Thursday, October 14, 2010

Attention Aldi Shoppers - Cybercrooks stealing credit card info.

Have you visited an Aldi in North Carolina?  Especially in Charlotte or Raleigh?

Or, how about those of you in CT, GA, IL, IN, MD, NJ, NY, PA, SC or VA?

Customers in these 11 states had their payment card data at risk as cybercrooks gained access to Aldi to install bogus point of sale terminals.

The bogus terminals drank the credit card data faster than you can chug sweet tea at a bar-b-q.
They pulled name, account number and pin.

By the way, this went on from June 1, 2010 - August 31, 2010.

Sources:
"Grocery Terminals Slurped Payment Card Data", The Register, Dan Goodin, October 8, 2010.

Aldi Foods Press Release



Posted by at No comments:
Labels: ,

Chitty Chitty Bang Bang We Love You - Flying Humvees and Self Driving Cars

It was a big week for those of that grew up watching Chitty Chitty Bang Bang.

Google announced it is testing self driving cars.  The tests, of all places, are in California.  Why not New York City?

Not to be outdone by Google, the Defense Advance Research Projects Agency (DARPA) announced its Transformer X project - building a Humvee that can fly and land with little human instruction.  Some of the vendors and braintrusts that will come together to build this include:  Carnegie Mellon University, Aurora Flight Services, Lockheed Martin.

Transformer X will move soldiers and supplies.

Sources:

Danger Room, Wired Magazine, "Darpa moves a step closer to its flying Humvee", Spencer Ackerman, September 29, 2010.

Forbes Blog - The Firewall, "Forget Google's Self-Driving Cars.  The Pentagon is Building a Self Flying Humvee, Andy Greenberg, October 13, 2010.
Posted by at No comments:
Labels: ,

Thursday, October 7, 2010

"Phone Home..." was cute in E.T. but not on your smart phone

A new tool called "TaintDroid" revealed some important secrets behind the Android phones this week.
The tool is a real-time privacy monitoring tool.

30 popular apps on the Android phones were recently reviewed using "TaintDroid" by researchers at Duke, Penn State, and Intel.  Out of the 30 apps reviewed, they all asked for the phone's current location.  Once you answer "yes", 15 of the 30 send out the information to ad networks without your permission.

Roughly 1/3 of those 15 apps also included other details which COULD BE used to track you personally such as the:  Device ID, SIM card number, and the phone number.

Google indicates that they ask permission first to use your phone location.  Seems a little sneaky to me.

As always, I am open to your opinions!

Source:

"Study: Android Apps Sending Private Data To Advertisers", Barry Levine, Newsfactor.com, September 30, 2010.

TelecomTV One, October 4, 2010.
Posted by at No comments:
Labels: ,

If your computer is infected should it be unplugged from the internet?

Microsoft has a team called "trustworthy computing".  The head of that team, Scott Charney, has a recent post on Microsoft's blog: 

"Just as when an individual who is not vaccinated puts others' health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society."
On the surface, this makes sense.  In practice, this may be a challenge.

Open questions:
If your machine is driven off the internet, you do not have access to the tools you need to clean it.

Someone or some technology obviously makes the call on the "infection".  Do we wall off everyone with annoying spyware or only bots, viruses, trojans, and malware we know?

Obviously if the current anti virus and anti malware software packages let the infection flow through, how would we catch it?

The bulk of the world's infected computers are in China and South Korea but the U.S and Europe have a great share too.


Sources:

"Microsoft: virus-infected computers should be quarantined", Josh Halliday, guardian.co.uk, October 7, 2010.

Microsoft Company Blog post.
Posted by at No comments:
Labels: ,

I'm Not Talking Quilting - 10/12 Patch Tuesday Biggest Ever!

Each week, the technology community and Microsoft have a day dedicated to patching.  For the non techies reading this, the day of the week is affectionately called "Patch Tuesday".  

Microsoft notified companies this week that they will issue 16 Security Bulletins that fix 49 security vulnerabilities.

If 16 Security Bulletins (in 1 week!) or 49 vulnerabilities sounds high to you, it is.  This is considered the biggest patch Tuesday ever.  

Out of the 49 vulnerabilities 4 are critical & 10 are important.  

If you are wondering what the critical means, in this case, all of the holes in the Windows software allow a hacker to gain control of your machine.





Sources:


"October 2010 Patch Tuesday will come with most bulletins ever", Ars Technica, Emil Protalinski, October 7, 2010.


"Microsoft Security Bulletin Advance Notification for October 2010, Published: October 07, 2010,
Microsoft Security Bulletins to be issued: October 12, 2010".  www.Microsoft.com

Posted by at No comments:
Labels: ,

NASA vs. Nelson

The Supreme Court heard a NASA Privacy Case this week.  

The lawsuit was brought forward by NASA Jet Propulsion Lab scientists, including Robert Nelson.
The premise of the lawsuit is whether or no the government has the right to do extensive background checks of contractors deemed "low risk" that have access to federal facilities.  This team of contractor scientists objects to the background checks and filed a lawsuit saying that the checks violate their privacy.

A federal judge heard the case and allowed the security checks to continue.

The 9th U.S. Circuit Court of Appeals overturned the federal judge's decision.

What is your opinion?  

The background checks are designed to make sure that contract workers on Federal projects pass the sniff test in the name of National Security.

Should it be the price of admission?  In my humble opinion, yes.

The hearing was held 10/6.  Court reporters thought that most of the court seemed to lean towards upholding the use of background checks.  Elena Kagan, the newest member did not participate in the arguments on Tuesday.

More to come.



Sources:
"Supreme Court to Hear NASA Privacy Case, NASA vs rocket scientists: Supreme Court to hear privacy case against space agency", ABC News, October 3, 2010.

The University of Chicago Law School, "NASA v. Nelson Oral Argument Aftermath - What Should the Majority Opinion Look Like?", The Faculty Blog, October 6, 2010.


"Justices question Caltech scientists' privacy claims", Los Angeles Time, David G. Savage, Tribune Washington Bureau, October 6, 2010.
Posted by at No comments:
Labels: ,

Use LinkedIn for Networking? Don't Get Duped by Spam Scam

CISCO reported that almost 25% of the world's spam on Monday for about 15 minutes came from infected related emails targeted at LinkedIn users.

The emails look legitimate and shows a linked in request.  If you click on the link, you wait for a few seconds and then Google launches.  Behind the scenes though, Zeus has been dropped onto your computer in what is called a "drive by download".

Zeus is the malware that typically focuses on stealing your online banking credentials from you.

If you use a mobile phone and think this does not apply to you, think again.  If they can infect your computer and your phone, they could reroute calls and text alerts so you will not know until it's too late.

The experts believe that this attack is most likely targeted at employees that have access to financial systems, including online commercial bank accounts.

Sample screen of the spam scam email from the Cisco Blog:

LinkedIn Spam

TIPS TO PROTECT YOURSELF:
1.  Educate - People are the first line of defense.
2.  Think Before You Click - Whenever you get reminder emails from social networking sites, I ignore the link and go directly to the site.  Most sites have an easy way to get to your pending messages.
3.  Computer Changes - If your computer starts to act sluggish or freezing up, you may be infected by Zeus or another malware; refer to a computer professional to clean your computer.

Sources:
"LinkedIn Attack Spreads Zeus Financial Malware", Mathew J. Schwartz, InformationWeek,  September 29, 2010.


"LinkedIn and ZeuS", Adam Ross, Nextgov.com, October 1, 2010.

"LinkedIn Zeus spam run targets prospective business marks", John Leyden, The Register, October 5, 2010.

CISCO Blog Report at http://blogs.cisco.com/security/cisco_security_tracks_linkedin_spam_attack/ 
Posted by at No comments:
Subscribe to: Posts (Atom)