Tuesday, October 17, 2017

"Krack" attack can compromise WPA2 wi-fi security


Rapid7 has reported a serious security flaw in wi-fi routers in homes and businesses that would appear when external enemies are in close proximity, such as in adjacent apartments, hotels, or public wi-fi connections.

Alyssa Newcomb on NBC News reports on it as the "Krack Attack".  It bypasses WPA2 standards.

Users should apply forthcoming Windows and Max fixes and firmware from router companies as soon as possible,  Firmware usually gets updated be restarting a router once a week. 

Thursday, October 05, 2017

Phishing attacks try to intercept real estate sales with wire fraud


Persons approaching purchase of property in real estate transactions should become wary of phishing attacks that submit wire transfer instructions which turn out not to be from the real title company.

People should only wire money to accounts that they can confirm separately really to belong to the title company. 

Monday, October 02, 2017

Bluetooth security vulnerabilities are reported


Webroot is warning users of the risks of Bluetooth devices as possibly attracting hackers, as in this article   Webroot advises users to turn off devices when not in use.  This appears to apply to wearable devices, which could provide a portal for hacking personal information from phones.

  

I’ve noticed that the Microsoft Action Center, on at least one computer, recommends resinstalling a Bluetooth driver after the Creators’ Update of Windows 10.  But there don’t seem to be any symptoms.  I wonder if this relates to the same possible vulnerability. 

Saturday, September 16, 2017

Phishing scam tells you your Facebook account is suspended


Here's the most recent phishing scam.  You get repeated emails telling you to restore your Facebook account with one click.  It comes from "facebookmail dot com".

So just log in to Facebook yourself and check for yourself.  

Another scheme is to misspell Facebook and take you to a survey page.  

Monday, September 11, 2017

More sophisticated phishing scheme pretends to warn of invalid overseas iTunes purchases


There is a clever phishing scheme now where the attacker sends an email that purports to be from Apple advising you of an overseas purchase of a game from iTunes for about $50.  There is a PDF of the receipt and a link to challenge it.  Previously, there may have been another email without attachments advising of the purchase. If you run the cursor over the sender, it doesn't have Apple in the domain name.

This scheme is a little more complex than a lot of them.  You can forward it to "reportphishing" at apple.com  

Friday, September 08, 2017

More concerns about Kaspersky and Russia in NY Times


The New York Times has an article today, “The Cyber Insecurity Company”, or with online title, “The Russian company that is a threat to our security”.  That’s Kaspersky Labs.

Best Buy and Geek Squad today favor Trend Micro, but before they have bounced between Webroot and Kaspersky. But the article notes that companies that use Kaspersky will have their networks exposed to servers in Russia.


That probably doesn’t matter to home users, no matter how paranoid you are about Putin or Ukraine or Chechnya.  But it would matter to most international companies, or to anyone that keeps user PII on his servers. 


DOD is no longer allowed to use Kaspersky.   

Thursday, August 31, 2017

FDA issues warning about pacemaker vulnerability to hackers


Now, if a threat "From Russia without Love".
The FDA has issued an alert concerning 465,000 pacemakers because of a software vulnerability, which could endanger patients. WJLA has the story here.

The FDA's own firmware update page is here.

It takes a visit to a cardiologist's office to get the firmware updated.

Pacemakers can prevent sudden death from cardiac arrest in people with certain arhythmias.

Friday, August 25, 2017

Op-ed in WSJ argues expansion of the Safety Act of 2002 to expand ransomware defenses


Brian Finch has a disturbing op-ed in the Wall Street Journal, p. A15, Thursday, Aug. 22, 2017, link.  Finch writes “while a systematic cataclysm is possible, targeted hacks against businesses do more harm.”
  
The writer says that even poorly written ransomware attacks can damage whole businesses, even large ones.  He argues that the Safety Act of 2002, which provides liability protections to companies that take up defensive strategies, should be expanded. 

Businesses are more vulnerable to phishing than many individuals, because attackers can emulate the actual business trademarks in their headers. 

Wednesday, August 23, 2017

Cell phone numbers get stolen to empty virtual wallets


The New York Times reports on thefts of phone numbers by people calling major telecom providers and finding vulnerable agents. 

The usual targets are people with large virtual wallet accounts, often in digital currency, who have talked about it in social media. 

It seems as once virtual money is stolen this way, it cannot be recovered, as it usually can for a little while with a bank account.

There are proposals that virtual wallet transactions need more time delay.


The New York Times has a story Tuesday by Nathaniel Popper, here 

Tuesday, August 22, 2017

Most modern laptops, tablets, phones and storage now seem immune to magnetic disturbance


I’ve written on this blog before (July 28) that individuals and small businesses should consider making optical backups (CD’s) as well as Cloud and regular disk copies, but I may have “spake” too soon (even in a message to Webroot).  It looks like modern flash drives (which are now in the last laptops instead of ordinary harddrives) have very little vulnerability to magnetism.  Here’s the article by Simon Hill on Digital Trends.  This may be relevant to the debate on the damage that can be done by enemy electronmagnetic pulse (EMP).

I’ve wondered if living very close to electric utility transmission towers could affect electronics (because of induced magnetic fields) but it does not appear so.

But users really should buy only the Single Layer Cell drives, which are the fastest and the most expensive, but you get what you pay for here  (Datarecovery article).  They last much longer.  It’s like diamond needles vs/ Sapphire playing vinyl.
  
Companies and even homes should pay attention to the possibility that environmental hazards could affect defibrillators or life-saving equipment, or in some cases people with pacemakers (NIH).



Update: September 3

I've watched a video that does confirm the idea that the E1 stage of an electromagnetic pulse from a nuclear explosion could affect solid state electronics (as in  car or modern phone or computer) even though ordinary magnets do not.  I will have to check on this further (and talk to Geek Squad).  This is a developing story.  The E3 phase (which also happens with solar storms) will not normally harm home electronics. 

Tuesday, August 15, 2017

DOJ requests IP addresses of visitors to Innauguration Day protest site


A shared hosting provider DreamHost (which specialized in Wordpress) has resisted a federal DOJ demand for the IP addresses of over 1.3 million visitors to a website “DisrruptJ20.org” set up to coordinate violent protests against President Donald Trump on Inauguration Day in Washington DC.  Ellen Nakashima has the detailed story in Economy and Business in the Washington Post on Tuesday August 15, 2017 here. The company is resisting those demands. 

  

It’s not clear how much protection https would offer, although it would prevent investigators from seeing what had been viewed.  But this the sort of situation that has led the Electronic Frontier Foundation to suggest that users learn to use TOR, even in the U.S.  

It's possible for people to be implicated in crimes using evidence from browser visits.  I don't know whether this could go further, monitoring behavior of people who might be believed to present s future threat, like to minors.  Even visits to certain Facebook pages could be interesting to some investigators, even in civil situations.



Update: Aug. 24

A federal judge in Los Angeles has ordered DreamHost to provide email addresses (probably IP addresses) of visitors to Disruptj20.org, Washington Post story by Keith Alexander here.

Here is Disruptj20's appeal to the public.

Monday, August 14, 2017

Techie who stopped WannaCry arrested for earlier hacking activity, which may have been legitimate


Marcus Hutchins, the 23-year-old Brit who helped stop WannaCry with a  kill switch, has been arrested y the FBI for supposed participation in spreading Trojan Horse Kronos  malware (from 2014-2015) through phishing or Word documents that can compromise bank accounts, story    This earlier activity is unrelaed to WannaCry.


But activity researching malware could be confused with actually spreading it.  US hacking laws are set up in such a way that prosecution for legitimate research is possible.  This sounds a bit like the “downstream liability” debate.
  

Hutchins was arrested at a conference in Las Vegas. 

Thursday, August 10, 2017

2-step verification: there are controversies within


There is controversy over which sub-method for two-step verification is safer.  Is sending an SMS message, common with Google and banks, and simpler for many users, less safe that an authentication app which does not require another message over the Internet?


Security Stack Exchange provides a detailed discussion from 2016 here
  
Ars Technica also reports on a special app for 2-step verification for Whats App, and the user rules are quite strict.


Tuesday, August 08, 2017

Conventional wisdom on complicated passwords changes


Here’s an interesting piece challenging the conventional wisdom on password security in the Wall Street Journal , by Robert McMillan.

The piece does not recommend forcing people to use special characters and random combinations of numbers and letters, upper and lower case, and to change passwords often. The problem is that when people change them, they don’t change them enough.
  
The other idea is that you don’t need to change a password unless you have reason to believe it is compromised. 

Monday, August 07, 2017

Phishing emails appeal to job skills I've never said I have


Here's another interesting phishing scam.  Emails that say they are interested in my "selling background".  How many times have I said that I am nor a huckster?  I've never sold insurance or mortgages.  I've worked on the IT systems supporting them.

Oh, maybe I'm treating "sales" and trolling consumers (which is how you generate leads) beneath my dignity.

There are also reports of a phishing scam imitating the Better Business Bureau.

I've also gotten one phish claiming a "relative" is in jail overseas/ 

Saturday, August 05, 2017

Odd dns link seems to try to load with some Wordpress pages in Windows 10 Creators Update ("incapdns")


I’m noticing odd behavior of my Wordpress blogs in Windows 10 Creators Update environment.
When I go to a specific page, in Chrome or Firefox (so far), sometimes the page tries to load from “incapdns.net”, which seems to be some ad-serving network judging from Google searches. Yet the blog post right now does not serve ads. It is conceivable that it comes from am embedded YouTube video which does have ads.

I’ve messaged Trend Micro to ask if this is acceptable behavior. A full scan does not find malware.
The Trend security report shows no problems.

I’ve also noticed that in Windows 10 Creators Update the sound can fail and YouTube will not play, and the problem clears with a Restart.

Update:

Apparently I get the same result on another computer with an earlier version of Windows 10.  Will try Windows 7, MacOS tomorrow.

I'm wondering now if this has to do with BlueHost's  "add-on" structure for hosting accounts.  This may be the domain that converts the physical url's to logical one's with dns resolution.  This process could eventually prove useful in a strategy to implement "https everywhere".

But I had found some negative links about the site online and sites that claimed to remove it.

Monday, July 31, 2017

Comcast Business gives another reason not to pay ransomware


Comcast Business is advising customers never to pay ransom for "ransomware" attacks, because often files are merely "deleted" but not encrypted, and can be recovered.  Here's the article from today.

Here is US Cert's latest on Petya, link.

Friday, July 28, 2017

Home users and small businesses may want to consider protecting their digital data storage from EMP attacks (which can be local)


I’ve mentioned this before, but I thought this is an opportune time to reinforce the idea that small business and home users need to rethink more their strategy in protecting their own data.
  
We’ve certainly heard a lot about novel ransomware attacks this spring, but for the most part home users and small businesses were not affected, because large businesses are more easily impersonated bt attackers (especially overseas).  But another danger is physical attack which could include knocking out the power grids and electronics.


The recoverability of power is a controversial topic, but the US certainly is vulnerable in its inability to replace transformers quickly (or even transport them).  But another issue is that EMP electromagnetic pulses (which don’t require nuclear blasts – there are microwave flux weapons, not well known, that can do this in smaller areas) can destroy electronics, including modern auto ignition systems and data on hard drives and thumb drives.  Furthermore, cloud backup services could be compromised.  No one has written much on how well major data storage services (or publishing platforms or hosting companies) can secure their facilities from electronic damage from pulse-type weapons. 

Users could consider making optical CD backups of critical data as well as building or acquiring special “Faraday” cage devices. CD backups were more popular a decade ago than they are now. 
  
The military has these today, and I suspect major financial institutions have them.  But little has been written yet my mainstream media sources.  It needs attention.  

The 2009 novel "One Second After" depicts the pileups on an Interstate in North Carolina when most car ignitions fail suddenly.  Frankly, there is suddenly more attention to this idea because of North Korea's threat, which James Woolsey says can be launched from a satellite today.

As far as I know, coronal mass ejections from solar storms do not cause this threat to devices, even though they can short out power grid transformers. .


Thursday, July 20, 2017

Cell phone "smishing"


Here's a warning from Fortune (also on NBC Nightly News tonight) about smart phone smishing scams.

I have yet to get one that I recall.  But you should not respond to unexpected SMS financial messages;  you should go into the financial institution's website yourself (just as with email phishing).

And a few of these scams can infect phones with malware. 

Wednesday, July 12, 2017

Verizon contractor leaves 14 million cellular customer records open to compromise, but no evidence of actual misuse so far


Media reports indicate a breach in the data records of up to 14 million international Verizon customers, including pin data, because a company that facilitates customer service calls left certain intermediate data not properly secured.
 
The Verge has a news story here.

But there is no evidence that any data has actually been taken, but it is impossible to prove that it wasn’t.  That’s why strict audit trails and access control and elevation integrity are important to data centers.
 
These kinds of lapses were quite common in the mainframe world until the early 1990s.

Friday, July 07, 2017

Facebook phishing scam based on former Friend who is deceased


 Be careful of a new Facebook scam. I just got an email Friend request from a former Facebook friend who has deceased. The FB email was spoofed but there was no request on my account. This seems like another kind of phishing scam, possibly on deceased persons.
 
Be aware also that misspellings of "Facebook" can take you to phony imitation sites that ask for surveys and then connect you to FB (or go into an endless loop, requiring restart).

I have found that I attract a number of people from poor countries as Friends.  This may be related to my blogging about immigration and asylum issues.  Sometimes there are requests for money, help with employment, medical expenses, or charities (or even coming to the U,S., which will not be legal right now -- immediate ICE detention).  Obviously it is normally very difficult to determine which if any of these requests are genuine.


 

Thursday, July 06, 2017

Milo's first printing sells out, already tempting "Dangerous" phishing scams. Always check your account on Amazon yourself.


Here's a word to the wise.  Milo Yiannopolous's next book "Dangerous" sold out in its first printing (100,000) and my Amazon order wasn't soon enough to be in the first stock.  OK, I ordered Kindle as a stop-gap for $2.99.  But then I get a fake message saying it has shipped, and to click for directions.

So I go to the Amazon site, and see it still hasn't shipped.

So "Dangerous" may have invited some phishing scams already.  

Wednesday, June 28, 2017

Pentagon may be prohibited from doing business with Kaspersky, Moscow-based security software popular on home computers in the U.S.


The U.S. Senate is considering a bill prohibiting the Pentagon from doing business with Moscow-based Kaspersky labs, NBC News story.

Geek Squad has often sold Kaspersky, and I have used it on at least two Windows computers. Kaspersky seems to be one of the most pro-active companies in warning about possibly dangerous websites.  It also tends to give amateur sites lower safety ratings than do many other companies.



Update: July 23

The Washington Post reports on local governments using Kaspersky in an article July 23 by Jack Gillum and Aaron C. Davis, link here .

Tuesday, June 27, 2017

Major ransomware attack spreads from Ukraine, related to Petya/eternal blue, locks up boot drive rather than individual files, Microsoft may have patch already


Here is the New York Times story on the latest ransomware attack, called “Petya”, which seemed to spread quickly from the Ukraine this morning   It is also related to a malware scheme of hacking tools called “eternal blue”.

So far, a few American companies, including pharmaceuticals and one law firm, and smaller hospitals have been affected.

Trend Micro has a detailed writeup as of 12:30 PM today.

Heavy.com has a detailed story.

It is not clear if users who had installed previous Microsoft vulnerability patches are protected.

It is not clear if the latest Microsoft systems are less vulnerable.  It also spreads through Port 445 (for Microsoft shares).  This virus seems to affect master boot records rather than encrypting files.

 The Microsoft page published today June 27 says that Windows Defender Antivirus removes the threat so it should not be hard for all antivirus companies to do this.

Malware Tech has a good explanation that novices can understand, here.

Eweek has a self-innoculation idea of creating a file called perfc, no extensions or content, in Windows\folder (story).


Thursday, June 22, 2017

Curious phishing email from "Apple-ID" imposter when i walk into an Apple store for a Genius Bar consultation


Just as I checked in an Apple store for genius bar support for an issue I have with my passwords, I got a phishing email from “Apple ID” claiming I had just purchased “Clash of C;ans”, “Box of Gems”.  

There were no credit card transactions in my accounts matching this purchase.

Apple was perplexed, saying this was a phishing email and is checking into the security issue.

Saturday, June 17, 2017

Phishing trojan in Microsoft documents has mouseover vulnerability


Trend Micro reports a version of malware possible in Microsoft documents (specifically PowerPoint) where infection is possible merely by passing a cursor over a link in the document without clicking it.

It’s called OTLARD/Gootkit.  It seems to be spread mainly by phishing attacks to companies where employees are likely to be fooled by official-looking emails.  

Friday, June 16, 2017

iPhone popup malvertising adware claims I have "4 Virus", tries to sell fake removal software


Today, while visiting a Guardian article on anti-gay attitudes in Indonesia on my iPhone6, I kept getting popup urging me to download anti-virus softeare and claiming my phone was “28.1% infected” by the “4 Virus”.  It claimed I had visited adult web sites (I hadn’t).  That’s a dangerous claim. That could be related to other malware claiming you have child pornography.



Note the misuse of the Google trademark, also.



It’s a little concerning because I had popups turned off.  It happened only on this site, and I deleted the cache and cookies afterward.

Interesting article is here,  Here’s something more directly related.

Friday, June 09, 2017

Facebook scam claims the service is no longer free, demands a Ponzi payment


I had an incident Thursday where a Facebook “Friend” who seemed to live in a violence-prone area of the southern Philippines messaged me claiming that Facebook would no longer be free and that I had to pay into some Ponzi scheme.  The message was in poor English.
 
This is another obvious scam to be aware of.  I did report it, but Facebook has not responded directly.

Wednesday, June 07, 2017

WannaCry now has a chain-letter Ponzi scheme implementation


Now, there is a version of ransomware in the “WannaCry” family that aims at creating a Ponzi scheme,  The target can get her data back and avoid paying the ransom if she infects at least two other computers  It really sounds like the ultimate chain letter, or multi-level marketing scheme.  Always Be Closing, indeed.

Or, to get your data back, become a criminal, "like us".  Break the law.  Resist???
 
Sheea Frenkel has the Business Day story in the New York Times today, link here.

Tuesday, June 06, 2017

CERT warns of SNMP vulnerability for workplaces


DHS Cert in Pittsburgh is warning of a vulnerability in SNMP, Simple Network Management Protocol, which can be compromised to again unauthorized access to network devices.

This is not as likely to affect individuals or very small businesses, as larger organizations.  It would be possible to target a particular employee, for example, for blame.  So this advisory sounds more like a workplace issue.
 


That reminds me of the warning back in the early 1980s at a credit reporting company that associates must always sign off when not at the terminals and keep passwords secret, and could be terminated for misuse of their accounts by others.
 
Workplaces also have a problem in that spammers may imitate the employer’s trademarks and look in phishing attacks that would not work against home users.

Tuesday, May 30, 2017

Mortgage company sites get hacked, siphoning payments from homeowners with phishing schemes


The FBI Office in Minneapolis is warning consumers about “mortgage phishing”.  Before closing, a mortgage company’s database is hacked and the criminals send phishing emails to accept payment, with a fake website and emails to fool the consumer into believing she is paying the mortgage company.

NBC News has the story here.

Back in 2000, I was paid a settlement from Texas that was stolen this way, but I got repaid anyway.

Sunday, May 21, 2017

Be wary of Facebook friend requests from existing friends


Be wary of Facebook friend requests from people who are already friends.

Kim Komando has a page on the problem here , and WJLA-TV will have a story about it Monday night, May 22.

There have been cases of people creating duplicate fake profiles to divert friend requests. 
Fake requests could also solicit personal information.

A fake profile of someone could be used as a ploy to call for money, claiming a need for bail or arrest in a foreign country.  That’s a common scam.  In my case, my friends would probably be very suspicious.

I had one fake make of mine a few months ago (with no posts) which a friend (who knows my books well) reported and it was deleted by Facebook before I found out about it.  She said it had happened to her once and that it is a fairly common scam, probably from overseas hackers.  



Update:  May 24

Sinclair Broadcasting's ABC affiliate WJLA 7-on-your-side has a video on the problem, aired May 22, here

Friday, May 19, 2017

Property insurance companies start to cover ransomware, sometimes bundled with home and auto; is this always a good idea?


NBC News is reporting that several insurance companies, including AIG (from 2008) are offering new cyberinsurance, against identity theft and specifically ransomware losses. The story and video are here.

Homeowners’ policies today often cover identity theft now, but the ransomware payments and recovery seems to be new.   Usually this coverage has to be requested as an add-on endorsement for about $100 a year.

Bundling cyberinsurance with property insurance (auto and home) in umbrella (“rain shield”) insurance may not always be in the best interest of consumers.  It could lead to companies’ being nosey about consumer online reputation and habits.  This does not need to complicate covering your home from a tornado or car from a drunk driver.

The report mentioned threats against consumer cloud accounts (maybe bogus, by phishing). Consumers should always watch their bank and investment accounts online diligently. And don't click on attachments or links from sources you don't know.  Verify that the mail really came from (or would come from) the company in the header.  There is such a thing as safe computing. 

Thursday, May 18, 2017

New covert malware attempts to mine for bitcoin on your computer


There are reports of a new “invisible” malware, It’s called “Adylkuzz” and it seems to be designed to get karma points toward bitcoin mining. CNN has a story here.

It apparently offers the dubious”benefit” of blocking other malware (maybe even ransomware) while it runs.  Of course, ransomware usually demands payment it bitcoin.

Friday, May 12, 2017

Massive "WannaCry" malware hits Europe, Russia; Edward Snowden had found it


There are plenty of news accounts of the “Shadow Brokers” attack on many systems around the world, revealed today, hitting Spain, Russia, and the British NHS pretty hard.  Here is a New York Times story.

And the Washington Post story. The NSA has known about the vulnerability which was apparently exposed by Edward Snowden,

Microsoft updated its systems in March but another patch is said to have been released this week. It is unclear if the latest updates Tuesday (to Windows 10, including 1703 Creator’s Update) has all the fixes. My systems updated this week and show up-to-date.

The UK NHS (single payer healthcare) infection apparently occurred with zip file attachments.  But the media reports that the WannaCry  malware could be spread by infected ODF files.

Webroot, in a tweet, directed me to read this Microsoft bulletin about SMB MS017-010 here.  UK Computing has a story here. Infection seems much more likely through Server and through network shares, it seems less likely at home.

Timothy B, Lee of Vox has a detailed explanation here.



Update: May 13 

US Cert's analysis of the problem.

This worm can spread from computer to computer within a network with a different user clicking on a phishing link or dangerous site.  It's not clear it can get through a firewall.

A 22-year-old programmer in Britain (or was it Indiana) disable the current malware by buying an unregistered domain used as a pivot in the worm.



Microsoft has a new update.   Windows 10 computers are not affected. However earlier computers still running Windows 8 or earlier may be vulnerable if not updated after May 13, particularly if connected to network shares.  Here is the latest I can find. I find their advice problematic;  older computers to not run Windows 10 very well.

Ars technica discusses Port 445 exposure (not requiring user interaction) here.



Update: May 16

Here's a blog post from Kaspersky about the Lazarus Group and possible ties to North Korea.

Update: May 17

Trend Micro offers a Folder Shield, which provides one more layer of protection against a designated folder, in the Data section.  It also offers users with earlier Windows OS to check to see if they have all the necessary patches against WannaCry.

Tuesday, May 09, 2017

Chrome browser said to be enforcing https standards


A site called “Nestify” is advising web users that Google Chrome will apparently mark all non “https” sites as unsafe, and also mark certain https sites as unsafe if they don’t pass certain standards. The article, shared today on Twitter, is here

It’s obvious that sites that require you to log in need encryption and SSL.  It’s less clear if you’re browsing and the website owner doesn’t require you to log in.  But the business climate of most webmasters today is that most of them need to sell something (however rarely) to some visitors, so an all https environment seems more credible.

Generally, newspapers having a paywall (as more do all the time) are starting to use https for all access (now the New York Times does). Vox does not require login but has installed SSL (maybe because Timothy B. Lee works there and influenced the company to do so).  But some news broadcast networks don’t yet, as they all have totally “free” content.

The article mentions Wordpress sites.  Right now I have four Wordpress blogs on Bluehost, under one account with three add-ons.  Blue Host allows one site per account to have SSL right now.  Since BlueHost has a subdomain naming structure internally, it would sound plausible that they could offer it to all addons on a hosting account at some point with more “programming” or re-engineering of how some routing works.  But that could be hard to install without interfering with access. 

My native Wordpress blog  (URL)  I’m putting some old archived material there) is SSL, as are 13 of the 16 Blogger blogs.  The three that are equated to domain names are not https because SSL is based on domain name (“Blogspot.com”). 

Wednesday, May 03, 2017

Unusual phishing scam targets Google Docs


There is a bizarre phishing attack involving sharing of Google Docs.  It will lead you to a real Google account page but then to fake documents page, as Timothy B. Lee explains on Vox here.

Fixing the hack involves removing an instance of “Google Docs” from the Google app permission page. Changing your own password doesn’t do any good.


 
But apparently this scam has circulated before, given YouTube videos about it.

Monday, May 01, 2017

Facebook memes could pose security hazards


Some security experts are warning Facebook users about memes on favorite activities, like asking users to identify a fake concert among others they have attended, as in this New York Times story here.
 
It’s possible for some criminals to guess security questions for other accounts from these, or to use social engineering to target users for future scams, according to some security experts.

I’ve never played on such a meme.

But one time I was greeted with a survey when logging on to Facebook, only to find later I had indeed misspelled the domain name.  Fortunately for me, nothing came of it.

Thursday, April 27, 2017

US Cert warns on state-sponsored malware that could hurt ISP's offering shared hosting


US-Cert in Pittsburgh (DHS) has sent out a detailed bulletin (TA17-117A) about foreign malware, apparently aimed mainly at Unix or Apache servers, that could steal information from customer accounts, particularly in shared hosting environments.

The report is very detailed and technical  and requires a lot of knowledge of PHP and other scripting to understand.

But it suggests that all service providers insist on longer passwords, more frequently hanged, and use 2-step verification from consumers.
 
The greatest danger, though, would seem to customers who have major consumer data.  And this seems to be a tool that may be of value to state actors in special situations (like North Korea’s Sony hack).  There could develop some political sensitivities about who could become a target in a shared environment, making them harder to secure in general.

Sunday, April 23, 2017

Facebook wants you to recognize your Friends by face for security verification -- a likely story


Facebook is trying a controversial new security tactic: when people use Facebook from computers far away from home, they may be asked to verify names of friends by profile faces.

John Costine has a typical news story on Ad Week here.

Most of us have “Friends”, especially overseas, whose names we do not remember or whom we don’t recognize.  That is particularly the case for users whose posts are public and are often about news stories or rather impersonal.  Possibly the algorithm would ask you to identify Friends upon whose news feeds you frequently give Likes or make comments.  But the policy seems to be self-contradictory, or be predicated on an internally conflicted idea of social media “friendship”.

It's possible that users could mitigate the problem by continually using Facebook while in route by phone.  But this may not work with long plane flights (where cell service is not allowed) to distant destinations.  If driving, of course, you could use it frequently, at rest stops (if you have good nationwide coverage).  It’s also possible that the policy will apply more to overseas travel.

Monday, April 17, 2017

Consumers can be on the hook for fraudulent use their phone accounts (land or cell)


Consumers, both business and home, can be held responsible for fraudulent calls made with their account by hackers, overseas.

Look at this story in the Los Angeles Times about a customer of Spectrum (formerly Time Warner)  The particular customer owns a public relations firm in Brentwood, CA.   She wound up with a $6400 bill for calls to Cuba.  The news story was on WJLA in DC tonight.

Practically all telecom companies put these provisions in their fine print.  However, in practice, most companies have been willing to forgive calls that were obviously fraudulent.

The problems can occur with either landlines (usually digital now with cable providers) or cell.  There would be a logical question if a hack could occur anywhere else but inside the telecom company, which ought to be relevant to any litigation of charges like this.  But consumers may be threatened with termination of service in the meantime.

In the summer of 1995, just was hacking was getting started, one of my Visa cards was suddenly rejected at a supermarket, and I quickly got a call from the bank, about $3000 of calls from Canada placed on the card through ATT.  The charges were all reversed and the card replaced.  The cause of the hack was never explained.

I have not had significant charges for robocalls.



And back in Texas, around 1999, a $4000 payment made to me to settle an old problem over an assumed mortgage was stolen electronically.  But it was refunded to me properly.

Hacking has been around longer than people think, even on older mainframes;  companies have countered them generally by tightening application elevation procedures, a security topic that was all the rage in the 1990s, before Y2K.   There were actually some security mishaps in my workplace in the early 1990s:  a contractor one time stole a server, and another time an operator was arrested for embezzlement, scary stuff if it happens where you work.

Saturday, April 01, 2017

Gaming scams; Federal Reserve phishing attack


Local station WJLA in Washington DC reports on recent phishing scams involving gamers wanting to move to a next “level” in the community operated by a game.  Since I don’t “game” I’m not sure how it could work.  But people whose accounts have been fraudulently manipulated will find them canceled by gaming manufacturers.  Symantec has an article here.    I wonder if this applies to Second Life.

It would be like having a USCF chess rating fraudulently raised.

There is also a new phishing scam of “embargoed news” from the Federal Reserve.