Please aware of such Scam !!!! This is another type of phishing !!!! Be aware !!!!!
Thursday, December 1, 2011
Wednesday, November 16, 2011
Browser Security and Privacy
GUEST EDITOR
Mike Poor is the guest editor for this issue. He is a senior
security analyst for the consulting firm InGuardians Inc.
(www.inguardians.com). Mike is also a senior instructor for
the SANS Institute and the track lead for one of SANS’ top
courses, SEC503: Intrusion Detection In-Depth.
OVERVIEW
Your Internet browser, such as Internet Explorer, Firefox,
Chrome, or Safari, is one of the primary tools you use to
interact with the Internet. Cyber attackers know this, which
makes your browser one of their primary targets. Also, your
browser may collect a great deal of personal information
about you that you may not be aware of. In this newsletter
we cover the steps you can take to protect both your
computer and your privacy.
KEEPING YOUR BROWSER CURRENT
The first step to protecting yourself is always using the
latest version of your browser. It does not matter which
browser you use; what is important is that you use the most
recent version of your browser. Cyber attackers are
constantly searching for, and finding, programming errors
and other flaws in browsers. These mistakes (often called
vulnerabilities) can be exploited, giving attackers access to,
and sometimes even complete control, over your system.
The companies that developed your browser (such as
Microsoft, Google, or Apple) release patches to fix these
vulnerabilities. By always having the latest version, you
ensure your browser has these known issues fixed. To
ensure your browser is updated, make sure the autoupdate
feature is always enabled in your browser and
operating system. Some browsers, such as Chrome,
automatically update themselves every time you restart the
browser.
PLUGINS AND ADD-ONS
Plugins (sometimes called Add-Ons) are additional
programs you can install in your browser. The problem
with these additional programs is they can expose you and
your system to greater risk. Each program you add to your
browser has its own unique vulnerabilities or weaknesses.
Courtesy:
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201111_en.pdf
Mike Poor is the guest editor for this issue. He is a senior
security analyst for the consulting firm InGuardians Inc.
(www.inguardians.com). Mike is also a senior instructor for
the SANS Institute and the track lead for one of SANS’ top
courses, SEC503: Intrusion Detection In-Depth.
OVERVIEW
Your Internet browser, such as Internet Explorer, Firefox,
Chrome, or Safari, is one of the primary tools you use to
interact with the Internet. Cyber attackers know this, which
makes your browser one of their primary targets. Also, your
browser may collect a great deal of personal information
about you that you may not be aware of. In this newsletter
we cover the steps you can take to protect both your
computer and your privacy.
KEEPING YOUR BROWSER CURRENT
The first step to protecting yourself is always using the
latest version of your browser. It does not matter which
browser you use; what is important is that you use the most
recent version of your browser. Cyber attackers are
constantly searching for, and finding, programming errors
and other flaws in browsers. These mistakes (often called
vulnerabilities) can be exploited, giving attackers access to,
and sometimes even complete control, over your system.
The companies that developed your browser (such as
Microsoft, Google, or Apple) release patches to fix these
vulnerabilities. By always having the latest version, you
ensure your browser has these known issues fixed. To
ensure your browser is updated, make sure the autoupdate
feature is always enabled in your browser and
operating system. Some browsers, such as Chrome,
automatically update themselves every time you restart the
browser.
PLUGINS AND ADD-ONS
Plugins (sometimes called Add-Ons) are additional
programs you can install in your browser. The problem
with these additional programs is they can expose you and
your system to greater risk. Each program you add to your
browser has its own unique vulnerabilities or weaknesses.
Courtesy:
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201111_en.pdf
Thursday, September 29, 2011
Supreme Court of Pakistan website defaced by Zombie_Ksa
Supreme Court of Pakistan website defaced by Zombie_Ksa The official website of Pakistan's Supreme Court has been hacked.Visitors to the website found derogatory and abusive remarks about the court and Chief Justice Iftikhar Muhammad Chaudhry. Earlier the Supreme Court website was hacked by two boys also in the month of September last year to whom the court had granted bail on April 11 as they were less than 18 years of age.
Source: http://thehackernews.com/2011/09/supreme-court-of-pakistan-website.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Daily+Cyber+News+Updates%29
Source: http://thehackernews.com/2011/09/supreme-court-of-pakistan-website.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Daily+Cyber+News+Updates%29
Monday, September 12, 2011
Hackers break into Linux Foundation !!!!
Just weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a “security breach.”
A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.
Source : http://www.zdnet.com/blog/security/hackers-break-into-linux-foundation/9363
A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.
Source : http://www.zdnet.com/blog/security/hackers-break-into-linux-foundation/9363
Thursday, August 4, 2011
Mobile money services !!!!!
Mobile money services puts you in control of your daily finances – transfer funds, pay bills, top up quickly and securely with your mobile phone.
What’s in it for you?
Transfer money securely to your friends and family in a convenient and cost-effective way.
Pay your utility bills from almost anywhere and keep track of everything with reminders for due dates, overdue charges and payments.
Check your balance on the go and manage your expenses and payments at the same time.
Recharge your pre-paid account wherever and whenever you like – adding funds is easy and it only takes a few moments.
Manage your money with confidence – the latest mobile technology is used to handle all your finances securely.
Save time when dealing with your personal finances – no more waiting in line at the bank or making unnecessary trips into town.
Source: http://www.nokia.co.in/find-products/money
Sign up to Mobile money services today – it only takes a few minutes
What’s in it for you?
Transfer money securely to your friends and family in a convenient and cost-effective way.
Pay your utility bills from almost anywhere and keep track of everything with reminders for due dates, overdue charges and payments.
Check your balance on the go and manage your expenses and payments at the same time.
Recharge your pre-paid account wherever and whenever you like – adding funds is easy and it only takes a few moments.
Manage your money with confidence – the latest mobile technology is used to handle all your finances securely.
Save time when dealing with your personal finances – no more waiting in line at the bank or making unnecessary trips into town.
Source: http://www.nokia.co.in/find-products/money
Sign up to Mobile money services today – it only takes a few minutes
Biggest-ever series of cyber attacks discovered by McAfee, fingers point to China !!!!
Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
In the case of the United Nations, the hackers broke into the computer system of the UN Secretariat in Geneva in 2008, hid there unnoticed for nearly two years, and quietly combed through reams of secret data, according to McAfee.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.
"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a "command and control" server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.
It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006, though there might have been other intrusions as yet undetected. (RAT stands for "remote access tool," a type of software that hackers and security experts use to access computer networks from afar).
Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.
"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."
CHINA CONNECTION?
He said that McAfee had notified all the 72 victims of the attacks, which are under investigation by law enforcement agencies around the world. He declined to give more details, such as the names of the companies hacked.
Jim Lewis, a cyber expert with the Center for Strategic and International Studies, was briefed on the discovery by McAfee. He said it was very likely that China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.
Source: http://www.techgig.com/
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
In the case of the United Nations, the hackers broke into the computer system of the UN Secretariat in Geneva in 2008, hid there unnoticed for nearly two years, and quietly combed through reams of secret data, according to McAfee.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.
"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a "command and control" server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.
It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006, though there might have been other intrusions as yet undetected. (RAT stands for "remote access tool," a type of software that hackers and security experts use to access computer networks from afar).
Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.
"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."
CHINA CONNECTION?
He said that McAfee had notified all the 72 victims of the attacks, which are under investigation by law enforcement agencies around the world. He declined to give more details, such as the names of the companies hacked.
Jim Lewis, a cyber expert with the Center for Strategic and International Studies, was briefed on the discovery by McAfee. He said it was very likely that China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.
Source: http://www.techgig.com/
Tuesday, July 19, 2011
Is Income Tax Of India Vulnerable!!!!!
This is scary. If I know a little about you, I can hack into your Income Tax account. What is scarier is that this process doesn't even require the skills of a hacker.
Here's how I hacked into a friend's account (with her permission, of course):
On the incometaxindiaefiling.gov.in home page, I went to the log in page and then clicked on the 'Forgot Password' link. There I inserted her PAN (Permanent Account Number), she didn't provide me with this. Since PAN is not confidential, it wasn't very difficult for me to find that mentioned in a document I had access to.
The next hurdle was to guess her secret question and the answer to it. There were four options to choose from: What is your pet name; What is your mother's maiden name; What is your first school name; and What is you favourite time pass. I took me four tries to crack it and I found the answer in one of her online profiles. There also doesn't seem to be any barrier on the number of retries. And the website also let me reset her password then and there.
How Income Tax accounts can be hacked
Unauthorised access to your account can also happen if someone has access to your e-filing acknowledgement number from any previous e-filing.
Now I had access to all her tax information and other details and I could also lock her out of her account as I could change the email ID, phone number and also reset the secret question.
This is a serious security lapse on the part of the Directorate of Income Tax (Systems) that operates the website and it potentially puts the tax information of millions of Indian tax payers at risk.
What the Income Tax Department should have done
A standard security practice on the better websites around is multi-tiered checks for password recovery. When a user wants to retrieve his password he should be asked to enter his PAN and answer the secret question. Then a password recovery link is sent to the registered email ID and a code sent as a text message to the registered mobile number.
Now the user has to click on the link in his email and in the page that opens inserts the code mentioned in the text message to recover/reset his password. This ensures that for someone to hack into the account, the hacker will need access to the user's phone as well as his email. Something, that in most circumstances, is unlikely. Also there should be an option for the user to insert his own question instead of the standard four that the website has on offer.
What the Income Tax Department did partially right
As soon as a request for password change is processed the Income Tax Department sends an email to the registered email ID notifying the user that his password has been changed. This at least keeps the users in the know about what has happened. But this doesn't prevent the unauthorised access. The user, in order to regain access to his account has to send an email to ask@incometaxindia.gov.in. This I believe is a long drawn process.
What you as a user should do immediately
While the Income Tax Department fixes this flaw (I am informing them about this) you should log in to your incometaxindiaefiling.gov.in account and then from the 'My Account' link on the top navigation go to the 'Update Secret Question/Answer' and choose a question with an answer that no one else but you will be able to answer.
Don't worry if your answer isn't the actual answer to your question, but remember to remember the answer. Knowing the level of security that our government agencies have in place to protect your personal data also keep your fingers crossed.
Source:
http://ibnlive.in.com/blogs/soumyadipchoudhury/2805/62540/blog-how-i-can-hack-into-your-income-tax-account.html
Here's how I hacked into a friend's account (with her permission, of course):
On the incometaxindiaefiling.gov.in home page, I went to the log in page and then clicked on the 'Forgot Password' link. There I inserted her PAN (Permanent Account Number), she didn't provide me with this. Since PAN is not confidential, it wasn't very difficult for me to find that mentioned in a document I had access to.
The next hurdle was to guess her secret question and the answer to it. There were four options to choose from: What is your pet name; What is your mother's maiden name; What is your first school name; and What is you favourite time pass. I took me four tries to crack it and I found the answer in one of her online profiles. There also doesn't seem to be any barrier on the number of retries. And the website also let me reset her password then and there.
How Income Tax accounts can be hacked
Unauthorised access to your account can also happen if someone has access to your e-filing acknowledgement number from any previous e-filing.
Now I had access to all her tax information and other details and I could also lock her out of her account as I could change the email ID, phone number and also reset the secret question.
This is a serious security lapse on the part of the Directorate of Income Tax (Systems) that operates the website and it potentially puts the tax information of millions of Indian tax payers at risk.
What the Income Tax Department should have done
A standard security practice on the better websites around is multi-tiered checks for password recovery. When a user wants to retrieve his password he should be asked to enter his PAN and answer the secret question. Then a password recovery link is sent to the registered email ID and a code sent as a text message to the registered mobile number.
Now the user has to click on the link in his email and in the page that opens inserts the code mentioned in the text message to recover/reset his password. This ensures that for someone to hack into the account, the hacker will need access to the user's phone as well as his email. Something, that in most circumstances, is unlikely. Also there should be an option for the user to insert his own question instead of the standard four that the website has on offer.
What the Income Tax Department did partially right
As soon as a request for password change is processed the Income Tax Department sends an email to the registered email ID notifying the user that his password has been changed. This at least keeps the users in the know about what has happened. But this doesn't prevent the unauthorised access. The user, in order to regain access to his account has to send an email to ask@incometaxindia.gov.in. This I believe is a long drawn process.
What you as a user should do immediately
While the Income Tax Department fixes this flaw (I am informing them about this) you should log in to your incometaxindiaefiling.gov.in account and then from the 'My Account' link on the top navigation go to the 'Update Secret Question/Answer' and choose a question with an answer that no one else but you will be able to answer.
Don't worry if your answer isn't the actual answer to your question, but remember to remember the answer. Knowing the level of security that our government agencies have in place to protect your personal data also keep your fingers crossed.
Source:
http://ibnlive.in.com/blogs/soumyadipchoudhury/2805/62540/blog-how-i-can-hack-into-your-income-tax-account.html
Tuesday, July 12, 2011
Are you safe on the Web?
Morganton, NC --
Hackers recently took down Sony’s PlayStation network and forced a security breach at Citigroup. These incidents aren’t alone. The Identity Theft Resource Center reports that as of last month there have been 216 security breaches this year.
But computer and Internet users shouldn’t be turned off about using the web to purchase or manage their finances, local computer experts said.
They say you can take reasonable steps to keep yourself and your personal information safe.
“Don’t be paranoid,” said Ronnie Harmon, president of Burke Onsite Computer Solutions, “but be suspicious.”
“There is no program or device in existence that is going to protect a computer from anything and everything all the time,” Harmon said. “The best way to protect yourself and your computer is to use plain common sense and be mindful of what you’re doing.”
He advises people to think reasonably about the risks involved. It is unlikely that hackers would target individuals, Harmon said. In the last 10 years, he’s only seen one company in Burke County get hacked.
However, with the increasing popularity of applications on social networking sites such as flash games, hackers have a new avenue for spreading viruses.
Richard Jones, owner of Discerner Computers, said web users should make sure they have an up-to-date firewall, operating system and web browser.
Most operating systems come with an embedded firewall, but sometimes programs disable the firewall without the user’s knowledge, Harmon said, so users should periodically check the firewall settings.
Third-party firewall applications also are available commercially, Jones and Harmon pointed out, and some could provide additional protection.
Jones said that if your computer’s operating system is five or more years older, it’s probably more likely to succumb to hackers’ tricks, because of the number of vulnerabilities exposed over years. But keeping current with updates will help.
Harmon said installing an antivirus program is useful, too, but no existing program will completely protect someone from all computer viruses or malicious software. The problem is that the people writing antivirus definitions can’t keep up with the people writing viruses, he said. This is a case where less is more, Harmon added. He said a computer only needs one antivirus program, not two.
When using a wireless connection, make sure the wireless device is using WPA (Wi-Fi Protected Access) security, Harmon said. WEP (Wired Equivalent Privacy) security has been compromised and is not recommended.
Perhaps the simplest thing to do is to turn off your computer when you won’t be using it for an extended amount of time, Harmon said. Most users have a broadband connection, which stays connected even if you’re not actively using the Internet.
When you’re online, there are a few simple things you can do, too.
Jones said you should make sure the status bar of the web browser is visible. Watch that the status and address bars match to ensure you’re going to the correct website.
When you’re in a secured area, check the web address for “https,” Jones said. That additional “s” indicates the hypertext transfer protocol (http) is secured with an SSL certificate. Harmon said securing a site isn’t free, and some sites don’t invest in the running on secure servers.
Make sure you always sign out when using online banking or secure sites that require a user name and password, Harmon said. You should change passwords periodically, too. And avoid doing personal banking or sensitive data transfers at public wireless access points.
As for email and Internet shopping, Harmon said users should only open emails from trusted senders and use shopping sites that you know are secure. One easy way to tell is by looking for a locked padlock in the right hand corner of the address bar, Harmon said.
Users shouldn’t buy from pop-up ads or use email links to get to a shopping site, Harmon said. He recommends entering the shopping site manually into the browser. Phishing is a common hacker tactic via email that tricks users into giving personal information to a non-trustworthy source, he explained. It usually involves scare tactics lead users to a fake Internet site that looks like a trusted popular site.
What about downloading music? Harmon said his business does not recommend peer to peer-to-peer file sharing because 75 percent of files contain viruses.
Aaron Goossens, a Burke Onsite shop technician, said the most common problems he sees are Facebook gaming issues, along with viruses from large websites like Yahoo or MSN.
Be sure to check the privacy policy on any site that asks you for personal information, Harmon said. Will the site sell your email address? And check your security settings often.
Never post anything to a social networking site that “you wouldn’t put on a billboard on the road,” Harmon said. “It’s your reputation online.”
In particular, that means don’t post personal information like your birthdate, Social Security number or, Harmon noted, when you’ll be going out of town.
Using an Internet filter is a good option; it’s easy to set up and it adds a layer of protection, Harmon said. A filter can be used to block types of websites such as gambling or social networks. It is a popular option for schools and offices.
Jones said that if you’re confused about what programs to use, call a local computer store and ask the employees what antivirus, firewall and security software programs they use.
http://www2.morganton.com/news/2011/jul/11/are-you-safe-web-ar-1198677/
Hackers recently took down Sony’s PlayStation network and forced a security breach at Citigroup. These incidents aren’t alone. The Identity Theft Resource Center reports that as of last month there have been 216 security breaches this year.
But computer and Internet users shouldn’t be turned off about using the web to purchase or manage their finances, local computer experts said.
They say you can take reasonable steps to keep yourself and your personal information safe.
“Don’t be paranoid,” said Ronnie Harmon, president of Burke Onsite Computer Solutions, “but be suspicious.”
“There is no program or device in existence that is going to protect a computer from anything and everything all the time,” Harmon said. “The best way to protect yourself and your computer is to use plain common sense and be mindful of what you’re doing.”
He advises people to think reasonably about the risks involved. It is unlikely that hackers would target individuals, Harmon said. In the last 10 years, he’s only seen one company in Burke County get hacked.
However, with the increasing popularity of applications on social networking sites such as flash games, hackers have a new avenue for spreading viruses.
Richard Jones, owner of Discerner Computers, said web users should make sure they have an up-to-date firewall, operating system and web browser.
Most operating systems come with an embedded firewall, but sometimes programs disable the firewall without the user’s knowledge, Harmon said, so users should periodically check the firewall settings.
Third-party firewall applications also are available commercially, Jones and Harmon pointed out, and some could provide additional protection.
Jones said that if your computer’s operating system is five or more years older, it’s probably more likely to succumb to hackers’ tricks, because of the number of vulnerabilities exposed over years. But keeping current with updates will help.
Harmon said installing an antivirus program is useful, too, but no existing program will completely protect someone from all computer viruses or malicious software. The problem is that the people writing antivirus definitions can’t keep up with the people writing viruses, he said. This is a case where less is more, Harmon added. He said a computer only needs one antivirus program, not two.
When using a wireless connection, make sure the wireless device is using WPA (Wi-Fi Protected Access) security, Harmon said. WEP (Wired Equivalent Privacy) security has been compromised and is not recommended.
Perhaps the simplest thing to do is to turn off your computer when you won’t be using it for an extended amount of time, Harmon said. Most users have a broadband connection, which stays connected even if you’re not actively using the Internet.
When you’re online, there are a few simple things you can do, too.
Jones said you should make sure the status bar of the web browser is visible. Watch that the status and address bars match to ensure you’re going to the correct website.
When you’re in a secured area, check the web address for “https,” Jones said. That additional “s” indicates the hypertext transfer protocol (http) is secured with an SSL certificate. Harmon said securing a site isn’t free, and some sites don’t invest in the running on secure servers.
Make sure you always sign out when using online banking or secure sites that require a user name and password, Harmon said. You should change passwords periodically, too. And avoid doing personal banking or sensitive data transfers at public wireless access points.
As for email and Internet shopping, Harmon said users should only open emails from trusted senders and use shopping sites that you know are secure. One easy way to tell is by looking for a locked padlock in the right hand corner of the address bar, Harmon said.
Users shouldn’t buy from pop-up ads or use email links to get to a shopping site, Harmon said. He recommends entering the shopping site manually into the browser. Phishing is a common hacker tactic via email that tricks users into giving personal information to a non-trustworthy source, he explained. It usually involves scare tactics lead users to a fake Internet site that looks like a trusted popular site.
What about downloading music? Harmon said his business does not recommend peer to peer-to-peer file sharing because 75 percent of files contain viruses.
Aaron Goossens, a Burke Onsite shop technician, said the most common problems he sees are Facebook gaming issues, along with viruses from large websites like Yahoo or MSN.
Be sure to check the privacy policy on any site that asks you for personal information, Harmon said. Will the site sell your email address? And check your security settings often.
Never post anything to a social networking site that “you wouldn’t put on a billboard on the road,” Harmon said. “It’s your reputation online.”
In particular, that means don’t post personal information like your birthdate, Social Security number or, Harmon noted, when you’ll be going out of town.
Using an Internet filter is a good option; it’s easy to set up and it adds a layer of protection, Harmon said. A filter can be used to block types of websites such as gambling or social networks. It is a popular option for schools and offices.
Jones said that if you’re confused about what programs to use, call a local computer store and ask the employees what antivirus, firewall and security software programs they use.
http://www2.morganton.com/news/2011/jul/11/are-you-safe-web-ar-1198677/
Thursday, June 30, 2011
Groupon loses 300,000 user details!!!!
The entire customer database of a Groupon subsidiary in India has been leaked and indexed by Google.
Sosasta.com exposed the database by mistake which included usernames and passwords for customers of the group buying website.
The company informed customers of the breach by email and advised them to change passwords.
It said financial information was not exposed.
"We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your Sosasta password immediately," it said in a email.
"You should know that we are working aggressively to prevent this from happening again. Sosasta takes security and privacy very seriously."
Groupon said in a statement that Sosasta runs a separate platform and is not connected to the Groupon Australian site.
Sydney security researcher Daniel Grzelak discovered the database indexed by Google and contacted Risky.Biz which reported the incident.
Copyright © SC Magazine, Australia
Sosasta.com exposed the database by mistake which included usernames and passwords for customers of the group buying website.
The company informed customers of the breach by email and advised them to change passwords.
It said financial information was not exposed.
"We wanted to let you know that the issue has been brought under control and your accounts are secure. However, as a precautionary measure, we recommend that you change your Sosasta password immediately," it said in a email.
"You should know that we are working aggressively to prevent this from happening again. Sosasta takes security and privacy very seriously."
Groupon said in a statement that Sosasta runs a separate platform and is not connected to the Groupon Australian site.
Sydney security researcher Daniel Grzelak discovered the database indexed by Google and contacted Risky.Biz which reported the incident.
Copyright © SC Magazine, Australia
Monday, June 6, 2011
Monday, May 30, 2011
Linux Now 20 yrs !!!!
Twenty years ago this summer, Linus Torvalds made a bold decision to share his operating system with the world. Not long after that, he chose to license it under the General Public License. Nothing in computing has been the same since.
In fact, today Linux is the largest collaborative development project in the history of computing, which means that the 20th Anniversary of Linux is an opportunity for the community to come together in celebration of this great success story and in collaboration on how it will define the next 20 years of Linux.
DNT SAY YOU ARE NOT USING LINUX.. Today there is no one can live without linux ..!!!!
Today Linux is literally everywhere: in your phone, at your ATM, in your TV, on your desktop, at the movies, in your car, and in more places
Where else : Google, Twitter and Facebook .... Android OS
Who is behind this
http://en.wikipedia.org/wiki/Linux_Torvalds
http://en.wikipedia.org/wiki/Richard_Stallman
In fact, today Linux is the largest collaborative development project in the history of computing, which means that the 20th Anniversary of Linux is an opportunity for the community to come together in celebration of this great success story and in collaboration on how it will define the next 20 years of Linux.
DNT SAY YOU ARE NOT USING LINUX.. Today there is no one can live without linux ..!!!!
Today Linux is literally everywhere: in your phone, at your ATM, in your TV, on your desktop, at the movies, in your car, and in more places
Where else : Google, Twitter and Facebook .... Android OS
Who is behind this
http://en.wikipedia.org/wiki/Linux_Torvalds
http://en.wikipedia.org/wiki/Richard_Stallman
Thursday, May 19, 2011
Sample Spam Mail !!!!!
From: YAHOO CUSTOMER SERVICE
Subject: Yahoo Warning!!! Inactive Account Confiscation Notice
To:
Date: Thursday, 19 May, 2011, 12:52 AM
Dear Yahoo Customer,
Due to congestion and upgrading of YAHOO NETWORK, all active subscribers/users are oblige to confirm his/her E-mail account login registration info below for upgrading service within 96hrs, all inactive un-confirmed accounts will automatically suspended from Yahoo network.
FILL THE INFORMATION CORRECTLY TO AVOID YOUR ACCOUNT BEING SUSPENDED.
Click the reply button to submit your account login registration info
Confirm Your Identity
Yahoo! ID: .........................................
Password: .........................................
Your Birthday: ..................................
Your Country or Territory: ...................
Enter the letter from the Security Image :
Registration Verification Code
Warning!!! Subscriber whoes account is not updated before two weeks of this notification will lose his/her account.
Subject: Yahoo Warning!!! Inactive Account Confiscation Notice
To:
Date: Thursday, 19 May, 2011, 12:52 AM
Dear Yahoo Customer,
Due to congestion and upgrading of YAHOO NETWORK, all active subscribers/users are oblige to confirm his/her E-mail account login registration info below for upgrading service within 96hrs, all inactive un-confirmed accounts will automatically suspended from Yahoo network.
FILL THE INFORMATION CORRECTLY TO AVOID YOUR ACCOUNT BEING SUSPENDED.
Click the reply button to submit your account login registration info
Confirm Your Identity
Yahoo! ID: .........................................
Password: .........................................
Your Birthday: ..................................
Your Country or Territory: ...................
Enter the letter from the Security Image :
Registration Verification Code
Warning!!! Subscriber whoes account is not updated before two weeks of this notification will lose his/her account.
Wednesday, May 18, 2011
ISI Major hacked INDIAN ARMY Officer's E-mail
A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many sensitive documents, intelligence sources said. Ali has been named by India in the list of 50 'most wanted' terrorists sheltered by Pakistan for involvement in the Mumbai attacks conspiracy,
The news of the hacking was given to Indian probe agencies by the FBI, which was then interrogating Mumbai attack accused David Coleman Headley. The US agency told the CBI Ali had been accessing an Indian Army officer's rediffmail account from the ISI headquarters.
The hacked account was traced to Major Shantanu De of 21 Bihar Regiment, who was at that time posted in the Andamans. De's computer was seized and scrutinised jointly by the Intelligence Bureau, National Investigation Agency and the Military Intelligence.
What was baffling was that his computer and e-mail had more than 4,000 sensitive documents - some of them marked 'secret' and 'top secret'-which he was not supposed to be in possession of, leading to suspicions of espionage on part of Major De.
While the joint investigation cleared De, it came to light how an innocuous posting of his own photograph in uniform in the social networking site Orkut with his various details made him the ISI's target.
He had collected the documents out of interest and also to prepare for his departmental exams that were slated for September 2010.
De has since been demoted after being held guilty of violating the Army's Standard Operating Procedures on cyber security.
Another of Ali's colleague in the ISI, Major Iqbal, who also figures in India's "most wanted" list, was Headley's handler for the ISI.
On April 26, a US court had also charge sheeted Major Iqbal for conspiracy in the 2008 Mumbai terror strike. Iqbal's role has also been confirmed by Headley during his confessions.
http://www.hindustantimes.com/ISI-Major-hacked-army-officer-s-mail/Article1-698006.aspx
The news of the hacking was given to Indian probe agencies by the FBI, which was then interrogating Mumbai attack accused David Coleman Headley. The US agency told the CBI Ali had been accessing an Indian Army officer's rediffmail account from the ISI headquarters.
The hacked account was traced to Major Shantanu De of 21 Bihar Regiment, who was at that time posted in the Andamans. De's computer was seized and scrutinised jointly by the Intelligence Bureau, National Investigation Agency and the Military Intelligence.
What was baffling was that his computer and e-mail had more than 4,000 sensitive documents - some of them marked 'secret' and 'top secret'-which he was not supposed to be in possession of, leading to suspicions of espionage on part of Major De.
While the joint investigation cleared De, it came to light how an innocuous posting of his own photograph in uniform in the social networking site Orkut with his various details made him the ISI's target.
He had collected the documents out of interest and also to prepare for his departmental exams that were slated for September 2010.
De has since been demoted after being held guilty of violating the Army's Standard Operating Procedures on cyber security.
Another of Ali's colleague in the ISI, Major Iqbal, who also figures in India's "most wanted" list, was Headley's handler for the ISI.
On April 26, a US court had also charge sheeted Major Iqbal for conspiracy in the 2008 Mumbai terror strike. Iqbal's role has also been confirmed by Headley during his confessions.
http://www.hindustantimes.com/ISI-Major-hacked-army-officer-s-mail/Article1-698006.aspx
Wednesday, April 20, 2011
Beware of USB flash drive's autoplay feature !!!
A white hat hacker broke into a bank and left 20 USB tokens lying around the parking lot of the bank for employees to find. When they plugged in the USB token, the Trojan backdoor was installed on the employees' computers and the hacker was into the banks network! Some employees claimed they were being helpful — trying to find the token's owner, others were curious about the token's content, still others thought they had scored a huge USB token and tried unsuccessfully to reformat the token. Unfortunately the new "U3 Technology" on these tokens prevented a hidden partition from being deleted, and it contained a remote access Trojan which installed itself by emulating a cdrom and using WinXP's Cdrom autoplay feature.
sans.org
sans.org
Monday, March 7, 2011
German Government Adopts Security Breach Notification Requirement in Telecommunications Act
The German Federal government adopted a draft law revising certain sector-specific data protection provisions in the German Telecommunications Act. The draft law addresses the implementation of data breach notification requirements in the European e-Privacy Directive by introducing a breach notification obligation for telecommunications companies.
According to the proposal, telecommunications companies must report data breaches to the Federal Network Agency (the Bundesnetzagentur or “BNetzA”), and the Federal Commissioner for Data Protection and Freedom of Information. In the event the rights or protected interests of subscribers or other persons are affected by the data breach, such individuals also must be notified without undue delay.
http://www.databreaches.net/?p=16957
According to the proposal, telecommunications companies must report data breaches to the Federal Network Agency (the Bundesnetzagentur or “BNetzA”), and the Federal Commissioner for Data Protection and Freedom of Information. In the event the rights or protected interests of subscribers or other persons are affected by the data breach, such individuals also must be notified without undue delay.
http://www.databreaches.net/?p=16957
Security Breach....
Security breach exposes personal info:
The personal information of some 31,000 faculty, staff, retirees and students at the University of South Carolina was exposed on the Internet, officials said.
The breach is the third time in two years USC has experienced a major breach of security on its computer system, The State newspaper reported.
The breach was discovered in January on a computer server at USC Sumter, but potentially affected people throughout the school's eight campuses because the information was on a shared server.
"Letters went out as soon as individuals were identified," USC spokeswoman Margaret Lamb said Friday. "There is no evidence that anyone's personal information was compromised or used improperly. USC Sumter has addressed the matter, notified the individuals and provided them guidance on how to protect their information."
Source: http://www.upi.com/Top_News/US/2011/03/06/Security-breach-exposes-personal-info/UPI-16901299431393/
The personal information of some 31,000 faculty, staff, retirees and students at the University of South Carolina was exposed on the Internet, officials said.
The breach is the third time in two years USC has experienced a major breach of security on its computer system, The State newspaper reported.
The breach was discovered in January on a computer server at USC Sumter, but potentially affected people throughout the school's eight campuses because the information was on a shared server.
"Letters went out as soon as individuals were identified," USC spokeswoman Margaret Lamb said Friday. "There is no evidence that anyone's personal information was compromised or used improperly. USC Sumter has addressed the matter, notified the individuals and provided them guidance on how to protect their information."
Source: http://www.upi.com/Top_News/US/2011/03/06/Security-breach-exposes-personal-info/UPI-16901299431393/
Sunday, March 6, 2011
Top 9 Security Threats of 2011:
1. Mobile Banking Risks
2. Social Networks and Web 2.0
3. Malware, Botnets and DDoS Attacks
4. Phishing
5. ACH Fraud: Corporate Account Takeover
6. Cloud Computing
7. Inside Attacks
8. First-Party Fraud
9. Skimming
1. Mobile Banking Risks
Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile.
Mobile banking applications from Bank of America, Chase, Wells Fargo and TD Ameritrade have all suffered from security flaws, and CitiGroup in 2009 noted vulnerabilities when it learned some banking apps stored sensitive user details in hidden files on smart phones. Until recently, functionality for mobile banking was fairly limited. But as mobile application robustness has increased, so, too, have security risks. McNelley, an analyst at Aite Group, says, "Many banks seem to be reliving all the hard lessons of the early days of online banking." Mobile malware is an emerging threat, and Zeus attacks, such as Mitmo, aimed at mobile, have already been identified.
But RSA security researcher Rivner slightly disagrees. "Mobile banking apps will not be a primary target for fraudsters," he says. Instead, he believes mobile browsing will be more targeted in the coming year, since most mobile users continue to use their online banking sites to conduct banking functions.
2. Social Networks and Web 2.0
The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking, says Rasmussen, Internet Identity's chief technology officer. "With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information," including banking login credentials and Social Security numbers, he says.
But external threats aren't the only risks. Social networking sites are also a venue for an institution's own employees to intentionally or inadvertently expose sensitive information. To mitigate internal risks of data leakage, it's important for organizations to spell out social networking policies to employees. They must know when and how to use social networks in the course of their jobs, as well as what information is/is not appropriate to share.
3. Malware, Botnets and DDoS Attacks
Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters, says RSA's Rivner. Botnet operators now see opportunity for additional income.
Even with the takedown of the Mariposa Botnet earlier this year, banking institutions are expected to face growing challenges in the fight against DDos attacks.
Attacks are also getting more sophisticated. The No. 1 banking-credential-stealing Trojan, Zeus, is used by hundreds of criminal organizations around the world, so "add-ons" are prevalent. This year alone, Zeus has been linked to some $100 million in financial losses worldwide, according to the Federal Bureau of Investigation. Rasmussen says Zeus' anonymous programmer, who launched the Trojan in 2007, is likely to come out with a new and improved Zeus variety in 2011. "There is a good chance that he will soon emerge with even more powerful ways to steal," he says.
Concerted attacks launched against online banking sites will likely make stronger authentication a necessity, says Eisen, founder of 41st Parameter. "The amount and velocity of fraud could force new and stronger authentication methods and more stringent procedures, such as dual-signatures and dual authentications," he says.
4. Phishing
Sophistication in phishing, smishing and vishing attacks also is increasing, McNelley says. "Fraudsters now create very polished messaging that targets everything from bank accounts to Amazon accounts," she says.
In fact, respondents to the recent Faces of Fraud survey say phishing/vishing attacks rank No. 3 among fraud threats.
To fight these incidents, inroads in consumer education have been made, but the social engineering techniques that have made phishing a success are now trickling down to land-line and mobile phones. "Phishing will be used as a general purpose tool that leverages a recognized brand, but doesn't try to attack them directly," Rivner says. Nonetheless, the damage to the brand's reputation (in the eyes of the victimized consumers) could be costly.
5. ACH Fraud: Corporate Account Takeover
In 2010, ACH fraud resulting in corporate account takeovers saw a dramatic increase and made for some of the year's most compelling reading. We witnessed banks suing customers and customers suing banks over the responsibility for fraud incidents and losses.
In 2011, commercial banking attacks are expected to rise, experts say, especially as man-in-middle or man-in-the-browser, also known as MitB, schemes increase.
MitB attacks targeting two-factor authentication intensified in 2010, requiring commercial banks to deploy additional lines of defense, such as out-of-band authentication, desktop hardening and anti-Trojan services. "With some gangs stealing millions from just a few victims, expect more and more criminals to pile on the 'easy money' bandwagon," Rasmussen says. As the MitB attacks get easier, less sophisticated criminals are expected to target consumer accounts, too, despite smaller returns.
6. Cloud Computing
Cloud computing is touted for its ability to curb fraud, but fraudsters are working overtime to create new threats in what Rivner calls "the Dark Cloud." He predicts fraudsters will hone their ability to exploit new and yet-unknown cloud vulnerabilities. Rivner says institutions can expect in 2011 to see cloud-targeted Trojans, like Qakbot, that focus on a geographic region and/or specific banking sectors.
But movement to the cloud is definitely on the horizon, as more financial institutions gradually warm to non-localized content management. Jeff Reich, director of the Institute of Cyber Security at the University of Texas in San Antonio, says the biggest barrier to cloud computing has been the fear of data security. Now that fear is diminishing, the use of cloud computing by banks and credit unions is expected to take off. But, like any new or emerging technology, the cloud will face challenges, Reich says.
"Cloud computing, in particular, is thought to be failsafe," he says. "People sometimes think there is no hardware involved ... and, as a result, it will never fail. So it's one thing to keep in mind: Cloud computing is not limitless. Every cloud has its own boundaries."
7. Inside Attacks
Malicious attacks or hacks are often launched inside an organization by a disgruntled employee. But the inside threat also may be posed by an outside person who uses false credentials to pose as an insider to illegally gain access to internal servers and systems.
Kirk Nahra, a privacy expert and attorney, says most compromises of internal data can be traced back to an employee. That's especially true when the information that's been compromised involves the theft of an identity. But Nahra is quick to point out that not all compromises are intentional and malicious. The problem: companies and financial institutions have not properly limited access to databases and files that contain sensitive information.
"Go into your company and do a real thorough audit or a review," he says. "Doing that kind of a survey or audit, I think, can really do a very significant job of reducing -- not eliminating, but reducing -- these problems, because it cuts down so many of the places where information just simply doesn't need to be."
WikiLeaks serves as a prime example of how insider threats can pose significant security risks. The controversy brewed when an Army private allegedly accessed and downloaded classified information that he later sent to WikiLeaks. Though the private had some security clearance, he did not necessarily have authorization to access and download the classified files he leaked.
Aite's McNelley says it's often all too easy for employees to illegally grab sensitive information. "It's the little things that lead to most internal compromises, like walking away from your desk and not locking your screen," she says. "A lot of that kind of thing slips through the cracks." Internal fraud is still one of the biggest issues in financial services, she says, especially since the embezzlement of funds and the compromise of consumer financial information is so tempting.
As RSA's Rivner points out, the challenges posed by outsiders are just as alarming, since many take aim at government and bank employees. Noting Operation Aurora as an example, Rivner says insiders can unknowingly pose threats, especially when they are targeted by sophisticated hackers. "Some of those affected were from the financial sector, which shows bank employees are a valid target for cybercriminals," he says. "At times, I see these hijacked resources communicating with the Trojan mother ship, while within the corporate firewall."
8. First-Party Fraud
First-party fraud continues to pose security challenges. Also known as "advances fraud," "bust out fraud," "application fraud," "friendly fraud" and "sleeper fraud," first-party crime typically involves a customer applying for and accepting credit with no intention of repayment. First-party fraud applicants can use synthetic identification or misrepresent their real identities.
Jasbir Anand, a senior solutions consultant and security expert at ACI Worldwide, says the British Bankers Association estimates between 10 percent and 15 percent of bad debt losses may result from first-party fraud. "Specialized criminal gangs now target financial institutions with counterfeit identification and advanced knowledge of lending practices," he says. Once an identity is established, the fraudster builds credit and applies for multiple financial products.
9. Skimming
In 2010, card skimming of all types took off, including traditional ATM skimming and new incidents at merchant point-of-sale systems and self-service gasoline pumps. Even though skimming incidents are localized, they represent a growing problem. The advent of ATM "blitz" or "flash" attacks reveals growing sophistication and coordination among counterfeit-card operations. Blitz or flash attacks involve the simultaneous withdrawal of funds from multiple ATMs in different locations, sometimes scattered throughout the world.
Avivah Litan, vice president and distinguished analyst at Gartner, says flash attacks will pose increasing challenges, since they "fly under the radar" of most fraud-detection systems. "Banks can stop it if they can figure out the point of compromise, but many have a hard time doing that with current fraud-detection solutions," she says.
The technology behind skimming is reaching new levels of sophistication, says Jeremy King, European regional director for the Payment Card Industry Security Standards Council. Fraudsters throughout the world rely more on wireless communications to transmit skimmed card data. "Improving awareness is important," King says, "and the PCI PED standard is addressing some of the global card skimming trends we are seeing."
Stronger cardholder authentication through contactless radio-frequency identification payments or contact chip technology such as EMV could address some of these emerging fraud concerns, says Chuck Somers, vice president of ATM security and systems for Diebold Inc. "Anything beyond better authentication would involve changing the whole infrastructure," Somers says.
Source: http://www.bankinfosecurity.com/
2. Social Networks and Web 2.0
3. Malware, Botnets and DDoS Attacks
4. Phishing
5. ACH Fraud: Corporate Account Takeover
6. Cloud Computing
7. Inside Attacks
8. First-Party Fraud
9. Skimming
1. Mobile Banking Risks
Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile.
Mobile banking applications from Bank of America, Chase, Wells Fargo and TD Ameritrade have all suffered from security flaws, and CitiGroup in 2009 noted vulnerabilities when it learned some banking apps stored sensitive user details in hidden files on smart phones. Until recently, functionality for mobile banking was fairly limited. But as mobile application robustness has increased, so, too, have security risks. McNelley, an analyst at Aite Group, says, "Many banks seem to be reliving all the hard lessons of the early days of online banking." Mobile malware is an emerging threat, and Zeus attacks, such as Mitmo, aimed at mobile, have already been identified.
But RSA security researcher Rivner slightly disagrees. "Mobile banking apps will not be a primary target for fraudsters," he says. Instead, he believes mobile browsing will be more targeted in the coming year, since most mobile users continue to use their online banking sites to conduct banking functions.
2. Social Networks and Web 2.0
The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking, says Rasmussen, Internet Identity's chief technology officer. "With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information," including banking login credentials and Social Security numbers, he says.
But external threats aren't the only risks. Social networking sites are also a venue for an institution's own employees to intentionally or inadvertently expose sensitive information. To mitigate internal risks of data leakage, it's important for organizations to spell out social networking policies to employees. They must know when and how to use social networks in the course of their jobs, as well as what information is/is not appropriate to share.
3. Malware, Botnets and DDoS Attacks
Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters, says RSA's Rivner. Botnet operators now see opportunity for additional income.
Even with the takedown of the Mariposa Botnet earlier this year, banking institutions are expected to face growing challenges in the fight against DDos attacks.
Attacks are also getting more sophisticated. The No. 1 banking-credential-stealing Trojan, Zeus, is used by hundreds of criminal organizations around the world, so "add-ons" are prevalent. This year alone, Zeus has been linked to some $100 million in financial losses worldwide, according to the Federal Bureau of Investigation. Rasmussen says Zeus' anonymous programmer, who launched the Trojan in 2007, is likely to come out with a new and improved Zeus variety in 2011. "There is a good chance that he will soon emerge with even more powerful ways to steal," he says.
Concerted attacks launched against online banking sites will likely make stronger authentication a necessity, says Eisen, founder of 41st Parameter. "The amount and velocity of fraud could force new and stronger authentication methods and more stringent procedures, such as dual-signatures and dual authentications," he says.
4. Phishing
Sophistication in phishing, smishing and vishing attacks also is increasing, McNelley says. "Fraudsters now create very polished messaging that targets everything from bank accounts to Amazon accounts," she says.
In fact, respondents to the recent Faces of Fraud survey say phishing/vishing attacks rank No. 3 among fraud threats.
To fight these incidents, inroads in consumer education have been made, but the social engineering techniques that have made phishing a success are now trickling down to land-line and mobile phones. "Phishing will be used as a general purpose tool that leverages a recognized brand, but doesn't try to attack them directly," Rivner says. Nonetheless, the damage to the brand's reputation (in the eyes of the victimized consumers) could be costly.
5. ACH Fraud: Corporate Account Takeover
In 2010, ACH fraud resulting in corporate account takeovers saw a dramatic increase and made for some of the year's most compelling reading. We witnessed banks suing customers and customers suing banks over the responsibility for fraud incidents and losses.
In 2011, commercial banking attacks are expected to rise, experts say, especially as man-in-middle or man-in-the-browser, also known as MitB, schemes increase.
MitB attacks targeting two-factor authentication intensified in 2010, requiring commercial banks to deploy additional lines of defense, such as out-of-band authentication, desktop hardening and anti-Trojan services. "With some gangs stealing millions from just a few victims, expect more and more criminals to pile on the 'easy money' bandwagon," Rasmussen says. As the MitB attacks get easier, less sophisticated criminals are expected to target consumer accounts, too, despite smaller returns.
6. Cloud Computing
Cloud computing is touted for its ability to curb fraud, but fraudsters are working overtime to create new threats in what Rivner calls "the Dark Cloud." He predicts fraudsters will hone their ability to exploit new and yet-unknown cloud vulnerabilities. Rivner says institutions can expect in 2011 to see cloud-targeted Trojans, like Qakbot, that focus on a geographic region and/or specific banking sectors.
But movement to the cloud is definitely on the horizon, as more financial institutions gradually warm to non-localized content management. Jeff Reich, director of the Institute of Cyber Security at the University of Texas in San Antonio, says the biggest barrier to cloud computing has been the fear of data security. Now that fear is diminishing, the use of cloud computing by banks and credit unions is expected to take off. But, like any new or emerging technology, the cloud will face challenges, Reich says.
"Cloud computing, in particular, is thought to be failsafe," he says. "People sometimes think there is no hardware involved ... and, as a result, it will never fail. So it's one thing to keep in mind: Cloud computing is not limitless. Every cloud has its own boundaries."
7. Inside Attacks
Malicious attacks or hacks are often launched inside an organization by a disgruntled employee. But the inside threat also may be posed by an outside person who uses false credentials to pose as an insider to illegally gain access to internal servers and systems.
Kirk Nahra, a privacy expert and attorney, says most compromises of internal data can be traced back to an employee. That's especially true when the information that's been compromised involves the theft of an identity. But Nahra is quick to point out that not all compromises are intentional and malicious. The problem: companies and financial institutions have not properly limited access to databases and files that contain sensitive information.
"Go into your company and do a real thorough audit or a review," he says. "Doing that kind of a survey or audit, I think, can really do a very significant job of reducing -- not eliminating, but reducing -- these problems, because it cuts down so many of the places where information just simply doesn't need to be."
WikiLeaks serves as a prime example of how insider threats can pose significant security risks. The controversy brewed when an Army private allegedly accessed and downloaded classified information that he later sent to WikiLeaks. Though the private had some security clearance, he did not necessarily have authorization to access and download the classified files he leaked.
Aite's McNelley says it's often all too easy for employees to illegally grab sensitive information. "It's the little things that lead to most internal compromises, like walking away from your desk and not locking your screen," she says. "A lot of that kind of thing slips through the cracks." Internal fraud is still one of the biggest issues in financial services, she says, especially since the embezzlement of funds and the compromise of consumer financial information is so tempting.
As RSA's Rivner points out, the challenges posed by outsiders are just as alarming, since many take aim at government and bank employees. Noting Operation Aurora as an example, Rivner says insiders can unknowingly pose threats, especially when they are targeted by sophisticated hackers. "Some of those affected were from the financial sector, which shows bank employees are a valid target for cybercriminals," he says. "At times, I see these hijacked resources communicating with the Trojan mother ship, while within the corporate firewall."
8. First-Party Fraud
First-party fraud continues to pose security challenges. Also known as "advances fraud," "bust out fraud," "application fraud," "friendly fraud" and "sleeper fraud," first-party crime typically involves a customer applying for and accepting credit with no intention of repayment. First-party fraud applicants can use synthetic identification or misrepresent their real identities.
Jasbir Anand, a senior solutions consultant and security expert at ACI Worldwide, says the British Bankers Association estimates between 10 percent and 15 percent of bad debt losses may result from first-party fraud. "Specialized criminal gangs now target financial institutions with counterfeit identification and advanced knowledge of lending practices," he says. Once an identity is established, the fraudster builds credit and applies for multiple financial products.
9. Skimming
In 2010, card skimming of all types took off, including traditional ATM skimming and new incidents at merchant point-of-sale systems and self-service gasoline pumps. Even though skimming incidents are localized, they represent a growing problem. The advent of ATM "blitz" or "flash" attacks reveals growing sophistication and coordination among counterfeit-card operations. Blitz or flash attacks involve the simultaneous withdrawal of funds from multiple ATMs in different locations, sometimes scattered throughout the world.
Avivah Litan, vice president and distinguished analyst at Gartner, says flash attacks will pose increasing challenges, since they "fly under the radar" of most fraud-detection systems. "Banks can stop it if they can figure out the point of compromise, but many have a hard time doing that with current fraud-detection solutions," she says.
The technology behind skimming is reaching new levels of sophistication, says Jeremy King, European regional director for the Payment Card Industry Security Standards Council. Fraudsters throughout the world rely more on wireless communications to transmit skimmed card data. "Improving awareness is important," King says, "and the PCI PED standard is addressing some of the global card skimming trends we are seeing."
Stronger cardholder authentication through contactless radio-frequency identification payments or contact chip technology such as EMV could address some of these emerging fraud concerns, says Chuck Somers, vice president of ATM security and systems for Diebold Inc. "Anything beyond better authentication would involve changing the whole infrastructure," Somers says.
Source: http://www.bankinfosecurity.com/
Tuesday, March 1, 2011
Monday, February 28, 2011
Night Dragon or Red Herring !!!
Night Dragon or Red Herring?
TAP into Smart Protection Network
Targeted Attack Prevention is a key component of the Trend Micro Smart Protection Network
In the wake of the recently published report about Night Dragon, Trend Micro wants to assure its customers that they are already protected from the attack.
Following analysis, based on the Smart Protection Network, we know that this incident has not compromised the security of any Trend Micro customer.
The most recent enquiry regarding malicious files and compromised web servers associated with the incident, was raised to us back in early January. This was dealt with swiftly, since then we have had no reports or inbound calls regarding possible infections, only inquiries into our protection. Additionally, Smart Protection Network has not registered any notable detection related to the event for email, web or file threats.
Summary of Protection:
1. Compromised WebPages directing users to malicious web servers in this attack: Web Reputation is blocking the malicious domains and WebPages
2. Spear-Phishing emails with links to malicious web servers: Web reputation is blocking the emails using Secure Click and access to the malicious web servers
3. Malware infecting machines: File reputation includes signatures to detect the malicious files associated with this attack
4. Compromised machines communicating with outside servers controlled by hackers: Web reputation blocks the communication to these servers
Additionally Deep Security will mitigate the initial attack vectors viz. SQL injection and dropping the malware/RAT tools on to the web server.
The DPI rules that should be configured and deployed are as follow:
• 1000608 - Generic SQL Injection Prevention (already available)
This rule may require configuration and will block SQL injection attacks.
• 1003025 - Web Server Restrict Executable File Uploads (Already available)
This rule blocks all executable file uploads to the web server when deployed.
• 1004596 - Detected Night Dragon Network Communication (Expected availability today)
This emergency security update is to issue a specific DPI rule to detect network communication between hosts compromised as part of the “Night Dragon” attack and the CnC servers.
Smart Protection Network contains Targeted Attack Prevention technology designed to proactively identify and mitigate events such as this, so that they never become an issue for our Customers networks. Therefore, we do not view Night Dragon as a major threat incident, because our customers are not affected by the event.
Attacks such as this are notable and on the increase. Already in 2009, Raimund Genes predicted that targeted attacks would be on the increase. In recognition of this fact, we already developed technology able to stop targeted attacks before they become a problem.
Targeted attacks regularly employ Spear-Phishing as a key component. Trend Micro advises all Security specialists to ensure their corporate end users are well versed on this type of attack tool to help protect themselves effectively.
For detailed technical information regarding Night Dragon, please view our Web Attacks entry http://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=REMOSH+Hacktool+Used+in+Targeted+Attack
Opportunities
1. Part of this attack was compromising a customer’s web servers. This is an opportunity to discuss Deep Security as a prevention tool which can block a hacker from attempting to compromise their web servers.
2. Malware infections: Opportunity to discuss File reputation and why faster deployment of updates is needed in the case of a targeted attack.
3. TMS - Threat Discovery and Threat Mitigator will minimize their attack surface and risks associated with a targeted attack.
4. PSP - As targeted attacks become more prevalent on larger organizations, they need a security partner who can support them quickly and effectively to mitigate their risks associated with the attack.
TAP into Smart Protection Network
Targeted Attack Prevention is a key component of the Trend Micro Smart Protection Network
In the wake of the recently published report about Night Dragon, Trend Micro wants to assure its customers that they are already protected from the attack.
Following analysis, based on the Smart Protection Network, we know that this incident has not compromised the security of any Trend Micro customer.
The most recent enquiry regarding malicious files and compromised web servers associated with the incident, was raised to us back in early January. This was dealt with swiftly, since then we have had no reports or inbound calls regarding possible infections, only inquiries into our protection. Additionally, Smart Protection Network has not registered any notable detection related to the event for email, web or file threats.
Summary of Protection:
1. Compromised WebPages directing users to malicious web servers in this attack: Web Reputation is blocking the malicious domains and WebPages
2. Spear-Phishing emails with links to malicious web servers: Web reputation is blocking the emails using Secure Click and access to the malicious web servers
3. Malware infecting machines: File reputation includes signatures to detect the malicious files associated with this attack
4. Compromised machines communicating with outside servers controlled by hackers: Web reputation blocks the communication to these servers
Additionally Deep Security will mitigate the initial attack vectors viz. SQL injection and dropping the malware/RAT tools on to the web server.
The DPI rules that should be configured and deployed are as follow:
• 1000608 - Generic SQL Injection Prevention (already available)
This rule may require configuration and will block SQL injection attacks.
• 1003025 - Web Server Restrict Executable File Uploads (Already available)
This rule blocks all executable file uploads to the web server when deployed.
• 1004596 - Detected Night Dragon Network Communication (Expected availability today)
This emergency security update is to issue a specific DPI rule to detect network communication between hosts compromised as part of the “Night Dragon” attack and the CnC servers.
Smart Protection Network contains Targeted Attack Prevention technology designed to proactively identify and mitigate events such as this, so that they never become an issue for our Customers networks. Therefore, we do not view Night Dragon as a major threat incident, because our customers are not affected by the event.
Attacks such as this are notable and on the increase. Already in 2009, Raimund Genes predicted that targeted attacks would be on the increase. In recognition of this fact, we already developed technology able to stop targeted attacks before they become a problem.
Targeted attacks regularly employ Spear-Phishing as a key component. Trend Micro advises all Security specialists to ensure their corporate end users are well versed on this type of attack tool to help protect themselves effectively.
For detailed technical information regarding Night Dragon, please view our Web Attacks entry http://about-threats.trendmicro.com/RelatedThreats.aspx?language=us&name=REMOSH+Hacktool+Used+in+Targeted+Attack
Opportunities
1. Part of this attack was compromising a customer’s web servers. This is an opportunity to discuss Deep Security as a prevention tool which can block a hacker from attempting to compromise their web servers.
2. Malware infections: Opportunity to discuss File reputation and why faster deployment of updates is needed in the case of a targeted attack.
3. TMS - Threat Discovery and Threat Mitigator will minimize their attack surface and risks associated with a targeted attack.
4. PSP - As targeted attacks become more prevalent on larger organizations, they need a security partner who can support them quickly and effectively to mitigate their risks associated with the attack.
Tuesday, February 1, 2011
ATM skimmers don't even have to be on the ATM
Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN.
Unfortunately, sometimes even that is not enough to prevent the fraudsters, and the worst part of it is that they continually think of new ways of stealing your credit and debit card data.
A type of attack that can't be detected by ATM users because there's nothing off on the machine or close enough to it to make them suspicious has been pointed out by Brian Krebs. According to him, criminals have devised a very clever tactic - one that is usually employed to steal the information from users who prefer to use the ATMs located in the antechamber of a bank or building lobby.
Access to these machines is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card through it.
Regrettably, crooks have devised a way to add a skimmer to these locks, so that when the customers perform the action, it records the cards' information. And odds are that customers won't even check to see if there's something suspicious about the lock.
When the customers finally access the ATM, those of them who don't take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above an ATM - which they assume is there to allow them to see if someone is standing behind them.
An instance of this type of attack has been recorded all the way back in 2009, when a customer of a bank in California discovered the camera behind the mirror above one of the two ATMs in the lobby of the bank. It turns out that the criminals put an "Out of Order" sing on the other ATM to force the customers to use only the one that was covered by the camera.
Zeijka Zorz, HNS News Editor
Unfortunately, sometimes even that is not enough to prevent the fraudsters, and the worst part of it is that they continually think of new ways of stealing your credit and debit card data.
A type of attack that can't be detected by ATM users because there's nothing off on the machine or close enough to it to make them suspicious has been pointed out by Brian Krebs. According to him, criminals have devised a very clever tactic - one that is usually employed to steal the information from users who prefer to use the ATMs located in the antechamber of a bank or building lobby.
Access to these machines is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card through it.
Regrettably, crooks have devised a way to add a skimmer to these locks, so that when the customers perform the action, it records the cards' information. And odds are that customers won't even check to see if there's something suspicious about the lock.
When the customers finally access the ATM, those of them who don't take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above an ATM - which they assume is there to allow them to see if someone is standing behind them.
An instance of this type of attack has been recorded all the way back in 2009, when a customer of a bank in California discovered the camera behind the mirror above one of the two ATMs in the lobby of the bank. It turns out that the criminals put an "Out of Order" sing on the other ATM to force the customers to use only the one that was covered by the camera.
Zeijka Zorz, HNS News Editor
Wednesday, January 26, 2011
Cyber crime rising sharply in India !!!!
http://timesofindia.indiatimes.com/tech/news/internet/Cyber-crime-rising-sharply-in-India/articleshow/7341258.cms
NEW DELHI: With the ever
increasing population of netizens in the country, the
number of cyber-crimes in the country is also rising sharply, says data
released by the National Crime Records Bureau ( NCRB) for 2009.
Under the Information Technology Act, a total of 420 cases
such as hacking computer systems or forging digital signatures were reported in
2009, while the figure was 142 in 2006.
Predictably, 97 of the 420 cases were reported from
Karnataka, the state which has the IT hub of the country as its capital.
Of the 420 cases, hacking ruled the roost with 233 cases,
closely followed by 139 offences relating to pornography. The 2006 figures for
both offences were 74 and 88, respectively.
A total of 107 hackers were arrested in 2009 as against 41
in 2006. Similarly, 141 people were booked for pornography-related violations
in 2009, whereas the figure was 125 in 2006. The total arrests in cyber crimes
have also gone up from 154 in 2006 to 288 in 2009.
Cities like Bangalore, Ahmedabad, Delhi, Ludhiana, Pune, among
others, reported high incidence of cyber crime cases under the IT act with a
total of 145 of the 178 cases - accounting for more than three-fourths of the
total cases.
Meanwhile, a total of 276 cases were registered under the
Indian Penal Code (IPC) during 2009 as compared to
176 such cases during 2008, an increase of 56.8 per cent. Maharashtra
reported the maximum cases at 108 followed by Chhattisgarh with 46 cases.
Majority of the crimes of total 276 cases fell under two
categories -- forgery and criminal breach of trust or fraud.
More than 47 per cent of the offenders involved in forgery
cases in 2009 were in the age group of 18 to 30. Nearly 50 per cent of the
arrested under cyber fraud offences were in the age group 30 to 45.
Under the IPC, Nasik reported the highest incidents with 68
cases followed by Mumbai with 35 cases. A total of 263 people were arrested in
the country for cyber crimes under IPC during 2009.
NEW DELHI: With the ever
increasing population of netizens in the country, the
number of cyber-crimes in the country is also rising sharply, says data
released by the National Crime Records Bureau ( NCRB) for 2009.
Under the Information Technology Act, a total of 420 cases
such as hacking computer systems or forging digital signatures were reported in
2009, while the figure was 142 in 2006.
Predictably, 97 of the 420 cases were reported from
Karnataka, the state which has the IT hub of the country as its capital.
Of the 420 cases, hacking ruled the roost with 233 cases,
closely followed by 139 offences relating to pornography. The 2006 figures for
both offences were 74 and 88, respectively.
A total of 107 hackers were arrested in 2009 as against 41
in 2006. Similarly, 141 people were booked for pornography-related violations
in 2009, whereas the figure was 125 in 2006. The total arrests in cyber crimes
have also gone up from 154 in 2006 to 288 in 2009.
Cities like Bangalore, Ahmedabad, Delhi, Ludhiana, Pune, among
others, reported high incidence of cyber crime cases under the IT act with a
total of 145 of the 178 cases - accounting for more than three-fourths of the
total cases.
Meanwhile, a total of 276 cases were registered under the
Indian Penal Code (IPC) during 2009 as compared to
176 such cases during 2008, an increase of 56.8 per cent. Maharashtra
reported the maximum cases at 108 followed by Chhattisgarh with 46 cases.
Majority of the crimes of total 276 cases fell under two
categories -- forgery and criminal breach of trust or fraud.
More than 47 per cent of the offenders involved in forgery
cases in 2009 were in the age group of 18 to 30. Nearly 50 per cent of the
arrested under cyber fraud offences were in the age group 30 to 45.
Under the IPC, Nasik reported the highest incidents with 68
cases followed by Mumbai with 35 cases. A total of 263 people were arrested in
the country for cyber crimes under IPC during 2009.
Wednesday, January 19, 2011
Subscribe to:
Posts (Atom)