Facebook Fakebook: New Trends in Carberp Activity
Facebook fraud, Carberp, statistics and a DDoS plugin.
Archives - January 2012
Now you can be forced to decrypt your hard drive?
Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to
Tricky Twitter DM hack seeks your credentials, malware infection, and more
When a direct message pops up on Twitter stating that other people are saying bad things about you, please think twice before clicking on any links in that message. Why? Because the links are likely to take you to malicious websites that are out to steal your Twitter password. They may also try to infect
Facebook scam: the hours I spend…
Facecrooks has flagged a scam that has apparently already tricked 300,000 people into Liking a scam page.
EU – data breaches to be reported within 24 hours
In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in
Welcome to Facebook f‑commerce platform – and Own/Want features
As increasing sectors of the internet migrate to Facebook as a deployment platform (Zygna, etc.), a new effort aims to spread the preference aggregation features to include things users either own or would like to own. By allowing users to add Own and Want buttons to their profile, users can highlight both a Wishlist and
Anonymous and the Megaupload Aftermath: Hacktivism or Just Plain Ugly?
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
Facebook, your birthday #1, and survey scams
What was number one when you were born? Facebook survey scammers aren't going to tell you.
Beware of SOPA Scams
Tomorrow, on January 18, 2012, dozens of popular websites covering a diverse range of subjects will be blacking out their home pages in protest of the U.S. Stop Online Piracy Act (SOPA). Some of these websites are well-known, such as the English language web site for the encyclopedic Wikipedia and quirky news site Boing Boing,
Zappos.com breach – lessons learned
We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
Android – meet NSA/SELinux lockdown
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
Passwords, passphrases, and big numbers: first the good news…
Static passwords: if we can't kill them off, can we at least improve them? Yes, but here's a not of caution.
Great Expectations and the Grim Reaver
WPS, Reaver, and what you can expect from anti-virus by way of vulnerability scanning
Time to check your DNS settings?
Update: A US Federal Court extended the deadline for shutting down the replacement DNS servers to July 9, 2012. On Wednesday, the German Federal Office for Information Security (BSI) published a press release advising users to recheck DNS server settings on their computers. This recommendation is related to the successful botnet takedown – dubbed ‘Operation
Merchants push back on credit card breach fines
We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a
Today's networks are evil.
Says the first line of the presentation entitled “Building a Distributed Satellite Ground Station Network – A Call To Arms” given some time ago at the 28th Chaos Communication Congress (28C3) in Berlin by hackers from the Hackerspace Global Grid team. The presentation was lead off by Nick Farr who had already proposed the need
HTML/Scrinject: surfing for cheap thrills at XXXmas?
Do Xmas shopping and porn surfing account for a spike in Win32/Scrinject detections?
Phishing and Taxes: a dead CERT?
ZeuS-related malware appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group).
Autorun and Conficker not dead yet: Threat Trends Report
The two most prevalent threats over 2011 were still INF/Autorun and Conficker: ESET's December ThreatSense Report looks at threat trends in the new year.
Potentially Unwanted Applications White Paper Updated
Our white paper on Potentially Unwanted Applications (PUAs) has been revised with additional information, including information about how legitimate software can become classified as a PUA due to its misuse, a discussion of a type of downloader called a software wrapper and updated screen shots. It can be found in the White Papers section: Problematic,