What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 1

Let’s say I just hijacked your email account.  What can I do with it?

First thing, a hijacker would not announce his or her presence in your account.  Staying undetected is important so you do not change your password.  Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!

In order ...

Continue Reading →
0

The War for Your Inbox

I recently gave a presentation titled “Email Security – Resist That Click” on May 23 2017 at the Phipps Theatre in Hudson WI.  This event was sponsored by First State Bank and Trust of Bayport MN.  I was also asked to present this topic at the MnCCC Conference (Minnesota Counties Computer Consortium) in Alexandria MN on Wednesday June 7, 2017.  This presentation was titled “The War for Tour Inbox.”

First State Bank and Trust had my presentation video recorded, and it ...

Continue Reading →
0

Should Facebook Manage Password Recovery?

Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature.  Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.

This is not the same thing as password managers like DashLane or LastPass, although ...

Continue Reading →
0

Report and Recover from Identity Theft with New FTC Service

Identity theft is a crime that can take years to recover from.  One of the early problems for an identity theft victim has been the requirement to file a police report.  Many police departments do not devote much effort to identity theft, so sometimes getting the police to actually create a report and provide you with a report number can difficult.  If the ...

Continue Reading →
0

The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to detect, ...

Continue Reading →
0

Linksys Wireless Routers Have Security Vulnerabilities

Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products.  They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.

Among the vulnerabilities discovered:

  • Unauthenticated attacker can create a denial-of-service ...
Continue Reading →
0

Why Biometrics Aren’t the Answer

Happy World Password Day.  I have been following the progress that NIST is making in formulating new standards for user authentication.  Something I found surprising was that NIST is not recommending using biometrics as a form of authentication.  The two main reasons are that biometrics, such as fingerprints, iris scans, and voice recognition, are not a secret.  For instance, you leave your fingerprints behind everywhere you touch something. ...

Continue Reading →
0

US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air travel. ...

Continue Reading →
0

SCADA Systems Vulnerable Due to Hard Coded Passwords

We have discussed the dangers to what NIST identifies as Critical Infrastructure that exists because SCADA and other industrial control systems are designed to be run on “air-gapped” networks that are not connected to the public Internet.  Unfortunately, many of these systems are being connected to the Internet, if only in a tangential way.

The German security firm OpenSource Security recently found hard coded ...

Continue Reading →
0
Page 1 of 8 12345...»