TECHNOLOGY: New form of spam begins. It looks like a standard LinkedIn invite.

Wednesday, September 29, 2010

New form of spam begins. It looks like a standard LinkedIn invite.

201009290912.jpg

But the URLs point to strange sites. Don’t worry I’m an Open DNS User (free) and they don’t resolve.

“Default” Users, who don’t take any precautions, should NEVER click on any link in ANY email.

# # # # #

LinkedIn Users Targeted with Fake “Contack Requests” to Spread Malwa
Posted by: “Joseph”
Tue Sep 28, 2010 7:38 am (PDT)

LinkedIn Users Targeted with Fake “Contact Requests” to Spread Malware
By Mike Lennon on Sep 27, 2010

On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users.

Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link.

According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says “PLEASE WAITING…. 4 SECONDS..” and then redirects them to Google, appearing as if nothing has happened. During those four seconds, the victim’s PC was attempted to be infected with the ZeuS Malware via a “drive-by download” – something that requires little or no user interaction to infect a system.

When Zeus infects PCs, users rarely notice any harm, and those who click on a link will may even have a chance manually download the executable file, as the malware first runs a series of browser exploits. ZeuS, also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent banking malware platform for online fraud, and has been licensed by numerous criminal organizations. The program then waits for the user to log onto a list of targeted banks and financial institutions, and then steals login credentials and other data which are immediately sent to a remote server hosted by cybercriminals. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc. A new variant recently emerged that targets mobile devices – ZeuS in the Mobile or “Ztimo”- used to overcome two-factor authentication.

“Criminals are misusing brands familiar to business users to trick them into becoming infected by data stealing malware,” said Cisco Security Researcher Henry Stern. “They want to infect those users with access to large-dollar online commercial bank accounts. This attack is most interesting because of its scale. While there have been many previous attacks that impersonate social media sites, the scale of this attack, tens of billions of messages, makes it notable. The criminals behind this attack are among those who stole over US$100m from commercial bank accounts in 2009,” Stern added.

Back to top Reply to sender | Reply to group | Reply via web post

# # # # #


INTERESTING: Corporations shift their IT costs

Wednesday, April 21, 2010

http://www.forbes.com/2010/04/20/smartphone-mobile-iphone-technology-cio-network-blackberry.html

JargonSpy
The End Of The BlackBerry Elite
Dan Woods, 04.20.10, 06:00 PM EDT
Companies are increasingly allowing workers to use their personal smartphones for work.

*** begin quote ***

And now that smartphones are relatively inexpensive and many workers own one, companies are encouraging employees to use their personal phones for work. One retail executive told me that most of his employees were eager to use their personal phones to stay in touch with work e-mail, and some workers could be reimbursed for their phone and texting charges.

Increasingly, companies are attempting to bring personally owned smartphones into the fold of corporate IT, which in practice usually means providing access to MS Exchange or Lotus Notes. This fits into the vision of Organic IT in which corporate IT is delivered through personal technology.

*** end quote ***

This brings up some interesting questions like ownership, liability, wage ‘n’ hour, and exhaustion. All questions that the CxOs really don’t want to recognize.

When corporate data leaks onto an employee device with the corporations blessing, who owns it? Customer lists take to a competitor by a job changing employee leaps to mind.

What are the liability issues with agreeing to this? An employees answers a email while driving and crashes defends with “the boss made me do it”.

If an employee has to support “off-hours”, what’s the wage ‘n’ hour implications?

If an employee is exhausted and burnt out, what is the costs of the mistakes and replacing them?

And I’m not even a lawyer; just a fat old white guy injineer who has had to “do” it.

# # # # #


GOVEROTRAGEOUS: Homeland Security couldn’t secure its own butt!

Thursday, March 25, 2010

http://www.schneier.com/blog/archives/2010/03/bringing_lots_o.html

Schneier on Security
A blog covering security and security technology.
March 19, 2010
Bringing Lots of Liquids on a Plane at Schiphol

*** begin quote ***

5. Department of Homeland Security Theater calls an emergency meeting with the National Security Council, after which it is decided that all bottle-shaped objects (and all Dutch reporters) should be banned from flights.

*** end quote ***

From the blog that coined the phrase “Security Theater”, here’s a funny extension. Despite the fact that the incident occurred overseas, it couldn’t happen here in the USA. Right!

# # # # #


POLITICAL: Classified to protect the interests of whom? Not you and me, for sure!

Sunday, February 28, 2010

http://campaignforliberty.com/article.php?view=625

02/20/10
Hushing Up “Conspiracy Theories”
by Jeff Riggenbach

*** begin quote ***

When Cass Sunstein and others seem most worried about is historical narratives that undermine the government.

*** end quote ***

“Classified information” is classified to protect the interests of Big Gooferment and the ruling elite; not us serfs. Why isn’t everything automatically declassified after say 50 years?

# # # # #


MONEY: Beat Airline Fees

Sunday, February 21, 2010

http://www.forbes.com/2010/02/18/nanofiber-clothing-iphone-technology-cio-network-travel.html?partner=technology_newsletter

Travel
How To Beat Airline Fees
Quentin Hardy, 02.18.10, 07:00 PM EST
Garments and gadgets that let you travel light and avoid extra charges on your next trip.

*** begin quote ***

This was before plausible roller bags, Web sites for lightweight travelers, and all the digital folding headphones, smart phone stands and nanofiber clothing that make the light life easy. It was also before the cursed baggage fees–now beating them is almost like flying for free.

*** end quote ***

Of course, I would only fly if I couldn’t get an appointment for a colonoscopy!

It also makes the “safety” case that all that junk dragged into the cabin makes us ALL unsafe should an emergency occur. The TSA should be the bad guy, (It is already.) By enforcing the number and size restrictions on carry ons. The airlines SHOULD charge for all the carry on crap. That’s what SHOULD be discouraged! Make checked bags free; carry on costs!

Argh!

If I were “king”, I’d proclaim the diktat throughout the land. And the serfs would rejoice.

If not for that, then for the fact we’d be using gold as a monetary standard and the gooferment would be cut down to size. (And, the airlines would be running the terminals, schedules, and “security”. Where passengers could sue in the “king’s” court for damages.)

And, peace and prosperity would be the rule though out the “kingdom”.

I can only wish!

# # # # #


TECHNOLOGY: WEP is worthless!

Saturday, January 30, 2010

How To Hack Wireless


Safe for work

Warning for WEP users. Don’t do your banking, or anything important, on that connection.

Don’t you just love command line stuff? How long until it is packaged for the script kiddies?

# # # # #


POLITICAL: “Zero Tolerance” for stupidity

Sunday, October 18, 2009

http://www.schneier.com/blog/archives/2009/10/the_bizarre_con.html

Schneier on Security
A blog covering security and security technology.

October 15, 2009
The Bizarre Consequences of “Zero Tolerance” Weapons Policies at Schools

*** begin quote ***

The problem, of course, is that the global rule trumps any situational common sense, any discretion. But in granting discretion those in overall charge must trust people below them who have more detailed situational knowledge. It’s CYA security — the same thing you see at airports. Those involved in the situation can’t be blamed for making a bad decision as long as they follow the rules, no matter how stupid they are and how little they apply to the situation.

*** end quote ***

Security needs the ability to distinguish between true threats and everything else.

When it can’t, it’s worthless. It gets overwhelmed with “noise” and the bad actors slip by.

Argh!

# # # # #


%d bloggers like this: