Last week we went deep on the subject of just how bad losing control of your email account can be. Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.
Prevention is the best solution. Your email account is one of the crown jewels ...
Continue Reading →On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more ...
Continue Reading →On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password. Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.
I consider email account compromise to be one of the most personally harmful cyber-exploits. When another person has access to your ...
Continue Reading →Let’s say I just hijacked your email account. What can I do with it?
First thing, a hijacker would not announce his or her presence in your account. Staying undetected is important so you do not change your password. Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!
In ...
Continue Reading →
It is widely believed that Satoshi Nakamoto is the inventor of an encryption technique called “blockchain.” I just read a new book by Sarah Westall titled “FIRST: Meet the Inventor of Blockchain” that credits Dr Kelce Wilson as the true inventor of blockchain, a concept he developed between 2000 and 2001 while serving ...
When a smartphone is stolen, it is a disaster. You have just given the keys to your online life, your email, social media accounts, and credit cards you have synced with an app. If you have the new smart locks on your home or office, you also gave them literal keys, the ability to open those locks. If you have live camera ...
Not sure if Weekend Update is going to become a regular feature on Saturdays, but you might keep an eye out for a few more of these. What follows is a copy and paste from alert emails I receive from the FBI, Department of Justice, FTC, and US-CERT. Also content from other bloggers, such as Sophos Naked Security block, Brian Krebs, Bruce Schneier, WordFence blog, and others that I read ...
Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature. Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.
This is not the same thing as password managers like DashLane or LastPass, ...
Continue Reading →
The average number of days between a network intrusion and it’s detection by the victim is around 200 days, which is at least 199 days too long. Sooner or later your company will suffer an network intrusion, computer incident, or data breach, in spite of your best efforts to prevent it. The goal is to shorten the time between intrusion and detection.
A recently article on Tech ...
Continue Reading →
Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products. They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.
Among the vulnerabilities discovered: