How To Surf The Internet Safely

Many, many times I am asked, "How do I surf the Internet safely". There never has been or will be a completely safe way to use the Net. As long as you can reach millions of people and their links, they will be able to reach you. There is no such thing as complete Internet Security, it is an illusion. The best you can do is be vigilant on your updates and patches for your preventive maintenance software. Here are the steps, again, that I and many of my "security penetration associates" use. And always keep in mind "for every lock there is a key"...Butch.

________________________________________________________________________

Never, Never, Never...

1. NEVER click on a link that is contained in an e-mail, instant message, or post to a Usenet or other group.
2. NEVER open or install a program directly from the Internet. First, download it to your hard disk, scan it with your anti-virus software, and only then, if it is clean, install it.
3. NEVER open or install a program directly from a CD-ROM or DVD. First, scan it with your anti-virus software, and only then, if it is clean, install it.
4. NEVER enter any personal details in forms on unknown sites.
5. NEVER type your User ID or password unless you see the LOCK icon at the bottom of the screen and the Web address starts with https://
6. NEVER click on a pop-up, no matter what it says! Don't click on it even if you want to close it.
7. NEVER open attachments that you receive by e-mail. If in doubt, save the attachment to the hard disk, scan it with your anti-virus software, and only then, if it is clean, open it. Try to read all your e-mail messages in text format, rather than HTML.
8. NEVER visit unfamiliar Websites. First, go to Google (www.google.com) and check whether the site is legitimate and does not carry malware. Only if it is clean, visit it for the first time using the Opera browser.
9. CHANGE your passwords frequently; use complex passwords (example: 7Yby89IfD); never give your passwords to anyone.
10. UPDATE your Operating System, Antivirus, Firewall, Antispyware, and computer manufacturer's utilities DAILY.
11. SCAN your computer for malware every time you use the computer, after you have used it.
12. ANYTHING SUSPICIOUS? Stop everything you are doing, disconnect from the Internet, and scan the computer for malware. Examples of suspicious behavior: persistent pop-ups; the computer or connection slow down considerably; repeated re-boots; mouse or keyboard freeze; strange messages and alerts.
13. Remember NOTHING you get off the Net is "free". NOTHING!

14. DO NOT use Internet Explorer. Reference: 
15. DO NOT use the same Web Browser all the time. (Google, Opera, Firefox, etc.) Try not to become predictable. Change up.

Mac Botnet Generated $10,000 A Day

Flashback was robbing Google of advertising dollars by redirecting clicks from infected Mac OS X machines and stealing the ad revenue.

Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day.

In a new blog post that discusses the business model of the botnet, Symantec found that Flashback was robbing Google of advertising dollars by redirecting clicks from infected Mac OS X machines and stealing the ad revenue.

At its height, Flashback contained more than 700,000 Mac machines and Symantec calculates that a botnet of that size could easily generate about $10,000 a day in click-fraud.

I guess you MAC users feel pretty violated. Don't worry about it, us PC users have been having sex without kisses for years. Welcome to the club!!!                                ...Butch

P. S. Tell me Cyber Crime doesn't pay, when was the last time you made $10,000 a day?

Mystery Group Hacks US military, Harvard, NASA, More

The Unknowns says it has hacked ESA, NASA, US military, US Air Force, Thai Royal Navy, Harvard, Renault, French ministry of Defense, Bahrain Ministry of Defense, and Jordanian Yellow Pages.

A hacker group calling itself “The Unknowns” claims to have hacked 10 organizations around the world, gaining administrator access for all and leaking data for some. Most are related to the U.S. government or another international legislative body, while the rest just seemed like random targets.

The Unknowns yesterday set up the Twitter account “1_The_Unknown_1” and released their results on Pastebin. Apparently, the group’s slogan is “We are The Unknowns; Our Knowledge Talks and Wisdom Listens…”

The Unknowns listed 10 victim websites for which it publicly posted administrator accounts and passwords: 

NASA - Glenn Research Center
U.S. military
U.S. Air Force
European Space Agency
Thai Royal Navy
Harvard University
Renault
French ministry of Defense
Bahrain Ministry of Defense
Jordanian Yellow Pages

Good news though.

NASA and the European Space Agency (ESA) have confirmed they were recently hacked. The hacking group The Unknowns says most of the 10 companies it attacked have patched their systems.

Isn't this like shutting the barn door after the (Trojan)horse ran away.                   ...Butch

3 Million Hacked Bank Accounts

An Iranian security researcher recently hacked 3 million accounts across at least 22 banks in the country. Now, Google has taken down the blog on which he posted the account details of his victims.
Khosrow Zarefarid, an Iranian security researcher who hacked 3 million bank accounts, has had his blog taken down by Google. Zarefarid did not steal money from the accounts; he merely dumped the account details of around 3 million individuals, including card numbers and PINs over at ircard.blogspot.ca. I found the link via his Facebook account, along with the question “Is your bank card between these 3000000 cards?” As you can see in the screenshot above, however, the blog is no longer operational.

Hold on it gets even better!

Zarefarid is still, however, allowed to blog on Blogger; it appears Google is comfortable with him doing so as lomg as he doesn’t post stolen data. In fact, Zarefarid has at least two other blogs:irbanks.blogspot.ca (called Banking Problems in Iran, written in Persian) and zarefarid.blogspot.ca(his personal one).
Reference:

Gartner Study On Internet Identity Theft

According a Gartner Study on Internet identity theft, based on a survey of 5000 U.S. adult Internet users, it has been estimated that:

• 1.78 million adults could have fallen victim to the scams
• 57 million adults have experienced a phishing attack
• The cost of phishing… 1.2 billion dollars!

It ‘clear that the figures mentioned are a great attraction for criminal organizations that are devoting substantial resources and investments in the sector. An increasing component of organized crime is specializing in this kind of activity characterized by high profits and low risks compared to traditional criminal activities. In the US The Federal Trade Commission is monitoring the phenomenon of Identity Theft with main national agencies promoting several activities to aware the population regarding the risks derived to the crime exposure.

________________________________________________________________________

Data we give up over the internet...

Digital Identity

Particularly alarming is the growth of such crimes in computers. Which are the information that compose our digital identity?

On the Internet, our identity composed by:

1. IP (Internet Protocol) address
2. address where we live
3. usernames
4. passwords
5. personal identification numbers (PINs)
6. social security numbers
7. birth dates
8. account numbers
9. our names
10. our families names
11. our interests and hobbies
12. our personalities (likes and dislikes)
13. social profiles
14. religious beliefs
15. where we lived as children 
16. pictures of everyone we know and ourselves
17. where we go on vacation and when our house will be empty
18. what we own(personal property)
19. personal beliefs
20. whether we possess or believe in firearms rights
21. other personal information

..it is this author's belief at the present rate of information seepage, that soon organizations like the Census Bureau will no longer be needed, because some of us will voluntarily give up our personal lives to social media.                                                            Butch Morton

Reference:

Seven Facebook Crimes

There’s no doubt that Facebook has completely revolutionized the way people interact. But there’s a dark side to the world’s love affair with social media. Criminals are finding new ways to utilize Facebook to commit new and disturbing crimes that authorities don’t necessarily know how to police. That’s why if you want to continue to enjoy social media, you should be aware of the common crimes committed on Facebook so that you can avoid becoming a victim. Here are the seven most common Facebook crimes.


Scams
Criminals have been utilizing the scam for centuries. In the Facebook world, scams are particularly effective at drawing people in by simply enticing an individual to click on a link that would interest almost anyone, such as an innocent-looking notification that you’ve won a free prize like a gift card. Then, in order to claim the prize, scammers require you to submit some information, such as a credit card number or Social Security number. This description may make it seem like scams are easy to spot, but even the most savvy social media user has to be on the lookout for illegitimate requests for information.


Cyberbullying
Cyberbullying is a common occurrence among teenagers on Facebook and one that can result in serious criminal charges if it goes far enough. Cyberbullying on Facebook has contributed to the deaths of several teens who either committed suicide or were killed by a peer. Cyberbullying that involves hacking or password and identity theft may be punishable under state and federal law. When adults engage in this kind of online behavior it is called cyber-harassment or cyberstalking.


Stalking
The term “stalking” is thrown around a lot on Facebook, and it is often meant as a joke for regularly looking at someone’s profile. However, the actual act of cyberstalking is a common crime on the social networking site and can result in a serious offense. Cyberstalking typically involves harassing a person with messages, written threats, and other persistent online behavior that endangers a person’s safety. Although cyberstalking may seem like nothing more than annoying behavior, it is a legitimate cause for concern in many cases and can even lead to in-person stalking or endangerment if not treated seriously.


Robbery
It doesn’t take much for a thief to find out where you live, go to school, work, or hang out if you make that information readily available on Facebook. If you use Facebook’s check-in or Google Maps feature, then you could be in a heap of trouble if a robber is paying attention. This person isn’t always a complete stranger either; they may be an old acquaintance or someone else you’d never expect to come rob you.


Identity theft (# 1 crime in America)
With the large amount of personal information swarming around Facebook these days, it has become fairly easy for criminals to steal users’ identities. Hackers often break into users’ e-mails and make fake Facebook accounts. From there they can access personal and bank information and cause havoc to your sense of security. Protect yourself from identity theft on Facebook by keeping your profile very secure and free of personal information that a criminal would love to have.


Defamation
An individual commits the crime of defamation when they communicate a false statement to a third party that paints another individual or entity in a negative light. Facebook makes communicating defamatory statements frighteningly easy, and the exposure Facebook provides makes it more likely that businesses or individuals will be harmed by the defamatory statement, and thus more likely to pursue legal remedies. Be careful what you say on Facebook; you may be committing a crime without even knowing it.


Harassment
Harassment happens all the time on Facebook. From sexual harassment to assault threats, there has been a significant increase in the number of harassment cases happening on Facebook. It’s not uncommon for sex offenders and sexual predators to prey on unsuspecting victims on Facebook and even pose as a teen or college student. Harassing messages, inappropriate comments, and other persistent behaviors should be reported to Facebook and your local police station.


Reference:

SIRv12: The Obstinacy Of Conficker

Conficker is one of the most significant threat families facing organizations worldwide today; its initial impact along with its continued obstinacy shows that clearly. In the fourth quarter of 2011,  three years after its initial release, it attempted to infect just over 1.7 million computers. 


Conficker’s persistence is illustrated not only by the number of computers it has attempted to infect, but also by the nearly 59 million attacks launched against those computers in the fourth quarter of 2011. But perhaps the most interesting manifestation of its obstinacy is that it has been the number one threat facing businesses for the past two and a half years.

The China States of America – Unethical Marketing Tactics?

I recently had the fortune of investigating a case where a unsuspecting Internet user received an email that looked suspicious. I see a lot of SPAM that comes through like that and suspect it is something that goes wrong during the language translation that often result in text that just doesn't make any sense. 


Anyway, my gut feeling is that this is a site setup by Chinese Scammers with fake online electronics for sale. Another scenario would be an unethical marketing company hired to drive traffic to this Chinese electronics site and they are using illegal tactics by exploiting user email accounts.


Give them your credit card and you lose!


Reference:

Iran Admits Expanded Cyberattacks

The Iranian government acknowledged today that authorities have found evidence of recent cyber-attacks against several agencies, according to reports by state-sponsored media outlets.

A week ago, the country's oil ministry confirmed that it and other facilities in the energy industry had been targeted by malware attacks. Today, the Mehr News Agency said that Esmaeil Ahmadi-Moqaddam, Iran's national police chief, had claimed that his office has "found clues about recent cyberattacks on a number of Iranian ministries and companies." Mehr is a semi-official arm of the Iranian government. The report did not spell out what "clues" police had found, or which ministries and companies had been attacked. 

 "In cooperation with the Information and Communications Technology Ministry, the Intelligence Ministry, and the ministries which have been targeted by cyber attacks, we are investigating and pursuing the matter...and we have found clues in this relation," Mehr quoted Ahmadi-Moqaddam as saying.

Word 4 2day

Honeymonkey

Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.


Reference: