Nepal earthquake email scam

US-CERT recently warned users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.

Users are encouraged to take the following measures to protect themselves:

  • Do not follow unsolicited web links or attachments in email messages.
  • Maintain up-to-date antivirus software.
  • Review the Federal Trade Commission’s Charity Checklist.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
  • Refer to the Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss

The eBay data breach: How to protect your account

In the aftermath of a recent breach that infiltrated a database containing user IDs, passwords, and other personal information, eBay has sent an email to customers urging them to change their passwords.

So far, there is no evidence of any fraudulent activity, and credit card numbers are encrypted and stored in a separate database. Notwithstanding, you should immediately take action to safeguard your account if you are an eBay user.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss

The Heartbleed bug explained

I have received a lot of requests from people outside of the IT field to explain the Heartbleed bug in easy-to-understand terms. Rather than attempt to reinvent the wheel, I have published below (with some editing for clarity) what is probably the best attempt at this that I have read so far. It was written by Stack Exchange user SPRBRN.


The Bank Employee and the Customer

The main characters in this story

  • The bank: A Web server
  • The bank employee: The OpenSSL service for the Web server
  • The bank customer: A bot fetching all information it can get from that server

You, the bank customer, call the bank to request a new bank account. Somehow you and the bank make sure that you are who you say you are, and that the bank is actually the bank. This is the TLS process that secures the connection between you and the bank.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss

Staying safe online, Part I: Spam

The Internet, computers, and mobile devices have become omnipresent fixtures in our everyday lives. This makes it easy to check email, connect with an old friend or colleague, confirm your checking account balance, or look up a recipe for tonight’s dinner from almost anywhere.

Unfortunately, all of this wonderful connectivity and functionality have come at a price. Because we’re connected to the Internet almost all of the time, it’s appallingly easy for anonymous strangers with malicious intent to wreak havoc on our lives using little more than a laptop and the free Wi-Fi connection at a corner cafe.

Over the course of the next few articles I will discuss some of the most pervasive threats endemic to the Internet and what you can do to protect yourself from them.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss

Happy birthday, I’ve stolen your identity!

On the way home last night, our family stopped at a local ice cream parlor for dessert. While paying for our order, I noticed a clipboard and pen next to the cash register. On the clipboard was a form that invited customers to join the parlor’s Birthday Club to get a free dessert each year on their birthday. In order to join, all you had to do was fill-in a line on the form with your first and last name, mailing address, email address, and date of birth.

Almost two dozen people had already completed one of the lines on the form, and all of their information was plainly visible to anyone near the cash register.

Continue reading

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss