by adam on November 23, 2011
in SBN
Over the previous few days, our research team here at GFI has noticed an uptick in bank phishes winding up in a few of our spam traps. This particular scam is unique in that it comes with an html file attachment which leads to a form that attempts to steal from the unsuspecting victim all types of identifying information from the standard pin and password to their Driver’s License number and even a (fake) description of the last transaction made on the account.
As of this posting, we have seen e-mails targeting Bank of America and SunTrust customers and surely more will follow.
As always, please be wary of e-mails from banking institutions asking for identifying information. When in doubt, call the official phone number listed on the back of your credit card or the known customer service line for your bank.
So, while "fish" was likely a
staple eaten during the days of the pilgrams, we here in the lab are going to stick to good ol' turkey this year.
Stay safe,
Robert Stetson
Malware Research Team
by adam on November 23, 2011
in SBN
Over the previous few days, our research team here at GFI has noticed an uptick in bank phishes winding up in a few of our spam traps. This particular scam is unique in that it comes with an html file attachment which leads to a form that attempts to steal from the unsuspecting victim all types of identifying information from the standard pin and password to their Driver’s License number and even a (fake) description of the last transaction made on the account.
As of this posting, we have seen e-mails targeting Bank of America and SunTrust customers and surely more will follow.
As always, please be wary of e-mails from financial institutions asking for identifying information. When in doubt, call the official phone number listed on the back of your credit card or the known customer service line for your bank.
So, while “fish” was likely a staple eaten during the days of the pilgrams, we here in the lab are going to stick to good ol’ turkey this year.
Stay safe,
Robert Stetson
Malware Research Team
by adam on January 24, 2010
in SBN
After more than 5 years, nearly 3,300 posts, and 6,300 comments on Movable Type, we're migrating the blog to WordPress on a new host.
If you see the cranes, you're looking at the last post on the old blog host. Please be patient, DNS will update and we hope everything will work on the new host.
Photo: "Sandhill Cranes on Staten Island" by Justin Kelley.
by adam on January 23, 2010
in SBN
The CBC
Quirks and Quarks podcast on "
The 10% Solar System Solution" is a really interesting 9 minutes with
Scott Gaudi on how to find small planets far away:
We have to rely on nature to give us the microlensing events. That means we can't actually pick and choose which stars to look at, and we can't actually pick what times to look at. So the best suited telescopes are those telescopes we can use at anytime that are located throughout the globe so that it's dark somewhere. And so we use a lot of amateurs, actually we don't use, we work with a lot of amatuers who have their own telescopes, relatively small telescopes, .3 meters, .4 meters in their backyard which they can use anytime they want. We call them up when we see a microlensing event happening that we think might be interesting and we ask them to get data for us. In fact in many cases they've gotten crucial data for us which has helped to discover a micro-lensing event.
What's most amazing to me is how useful it is to have small parts loosely coupled, each pursuing their own interests. What emerges is, quoting Gaudi again:
One of our amatuers, Jenny McCormick who works in New Zealand and has her own observatory which she calls Farm Cove Observatory has said "It just goes to show: you can go out there you can work full time, you can be a mother and you can still find planets."
Photo:
The ESO Telescopes, by Paul Browne
by adam on January 21, 2010
in SBN
Apparently,
corporations and unions can now spend unlimited funds on campaign advertisements. I'm hopeful that soon the Supreme Court will recognize that people are people too, and have the same free speech rights as corporations.
Maybe, too, the Court will recognize that Congress may not limit the right of people to freely associate, and perhaps even pool their money in support of ideas or candidates they like.
by adam on January 18, 2010
in SBN
The New York Times is reporting that there's a "
Deep Discount on Space Shuttles ," they're down to $28.8 million. But even more exciting than getting one of the 3 surviving monstrosities is that the main engines are free:
As for the space shuttle main engines, those are now free. NASA advertised them in December 2008 for $400,000 to $800,000 each, but no one expressed interest. So now the engines are available, along with other shuttle artifacts, for the cost of transportation and handling.
So NASA, can I borrow the launchpad and send it to LEO?
by adam on January 14, 2010
in SBN
- Ed Hasbrouck on "Lessons from the case of the man who set his underpants on fire"
- A Canadian woman who's been through the new process is too scared to fly. "Woman, 85, ‘terrified’ after airport search." Peter Arnett reported
"'It became necessary to destroy the town to save it,' a TSA major said today. He was talking about the decision by allied commanders to shock and awe the public regardless of civilian casualties, to rout al Qaeda."
- Ethan Ackerman on risks of ionizing radiation, via Froomkin, but also see Technology Review, "How Terahertz Waves Tear Apart DNA."
- TSA has been telling us that the machines "can't" record you naked, while ordering machines that can. See EPIC Posts TSA Documents on Body Scanners. TSA responded, and Ed Hasbrouck responds TSA lies again.
- The EU is objecting to new US rules, and the Pirate Party of Berlin is protesting them.
- If you want to see why they're protesting, watch this not safe for work video, "Body scanner, with detailed genitalia reporting"
- There's a well worth reading article by Paul Campos in the Wall St. Journal, "Undressing the Terror Threat:"
I'm not much of a basketball player. Middle-age, with a shaky set shot and a bad knee, I can't hold my own in a YMCA pickup game, let alone against more organized competition. But I could definitely beat LeBron James in a game of one-on-one. The game just needs to feature two special rules: It lasts until I score, and when I score, I win.
We might have to play for a few days, and Mr. James's point total could well be creeping toward five figures before the contest ended, but eventually the gritty gutty competitor with a lunch-bucket work ethic (me) would subject the world's greatest basketball player to a humiliating defeat.
The world's greatest nation seems bent on subjecting itself to a similarly humiliating defeat, by playing a game that could be called Terrorball. The first two rules of Terrorball are:
- The game lasts as long as there are terrorists who want to harm Americans; and
- If terrorists should manage to kill or injure or seriously frighten any of us, they win.
by adam on January 8, 2010
in SBN
The lead of
this story caught my eye:
(CNN) -- Legislatures in all 50 states, the District of Columbia, Guam, the Virgin Islands and Puerto Rico met in 2009, leading to the enactment of 40,697 laws, many of which take effect January 1.
That's an average of 753 laws passed in each of those jurisdictions. At 200 working days in a year, which is normal for you and me, that's nearly 4 laws per day.
Now, there's a longstanding principle of law, which is that ignorance of the law is no excuse. That goes back to the day when laws, like the code of Hammurabi, were inscribed at a rate of about 4 letters per day. The laws were posted in the city center where both of the literate people could read them.
Joking aside, at what point does knowledge of the law become an unreasonable demand on the citizenry? Civil rights lawyer Harvey Silvergate has a new book, "Three Felonies a Day: How the Feds Target the Innocent. I haven't read it, but as I understand, it's largely about the proliferation of vague laws, not the sheer numbers.
A few years back, Aleecia McDonald and Lorrie Cranor calculated the cost of reading and understanding the privacy policies of the sites you visit. It was $365 billion. It might be interesting to apply the same approach to the work of legislatures.
by adam on January 5, 2010
in SBN
by adam on January 4, 2010
in SBN
A few weeks ago, I joined the SearchSecurity team (Mike Mimoso, Rob Westervelt and Eric Parizo) to discuss the top cybersecurity stories of 2009. It was fun, and part 1 now available for a listen:
part 1 (22:58), part 2 is still to come.
"
