Be careful on Cyber Monday
Today is apparently the busiest day of the year for online shopping. Known as Mega or Cyber Monday, apparently millions of us will be shopping online today for our Christmas bargains. But as ever, you have to be careful and extra vigilant if you do intend to be one of the millions shopping online.
So while shopping, keep an eye on your personal information and play it safe. To ensure that your cash stays that way (yours), check a site thoroughly before striking a deal. Does it have a privacy policy? And, if so, how does it handle your personal information? If it doesn’t have one, you might want to consider using another site. If you receive any sort of email that asks for your financial information or social security number, discard it and don’t respond. Proper sites never ask for personal information through your inbox.
Also, is your security software up-to-date ? Keeping your computer protected from malware is just another step to keeping your identity, credit card numbers, and hard-drive under lock and key.
Happy bargain hunting!
Dominic Cook
Tiger Woods car accident prompts Scareware surge
Time after time, we see those engaged in the Cybercrime Underworld using major sporting or news events to trap the unwary into letting down their cyber guard. Well it seems to have happened again with interest in the Tiger Woods car accident over the weekend, and rumours of the cause, giving Scareware peddlers ripe opportunity to poison web search engines. The story, which has generated a swell in web traffic and searches, has been one of the top Google searches since the news broke.
The Symantec Response team have observed some search engine results redirecting users to a number of malicious domains:
- vir-curemypc-now.com
- egafuki.cn
- online-scanner-free.net
These websites then take the user through a fake scanning activity before pointing out a host of serious ‘errors’ and ‘threats’ advising that these must be immediately cleaned from the user’s computer. However, the threats are bogus, and users are unwittingly conned into buying illegitimate antivirus software which could then take personal details for criminal gain.
Hon Lau on the Symantec Response blog, said: “From an IT security point of view, this unfortunate incident is just another fruit ripe for the picking as far as malware writers are concerned. It comes as no surprise that the creators of rogue antivirus or misleading application software have already jumped on the bandwagon and attempted to poison web search engine results to take advantage of this spike in web search activity.”
So as ever, be on your guard. When searching for information on the Web, make sure your legitimate antivirus software is updated and if you are ever feel yourself being strong-armed into buying antivirus software from any dubious online sources- Don’t do it! Instead go to a trusted source such as your local physical shop.
Dominic Cook
Godfather Of Spam Gets Custodial Sentence
The self proclaimed Godfather Of Spam has been sentenced to 51 months in jail for a share pump ‘n’ dump spam scheme. Three of his other cohorts have also received custodial sentences. Perhaps one of the scary pieces of this story is that the crime was committed back in 2004/5 and it has taken until now to achieve a conviction. Following an email trail backwards through the Internet is hard, hence it took a lot of time. The other ‘danger’ is that spammers put fake information into the email headers – and so you, as an innocent company, can end up as part of the investigation just because they used some of your details.
Another scam is also doing the rounds, this is one of the ’standard’ Christmas ones. You receive a card saying that someone has tried to deliver a package but wasn’t able to… there is a 0906 premium rate number to call… which then charges you £15 for the priviledge of finding out you don’t have a parcel. This works well at Christmas time as people frequently have parcels delivered and cannot be in all the time. So… if you get an undelivered parcel card and you weren’t expecting a delivery… check the number before you call it, and if unsure put the number into Google (or your search engine of choice)… it will probably help in identifying whether it is a scam or not as scams are rapidly reported on the web.
Guy Bunker
Live Free Or Die
UNIX is 40 years old… where has the time gone. OK, so my first interaction with UNIX was in the early eighties, and being used to VAX VMS, it all seemed rather counterintuitive. ‘vi’ (pronounced ‘v’-'i’, not ‘vi’ – as I was very quickly corrected) was alien beyond belief compared to EDT… you could lose everything with one miss placed keystroke, or more usually one missed ‘ESC’. As an OS, the more you did with it, the more it could do… and it’s still around us today, its just people don’t realise it as ‘UNIX’ has disappeared and we now talk OS X, RedHat, SUSE and so on.
Anyway… The Open Group has commissioned a re-run of the classic ‘Live Free Or Die’ UNIX license plates, and there’s even a photo competition for those who feel inclined to take pictures of the license plate in-the-wild. Pictures to uniximages@unix.net, and you can see those submitted on Flickr.
Happy Birthday UNIX.
Guy Bunker
ENISA Cloud Computing Risk Assessment
It’s finally been published… the ENISA Cloud Computing Risk Assessment. I, along with several others from other companies have spent a good chunk of time over the past few months with the folks from ENISA putting together this 123 page report and it’s looking good! There is a wealth of practical advice for companies of any size considering the cloud for their IT services, checklists for Information Assurance and even some advice for governments and the EU.
The report has been written with business in mind, rather than just IT – and while you may not read it front-to-back, there is sure to be section or two that will make you think differently about some of the security issues in the cloud and how to ameliorate them.
Guy Bunker
Have Your Employees Sold Your Data?
The recent story of an employee selling mobile phone records to the competition highlights, once again, that we live in changing times. All data has a value to someone, and today some people aren’t afraid of the consequences of doing something bad with it – these are the malicious insiders. They have rightful access to the data as part of their job, but they don’t do the right things with it.
While many will reel in (fake) horror at the prospect of an employee doing something bad with the data that they have been entrusted with, the reality is that the vast majority don’t know what happens to their data. Technology exists to prevent data loss, but it can also be used to watch for anomalous usage. For example, if someone usually looks up one customer record at a time but then looks up a thousand, it can be flagged up for investigation. There are probably several valid reasons that this occurred, perhaps they had been asked to run a new report – but perhaps not. With the ICO gaining it’s teeth, it is time to take a proactive approach to protecting data – inside as well as outside the corporation.
Guy Bunker
The ICO Gets Some Teeth?
Up until now, the ICO has only really been able to levy a slap on the wrist and a “must do better” to those who lose people’s data. This looks to change next year, with the ability to fine the company £500,000 – which is no small chunk of change. However… is this really enough? The maximum was set to be less than 10% of a small company’s turnover – but if this is the maximum, then surely the value set for a breach can be less? So, why not set it either a lot higher, or as a percentage of revenue?
If we really want to stop data breaches, then the fines need to be such that attitudes towards data security actually change – before the breach occurs, not afterwards. Without this, the ICO’s teeth are not that scary.
The other interesting point here is that the fine can also be levied on those companies who keep the information longer than they should, accidently delete it and store it outside the EU (where the data protection legislation is not suitably strong).
So… time to revisit that data protection policy, especially if you are looking towards cloud services to deliver your next level of IT.
Guy Bunker
When A Virus Can Destroy Your Life…
A new series of malware is out there which, while it is a virus, the payload is far more damaging. It turns your computer into a repository for porn. After all, where better to store illegal digital information than on someone else’s PC. The problems really arise when the unknowing victim gets caught and then prosecuted – and it can destroy your life and cost you every penny you have to try and clear your name. In one case, Michael Fiola, has spent hundreds of thousands of dollars clearing his name. In this case it was a business laptop that had been infected – the ’solution’ came from discovering that it was a virus which automatically visited sites and downloaded and served content at a speed which a person could not manage manually.
So… what to do.
Firstly – keep those anti-malware subscriptions up to date, as this is not just about lost productivity or even identity theft, it’s much more devastating than that.
Secondly… sometimes, you need to keep an open mind and not jump to conclusions. Auditing systems is sometimes seen as being intrusive, although in this instance it helped to prove the innocence of the user. Protecting employees, especially if they are using company equipment should become a part of the security policy – Innocent until proven guilty and all that. After all, the reputation of your employees reflects upon your company.
Guy Bunker
You Know What?!?!?
Google has just released a new service, Google Dashboard – which pulls together all the information Google knows about you (except your search history) and shows it to you in one simple page.
OK, so it doesn’t sound that exciting – after all, almost all the information is available already – but in the past you would have to go to lots of different places to find it. I use Google a lot for personal email, and of course there is Google Talk, and then – well, this was where I was surprised at just how many services I had signed up to over the years. I found I even ‘owned’ a document… which it turns out, I had posted, but had forgotten about.
So… why is this of interest. Well, two things really:
1) Your web footprint is probably a lot bigger than you thought and while this is just Google services, it certainly makes you think about all the other things you might have signed up to use and then forgotten about – but they still have your details. (A phisher’s paradise!)
2) Perhaps other companies should start to do the same – so you can readily find out about what information they hold. We could probably do with some standards so that you could then amalgamate the information out there and get a more complete picture – but that’s probably getting a little way ahead of today’s practicality.
The best news with the Google Dashboard is that once you have seen what you have you can then edit / remove it. In an online world a little transparency as to what information companies hold is a big step forwards.
Guy Bunker
Thank you for the nomination Computer Weekly
OK this is a bit of a shameless plug from the Bunker team – but for the second year in a row theviewfromthebunker.com has been shortlisted in the prestigious Computer Weekly awards for best IT Security blog.
As you might know we were honoured to win it last year and yes we’d love to do it again! So please vote for viewfromthebunker.com!
Dominic Cook
-
Subscribe
-
-
UK Orders
US Orders -
UK Orders
US Orders -
Links, downloads and other resources
Symantec UK
Symantec Podcast Directory
Symantec Security Response
