Archives
Categories
Category Archives: Warnings
Flashback Trojan is a Warning to Mac Owners
It finally happened: for the first time, Macintosh computers have been attacked by a trojan virus in a big way. Few viruses have ever targeted them before, and for decades Apple owners were told simply not to worry, that viruses were a Microsoft problem. Now the owners of over a half-million Mac OS X computers share the pain – and some of the vulnerability – that Windows users have long been familiar with. The malware is called Flashback, and was discovered not long ago by Kaspersky Labs, a leading Moscow-based software security firm. Flashback can hijack a Mac without even an administrative password, due to its exploit of a flaw in Java. Though discovered last September, Oracle, the company that makes Java, patched the hole back in February, but that didn’t solve the problem. It turns out Apple ships its own version of Java, and their patches weren’t issued until early April. (Obviously, the company has a learning curve about prompt and effective security responses in front of them.) By now there are a lot of infected Macintoshes – not really all that many by Windows standards, but it can still spoil your day if you have one. The virus masquerades as an installer for Adobe’s Flash, and it can install itself. All you have to do is visit an infected website with an unprotected computer. As of the latest reports, the trojan has created a botnet – a network … Continue reading
IRS helps enable online tax fraud
Your friends at the Internal Revenue Service are eager to get everyone to do their federal taxes online. But in their efforts to make everything quick and easy, they’ve wound up helping Internet tax scammers, too. And it’s not a phishing scheme or involves hacking, but is based on filing false online returns and collecting the refund. So this tax season, the government is warning people of the dangers. Identity thieves are very busy – last year, the IRS identified nearly a million fraudulent returns to the tune of $6.5 billion. Over half of these were related to identify theft, which is three times the amount of just three years before. And those are just the ones caught before any refunds had been issued. The IRS can’t, or won’t, even estimate how much money they’ve actually sent to scammers. Tax fraud has become an epidemic especially in areas like South Florida, with some gangs replacing drug sales and robberies with online crimes committed with iPads. Gangs even hold work parties to teach each other and commit hundreds of crimes in a single session. So many local officials are complaining about the lack of governmental concern and effective action. Working the fraud, authorities claim, is quite simple, and there are even written tutorials for thieves. The criminals first acquire victims’ Social Security numbers and other personal information. Perhaps they buy the data from insiders with access to medical or financial records or … Continue reading
Online Data Storage Security
Security and convenience always seem to be at war with each other. Sometimes it’s difficult to understand why security folks are so draconian in their rules. It’s never for the day to day normal situations that those rules come into play, but for the failures that inevitably happen. The popular storage service Dropbox‘s recent security problem is an example of how you need to think about possible security failures. On the surface Dropbox certainly looks pretty secure. They transmit files securely over SSL, they encrypt your files for storage, and you must login with a username and password to get access. Looks pretty good. Here’s where the security can breakdown. The encryption key is stored at Dropbox. It’s linked to your account. It becomes available for use when you login. On June 19, Dropbox updated its site, and accidentally broke their password authentication so that any password worked. If I knew your Dropbox username, or guessed it, I could login to your Dropbox account by typing anything for the password. At that point, I could steal your documents, delete them, or replace them with falsified documents. I could even upload a virus and hope you would download it later and infect your computer. This high profile breakdown in security for a heavily used online data storage service underlines the importance of encrypting data that you store remotely, and you having control of the encryption key. Whether you use an online … Continue reading