Windows remains the biggest single source of security holes, researchers are now finding significantly more flaws in the utilities we turn to for protection than in the operating system the software is meant to guard.
Blog
-
Wardriving Tools
Great site that lists the best software for finding and decrypting wireless AP's.
Morality of Wardriving tools.
I do not personally wardrive but I think it is a great way to do an
assessment of the security of your area. I know some people
wardrive just to find a free spot to surf. This is the equivalent
to walking up to every door in your neigborhood and twisting the knob
to see if the door is unlocked. Then walking in and watching
cable on their couch and eating popcorn. It is not right.
And I can not pretend that it is.Privacy of Publically dispensed Wireless Data
But at the sametime, having a wireless service and NO security is like
having a house with no walls. How can there be a crime or theft
of data and service when the data and service is spilling out freely
into the air like a public water fountain.Paying for Service and then serving it to the Public
I pay for the water service at my house so if anyone else walks into my
yard to use my water hose they are wrong. But if I put that same
hose into a nearby public park and turn it on, how guilty is anyone
going to feel about taking a sip or splashing their face with it?So if you feel strongly about people NOT wardriving and not stealing
service than do something about it. I think that wardriving will
dry up when the masses finally get wind of wireless security, until
then “Surfs up.” -
40 Million credit card accounts practically given away.. not problem
OLD NEWs:
CardSystem lost 40 million credit cards and what is the result.Credit card companies don't have to notify customers their personal
information has been stolen, a California Judge ruled today……In June, CardSystems admitted intruders had compromised the
confidentiality of 40 million credit card holders, and 200,000 records
had left the network. CardSystems had refused to notify the card
holders. The Rothken suit also requested that chargeback fees or
penalties on hapless card holders who were the victims of ID theft
should be waived.But a San Francisco Superior Court Judge, Richard Kramer, disagreed.
“I don't see the emergency,” he said. “I don't think there is an
immediate threat of irreparable injury” to consumers… [*]This company did not encrypt the credit card data! A gross violation of the Payment Card Industry Security Standard.
My comment and Voice of the evil doers:
It is amazing the kind of protection companies have.
From the begining that was the purpose of a corporate entity
“indemnity.” This allows the part owners ,shareholders, Legal
protection from loss.40 million credit cards is a lot of loss.
I think is half-haves should all form our own companies so we can have
that kind of protection from loss, including the loss of our
identities. If fact, on paper we should not exist, but instead be
employee Identification numbers subject to our own companies, owning
nothing but controling every thing!Nothing new about that idea.. this is one of the tactics of the wealthy.
-
ID Theft and Finacial Fraud on companies and YOU
You may have read numerous articles about how to protect yourself
against Identity Theft and financial fraud by very practical and
important methods such as shredding all mail with account information,
but currently one of the greatest threats to your Identity is out of
your hands.As stated in a July 2005 Newsweek
article by Steven Levy and Brad Stone, “sometimes being careful is not
enough when it comes to Identity Theft.”Many of the incidents of Financial Fraud and Identity Theft stem from
security breaches and criminal activity at the corporations and
financial institutions which we entrust our personal information too.
Whi e it is important to be proactive by shredding billing mail or
guarding your social security number, it is also important to be aware
of what companies have “dropped the ball” and know how to react if your
Identity is stolen.ID Theft & Finacial Fraud statistics:
According the Federal Trade Commission, “Identity theft affects
approximately 10 million Americans each year.”Identity theft takes many forms. The Federal Trade Commission (FTC)
reports that in 2004 the most common type of identity theft was credit
card fraud (28% of total complaints) followed by phone or utilities
fraud (19%), bank fraud (18%), and employment fraud (13%).The Department of Justice calls ID theft the nation's fastest-growing financial crime.
ID Theft at the Corporate level:
DSW: 1.4 Million credit cards + 96,000 Check transactions
Between November 2004 and February 2005, the DSW Show Warehouse
database was accessed by thieves who stole 1.4 million credit card
numbers plus 96,000 check transactions and the names on each of those
accounts from 108 stores in 25 states. DSW announced the incident
in March 2005.
/7550562/
http://news.zdnet.com/2100-1009_22-5676211.htmlCardSystem: 40 Million
On 17 June 2005, a payment processing center called CardSystem
Solutions was robbed of data on 40 Million Credit Card.
Now It\'s 40 Million Credit Cardshttp://elamb.blogharbor.com/blog/_archives/2005/9/28/1265301.html
BJ: 40,000 accounts.
BJ\'s Wholesale Club Inc operates 150 warehouse stores and 78 gas
stations in 16 states. The company went public in March 2004 with
information on approximately 40 thousand credit card being possibly
compromised.
The FTC charged that BJ\'s engaged in a number of practices which,
taken together, did not provide reasonable security for sensitive
customer information. Specifically, the agency alleges that BJ\'s:
Failed to encrypt consumer information when it was transmitted or
stored on computers in BJ\'s stores;
Created unnecessary risks to the information by storing it for up to
30 days, in
violation of bank security rules, even when it no longer needed the
information;
Stored the information in files that could be accessed using commonly
known default user IDs and passwords;
Failed to use readily available security measures to prevent
unauthorized wireless connections to its networks; and
Failed to use measures sufficient to detect unauthorized access to the
networks or to conduct security investigations.
http://www.ftc.gov/opa/2005/06/bjswholesale.htm“,1]
);
//–>http://msnbc.msn.com/id/7550562/
http://news.zdnet.com/2100-1009_22-5676211.htmlCardSystem: 40 Million
On 17 June 2005, a payment processing center called CardSystem
Solutions was robbed of data on 40 Million Credit Card. Now It's 40
Million Credit Cardshttp://elamb.blogharbor.com/blog/_archives/2005/9/28/1265301.html
BJ: 40,000 accounts.
BJ's Wholesale Club Inc operates 150 warehouse stores and 78 gas
stations in 16 states. The company went public in March 2004 with
information on approximately 40 thousand credit card being possibly
compromised.The FTC charged that BJ's
engaged in a number of practices which, taken together, did not provide
reasonable security for sensitive customer information. Specifically,
the agency alleges that BJ's:Failed to encrypt consumer information when it was transmitted or stored on computers in BJ's stores;
Created unnecessary risks to the information by storing it for up to 30
days, in violation of bank security rules, even when it no longer
needed the information;
Stored the information in files that could be accessed using commonly known default user IDs and passwords;
Failed to use readily available security measures to prevent unauthorized wireless connections to its networks;Failed to use measures sufficient to detect unauthorized access to the networks or to conduct security investigations.
–
D([“mb”,”http://www.google.com/search?hl=en&lr=&c2coff=1&q=Bj%27s+Wholesale+club+credit+cardTips on being proactive and reactive to ID Theft and Financial Fraud:
Pay attention to All your accounts. Know the Who, What, When, Where
and How of every transaction you make. This means bank, and credit
card account frequently and keeping a ledger or check book and
receipts.
Points of contact for watching your credit cards:
Equifax, 800-997-2493, Disclosure Dept., P.O. Box 740241, Atlanta, GA
30374; TransUnion, 800-888-4213, P.O. Box 1000, Chester, PA 19022; and
Experian, 888-397-3742, P.O. Box 2104, Allen, TX 75013. Report errors
promptly and in writing.
freecreditreport.comGive as little information as possible. Your digital fingerprint
consists of your DOB, SSN, Phone Number, Address, Mothers Maiden name.
All are usually asked of credit card companies when money is pulled
out or address is changed.More on your digital fingerprint:
Credit Card
CW2
Credit Report
SSN
Driver\'s License
ATM cards
Telephone carlling
Mortgage
DOB
Password/PINS
Home Address
Phone NumberDo NOT share your information with "other financial institutions."
Often the financial institutions we bank with get credit from or the
like will ask us if they can share your information with their
"partners." The answer is NO.
Also opt out of pre-approved credit offers by calling the Credit
Reporting Industry Pre-Screening Opt-Out Number at 888-567-8688.Cary as little ID as necessary when traveling. Do you really need
your Social Security card, and Birth Certificate where every your go?Shred ALL information with to many parts of your digital fingerprint
“,1]
);
//–>
Tips on being proactive and reactive to ID Theft and Financial Fraud:Pay attention to All your accounts.
Know the Who, What, When, Where and How of every transaction you
make. This means bank, and credit card account frequently and
keeping a ledger or check book and receipts.
Points of contact for watching your credit cards:
Equifax, 800-997-2493, Disclosure Dept., P.O. Box 740241, Atlanta, GA
30374; TransUnion, 800-888-4213, P.O. Box 1000, Chester, PA 19022; and
Experian, 888-397-3742, P.O. Box 2104, Allen, TX 75013. Report errors
promptly and in writing. freecreditreport.comGive as little information as possible. Your digital fingerprint
consists of your DOB, SSN, Phone Number, Address, Mothers Maiden
name. All are usually asked of credit card companies when money
is pulled out or address is changed.More on your digital fingerprint:
Credit Card
CW2
Credit Report
SSN
Driver's License
ATM cards
Telephone carlling
Mortgage
DOB
Password/PINS
Home Address
Phone NumberDo NOT share your information with “other financial institutions.”
Often the financial institutions we bank with get credit from or the
like will ask us if they can share your information with their
“partners.” The answer is NO. Also opt out of pre-approved credit
offers by calling the Credit Reporting Industry Pre-Screening Opt-Out
Number at 888-567-8688.Cary as little ID as necessary when traveling. Do you really need your Social Security card, and Birth Certificate where every your go?
“,”
Take mail with lots of your digital fingerprint (such as bill
payments) to the post office.Allow waiters, and clerks to see your credit card and/or debit
information as little as possible.
Crooks can use a handheld card reader to copy the information from
your card\'s magnetic strip.Beware strange ATMs. Avoid using private or strange-looking automated
teller machines, because they may be rigged to skim data off your
card\'s magnetic strip. Six- or seven-character PINs (personal
identification numbers) are harder to crack than shorter ones, but you
may not be able to use them at machines abroad.No surfing allowed. Watch out for "shoulder surfers" when using pay
phones or public Internet access; use your free hand to shield the
keypad. Don\'t use cordless phones to conduct sensitive financial or
medical business, because eavesdroppers on other phones and those
using eavesdropping equipment may be able to overhear your
conversations.Build a wall. Install firewalls and virus-detection software on your
home computers to discourage hackers.Log off. Quit your browser and log off after using public
Internet-access computers in libraries, Internet cafes, and the like.
Don\'t pay bills, bank, or conduct other financial transactions on
public computers. If you have a high-speed Internet connection at
home, unplug the computer\'s cable or phone line when you are not using
it to discourage hackers.Deal only with reputable Web sites. Check privacy and security
policies of Web sites before making purchases, trading stocks, or
banking online. A professional-looking Web site is no guarantee of
security. Don\'t respond to unsolicited e-mail requests for personal
information.Get complicated. Consider password-protecting all your bank and
brokerage accounts. Create passwords at least eight characters long.Check your workplace. Ask how your employer safeguards employee
“,1]
);
//–>Shred ALL information with to many parts of your digital fingerprint.Take mail with lots of your digital fingerprint (such as bill Payments) to the post office.
Beware strange ATMs. Avoid
using private or strange-looking automated teller machines, because
they may be rigged to skim data off your card's magnetic strip. Six- or
seven-character PINs (personal identification numbers) are harder to
crack than shorter ones, but you may not be able to use them at
machines abroad.Surf safely on the Internet. Ensure you have set up a firewall to protect your network. All online banking and medical transactions must have secure means of trasfering information such as SSL or https to encrypt the data.
Secure transaction will forward you to a secure page “https” and
usually have a symbol of a tiny lock in the corner.Trust your digital signature to only reputable Web sites.
Use secure passwords and password management techniques.
Get involved. If you are interested in asking Congress to pass
stronger financial privacy protections, visit
www.financialprivacynow.org.Resources to battle Identity theft:
http://www.privacyrights.org/
http://www.idtheftcenter.org/index.shtml -
Hackers Step Up Attacks on IM Networks
This is an interesting article on eWeek penned by Gene Koprowski
adressing the virus portal known as Internet Message chat (AIM, MS
messenger, ICQ etc).“One security research outfit on
Wednesday reported the highest monthly total ever of new IM viruses…
some 25 viruses were reported on IM networks during September alone.”Great point but the article speaks as if IM is some sort of NEW
target. IM is one of the biggest holes in home computer
systems. There are MANY hacker tools that exploit these swiss
cheese, foolishly trusting apps. Do a scan on your ISP's Network
and you will see scores of ports open on AIM and ICQ and others.“We started doing this report about four months ago. What we're
seeing is that there could be a new phase of IM viruses emerging. In
the past, IM viruses were variants of e-mail-borne viruses. That's not
exclusively the case anymore.”Jaros said that his company's research demonstrates that there
is an average of at least one IM virus attack being conducted every day
now.One of the most popular techniques that truly dark hackers use is to
connect an “owned” box to an IRC (Internet Relay Chat) room from which
many unholy acts can be done. -
Mobile viruses could get nasty fast
Dan Nystedt's article on PCWorld tells of the good, the bad and the
ugly about connecting mobile systems to home system to the Internet:“The dream of a connected world where
PCs and mobile phones can communicate with the digital home and other
devices is supposed to make life easier. But it could instead make life
far more dangerous if malware developers have their way.”And my favorite part:
“For example, mobile phone services in some countries let people see
what's going on inside their house via a Web cam connected to motion
sensors, snapping a picture and sending to the homeowner if anything
seems awry. But a hacker could use that same Web cam to see if anyone's
home, and perhaps break in. Or invade people's privacy by taking
pictures of what's going on in the house. And could a marauder hack
into a driver's mobile phone use it to shut down certain automobile
systems, like the brakes?”The article goes on to mention something very interesting, 3G phones
are online all the time. This feature make them HIGHLY
vulnerable to attacks. I won't be surprise if one day soon these
phones will have to have little built in mobile firewalls.“F-Secure, another vendor of antivirus tools,
says the current total count of known mobile malware stands at 87, up
from less than 10 early last year. A total of 82 of those viruses were
written to run on the Symbian series 60 operating system.”Symbian is a very popular mobile phone operating system. Much
like the Microsoft OSes and apps, Symbians popularity makes it a huge,
juicy target to mobile phone black hats. -
EXCLUSIVE: New security flaw in IE
The problem lies in the way Microsoft has implemented a JavaScript
component in its Web browser, security researcher Amit Klein wrote in a
research document. Internet Explorer does not validate some data fields
provided by a PC when the component, called XmlHttpRequest, is used, he
wrote.This affects IE 6 (even with Window XP SP2). It can be thwarted by setting the security to “High.”
This just another example of how bad IE is and how vulnerable our
browser can be. Once again I recommend switching to Firefox.Lets hope and pray that IE 7 is not as flawed as all previous versions of Internet Explorer.
read more | digg story -
How much of a geek are you?
A recent survey suggested that hi-tech jargon is proving tricky for
many people to understand. Find out how technically smart you are with
our quiz that tests how much you really know about the world of the web
and computers.This is cute little test.
I scored a 9 out of 10. I got the DRM one wrong.
Digital Right Manager?! I thought it was Data Resource
Manager! Oh, well. Guess I'm not as big a geek as I thought
I was.On my road to geekdom, I found that the biggest obstacle was the
language just as the article suggests. Its like a different
langauge to the layman. After a year or so of being on and off
the help desk I could speak geek. The great thing about it is how
quickly the geek world evolves. Geek speak evolves faster than
street slang. -
Wiretapping Broadband
It seems the FCC can now tap your broadband connection. Last Friday the FCC released it's CALEA First Report and Order, which allowed law enforcement to wiretap VoIP service. The original CALEA omitted broadband “information services” from such wiretaps, but now the FCC somehow was able to sneak this in.
-
MS Investigates New IE Security Hole
A spokesperson for the software giant acknowledged the MSRC (Microsoft Security Response Center) is investigating public reports of the flaw, which has been rated “moderately critical” by Secunia Inc.
XmlHttpRequest object flaw.