Responding to an urgent e-mail about your compromised bank account is tempting, almost involuntary. That's exactly what phishers are counting on when they link you to a false site and pump you for personal details. Learn how to skirt their tricks in this Insider Secrets video, and remind yourself of other ways to avoid suspicious Web sites that might not have your best intentions in mind.
My point last month, when I wrote that Ethernet connections in a hotel room are not secure, was that wired Internet connections in a hotel are no more secure than wireless connections. The issue I described involved a technically savvy guest, reconfiguring the network to place their computer logically between you and the outside world. Thus positioned, they might as well be watching over your shoulder.
A few days ago Leo Notenboom cited two additional reasons why wired hotel connections can't be trusted: hotel employees can snoop and, if the rooms are connected with a hub, even a nontechie … Read more
Despite a notable backlash from some Ad-Aware SE fans, Ad-Aware 2007 is still a very powerful weapon in the fight against malicious software. Ad-Aware 2007 is bigger than its previous editions and it tends to use up more system resources. Most unfortunately, all of Ad-Aware 2007's premium (paid) features, and even applications such as Ad-Watch 2007 and the Host File Editor, are included with the free version, but are nonoperational. Despite those minor complaints, the new program did add valuable features, including support for multiple browsers, a Web privacy tool, and multilingual support (although French is the only available … Read more
WASHINGTON--Two security researchers at ShmooCon demonstrated on Saturday how a laptop connected to a VoIP telephone could, in some cases, expose a business' internal network to outsiders.
John Kindervag, senior security architect for Vigilar, said that public waiting areas in hospitals, conference rooms, and hotel rooms are particularly vulnerable to this attack since often there is no IT staff around. Appearing on stage at the East Coast computer hacker conference with Kindervag was Jason Ostrom, manager of Vigilar's Vulnerability Assessment and Compliance Practice team, who used the ShmooCon conference to show off his latest version of VoIP Hopper, a … Read more
WASHINGTON--Researchers Charlie Miller of Independent Security Evaluators, and Dino Dai Zovi, turned their attention to Second Life during a Saturday morning presentation at ShmooCon, an East Coast computer hacking conference. The researchers didn't exploit a flaw within Linden Labs' Second Life, but within QuickTime. They showed how an attacker could make money stealing from innocent Second Life victims.
Miller and Zovi are both experienced with flaws within Apple products. Miller published the first Apple iPhone flaw shortly after its release. At last year's CanSecWest security conference, Zovi exploited a QuickTime flaw to win a "PWN to Own&… Read more
WASHINGTON--In a keynote address at this year's ShmooCon, an East Coast computer hacker conference, J. Alex Halderman said that electronic voting machines could be good for the electorate--with some modifications.
Halderman is a graduate student studying under Ed Felten, a professor of computer science at Princeton, who is best known for demonstrating that the electronic voting machines produced by Diebold and other companies are vulnerable to attack. Diebold has since changed the name of election equipment to Premier Election Solutions. Felten was to make the keynote address, but canceled at the last minute due to the flu. Halderman is … Read more
Flux, the social-networking initiative started by media giant Viacom, will officially support Google's OpenSocial standard. The developer site for Flux now says that OpenSocial implementation is "coming soon."
Flux, still in an early phase, was one of the few high-profile social networks that had not yet opted to partake in Google's developer standard. MySpace.com, Bebo, LinkedIn, and just about every other name in social media (except Facebook, which has opted to stick with its own developer platform, at least for now) had announced support for OpenSocial, and several have already invited developers to start hacking away. … Read more
As reported on BoingBoing:
ALC, a San Francisco-based civil rights organization, received more than 20 complaints from Northern California residents last year who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, customs agents examined travelers' books, business cards collected from friends and colleagues, handwritten notes, personal photos, laptop computer files, and cell … Read more
The FBI is warning that Valentine's Day e-mails you see this year might be coming not from loved ones, but from the Storm worm botnet. In a press release Tuesday, the FBI warns users to be on the lookout for e-mail that "directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm worm botnet."
Dr. Jose Nazario of Arbor Networks said the authors of Storm have launched … Read more
Update 11:45 a.m. PST: This blog incorrectly described part of what the link downloads. It downloads a Trojan horse. The link does not take viewers to a video.
Moving beyond Valentine's Day as a social-engineering theme, online criminals have started sending out e-mail with a supposed link to a recent interview with Sen. Hillary Clinton. Instead of a video, the link downloads a Trojan horse onto the viewer's computer. Security experts predict 2008 presidential election e-mails and phishing sites will continue throughout the year.