Computer users are increasingly at risk of being lured to websites that surreptitiously download malicious software onto their machines, but stolen or lost laptops still represent most of the security breaches reported, according to the latest six-month Microsoft Security Intelligence Report. Exploits, malicious software, and hacking accounted for 13% of all security breach notifications recorded in the second half of 2007, while 57% of the breaches publicly disclosed involved lost or stolen equipment. Malicious software attacks via Trojan downloaders and droppers increased by 300% during the same time period.

More information:

http://www.news.com/8301-10784_3-9925077-7.html?tag=nefd.only

- -- Firefox and Safari Updates Tackle "Alternative" Browser Bugs Mozilla has updated its Firefox web browser in response to the discovery of a vulnerability which allows miscreants to take control of vulnerable systems. Apple has pushed out an update for both the Windows and Mac versions of its Safari web browser. The more serious Mac flaws, if left unchecked, create a means for hackers to crash browsers or inject malicious code into vulnerable systems.

More information:

http://www.mozilla.org/security/announce/2008/mfsa2008-20.html

http://support.apple.com/kb/HT1467

************************************************************************

Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch

Phishers Hitting Nearly Half Of Adult Users

Sun, 15 May 2005 01:39:28 GMT

Next week Denver-based First Data Corp., one of the country's largest electronic financial transaction companies, plans to release survey results showing 43 percent of adults have received a phishing contact. Five percent of those adults gave up personal information. The telephone survey of 2,000 people was conducted by Synovate and had a sampling error margin of 2.2 percentage points.

The Federal Trade Commission advises that e-mailing financial and personal details is never a good idea, and legitimate companies don't ask for those details in an e-mail.

MasterCard Shuts Down 1,400 Phishing Sites

Sat, 14 May 2005 02:59:18 GMT

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June (2004). The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Phishers Dodge Content Filtering

Sat, 14 May 2005 02:05:17 GMT

According to Netcraft, some fraudsters are replacing text content on their phony sites with similar-looking images, "making it much more difficult for automated systems to detect the presence of keywords such as 'PayPal' and 'credit card.'"

In an online alert, Netcraft illustrated how a phisher could simply embed text within an image to hide it from filters. The text would still be readable by a possible victim, but not by a computer.

Keystroke Logger Surreptitiously Installed at New Zealand Internet Cafe

Wed, 09 Mar 2005 17:14:57 GMT

A cyber thief in Wellington, New Zealand apparently installed keystroke-logging software at an Internet cafe that allowed him to harvest user names and passwords belonging to people who conducted online banking there. Consumers are being warned to use caution while banking on line. [Experts warn against using internet cafes when sending/receiving sensitive information. Who needs to be warned about this?!]

Online Dating Sites Quarrel Over Background Checks

Mon, 07 Mar 2005 00:51:31 GMT

True.com has taken on the rest of the online dating industry in pushing state legislators to require matchmaking sites to conduct criminal background checks on members or post a warning that no such screening has been done.

Internet Detective Police Work

Fri, 04 Mar 2005 15:12:56 GMT

Law enforcement agencies increasingly turn to the net for tips from the public.

Global site fights child abuse

Tue, 01 Mar 2005 16:57:27 GMT

A new international Web site (www.virtualglobaltaskforce.com) developed by a global alliance of law enforcement agencies was launched this week to try and prevent individuals from committing child abuse online.

Internet helps recreate swampland scams that swindle buyers

Wed, 16 Feb 2005 22:19:14 GMT

The Internet has helped bring back "swampland" sales in Florida as companies portray fairly worthless property as good investments, taking advantage of unwary out-of-state buyers. Some of the lots are actually underwater.

Identity thieves can lurk at Wi-Fi spots

Mon, 07 Feb 2005 21:14:04 GMT

Coffee shop Web surfers beware: An evil twin may be lurking near your favorite wireless hotspot. Thieves are using wireless devices to impersonate legitimate Internet access points to steal credit card numbers and other personal information, security experts warn.

Jury awards $434,000 to woman who met husband online

Fri, 19 Nov 2004 19:29:47 GMT

A federal jury Thursday awarded a woman $434,000 in damages after she sued an Internet matchmaking service that introduced her to her abusive husband.

User Education Is A Flawed Strategy For Protecting Computer Users From Internet Scams

Fri, 29 Oct 2004 18:56:23 GMT

One of the "Internet's foremost experts in Web usability" (according to Business Week) and the man who ranks number six on ZDNet's "The Web's Ten Most Influential People" calls for a change in policy to thwart Internet scams, saying, "User education is not the answer to security problems." Jakob Nielsen says a strategy relying on user education puts the burden on the wrong shoulders. The only real solution, according to Nielsen, is to make security a built-in feature of all computing elements.

Home PCs not protected

Wed, 27 Oct 2004 23:45:34 GMT

In findings, from a detailed survey of 329 consumers that included inspections of each of their home computers, released Monday by America Online and the National Cyber Security Alliance (NCSA), a picture emerges of consumers increasingly using their home PCs for sensitive, online transactions without adequately protecting themselves from cybercrime.

While 77% of the survey respondents believed they were safe from online threats, two-thirds lacked current anti-virus software and did not use any firewall protection. More than half said they did not understand the difference between the two. Yet 84% stored personal data on their home PCs, and 72% routinely used the Internet for sensitive transactions, such as banking and medical data exchanges.

Fake Sites Dupe Users

Sat, 23 Oct 2004 20:33:18 GMT

Fraud-based Web sites that purport to sell products and services but really only harvest credit card accounts and other personal information are on the upswing, Websense Security Labs*, an Internet content management vendor said Monday (10/11/2004). According to Websense Security Labs, fraud sites outnumber those associated with phishing, a much better-known scam.

Although such fake sites resemble phishing sites -- both try to dupe users into divulging confidential information -- this new category uses a different ploy. Rather than get people to a site by telling them that their credit or bank account needs adjustment, these scams promise merchandise or a service at phenomenal prices. "Fraud sites don't target a specific brand, like phishing attacks and sites do," said Dan Hubbard, the director of security and technology research for Websense.

* an arm of Websense, a provider of content blocking software for enterprises

Phishing Attacks Launched from Handful of Networks

Thu, 21 Oct 2004 20:33:50 GMT

Security firm CipherTrust has reported that fewer than five zombie networks may be involved in all Internet phishing attacks worldwide, suggesting that only a small number of people are responsible for the threats. CipherTrust researchers found that less than 1 percent of e-mail messages are phishing attacks, but says these threats should be taken very seriously.

In its research, the firm analyzed customer e-mails during the first two weeks of October, and found that about a third of all zombie machines launching phishing attacks are based in the U.S., with South Korea coming in second at about 15 percent. However, the findings do not imply that the attacks originate within the U.S. Because zombie networks can be controlled from any geographic region, U.S. machines used in an attack can be manipulated by phishers in other countries. Most notably, the research indicated that attacks are sending out messages using networks of only about 1,000 PCs. This suggests that the number of perpetrators is small, but very adept at using compromised machines.

Online attack puts 1.4 million records at risk

Thu, 21 Oct 2004 19:58:21 GMT

An August intrusion into a social researcher's computer may mean that more than a million Californians need to call the credit bureaus.

On Tuesday, the California Department of Social Services warned the providers and recipients of the state's In Home Support Services (IHSS) that their names, addresses, telephone numbers, Social Security numbers and dates of birth may be circulating the Internet. IHSS allows individuals to get paid for providing in-home care to senior citizens. The warning comes after an unknown attacker slipped in through a security hole in a social researcher's unsecured computer at the University of California, Berkeley, on Aug. 1, perhaps making off with 1.4 million database records containing personal information. The researcher noticed the trespass on Aug. 30 and the university notified the state in mid-September.

Crooks slither into Net's shady nooks and crannies

Thu, 21 Oct 2004 15:02:24 GMT

Organized crime rings and petty thieves, federal authorities say — are establishing a multibillion-dollar underground economy in just a few years. The Internet's growth as an economic engine, particularly for financial transactions, is feeding the felonious frenzy. Lured by shoddy computer security and the ability to commit crimes from far-flung countries, the Russian mafia and other Eastern European gangs are plunging into spam, phishing schemes, cyberextortion and the trafficking of stolen goods online, authorities say. Many hire hackers in economically depressed countries, but a growing number are becoming computer savvy to do the dirty work themselves.

SANS "Ouch" newsletter for "unsophisticated end users"

Tue, 19 Oct 2004 16:22:32 GMT

A new free SANS newsletter has gotten rave reviews from unsophisticated end users - they really appreciate the plain non-technical writing and the cool examples. It's called OUCH! More than 500 security awareness professionals from around the US and the world helped them get it right. If you want to redistribute it to your users, that' allowed. The newsletter includes a pointer to a great phishing quiz for anyone who thinks he or she can spot a phishing email. To subscribe go to the newsletter page at the SANS portal and choose it.

FTC Goes After Spyware Operations

Mon, 11 Oct 2004 20:31:08 GMT

The Federal Trade Committee has filed a complaint in federal court asking that two Internet advertising and software firms be shut down. The activities of New Hampshire resident Sanford Wallace and his two firms -- Seismic Entertainment Productions and SmartBot.Net -- are some of the most egregious in the spyware field, Ari Schwartz, associate director of the Center for Democracy and Technology, told NewsFactor.

The operation of the spyware distributed by Wallace is very complicated, Schwartz explained. In addition, it has operated in different ways over the months. Perhaps the worst allegation is that of direct fraud. Some consumers assert that they were asked to pay US$30 to stop the pop-up ads repeatedly appearing on their computers. Those pop-ups originated from the same web of companies and advertisements originating them. Spy Wiper and Spy Deleter are two of the software programs marketed by Wallace's firms. In some cases, said Schwartz, pieces of software were downloaded to consumer computers without their knowledge or purchase. The company used security holes in Internet Explorer to take control of some operations on computers of users who clicked on particular ads.

The case is the first in the spyware arena to target a company for downloading code to a user's machine without permission. There are no laws against spyware at the national level.

Possible eBay phishing scam

Thu, 07 Oct 2004 12:16:26 GMT

[ALWAYS be suspicious of emails asking you to provide sensitive information by using a link provided in the email instead of the established method of providing such information.]

Court strikes down Patriot Act provision

Fri, 01 Oct 2004 12:27:38 GMT

A federal judge on Wednesday struck down a key provision of a law that is the centerpiece of the Bush administration's legal war on terrorism, ruling that the FBI cannot require Internet service providers to turn over subscriber information and keep quiet about it forever without giving the providers a chance to fight the government in court.

Fingerprints on File, Right From the Patrol Car

Thu, 23 Sep 2004 19:26:52 GMT

A mobile wireless system being tested in Oregon allows police officers in the field to check fingerprints against state and national databases.

Ready or Not, Electronic Voting Goes National

Mon, 20 Sep 2004 00:29:04 GMT

Just over six weeks before the nation holds the first general election in which touch-screen voting will play a major role, specialists agree that whatever the remaining questions about the technology's readiness, it is now too late to make any significant changes.

Google Search Reveals Credit-Card Numbers

Mon, 20 Sep 2004 00:03:48 GMT

We found no indication that the larger, more credible, retail sites were the source of credit-card information leaks. Web sites like eBay, Amazon, Office Depot, Best Buy, Sears, and many others appear secure. At least, none of the online purchases recorded in any of the credit-card lists we found contained purchases from major retailers.

It was the mom-and-pop shops, home-based businesses, and smaller companies that showed vulnerability, apparently from ignorance or a lack of professional I.T. resources.

"To get around consumer-security and fulfillment concerns, Internet startups and small businesses will have to align themselves with more credible marketplaces like eBay, Amazon, and Yahoo.

In the meantime, Web-site owners may want to employ a few simple fixes to make sure their critical files and their customers' personal information are not so easily found by search engines.

The MailFrontier Phishing IQ Test

Mon, 13 Sep 2004 02:18:00 GMT

Mailfrontier has put together 10 suspected fraud emails from their collection of millions-all of them real and all of them actually received by real people. [I got 9 of 10 correct - my paranoia had me calling a legitimate email a fraud. Advice on: use your common sense! advice off:]

Judge nixes Internet child porn law in Pa.

Sun, 12 Sep 2004 20:51:43 GMT

Enacted in 2002, the law gave Pennsylvania's attorney general the power to require that companies like America Online Inc. block customers from viewing Web sites that had been identified by the state as containing illegal content.

No one challenged the state's right to stop the distribution of child porn, which is already illegal under federal law, but lawyers for the Center for Democracy and Technology and the American Civil Liberties Union had argued that the technology used to block those Web sites was clumsy.

Over two years, the groups said, ISPs trying to obey blocking orders were forced to cut access to at least 1.5 million legal Web sites that had nothing to do with child pornography, but were part of the same Internet cluster as the offending sites.

Florida to Tax Home Networks ?

Mon, 06 Sep 2004 02:30:02 GMT

Florida state officials are considering taxing home networks that have more than one computer, under a modified 1985 state law that was intended to tax the few businesses that used internal communication networks instead of the local telephone company.

US website offers Caller ID falsification service

Mon, 06 Sep 2004 02:27:12 GMT

Overdue debtors beware: You may not be able to rely on Caller ID to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller ID spoofing to the business world, beginning with collection agencies and private investigators.

Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose.

Is Sharing Wi-Fi Illegal? Answer Hazy; Try Again Later, Lawyer Says

Mon, 23 Aug 2004 15:15:18 GMT

Some say that if you find an unsecured Wi-Fi signal in a public place, it's okay to use it. Others say that's stealing. The law comes down on both sides of the issue, says attorney Mark Rasch.

Dell wants to teach Web surfers a security lesson

Sun, 22 Aug 2004 17:09:50 GMT

Dell has unveiled a plan to educate its customers on how to protect their computers from an onslaught of spyware, adware and viruses. The computer maker has set up a new PC Security site to help customers identify online security threats and ways to handle them. The Web site also features antivirus and antispyware products as well as links to partner sites. Dell also said it would work with a consumer education group, the Internet Education Foundation, to help its customers. For customers who find it difficult to help themselves, troubleshooting will be available for $39 per incident.

Dell will also begin touching on security in its advertising. Its August sales catalog, for example, will include a four-page insert with information on updating Windows, antivirus and antispyware software as well as keeping data backed up, Rodrigue said. The catalogs reach tens of thousands of customers in the United States via U.S. mail, Dell representatives said. Later in the year, Dell plans to begin installing antispam, spyware protection and pop-up-blocking software on its PCs, Rodrigue added. In some respects, Dell is catching up to others, such as Hewlett-Packard. HP has been shipping Intermute's protection suite, which features applications designed to prevent spam, pop-up ads and spyware, on its PCs.

Google queries provide stolen credit cards

Sun, 22 Aug 2004 15:22:20 GMT

Simple queries using the Google search engine can turn up a handful of sites that have posted credit card information to the Web, CNET News.com learned on Tuesday. The lists of financial information include hundreds of card holders' names, addresses and phone numbers as well as their credit card data. Much of the credit card data that appears in the lists found by Google may no longer be valid, but News.com called several people listed and verified that the credit card numbers were authentic.

Web sites offering "phishing" kits for download

Sun, 22 Aug 2004 14:48:41 GMT

Some Web sites are now offering surfers the chance to download free "phishing kits" containing all the graphics, Web code and text required to construct the kind of bogus Web sites used in Internet phishing scams. Security firm Sophos warned that many of the kits also contain spamming software that enables potential fraudsters to send out thousands of phishing e-mails with direct links to their do-it-yourself fraud sites.

FTC Unveils New E-mail Address for Deceptive Spam

Sun, 22 Aug 2004 13:37:15 GMT

To better handle the high volume of spam forwarded to its database, the FTC recently opened a new email box spam@uce.gov

Copyright Crusaders Hit Schools

Fri, 20 Aug 2004 12:59:26 GMT

For the third year in a row, software companies are supplying schools with materials that promote their antipiracy position on copyright law. But for the first time this year, the library association is presenting its own material, hoping to give kids a more balanced view of copyright law.

Protect your privacy: 10 simple steps

Fri, 20 Aug 2004 12:32:36 GMT

Find out how to keep your identity safe in a world of Dumpster divers, shoulder surfers and skimmers. Also: What to do if identity theft happens to you, and how to stop the spam.

Homeland Security 101

Fri, 20 Aug 2004 12:24:26 GMT

In an effort to attract federal funding, draw new students and prepare graduates for careers in the expanding field of homeland security, universities are augmenting existing courses and launching entire programs around security, defense and terror issues.

Online Scams Pose as Kerry Campaign Fund-Raisers

Thu, 19 Aug 2004 23:38:30 GMT

Scam artists posing as fund-raisers for Democratic presidential nominee John Kerry are trying to trick Internet users into sending them money, an Internet security firm said. Two separate mass e-mail "spam" campaigns were uncovered that ask users to contribute to Kerry's presidential bid, but direct the money to Web sites in India and Texas that are not affiliated with the campaign, said the security firm SurfControl, which makes Internet content filters.

Security Ruling Hammers Small ISPs

Tue, 17 Aug 2004 01:27:33 GMT

Fighting crime requires the ability to react quickly to information, which is the intent of the 1994 Communications Assistance for Law Enforcement Act (CALEA), which gives investigators access to telephone networks in short order, once appropriate legal hurdles have been crossed. The implications on broadband Internet and VoIP networks has been hung up in red tape for quite a while now, but the FCC has officially expanded CALEA to data networks as well….

WholeSecurity releases a program to help companies combat "phishing"

Mon, 16 Aug 2004 23:59:13 GMT

WholeSecurity, an Internet security firm in Austin, Texas, has released a program to help companies combat a growing form of online fraud known as "phishing." Its program, called Web Caller-ID, is already in use at eBay. The online auctioneer has incorporated the technology into its Internet toolbar with a feature called Account Guard.

The program analyzes Web addresses for clues that might lead to fraudulent sites. The program also checks whether the domain name was registered recently or its operator is using a free Web hosting service.

Other companies that offer antiphishing products include EarthLink, Webroot Software and PostX. Microsoft and Yahoo are also working on such programs.

Sheriff takes search for alleged serial robber to Internet

Thu, 12 Aug 2004 21:38:29 GMT

Hoping to copy the crime-fighting success of America's Most Wanted, the sheriff of largely rural DeWitt County is turning to the Internet for help in solving a series of bank robberies that authorities believe may be linked to the same man.

FCC Allows Add-on Antennas But Read the Fine Print

Thu, 29 Jul 2004 15:39:15 GMT

FCC rule allows end-users to change out antennas on their Wi-Fi and other gear legally if the manufacturer has performed the right tests and the antennas conform to certain guidelines. Until now, the FCC has required that any antenna to be used with a device operating under Part 15 rules had to be tested and certified as part of a system. There was no mix and match proviso. Further, the FCC required unique connectors for each manufacturer, and required new connectors to be designed as the existing ones became commonplace. "Wait," you may ask--"I can go to HyperLink Technologies or other companies and buy antennas with the right connectors and attach them to my Wi-Fi gateway. If it's illegal, how can I buy this gear?" Simple. It's legal to sell antennas; it's illegal to use them. It's the same logic that guides the sale of bongs and switchblade kits. It's opposite to the logic that underlies the Digital Millennium Copyright Act. However, the FCC rule doesn't suddenly make all antennas legal for all systems ...

Pop-up program reads keystrokes, steals passwords

Thu, 15 Jul 2004 02:56:24 GMT

Trojan horse installed through pop-up ad has watch list of banking sites. Victims visit sites, type in passwords, hand info to hackers.

Trojan targets user's financial information

Thu, 01 Jul 2004 02:12:54 GMT

Trojan targets user's financial information. Security researchers warned Tuesday of a new security threat making the Net rounds: A file that appears to spread through pop-up ads and capture personal data. [InfoWorld: Security]

Worm eyes up credit card details

Thu, 01 Jul 2004 01:43:48 GMT

Windows users are being warned about a virus that is "aggressively stealing" credit card numbers and passwords. The Korgo virus debuted on 22 May and since then has been steadily racking up victims. Although the virus is not widespread, security firms are issuing warnings because it is proving so effective at stealing confidential data. The virus opens up a backdoor on PCs it infects which allows its creators to install a key logging program that activates when users fill in forms on websites.

Security firm Symantec has also upgraded its warning about Korgo as the numbers of the virus circulating increased and new variants started to appear. In total seven variants of Korgo have been found. But Symantec added that the threat from the virus was "well-contained".

NEC unit pays $20.6M fine in fraud case

Mon, 31 May 2004 02:53:00 GMT

NEC-Business Network Solutions agreed to plead guilty and pay $20.6 million criminal fine to settle charges of defrauding the U.S. government's program to subsidize the Internet in schools, known as E-Rate, the U.S. Justice Department said Thursday.

The Irving, Texas-based company, a subsidiary of Japanese chip and electronics maker NEC Corp., was charged with collusion and wire fraud by allocating contracts and rigging bids for E-Rate projects at five school districts in Michigan, Wisconsin, Arkansas, and South Carolina.

Child-porn probe used first live Internet wiretap

Mon, 24 May 2004 15:25:43 GMT

For more than three weeks, every Web site, every e-mail, every photo image, every chat room conversation [that Jason Heath Morgan ] viewed or took part in was scrutinized, as the 26-year-old Morgan unwittingly became the first person in the United States to have his Internet usage monitored live by federal agents probing child pornography under a new law.

www.bigbrother.gov

Mon, 24 May 2004 02:16:39 GMT

The feds want to know who’s been visiting the Web site of voting watchdog Bev Harris ( www.blackboxvoting.org ), and they’re likely to get what they want.

Phishing attacks up against U.S. consumers

Mon, 24 May 2004 00:12:29 GMT

A new study by research firm Gartner Inc. found that the number of online scams known as "phishing attacks" have spiked in the last year and that online consumers are frequently tricked into divulging sensitive information to criminals. Study finds that 1.78 million adults may have fallen victim to the online scams.

Intego warns of second Mac OS X Trojan Horse

Wed, 12 May 2004 20:40:23 GMT

MacCentral - For the second time in just over a month, Macintosh security company, Intego has issued an advisory warning customers of a Trojan Horse (AS.MW2004.Trojan) on Mac OS X. The latest advisory, posted to the company's Web site on Wednesday, warns of a Trojan Horse downloaded from the LimeWire peer-to-peer network -- the file had an icon that appeared to be an installer for Microsoft Office 2004. Microsoft warned users of downloading from sources other than them and analysts even question using the term "Trojan" for the advisory. [Yahoo! News - Technology] [Social engineering again and delicious irony - file sharing and, apparently, a lure of MS Office for free.]