iPad Security Hole

This list of government emails is why the Department of Defense does not usually implement bleeding edge information technologies into operational environments. These DoD emails were taken from an iPad prototype and lists early adopters of the system. The iPad and AT&T had a gapping security hole dealing with Safari. The vulnerability allowed gray hat hackers the ability to harvest the e-mail addresses that iPad 3G buyers provided to activate their device.

My job as the resident “security guy” places me at the butt of jokes that serve as the passive aggressive means of venting the frustration that my co-workers feel about the strict military and DoD policies. Security is almost never appreciated until an information system’s security is broken or breached. And even then solutions only come after blame and public humiliation.

Why did so many important government figures decide to risk using the new iPad without proper military grade testing and scrutiny is the biggest question. I would expect a start up in Silicon Valley to grab an iPad the first day it comes out but not U.S. military organization in the middle of two wars.

more here:
http://money.cnn.com/2010/06/09/technology/iPad_email_breach/index.htm?postversion=2010061009
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

Popularity: 1% [?]

EZ1 Rate report from a reader

Hi,
I want to apologize everyone. I am one of the employee working with EZ1 Rate. It is a Scam. Preveiouly it was Value Benefits of America and then its name got changed as Caller Advantage then Super Savings and now it is EZ1 Rate.

This company is situated in India. We r asked to take the Credit Card numbers of customers saying tht it is just an identification number but it is a very important numbers of cards.

after taking the numbers the card is charged of any amount and then after every month the card is getting charged. if u read this then pls sumone launch a complaint against this company. many r the ladies and old people who give us the credit card numbers so easily.

i m giving the name of the company who is running it is Silgate Solution. it is india one branch is in Delhi in gurgaon another 2 branches r in Mahaashtra in mumbai. if u want the complete address then check out for the silgate call center in yahoo else visit www.silgate.cc

Jack
New York, New York
U.S.A.

i found this today i had some call me to asking the same thing that you have writen in these bolgs but i am a cop so i know this was a joke so while i was on the phone i googel what he told me. there was no info of a build and a company name.dont ever gave you info ever over the phone. i called a # for reporting a a scam the are the fedrual some of such there # is 877-382-4357 call them and tell them what happen so the can find these crimanal.

Popularity: 4% [?]

AMERICAN ADVANTAGE Benefits address phone number

If you didn’t know, AMERICAN ADVANTAGE Benefits is a false organization doing international fraud with organizations like EZ 1 rate.  They commit financial fraud and sell the personal information of unsuspecting victims.
One of my readers gave me the inside scoop on American Advantage Benefit’s real address:

630 Albert st. Oshawa Ontario,

Canada 4H4T5

AMERICAN ADVANTAGE Benefits phone number: 323-230-9576

Canada, just as I suspected.

Popularity: 8% [?]

Evil Plug-ins

I love plug-ins! I love them on Firefox, Wordpress, Dreamweaver and now on Chrome. It has crossed my mind that some of these plug-ins could be created and distributed by very smart people with criminal or mischievous intent. But the reality of bad plug-ins didn’t hit me until I noticed a link on digg.com about Stealing Logins using Google Chrome Extensions. I am no programmer but understand enough to see how cleaver it is.

Basically, someone creates a innocent looking extension or plug-in, they distribute it and the innocent looking plug-in/extension sends your personal information to where ever.

How can a person avoid this?! I guess the safest way would be to not use ANY plug-ins and extensions.. but that is over kill.
I know that I am pretty paranoid about Wordpress extensions/plug-ins but the open source community is pretty good about peer reviewing, testing and reviewing some of the more popular plug-ins. When it comes to software I depend heavily on reviews of others who have used the product. If there are no reviews (even on forums or dev/plug-in sites), I usually consider the app to risky.

Sometimes what I do is try the app/extension/plug-in on a site/blog I don’t care as much about. In the case of browser plug-ins, I use a single trusted browser with minimal plug-ins to do important sensitive/personal transactions. Most of the stuff I do on the web does not require so much scrutiny.

Unfortunately, there is always a risk with plug-ins, apps, and extensions. All we can really do is manage the risk, by being careful and suspicious.

Thanks Mr. Grech for the knowledge.

Popularity: 1% [?]