Posted on by Tim Leogrande | Comments Off on Nepal earthquake email scam
US-CERT recently warned users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.
Users are encouraged to take the following measures to protect themselves:
Do not follow unsolicited web links or attachments in email messages.
Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
Refer to the Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Posted on by Tim Leogrande | Comments Off on The eBay data breach: How to protect your account
In the aftermath of a recent breach that infiltrated a database containing user IDs, passwords, and other personal information, eBay has sent an email to customers urging them to change their passwords.
So far, there is no evidence of any fraudulent activity, and credit card numbers are encrypted and stored in a separate database. Notwithstanding, you should immediately take action to safeguard your account if you are an eBay user.
Posted on by Tim Leogrande | Comments Off on The Heartbleed bug explained
I have received a lot of requests from people outside of the IT field to explain the Heartbleed bug in easy-to-understand terms. Rather than attempt to reinvent the wheel, I have published below (with some editing for clarity) what is probably the best attempt at this that I have read so far. It was written by Stack Exchange user SPRBRN.
The Bank Employee and the Customer
The main characters in this story
The bank: A Web server
The bank employee: The OpenSSL service for the Web server
The bank customer: A bot fetching all information it can get from that server
You, the bank customer, call the bank to request a new bank account. Somehow you and the bank make sure that you are who you say you are, and that the bank is actually the bank. This is the TLS process that secures the connection between you and the bank.
Posted on by Tim Leogrande | Comments Off on Target ignored security warnings
Bloomberg BusinessWeek reports that retail giant Target ignored the admonishments of their security contractor, FireEye, and sat idly by as the credit card data of forty million holiday shoppers was stolen.
Posted on by Tim Leogrande | Comments Off on Staying safe online, Part I: Spam
The Internet, computers, and mobile devices have become omnipresent fixtures in our everyday lives. This makes it easy to check email, connect with an old friend or colleague, confirm your checking account balance, or look up a recipe for tonight’s dinner from almost anywhere.
Unfortunately, all of this wonderful connectivity and functionality have come at a price. Because we’re connected to the Internet almost all of the time, it’s appallingly easy for anonymous strangers with malicious intent to wreak havoc on our lives using little more than a laptop and the free Wi-Fi connection at a corner cafe.
Over the course of the next few articles I will discuss some of the most pervasive threats endemic to the Internet and what you can do to protect yourself from them.
Posted on by Tim Leogrande | Comments Off on Happy birthday, I’ve stolen your identity!
On the way home last night, our family stopped at a local ice cream parlor for dessert. While paying for our order, I noticed a clipboard and pen next to the cash register. On the clipboard was a form that invited customers to join the parlor’s Birthday Club to get a free dessert each year on their birthday. In order to join, all you had to do was fill-in a line on the form with your first and last name, mailing address, email address, and date of birth.
Almost two dozen people had already completed one of the lines on the form, and all of their information was plainly visible to anyone near the cash register.