Report and Recover from Identity Theft with New FTC Service

Identity theft is a crime that can take years to recover from.  One of the early problems for an identity theft victim has been the requirement to file a police report.  Many police departments do not devote much effort to identity theft, so sometimes getting the police to actually create a report and provide you with a report number can difficult.  If the ...

Continue Reading →
0

The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to detect, ...

Continue Reading →
0

Linksys Wireless Routers Have Security Vulnerabilities

Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products.  They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.

Among the vulnerabilities discovered:

  • Unauthenticated attacker can create a denial-of-service ...
Continue Reading →
0

Why Biometrics Aren’t the Answer

Happy World Password Day.  I have been following the progress that NIST is making in formulating new standards for user authentication.  Something I found surprising was that NIST is not recommending using biometrics as a form of authentication.  The two main reasons are that biometrics, such as fingerprints, iris scans, and voice recognition, are not a secret.  For instance, you leave your fingerprints behind everywhere you touch something. ...

Continue Reading →
0

US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air travel. ...

Continue Reading →
0

SCADA Systems Vulnerable Due to Hard Coded Passwords

We have discussed the dangers to what NIST identifies as Critical Infrastructure that exists because SCADA and other industrial control systems are designed to be run on “air-gapped” networks that are not connected to the public Internet.  Unfortunately, many of these systems are being connected to the Internet, if only in a tangential way.

The German security firm OpenSource Security recently found hard coded ...

Continue Reading →
0

LastPass Quickly Fixes Reported Flaws

I use LastPass to manage all my passwords, and recommend LastPass to my clients and followers.  Often, when I am talking about storing passwords in the cloud, as LastPass does, I get concerned questions about the safety of storing your digital “keys” online.  What happens if LastPass is breached?

Well, the bad news is that they were breached around June 15, 2015.  I remember getting the email alert from them at the time, ...

Continue Reading →
0

Have I Been Breached?

Yes, I have.  A “breach” is an computer security incident where a website’s data has been illegally accessed by cyber-attackers and released publicly.

I know that my main email account has been compromised in the past, and used for sending Spam, because my hosting provider disabled my email account and hosting account until I had an opportunity to change my password.

I know that all my websites are under continuous automated password guessing attack, although ...

Continue Reading →
0

Apple Pushing Two-Factor Authentication

Users of the Apple iOS 10.3 phone operating system are being offered two-factor authentication (2FA) for their Apple IDs.  This offers an additional layer of security for iCloud data, too.

As we have discussed in previous posts, the benefits of 2FA are that your account cannot be breached with only a stolen password.  In addition to the password, a one-time passcode is required to ...

Continue Reading →
0

The Top Cybersecurity Strategies That Prevent Targeted Attacks

According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks.  To this list I have added a few of my favorites.

  • Password Manager Programs – If you are truly going to have dozens or hundreds of unique and long passwords, you will need the help of a password manager program to keep them all straight, and enter ...
Continue Reading →
0
Page 1 of 8 12345...»