Tag Archives: Security

When a purchase order email is not what it seems

Image By: Ian Lamont
Image By: Ian Lamont

Today’s award for the least convincing spam message goes to the “purchase order” I received. The funny thing is I don’t sell anything so I’m not sure how it could possibly pertain to me. It just goes to show they grab, harvest or purchase email addresses and then send them out in bulk, sort of like fishing with a bucket of bait. With that much bait you are sure to catch something.

If you receive something like this one, which also has a “zip” file to download my suggestion is to send it to spam and keep going. What are the keys to knowing this isn’t a real purchase interest?

  1. It was in my spam folder – which I do check regularly since sometimes items are mistakenly marked as spam.
  2. The problems with grammar and punctuation.
  3. The fact that I don’t sell any items.
  4. And, that it’s “near” somewhere in Egypt.
  5. That it has a zip file. Beware of downloadable files, links, and images, especially those that come from those you don’t know.

Sample Email below

A dead giveaway is when my spam filler has this in the RE:

****SPAM**** HIGH * Purchase order-
Dear Sir

We are interested to Purchase your product, i got your contact information

from two of our customers.

Please contact us with the following below:-

– Your minimum order quantity.

– Your FOB Prices and FOB Port.

– Your estimated delivery time.

Please fine attached company details and requirements below to preview the samples/specifications needed.

Best Regard
—————————————————————————————————————–
GMCC LTD  IMPORT & EXPORT
Address deleted
Sheraton Bldgs. Heliopolis,Cairo
Landmark:Near To Radisson Blu Cairo Egypt

Hackers Win Round Against Sony: The Interview Pulled from Theaters

Hackers have won a round against Sony Pictures Entertainment this week after a devastating cyber attact. Sony pulled “The Interview” from theaters nation wide after the hackers spread fear throughout the entertainment industry. “The Interview” was to be released in theaters on Christmas Day. Sony said they would no longer hold screenings of the film in any of their theaters.

U.S. intelligence has linked the cyber attack on Sony to the North Korean government. The film portrays the fictional assassination of North Korean leader Kim Jong Un. It is believed that the hackers from North Korea were given the order to hack Sony’s computer system targetting sensitive data including emails, financial records and salaries of Sony’s top stars.

It is unclear whether “The Interview” will be released soon. The hackers made threats against Sony by promising movie goers with a “bitter fate” should they head to theaters to screen the film. The hackers threated a 9/11-like attack on all movie theaters that screen the Seth Rogen and James Franco comedy.

The warning reads:

“We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

  • Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
  • The world will be full of fear.
  • Remember the 11th of September 2001.
  • We recommend you to keep yourself distant from the places at that time.
  • (If your house is nearby, you’d better leave.)
  • Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
  • All the world will denounce the SONY.”

In addition to the terroristic threat, the hackers released the content of files called “Michael Lynton” (CEO of Sony Pictures Entertainment) which included embarrassing emails and sensitive personal data. The tactics used by the hackers worked to caused the nations three largest movie chains to cancel showings of “The Interview” with an unknown release date.

Sony has no current plans to release the film either to theaters or direct to video.

Stand Against Spying- A Coalition Seeking to Stop Government Mass Spy Programs

By: Alan Cleaver

A coalition of organizations from across the political spectrum has joined forces to fight mass surveillance by the National Security Agency (NSA). The group has launched a website called “Stand Against Spying” and has become a watchdog of Congress. Although the organizations are vastly different in terms of missions, goals, and communities they all agree that mass surveillance is a violation of the United States Constitution. Electronic Frontier Foundation, Tenth Amendment Center, Greenpeace, Freedom of the Press Foundation, and UpWorthy are all part of the coalition fighting back against the government spy programs created by the NSA.

Stand Against Spying allows users to put in their address and zipcode to see how their representative is voting on issues regarding mass surveillance. Each member of Congress is rated on his or her actions to end or promote mass surveillance.

The method used to rate members of Congress was different for the House and for the Senate. For the House, votes for the two strongest bills against mass spying were considered; the Surveillance State Repeal Act and the original version of the USA FREEDOM Act. Senate members were rated on whether they co-sponsored the original USA FREEDOM Act and if they have come out publicly claiming a commitment to cosponsoring the Act when Congress is back in session (July 7).

The website requests that users sign an open letter to President Obama. The letter sets out the goals, beliefs and mission of Stand Against Spying.

It reads:

“Dear Mr. President,

As citizens of the Internet, we believe that mass surveillance by the NSA and its global partners infringes on our civil liberties, runs contrary to democratic principles, and chills free expression.

We’re calling on you to take immediate steps to end the mass spying. Specifically, we urge you to stop the mass collection and retention of telephone records and Internet communications of hundreds of millions of people who are not suspected of a crime.

In addition, we call on you to provide a full public accounting of the intelligence community’s mass surveillance practices.”

Read the full letter here. Internet citizens are encouraged to sign the open letter to take a stand against spying.

 

NXT-ID claims Wocket™ is useless to thieves

By: bozontee’s golden zebra

Once upon a time, Dr. Seuss wrote a book called There’s a Wocket in my Pocket where a little boy talked to strange creatures living in his house. Nobody really knew what a Wocket was though. NXT-ID, Inc., a biometric authentication company, wants everyone to carry around a Wocket™ in their pocket. The company NXT-ID claims Wocket™ is useless to thieves has plans to launch the Wocket™ in New York City on May 28.

Wocket™ is considered the newest smart wallet heading to the e-commerce market. At the launch consumers and media will get the first look and feel of the smart wallet that claims to zeroize each sale immediately making the Wocket™ useless to thieves.

The patent-pending Wocket™ uses biometric solutions to secure consumers’ mobile platforms. The smart wallet is designed to replace all the cards in your wallet without the need for a smart phone. It will be 3.7”W x 2.75”L x .39”H. The smart wallet only becomes accessible through a unique combination of voice, PIN or pattern. It was designed to keep Wocket™ transactions separate from regular transactions in order to keep Wocket™ transactions secure by zeroizing each card after use.

Wocket™ isn’t the first smart wallet on the market. It is an evolution of the smart wallet’s already on the market. Google offered a smart, virtual wallet to help consumers’ keep their information secure. Google Wallet comes in the form of an app or a card that stores credit card and loyalty card information all in one place.

Security is the biggest concern for smart wallets since they were designed with consumer security in mind. The Google Wallet offers 24/7 fraud monitoring and Google Wallet Purchase Protection. If your phone or card is lost or stolen it can be disabled through a Google Wallet account.  The Wocket™ doesn’t offer a protection program instead it offers a guarantee.

According to the FAQ, the creators say, “while we can’t ensure that your card never gets stolen, we can guarantee that it’s worthless to anyone that gets a hold of it. Each time after the dynamic card is used, it is zeroized. Thus, it is merely blank piece of plastic to any ambitious thief.”

There are very few other smart wallets on the market. The Wocket™’s biggest competitor appears to be Google Wallet, but there are a few other smart wallets attempting to emerge on the scene including the PING wallet and the SmartWallit.

Bitcoins Vanish and Mt. Gox Goes Dark

Bitcoin is a buzz word in the news lately.  Almost half a billion US dollars worth of bitcoins vanished into thin air last week when the bitcoin exchange Mt.Gox went dark.  It helps to understand what bitcoins are to understand why customers are upset about the disappearance of virtual funds.

What are bitcoins?

Bitcoins are virtual currency that approximate cash on the internet. The coins are purely digital and not linked to any government entity. The coins are not backed by any bank or government.  The virtual coins are mathematical algorithms that are exchanged directly between two parties online with no middle man. That means no bank, no government, and no other authority over the printing, distributing or mining of the coins.

What is a bitcoin worth?

According to a Simple Bitcoin Converter, 1 bitcoin is worth $657.60 USD at the time of this post. The exchange rate does fluctuate.

What is the idea behind bitcoins?

The idea behind bitcoins was to create a currency that is completely segregated from a country’s government. For example the United States has no control over the creating, distributing or backing of bitcoins as it does with American currency. Bitcoin was aiming to become a universal currency that changed the current economic system.

What happened?

A rumor appeared that several hundred thousand bitcoins disappeared from one of the dominant exchanges for bitcoin trading.  Slowly the rumor unraveled to become fact. Mt. Gox CEO Mark Karpeles bowed in apology at a news conference in Toyko after revealing that it had lost almost 750,000 of its customers’ bitcoins. On top of the large amount lost, which equates to almost half a billion dollars in US currency, Mt. Gox also lost 100,000 of its own bitcoins.

Karpeles said that technical issues and “some weakness in the system” opened the way for the fraudulent withdrawals.  He did not delve into detail about what the “weakness” or address what the technical issues were.

What is being done for victims of the fraud?

Customers who lost bitcoins have assumed a risk by using a currency not backed by any central bank.  There are no regulations in place. Mt. Gox has shut its operation down and is filing for bankruptcy protection. Some victims are attempting to bring about a class action suit against the once popular exchange.

According to Wall Street Journal, Gregory Green filed a claim with an Illinois District Court seeking damages and restitution.  The claim alleges that Mt. Gox engaged in “unlawful, deceptive, and unfair conduct that is immoral, unscrupulous, and causes substantial injury to consumers.”

Recourse might be very difficult for the victims of the vanishing bitcoins because the exchange was never regulated and never backed by any government or bank. In the meantime, bitcoin enthusiasts believe that the missing coins can be found and are hunting them down themselves.

 

U.S. Secret Service Investigating Possible Data Breach at Sears?

Sears Holdings Corp. is launching an investigation in the wake of cyber attacks on other retail stores.  Sears, the retailer run by Edward Lampert, has not revealed any details of an actual attack or security breach.

Sears spokesman Howard Riefs said in a press statement, “There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach.”

Riefs added that there has been no information to indicate a breach so far which completely contradicts a report made by Bloomberg News.  Bloomberg News, using an un-indentified source, reported that the U.S. Secret Service was involved in investigating a secret breach at Sears.  The U.S. Secret Service is remaining quiet on whether or not it is actually investigating a breach at the retailer.

What is known is that the U.S. Secret Service is leading the investigation into last year’s cyber attack on Target and last year’s attack on Neiman Marcus.  The Target breach lead to the theft of approximately 40 million credit/debit card numbers and over 70 million pieces of personal data.  Neiman Marcus has also faced the harm of a data breach.  The luxury retailer had 1.1 million credit and debit cards hacked by malware that infiltrated terminals point of sale systems.

Target, Neiman Marcus and other retailers who have experienced data breaches are attempting to gain back customer support by doing a lot of damage control. Target has offered free credit monitoring  and identity theft protection to customers for free for one year as part of its damage control efforts.

The rumor that Sears is investigating a possible security breach may still harm the retailer.  Lampert has struggled to make Sears profitable after 28 straight quarters of declining sales. A tarnished image from a potential data breach isn’t going to make shoppers rush out to buy anything from the retailer.

Original reports of the Target and Neiman Marcus breaches made clear that it could take months to confirm that breaches were made, how many victims were affected, and account for what data was stolen.

Snapchat Suffers Major Security Breach Plans to Make App More Secure

Snapchat suffered a major security breach on New Year’s Eve when a reported 4 million usernames and passwords were collected by hackers.  Snapchat had been warned twice by security experts about a vulnerability in its system, according to Yahoo News.

Snapchat is a private company that has marketed itself on being a more secure alternative that Facebook and Instagram. It lets users send photo and video messages that disappear once viewed.  According to the New York Times, users of the self-destruct message service were sending 350 million photos a day in September –increased from 200 million in June.

Related content:  Are Instagram and Snapchat safe for Kids?

Security researchers were not convinced that the app actually deleted information.  The hackers who stole the usernames and passwords from Snapchat were actually security researchers with Gibson security who were able to hack into Snapchat’s servers and find the data that had been stored in a database similar to other big internet companies.

The security researchers posted the hacked information onto a website called SnapchatDB.info after privately warning Snapchat about the weakness in its system.  The researchers then posted a warning about the security hole online on Christmas Eve after the notice was ignored. Snapchat did patch the hole in the system but it didn’t do enough.  The data was not encrypted nor were there any basic security measures in place to prevent hacking.

The usernames and passwords put online in the data dump on New Year’s Eve had the last two digits of phone numbers removed. Snapchatdb.info has since been suspended for the data dump, but not before word spread of the breach.

The breach severely tarnishes Snapchat’s reputation and image. It could threaten the company’s rapid growth.

Gibson Security says users can delete their Snapchat accounts and ask their phone company to change their phone number in order to protect their information. Although, they warn that deleting the account won’t remove information from the leaked database information.

“Ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up –if you don’t think a service requires your phone number, don’t give it to them,” Gibson told the Associated Press.

Snapchat is trying to reassure users’ that is has adopted security measures that would prevent spam and abuse. They also claim they are working to prevent “future attempts to abuse our service.”

White House Not Inclined to Place Restraints on NSA Activities

The National Security Agency isn’t going away any time soon and the White House isn’t planning on placing new restraints on the agency. According to the Washington Post, “the Obama administration has decided to preserve a controversial arrangement under which a single military official is permitted to direct both the National Security Agency and the military’s cyberwarfare command despite an external review panel’s recommendation against doing so.”

A group of top U.S. intelligence officials got together and decided that the two divisions (NSA and Cyber Command) should be placed under separate leadership. The argument for the division is that it would ensure greater accountability and prevent investing too much power in one individual.  The two divisions also have different missions. The NSA mission is spying and the Cyber Command’s mission is to conduct military attacks.  Both divisions work closely together since the Cyber Command depends on the NSA’s ability to hack into the computer systems of enemies for intelligence and to conduct potential operations.

According to the Washington Post, an email from Caitlin Hayden, White House spokeswoman, said, “Following a thorough interagency review, the administration has decided that keeping the positions of NSA Director and Cyber Command commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies’ missions.”

There have been over 40 recommendations made by the intelligence panel. Currently, the White House appears not to want to add constraints onto the surveillance agency.  The NSA is working toward making changes within the organization to combat any leaks that could be comparable to the leak committed by Edward Snowden.

The leak committed by Snowden informed the public that the NSA was conducting surveillance and collecting virtually all phone calls of Americas through a metadata collection process. NSA still claims that their collection of billions of phone records was for counterterrorism purposes and that the content of the calls is unknown, the agency purportedly only collects where the calls were made and how long they lasted.

What do you think?  Is this collection of data necessary? Doesn’t it put us at an even greater risk?

5 Credit Card Safety Tips for Travel during the Holidays

credit card scamsTraveling during the holidays should be fun. It shouldn’t be filled with worry and stress. Using a credit card instead of cash or a debit card can make travel during the holidays less stressful and less risky. Use these five tips to keep from becoming a victim of credit card fraud.

Pick One Card

Pick one credit card to take with you. Make sure you have a copy of it, but store this copy in a safe place. Carrying multiple cards can lead to the loss of one or more of them.  When you pack for traveling remember to remove all other cards and store them in a secure location.  If your wallet or purse get stolen while you are traveling it is much easier to deal with one stolen card instead of six.

Separate Your Credit Card from Purse or Wallet

Don’t keep your credit card in your purse or wallet. Purses and wallets, particularly  Continue reading 5 Credit Card Safety Tips for Travel during the Holidays

Personal files containing financial data mistakenly sold at Goodwill stores

As the holiday approaches I begin to clean out my house.  I do this for several reasons.  First, I know that with the holidays there is going be some presents underneath the tree that are going to need so space to be stored in when they are not being played with.  I also know that especially during the winter months and holiday season charitable organizations are in big demand and can use all the help they can get in the form of monetary as well as physical donations to help meet the needs of the hundreds that call upon them.  Last but not least, I don’t like anything to go to waste and the coat my daughter wore four times (it doesn’t get really cold here in Houston) and has now outgrown doesn’t belong in the trash, but it does belong on another little girl who could use one.  But with all this peace on Earth and good will towards man, it’s important to pay attention to what’s going out the door and into the hands of others.

We have talked before about the importance of clearing your electronics like cell phones and computers of information, personal data and stored information and images.  But what I never imagined I would find is that important papers could be lost and then found again, but quite possibly the wrong person as many of us clean out closets and make donations.

NBC News recently reported about a purchase made at an Indiana Goodwill Outlet Store.  Edith Watson purchased a box during a bulk sale not knowing what it contained, but they were selling it for pennies per pound.  Hoping to find something good, she realized after she got home that if she was an identity thief she definitely would have “struck it rich” as the entire box contained document after document of financial information, social security numbers, credit card bills, medical records and more. After reporting it to her local televisions station a look at other Goodwill locations occurred, finding that this was not a singular incident.

Yahoo News reports:

Goodwill’s Marketing Vice President Cindy Graham admitted their mistake and told WTHR, “We do take this very seriously…They don’t want us to have it and we don’t really want to have it either.” Policy changes are on the way after the charity completes their internal investigation. Cindy Graham said, “We’re going to take a look and see how we can prevent that from happening. Our process would have been and should have been and will be, ‘Let’s shred this.’” She also adds that Goodwill encourages all donors to be cognizant of what they are donating so that sensitive documents do not mistakenly end up at their retail stores.

How did this happen?  Several different ways including cleaning out the home of a deceased family member and the cleaning service not properly disposing of or passing the information on to the family. In another case boxes marked for storage were sent to Goodwill instead of storage.  Apparently theses boxes were never inspected by Goodwill, simply placed in the outlet stores.

Graham told the Indy Star, “We’re looking at every one of our processes,” she said, “and seeing what needs to be done differently so that there isn’t a gap and that material that was donated doesn’t get into the wrong hands.”

I think it’s happened to everyone. You are cleaning out drawers and dressers, closets and desks and make stacks of to go, to stay to donate.  I know in our home one of my daughter’s beloved characters for her homemade videos were accidentally donated.  Not exactly on the same level as letting my personal documents out of my hands, but it’s just a small example of how anyone can make a mistake.

So, keep in mind this holiday season as you show goodwill toward men to double check your boxes, computers, cell phones and other items for anything personal.  It’s one thing to be charitable, it’s another thing to have your whole identity stolen.