Posted by Russ Ray on November 6, 2009
Sounds like the definition of a classic phishing scheme:
The indictment charges that cyberthieves located in Egypt used classic phishing tactics to direct victims to phony Web sites, where they entered passwords, account numbers, and other data. That info was used to hack into accounts at two banks. Money was transferred from the compromised accounts to fraudulent accounts created by “runners” recruited by the U.S.-based co-conspirators.
Posted in ADM 316, Internet, Privacy, Security | Leave a Comment »
Posted by Russ Ray on November 3, 2009
Identity thieves are looking at your resume online to get information to impersonate you. Make sure that whatever dealings you have with companies on the internet that have access to your personal data are secured.
Posted in ADM 316, Internet, Privacy, Security | Leave a Comment »
Posted by Russ Ray on November 2, 2009
If Comcast is your ISP, it appears that they will start monitoring accounts to make sure you’re not part of a botnet, a network of computers that launch spam, denial of service and malware attacks on other computers without a user’s knowledge. Sometimes it is also called a zombie computer… this is the same type of infection that drove the Conficker scare earlier this year.
Posted in ADM 316, Internet, Networks, Privacy, Security | Leave a Comment »
Posted by Russ Ray on October 30, 2009
Here’s a real scare for your Halloween weekend:
New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.
The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.
The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.
Posted in ADM 316, Internet, Privacy, Security | Leave a Comment »
Posted by Russ Ray on October 29, 2009
The lack of security around a fax machine amazes me. People don’t use cover sheets because they are lazy and in a hurry… well, maybe not, if there isn’t personal data on there.
But when people use a fax machine for personal use at work, they are generally sending information to banks, health insurers, and mortgage companies. Most of that information contains privacy-sensitive data, yet when you get your transmission sheet back and somebody dumps it on the pile, there is your SSN, bank account numbers, and address for all to behold.
The fax machine ought to be a secured item in your office. Here’s an example of what can happen in a real-world scenario:
Doctors’ offices in Tennessee have been accidentally sending patient information, including Social Security numbers and medical histories, to an Indiana businessman’s fax machine for the past three years. The sensitive medical information was supposed to be sent to the Tennessee Department of Human Services, but Bill Keith, owner of SunRise Solar Inc. in Indiana, says hundreds of confidential medical faxes having been coming to him.
“This is a total breach of privacy,” Keith said. “This is supposed to be confidential, and it just so happens we have some scruples here and wouldn’t do anything with that information. We’ve shredded them, but you can have a file an inch thick in no time.” It looks like the trouble stems from the toll-free fax number. Keith’s number is close to that of the state’s Disability Determination Section, under DHS.
Keith’s fax rang 167 times in a month at the peak of the problem, he said. Keith said he hasn’t kept an exact count, but his office averages about five patient faxes a week and sometimes more.
Posted in ADM 316, Privacy, Security | Leave a Comment »
Posted by Russ Ray on October 21, 2009
Here’s some words and tips from our president.
It’s nice to see the government taking this threat seriously and trying to educate the public.
Hat tip to Mark Griffin.
Posted in ADM 316, Internet, Networks, Privacy, Security | Leave a Comment »
Posted by Russ Ray on September 28, 2009
This video was shared on Twitter. It’s funny and done in the style of a 1950s educational film. Obviously, this is all tongue-in-cheek, but it speaks a lot to how people treat relationships over the internet differently than they treat live relationships and how freely people publish personal information that probably shouldn’t be shared over the internet.
Posted in ADM 316, Internet, Networks, Privacy, Security | Leave a Comment »
Posted by Russ Ray on August 17, 2009
The Better Business Bureau has released an alert on fraudulent debt collecting activity where scammers are calling people, claiming they have defaulted on a payday loan, and threatening them with arrest if they don’t hand over credit card or banking information.
This story might have a local connection, as there was a break-in last year at Central Collection Bureau (CCB) in Indianapolis.
One server taken contained records on approximately 700,000 people, 10 of whom were Vermont residents. Information exposed includes names, contact information, SSN, DOB, dates of service and medical procedure codes.
First, keep in mind that there are federal and state laws which prevent telephone debt collectors from making such threats. They are required to tell you where they got information, and they are also required to stop calling you if you tell them to stop. You can also request a telephone number for an attorney to contact the organization who’s calling you. Most important, no one can threaten you with arrest for amounts to legally as a breach of contract.
Unfortunately, the people probably getting held up over this are people who are probably at high-risk for being arrested anyway… those who might have outstanding warrants, those who are living in the country illegally, and those with prior criminal records.
Posted in ADM 316, Privacy, Security | Leave a Comment »
Posted by Russ Ray on July 10, 2009
The World Wide Web has been in widespread use now for at least 10 years, and you would think we would have learned how to use it as a society by now. However, I guess there will always be people who post their phone numbers on Facebook for the world to see and complain about their employers, future employers, and co-workers on blogs and on Twitter:
As social media become the latest branding strategy, networking technique, job seeking tool and recruitment vehicle, they’re also becoming the latest way for people to find out job offers have been rescinded, to get reprimanded at work and even to get fired. It’s happened so many times — publicized and not — that one would think we could learn from others’ mistakes. (But, if that were the case, I wouldn’t have anything to write about, now would I?)
A recent tweet by a potential Cisco employee, for example, turned ugly when she decided to tout a recent job offer: “Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work.”
Unfortunately for “theconnor” (the handle for the would-be employee), Tim Levad, a “channel partner advocate” for Cisco, saw the tweet and responded with this: “Who is the hiring manger, I’m sure they would love to know that you will hate the work. We here at Cisco are versed in the Web.”
How about this for disciplinary action? There’s nothing like making an embarrassing example out of somebody to snap everybody back into line:
An MSNBC article tells of Kevin Colvin, the legendary young intern who e-mailed his boss, claiming a “family emergency” would keep him out of the office around Halloween. His co-workers (and Facebook friends), however, saw a photo of Colvin dressed as a fairy at a Halloween party time-stamped on the same day of the “emergency.” Colvin’s boss responded to him with an e-mail CC’d to the entire company, firing him and including the incriminating fairy picture.
By the way, Indiana is an employment at-will state, which means you can be terminated from your job because a sudden breeze blew into your boss’ office and upset him/her. But, more likely than not, complaining about your organization in public is considered bad manners and even worse PR.
Kimberly Swann, a former employee at Ivell Marketing & Logistics of Clacton, U.K., thought her job was boring — and she said so on her Facebook page, according to an article in The Daily Telegraph. Swann was called into her manager’s office and handed a letter that cited her Facebook comments as the reason for dismissal: “Following your comments made on Facebook about your job and the company we feel it is better that, as you are not happy and do not enjoy your work we end your employment with Ivell Marketing & Logistics with immediate effect.”
In March 2009, the same MSNBC article cites Dan Leone, a Philadelphia Eagles stadium employee, who was fired after slamming the football organization for trading a player in this status update: “Dan is [expletive] devastated about Dawkins signing with Denver. . .Dam Eagles R Retarted!![sic]” Two days later, the head of event operations said they needed to talk about his Facebook status; instead, he got the boot.
So, what do we learn?
For the record, I love all my jobs and my employers 
Have a great weekend!
Posted in ADM 316, Communication, Internet, Networks, Privacy | Leave a Comment »
Posted by Russ Ray on June 30, 2009
If you think that a blind hacker is amazing, you haven’t seen the half of it:
Matthew Weigman, 19… known in the telephone party-line scene as “Li’l Hacker,” is widely considered one of the best phone hackers alive. Relying on an ironclad memory and detailed knowledge of the phone system, the teenager is known for using social engineering to manipulate phone company workers and others into divulging confidential information, and into entering commands into computers and telephone switching equipment on his behalf.
“I’ve been interested in phones since I’ve been about 8,” Weigman said in a 2007 interview with Wired.com. “I talked to technicians when they came down here to do things on my phone.”
In his plea deal with prosecutors, Weigman, who was born blind, admitted to a long criminal resume (.pdf). Among other things, he confessed to conspiring with other telephone hooligans who made hundreds of false calls to police that sent armed SWAT teams bursting into the homes of their party-line enemies.
Weigman also admitted eavesdropping on customer service calls to Sprint, by dialing into a phone line used by Sprint supervisors to monitor their employees. Weigman parked on the spy line to overhear customers giving out their credit card numbers, which he memorized and passed to accomplices. Weigman and his friends used the numbers to purchase computers and other electronics.
By the way, social engineering exploits the weakest part of a computer system: human beings.
Posted in ADM 316, Internet, Privacy, Security | Leave a Comment »
