Wednesday, January 28, 2009

Conficker May Take Over Yor PC - Here we go again!

The news this week is not good. But then it rarely is when it comes to Internet and computer security.

A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be.

In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world. Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys.
You can read more on the web by Googling this topic.

So, the best we can offer is update your Windows patches for this worm (hint: they are not working because Microsoft no longer seems to have a clue what they are doing) and pray real hard.

Friday, January 23, 2009

BarackBerry



Obama to get spy-proof smartphone

  • Report: Security officials approve $3,350 smartphone for Barack Obama
  • Obama was an inveterate BlackBerry user during his campaign
  • Security concerns that e-mail could be hacked, or GPS used to locate president
  • Phone capable of encrypting voice conversations, handling classified documents

(CNN) -- Self-confessed BlackBerry addict President Barack Obama may not have to kick the thumbing habit after all, despite the concerns of a notoriously technophobic White House.

"The president has a BlackBerry," White House Press Secretary Robert Gibbs said Thursday, clearing up weeks of speculation about whether President Obama would be able to hold on to a cherished method of communicating.

The decision to allow Obama to keep a smartphone is "a compromise that allows him to stay in touch with senior staff and a small group of personal friends," Gibbs told the media in his first press conference since the inauguration.

"Use will be limited and the security is enhanced to ensure his ability to communicate but to do so effectively," Gibbs also said. "And to do so in a way that is protected."

The press secretary refused to provide more details about the new president's device, already being called the "BarackBerry."

The Sectéra® Edge™ (video) smartphone converges secure wireless voice and data by combining the functionality of a wireless phone and PDA — all in one easy-to-use handheld device. Developed for the National Security Agency’s Secure Mobile Environment Portable Electronic Device (SME PED) program, the Sectéra Edge is certified to protect wireless voice communications classified Top Secret and below as well as access e-mail and websites classified Secret and below. The Sectéra Edge is the only SME PED that switches between an integrated classified and unclassified PDA with a single key press.

Wednesday, January 21, 2009

State ID Theft Laws.

State ID theft laws from the conference of state legislatures

http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm


Find your state and check out the new laws. It is very important to be mindful of state laws AS WELL as the federal laws which I blogged earlier.

These change very few months so keep up with this.

Federal id theft laws UPDATE

The following is a refresher on identity theft laws at the USA federal level. Check each state for separate state laws or check our book for further discussion.

Sunday, January 18, 2009

New and Tougher Authentication in Cyberspace

Yup we are now finally facing the reality. Cyberspace is utterly NOT secure and our current system for giving access to sites - passwords - is largely a joke. Here is the latest thinking:

SAN FRANCISCO — License plates may be coming to cyberspace.

A government and technology industry panel on cyber-security is recommending that the federal government end its reliance on passwords and enforce what the industry describes as “strong authentication.”

Such an approach would probably mean that all government computer users would have to hold a device to gain access to a network computer or online service. The commission is also encouraging all nongovernmental commercial services use such a device.

“We need to move away from passwords,” said Tom Kellermann, vice president for security awareness at Core Security Technologies and a member of the commission that created the report.
You can get the full and grim details in a report of advice to Pres Obama on how to proceed - Securing Cyberspace for the 44Th President.

So be aware that if government can't secure it's sites you, I, and grandma need to be extra careful!

Monday, January 12, 2009

Technology can’t prevent Identity Theft

The Wall Street Journal recently published an article (LINK HERE) explaining the problems that exist when we depend on technology to solve social problems. It is a good article and has links to some of the more famous identity theft attacks that have happened recently, including the Barrack Obama twitter hijack listed below. It even lists some of the more basic criminal tactics I have never really classified as identity theft such as

1) Impersonating parking lot attendants to collect fees
2) Impersonating garbage men to collect tips
3) Impersonating people like policemen, security guards and meter readers

The reason I bring this article up, is it reminds me of a white paper I read for my technical review as part of my preliminary exam. The paper was titled “Detecting Social Engineering” and it talked about this method which would allow a computer to analyze a phone conversation and determine if one of the two callers is not telling the truth.

The first way of doing this, comparing the information received to information in a database made sense, but the second method used “natural language processing techniques” to determine if a person is lying. This piece was the part where I felt it start to go into a fairy tale. I find it hard to believe that there is software that can take a text conversation and pick out what are lies in it. Computers don’t have the ability to “think” like humans (yet) and until they do, they can’t be expected to solve a human problem.

I believe the solution to problems such as Identity Theft or Social Engineering do not lie solely in technology or human education, but is some combination of both.

Nate Evans

Labels: , , ,

Friday, January 09, 2009

Data Breach - RBS WorldPay

In this videocast I share with you a letter I received from RBS WorldPay with a RE: title of "IMPORTANT NOTICE ABOUT YOUR PERSONAL INFORMATION". The letter begins by telling me how I am one of many involved in a massive data breach within RBS WorldPay.

The following is a direct quote from the letter. Remember, this is a letter I personally received.
___________________________________________________________________
RE: IMPORTANT NOTICE ABOUT YOUR PERSONAL INFORMATION
.
Dear Michael:
.
We are writing to inform you about a situation involving your personal information. We are investigating fraudulent activity as a result of unauthorized access to our system. Information such as your name, address, telephone number, date of birth, Social Security number, and financial account information may have been inappropriately accessed by an unauthorized person.
.
Our internal security professionals and outside experts are working with law enforcement authorities to investigate the situation. We are taking steps to help ensure that this type of event does not happen again.
.
What we are doing to protect your information:
.
We are offering you a complimentary one-year membership in XXXXXXXXX, a national subscription credit monitoring service that ...
____________________________________________________________________________________

Please view my videocast to hear my take on this letter.

http://www.youtube.com/watch?v=KgMzPI4SdWE

Second video of 2009

Labels: , , , , ,

Monday, January 05, 2009

Twitter Hack

"This morning we discovered 33 Twitter accounts had been "hacked" including prominent Twitter-ers like Rick Sanchez and Barack Obama (who has not been Twittering since becoming the president elect due to transition issues). We immediately locked down the accounts and investigated the issue. Rick, Barack, and others are now back in control of their accounts."
You can read more for a while on the Twitter site:

http://blog.twitter.com/2009/01/monday-morning-madness.html


We have said it before and repeat now. Passwords are a crummy way of doing Internet security. People forget their passwords and then contact the site to get a new password. the bad guys can do this to your account too! BUT, this NEW hack was completely different from this problem!

From Twitter:
The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure.
So what should YOU do?

Don't put anything important on these sites. Don't tell people where you are, that you are drunk and naked, and that you have a bunch of cash with you! Be very careful when you answer "official" e-mail messages. Pray a lot.

Thursday, January 01, 2009

2009 Videocast Series

We wanted you all to be aware of a new video series that we at Identity Theft Prevention Institute ( www.stolendata.bogspot.com ) are going to start on a weekly basis in 2009. The series will cover current events, comparison's, interviews with industry experts, and what our subscribers are asking for.

If you are interested in a specific interview with a person, write us or email us and we will see what we can do.

12/31/2008 Video 1

http://www.youtube.com/watch?v=xCRsTZfpshQ


See you in a week.

Labels: , , , , , ,

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft