Monthly Archive for November, 2009
Google this week unveiled a new feature called Dashboard, intended to give users a way to view -- and in modest ways limit -- the breadth of information the search giant collects about our online lives. To check out Dashboard, browse to this link, and sign in to your Google account. From there, you can manage which Google Documents you're sharing, edit your Gchat history, or clear out items from your Web search history, among other tasks. Google said it was launching the service "to provide users with greater transparency and control over their own data." The reaction from privacy experts has been mixed. Ari Schwartz, vice president and chief operating officer at the Center for Democracy & Technology, called the Dashboard offering a good first step, and one that is several steps ahead of what Google's peers in the search businesses currently offer their users. "Google has said that
Sun Microsystems has issued an update to its Java software that fixes at least one security vulnerability. Separately, Adobe is pushing out a patch to plug four security holes in its Shockwave Player. The Sun patch brings Java 6 to version 17. If you're not sure whether you have Java or what version you may be running, visit this page and click the "Do I have Java?" link. If you don't have Java, you probably don't need it. If you do have it, make sure you've got this latest version. To update from within Java, open the Windows control panel, click the Java icon, then at the tab marked Update hit the Update Now button (in Windows 7, to get to Java click start, type "Java" in the search box and pick the first result). To see whether your system has Adobe's Shockwave Player, follow this link: If you see
SnapNames, the largest reseller of Web site names, Wednesday alleged that a former top executive secretly bid on tens of thousands of domain name auctions over the past four years, driving up costs for other bidders and enriching himself in the process. SnapNames owner Oversee.net said it learned about a month ago that the executive had been bidding on its domain auctions in violation of company policy that bars employees from doing so. Mason Cole, vice president of Oversee corporate communications, said the executive was dismissed Monday. The company Wednesday began notifying affected customers via e-mail, stating that "in every auction where the employee's fictitious account submitted a bid which resulted in a higher price being paid by the winning bidder, SnapNames will offer a rebate, with 5.22 percent interest (the highest applicable federal rate during the affected time period), to affect customers for the difference between the prices they
On Monday, Security Fix featured the story of Ronnie Cutshall, a Tennessee man who was caught up in an international money laundering scam after being recruited through a work-at-home job offer. That story mentioned that Cutshall received a $9,600 transfer from a company called American Realty, but that I didn't have any luck in tracking down the victim company. Today the American Realty company affected by that scam contacted me after reading my story (turns out they're located in Shalimar, Fla., not Georgia, as I had previously thought). A few weeks ago, an American Realty employee clicked a link in an e-mail scam that spoofed an IRS alert about unreported income. The Web site linked to in that message quietly installed a password-stealing Trojan horse program named Zeus. From there, the perpetrators were able to swipe the company's online banking credentials, and initiate unauthorized payroll payments to Cutshall and about
E-mail scams targeting users of social media sites like Twitter and Facebook are blurring the lines between traditional phishing attacks and those designed to plant password-stealing malicious software on the victim's PC. For the past week, scammers have been blasting out e-mails that at first glance appear to be run-of-the-mill phishing scams aimed at stealing user names and passwords from Facebook users. The messages urge recipients to "update" their information by clicking a provided link and entering their Facebook user name and password at a counterfeit Facebook login page. Facebook users who fall for the ruse are "logged in" to the fake Facebook page and then prompted to install a "Facebook Update Tool," which is in fact a copy of the Zeus password stealing Trojan. A study released in October found that 54 percent of U.S. companies have banned workers from using social networking sites. The author of that survey
A new report by Microsoft shows that the two most prevalent threats to Windows PCs in the first half of 2009 were malicious programs that have been aided mightily in their spread by a decision by Microsoft to allow the contents of removable media -- such as USB thumb drives -- to load automatically when inserted into Windows machines. In its latest "Security Intelligence Report," Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively. The original version of Conficker emerged nearly a year ago, and initially it spread by exploiting a networking vulnerability in Windows. But Conficker infections soared by the millions in January with the arrival of Conficker B, which introduced
The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions about an uptick in scams involving unauthorized funds transfers from hacked online bank accounts to so-called "money mules," people hired through work-at-home scams to help cyber criminals overseas launder money. According to the FDIC, the following are examples of events that may indicate money mule account activity: -A customer who just opened a new account suddenly receives one or several deposits, each totaling a little less than $10,000, and then withdraws all but approximately eight to 10 percent of the total (the mule's "commission"). -A foreign exchange student with a J-1 Visa and fraudulent passport opening a student account with a high volume of incoming/outgoing money transfer/wire activity. In tracking more than 50 companies over the past five months that have been victimized with the help of willing or unwitting money mules, I've spoke to dozens of folks who got
