Virtual Visa Cards

Posted by on 18 November, 2007 No comments

This concept isn’t new, it’s just becoming more easily available. It’s like a prepaid credit card, and the idea is that if it gets lost or stolen there’s only so much credit that can be stolen. It’s not linked to any of your usual bank or credit cards. It could also be considered a disposable credit card. (And the term debit would be more accurate than credit).

In Australia there’s now a new credit card that works in this way called V-Card. It carries the Visa logo and can be used just like any other Visa credit card, only that you can put any value you want into it before you start spending.

Since the whole idea is to avoid online fraud you probably wouldn’t want to buy one online. They’re going to be available at real shops (Mobil/Quix for now), you then activate it online and they send you the security details by email or SMS to make you feel more secure. There’s a $5.50 setup fee on top of the credit.

It’s a good idea for many people, especially those who have avoided online shopping till now. It could also be useful when travelling overseas (so many travellers return with stories of how their credit card details were stolen).

Details here.

The Need For Strong Passwords

Posted by on 15 November, 2007 No comments

Combination LockPasswords have been an everyday part of life with computers, and they won’t be replaced any time soon. It’s a form of authentication, granting you access to a system or service.

When security is based on passwords two pieces of information are required:

1. A username
2. A password

Often it’s not difficult to guess a username. Some computers keep this information easily available to anyone who cares to look, and other times it’s just a matter of guessing.

Passwords are more difficult. The “strength” of a password is critical to keeping out unauthorised people. “Strength” is a measure of how easily it can be guessed. And if you’re wondering who really sits there trying to guess passwords you’re in for a surprise.

Passwords can be made stronger by using a combination of the following tips:

  • Make your password long. Tip: join 2 or 3 words together
  • Have at least one letter in uppercase
  • Don’t put a 1 at the end of your password (it doesn’t help at all)
  • Use a made-up word if you can think of one, or spell a real word incorrectly
  • Try not to use the same password on every website (more on this another day)

If you under the impression that no one will bother trying to guess your password then you’re definitely need to continue reading. Hackers don’t sit there trying to guess passwords (what could be more boring than that?). They write programs that do all the hard work of guessing programs. Then they maliciously install this program on other people’s computers (sometimes tens of thousands of hacked computers) to do lots of hard work for them. They just sit back and wait for the results to come in.

Protecting systems with passwords is a tough battle for the good guys (like you and me). As the progress of technology marches on we have faster computers which means hacking passwords becomes easier.

Now the really interesting part. There’s been some development on all this password guessing technology – where it used to take one computer months to crack a Windows Vista password, by utilising the untapped power of a modern computer’s graphics processor it’s now possible to do the same work with the same computer in 3 – 5 days. That’s 25 times faster just from some clever programming (see this article for the details on how).

So in the real world we have programs running on tens of thousands of computers, guessing billions of password combinations relentlessly, with the expectation that soon they’ll find all the easy ones.

So be smart about passwords. Make it very difficult to guess. And remember that there really are people out there trying to hack into your accounts so always be careful.

Maxtor External Drives With A Free Virus

Posted by on 13 November, 2007 No comments

Some Maxtor external drives have been found to contain a virus. These are brand new units straight from the factory. The unit with this problem is a Maxtor Basics Personal Storage 3200, shipping between August 2007 and November. If you’ve recently purchased one of these you need to call Seagate’s technical support and quote the serial number on the drive.

2 New Skype Related Warnings

Posted by on 12 November, 2007 No comments

There are two new warnings related to Skype today. In each case it’s not Skype that’s the problem, it’s just related to their service.

1. Some people have received a warning saying “Security Center has detected malware on your computer“. If you click on the links provided you’ll get a message telling you malware was found on your computer. It then asks you to pay money for an alleged program to clean it. If you see this, ignore it. It didn’t really scan your computer for viruses, and the money they ask for won’t really go towards anything good.

2. Some Skype users have received a message about finding a lost girl. Again this is a hoax and if you click on the links provided a web site will attempt to install a virus on your computer. Ignore it.

More details can be found at Skype’s security site.

What is Search Jacking?

Posted by on 10 November, 2007 1 comment

Post No BillsWhat is Search Jacking? And how is it bad?

The term Search Jacking is used when a program or network takes you to a search engine when you type an incorrect address into your web browser (e.g. Internet Explorer). For example, if you enter ffraudo.com into the address bar of your web browser it is supposed to show you an error. The address doesn’t exist (at the time of writing this article). At least that’s how it’s meant to work in theory.

Some people with large marketing ambitions decided that if you enter an address that doesn’t exist it should take you to a search engine that can suggest some websites for you. One prominent company that did this is Microsoft. Microsoft’s Internet Explorer takes you to a search engine and suggests some other sites, and not necessarily the site you really wanted to see.

There have been a few companies that have taken it upon themselves to redirect the general internet user to their search engine of choice. And their choice is decided by whoever’s paying them the most. The technique is similar to domain squatting, where mistyping a web site takes you somewhere unexpected. Cox and Earthlink have also used this technique before.

The latest in search jacking attempts comes from Verizon (an American telecommunications company). If your internet is connected through Verizon and you try going to an invalid web site, you might land on Verizon’s search website (for the moment it’s active on one of their fibre network).

Is there a danger to you? For now there’s no real danger, it’s more of a nuisance. Soon they’ll most probably start putting ads on this search site. It’s a little deceptive, and is called by some as “accidental content delivery”. You accidentally type in an incorrect address, they deliver content of their choice. And of course they’ll make money from it.

It’s more of a nuisance for now, and if it works out for them other companies are likely to follow. If your network has already adopted this search jacking system you could complain to your internet provider. After all, someone’s paying for your internet connection and you shouldn’t expect your internet provider to fill it with ads for you.

Beware of Yahoo550

Posted by on 10 November, 2007 No comments

550.jpgIf you see any links to yahoo550.com it’s a malware site that installs a trojan. The authors behind it are trying to trick people into thinking it’s one of Yahoo’s websites (Yahoo has a service called 360°). So ignore the fake 550 and take this as a reminder to have a good internet security program (one that checks websites as well as the traditional files and emails).

Deceptive Template Downloads

Posted by on 10 November, 2007 No comments

Ancient MaskAncient MaskIf you run your own website, in particular a blog such as the one this article is written on, you’ve come across templates. A template may also be called a skin, or a theme. These templates add the design, colour, layout, and feel of a website, and are developed by creative web designers.

Some templates are free, others are bought or custom made. And there are websites that collect free templates to make it easier for non designers to pick and choose.

It’s recently come to light that some of these template collections have been tainted. The person (or people) collecting and hosting the templates have quietly edited them all and embedded some code to suit their own purposes.

One such deceptive template collection is blogstheme.com. They’ve been caught adding code to the footer in the themes they host to collect marketing data. What makes this even more deceptive is that they didn’t actually create any of the templates, they’re modifying other people’s work. Another website previously ousted for doing something similar is templatesbrowser.com.

So if you run a website, blog, or similar and hunt around for interesting templates on these collection sites, always go back to the original developer’s website and download it from there. This way you’re downloading it directly from the person who created it, and not risking downloading a tainted copy.

It’s unfortunate that as the Internet continues to grow there are always new threats appearing where you least expect them. Hopefully by reading this site and encouraging others to do to we can all avoid the dangers and use the Internet to its full potential. Education is always a good solution.

Scammers Asking For Donations

Posted by on 8 November, 2007 No comments

There are many emails being sent by scammers that makre reference to major news stories, such as the recent fires in California. The emails may contain a real logo (copied from an organisation’s website) and claim to be from some charity or social organisation. They also have a link allowing you to make donations.

In these scams the link provided to donate money is owned and operated by the scammer sending the emails.

So as always don’t trust unsolicited emails you receive that ask for money. The people behind these scams are up to date with popular news stories and try hard to cash in on major events.

A New Way To Spread Viruses Using Google

Posted by on 8 November, 2007 No comments

This technique to spread viruses was only just discovered, and it’s clever.

Firstly it’s based on the assumption that people trust Google (which is a fair assumption since Google has done a lot to maintain good ethics and to help users avoid malware). So when people see a link to a Google site they would naturally assume it must be safe to click on.

Now someone sends you spam and in the body of the email is a link to Google’s website. The link is a clever trick that takes you to a gambling site containing a virus. How does it work?

On Google’s search engine there is a button called “I Feel Lucky“. This has been a distinctive feature of Google for many years and when you click on it, instead of showing you a page of results, it takes you directly to the first website. Now someone wishing to spread a virus just has to come up with some search terms that places their website at the top of Google’s results. Then they paste the link that created that search, with an option to take you straight to the “I Feel Lucky” link.

In short, it’s using a little known feature in Google to take you to someone else’s website, and the rest is reusing the usual spam and virus techniques.

For now this has been observed in spam emails and we should expect it to appear in other places such as websites, forum links, Facebook etc.

The best defence against this is to use a good antivirus package, one that checks webpages as well as the traditional virus checks.

It’s also good to pay attention to links before you click on them. Look out for things related to online gambling or pornography as these are the most common websites used to distribute malware.

And Google will most probably improve their systems to filter out exploits such as this one.