This week everyone’s been talking about a new flaw in Flash that can be exploited to run malicious code on your computer. After a few days of media frenzy Adobe has released a fix for it.
If you use Windows then download the update (this includes users of FireFox, Opera and Internet Explorer). Link here.
The fixed version is 9.0.124.0. If you’re keen you can read more about the vulnerability here.
CSS is a web design technology that almost every web site today is using. It controls things like colour, fonts, and most of the design on every web page.
A flaw has been discovered that can allow web site creators to know if you’ve been to a particular site. An example has been presented that lets web site owners know if you visit Digg, Del.icio.us, Reddit, and Facebook without having to ask.
This is more of a privacy concern rather than a security risk. The following tips will avoid it but it’s a little impractical to do:
It’s a documented bug in the CSS standard that might not get fixed for a while.
It’s now common to see spam advertising bogus jobs. Here is an example.
This job spam promises a lot of money for working very few hours. A few things give it away as spam. Firstly the email address given in the message doesn’t match the sender’s address (it’s not even close).
Secondly: I never asked for this email to be sent, I didn’t apply for any jobs recently and haven’t put myself on any work related mailing lists. This is spam (unsolicited emails).
Next, any job ad that doesn’t actually have a job description is suspicious. And when they promise large amounts of money for 1 to 2 hours work per day it’s too good to be true.
Here is the text of the email (complete with grammatical errors):
Subject: The best offers from our company!
Greetings!
You have a chance to start making 1200+ AUD a week spending 1-2 hours a day
Monday-Friday, working most of the time from home.This opportunity is brought to you by APL Sales Company and now is hiring!You received this offer via Worldwide net of advertisement brought to you via paid ads by Google.If you are looking for an additional job or just an extra income – this position is for you.Designed for an ease of use and the best position available nowadays, time wise and income wise.
Although some requirements need to be met:
You are 18+ years old*
You have 1-2 hours of free time a day Monday-Friday*
You are responsible and dependable*
You are located in Australia only*
—–
Some reference:“Best offer on The Net” – “Money” magazine, -John Keppke.
“Employment situation has gotten on a new level” – “The Economist” magazine, -Laura Star.
“Amazing solution for Extra Income” – “Newsweek” magazine, -Dennis Coleman.
—–
If you meet all requirements – don’t hesitate to get more information on this great
position called “Fund Operator”.Reply to: apple.swed404@gmail.com with subject “Interested” to receive full information on this great position. Limited time offer, don’t wait! And Good luck.
They don’t publish a link to a web site, only an email address, so I don’t really know what they hope to gain from this.
In the interest of research for FraudO I’ve replied to this spam email and will update this post when I receive a reply. I sent the reply to their gmail address (which is different to the spam’s From address) with the following line:
Please provide more information on this offer.
That’s all I’ve said. Let’s wait and see what happens.
…
That was fast, I’ve received a reply already. It must be an automated reply. This is what they sent:
Thank You for being interested!
You have a chance to join our team and start making money for your family or just for yourself, as an extra income.
This is a new generation opportunity and it is based on a taxation loop between two countries.
You will represent a role of a S.u.b. Distributor for our company, it means that you will help us handle payments from our customers within Australia,thus we will pay you 10% commission from every payment that you handle. Since you are an individual it gives us opportunity of paying 2% tax for every sale, that’s why we need help from you.Here is a live example:
1. You receive 3100 AUD from our customer to your b a n k account. We send you instructions by E-mail.
2. You go to the b a n k and withdraw 90%, and you leave 10% for yourself.
3. Then you go to a Western Union and send 90% to one of our agents. (will be given in instructions)
4. Then you send us e-mail with report form. (will be given in instructions)
5. As soon as report form received – you get your next transaction the very next day and so on.
Outcome >> You earned 10% from 3100 AUD which is 310 AUD just in your pocket. And it was only one transaction.It is not complicated at all, anybody can try this out and you always can get help from one of our representatives. Feel free to Get started.F.A.Q.
1. Do i pay any tax? This is not your income and bank will know that, we pay fee for this activity to every Australian Bank.
2. Is there a contract? No, for your convenience we made this a part-time position, you can stop anytime and continue anytime, let us know prior 2 days.
3. How many transaction a day, how often? 1 transaction a day, 4 times a week, Monday-Thursday.
4. What products do you sell and what is the average amount i will need to process? Mostly we are big on electronics and computer hardware, but we also can help any other company to make a sale, so it can invole auto parts as well ashousing equipment.
5. When is this offer valid until? Offer is valid until October the 20th 2010.
6. Is this legal in Australia? Yes, everything is above board and regulated by financial government institution. Feel Free to try yourself out in this opportunity, here is the application information required IN ORDER TO GET STARTED:___________
*FIRST NAME:
*LAST NAME:
*ADDRESS:
*CITY:
*ZIP CODE (optional):
*COUNTRY: Australia
*DATE OF BIRTH:
*MOBILE PHONE#:
*HOME PHONE#:
*NAME OF YOUR BANK::
*ACCOUNT# (contains numbers only):
*BSB# (6 digits):
*YOUR E-MAIL(to contact you best):
————
AFTER YOU SUBMIT YOUR INFO – ONE OF OUR REPRESENTATIVES WILL ASSIST YOU BACK SHORTLY! GOOD LUCK AND WELCOME TO OUR TEAM!!!
Notice that at the end of all this text they’re asking for my bank account details. It’s a scam.
Don’t ever provide your bank account details to strangers (unless, for example, you’re selling something online and need to accept payment, then it’s a compromise between security and doing business). Read here to see what happens if you give out your bank account details to everybody.
The rest of the email is just a story about some complicated money transfer scheme. Even if they really did want to do all this and pay me 10% it just doesn’t sound legal. Could it be a money laundering scheme? It’s not something you should get involved with.
Phishing emails are very common these days. Below is a common phishing email from a local bank. Keep in mind that the same technique is used with most banks these days. Spelling and grammatical mistakes usually give them away (although this example is pretty good), and read the end of this article for the best ways to tell a phishing email from the real thing.
An email arrives with a topic “Verify Your Phone Number“. Emails asking people to verify something can be eye catching, and add a sense of urgency. Below are the contents of the email:
Dear customer!
St.George Bank Limited is constantly working to improve the account security of our customers. In order, to ensure the integrity and security of our online banking system, we periodically review accounts. We were unable to contact you by phone during the last check, so please verify the information at your account file and make sure it is right.
Please, verify your account information by following the link.
Click here for verification: https://ibank.stgeorge.com.au/verify/The next verification will be done soon, invalid account information will result in your account being placed to restricted status.
Customer Service
St.George Bank Limited
http://stgeorge.com.au/
Some things you should keep in mind:
What would happen if you clicked on the links provided in the email? They look geuine enough.
In most email clients when you put the mouse pointer over the link and wait a second, you’ll see the real link. That’s right, the way email works is someone can display a link that looks like a bank site’s address but in fact it can go somewhere completely different. Maybe the technology behind emails should be changed to make this impossible.
In this case the links point to a site called stgeorgeverify dot com. Again this might fool some people because it has the bank’s name in the address, but it’s not the bank’s address. It’s a phishing site designed to let customers type in their bank details so that scammers can sell the information on the black market (and eventually so that money can be stolen from bank accounts).
There’s very little regulation in domain names (web addresses). It’s easy for someone to register a domain name that looks like a bank’s site. Even if it has one additional or different letter it’s enough for anyone to register. And when someone registers a new domain name they can make it do whatever they like. Technically it’s a new site (even though the name looks similar to a legitimate site).
So when you receive emails from important organisations, such as from your bank, don’t ever click on the links. Go to the bank’s web site by typing its address into a web browser. Because the links in emails can be misleading.
For further reading see our article on how domain names work, and another detailed example of phishing.
Ad-Aware 2008 is now available. It’s a popular anti-spyware product for Windows that scans your computer for spyware and adware. It comes in three versions:
There’s a comparison chart here showing what’s different between the versions. If you’re new to this product and aren’t sure which version you need start with the free version.
Read more about Ad-Aware 2008 here including a download link.
Similar products available for Windows are:
Also note that the larger anti-virus packages such as Trend Internet Security also contain anti-spyware modules.
Today I’ve activated email subscriptions to FraudO.com. Here’s how it works:
It’s that simple.
How much money do you think Australians send to Nigerians because of the old Nigerian 419 scam? (Keep in mind that Australia has a small population of 21 million)
The answer is millions of dollars.
This very interesting interview with the head of the Queensland Police Corporate Crime Investigation Group (what a long title) discusses these scams and provides some interesting details.
People who fall for these scams often don’t report it, and in many cases repeatedly fall for these scams. Watch the video, discuss it with your friends, family and colleagues, and help raise awareness of this particular kind of scam. You can also read this article on how Nigerian scams work.
An interesting study on orphaned accounts has found some serious security holes.
An orphaned account is when someone leaves an organisation and their network account remains active, instead of being disabled (locked). In a lot of cases those people who have left could still log onto their previous employer’s network and access files and services.
The study found that 27 percent of people reported that they had more than 20 orphaned accounts on their system. If everyone did their job well ideally it would be 0.
38 percent of people said they had no way of knowing if a terminated employee had logged into their system. Security auditing is very important and not very difficult, without it IT managers won’t know who’s doing what on their network.
In other words, in about 27% of companies if someone left they could still log in from home, copy files, send emails, and otherwise use the system the same as when they were officially employed. And in 38% of cases nobody would ever find out.
So how long should it take to terminate an account? Accounts should be disabled at the end of the employee’s last day and not a moment later. In some companies there’s so much bureaucratic admin that, according to the above article, it ends up taking 3 days to a month to do this. Shocking.
It’ an organisation it should be everybody’s responsibility to protect the network and all private data. If your organisation is slacking in this area say something about it.
Apple has released a major update to Mac OS X. If you use a Mac you should first make a good backup of your computer then apply this update.
Recent Comments