Category Archives: News

Current events and developments happening with the Internet.

Don’t Panic: How Anxiety Aids the Bad Guys

Fear and anxiety are the biggest allies spammers have. Every month, for instance, that more of our customers than usual have problems with their bill, there’s also a corresponding uptick in the number of them that fall for phishing attacks. The reason why seems clear: people who are worried or feeling guilty that non-payment will cause us to shut down their accounts tend to take the phishing bait more easily, which is exactly what the bad guys want. Specifically, anxious users tend to respond far more readily to emails appearing to be from Southwest Cyberport and demanding that they log in or reply than other customers do. There’s no shame in this: these criminals are very clever, and their sneaky methods are evolving all the time. They’re constantly looking for new ways to get you to react without thinking first. It used to be that such emails had a “Reply to:” address, but that was too easy for us to block; so nowadays they more often use a Web address that is disguised to look like ours. However, the link actually goes off to some poor hacked website somewhere, where they’ve set up a small customized password-stealing page designed to look like our webmail page or like a bank or some other standard-looking login.  As soon as you enter your information, the spammers are quick to use or sell that info to other spammers to send out junk mail. Sometimes, … Continue reading

Posted in News, Security, Warnings | Tagged , , , | Leave a comment

Critical New Microsoft Security Flaws Revealed

There’s a certain rich irony in the recent hack of the notorious Hacking Team. Though they self-righteously claim to be selling solutions to law enforcement, Hacking Team is an evil group of professional hackers and malware vendors. They got pwned themselves recently, possibly by disgruntled employees. It’s paid off nicely in revealing some of their slimy methods and sleazy clients (including dictators and the DEA), as well as a number of zero-day exploits they were selling on the black market. One of these involved, of all things, fonts. Yes, even innocent-seeming type on the page can now be a weapon. If the victim opens a specially-crafted webpage or document with embedded OpenType fonts, this vulnerability would allow an attacker to elevate their user privileges, allowing them to run remote code and completely take over the unwitting victim’s machine. Leveraging the Adobe Type Manager‘s abilities to handle type, the bad guys could then install malware, view and delete or manipulate data, or create new accounts with full user privileges. This led to the discovery of a similar flaw affecting all Windows machines that is even more critical. It also uses the Adobe Type Manager and OpenType fonts, but this is not as constrained as the previous flaw. It’s so worrisome Microsoft issued an emergency patch. However, Microsoft seems rather blase about it: “The majority of customers have automatic updating enabled and will not need to take any action because the update … Continue reading

Posted in News, Security, Warnings | Tagged , , , , , | Leave a comment

The Worst Hack Ever Just Got Worse

This month’s issue of the Portal is all about the giant hack of the Office of Personnel Management’s files. Anyone who has applied for a government security clearance since 2000 – or is a close relative or friend of someone who did – should definitely read the article. But everybody else should be very concerned as well, for the implications are universally dire. It was called “the worst hack of all time” early on and the more we know, the more accurate that assessment seems to be. In terms of numbers, it’s big and growing – from over four million people affected to now more than twenty-two million. But even more important than the amount is the kind of information stolen: not just everything needed to steal identities, but the most intimate and sordid details of a person’s life gained from security interviews. Even a million fingerprints have been taken. Frighteningly, one question that may never be answered is whether or not the hackers changed or deleted any information. In any case, our entire intelligence service has been compromised. The government’s failure to act swiftly is not helping. The director finally resigned recently, but the authorities still seem to be floundering around as if paralyzed in shock. They’ve belatedly upgraded website security measures and offered free credit monitoring to affected employees. Given the kind of exposure involved, this all seems woefully inadequate, and indeed, is causing fear and anger among … Continue reading

Posted in News, Security, Warnings | Tagged , , | Leave a comment