Report: 90% of Web Sites Vulnerable to Hackers

New study claims Cross-Site Scripting attacks are all over the place. Should we be afraid?

internetnews.com: We all know that some Web sites suffer from security vulnerabilities -- but 90 percent of them?

In a new report, security researcher Whitehat Security said it found a staggering nine out of 10 Web sites have some type of serious vulnerability that a hacker could potentially exploit.

The study, which examined more than 600 sites including those of Fortune 500 firms, found a number of different vulnerabilities common across the Internet, with Cross-Site Scripting (XSS) vulnerabilities dominating the rankings.

In fact, Whitehat claims that 70 percent of the Web sites it surveyed were at risk from some sort of XSS attack. That figure dwarfs the No. 2 culprit in the firm's survey, SQL injection, which comprised only 4 percent of the firm's total surveyed vulnerabilities.

For the rest of the story CLICK HERE

Comcast Cameras to Start Watching You?

If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast’s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who’s in your living room.

The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the “holy grail” because it could help serve up specifically tailored ads. Yikes.

read more | digg story

Librarian fired after reporting patron viewing child porn

Found on PogoWasRight.org: One California county may be facing a lawsuit by former librarian Brenda Biesterfeld, who says she was fired after alerting authorities that a patron was viewing child pornography on library computers.

A librarian assistant at the Lindsay Library, Biesterfeld was on the job late last month when she noticed 39-year-old Donny Chrisler downloading child porn on library computers. Biesterfeld told her supervisor Judi Hill, who instructed her to issue Chrisler a warning. Instead, Biesterfeld called police the next day. A few days later, Chrisler returned and Biesterfeld noticed he was once again viewing child porn. She notified police, who came and arrested Chrisler on the spot.
According to a press release, the police also confiscated the library's computer that had used by Chrisler. Supervisor Hill confronted police, accusing them of interfering where they did not belong and assuring them that county librarians were handling the matter internally. After police explained that, since federal law had been violated, it was now a legal matter in their hands, Hill demanded to know who reported the incident. The police protected Biesterfeld's identity. However, she was fired two days later.

RFID-hack hits 1B digital access cards worldwide

The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip.

Government institutions plan to take "additional security measures to safeguard security, " Guusje ter Horst, minister of interior affairs, wrote in a letter to parliament on Wednesday.

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

To read the rest of the story CLICK HERE

You think you are free?

From Gulfnews.com: Watching old movies makes me sad. I'm inevitably reminded of a kindlier, gentler world without cameras that spy on populations, where overseas travelling was pleasurable and privacy was an individual's right.

Nowadays, states are usurping responsibilities that are rightfully those of their citizens. Western so-called democracies, in particular, are supposed to have governments that are servants of the people, whereas, in fact, the opposite is true. Under the guise of doing what's best for us or ensuring our security, governments are exercising more and more control over our lives. And, tragically, we are facilitating this erosion of our own freedoms, mostly because we're not even aware it's happening.

To read the rest of the story CLICK HERE

Identity Theft & Family

Found on the simpledollar.com: I’m writing on behalf of a friend who just graduated from college two years ago and is trying to get on her financial feet. When she was young her mother used her identity several times to get loans and open credit cards. Her mother is a homeless nomad who has not taken responsibility for any of these accounts and has ruined my friend’s credit. She doesn’t even know how many loans and credit cards were obtained in her name, if any are paid of and to what degree, etc. She tries to run her credit report but can’t because she can’t answer the basic questions about her last address or last loan because it’s all her mother’s information.

Her mother has not used her identity for financial gain, that she knows of, in about three years. My friend is trying to be responsible. She has a good job, no debt of her own (just what her mother accrued!), and is trying to live more frugally. She’s been turned down several times for a credit card and obviously, can’t get any other sort of loan. Is there any way to get her mother’s mistakes off her report? It seems like identity theft to me, but I’m not sure how to advise her. Could a lawyer help her clear her report? It doesn’t sound like her mother will be able to pay for any outstanding charges, and I don’t know if suing her would do much good. Since many of these accounts were opened when my friend was under 18, I just can’t believe that she’d be held resposible for all of it. It’s just not fair, and I feel awful for her. Thanks in advance for your help.

For the advice given and the comments CLICK HERE

Data thieves steal credit card data from supermarket chain

Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday.

"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Hannaford CEO Ron Hodge, in a statement posted to the company's Web site.

For the rest of the story CLICK HERE

Cyber Tensions Flare Amongst U.S., Chinese Military

Reports claim the U.S. and Chinese armed forces have begun to wage an escalating, silent war on the internet

Surveillance and subterfuge are timeless traditions. In ancient Japan, daimyo ninjas carried out dangerous spy missions to the highest bidder. Their surveillance missions and assasinations created fear and chaos within their enemies.

More recently in the days of the Cold War, espionage expanded to an unprecedented scale as the CIA and Britain's MI6 waged silent war against the Soviet Union's KGB agents. Telephoto cameras, spy planes and phone bugs were the most high-tech tools employed for monitoring.

Today a new war of intelligence has begun, this time online. China, the world's most populus nation, began to exert its digital will. The U.S. military reported numerous successful attacks on Defense Department computers originating from China. While the U.S. military has not put it in these exact words, it indicates that the U.S. is on the verge of entering into a digital war with the Chinese government, much akin to the war of surveillance which occurred against Russia during the Cold War era.

Read the Rest Of the Story: Click Here

Security website hacked to spread malware

Over 20,000 legitimate websites affected as security vendor Trend Micro becomes the latest victim of a widespread web attack.

read more | digg story

Credit Card Companies Can Stop ID Fraud

A relatively simple bit of computer programming at America's three nationwide credit bureaus could create an early-warning system that would significantly deter the $50 billion identity theft problem plaguing America's consumers and the financial services industry serving them.

read more | digg story

Password-stealing hackers infect thousands of Web pages.

Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days. The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites.

read more | digg story

MTV Security Breach Affects 5000 Employees

MTV Networks, owned by Viacom, experienced a data breach this Friday, and five thousand of its employees may have fallen victim to the socially‑engineered attack. While MTV is trying to find out what exactly happened, the information so far indicates that an outsider successfully convinced an MTV employee to download a Trojan to be installed in a company computer.

For the rest of the story CLICK HERE

Counterfeit Chips Raise Big Hacking, Terror Threats

As more computer chips are made overseas, the risk of hardware tampering increases, from stealing consumer data to crashing government networks. But how real is the threat? his past January, two brothers from Texas, Michael and Robert Edman, appeared in court to face federal charges of selling counterfeit computer equipment to, among others, the Air Force, Marine Corps, Federal Aviation Administration, Department of Energy, numerous universities and defense contractors such as Lockheed Martin. According to prosecutors, the pair, working largely out of Michael Edman's house in the rural town of Richmond, bought cheap network cards from a supplier in China. They also purchased labels and boxes carrying the logo of Cisco Systems, the U.S.-based hardware giant. Until a source in China tipped off the FBI, no one could tell that the parts were Cisco knockoffs rather than the real thing.

read more | digg story

HealthNow data goes missing as laptop vanishes

HealthNow New York has alerted 40,000 members in Western and Northeastern New York that they may be at risk for identity theft, after a former employee’s laptop computer went missing with confidential information several months ago.

The Buffalo-based parent of Blue- Cross BlueShield of Western New York sent letters late last week to the affected customers, even though officials are still not certain what, if anything, was on the computer.

Read the rest of the story CLICK HERE

Gmail Scam Signal Of A Much Bigger Security Issue

This weekend news came that a Gmail archive service called G-Archiver, which backs up all of your Gmail emails to your hard drive, was actually the front for a scam - hard coded into the application was a “feature” that sent every user’s email address and password to the creator’s own email account, giving him access to all of their Gmail messages.

Read the rest of the story - CLICK HERE

Chinese hackers: No Site Is Safe

ZHOUSHAN, China (CNN) -- They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world's most sensitive sites, including the Pentagon.

In fact, they say they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies.

"No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness," says Xiao Chen, the leader of this group.

For the rest of the story CLICK HERE

Jihadism And Internet Crime

Over on AppScout there's a post about a presentation about online jihadists. Much of it is not security-related, in the usual computer security sense, but it's all fascinating and there is one relevant point.

"Verisign hasn't found evidence that jihadists have gained access to the most serious and effective carding communities. But they are making a concerted effort to do so," [Security expert Mohammad Hluchan] said in a PowerPoint slide during his presentation. "There is mounting evidence that the worlds might be merging, with jihadists turning into cyber criminals," he said.

Yikes! That's a scary thought. Perhaps if real people and real banks get hit in their pocketbooks by jihadists it will affect the level of priority we all feel about the problems of Internet crime.

Top cybercrook targets for 2008

A recent Internet Security Outlook Report issued by CA warns that social networks and Web 2.0 are among the top potential targets for online attacks in 2008. The study, based on data compiled by CA's Global Security Advisor researchers, features Internet security predictions for 2008 and also reports on trends from 2007.

Read the rest of the story - CLICK HERE

Whistle-Blower: Feds Have High-Speed Backdoor Into Wireless

A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier's systems, exposing customers' voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.

read more | digg story

What are Identity Theft Products?

This fact sheet covers: Credit Monitoring Services, Identity Theft Insurance, Fraud Alert Products, Credit Freeze Products, Data Sweep Services The Identity Theft Resource Center receives numerous inquiries from consumers regarding identity theft products available for purchase. This document explains these in depth. Excellent resource.

read more | digg story

Windows-based cash machines 'easily hacked' - CNET News.com

ATMs that rely on desktop PC technology--and that's a lot of them--are at risk from worms, key loggers, and denial-of-service attacks.

read more | digg story

Google Groups invaded by porn peddlars

There is a long list (over 250) Google Groups sites that have been listed as posting items that are rife with viruses and malware. I guess if you stay away from these sites, you are ok, but in any case, we list them for the benefit of all to be warned. You can get the entire list of groups HERE

Beware MonaRonaDona antivirus scam, researchers warn

If your computer gets infected with a Trojan called the "MonaRonaDona virus," be careful with what you use to wipe it off your computer, says antimalware software provider Kaspersky Lab. MonaRonaDona is part of an elaborate scam to sell fake antivirus software, Kaspersky researchers say.

read more | digg story

Identity Theft: Crime of the Century?

Identity theft is a growing epidemic in the U.S. and worldwide. Chances are, if you haven't been directly impacted by it, you know someone that has.In fact, identity theft led the Federal Trade Commission's (FTC) list of consumer fraud complaints for 2007 - and it's been at the top of the list for the past seven years. Of the 813,899 total complaints in 2007, 32 percent were related to identity theft. That's 258,427 complaints. http://www.ftc.gov/opa/2008/02/fraud.shtm

Identity theft broadly refers to the fraudulent use of someone else's personal information. Criminals actively seek out sensitive or identifying data - like passwords and social security numbers - from unsuspecting victims. Sometimes they do it low-tech style by dumpster diving, raiding post boxes or posing as "legitimate" telemarketers. Today, though, there are many high-tech techniques wrecking much havoc. Fraudsters are using malware, hijacking electronic transmissions, and perpetrating email scams to get what they need.

read more | digg story

Hacking Does Pay! US Law Let’s Hacker Keep Fraudulent Earnings

darknet.org Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop - he pocketed almost $300,000!

Even so the story has changed slightly, they said it wasn’t him that broke into the network - but it was someone else. Either way a hacker got the info and he exploited it.

For the rest of the story CLICK HERE

Has GMail's CAPTCHA Been Cracked?

pcmag.com Security software company Websense is reporting that the CAPTCHA protecting signups for Google's GMail has been cracked. Bots are now signing up with a success rate of 1 in 5. The attack is complicated and creative.

The goal would be to create a network of Google accounts. These could have great value because Google and it's domains are unlikely to be blacklisted and access to other Google services is available on the same account.

A CAPTCHA is a test that attempts to force a human to interact with the program as opposed to an automated script. Typically a word is presented as a graphic with distortions and stray lines to impede automated character recognition. There have been a few famous CAPTCHA cracks; obviously some CAPTCHAs are more sophisticated that others.

As are the cracks themselves. This attack uses two bot systems on the same network operating in tandem to crack the CAPTCHA. The two systems attack with different strategies.

Websense is still investigating. In the process of investigating this bot they found a web site (in Russian) with a money-making service for breaking CAPTCHAs. The net is always spawning new business models I guess.

PayPal: Steer clear of Apple's Safari

If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer.

read more | digg story

SOPHOS releases their security threat report

Among the findings of SOPHOS, one of the top security vendors:

Web threats – one new infected webpage discovered by Sophos every 14 seconds, or 6,000 a day
Cybercrime reaches Apple – Mac users being targeted by financially motivated hackers for the first time, proving malware is not just a Windows problem

Threats to mobile and Wi-Fi users – iPhones, iPod Touches, ultra-mobile PCs and others at greater
risk of attack and may encourage exploitation of
browser vulnerabilities
Information theft soars – scammers using stolen data to craft targeted emails

Read the entire report - CLICK HERE

Identity theft study reveals HSBC, Bank Of America, Wash. Mutual top targets

Customers of HSBC, Bank of America and Washington Mutual suffer the highest rates of identity theft in the banking industry, according to an an investigative study released today by a UC Berkeley Law School researcher.

read more | digg story

Man Records Phishing Call

A man in Virginia who apparently likes to record suspicious phone calls captured a 10-minute talk with the world's clumsiest phisher who called his house trying to get his bank account number.

read more | digg story

Comodo hails malware removal guarantee

Security outfit Comodo has become the first vendor to offer 'guaranteed' malware removal from PCs protected by its software.

The 'A-VSMART' warranty costs $79 per PC, per year, which the company claims removes the burden on a non-expert user of having to remove complex malware types such as spyware and rootkits, which can be tricky to get rid of using automated routines. Instead, each subscriber will be given access to a remote Comodo engineer to do the job manually on a 24/7 basis, on an incident-by-incident basis

For the rest of the story CLICK HERE

An excellent interview with a security guru

Watch out for scary new hacker tools like KARMA, plus exploits in Bluetooth and 802.11n, says Joshua Wright in this recent Network World chat.

Just when you thought your wireless network was locked down, a whole new set of exploits and hacker tools hits. WPA2, PEAP, TTLS or EAP/TLS can shore up your network, if configured properly. Securing clients is a lot more difficult. These topics and more were addressed by Joshua Wright in this recent Network World chat.

For the interview transcript CLICK HERE

Security experts warn of potential malicious AIR code

On Monday, Adobe Systems rolled out its new Web 2.0 development tool, Adobe Integrated Runtime, or AIR. Following its release were some concerns from the security community.

read more | digg story

YouTube outage underscores big Internet problem

Sunday's inadvertent disruption of Google's YouTube video service underscores a flaw in the Internet's design that could some day lead to a serious security problem, according to networking experts.

The issue lies in the way Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. BGP is the standard protocol used by routers to find computers on the Internet, but there is a lot of BGP routing data available. To simplify things, ISPs share this kind of information among each other.

To read the rest of the story CLICK HERE

Man accused of stealing 7-year-old's ID

CARPENTERSVILLE, Ill. - Police in a Chicago suburb say the Internal Revenue Service has told a 7-year-old boy he owes back taxes on $60,000 because someone else has been using the youngster's identity to collect wages and unemployment benefits.


Officers in suburban Carpentersville said Friday the second-grader's identity has been in use by someone else since 2001. To read the rest of the story CLICK HERE

Hackers ramp up Facebook, MySpace attacks

Image Uploader AcFive-exploit toolkit includes code aimed at AtiveX control

February 23, 2008 (Computerworld) Hackers are actively exploiting an Internet Explorer plug-in that's widely used by Facebook and MySpace members with a multi-attack kit, a security company warned Friday.

The exploit directed at Aurigma Inc.'s Image Uploader, an ActiveX control used by Facebook, MySpace and other social networking sites to allow members to upload photos to their profiles, is just one of five in a new hacker toolkit being used by several Chinese attack sites, said Symantec Corp. To read the rest of the story CLICK HERE

Do You Trust Your Computer Repair Firm?

Recently I ran across a link to this video from a news team that told how they made a simple adjustment to a working PC to see how honest various computer repair facilities were in analyzing, and what they would charge for a very simple repair. Here are the results: Wow, does anyone trust BestBuy any more?

Credit reporting firm sues LifeLock over fraud alerts in consumer history files

Experian's lawsuit claims that identify theft protection service is itself engaging in fraud

February 21, 2008 (Computerworld) LifeLock Inc., which touts itself as one of the largest providers of identity theft protection services in the U.S., is being sued by Experian Inc. for allegedly placing false fraud alerts on consumer credit-history files maintained by Experian as part of its credit reporting business.

Experian filed its lawsuit in the U.S. District Court for the Central District of California, which has its main office in Los Angeles. In the suit, the Costa Mesa, Calif.-based company claimed that LifeLock is itself engaging in deceptive and fraudulent behavior. Lifelock's business model is built around false and misleading advertising and fraudulent practices that are causing millions of dollars in monetary damages to Experian and that eventually could reduce the effectiveness of fraud alerts, according to the suit.

For the rest of the story CLICK HERE

Google to Store Patients' Health Records

Google Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that's likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader. For the rest of the stoy CLICK HERE

Google says 'ISP glitch' exposes Gmail data in Kuwait

A glitch with an ISP in Kuwait has allowed at least one user to access other peoples' Gmail accounts, Google said on Wednesday.

read more | digg story

Phishers cash in on genuine warning with vishing scam

Cybercriminals clone bank switchboard to trick worried customers. IT security and control firm Sophos is warning computer users to be extra vigilant about any emails which claim to come from financial institutions, no matter how genuine the correspondence appears.

read more | digg story

50 Percent Of the Internet Used By Hackers!!

Ian Cook, Security Evangelist with Team Cymru Research, told delegates at the `Regional Cybersecurity Forum' yesterday: "We monitor the Internet for bad stuff and half of the Internet is used by hackers as well as for criminal activity."

read more | digg story

Information Security Breach Of Desktop Hard Drive At Massachusetts School Department

It had to happen sooner or later. A hard drive, on what I assume to be a desktop computer, was stolen from the Malden headquarters Department of Education, in Massachusetts. An auditor for the department arrived to work last week only to find that his computer wouldn’t work. Assistance was requested, and the technical workers identified the problem by pointing out that whole disk was missing. To read the rest of the story CLICK HERE

Phishers cash in on genuine warning with vishing scam

Cybercriminals clone bank switchboard to trick worried customers. IT security and control firm Sophos is warning computer users to be extra vigilant about any emails which claim to come from financial institutions, no matter how genuine the correspondence appears.

read more | digg story

Microsoft scrambles to quash 'friendly' worm story

Microsoft is moving to counter scathing comments over a security paper authored by researchers at its Cambridge facility,which suggests computer worms can be used for good...

read more | digg story

Sophos horrified at Microsoft 'good worm' notion

Computer viruses and worms are incredibly good at spreading their payload across the Internet, infecting PCs. But what if that payload was beneficial, rather than harmful? A Microsoft Research paper suggests these ‘friendly worms’ could be helpful – but Sophos says this is pure ‘nonsense’ – and we heartily agree!

read more | digg story

Americans' e-Commerce Conundrum

internetnews.com New report finds that U.S. consumers love the convenience of shopping online, but worry about security. A new study from the Pew Internet Project casts light on the love-hate relationship many Americans have with e-commerce.

In response to the survey, 78 percent of U.S. Internet users said that online shopping is convenient, and 68 percent said it saves time. Yet, 75 percent said they don't like giving out personal information like a credit card number over the Internet. To read the rest of the story CLICK HERE or visit:
http://www.internetnews.com/ec-news/article.php/3728301/Americans+eCommerce+Conundrum.htm

How to Hack Into a Boeing 787

The FAA's worried bad guys could break into the navigation system of Boeing's new 787; Boeing says the problem's already fixed, but won't say how.

read more | digg story

Google finds evil all over the Web

The Web is scarier than most people realize, according to research published recently by Google. The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 Web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.

read more | digg story

FREE Computer Security Software From Compusec

If you own a notebook, you need to have some form of protection on that computer should it get lost or stolen. There is some good software out there and I happen to run across one this morning that looks like it is a very good choice for the person who wants to encrypt data without spending a fortune doing so. That software is Compusec. There is a free version that has a very complete set of features like

Encryption for Hard disk using 256-bit AES algorithm and in hibernation mode
Encryption for CD / DVD for secure publishing and sharing of CD data using CDCrypt
Encryption for Diskettes and Removable Media Devices such as ZIP drives, USB thumb drives or Memory sticks

There are many other features as well. It comes in a Windows and Linux version. Best part of all is it's completely FREE. There are no limitations, there's online support and everything is a full function. You can get your copy HERE

Or browse to their website at:
http://www.ce-infosys.com/english/index.html

P2P Dangers -- Great News Story

Here's a great news report on the myriad dangers of P2P file sharing and how you can get hijacked without even knowing it. You parents, pay attention please, your teenagers are exposing you to the world!!

Beware of Caller ID Spoofing

There exists on the internet tools that people can use to effectively use any Caller ID that they want. Add to that the ability to change your voice from a man to a woman, or of course vice versa. These tools can be used for any number of ways to fool a person that receives the call. I will refer you to an article that came up today that explains how one person used one of these tools. He used it for reasons of his own that were unethical, but there are more sinister uses for it. Bottom line, don't give out personal information over the phone to anyone. To read the story CLICK HERE

Or goto:
http://www.networkworld.com/columnists/2008/021408-net-buzz.html?fsrc=rss-security

There could be malware lurking inside that Clinton 'video'

Update 11:45 a.m. PST: This blog incorrectly described part of what the link downloads. It downloads a Trojan horse. The link does not take viewers to a video.Moving beyond Valentine's Day as a social-engineering theme, online criminals have started sending out e-mail with a supposed link to a recent interview with Senator Clinton

read more | digg story

SecureWorks: Attacks Against Healthcare Up 85%

FEBRUARY 13, 2008 | ATLANTA -- SecureWorks, one of the leading Security-as-a-Service providers, has seen an 85% increase in the number of attempted attacks directed toward its healthcare clients by Internet hackers. Attempted attacks have increased from an average of 11,146 per healthcare client per day in the first half of 2007....

read more | digg story

Browser Security Test

I found this today and tried it. It is a very thorough test that will tell you if you have any vulnerabilities in your browser. Be warned, it might crash your browser, so close any other tabs you might have open before running it. I currently use Firefox 2.0.0.12 and I passed all the tests. See how you make out CLICK HERE, or the website address is: http://bcheck.scanit.be/bcheck/index.php

Most Mobile Users Don't Know if They Have Security

McAfee-sponsored research finds mobile users expect vendors to pre-install 24 x 7 protection.

February 13, 2008
By David Needle

Security vendor McAfee released results of a survey of mobile users focused on their awareness and concerns related to security threats, which showed more than three quarters of respondents don't have any security at all. Read the rest of the story....Click Here or visit the website:

http://www.internetnews.com/security/article.php/3728001

Don't fall victim to the St Valentine's Day malware massacre

Sophos reports on a storm of emails with cruel intentions. Companies and consumers have been warned to be aware of the dangers of emailed Valentine's in the run-up to romantic celebrations on February 14th. Millions of emails are expected to be sent in the run-up to St Valentine's Day, and some of them will include malicious viral attachments or link to dangerous websites. Full Story

Felonspy - How Well Do You Know Your Neighbors?

This site let's you know if there are any convicted felons living near you. Not sure how they determine accuracy, but maybe you might see someone you know living near you.
Click Here to be redirected or visit www.Felonspy.com

Older Software Leaves the Popular Eee PC Vulnerable to Attack

The Eee PC sub-notebook from Asus is wildly popular, but according to RISE, a security firm based in Brazil, the ultra portable is also remarkably easy to compromise.

The Eee PC ships with a version of Xandros Linux installed, making the laptop one of the most popular Linux devices to date. But regrettably it turns out that the version of Xandros used in the Eee PC includes an out-of-date version of Samba, which leaves the machine open to attack.

Is it time to consider PDF a threat?

The 8.12 patch for Adobe Reader that Adobe released last week fixed a number of security holes—but not before malware capable of exploiting them had been on the market for weeks. The end result is tough questions on whether it is time to consider PDF a security threat.

There is a great alternative to Adobe Reader. It's called Foxit. It is a much smaller application and does a very good job. I've used it for several months now and I don't think I'll ever go back to Adobe Reader. You can find a link to the download by Clicking Here

read more | digg story

Rule by fear or rule by law? Please Take The Time To Read This Carefully

Since 9/11, and seemingly without the notice of most Americans, the federal government has assumed the authority to institute martial law, arrest a wide swath of dissidents (citizen and non-citizen alike), and detain people without legal or constitutional recourse in the event of "an emergency influx of immigrants in the U.S.

read more | digg story

The day the wiretaps go dead

While there are so many scary things being done by intelligence and law enforcement, hope is not far away. Easy to use privacy technologies are upon us, and with them, comes a radical shift in the balance of power.

read more | digg story

Let's See How Mac Keeps Up

We are beginning to see the vulnerabilities in the MAC OS. Apparently there are people out there that are trying to crack into the holes, slowly. Apple has come up with some patches to the MAC OS X. This article from NETWORK WORLD explains for the full story CLICK HERE or goto http://www.networkworld.com/news/2008/021208-patches-keep-coming-as-apple.html?fsrc=rss-security

Web 2.0: Unsafe At Any Speed?

People who specialize in Web security are saying Web 2.0 as it is now can't be secured. Should we keep on this path? Paul Ferguson, a network architect with antivirus vendor Trend Micro, summed up Web 2.0 as thus: "We're basically training our online users to be exploited."

read more | digg story

IBM X-Force Security Report: Web Browsers Under Siege

IBM (NYSE: IBM) today released the findings of the 2007 X-Force Security report, detailing a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cybercriminals are now stealing the identities and controlling the computers of consumers...

read more | digg story

New Research Confirms Identity Fraud Is On Decline

New Research Confirms Identity Fraud Is On Decline Overall Fraud Down 12%, Criminals are Trapping Victims Over the Phone Critical New Regional Findings Illustrates How Fraud Varies State-to-State

read more | digg story

Google, Yahoo, others rally around new antiphishing weapon

Some of the Internet’s most powerful companies -- including Yahoo, Google, PayPal and AOL -- are brandishing a new weapon in the ongoing battle against e-mail fraud. DKIM is an emerging e-mail authentication standard developed by the IETF and allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.

read more | digg story

FDIC Video - How To Guard Against Internet Thieves & Electronic Scams

The FDIC has an excellent video available on how to prevent being victimized by Internet Crime. It is very well done and perhaps the best video out there for the average person to take basic precautions when using the internet. You can view the video CLICK HERE or the website address is:

http://www.fdic.gov/consumers/consumer/guard/index.html

How will Real ID affect you?

Here is a good story recently put together on CNET news. Everyone really should take the time to read this. There are some very interesting things developing. Some states have not complied with the Real ID Act, so it gets complicated for people who live in those states as they travel about the country. There has not been alot of information put out about this, but this is a very concise Q & A on the points:

The Real ID law is touted by Homeland Security officials as an anticrime and antiterror measure, but is steadfastly opposed by some state governments on privacy and sovereignty grounds. Computer scientists also have raised concerns about how its creation of a national interlinked database would work in practice. Keep reading for more on Real ID.

read more | digg story

N.L. government ignores basic computer security

DO YOU assume the personal information that government agencies keep on us is safe and secure? With all the new privacy laws it must be, right? Privacy laws are all fine, but unless basic computer and data security measures are put in place and adhered to, it’s all for naught.

read more | digg story

Internet Crime Complaint Center

In case you are the victim, or believe a website to be a fraud, you can file a complaint with the ICCC (Internet Crime Complaint Center)For redirection to their website CLICK HERE

There are also a wide variety of tips and information on topics that deal with all the various amount of schemes that are being perpetrated on the internet.

Think Like a Thief and You’d Protect Your Data Better

Data theft is the number one motive for intentional data breaches. It is a lucrative business for organized crime and sometimes it is a crime of opportunity for insiders with access to valuable information. In either case, the motivation is the same: personal financial gain.What criminals would find lucrative for their business ...

read more | digg story

FREE Software Security Analyzer From Secunia

This is a great tool that everyone can use to determine the level of your different software security patches:

The Secunia PSI is a free solution from Secunia that allows private users to map, update, and secure the programs installed on their computers. As of February 2008, the Secunia PSI has been installed on more than 280,000 computers, the Secunia PSI monitors more than 23 million programs, categorised as either Insecure, End-of-Life, or Patched.

I ran this on my computer this morning and found 9 applications that needed attention. Not only does it tell you that they need attention, but it gives you a direct link to the patch necessary. Excellent utility!

You can Download this FREE tool here:
Secunia Personal Software Inspector

Top Ten Web Hacks of 2007

The polls are closed, votes are in, and we have ten winners making up the Top Ten Web Hacks of 2007! The competition was fierce. The information security community put 80 of the newest and most innovative Web hacking techniques to the test. The voting process saw even some attempts at ballot stuffing, but to no avail.

read more | digg story

Microsoft To Release Bumper Crop of Vulnerabilities In February

pcmag.com A large collection of patches for vulnerabilities affecting numerous Microsoft products will be released next Tuesday, February 12, 2008, according to Microsoft's Security Bulletin Advance Notification for February 2008. The advance notifications reveal limited information; more details will be available on Tuesday.

A total of 12 vulnerability disclosures will be released, 7 of them for critical vulnerabilities:


* One critical vulnerability affects all current versions of Windows, including Vista, except for Windows 2000.

* One critical vulnerability affects all versions of Windows, but is only listed as of Moderate severity on Windows Server 2003. This distinction is usually drawn for browser-based functions which are limited, by default, by Windows Server 2003's Enhanced Security Configuration. But, oddly, the advisory also lists Microsoft Visual Basic 6.0 Service Pack 6 and Microsoft Office 2004 for Mac as affected by this vulnerability and for the effect to be critical.

* One critical vulnerability affects VBScript and JScript in Windows 2000, Windows XP and Windows Server 2003, but not Vista.

* One vulnerability is critical appears to affect all versions of Internet Explorer for all current versions of Windows, including IE7 on Windows Vista.

* The final 3 critical vulnerabilities affect various Office products and versions.
o One is critical for Publisher 2000, but Important for Publisher 2002 and 2003.

o One is critical for Office 2000 SP3, but Important for Office XP SP3 and Office 2003 SP2. (Office 2003 SP3 appears not to be affected.)

o One is critical for Word 2000 SP3, but important for Word 2002 SP3, Word 2003 SP2, and Office 2004 for Mac.


* One Important vulnerability affects Active Directory functions on Windows 2000, Windows XP SP2 and Windows Server 2003.

* One Important vulnerability affects Vista only.

* One Important vulnerability affects IIS on all versions of Windows except for IIS 6.0 on Windows XP SP2. (Weird!)

* One Important vulnerability affects some versions of IIS on Windows XP SP2 and Windows Server 2003.

* One vulnerability affects the Microsoft Works 6 file converters. It's rated Important on Works 8.0 and Works 2005, but Moderate on the converter in Office 2003 SP2 and SP3.

Identity Management Ready to Skyrocket

Identity and access management market to hit $12.3B by 2014, new report says If you thought identity management technology was catching on, you ain't seen nothin' yet.That's the thrust of a new report published Wednesday by Forrester Research. The research firm predicts that identity and access management, will grow to 12.3B by 2014

read more | digg story

Visit ManagedIdentityProtection.com TODAY to find out how to Simplify Your Life and Defend Your Identity. We are in need of people who want to help us in this growing market.

A Google Horror Story

Earlier this week, an acquaintance of mine found himself trapped in a Kafka-esque nightmare, a nightmare that should make all of us stop and think. He wants to remain anonymous so let's call him Bob. Bob was an early adopter of all things Google. [...]

read more | digg story

Identity Theft On The Hill

Sunday, February 10, 2008; Page B08Recently, Georgetown University informed thousands of students, alumni, faculty and staff that a computer hard drive containing their personal information -- names, birth dates and Social Security numbers -- had been stolen from an administrator's office [Metro, Jan. 30].

read more | digg story

Recover A Lost Wireless Key

I came across this handy little utility today and thought I would share it with my readers. It very quickly will tell you all the keys that Windows has stored on your computer from the networks that you have input keys on. You can download the file here: Wireless Network Key Retriever

Security pros: Kill ActiveX

Wave of IE plug-in bugs prompts US-CERT to recommend disabling ActiveX February 5, 2008 (Computerworld) A wave of bugs in the plug-in technology used by Microsoft Corp.'s Internet Explorer browser has some security experts, including those at US-CERT, recommending that users disable all ActiveX controls.

read more | digg story

Microsoft Windows Live Mail's CAPTCHA defense falls to spam

Microsoft’s Windows Live Mail is being targeted by spammers adept at eluding CAPTCHA protection, according to Websense. According to Websense, spammers have created bots that are capable of creating random Live Mail accounts and then using them to launch attacks. In other words, the CAPTCHA defense doesn’t work. A CAPTCHA...

read more | digg story

Attackers zero in on Yahoo Jukebox ActiveX flaw

Just one day after hackers showed how to exploit a number of flaws in the ActiveX software used by Internet Explorer, Symantec has spotted online criminals using one of the attacks.

read more | digg story

RedTube: Our Registrar was Hacked

RedTube, one of the biggest porn sites on the Internet, says Turkish "cyber terrorists" hacked their domain registrar, eNom.com, causing an outage lasting up to 48 hours, depending on when routers refreshed ...

read more | digg story

Hey, Mac Users! You're Not as Secure as You Think You Are!

So, you think that since there are so few holes in your Mac OS that you're invulnerable to attack? That may be true for Trojans and viruses, but it's not the case for phishing attacks that can be fiendishly deceptive and destructive. Not worried yet? Read this column and you might think again.

read more | digg story

Top 11 Malware Threats To Watch Out For In 2008

Here's a heads-up on the evolving security threats we can expect to see in the coming year, including emerging menaces such as badvertising, adsploits, anti-social networking, lieware, and whaling

read more | digg story

Tutorial: How to set up WPA2 on your wireless network

If you are still using WEP encryption it's time to change! WEP is ineffective and has been for a long time. It's easily cracked. I know alot of people understand this, but if you have not changed, please take the time to do it now. Here is an excellent tutorial that explains the entire process.

August 24, 2006 (Computerworld) -- If you are like most people, your home or small office wireless router probably is running without any encryption whatsoever, and you are a sitting duck for someone to easily view your network traffic.

Some of you have put encryption on your wireless networks but aren't using the best wireless security methods. This means that you are running your networks with inferior protocols that offer a false sense of protection because these protocols are very easily broken into. It is the difference between using a deadbolt and a simple lock on your front door. For instance, Tom's Networking has a three-part series that shows you how easy it is to crack Wired Equivalent Privacy.

If you want to keep your neighbors out of your business, then you need to use Wi-Fi Protected Access version 2 (WPA2) encryption. This is now showing up on a number of routers and is worth the extra few steps involved to make sure your communications are secure. It is currently the best encryption method but getting it going isn't so simple. This recipe will show you how to make it work.

How does WPA2 differ from earlier versions? First, it supports the 802.11i encryption standards that have been ratified by the IEEE. These are the commercial-grade encryption products that are available on enterprise-class products.

Second, there are two encryption methods that WPA2 adds: one called Advanced Encryption Standard (AES) and one called Temporal Key Integrity Protocol (TKIP). Both of these allow for stronger encryption, and while the differences between the two aren't that important for our purposes, you should pick one method when you set up your network as you'll see in a moment.

Finally, the protocol creates a new encryption key for each session, while the older encryption standards used the same key for everybody -- which is why they were a lot easier to crack.

Also part of the new standard is Pairwise Master Key caching, where faster connections occur when a client goes back to a wireless access point to which the client already is authenticated. There is one more acronym I'll mention, and that is Pre-Shared Key or PSK. The WPA2 standard supports two different authentication mechanisms: one using standard RADIUS servers and the other with a shared key, similar to how WEP works. We'll get back to this in a moment, but let's show you how to get this train going.

Step 1: Windows OS: First make sure your operating system is up to date. If you are running Windows XP, you'll need service pack 2 and you'll need to download the WPA2 patch that's located here.

If you're using a Mac, you need to be running OS X 10.4.2 or better. Apple calls its version WPA2 Personal. While Linux is outside the scope of this article, you can get more information here.

Step 2: Wireless Adapter: While you are updating your Windows OS, you might want to make sure that the wireless adapter in your laptop is also up to the task of supporting WPA2. The Wi-Fi Alliance maintains an online database of products that is somewhat difficult to use. Go to their Web site, check the WPA2 box and then select which vendor you are interested in.

If you have a built-in Intel wireless adapter, it needs to be running Intel's ProSet version 7.1.4 or better, excluding versions 8.x. You can get more information on this page on Intel's Web site.

Step 3: Wireless access point/router: Next, make sure your router/gateway can support WPA2. If you have purchased it in the last year, chances are good that it does, but you might need to update your firmware as well. For the Belkin Pre-N router model 2000, I needed to update the firmware to version 2.01. An older model 1000 didn't support WPA2 and couldn't be upgraded. How can you tell the difference when you are buying one? You can't, other than opening the box and looking at the label on the bottom of the unit.

Here is how you set up the wireless security section of your router to support WPA2. In our examples here, we chose WPA2-AES. Here's a screenshot for the Belkin router:

You'll notice that you can obscure the key from being shown on the screen, which is a nice feature. That is the PSK that we mentioned earlier. Keep track of this; you'll need it later.

With this recipe, I also tried a Netgear WNR854T router, which didn't need any firmware update to support WPA2. Here is the screenshot from the Netgear router, where you can see the shared passphrase on the screen in the clear:

If you are using Apple's Airport router, you need to download the patch for Airport 4.2 here.

Step 4. Finishing the configuration: Now comes the fun part. Once you have your routers set up, you need to get the clients working properly. I'll show you the screens for Windows, but the Mac is similar.

The biggest issue is that you have to remember the PSK that you used to set up the router and enter it when prompted by the OS. You can enter any phrase from 8 to 63 characters, and obviously the longer the better. Don't forget to match the right combination of acronyms that you chose when you set up your router to match what is required in Windows' Wireless Properties Association dialog box, as shown in this screenshot:

Do this for all of the client computers on your network. Once you get everything working, if you take a look at your wireless connections screen, you should see something like this, where the wireless3 access point is showing that it has WPA2 security enabled:

OK, now you should be done. If you aren't getting a connection, chances are there is a mismatch between your router and your client. Check all the steps and make sure that the WPA2 choices are showing up in the right places and that you have chosen the appropriate encryption method (AES or TKIP) for both router and client pairs. You might also have to use the wireless management software from your adapter vendor, rather than Microsoft's, to set up your connection. Once you have a working connection, you don't have to go through all these steps and should be connected securely automatically.

David Strom is a writer, editor, public speaker, blogging coach and consultant. He is a former editor in chief of Network Computing and Tom's Hardware and has his own blog at http://strominator.com. He can be reached at david@strom.com.

Flash Ads Serving up Malware on Popular Sites

Malicious Flash banner ads have been surfacing on major web sites including Expedia.com, Rhapsody.com, and MayoClinic.com in the last month, according to media reports. Users who click on the banners, which advertise a digital music service, a student dating service, and disk cleaning software, are redirected to Web sites that install malware.

read more | digg story

Nine Ways to Wipe Out Spyware

PCmag.com rounded up the best (and worst) of the apps dedicated to finding and killing spyware—and keeping it from getting onto your machine in the first place. Not all antispyware apps are created equal!

read more | digg story

MayDay! Sneakier, More Powerful Botnet on the Loose

A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs.

read more | digg story

Guess who's winning the security-vs.-privacy fight?

In the nervous post-9/11 period, John Poindexter, the retired admiral and Iran-contra figure, created for the Pentagon a Big Brother intelligence...

read more | digg story

72 Tips for Safer Computing

I just picked this issue up from the newstand yesterday. Good guide and one that you can keep coming back to to make sure you are protected:From the basics to the extreme, here are the tricks that will keep your computer, you, and your family secure and safe.

read more | digg story

Google blog used to spread malware

Latest example of a bogus blog posting used to spread malware. A Google-hosted blog is running phony security content that's linked to malware, as well as using Google's automated notification service to try to entice subscribers to click on an infected link, says one security expert.

read more | digg story

Russia the Evil Hacker Haven

The most powerful Internet weapon on the planet is being protected by the Russian government. The weapon in question is the Storm botnet. This is the largest botnet ever seen, and while the United States has traced its creators to Russia, the government there refuses to cooperate in shutting Storm down.

read more | digg story

Steal this WiFi

Very interesting story dealing about the consequences of having an open WIFI connection:

Whenever I talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

read more | digg story

R.I.P. American Privacy. We will miss you.

The FBI is gearing up to create a massive computer database of people's physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists.

read more | digg story

Employee Pulls Plug on Digital Bank Robbery

Online transfer would have sucked "millions" from the bank's vaults; thieves are arrested An alert employee found a foreign device attached to his computer, then pulled the plug only seconds before a group of digital bank robbers could steal "millions" from his bank near Stockholm, Sweden.

read more | digg story

Wireless headsets: A corporate spy's best friend

Imagine spending months, millions of dollars, and countless hours designing, building, and implementing a world-class security program only to have it circumvented by an inexpensive wireless telephone headset. According to Secure Network Technologies, a penetration testing firm, that's is exactly what can happen at many large corporate offices.

[...]

What did we prove? That many companies which fear security breaches and eavesdropping are actually bugging their own offices, and spilling their private content over the open air waves without their knowledge. The problem is not unlike the early days of wireless LANs and WiFi, when the technology became popular before adequate security was developed.

What can you do about it? The first step is to recognize the vulnerability. These headsets generally operate at 900MHz and, as we learned, are not necessarily secured with encryption. Find out who's using the technology and where. Secondly, you should consider doing a scanning test, as we did for our client. It's worth $80 to make sure your corporate secrets are not unintentionally leaking out of the building via wireless headsets.

Source: Hacking Wireless Headsets, Steve Stasiukonis, Dark Reading, 22 January 2008

The quote above is from an article in which Secure Networks describes an actual pen test they performed for a client, during which they discovered significant wireless headset vulnerabilities. Using a commercially available radio scanner, an attacker can monitor and record telephone conversations from as far away as 600 feet (UPI). But it's not just telephone conversations that are at risk. In some cases, the headset continued to transmit after a call was terminated. This effectively "bugged" the user's work area.




Blog Entry shared from the Adventures in Security Blog.
Original author: Tom Olzak (Director, Information Security)

Spies in the the Phishing Underground

If you want a real behind the scenes look at the criminal element in this underground world of phishing, read this article!

Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. In this interview, they expose the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and even how they phish each other.

read more | digg story

Wi-Fi Users, Beware: Hotspots Are Weakspots

Next time you are sitting in a hotel lobby checking email on your laptop, be careful: The "businessman" in the next lounge chair may be tracking your every move. Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily.

read more | digg story

IRS Pencil Sharpener Now Available

I thought it would be fun to start the week off with a little humor ----- In an effort to offset tax payer costs for the operational costs of its organization, the IRS is introducing a line of products, beginning with this fantastic pencil sharpener.

read more | digg story

The OLPC Project and Nigerian Spammers - Is there a link?

Simple speculation that the mass release of the One Laptop Per Child has coincided with a huge rise in the number of Nigerian spam, and auto-bot attacks.

read more | digg story

Scientology Internet Hackers Plan Real-Life Protests at Church Locations

Hackers who launched a massive online attack against the Church of Scientology are now turning to real-world protests to draw attention to what they call a "vast moneymaking scheme under the guise of 'religion."'

read more | digg story

The Twenty Minute Guide to PC Security: 20 Tips to Secure your Box

"In this article we cover 20 of the most basic PC security steps, from installing essential safeguards to tailoring your own Internet behavior, which will together help you dramatically reduce the odds of your computer being infected by malware." Even your Mom can follow this guide.

read more | digg story

Simplify Your Life Defend Your Identity

ManagedIdentityProtection.com

Microsoft Bid for Yahoo Raises Privacy Flags

In the wake of Microsoft’s offer to purchase Yahoo for $44.6 billion, consumer advocates are renewing concerns about the potential for virtually unchecked surveillance and tracking of consumer activity online.

read more | digg story

Simplify Your Life - Defend Your Identity --- Managed Identity Protection

Heathrow PC security probe launched

Public access internet terminals at Heathrow airport may be vulnerable to hacking attacks.

read more | digg story

There are much safer ways to prevent this kind of malicious activity. We have a VERY good low cost alternative to those Windows public terminals. You can e-mail us for details. datasaversinc@gmail.com

Couldn't Agree More

Chris Pirillo spends some time talking about the Bloatware that McAfee and Norton put out in their software packages designed to protect your computer. The first thing I do when someone asks me to look at their computer, especially a new PC is to get rid of these software packages. I rip them out and usually install AVG antivirus, Windows Defender, and enable Automatic Windows updates, and windows firewall. With these tools the average user is protected adequately. Well, I'll let Chris tell you:


Chris | Live Tech Support | Video Help | Add to iTunes

Simplify Your Life Dedend Your Identity - Managed Identity Protection.com

Laptop Encryption Not Present In Computer Lost By Blue Cross

Horizon Blue Cross/Blue Shield of New Jersey is notifying over 300,000 members that their names, Social Security numbers, and other information was in a laptop computer stolen on January 5 from the home of an employee who was authorized to take the data home. Well, I’m assuming it’s her home, although the health insurance company pointedly ..

read more | digg story

Simplify Your Life - Defend Your Identity - Managed Identity Protection.com

Verizon mixes up two subscribers private info, wont fix!

To put it bluntly, Verizon has shown that they don’t care - at all - about protecting their users private, confidential information. Two random subscribers can see each others private details - address, phone numbers, credit card details, account info, etc. After multiple service requests, Verizon continues to ignore it. Identity theft anyone?

read more | digg story

Simplify Your Life - Defend Your Identity - managedidentityprotection.com

TSA security flaws exposed users to risk of identity theft

Significant security flaws in the Transportation Security Administration's traveler redress web site exposed thousands of travelers to the risk of identity theft. Alanis might call it ironic, but we call it sad and unacceptable.

read more | digg story

Simplify Your Life Defend Your Identity - Managedidentityprotection.com

Stop the Junk Mail Onslaught

There are a couple of really good ways to cut down on the amount of junk mail that you receive. I know I have started taking these steps and have begun to see a smaller flow already. My PO box has been empty 2 days in a row! That's got to be a record of some kind.

In any case here is what you can do:

1. Visit Optoutprescreen.com and follow the directions there to remove yourself from credit card offers. There are two options. If you opt out electronically, you are removed from :firm: offers for 5 years. If you mail in your request you can be removed from the list permanently. The site indicates that there are benefits to receiving "firm" offers. Stating that you can comparison shop on different offers. Ok, I can understand that for someone who is just establishing credit maybe. However, can't you really do that one the internet? I think so. The internet after all is a wealth of information and I'm sure every credit card company ever created can be found there.

2. To get rid of the vast majority of other junk mail that clutters up our houses visit Direct Marketing Association and register for their Mail Preference Service. My suggestion is to mail in your application with a $1.00 fee. Or you can also use a credit card and register online. There is also a very informative FAQ section at the website that should help us all figure out the $2,000,000 question ---- "How Did They Get My Name"?

Hope these tips help you to unclutter your mailbox, your life, and also save some trees in the process!

Simplify Your Life - Defend Your Identity - Managed Identity Protection.com

650,000 Consumers Personal Data Breached

The stories just keep rolling in, and this one is a doozie. This story was on the AP wire on the 18th of January:

Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

To read the rest of the story Click Here

Managed Identity Protection

Let's Be Careful Out There!

Some of us may remember the old TV series "Hill St. Blues"? Well, they used to have a scene at the beginning of every show that the Sargent used to give all the officers an update of the current situations and criminal activity that was going on out on the streets. At the end of his discussion when everyone was standing up to leave he often would stop everyone with the following: "Hey! Let's be careful out there!" Well, I guess the following story adds a new twist to this:

From PC Mag's Security Watch Blog:

In the most flabbergasting case of law enforcement paranoia since the Julie Amero case, a Florida police office is under investigation for having linked, in his MySpace profile, to another person who had a porn link in their profile.

John Nohejl is a "resource officer," on-campus at Gulf Middle School in New Port Richey, Fl. He didn't have any porn on his page and he didn't link to a porn page, but one of the 170 people listed as his friends had a link on their site to a legal porn site. This is the way the St.Petersburg Times put it: "...kids could navigate from Officer John's page on the social networking site to "Amateur Match Free Sex" in just three clicks." And now the officer is under investigation by the New Port Richey Police Department and the Florida attorney general's cyber crimes unit for making the materials available to underage children.

So now people are responsible for what happens on web sites to which they link. Time to stop linking to Google; In just one click you can get to hundreds of millions of offensive pages.

MANAGED IDENTITY PROTECTION

Missouri Senator works to protect ID theft victims’ assets

Missouri Senator Michael R. Gibbons has introduced a bill that would protect the assets of ID Theft victims. Gibbons said new protections are needed to combat the growing number of identity theft victims who lose their hard-earned money and assets.

“Victims should not have to lose what they’ve worked their entire life to earn after being defrauded,” Gibbons said. “By allowing consumers to freeze their credit, we can make sure identity theft victims aren’t further harmed.”

Bravo to Senator Gibbons. It's time people who have been victimized are not taken advantage of further and allowed to restore their lives.

The complete story can be read here at the Branson Daily News:
http://www.bransondailynews.com/story.php?storyID=6243

You can get Managed Identity Theft Protection for peace of mind and simplifying your life. Visit our website for details: http://www.managedidentityprotection.com

Maybe a Little Off Target

I guess there are so many things that I get concerned about, that I don't know where to start. The economy is on a tailspin, the war in Iraq doesn't seem to get much better, Bush is still in office, etc.

I came across this video this evening and decided to take a different slant all together on this blog. I do get very concerned about ID Theft and I want to help people secure their computers. That will definitely be covered. But this video made me pause and think that maybe the real issues are so blatantly obvious that we all need to do our part to talk about them, get with our elected leaders and let them know how we truly feel about this. It's an election year after all, the candidates should listen, right? (stop that, I heard that distant chuckle). In any case, let's get together as Americans and stop this abuse of power before it's too late. Watch this video and spread it far and wide:

This is What A Police State Looks Like

Add to My Profile | More Videos