Monthly Archives: June 2013

Chinese Blamed for More than Half of Intellectual Property Theft

A variation of hack-back – in which a victim of a cyber-attack assaults the assailant’s computer or network – could be used to mitigate the theft of intellectual property. That’s one of the takeaways of a just-released report from the Commission on the Theft of American Intellectual Property, a private group.

A major recommendation of the report, issued May 22, is that the federal government and business impose economic penalties against those accused of profiting from pilfered intellectual property. But the commission – co-chaired by former U.S. ambassador to China Jon Huntsman and former National Intelligence Director Dennis Blair – also suggests that the government be supportive of American companies that can identify and recover pilfered intellectual property through cyber means. Simply, the victims break into their assailants’ computers to recover their intellectual property or disable it.

“Without damaging the intruder’s own network, companies that experience cybertheft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information,” the report says.

The report, which blames the vast majority of intellectual property theft on the Chinese, points out there are increasing calls to create a more permissive environment for active network defense that allows companies to aggressively retrieve stolen information, alter it within the intruder’s network or destroy the information within an unauthorized network. The commissioners says they disapprove of additional measures that would include photographing hackers using their own systems’ camera, implanting malware in hackers’ networks or even physically disabling or destroying hackers’ own computer or networks.

Collateral Damage Concerns

“Part of the basis for this bias against ‘offensive cyber’ in the law includes the potential for collateral damage on the Internet,” the report says. “An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network systems of an innocent third party.”

The commission doesn’t recommend specific revisions to the law, at least not now. But, the report says, “informed deliberations over whether corporations and individuals should be legally able to conduct threat-based deterrence operations against network intrusion, without doing undue harm to an attacker or to innocent third parties, ought to be undertaken.”

Most of the commission’s recommendations do not deal with cybersecurity, but it recommends:

• Implementing prudent vulnerability-mitigation measures to provide a summary of the security activities that ought to be undertaken by companies. “Activities such as network surveillance, sequestering of critical information and the use of redundant firewalls are proven and effective vulnerability-mitigation measures,” the report says.
  
• Reconciling necessary changes in the law with a changing technical environment. Technology and law must be developed to implement a range of more aggressive measures that identify and penalize illegal intruders into proprietary networks, but do not cause damage to third parties. “Only when the danger of hacking into a company’s network and exfiltrating trade secrets exceeds the rewards will such theft be reduced from a threat to a nuisance,” the report says.
  

Chinese Policy Encourages IP Theft

The report says the vast majority of intellectual property theft emanates from China, which its authors contend accounts for 50 percent to 80 percent of the problem. They see China’s national industrial policy goals as encouraging intellectual property theft, adding that an extraordinary number of Chinese in business and government entities engage in this practice.

There are also weaknesses and biases in the Chinese legal and patent systems that lessen the protection of foreign intellectual property. In addition, the report says, other policies weaken intellectual property rights, from requiring technology standards that favor domestic suppliers to leveraging access to the Chinese market for foreign companies’ technologies.

Via: bankinfosecurity

This summer, when some of my family spends a few weeks in Europe, they’ll be using there Verizon smartphone to call home — and it won’t cost us a penny more.

We use Vonage voice over IP telephony service for our home phone. Vonage Extensions, the VoIP provider’s dialer app for iOS and Android phones, turns your smartphone into another extension on your Vonage VoIP service. No charges for calls, even to and from Europe! But wait…

Until recently, each Vonage Extensions call still had to be connected through the carrier’s cellular network, and that meant you were using up either mobile minutes or megabytes of your data plan. The app was still useful when placing international calls from the U.S., since our Vonage plan includes toll-free calling to Europe. But it was a nonstarter when calling from abroad, since Verizon bills as much as $1.29 per minute for voice calls and $20.48 per MB for data.

All that changed last December when Vonage Extensions added support for Wi-Fi. That means you can make calls from your virtual Vonage extension from anywhere you have Wi-Fi connectivity and completely bypass the cellular network. That’s important because while third-party telephony apps have allowed users to avoid using airtime minutes by routing calls over their data plans, the days of metered data are now upon us. Whether you exceed your airtime minutes or your data plan maximum the all-you-can-eat data buffet is becoming a thing of the past. My family still has an unlimited data plan, but when they trade in that iPhone 4 with the cracked screen for a new model this August the free lunch will be over.

Of course, that unlimited data plan is useless when calling from Europe. So our plan is to completely turn off the cellular radio in the iPhone while away and configure the device to function exclusively as a Wi-Fi telephone. The one downside: Since their calling from an “extension” of our home phone accountthey won’t be able to call us on that number. But they can call our business lines as well as our mobile phones.

For me, Vonage Extensions has another potential benefit: I could lower the number of voice minutes I need in my mobile contract and save about $20 per month. The way mobile contracts are structured you’re always either leaving unused minutes you paid for on the table or paying through the nose for every minute you go over the plan amount. In my situation, for 10 or 11 months of the year I never get anywhere near my minutes cap. During those months I’ve bought more minutes than I need – wasteful. But then there will be one month, or maybe two, when I go over — and then I pay up big time. Typically those charges have been in the range of $40-$60 per incident. So do I upgrade for the worst case scenario and over pay 90% of the time or stick with what I need on average and pay the piper during those times when I go over? Now I won’t have to pull out the calculator.

Unfortunately for me, there’s a catch: Each Vonage account only gets one Vonage Extension for free, and my daughter has it. Setting up an additional app would cost an additional $4.99 per month, or about $60 a year.

I’ve been testing Vonage Extensions for about a week on a Galaxy Nexus phone and so far performance has been flawless. The user interface is clean and simple to use…

…and setting up the phone to use only Wi-Fi is easy as well.

So far so good.

My daughter started using the app last week and liked it so much that she dropped the icon into her iPhone’s task bar. She also has Skype as a backup, which will allow free calls to our mobile phones or computers so long as we’re logged into our Skype accounts. (Vonage offers a similar service, called Vonage Mobile). So far so good here as well.

But the big question — and we won’t have an answer until she arrives — is whether the quality of broadband in Germany will be sufficient to support VoIP. From what I hear it can be pretty sketchy. I guess only time will tell for sure on this one.

Via: computerworld

Live your life in Gmail? These tricks and add-ons will make Google’s email service more powerful, productive, and pleasant to use.

Take control of your inbox

For as much time as many of us spend in Gmail, the service is essentially a virtual home. And as any good homeowner knows, there’s always something you can do to spruce up your living space and make it work better for you.

In Gmail’s case, there’s a lot of handiwork just waiting to be done — advanced settings to enable, interesting features to be embraced, and third-party programs to install. Google itself just unveiled a new tabbed interface that can change the way you think about email. But that’s barely scratching the surface.

So dig in and try a few of these less publicized inbox improvements. Your e-property value will skyrocket — and your quality of virtual life is guaranteed to improve

HelloSign

If you’re anything like me, you waste a lot of time downloading PDF attachments, applying electronic signatures, and sending the documents back. Fun times, right? A handy little plug-in called HelloSign makes that headache a thing of the past: HelloSign adds a simple Sign prompt into Gmail anytime you open a message with a PDF attachment. Click it, and — once you’ve completed a one-time setup — you can drag and drop your signature wherever it needs to go, then resave the document and attach it to a response with a single click. That, my friends, is a level of convenience I’ll certainly sign off on.

HelloSign is free.

Boomerang for Gmail

Ever wish you could type up an email and schedule it to be sent at some specific future time? An add-on called Boomerang for Gmail gives you the power to do that — and a whole lot more. Boomerang adds message scheduling support to your inbox along with the ability to set follow-up reminders for messages. You could tell Boomerang, for instance, to archive a message, then bring it back to the top of your inbox if you don’t get a response after four days.

Boomerang gives you up to 10 actions per month for free; if you want more, you’ll have to pay $5 to $15 per month for a higher-level plan.

Gmail labels

Gmail doesn’t have traditional folders, but it has something even better: Labels, which can help you stay organized and save time. While folders are generally limited by their nature to one per message, Gmail’s organizational system allows you to apply as many labels as you want to a single email — so one email could have the label “Invoices,” for example, as well as the label “Business.” You can easily customize your labels and control which are displayed in the main sidebar, as well as which show up within the in-message Labels menu; just head to Gmail’s settings to get started.

Customizable addresses

Here’s a little secret: Your Gmail account actually comes with numerous email addresses, all of which go straight to your inbox. First, you can add a period anywhere within your username to make a unique address — changing johnsmith@gmail.com to john.smith@gmail.com or jo.hn.sm.ith@gmail.com. Second, you can add a plus sign and put anything you want after your user name — johnsmith+banking@gmail.com, johnsmith+amazon@gmail.com, and so on. Finally, you can swap gmail.com out for googlemail.com; the domains are interchangeable for all accounts.

The real power of those options comes into play with our next item….

Gmail filters

Gmail’s native filtering feature is one of the best ways to keep your inbox from getting insane. Within Gmail’s settings, you can set up advanced rules for processing incoming messages. You could tell Gmail to automatically archive certain messages so that you’ll never see them (but can find them if you need to) or to automatically apply specific labels based on a message’s sender or subject line.

The aforementioned customizable addresses can come in handy here, too: You might give out a unique address when signing up for a new service, for example, in order to retain control over any messages it sends you.

Copy2Contact

Google has a robust contact management system, but its integration with Gmail often leaves something to be desired. That’s where Copy2Contact comes in: The free app puts a special box in your Gmail sidebar; once it’s there, you can highlight someone’s signature within an email, drag it over to the box, and let Copy2Contact extract all the relevant details and create a new entry in your contacts. It’ll even automatically place all the person’s details in the appropriate fields.

Copy2Contact is currently free for use with Gmail, though its maker says the pricing may change at some point in the future.

Google Tasks

Sometimes you need a quick to-do list — and Gmail actually has one; it’s just a little hidden from view. From your main inbox view, press G, then K to open up the Gmail Tasks interface. You can also click the word “Gmail” at the top left of the screen to access a drop-down menu with the same option.

You can add tasks directly to your list from emails, too: Just press Shift-T (or click the More menu, then select “Add to Tasks”) while viewing a message. For Tasks access on the go, search your phone’s app store; plenty of third-party programs are available that provide elegant mobile access to the platform.

Minimalist for Everything

Over the years, Google has added a lot of clutter into Gmail — ads, features, and cross-service integration that you may not want and might rather have off your screen. If you use the Chrome Web browser, a free extension called Minimalist for Everything offers an easy way to clean up the look of your Gmail and make the interface more productive for you. Minimalist gives you options to hide or tweak practically every element of the Gmail interface; with its help, you can create a clean and user-friendly UI that’ll let you focus on the important stuff without all the distractions.

AwayFind

Most of us drown in email — and making sure urgent content catches your eye is sometimes easier said than done. A service called AwayFind aims to fix that. AwayFind makes sure you know when you get an important email by sending you an alert via text, voice call, mobile notification, or instant message. You tell the service what’s important based on sender or subject. You can even set time-sensitive alerts — if, say, you want to be notified when a certain person emails you anytime within the next 48 hours.

AwayFind offers a limited free plan and charges $5 to $15 a month for its fully featured services.

Priority Inbox

If the new tabbed inbox isn’t your thing, Google has another way of helping you sort through messages while you’re sitting at your computer: a native Gmail feature called Priority Inbox. Priority Inbox uses a variety of variables to determine what incoming messages are important to you; it then separates the important messages out from the less pressing stuff and presents it all in a single screen to make your inbox easier to manage. It learns over time, too, responding to your habits and taking the hint when you manually adjust something it has sorted.

You can activate Priority Inbox (and choose to use it in place of the upcoming tabbed interface) within the Gmail settings.

Keyboard shortcuts

One of the simplest ways to save time is to quit messing around with your darn mouse. Gmail has a host of keyboard shortcuts that let you quickly navigate through your messages — pressing R to reply to a message, for instance, or C to compose a new message. To enable keyboard shortcuts, just activate the option in your Gmail settings; once it’s on, you can press ? from anywhere in the system to see a complete list of available commands. And if you aren’t happy with the shortcuts, you can change ’em; just look for the “Custom keyboard shortcuts” option in the Gmail Labs settings.

Canned Responses

If you suffer from a serious case of email-writing déjà vu, you gotta start using Gmail’s Canned Responses feature. Canned Responses are quick templates you create, then insert into messages with a couple of clicks. To get started, first go into the Gmail Labs settings and enable the Canned Responses option; then, when you compose a new message, click the small arrow at the bottom of the window, and select Canned Responses.

Monotony’s never been so beatable.

ToutApp

For even more advanced template tools, try ToutApp — a browser-based app that brings business-grade automation to your Gmail inbox. ToutApp puts one-click buttons in your Gmail compose window for pasting in fully formatted templates with optional file attachments. It’ll even fill in preset fields on the fly for you, like the first name of your recipient. ToutApp also provides mechanisms for organizing your inbox, tracking messages after they’re sent, and integrating with CRM platforms like Salesforce.

The service starts at $30 a month.

Preview Pane

Do you find yourself yearning for the Outlook-style preview pane that put a permanent message-viewing window inside your inbox? Fear not: Gmail actually has a way to get it. Gmail’s Preview Pane feature does just what you’d think: It splits your inbox in half, leaving the message list on the left and putting a viewing window on the right. An icon at the top of the screen lets you toggle the viewing window on or off; it also provides an option to switch to a horizontal setup, if you’d prefer.

Gmail’s Preview Pane can be enabled within the Gmail Labs settings.

Gmail Gadgets

Let’s face it: For most of us, the sidebar at the left of the Gmail Web interface is a lot of wasted space. With Gmail Gadgets, you can make that space work for you: Start by opening up the Gmail Labs settings. There, you’ll find options to enable sidebar gadgets for both Google Calendar and Google Docs; you can also enable an option to “Add any gadget by URL” that places a new dedicated Gadgets section in your main Gmail settings. That section allows you to add in any compatible third-party gadget (see this list for a few interesting ones to try).

Embedded content

Why click to open links and attachments when you can view them right within your inbox? You may not realize it, but Gmail can let you see all sorts of content without ever leaving the message in which it’s mentioned. Head into those Gmail Labs settings again and look for all the features with “In Mail” in their titles. You’ll find options to activate in-message viewing of documents, spreadsheets, and presentations as well as maps, Google Voice voicemails, and photos from Flickr and Picasa.

Mute

We’ve all been on there — on the To list of a mass-recipient email that just won’t die. Well, good news: Gmail has a tool to help you quietly excuse yourself from the conversation. The next time you get a message with multiple recipients, click the More button at the top of the screen and select Mute. Gmail will then keep the message archived and out of your inbox, even as new responses trickle in, unless something changes in the thread and a message arrives addressed only to you.

Don’t worry — I won’t tell.

Via: infoworld

The FBI today issued a warning that online criminals are using online photo-sharing programs like Instagram to initiate scams and dump malware on victims’ computers.

The FBI said offenders typically advertise vehicles online but will not provide pictures in the advertisement, rather they will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.

The photos can/often contain malicious software that infects the victims” computer, directing them to fake websites that look nearly identical to the real site where they originally saw the advertisement, the FBI stated.

The cyber lawbreakers run all aspects of these fake websites, including “tech support” or “live chat support,” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise.

 The FBI offered a few tips for protecting yourself:

 •Be cautious if you are on an auction site and lose an auction and the seller contacts you later saying the original bidder fell through.

 •Make sure websites are secure and authenticated before you purchase an item online. Use only well-known escrow services.

 •Research to determine if a car dealership is real and how long it has been in business.

 •Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely fraudulent.

 •Scan files before downloading them to your computer.

 •Keep your computer software, including the operating system, updated with the latest patches.

 •Ensure your anti-virus software and firewalls are current – they can help prevent malware infections.

Via: networkworld

PayPal Battle Hack challenges developers to create apps that make use of PayPal payment processing.

PayPal this week kicked off a global software-coding competition called Battle Hack, challenging software developers to devise on their own a socially useful application that makes use of PayPal payment processing. The grand prize: $100,000.

“The application has to both incorporate the PayPal API and benefit the local community — anything from charity to improving traffic,” says a PayPal spokesperson about the competition, which starts in Berlin on June 8. “PayPal is encouraging developers to get creative with their applications. The winners are chosen by a panel of judges from PayPal in their cities.”

Besides Berlin, other cities where PayPal is holding the Battle Hack competition include New York City, Tel Aviv, Miami, Moscow, Austin, London, Washington, D.C., Seattle and Barcelona. PayPal competition expects software coders to appear at a designated site in each city and spend 24 hours showing how they alone or with a team of up to four can program an application that creatively makes use of the PayPal API for a socially useful purpose.

PayPal will award first place to one team of maximum four members at each Battle Hack city. “Each winning team will earn a spot to travel to Silicon Valley to compete in the Battle Hack World Finals,” the PayPal spokesperson said, for a chance at the $100,000 prize and other prizes. Participants retain the rights to the applications they enter in the competition. PayPal said this is the first such global “hackathon” it’s ever held.

Via: networkworld

Lots of people don’t worry much about encryption.

After all, security companies only promote encryption as a way of life because they’ve got encryption products to sell, right?

Perhaps.

Or perhaps they have encryption products to sell because they think encryption is a useful security tool for your digital lifestyle?

Regular Naked Security readers will remember that they found that out for themselves back in 2011, when they went to a transit company’s annual lost property auction to buy up mislaid USB keys.

They were alert when they found that two thirds of the keys were infected with malware, and alarmed when they checked all the other files left behind: not one file on one USB key had been encrypted.

And, judging by the sort of stuff that was in those files, most of those keys contained information their owners would not have wanted to enter public life.

Of course, it’s easier to lose a USB key than a laptop, which for many users is a prized (or at least a valued) possession, even before the data is taken into account.

Or is it?

Here’s a video that made me vow to keep my beloved MacBook out of sight in public unless my hands are actually resting on the keyboard ready to grab it back from any prospective passing grab-and-run thieving rotter…

Full disk encryption gives you an extra layer of defense against the potential cost of this sort of opportunistic theft.

The crook can still sell your laptop to a fence for its value as a stolen laptop, but he (or his fence) will struggle to get any data off that might bring additional revenue on the Underweb.

Via: nakedsecurity

Over the years, many have touted Mozilla’s Firefox as one of the most secure Web browsers. But as with other browsers, the security level offered depends on the settings. Some security features need to be manually enabled. Those turned on by default should still be double-checked.

Follow these five steps to lock down Firefox. Start with the essentials in the browser’s own settings, then choose some useful add-ons. Finally, keep track of your plug-ins so you can patch the inevitable security holes.

Enable a master password

Like other browsers, Firefox by default allows anyone who accesses your computer to log in to sites where you’ve saved the password. And as with Google Chrome, a list of the saved usernames and passwords can be viewed via the Options menu of Firefox.

Fortunately, Firefox offers a master password feature that encrypts and password-protects the saved password list. When enabled, you must enter the master password the first time you use a saved password, once per browser session. Additionally, even though you enter the master password the first time, you must always enter it before you can view saved passwords via the Options menu. This is a great feature to help prevent casual snooping of your passwords. It even prevents most third-party utilities from recovering them.

To enable the master password feature, open the Firefox menu, select Options, select the Security tab, and then check the Use a master password option.

Use a strong password for syncing

Like Google Chrome, Firefox has a syncing feature to synchronize your bookmarks, passwords, and other browser data to Firefox browsers running on other computers and devices. Fortunately, Firefox encrypts all synced data, not just your saved passwords (as Google Chrome does). Additionally, Firefox has more security than what Chrome offers by default when you’re setting up a new computer or device to sync. In Firefox, you must log in with your Firefox Sync password. Then you must either enter a random passcode from the new device into one that you’ve already set up, or take the recovery key from a device you’ve already set up and input that key into the new device.

So you don’t have much to worry about with Firefox syncing–as long as you use a strong password, one with upper- and lowercase letters, numbers, and special characters. If someone knows or cracks the password, and has access to a device you’ve already set up with syncing, they can then set up other devices with syncing and access your passwords and other browser data.

To enable or change sync settings, open the Firefox menu, select Options, and select the Sync tab.

Verify that security options are enabled

Like other popular browsers, Firefox includes some basic security and privacy settings. Though most are enabled by default, you should ensure they haven’t been disabled.

Start by opening the Firefox menu and selecting Options. In the Options window, select the Security tab. Ensure that the first option, Warn me when sites try to install add-ons, is enabled to help prevent sites from automatically installing add-ons, as some can be dangerous. Then ensure that the next two options, Block reported attack sites and Block reported web forgeries, are also checked to help enable protection against malware and phishing.

Next, select the Privacy tab. And if you want more privacy online, select the first option, Tell websites I do not want to be tracked, which isn’t enabled by default. Although it can’t prevent all tracking, it will reduce tracking by those sites that support this type of option.

Now, select the Content tab. To prevent pop-up windows that can be annoying and even contain phishing ads, ensure that the first option is enabled: Block pop-up windows.

Lastly, select the Advanced tab, select the Update subtab, and ensure that Automatically install updates is selected.

Use add-ons for more protection

Consider installing these security-related add-ons for extra protection:

NoScript helps you control which sites can use JavaScript, Silverlight, Flash, and other embedded content, as they can be used maliciously to infect your computer or for phishing attempts.

Adblock Plus blocks banners, pop-ups, and video advertisements on websites to reduce clutter and the resulting annoyance; they can even reduce accidentally stumbling upon adware, malware, and phishing attacks.

Web of Trust (WOT) shows the user ratings of sites and blocks dangerous sites–such as those with malware–to increase safe surfing, shopping, and searching on the Web.

HTTPS Finder automatically detects and enforces HTTPS/SSL-encrypted connections when available–great in helping to reduce the chances of an eavesdropper on a Wi-Fi network from capturing your login details.

Xpnd.it! short URL expander allows you to hover over shortened links to see the real URL and other basic information about the site so you know where it leads before clicking.

Check and update plug-ins

Cyber criminals regularly use vulnerabilities in popular browser plug-ins (like Java and Adobe products) to infect and invade computers. Most plug-ins regularly release updates to patch security holes. Many plug-ins are set by default to update automatically or at least to notify you of them. However, it’s a good idea to check periodically for updates. Consider using the Mozilla plug-in checker or third-party sites like Qualys BrowserCheck for updates for other browsers.

A little vigilance goes a long way

Firefox is pretty secure on its own, but you can make it even more secure with the right settings and add-ons. Good password management remains essential, too: Create and enable a strong master password so others can’t use or view your passwords. And if you use the syncing feature to synchronize your passwords and browser data across devices, use a strong password to prevent others from syncing. Finally, keep tabs on your add-ons and plug-ins to make sure they’re giving you the best possible protection.

Via: networkworld

LinkedIn is the latest website to add two-factor authentication as a measure to prevent account takeovers.

The company on Friday announced the new functionality, saying in a blog post that it will make it “more difficult for unauthorized users to access your account.”

The feature works similarly to the two-step verification recently pushed out by Twitter, which had been experiencing
high-profile account compromises.

LinkedIn users will be queried for an additional verification code, in addition to their password, when they attempt to login to the site from an unrecognized computer or device. The code will be sent to users via mobile text message.

The site’s more than 200 million members can enable the capability by visiting “Settings,” then selecting the “Account” tab and clicking “Manage Security Settings.”

The business networking service has tightened its security since it sustained a massive breach earlier this year when 6.5 million of its users’ passwords were dumped on a Russian forum. Victims were forced to reset their passwords.

Via: scmagazine

Beware, fanboys and fangirls: phishers are targeting Facebook Page owners with a bogus message supposedly sent from Facebook Security.

According to Hoax-Slayer, the scam claims that Facebook is rolling out a new security feature to protect Page owners.

This supposed new security feature is dubbed the “Fan Page Verification Program”.

It does a nice job of flattering suck-up to entice victims into coughing up their Facebook login details, telling targets that they’ve had ever so many stolen Pages lately, and they simply can’t think of what to do about it except just, well, throw up their hands and Delete them all – yes, Delete those bad, bad Pages, with a capital “D”.

All the stolen Pages, that is, except yours, which, gosh, is so popular with its “High Quality Content”.

The message tells victims that they have to click a link and choose a 10-digit security code to complete the process.

Those who don’t comply will see their Page suspended permanently if the process isn’t completed by May 30, 2013, they go on to say.

Here’s an example of this scammy letter that Hoax Slayer posted on Friday:

Dear Facebook User,

You are receiving this message to notify you about the new security feature from Facebook called “Fan Page Verification Program”.

After many Fan Pages have been stolen lately leaving us no choice but Deleting them forever, we had to come up with an original solution about the Fan Page’s Security.

Luckily, your Fan Page, has a lot of likes and provides High Quality Content, which qualify it for this program.

To complete this process you must choose a 10-digit number (it can be any number) and that number will be assigned as your Security code”. This code will be the new passphrase for changing anything important for your Fan Page, like the Admin roles or other important settings.

Please be aware that this process it’s open only until 30.05.2013 and it’s mandatory to complete it. If you don’t, your Fan Page will be suspended permanently since it is not considered safe for the wide audience.

Please visit the link below to complete the process:

[Link Removed]

Facebook Security

Anybody who falls for it and clicks on the link will be whisked away to a spot where they’re told to submit Facebook login details and the so-called 10-digit “Transferring Code”.

Those who complete and submit the form will be presented with a message that says “Step 1: Transferring Code.”

Victims will happily go away, thinking they successfully completed the “procedure” and thereby secured their Page.

In reality, the only procedure victims will have initiated is one to transfer Facebook account login details to crooks who can then hijack their accounts and Pages and torment Facebook users with more spams and scams launched from their victims’ own accounts.

If you receive a message like this one, don’t open any links or attachments.

Via: nakedsecurity

For cybercriminals everywhere, it’s still business as usual. The recent global ATM heist that stole a total of $45M showed that orchestrated targeted attacks continue to plague organizations globally.  Legacy approaches to identifying threats are not keeping up with the tactics being used to exfiltrate precious assets and corporate secrets. Although it took money mules withdrawing cash from ATMs in 27 countries to pull off the heist, we will likely see that this was made possible by a very sophisticated targeted attack on third-party card processors in India and the US – as initial reports indicate.

The real debate is how much collateral damage and fallout we’ll see as a result of this attack.  Many of the same technologies and processes are used by other financial institutions.  A weakness here could be used by attackers to target other banks with similar architectures.

It’s a safe bet to assume the attackers were able to acquire  and maintain a persistent foothold in these banking institutions. The attackers carefully picked their target to increase the chances their attack would be successful without being discovered.  Weeks and months of reconnaissance work was more than likely carried out, coupled with covert, clandestine operations once their marks had been made and a foothold was achieved.

These types of targeted attacks are not like other day-to-day threats we information security professionals face.  They are more likely targeted attacks that have a specific purpose in mind. A recent white paper we’ve published discusses the lateral movement that takes place occurs within networks during these types of attacks, and looks at the tools and techniques utilized.

Online banking is increasingly important today, with nearly 94% of the world’s wealth is housed in some form of electronic currency.  It’s no wonder cyber heists are on the rise and the payouts are reaching epic proportions. DDoS (Distributed Denial of Service) attacks as increasing as well, which impacts how we conduct online banking as consumers and businesses.  These attacks can also consume an organization’s technical and human resources, ultimately acting as a distraction.

These incidents show that targeted attacks and cybercrime can act hand in hand. All organizations have to consider this as they incorporate their countermeasures and mitigations moving forward. How can they determine if they are in the cross hairs of a targeted attack and understand the dynamics of any threats they are currently facing?

Organizations need to understand that “targeted attacks” can involve more than just information theft, but can actively damage systems and cause significant financial losses. Tools that are valuable in this field include “padded cells” to test incoming threats that use virtualization sandboxing techniques. Threat intelligence and feedback provided by the Smart Protection Network is invaluable to provide organizations with the tools needed to deal with these attacks and protect their networks.

Via: trendmicro