Posts tagged as:
Anonymous has struck again in one of its most outrageous and daring hacks ever -- the loose-knit group of worldwide hackers became participants in a cross-country, cross-Atlantic conference call between branches of the FBI and Scotland Yard.
{ Comments on this entry are closed }
Many outlets, amongst them the Wall Street Journal report today that the Anonymous hacker group ‘intercepted’ a conference call held by the FBI and Scotland Yard.
WASHINGTON—The Federal Bureau of Investigation said cybercriminals hacked into a cybercrime conference call between its agents and law enforcement officials overseas.
[...]The FBI said the breach wasn’t made on the agency’s secure email or other computer systems. Instead it appeared to be result of a law enforcement officer overseas who was invited to be on the FBI call and who forwarded the information to his private email account, which was compromised by hackers.
So, the meeting invite was in an email, containing conference call number and access code, and it was sent to a private email account outside of the agency networks.
Lesson: don’t forward internal/sensitive/not-for-the-public-eye-classified information outside of your company/agency/internal network. This is a classic case of DLP – Data Loss Prevention.
{ Comments on this entry are closed }
FBI Director Robert Mueller told the U.S. House Permanent Select Committee on Intelligence this week that cyberthreats will equal or surpass the threat from counterterrorism in the relatively near future.
{ Comments on this entry are closed }
In response to recent reports that malicious apps may have made their way into the official Android Market, Google has responded by announcing a new program to more proactively scan the Market and developer accounts for seemingly malicious apps and highlights and/or remove them before users experience trouble.
Traditionally, the barriers of entry for developers in the Android ecosystem have been low to get their apps placed in the official Market. This was by design, allowing Android to sprint past other smartphone platforms in adoption rates, since many apps that users wanted were likely to be there before they hit other platforms. The downside is that app authors choosing to bundle malicious, or borderline malicious apps had an easier time with distribution.
By contrast, the iPhone ecosystem represented a more closed, vetted, and more expensive environment for developers to launch their apps. This resulted in steady growth, but the more rigid process of an app making it to their official App Store deterred the more unsavory app developers from spending the extra effort to circumvent controls. In short, it was easier to spread bad things, or borderline bad things on the Android smartphones.
The new effort, called Bouncer, aims to silently scan the marketplace for rogue and borderline apps, largely transparently to the user. When a new app upload is attempted by the developer, Bouncer will do a preliminary scan to determine whether it acts malicious, or borderline.
Hiroshi Lockheimer, VP of Engineering, Android, explains in his blog on the subject that the effort “provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.”
Bouncer aims to run each app in a simulated cloud-base environment to watch for malicious activity. It will also scan for changes in existing apps. If it detects an app has changed, it will red flag it for scanning, keeping existing apps (hopefully) more malware-free. Additionally, developers exhibiting a pattern publishing malicious apps may be blacklisted. Is it working? In the second half of 2011, Mr. Lockheimer says “we saw a 40% decrease in the number of potentially-malicious downloads from Android Market,” so progress seems positive.
With an estimated 11 million apps available for Android, and a year-over-year growth rate of 250% according to Mr. Lockheimer, there’s a lot of scanning to be done. But this also speaks toward the success and ubiquity of the platform, and perceived value to users. In that department, Android has done quite well indeed.
{ Comments on this entry are closed }
The Super Bowl, the much-hyped championship American pro football game, will be broadcast this Sunday night to an estimated 200 million people. Any major sporting event from the Australian Open to the World Cup brings out scammers hoping to cash in on the excitement. The most popular ways to separate you from your money are by peddling knock-off team jerseys, counterfeit memorabilia, and fake game tickets.
This past year, Homeland Security officials and officers from U.S. Customs and Border Protection conducted a national sweep of stores, flea markets and street vendors looking for counterfeit goods. Operation Fake Sweep collected $4.8 million worth of counterfeit jerseys, ball caps, and T-shirts. Ahead of this weekend’s Super Bowl, authorities said they seized nearly 42,000 phony Super Bowl sportswear items and merchandise worth $5 million. Fake jerseys can be bought for about $80 each. But according to nflshop.com, authentic jerseys cost between $150 and $300.
The Better Business Bureau (BBB) warns about buying counterfeit team merchandise and tickets online. They have found fake websites that appear to sell merchandise but are fronts for collecting credit card numbers and personal information which could lead to identity theft or drained bank accounts. The best way to ensure that you get official sports gear is to buy directly from the team or league websites, or from official vendors at the stadium.
The BBB also warns that buying tickets online can be a rip-off. Thousands of Super Bowl tickets are currently listed on craigslist, but the site offers no guarantees of any kind and does not require identification of its listers. Buying in person isn’t always an improvement, since scammers can fake tickets.
The Department of Transportation (DOT) is warning consumers about the possibility of Super Bowl tour package scams – specifically, scams that appear to promise game tickets, but fail to produce. DOT cautions travelers that if a game ticket is not specifically mentioned in advertisements or other solicitation material or listed as a tour feature, the ticket is probably not included. Fans should carefully review travel packages advertised online and make sure tickets and accommodations are fully guaranteed.
In general, avoid scams by being skeptical of:
A good way to gauge the trustworthiness of any website is to take a look at the avast! WebRep rating. The rating icon in located beside the address bar in your browser. Click on it to see the overall rating and to add your own rating.
{ Comments on this entry are closed }
Sifting through 2,000 documents released by a U.S. Securities and Exchange Commission (SEC) filing back in October 2011, news-gathering organization Reuters has uncovered a dangerous hack of VeriSign that was kept quiet, if not secret, for more than two years.
{ Comments on this entry are closed }
The European Commission, the executive branch of the European Union (EU), is seeking to revise its 10-year-old rules and regulations and proposing stringent new data protection guidelines that some say would adversely affect American business.
{ Comments on this entry are closed }
Privacy and security issues have generated a lot of criticism of Facebook in the past, some of which has been published here on the ESET Threat Blog. So it is only fair that we give Facebook credit for positive steps it has taken on the security front. One security measure that has impressed me recently is Login Approvals, a feature which improves your ability to protect your Facebook account from persons with less than honorable intentions.
When you activate Login Approvals and Login Notifications on your Facebook account–using the steps listed below–you are required to give a name to any device you use to access Facebook. This enables Facebook to notify you whenever a new device logs into your Facebook account, using an email like this:
In this case, I was setting up Facebook access on my new Kindle Fire tablet. As you can see, I was doing this in San Diego on New Year's Day. Note that Facebook provides a link to click if you do not recognize the device as one you have approved. The approval of a new device requires a one-time security code that Facebook sends to your mobile phone as a text mesage. Here's what that looked like on my iPhone (yes, that's my dog in the background).
To register the Kindle Fire as an approved device on my Facebook account I had to enter the code from the SMS message when prompted to do so by Facebook on the Kindle.
In computer security we call this technique "out of band authentication" because credentials are supplied through a different communication channel or band from the system to which you are authenticating. While out of band authentication is not impossible to defeat, it adds a significant hurdle to someone trying to compromise your acount.
Suppose I had received the email above but did not recognize the device name and/or location. I would then be able to investigate what was happening and take steps to protect my account (you can choose to get notifications via email or SMS or both).
Setting up Login Approval on Facebook is relatively straighforward once you know it is there. The only prerequisite is that you have a mobile phone registered to your Facebook account (something you can do in your Account Settings). The following diagram shows you the steps required to activate Login Approvals. After activation you will be prompted to approve each of your devices the next time you use them to access Facebook. You should also make sure that the Login Notifications setting is also enabled. 
{ Comments on this entry are closed }
In an attempt to derail a huge $40 billion deal by Australian firm BHP Billiton Ltd. to buy Potash Corp., of Saskatchewan, hackers based in Chi
{ Comments on this entry are closed }
Last year, the Egyptian government shut down the Internet for 5 days during the anti-government protests. Last week, some websites on the Internet voluntarily blacked out to protest SOPA. What would happen if the whole Internet went black? Scientists thought it could happen this week.
The massive solar storm that bombarded Earth’s magnetic field Tuesday morning caused minor disruptions to spacecraft and power grids, and airline flights were rerouted to avoid downtime in radio communications. Scientists speculated that if the angle of the electromagnetic burst would have been different, we may have experienced a major power failure like one that happened in a 1989 solar storm. Six million people in Quebec lost electricity then, and the effects were felt through many parts of the continental U.S. because of the inter-connectivity of the power grids. This storm was much stronger.
What would it be like if we lost the Internet for an extended amount of time? For many businesses it would be catastrophic. But on a personal level, it would be freeing. Certainly, communication would be different. If I want my friends to know my status, I actually have to talk to them. Commerce would look differently too. If I needed to buy something, I would have to visit the bank to withdraw money and then go to the store to make my purchase. Knowledge would still be at my fingertips, but I would have to look in a book to find it. And if I wanted to watch the humorous antics of a funny kitty, I would have to go over to my mom’s house to see Jasmine the cat push her catnip toy across the floor. It actually doesn’t sound like too bad of a day.
What would you miss the most if the Internet disappeared? How would your life change? Share your thoughts on our Facebook page.
{ Comments on this entry are closed }
