Browsing author
As I previously blogged today, the hacker who broke into Sarah Palin’s Yahoo account was convicted on two charges. The way that David Kernall gained access to Palin’s email account was by trying to log into her account, saying “I forgot my password” and then he correctly answered the password reset questions. Some of the
it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he
Wow. File this under ‘how stupid thoughtless can any one person in a position of absolute power be…’ One school official abuses the built-in webcam access used with anti-theft software [legal malware] which they had packaged onto school laptops… to their own detriment. What sparked the discovery was Assistant Principal Lindy Matsko’s assertion in early November that
My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy. Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible. One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.
Better get your CFO to review UCC Article 4A and realign protocols with your business bank – The clear and present danger to our banking through malware hits at the heart of our economy: the SMB. Stealthy malware-based theft of funds start the clock ticking much quicker than most SMB owners realize and without action
In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky: “Don’t be surprised if a criminal compromises your or one of your colleague’s personal social networking accounts to
The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume “Kirllos” (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates
Is online privacy with Facebook technologically agnostic or can different rules apply if you post with your iPhone or other Smartphone? Are early adopters somehow compromised with their mobile device usage? Can a social media company make money while adopting user-driven privacy which impacts their revenue potential and shareholder value?
Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not
From time to time I hear people who don’t use antivirus software claim that it doesn’t matter, there isn’t anything of value on their computer. To begin with, just controlling your computer is of value to some criminals. If I can control your computer I can get paid to send spam from it, to install
Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when
I’ve just read a news item about a nine year old boy who has been accused of hacking into his school’s computer system. It seems police claim the nine year old hacked into the Blackboard Learning System used by his school to change teacher’s and staff member’s passwords, change and delete course content and change
The Boston Globe suggested that changing passwords is a waste of time, based on their interpretation of an article by Herley Cormac. Cormac’s paper – well worth reading, by the way – reinforces a point that has been made many times both by me and by the “user education doesn’t work” lobby. While I don’t believe that education is useless,
I find it hard to not be shocked at a headline like this… Then I remembered the recent top cybercrime city survey conducted by one of our competing software vendors which had Boston ranked the SECOND HIGHEST risk city in the entire United States. I’m also not one to simply lie down and let cybercriminals
Mario Vuksan, Tomislav Pericin and Brian Karney have been talking…about vulnerabilities they’ve found in various compression formats … as well as their potential for steganographical use or misuse…. Perhaps the main problems here will not be technical vulnerabilitiese but careless users and social engineering attacks.
Clearly, anything which is posted online should be assumed to be eternal, written in stone tablets, and admissible for all time. For the early adopter (Internet, blogger, Friendster, etc.) this also operates as a reminder of the ever-powerful TOS change: just because the terms of service (TOS) say that your content is private now never
According to FBI Cyber Division Director Chabinsky’s keynote speech last week the supporting elements of a somewhat clannish and tribal entity such as a cybercrime organization are also specialized and diverse in the 21st century:
After posting the article regarding this new legislature I continued my research into the objections which have been raised by many cyber activists. Some of the concern is about ‘Net Neutrality’ and the potential for abuse of power. Let’s look first at the issue of content-neutral or client-neutral packet routing. Net Neutrality – A Deeper
Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the
According to the CBO report quoted in this graphic, three dollars from every citizen of the United States each year for four years is what the final cost will be. We’re talking about the amped up Cybersecurity Enhancement Act of 2010 (HR 4061) currently passed by the House of Representatives. This can easily be confused
Interesting news this week with some heavy anticrime work in Russia resulting in the arrests of the alleged RBS Worldbank cybercriminals. In related research I had to laugh out loud at this particular turn of phrase reported by the Financial Times; The Russian Federal Security Service (FSB)has detained suspects including Viktor Pleshchuk, an alleged mastermind