HACKED! Digital Keychain Tokens / One Time Passwords
November 17, 2009
In order to prevent companies from giving passwords to untrustworthy people, companies have created secure ways to set up their security. For a long time, security people have considered using a keychain token device service to increase security.
keyring security token 2
These devices will generate regular passwords, that work ONLY within the time the code is displayed. In essence, these are one time passwords. This device can be assigned to a specific limited website or otherwise that will protect a company from inadequate passwords and inadequate security to many electronic files. These devices change their information (new passwords) every 15 seconds, 30 seconds or 90 seconds.
keyring security token 1
According to a recent problem within a US construction company, an employee who used this device was unknowingly using a computer that had a key stroke logging program which logged into their secure bank site at the same time the employee was logging into a secure bank account, and transferred over $40,000 USD into other accounts in a very short time.
Read the article “Real-Time Hackers Foil Two-Factor Security“ for more information. The lesson learned here is that their security breach happened on this machine before the day of the theft. Ways to reduce the intrusion on this Windows machine is to keep an Internet Policy updated and enforced within a place of work. Also to block websites within the network, encourage training on what causes computer infections and how to prevent them. Finally, updating the computers regularly, keeping a current and functioning anti-virus software always running in all Windows machines and avoid using Internet Explorer for any kind of website research or flash games.
Contact us for more details.
Fraudulent Email – Looks Authentic from Intuit, but not!
November 15, 2009
Intuit offers online software services like Quicken and Quickbooks. People often do not know the difference between fake communication and real communication.
Most people should be aware that anyone asking for passwords or to download a tool to secure your computer is actually NOT what it claims to be… In the case of a recent fraudulent email blast, posing itself to be from Intuit, the email warns of suspicious activity of your account. Here is an email sample – of a FAKE baiting technique (aka phishing) to try and steal your information:
“Subject: Intuit Update or Intuit Secure Update Notification
Body:
As is the case with many companies that maintain large databases of information, Intuit is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including QuickBooks email addresses, names, phone numbers. The information accessed does not include banking information.
Immediately upon learning about this, Intuit initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illegal use of information in our database, and so far, we have not detected the misuse of this information.
In order to help assure the security of your information, we have developed a special plug-in for browser and Windows® – QuickBooks Update. This software will protect users private information from any kinds of spyware or malware.
System requirements :
- Windows XP, Vista, 2000, 2003
- Internet Explorer 6.x, 7.x, 8.x
ATTENTION: You will not be able to use our service without update from 17 of November 2009
Download :
- Web-Browser plug-in (link removed for security purposes)
- Windows® QuickBooks Update (link removed for security purposes)
If you are not Microsoft Windows® user you can use our services as usual.”
*********** END OF FAKE INTUIT EMAIL *************
Be aware, this is not a real request from Intuit, and you should never need to confirm your user name NOR password. You should also completely avoid downloading a tool to ‘help’ protect your machine.
How To Delete A MySpace Account
August 3, 2009
In the interest of helping parents keep their kids out of trouble, I often have the question presented about closing or deleting a MySpace account. Please note, this is not just a quick – delete and complete mission kind of task. You actually need to change your approach to your entire home network and rethink how your child interacts on the Internet in order to be effective in keeping your child off undesirable sites. It is one thing to learn that your con / daughter spent an hour on line at some one else’s home, another that they have their own account and constantly interact with people within MySpace, especially if these kids are not old enough to be a legal adult.
Dave Taylor writes a some what random tech blog and wrote up a worthy piece on this MySpace topic called “How Can I Cancel My Son/Daughter’s MySpace account“ and I want to defer to that blog post for a well-written, full answer.
How can I cancel my son / daughter’s new MySpace accoh
Privacy Warning – Bank Text Messages to IGNORE
July 12, 2009
Just a quick note that there is a warning that text SPAM, leaking into cell phones, are actually sending a warning by fear tactic through text messages, claiming to contact a specific phone number due to “suspicious activity on your account”.
JUST BY CALLING THE NUMBER, you inadvertently give private and personal information to their database. Please avoid responding to this in ANY way. Banks do not use text messages to communicate with their customers.
In the old days, getting infected was a war of young kids trying to undermine Microsoft. Today it is a matter of stealing credit card or other private information or even taking control of your computer to turn it into a SPAM machine, generating fake emails while you are trying to surf the Internet. In addition to falling for the email trick, there are also other ways to download these bad files, including warnings while using Internet Explorer.
The biggest question is – How can these virus and Trojan writers be stopped? The complication is that many of these groups live outside of the US, many are specifically from Russia. This means they cannot be subject to the Rule of Law within America.
Social Engineering is used to put fear into people and to convince them to update their computer, their personal information or to download special scanning software. Recently they arrive as emails in marked as Delta Airlines ticket problems, UPS package tracking issues, and today, a critical update for Microsoft Outlook.
According to a recent article, there is a security alert from the Trend Micro security center, the Outlook Critical Update will entice the end users to click on the link, allow a download to happen, and then install a user name and password catcher to send to a server, to steal your information and your bank account. This particular variant, once installed, will “contain a list of targeted banking institutions, social networks and other sites for the Trojan to monitor, including Facebook, MySpace, Flickr, Bank of America and Wachovia, Macalintal’ Once it has these user names and passwords, it is thought to save them and attempt to use them on accounts to steal as much private information as possible.
So if you have avoided downloading or using or Opera, please consider clicking on those names and downloading them, and installing the latest flash player to make these alternative browsers function properly with most web sites. Also, avoid ANY unusual warning email or critical update notice.
SPAM – How to stop SPAM from your own company
June 13, 2009
Most corporate networks have a larger budget for IT and can afford complex anti-SPAM devices. Over the past five years, those devices have been developed for the small business market, with more economical prices, yet they are still esoteric and not easy to get up and running.
A new SPAM tactic exists wherein the company or business that has its own email domain, receives strange emails from themselves. For instance – the email will be delivered from themselves, with a subject that is completely unfamiliar.
This has grown into a problem because there is an Internet email technology that moves mail and therefore SPAM, that was not well structured. It assumes that all email is real and good. This has been gowing stale over the past year… A long time since the invention of email. A new initiative has been put together to fix this problem. It is called OpenSPF, and after reading through their approach and solution, it seems the majority of the SPAM that arrives to you email address, with your own email address in the From field, can now be stopped. More on this we time goes on, but some companies actually adopted this to improve the quality of their email delivery – to reduce SPAM significantly.
For a list of domain name sellers and ISP’s who are supporting this, please click on this link.
Search Engines Lead People To Risky Sites
May 30, 2009
A huge misconception of Internet users is how certain web sites are safe. Menlo Technical Consulting has helped many clients, infected with various computer viruses, analyze and suggest alternative ways to prevent such problems in their future operations. Most companies avoid implementing Internet Usage Policies. This single factor is probably the biggest IT oversight a CIO, COO or HR department can make for a company.
Without getting to technical, spammers and virus writers are constantly trying to install bugs on computers. At first it was for the purpose of notoriety. Today it brings in money once they are able to convert the computer to a zombie-like state. This zombie state converts the computer into a spam machine. These devices send out thousands of emails and host false web pages to trick other computer users on the Internet. This grid of zombified computers is called the Bot Net. Your computer or your entire corporate computer network can get be converted into a Bot Net, from the most unlikely sources. One common and unsuspecting way is through web pages found on search engine results. Web pages that look like official sites like eBay, banks, brokerage houses and insurance companies, but are fake, is called PHISHING.
In example, if someone is trying to find information on the Internet for foreclosures or free music lyrics, they would go to Yahoo or Google and search for:
lyrics
free lyrics
in the attempt to find free lyrics to their favorite songs.
A recent McAfee study of search engine results (e.g., Google, Yahoo, & AOL) collected these search results and have identified those phrases that produce a significantly higher risk of bogus phishing web sites. If a web surfer clicks on these links the page looks very much like the official web page, or appears as a blank page. In fact, they are often phishing sites, and they are installing software on your machine. This software will turn the computer into a BotNet zombie. Some search words produce riskier results than others.
Here is a list of North America search terms that produce the most risky search engine results:
word unscrambler
lyrics
myspace
free music downloads
phelps
free music
game cheats
printable fill in puzzles
free ringtones
solitaire
miniclip
make money
weather.com
lowes
hotmail.com
msn.com
music downloads
limewire
snopes
wallpapers
free e-cards
paris hilton
coupons
mp3
costco
Other catagory terms have been tagged as risky as well.
The Most Dangerous Economic Crisis Terms include:
irs stimulus checks
stimulus checks
The United States’ Most Dangerous Free Terms include:
free people search
free movies
free itunes codes
free ringback tones
From these lists, one can see how the dangerous sites can accidentally reach your computer and entire corporate computer network.
For more information about how your business network or critical business computer networks can be compromised, and what to do about preventing high risk websites from accessed at your company, contact Menlo Technical Consulting today for a consultation.
Sprint Nextel and Verizon offer MiFi
May 22, 2009
For domestic traveling executives and field reps likes sales people, the Internet is critical. iPhone and Blackberry have become a mandatory device for email, but it is not the best device for surfing the Internet or accessing terminal server sessions within business.The screen is very small, and moving from on page to another while receiving a text message or phone call can disrupt surfing considerably. For regular reliable access to the internet, devices like netbooks, laptops and notebooks make more sense.
Knowing this, Verizon, ATT and Sprint offer a bunch of broadband cards, which is billed to the user for a flat fee, like an additional phone line. These devices come as both cards or USB sticks that will connect individuals to the Internet within a Windows and Mac environment. (Note: Only certain versions of these devices that will work in an Apple, so beware of this when purchasing.)
As Microsoft releases newer and newer versions of their operating system, users get confused and frustrated with Microsoft. Suddenly, switching to either Linux or and Apple becomes a consideration for stability, to avoid the nightmare of windows-like infections and overall reliability. Before MiFi, these broadband cards all required a software to connect to a broadband network. MiFi changes this. With Mifi, you can access the Sprint, ATT or Verizon broadband subscription without this software, which will allow any Windows, Mac or Linux device to function as a mobile broadband device, that can move to more than one computer device, and share the connection with other devices like a mini portable wireless box.
Check out Andy Inhatko’s review of the Verizon device, and another mention of the Sprint device Sun Times site.
Conflicker Worm in Hospital Devices
May 19, 2009
Looks like the April 1st, version of the Conflicker Worm has entered into Hospital Devices. For more information, click here.
What does this mean? 1) Hospitals in general are too under staffed with IT to deal with preventative measures to prevent these infections, 2) the current versions of anti virus that are used in Hospitals are not effective enough for the machines, 3) machines that are connected to MRI’s need regular maintenance to be effective against such infections.
Menlo Technical has the experience and confidence to set up preventative road blocks for our medical industry clients to avoid these infections. Call us today for more information about getting an analysis prepared for your office, today!
Reduce Your Exposure to Trojans
April 23, 2009
Short of replacing your computer with an Apple, remember to consider these steps to prevent the recent April 1 conflicker Trojan from attacking your computer:
1) Make certain you have an up to date and functional antivirus product. Viewing fake SPAM mail, looking at My Space, and downloading seemingly ‘free’ music are all ‘vectors’ for bugs to jump on your computer. A current and effective antivirus software will catch these bugs before they get their grips on your computer. Not all antivirus are created equally and it is possible that you are more likely to get infected when using a lesser quality software.
2) Install a hardware firewall device (like a wired or wireless router) next to your cable / dsl modem
3) Use Mozilla’s Firefox whenever possible to avoid contracting bugs that travel over the Web.
3) Consider creating policies in your household to prevent kids from using the pc when they have homework of household chores. This can be easily accomplished through setting an account password and ensuring the machine is logged off at night before you leave the house or go to bed. Also, a policy to install the computer in a public area like the kitchen or in the living room will significantly reduce kids from looking at websites you do not want them to be viewing.
For more information and ideas on regulating computer use and keeping your machine bug-free, please contact us today.
