Saturday, September 16, 2017

Phishing scam tells you your Facebook account is suspended

Here's the most recent phishing scam.  You get repeated emails telling you to restore your Facebook account with one click.  It comes from "facebookmail dot com".

So just log in to Facebook yourself and check for yourself.  

Another scheme is to misspell Facebook and take you to a survey page.  

Monday, September 11, 2017

More sophisticated phishing scheme pretends to warn of invalid overseas iTunes purchases

There is a clever phishing scheme now where the attacker sends an email that purports to be from Apple advising you of an overseas purchase of a game from iTunes for about $50.  There is a PDF of the receipt and a link to challenge it.  Previously, there may have been another email without attachments advising of the purchase. If you run the cursor over the sender, it doesn't have Apple in the domain name.

This scheme is a little more complex than a lot of them.  You can forward it to "reportphishing" at  

Friday, September 08, 2017

More concerns about Kaspersky and Russia in NY Times

The New York Times has an article today, “The Cyber Insecurity Company”, or with online title, “The Russian company that is a threat to our security”.  That’s Kaspersky Labs.

Best Buy and Geek Squad today favor Trend Micro, but before they have bounced between Webroot and Kaspersky. But the article notes that companies that use Kaspersky will have their networks exposed to servers in Russia.

That probably doesn’t matter to home users, no matter how paranoid you are about Putin or Ukraine or Chechnya.  But it would matter to most international companies, or to anyone that keeps user PII on his servers. 

DOD is no longer allowed to use Kaspersky.   

Thursday, August 31, 2017

FDA issues warning about pacemaker vulnerability to hackers

Now, if a threat "From Russia without Love".
The FDA has issued an alert concerning 465,000 pacemakers because of a software vulnerability, which could endanger patients. WJLA has the story here.

The FDA's own firmware update page is here.

It takes a visit to a cardiologist's office to get the firmware updated.

Pacemakers can prevent sudden death from cardiac arrest in people with certain arhythmias.

Friday, August 25, 2017

Op-ed in WSJ argues expansion of the Safety Act of 2002 to expand ransomware defenses

Brian Finch has a disturbing op-ed in the Wall Street Journal, p. A15, Thursday, Aug. 22, 2017, link.  Finch writes “while a systematic cataclysm is possible, targeted hacks against businesses do more harm.”
The writer says that even poorly written ransomware attacks can damage whole businesses, even large ones.  He argues that the Safety Act of 2002, which provides liability protections to companies that take up defensive strategies, should be expanded. 

Businesses are more vulnerable to phishing than many individuals, because attackers can emulate the actual business trademarks in their headers. 

Wednesday, August 23, 2017

Cell phone numbers get stolen to empty virtual wallets

The New York Times reports on thefts of phone numbers by people calling major telecom providers and finding vulnerable agents. 

The usual targets are people with large virtual wallet accounts, often in digital currency, who have talked about it in social media. 

It seems as once virtual money is stolen this way, it cannot be recovered, as it usually can for a little while with a bank account.

There are proposals that virtual wallet transactions need more time delay.

The New York Times has a story Tuesday by Nathaniel Popper, here 

Tuesday, August 22, 2017

Most modern laptops, tablets, phones and storage now seem immune to magnetic disturbance

I’ve written on this blog before (July 28) that individuals and small businesses should consider making optical backups (CD’s) as well as Cloud and regular disk copies, but I may have “spake” too soon (even in a message to Webroot).  It looks like modern flash drives (which are now in the last laptops instead of ordinary harddrives) have very little vulnerability to magnetism.  Here’s the article by Simon Hill on Digital Trends.  This may be relevant to the debate on the damage that can be done by enemy electronmagnetic pulse (EMP).

I’ve wondered if living very close to electric utility transmission towers could affect electronics (because of induced magnetic fields) but it does not appear so.

But users really should buy only the Single Layer Cell drives, which are the fastest and the most expensive, but you get what you pay for here  (Datarecovery article).  They last much longer.  It’s like diamond needles vs/ Sapphire playing vinyl.
Companies and even homes should pay attention to the possibility that environmental hazards could affect defibrillators or life-saving equipment, or in some cases people with pacemakers (NIH).

Update: September 3

I've watched a video that does confirm the idea that the E1 stage of an electromagnetic pulse from a nuclear explosion could affect solid state electronics (as in  car or modern phone or computer) even though ordinary magnets do not.  I will have to check on this further (and talk to Geek Squad).  This is a developing story.  The E3 phase (which also happens with solar storms) will not normally harm home electronics.