Category Archives: Latest Warnings

Wi-Fi Street Smarts, iPhone Edition

June 1, 2010

If you use your iPhone to connect to open or public Wi-Fi networks, it’s a good idea to tell the device to forget the wireless network’s name after you’re done using it, as failing to do so could make it easier for snoops to eavesdrop on your iPhone data usage.

For example, if you use your iPhone to connect to an open wireless network called “linksys,” — which happens to be the default, out-of-the-box name assigned to all Linksys home Wi-Fi routers — your iPhone will in the future automatically connect to any Wi-Fi network by that same name.

The potential security and privacy threat here is that an attacker could abuse this behavior to sniff the network for passwords and other sensitive information transmitted from nearby iPhones even when the owners of those phones have no intention of connecting to a wireless network, simply by giving his rogue access point a common name.

Revisiting the Eleonore Exploit Kit

May 24, 2010

29 Comments

Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.

I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.

ReclaimPrivacy.org: Facebook Privacy 101

May 20, 2010

35 Comments

If you’ve been watching the slow motion train wreck that is Facebook.com’s recent effort to revamp its privacy promises, you may be wondering where to start unraveling all of the privacy “choices” offered by the world’s largest online social network. Fortunately, developers are starting to release free new tools so that you don’t need a masters in Facebook privacy or read a statement longer than the U.S. Constitution to get started.

Stolen Laptop Exposes Personal Data on 207,000 Army Reservists

May 13, 2010

34 Comments

A laptop stolen from a government contractor last month contained names, addresses and Social Security numbers of more than 207,000 U.S. Army reservists, Krebsonsecurity.com has learned. The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail.… Read More »

Microsoft, Adobe Push Critical Security Updates

May 12, 2010

22 Comments

Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software. One of the critical updates… Read More »

Visa Warns of Fraud Attack from Criminal Group

May 8, 2010

17 Comments

Visa on Friday warned banks that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account in Eastern Europe over the weekend.

A Closer Look at Rapport from Trusteer

April 29, 2010

121 Comments

A number of readers recently have written in to say their banks recently have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didn’t know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.

Infamous Storm Worm Stages a Comeback

April 28, 2010

6 Comments

The “Storm Worm,” a prolific strain of malicious software once responsible for blasting out 20 percent of spam sent worldwide before it died an ignominious death roughly 18 months ago, was resurrected this week. Researchers familiar with former strains of the worm say telltale fingerprints in the new version strongly suggest that it was either rebuilt by its original creators or was sold to another criminal malware gang.

Fake Anti-virus Peddlers Outmaneuvering Legitimate AV

April 27, 2010

39 Comments

Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.

Rogue Antivirus Gangs Seize on McAfee Snafu

April 22, 2010

10 Comments

Purveyors of rogue anti-virus, a.k.a. “scareware,” often seize upon hot trending topics in their daily efforts to beef up the search engine rankings of their booby-trapped landing pages. So it’s perhaps no surprise that these scammers are capitalizing on search terms surrounding McAfee, which just yesterday shipped a faulty anti-virus update that caused serious problems for a large number of customers.