NYT-China Tightens Censorship of Electronic Communications

SecureID firm, RSA, has it’s servers hacked

Man, security is getting tougher. When the servers at a well known security firm get hacked, we need to rethink our security protocols and business practices. From Sophos/Naked Security:

Hackers have broken into the servers of RSA, the security division of EMC, and stolen information related to the company’s SecurID two-factor authentication products.

Read the full story @ Sophos.com…Security firm RSA warns that its servers have been hacked | Naked Security.

Rogue Facebook apps can now access your home address and mobile phone number | Naked Security

Time to revisit your facebook privacy settings again:

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Read more…Rogue Facebook apps can now access your home address and mobile phone number | Naked Security.

Obama Eyeing Internet ID for Americans – Tech Talk – CBS News

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

If it weren’t for the Wikileaks debacle (nice security there guys!), the fact that government programs can’t be financed properly (Social Security, Medicare, the Postal Service!), I’d say ok, let’s give it a try. But not with this government. Me no trusty.

But they say:

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said.

Yeah right. But ultimately, we won’t have much of a choice if you want to do business online.

Read more…Obama Eyeing Internet ID for Americans – Tech Talk – CBS News.

Spam Taking Advantage of Gawker Hack

We know that Gawker Media had it’s databases hacked, releasing millions of usernames and passwords.

Now spammers/hackers are taking advantage of that story to send out spam emails like this:

Beware…

Beware of Wi-Fi Hotspots – Easy password stealing FF extension

From TechCrunch:

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.

Read more: Extension Lets You Hack Into Twitter, Facebook Accounts Easily.

Gizmodo: Undercover Report From Foxconn’s Hell Factory

Too bad we can’t get his kind of info on ALL the products we buy:

Chinese newspaper Southern Weekly sent 20-year-old reporter Liu Zhi Yi undercover in Foxconn’s factory in Shenzhen, China. For 28 days, he experienced dreadful conditions that the factory’s 400,000 employees endure, churning out iPods, iPads, and iPhones for Apple nonstop.

Read more – Undercover Report From Foxconn’s Hell Factory.

Posted in opinion, tech. Tags: , , , , , . No Comments »

EFF – Facebook Tries to Make Violations of Terms of Use Into Criminal Violations

I used to be afraid of Google. Now, I’m more afraid of Facebook.

The Electronic Frontier Foundation (EFF) is urging a federal judge to dismiss Facebook’s claims that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites.

In a lawsuit against Power Ventures, Facebook claims that Power’s tool violates criminal law because Facebook’s terms of service ban users from accessing their information through “automatic means.”

Accessing information through automatic means is nothing new. Google Reader aggregates feeds from different sites. Seesmic can aggregate your social information from Twitter and Facebook and put it all in one place. Using Facebook’s argument, using something like Seesmic would constitute a criminal violation.

Read more at EFF Seeks to Protect Innovation for Social Network Users | Electronic Frontier Foundation.

Fake PayPal Phishing E-Mail

Spam. We all get them. Some come with attachements that are just viruses or trojans. Some come from folks in Nigeria who want to give us $2000 cash. Some purportedly come from financial institutions looking to verify your info. What we need to remember is that NO bank, NO credit card company, NO financial institution will ever send you an email asking you to click on an embedded link to verify your info. Below is a typical example of such a spam message (one I actually received today). I will also show you how easy it is to spot that it’s a fake.

It apparently came from PayPal. Specifically, security at PayPal.

This message is actually very believable. No misspellings like the usual spam. They even give you a “Reference Number” that looks official. But what you will notice is, if you hover over the link they want you to click (without actually clicking on it), you will see the actual address the link points to. In this case, even though the link says “www.paypal.com”, in the status bar you can see that it actually goes to www.pacificliv.com. If you actually click on the link, you will be brought to a site where you will asked to enter in your paypal credentials. And THAT’S how they get your info and steal your identity. The method is called “phishing”.  It works by basically sending out mass emails to addresses harvested from newgroups, forums, blogs, etc. From the millions of emails that are sent out, some unsuspecting recipients will bite. So be vigilant. Don’t fall for these scams. Never email you info. And when in doubt, simply CALL your financial institution and speak with a customer service representative, directly.

PDF Malware Using New Attack Technique | threatpost

Even PDF attachments aren’t safe. If you receive an email from an unknown sender with a PDF attachment, be aware that trying to open it might launch an executable that can inject malware into your system.

The attack produces a warning dialogue box, but users are accustomed to seeing, and ignoring, those in many situations. In this particular new malware campaign, the attackers have used that tactic, along with adding some extra white space to the dialogue box to make it look less suspicious.

Read more at PDF Malware Using New Attack Technique | threatpost.

Posted in opinion, security, tech. Tags: , , , . No Comments »