tagged w/ Social Engineering
-
The “Twitter porn names” game, currently Twitter’s top-trending topic (things that are twittered the most), may be a fun distraction that gives you and your friends something to tweet about. But it also has a security hole — one that is no technical snafu. It could be simple human error, but it’s also possible that this security hole is an example of truly sneaky social engineering.The “Twitter porn names” game, currently Twitter’s top-trending topic (things... more
-
-
iCan’t help but cringe (the first time iLaughed) every time I see that iPhone commercial, you know the one that shows somebody entering their credit card iNformation iNto an iPhone. Are they freaking iNuts? iDon’t Get iT. Here’s why: When you do that you are entering your valuable credit card iNformation iNto a “BROWSER.” Any guesses as to why they call iT a browser? iF anyone said: “Because hackers can browse for iNformation on iT” congrats! So here’s my beef: “Where’s the Security?iCan’t help but cringe (the first time iLaughed) every time I see that iPhone... more
-
-
We can share many horror stories ranging from competitors attempting to steal a client’s customer data, to outright corporate espionage to gain information on new product debuts and stealing technology and other proprietary information that may still be under development.We can share many horror stories ranging from competitors attempting to steal a... more
-
-
“Our Participating Organizations came out in force in the recent Council nominations and election process. It is exciting to see such widespread participation,” said Bob Russo, general manager, PCI Security Standards Council. “I would like to congratulate not only our new Board of Advisors but everyone who continues to join the Council in pursuing its mission of securing payment card data, through these collaborative processes. I’m confident our new Board of Advisors will build upon the success of their predecessors in helping the Council to effectively evolve the PCI standards and bring new tools and resources to market to help improve education and implementation of PCI standards.”“Our Participating Organizations came out in force in the recent Council nominations... more
-
-
“Steve Wozniak (co-founder Apple), John McAfee (founder McAfee Associates), and I are on the Board of Directors of Ripcord Networks. Additionally we have the best employees and advisors in this space. Ellen Hancock is Chair of our Board of Advisors (former company affiliations include: IBM, Apple, Exodus, Aetna, Colgate/ Palmolive, EDS). The Board of Advisors includes: Jon Callas (CTO & CST of PGP), Phil Zimmermann (PGP founder, ZRTP author, and privacy advocate), Marc Hodosh (President, TEDMED, Archon XPrize Genome Project), Dan Pitt, and others.”“Steve Wozniak (co-founder Apple), John McAfee (founder McAfee Associates), and I... more
-
-
RSA and IDG released two new research studies that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA and IDG released two new research studies that examine the far-reaching security... more
-
-
We talk about criminal hackers, scammers and bold face conmen like they are mysterious creatures from the twilight zone. While they are certainly interesting and mythical creatures, fundamentally they are people.We talk about criminal hackers, scammers and bold face conmen like they are mysterious... more
-
-
From The Internet Security Alliance: The ISAlliance is leading a project to develop an industry led, cost effective SCAP solution for VoIP and Unified Communications with the goal of providing a secure playing field for corporations as they deploy VoIP and related technologies.From The Internet Security Alliance: The ISAlliance is leading a project to develop an... more
-
-
It’s no surprise that since the true realization of the money crash last September, sources of funding have dramatically tightened up. Most of us understand that desperate times require desperate measures, but be careful – if you’re seeking funding or working with someone who is; there be dragons out there… I’ve managed investor related due diligence issues over the years primarily by bringing transparency to decision makers before any deal is made – unfortunately, some call too late and we have to roll in to “how to fix it” mode.It’s no surprise that since the true realization of the money crash last September,... more
-
-
There is something wrong here and PCI DSS is exposing it, not causing it. “When people say PCI is too hard, many really mean to say compliance is not cheap. The business risks and ultimate costs of non-compliance, however, can vastly exceed implementing PCI DSS – such as fines, legal fees, decreases in stock equity, and especially lost business. Implementing PCI DSS should be part of a sound, basic enterprise security strategy, which requires making this activity part of your ongoing business plan and budget.”There is something wrong here and PCI DSS is exposing it, not causing it. “When... more
-
-
Ok this is a story from January of this year, but i think about it all of the time. Where does all of the money from ATM transactions go? Think about, you can pay anywhere from zero (Normally your bank) up to $3 or more to take twenty dollars from YOUR checking or savings account. On top of that your bank may charge you more for using a competitors ATM. Story below...
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Consumers who rely on ATMs for quick cash access may find that getting their money actually costs them more as banks raise their ATM fees. The financial institutions, which already generate $10 billion a year in revenue from what they charge people for accessing their accounts from other banks' ATMs, have increased the fees in response to a poorer economy.
One expert said banks are relying on consumers to get them through the weak economic time.
"They're looking for ways to make up for the losses and nickel and diming appears to be the only way they can do it," Consumer Affairs analyst Joseph Enoch said.
Today, the average ATM fee is...
Read the Rest at Link...
Ok this is a story from January of this year, but i think about it all of the time.... more
-
-
Blame for the current economic crisis has been laid on many doorsteps, including the Gramm-Leach-Bliley Financial Services Modernization Act of 1999; credit default swaps; hedge funds; the Commodity Futures Modernization Act of 2000; Alan Greenspan; and Phil and Wendy Gramm.
But it has fallen to right-wing pundit Ann Coulter to blaze a truly simple path through the maze of credit derivatives, collateralized loan obligations, tranches, securitization transactions, and Thomson Financial League Tables.
This gentle lady spells out the source and origin of the current economic crisis:
"THEY GAVE YOUR MORTGAGE TO A LESS QUALIFIED MINORITY!"
Coulter is putting forward an argument popular (who could be surprised?) among besieged conservatives, that "social engineering" is the root cause of the current economic crisis -- in the form of a 31-year-old law passed during the Carter administration by a Democratic Congress, the Community Reinvestment Act of 1977, "intended to encourage depository institutions to help meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods, consistent with safe and sound operations."
In Coulter's words, traditional yardsticks of a mortgage applicant's ability to make payments were replaced with "nontraditional measures of credit-worthiness, such as having a good jump shot or having a missing child named 'Caylee';" the result, Coulter continues, is that "middle-class taxpayers are going to be forced to bail out the Democrats' two most important constituent groups: rich Wall Street bankers and welfare recipients."
To make sure her meaning is clear, Coulter echoes a line from the famous anti-affirmative action "White Hands" commercial Jesse Helms used in his 1990 campaign against black challenger Harvey Gantt. The ad shows a pair of white hands crumpling a job rejection slip as the voiceover intones, "You needed that job, you were the best qualified. But they have to give it to a minority because of a racial quota."
Coulter is in the forefront of a concerted drive to shift...
Read the Rest at link...
Blame for the current economic crisis has been laid on many doorsteps, including the... more
-
-
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.A large internet service provider said data for as many as 100,000 websites was... more
-
-
Trade secrets and confidential information truly are the crown jewels of many businesses. This is the information that allows businesses to compete effectively, and that provides a competitive edge. Despite the critical nature of this information, my experience is that many business people do not understand what they should be doing to protect the crown jewels. I repeatedly see posts on LinkedIn and elsewhere asking for a “form” or a link to a “free site” to get an NDA. Given the potential value of the information, this cavalier approach is surprising.Trade secrets and confidential information truly are the crown jewels of many... more
-
-
T-mobile customers are awakening this morning to reports that hacker/extortionists have victimized the cellular carrier through a massive network breach resulting in the theft of untold amounts of corporate and customer data, which they’re threatening to sell to the highest bidder.T-Mobile says it is investigating.T-mobile customers are awakening this morning to reports that hacker/extortionists... more
-
-
One of the basic tools of any good hacker has always been the ability to utilize the concept of social engineering as made famous by people like Kevin Mitnick and the Badir Brothers. The idea being -– according to Wikipedia — that “All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create criminal attack techniques.”
While this type of ploy has been used to gain access to computer systems for various reasons, it also raises an interesting idea of it being used to get people to willingly do things on the Web that they might not think of doing on their own. Its possible that this is just another form of the mob mentality that we see in things like flash mobs, but isn't this just another form of social hacking?
Long before things like social networks and social media were the hot buzzwords used to spark VC feeding frenzies, Web forums and newsgroups were the main social communication tool. People would scour Web forums to spread news about people or products, good or bad. The overall effect of this type of promotion was usually limited, but it was still possible to get people riled up over something on a much larger scale.
Then along came blogs and the ability to instantly publish or comment about a person or a product. It provided a much easier way to galvanize people into acting, even if only verbally. To this mix now come things like Twitter, FriendFeed, Facebook, or any number of instant social tools that can broadcast your message instantly around the world to a potentially unlimited number of people. The effect being that within minutes you can galvanize an immense number of people into a single action.
One of the best of the classic online flash mobs can be seen anytime anyone says something negative about Apple products. The moment someone posts something like this, whether on a Web forum or a blog, you can be sure that in very short order the site will be inundated with Apple’s faithful arguing against whatever has been said. This varies from intelligent discussion to hateful things being said about the person who wrote the post.
Bring this forward to today and we see, as Svetlana Gladkova at Profy.com points out in a post, just how easy it could be to cause a major news group to pull down a service because of a social hack.
CNN editors expected to receive opinions from the site’s main target audience (which definitely is not in Russia) but what it received instead were mainly votes from Russia with the first answer getting 92% of votes (or over 329 thousand of people).
How did this happen? Very simple actually. The information about the CNN poll quickly made it to the Russian blogosphere (it is impossible to determine where it all started because of the huge number of posts on the topic) and bloggers started encouraging their readers to go to CNN and vote for the first option. The news was quickly disseminated over an enormous number of the Russian blogs and the results were predictable: 92% supported the official point of view of Russia.
The reality is that even with the simple social media tools that we have today it would be incredibly easy to use them to organize people unknowingly to attack the Web presence of a person or brand. Just as we can see daily on services like Twitter, where people are being directed to charities or new products, this group mentality could potentially be used as in the CNN story to cause damage. Why use things like botnets when you can just as easily obtain the same results by using social media - and it’s legal to boot.
Is it really that large of a step before incidents like the one that happened with CNN become part of the norm? Are we really beyond being used in such a way without even realizing that we have been a part of a social hack attack? Would you even realize it if you had been socially hacked?One of the basic tools of any good hacker has always been the ability to utilize the... more
-
-
From The Internet Security Alliance: Virtual-machine exploit lets attackers take over host; T-Mobile confirms stolen data is genuine; Webhost hack wipes out data for 100,000 sites; Texas DPS trying to catch up after virus, new design.From The Internet Security Alliance: Virtual-machine exploit lets attackers take over... more
-
-
By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that there has been a major spike in fraudulent pharmacy sites just this past week. Much like the fake SpySweeper site these pharma-fraud sites present a convincing storefront that appears to sell Viagra and Cialis. They have a sophisticated shopping cart system and take your money but do not bother with actually fulfilling orders. eSoft provided me with data on seven different templates they have discovered. The quantity is amazing.By Richard Stiennon, Chief Research Analyst, IT-Harvest: eSoft has determined that... more
-
-
Google identifies the ten domains responsible for compromising the most number of sites on the internet. In response to a recent surge in websites being infected with malware, Google has revealed the top ten most popular malware sites in the last couple of months.Google identifies the ten domains responsible for compromising the most number of... more
-
-
Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White House Blog, at the moment that the President was speaking, I also noticed something very interesting: “Why would Raytheon remove Rear Admiral Williamson’s distinguished service Bio from the corporate website?”Just as I had noticed the mysterious change in Melissa Hathaway’s title on the White... more
-
