130 Million Credit Cards

There’s an interesting news article here about someone who stole 130 million credit card numbers and was later arrested for it. The interesting points are:

• 130 million is a large number. How many people like in your city? Or country? He operated in the USA, and I don’t have any stats on how many credit cards there are in USA but it’d be somewhere around half of all credit cards. The more you think about this the less secure you’ll feel about your own credit card number.
• All this data was sold to hackers in various cities countries (California, Illinois, Latvia, the Netherlands and Ukraine). So even though he was arrested the data’s been compromised already.
• There’s nothing you or I could have done to protect ourselves from people like this. He stole the numbers from businesses (such as restaurants) that store the numbers on their databases, not from people’s home computers.
• He wasn’t a sophisticated hacker, he just looked for businesses with wireless networks and weak security (read here on how to secure a wireless network the right way) and installed malware to do the work.

Businesses should be doing more to keep their data safe. A lot of the time they just don’t have the skills or budget to spend on network security (especially non-technology businesses such as restaurants). Yet there’s a moral obligation to do so. What can we do about that?

You should also be watching your own credit card accounts regularly.  Internet banking makes it easy to check your account details every couple of nights from home. By doing so you’ll notice compromised accounts early and can get the card cancelled. Just make sure your computer is safe when you log onto internet banking sites (read here and here for some good tips).

The full article on this incident is here. It’s a bit long but an interesting read.

Beware Of Fake Obama News

A lot of people are talking about Barack Obama, it seems to be a big news topic right now. Scammers have taken advantage of the media hype and have started publishing fake news sites.

These fake news sites are designed to get your attention and to go to their web page. Their web page then attempts to install malware on your PC.

Some of the fake headlines include:

• Barack Obama has refused to be a president
• Haven’t you heard latest news about our president-elect?
• Barack Obama abandoned sinking ship
• Obama doesn’t wany [sic] anymore to be a president

These fake sites have a professional look and feel. If you don’t have a good anti virus package installed it’s very likely your PC will become infected and you won’t know about it. The infection forms part of a botnet, meaning it’s under the control of someone else and will be used to commit online crimes.

So be cautious about these fake news articles. It’s highly unlikely that Obama has changed his mind at this stage. Use a good anti virus package that also scans web sites. And don’t use Internet Explorer, start using one of the popular alternative browsers such as FireFox, Opera, Chrome, and Safari.

Whenever something big happens in the news there are people that will always take advantage with made-up sensational headlines, designed to trick you into opening their web pages.

Key Duplication

Here’s an interesting use of technology to copy someone’s keys (the metal kind that opens doors). It works with someone taking a hi res photo of your keys, then enhancing the image enough to make a template for someone to cut a copy of a the key.

What kind of photos will work?

Useful photos can be found on photo sharing web sites (such as Facebook or Flickr). This is a passive way for someone to find an image of your keys.

Another tactic is for someone to target you with a camera phone, taking photos of your keys while you hold them. Or with a camera and a telescopic lens, from 200 feet away as the article below suggests.

This isn’t really a new trick, but the software to do all the hard work is new. Technology like this only gets better so it’s time to learn how to protect yourself.

Some tips:

• If you upload photos showing your keys then take the time to blur the keys first. This is similar to how you would blur your car number plate, or a credit card
• Don’t display any keys in public. It wouldn’t be hard to obscure them with your hands
• If you have a choice (such as when purchasing a car) opt for something that uses RFID chips embedded in the keys (many cars have this these days)

Read more about the technique here, and read the full paper here.

Is WPA Still Secure?

There was a media announcement recently from a Russian company called Elcomsoft claiming to be able to crack WPA encryption. What’s this about and how does it affect you?

WPA is the preferred encryption for wireless networks, the kind you probably have at home or in the office. Here’s a quick recap of where WPA fits in:

• WEP – the old wireless security option. This is useless, it provides no real security.
• WPA – this replaced WEP. Some old devices didn’t support it but most new ones do. WPA is good, highly recommended.
• WPA2 – this is better than WPA

So what did Elcomsoft do?
They developed a way to speed up the time it takes to crack WPA and  WPA2 encryption. Here’s a short summary:

• If you use a short password, say 10 letters long, it used to take 579,000 years to crack. With this new technology it would now take 5793 years, or 5 years if they purchase 1000 of these machines dedicated to hacking into your wireless network (at a cost of over $1m of hardware).
• If you use a good password, e.g. 20 characters long, will now take 10,000,000,000,000 years to crack, or shorter if you have thousands of computers working together on this.

In other words the article is mostly hype. Making something 100 faster doesn’t mean much when we’re talking about trillions of years.

The short version is: use WPA/WPA2 and a long password when configuring your wireless network. Use at least 20 characters.

Further:
What I’ve written above applies to small networks such as home or small offices. For large networks you should be using a technology called Radius together with WPA, this is much more secure, extremely hard to crack, and of course more complicated and expensive to install and maintain.

ClickJacking Exploit

A rather serious exploit has recently been discovered.

It’s called ClickJacking. The problem is in Adobe’s Flash player, which just about everyone in the world has installed (sometimes without even knowing it). 

The vulnerability makes it possible for someone to control your computer’s webcam or microphone, lettting other people spy on you. It’s a serious problem.

Who’s at risk?

Anyone who has Flash version 9.0.124.0 or earlier is at risk. This includes Windows, Mac, and Linux users, and FireFox, IE, Safari, Chrome, and Opera users (does this list include you?)

What can you do to protect yourself?

Adobe is publishing a fix very soon and the best thing to do is to upgrade to the latest version of  Flash. Flash should prompt you to download an update – say yes to this. Otherwise download the latest version from Adobe’s web site.

If for some reason you can’t update Flash on your PC there’s another way to protect yourself (this is a last resort tactic, updating Flash is much safer). The workaround is to set the Always Deny option, as detailed here on Adobe’s site.

Further info:

Someone has gone to the trouble of setting up a sample of how the exploit works and recorded a video to demonstrate. Play the YouTube video in this article.

Skype in China

People in China using Skype, or people elsewhere using Skype to talk to people in China, should be aware that some conversations are being monitored by the Chinese government. This article explains how this was recently exposed.

The system listens for sensitive terms (mostly political subjects) and logs conversations that meet this requirement. This works differently to how the Germans are doing it.

Unsecured Wireless Routers

Here’s what happens when you don’t take proactive steps to secure your wireless router (or wireless network). Recently there were a series terrorist bomb attacks in India, and threat emails were sent by the terrorists. 

The source of the emails were traced and they came from the home of an innocent family in Mumbai (India). The terrorists had used their unsecure wireless network to gain access to the internet and do their thing. The residents said,

“We did not feel the need to secure or password-protect our internet connection. But now it has become a necessity for all citizens to secure their connections”

This stuff really happens, read the full article here.

So how do you secure your wireless router? What other consequences can you face for leaving it unsecure? Read our previous article. In fact, use the search box on the top right of this site and search for “wireless” – there’s a lot to learn about wireless security at home and in the office.

Keep in mind that when you buy new (or old) wireless equipment such as a wireless router, the security settings are almost always set to the most insecure options. That’s crazy, but manufacturers think that turning on security by default makes it too hard for people to install these things. Maybe, but most people are lazy and don’t turn on the security features, putting them at risk of being hacked or involved in serious crime.

Large Hadron Collider Malware

As always people who write and distribute malware take advantage of popular news stories. This time there’s a fake link to a video about the Large Hadron Collider (a new science project). If you attempt to watch the video it asks you to download a plugin (it says that you need to download it in order to view the video).

We’ve mentioned this before, you don’t normally need to download plugins to view videos on the web.

If you see an email or web post with the following then ignore it, it just asks you to install a malicious plugin,

“This thing rocks! By the way, you can watch “Large Hadron Collider” start video report at http://***sed.com/clip/?id=Large_Hadron_Collider Pretty interesting, isn’t it?”

Space Station Gets A Virus

It’s interesting to see that even the most technologically sophisticated environments face the same challenges as the rest of us. Some computers aboard the international space station (ISS) have been infected with a worm (called W32.Gammima.AG). And it’s not the first time this has happened.

In this particular case there’s no threat to their operations, but it’s interesting to see how some of the best engineers in the world let this slip through. The theory at the moment is that it was transferred from a crew member’s personal compact flash card.

It’s also interesting to note that the computers on board do not have virus protection, and that it’s believed it spread from one computer to at least another one.

Lessons to be learnt?

1. Use a good anti-virus package. It’s not good enough to be extra careful, you need the best tools working in the background keeping watch.
2. Be aware that flash cards (the kind cameras use) can carry malware. You just have to be careful who’s computer you put it into. We’ve even seen brand new devices ship with infected memory cards.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Ads

  • Anastasia International Scam

• Recently Written

  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email
  • Microsoft Does Not Send Updates By Email
  • Texaco Money Mule Scam
  • Facebook Un Named App
  • Avast 5
  • ATM Card Skimmers
  • Common Passwords
  • Fake ATO Emails
  • TwitterBuilding
  • IE6
  • BlackBerry Hoax Message

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month March 2010  (2) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Ads

• Affiliates

• Spam Blocked

  30,989 spam comments

  blocked by
  Akismet

• Stats