|
Updates from:"SPAMfighter News" - 6 new articles
Use of Proxy Sites Behind Leakage of Personal InformationGermany's Department of Financial Services found during the second week of March 2008 that some government employees used a substitute server to access their payroll data online. They exposed their private information putting the latter at risk of identity theft. The incident prompted recreating of passwords all over the state. According to the DFS officials, a "proxy Website" behaves like a mirror onto the user's computer. It lets users to conduct searches on the Internet without leaving behind any clues. An employee desiring to reach a site such as MySpace or YouTube on a government computer might visit a proxy Website and then clicks for many other sites. However, since users are not aware about who might be watching their entries onto the proxy site their entries of information relating to sign-on and password might be intercepted. But, officials at DFS said that it is not possible for anyone to hack into the accounting system of the state. Still, they don't know how to handle the data that employees entered on the proxy site. The security breach on the data required no computer or e-mail system, simply the payroll Website, where employees could view their W-4 forms and rest of the payment data. Kevin Cate, Deputy Communications Director of the Department of Financial Services said on March 24, 2008 that instead of following the regular procedure on myfloridacfo.com site, some staff members had used the veryfastproxy.com site, as reported by News-Press on March 25, 2008. Employees who accessed the payroll system had followed the steps in the proxies for a minimum of five times. This baffled supervisors, who could not determine the places those employees visited via their computer. Although there neither occurred any security breach nor incidents of identity seizure, still the DFS has mandated for a nation-wide re-crafting of passwords for employees who might access the state payroll system. Kevin said that the department conducted an open investigation while stressing that merely personal information of the employees might be in danger without exposure of the system's entire data. Meanwhile, DFS has snapped its links from the services of all known proxies. • Email to a friend • Related • Halifax Bank Bewares Customers of Phishing E-mailHalifax Bank has issued a warning to its customers about a phishing e-mail scam that is hitting computers everywhere. Reports are coming in from residents of Huddersfield that they are receiving one or more e-mails each day purportedly from the esteemed bank. The e-mail message says that since the bank is processing to update its records therefore, the recipient is required to confirm his personal information and security details. Some of the e-mails also contain a link directing customers to a site appearing to look official site where recipients are asked to enter their particulars. But, these e-mails are actually come from fraudsters whose objective is to use the information provided to commit identity theft or other crimes. One of the bank's customers, Mr. Coxell, who got e-mail apparently from Halifax, is perplexed regarding how the scammers managed to get his e-mail address. Coxell reported about the e-mail to a Halifax branch where the staff told him to ignore the e-mail but he is concerned that others might be duped in the same way. According to officials at Halifax Bank, the problem called 'phishing' had been constantly occurring and the bank was among many banking institutions and companies whose customer identities were being misappropriated in such kinds of scams. A Halifax spokesperson said that any company or bank in the present time that deals online is susceptible to becoming a target. The problem is an ongoing affair, so it is best to ignore such e-mails. The spokesperson also said that albeit the bank sometimes communicates by using e-mail but it would never request customers to give their details via this medium, as reported by Examiner on March 27, 2008. According to the spokesman, Halifax was able to get many such phishing sites closed down. The bank also regularly posts about various scams on its Website to inform and alert its clients. Halifax is advising customers not to open the fraudulent e-mails. Also, they should never disclose their financial or personal details to anybody over e-mail. Any customer, who suspects an e-mail to be scam, should immediately report it, the bank suggests. • Email to a friend • Related • Website Selling Euro 2008 Tickets HackedComputer security company, Sophos, on March 27, 2008, warned football fans to exercise caution when purchasing tickets via the Internet for the forthcoming Euro 2008 football championship. This came after it was found that hackers inserted their malicious code into a Website belonging to a major European ticket-selling firm. The supplier of anti-virus software confirmed that the site, EuroTicketShop.com, which sells the championship tickets and appears on Google sponsored links, hosted malware in some of its pages. The Website enjoys a high ranking on the Google search engine through its sponsored links suggesting that the malicious hackers might have a large number of probable victims. People trying to buy tickets on the site are expected to find the malicious script that has been embedded on some of its pages. The malware called Mal/ObfJS-R downloads a number of exploits from another Website. Graham Cluley, Senior Technology Consultant, Sophos said that the incident is not the first of its kind in which hackers tried to take advantage of sporting events. Unfortunately, during the approaching summer competition, there would be more sites similar to EuroTicketShop.com that would be hacked and other scams that would prey on the fervor of football fans, as reported by Webuser on March 27, 2008. Quite often hackers take advantage of big events in order to spread their attacks among end-users. Researchers at Sophos have advised Web surfers to update their security software and ensure they relied on common sense while browsing any Website. Cluley further said that fans eager to get tickets for the game should not get too excited and lead themselves to the hackers' trap. It is also important that computer users ensure their anti-malware security is up-to-date so as to defend their systems against these attacks. In its Security Threat Report for 2008, Sophos noted how cyber criminals compromise massive number of genuine Web pages in efforts to infect as many computers as they can. The report said that every 14 seconds a new Web page is being infected. Of these, 83% belonged to authentic sites that majority of surfers wouldn't hesitate to visit. • Email to a friend • Related • Phishing Scam Jolts The Ohio State UniversityAn e-mail scam has made headways into The Ohio State University's (OSU) Webmail system taking over computers of both faculty and students and filling their mailboxes with junk e-mails, as reported by nbc4i on March 26, 2008. The Ohio State University officials revealed that nearly 50 Webmail accounts have so far been compromised. Though the number does not establish it as a major issue, the accounts are being continuously flooded with spam e-mails and therefore, the number could escalate. The phishing e-mail scheme is designed to exploit the username along with the password of the mail account holders. The roots of this phishing scam seem to lie in Nigeria. It carries new-generation Nigerian e-mail spam with messages like, "death awaits you". Some lottery scams originating from the United Kingdom also exploited the osu.edu addresses. Around six or seven messages, appearing to be sent from the University's actual e-mail team are sent to the addresses, osu.edu, prompting users to reply back by logging-in with user Ids and passwords to verify the account as they recently migrated to this Webmail system. Those people who fell victims to the trick found their e-mail accounts compromised. In addition, countless spam mails with the osu.edu domains also found way into the mailboxes of several other students. Charles Morrow-Jones, Director of Information Technology Security, said that this process of taking over accounts to generate spam e-mail is not new, as reported by THE LANTERN on March 26, 2008. Jones added that the threat wasn't so grave earlier because only a single or two accounts were affected every month. However, the problem has assumed gigantic proportion now with more number of people reverting back to these tricky phishing mails. Cyber security officials of the university have asked all the staff and students to discard any e-mail that prompts them to divulge personal information. Besides, upgradation process of the university is impeded in order to deal with junk mails. Cathy Bindewald, Director of Communications at the Chief Information Officer's office, said that someone who had an idea about the ongoing e-mail system upgradation spoofed them, as reported by THE LANTERN on March 26, 2008. • Email to a friend • Related • Phishers Exploit Google Search to Trace Vulnerable SitesA researcher working with MarkMonitor has found that three quarters (75%) of dubious phishing sites make surreptitious use of Google's search terms that are shared and traded across underground forums, as per reported by Hackinthebox on March 27, 2008. John LaCour, CISSP and Director of Anti-Phishing for MarkMonitor, clarified that phishers make use of Google's search terms, technically known as "Google dorks," to easily search and locate Websites that are more vulnerable and easier to hack. It is primarily the Hypertext Preprocessor (PHP) based Websites that they use to launch their devious phishing attacks, as reported by Darkreading on March 26, 2008. The search terms or dorks are frequently traded among hackers through their underground forums. This is the way through which they have found the magic strings to locate vulnerable sites and install their phishing exploits. LaCour told that a phisher enters the string into a search engine by using the Google dorks. Then, the search results show a long list of possible vulnerable sites. The phisher then chooses one particular site and manipulates the PHP program by directing towards their self-developed PHP file for remote inclusion. Hackers find the search terms by trolling through genuine cyber-security forums and also other sites that put out exploit information, for example MilwOrm. Some phishers implement "search bots" which they have programmed earlier. They do the Googling work to locate vulnerabilities. Other hackers develop search bots, which wait for commands, seated in the Request for Comments (RFC) channel. Hackers log-in and leave a message that acts like a 'bot'. It sends queries to Yahoo, AOL, and Google Search. They exploit Internet Relay Chat (IRC) and bots jointly to aggregate results. Using Google Dorks indicates that an average phishers isn't sufficiently motivated to implement sophisticated techniques. Instead, they choose established ways that provide an easier route to launch their exploits. The MarkMonitor researcher revealed that there exist a huge number of PHP-based vulnerable Websites for phishers to exploit. Researchers suggest computer users to frequently update and upgrade their security softwares in order to keep phishers and hackers at bay. • Email to a friend • Related • Former Intern with San Jose City Council Held for HackingA former intern with San Jose City Council, Eric Hernandez, 18, has been obliged to community service for 50 hours after admitting his offence of illegally hacking the city's e-mail system. The Judge of the Superior Court granted the defense's plea by reducing the felony charge to misdemeanor. Jerome Nadler, the Superior Court Judge, explained the reasons for his grant to the youngster because of lack of any previous criminal record, and the circumstances under which the offense took place, as reported by MercuryNews on March 26, 2008. Apart from the community service, the Judge ordered a year-long probation for Hernandez but this clause was later suspended, indicating that Hernandez will no longer be under supervision if he discharges the required community service. Additionally, he will have to pay a restitution of $100. Hernandez had interned during 2007 summer for City Councilman Sam Liccardo and he admitted to the police earlier this year of having used a password to unlawfully ramble through e-mail accounts of the city. He used his personal computer at home to spread political dirt about his earlier boss's girlfriend. Police reports claim that Hernandez hacked into the e-mail account of a City Council staff, Jessica Garcia-Kohl, over a 100 times. It was only after the Mayor's Chief of Staff's order that the intrusions could be discovered. He ordered the council members through an e-mail to restrict gathering in private beyond the council chambers. Later, a local political blog, sanjoserevealed.com, leaked it. Hernandez initially faced a felony charge for making an unauthorized entry, copy and subsequent misuse of computer data. He faced a prison term of three years after his arrest and a day spent in jail. He was let out on bail in February 2008. However, Steve Manchester, the Defense Attorney, rescued Hernandez by arguing that his deed was barely a criminal incident because the leaked e-mail was after all a public document, which the Public Records Act warrants disclosure. While authorities considered it a grave crime, the Prosecutor showed no opposition to the plea motion for reducing the felony charge to misdemeanor. • Email to a friend • Related • Click here to safely unsubscribe now from "SPAMfighter News" or change subscription settings 
"CAUCE North America" - 1 new article
Trust in Email Begins with Authentication As most CAUCE supporters already know, forging From: or other commonly seen email headers is trivially easy. It's one of the most frustrating oversights in the creation of Internet email technology -- though of course that's only obvious in hindsight; it was just fine for the pre-Internet networks of the late 1970s and early-mid 1980s. More Recent Articles
Click here to safely unsubscribe now from "CAUCE North America" or change subscription settings Unsubscribe from all current and future newsletters powered by FeedBlitz
Subscribe to:
Post Comments (Atom)
Blog Archive
Links
|
0 comments:
Post a Comment