Scary article about potential …
Scary article about potential security bomb dropping on April 1. “Conficker” trojan horse. Do read: http://bit.ly/PDw5B
Every parent of tweens+ read t…
Every parent of tweens+ read this RT @starbulletin: Local Teenage girl lured over Internet http://tinyurl.com/bv8ny8
Make sure your twitter passwor…
Make sure your twitter password is strong. accounts getting hacked. http://bit.ly/R5wwn
WORM ALERT: Getting suspicious…
WORM ALERT: Getting suspicious friend requests on FB? Watch out if you’re invited to view a video. http://bit.ly/7RKDA
When was the last time you verified your anti-virus software?
[audio:ycm-freeAv.mp3] When was the last time you verified your A/V sofware?When was the last time you verified your anti-virus software is up to date? I get emails from people all the time that get infected with viruses. Folks, don’t let this happen to you. A ruined computer is no fun. If you’re a Road Runner subscriber, you can get free anti-virus software so you’ve got no excuse!
No firewall? You’ve already been broken into
Listen to this TipIf you have a high speed Internet connection and you don’t have a firewall, there’s a good chance that your computer has already been broken into. Firewalls allow you to safely get online yet protect your network from outsiders. If you don’t have a firewall, go get one right now and make sure it has wireless networking, or wifi, built in so that you can connect other devices.
Subscribe to the Podcast and automatically download new video and audio tips as they come!
Got Acrobat 7.0? Get Patch.
Adobe Systems rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and in Adobe Acrobat 7.0 and 7.0.1. From Infoworld:
According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.
Get your update from:
http://www.adobe.com/support/downloads
Your credit card number: it’s everywhere you don’t want it to be
You should call your bank/credit card company and find out if your card was one of the ones recently stolen. This CNET article left me shaking my head for a few reasons:
The data security breach, possibly the largest to date, happened because intruders were able to exploit software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, MasterCard International spokeswoman Jessica Antle said. The program captured credit card data, she said.
“install rogue program” is code-word for “some dumb*ss let a trojan horse get installed”.
The probe also found that the Atlanta-based payment processor did not meet MasterCard’s security regulations. CardSystems held onto records that it should have discarded, and it stored transaction data in unencrypted form, Antle said.
Now, whose fault is it that CardSystems continued (and continues) to operate? I caught a GMSV article quoting CEO John Perry that they retained all those excess records for “research” purposes? Research on what? To sell to whom? WTF!
MasterCard declined to disclose more information on the breach, citing an ongoing investigation by the FBI.
Oh, that’s nice. How convenient.
The data processor’s Web site runs on Microsoft’s Windows 2000 operating system and IIS Server 5.0, which has fueled speculation that its other set-ups may also be Microsoft-based.
So, what, did they forget to install a service pack or “security” update?
Now comes the really scary part:
MBNA, one of the largest U.S. credit card issuers, said it has received information from CardSystems about exposed customer accounts. The company won’t contact the individuals affected but is keeping a close eye on the compromised accounts, said Jim Donahue, an MBNA spokesman.
Well, isn’t that special? They won’t even tell their customers that their cards have been stolen. Is that to protect the innocent, help the FBI, or just not have to deal with freaking out their customers because they’ve contracted with a loser organization?
Lest we think that CardSystems is the only loser in the group let me remind you:
Two weeks ago, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. …data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.
Clearly, a new way of doing this has to be done. We simply can’t trust that those that hold the data can responsibly treat it.
Call your bank.
Watch out for administrator emails suspending your accounts
I just caught this article on Infoworld about a variant on the Mytob worm.
This one poses as a system administrator warning you that your account will be cancelled. As with any other emails with attachments and directions to open the attachment, DON’T DO IT.
And of course, NEVER, EVER open ANY attachments (even if they are from your mother who just called you saying she’s sending you an attachment) if they end in .bat, .cmd, .exe, .pif or .scr. This little bugger might also come as a .zip file too which is normally OK but in this case it’s not.
Make sure your anti-virus definitions are up to date and be careful.
Don’t get fooled by phishes
Want to see a video demonstration of this tip?
Checkout the video for a step-by-step demonstration!
Somebody asked me:
“I recently received an email notifying me that my account with Ebay had been suspended and I had to fill out a form to re-activate it. They asked for all kinds of personal information. Is this legit?”
I’m sorry to say that you’ve been the victim of what’s known as “Phishing” which is a new, dangerous breed of spam. This spam doesn’t ask you to buy anything, but rather warns you about having your account canceled unless you fill out a form. The official-looking form asks you the deepest, most personal information such as mother’s maiden name, social security number, bank account number numbers, bank card PIN access codes, and the like.
Of course what really happens is that this information goes to a thief who proceeds to take all the money out of your bank account and uses your credit cards to go on a shopping spree. Disclosing this kind of personal information gives someone else everything they need to completely steal your identity and perhaps cause a lot more damage than “just” stealing your money; for example, a criminal that gets arrested can use give out your identity instead. Suddenly, you have a criminal record!
How can you avoid becoming a victim of a Phish? Here’s a super-easy way: If you get an email that warns you of an account being canceled, don’t click on any of the links in the email under any circumstances, no matter how legitimate they may seem. Instead open up a new browser window and go ahead and log into your account using your known user name and password. If your account is truly in danger of getting canceled, the Web site will repeat the warning and tell you how you can recover from it.
Today’s Internet-connected world brings fantastic productivity but you must always be vigilant about scams like Phishes. It’s sad to say but you just can’t trust email these days, especially emails that “smell like a Phish”. But the good news is if you just don’t click on that link, and instead open a new browser window, you can easily avoid becoming another victim of identity theft.
Subscribe to the Podcast and automatically download new video and audio tips as they come!