Sunday, December 28, 2008

90 Percent of emails received Worldwide are SPAM

90 Percent of emails received Worldwide are SPAM

A recent survey has found that 90 percent of the emails sent to a person’s inbox are usually spam.  90pct of emails received worldwide are spamThe survey report suggests that more and more hackers are devising new ways to send in spam emails, reports the China Daily.
It further states that virus-infected computers are woven into “botnets” used to attack more machines, and to send sales pitches to e-mail addresses in low-cost quests to bilk readers out of cash.
“Every year we see threats evolve as criminals discover new ways to exploit people, networks and the Internet,” Cisco chief security researcher Patrick Peterson, who was involved in drafting the report, said.
According to the Cisco Annual Security Report, junk e-mail make up for nearly 200 billion messages daily, approximately 90 percent of email worldwide.
As per the survey, the US is the biggest source of spam, accounting for 17.2 percent messages.
Turkey and Russia ranked second and third, accounting for 9.2 percent and 8 percent spam respectively, according to Cisco.
This year, botnets were used to inject an array of legitimate websites with an IFrames malicious code that reroutes visitors to websites that download computer viruses into their machines.
“The botnet is, in many cases, ground-zero for online criminal threats,” Peterson said.
“Using malware to infect someone's computers is an incredibly common mechanism and harnessing them all together is a way they do their click fraud, spam emails, and data stealing,” he added.
Online criminals are turning botnets on web-based e-mail accounts. Hackers are "reputation hijacking" by using botnets to figure out weak passwords protecting web-based e-mail accounts, according to Peterson.
Weak passwords consist of family names, birthdays, home addresses or other terms considered relatively easy to deduce.
Once access is gained to legitimate e-mail accounts, a plethora of spam messages are sent in the owners' names.
Source: ANI

Microsoft Kicks Fake Security Software off 400,000 PCs

Microsoft Kicks Fake Security Software off 400,000 PCs

In the second month of a campaign against fake security software, Microsoft Corp. 

has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed.

December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday, targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft, the MSRT erased the fake from over 394,000 PCs in the first nine days after it released this month's edition on Dec. 9.

Last month, Microsoft trumpeted a similar cleaning operation against another family of bogus security software that it said had purged nearly a million machines of programs such as those called "Advanced Antivirus," 

"Ultimate Antivirus 2008" and "XPert Antivirus."

Sony’s Pocket PC: Netbook or Notebook?

Details of Sony’s rumored mini-notebook are steadily leaking. The last thing the world need is another netbook, but this one seems to have a twist: a small LED display (only 8 inches) with a large resolution of 1,600 by 768 pixels. Other specs appear to include a 1.33GHz Intel processor, a 60GB hard drive or 128GB SSD, and Windows Vista. Based on the clock speed, the chip might be an Intel Atom Z520 or the ultra low-voltage Core 2 Duo U7700, a more powerful and much pricier processor. The display size–along with some blurry pictures which were posted on Engadget and other sites–would put the “P series” somewhere between a netbook and what Intel refers to as an MID, or Mobile Internet Device, the target device for the Z series Atom processor. But it would be unusual to pair this chip with Vista and such a high-resolution display–most netbooks use Windows XP and the handful of MIDs that have shipped tend to use lightweight Linux operating systems. So it could be that the P series won’t be a netbook at all, but rather a traditional, high-end subnotebook with a distinctive display size and design.

Saturday, December 27, 2008

Take precaution against Cyber Theft - During this Holidays

  1. Be wary of holiday gift cards and holiday coupon offers sent via e-mail—these often have malicious links within the offer which lead to downloads of info-stealing Trojans or the hackers try to scam you out of your bank account information.
  2. When visiting your favorite online retailer to purchase gifts, be sure to type the actual Web site address of the retailer into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites.
  3. When making online purchases, always use a credit card that limits your fraud liability. Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions.
  4. When making online purchases, always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The “s” let’s you know that the Web site is providing a layer of security for transmitting your personal information over the Internet.
  5. Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the e-mail and enclosed link or attachment.
  6. Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email.
  7. Avoid using simple (weak) or default passwords for any online site.

U.S. government vulnerable to Internet predators

U.S. government vulnerable to Internet predators

Most Internet users have some awareness of the problem of threats to the entire system from criminals, terrorists and potentially hostile nations, since they encounter it in the form of spyware, viruses and other online nuisances.

However, the most disturbing "cyber" threats are largely invisible to the general public, because they involve attacks on specialized networks used by the armed forces, healthcare professionals, air traffic controllers, financial institutions, public utilities and heavy industry.

Each of these vital components of modern society now relies on Internet Protocol communications to run efficiently, and in most cases the new technology was assimilated without a careful assessment of its vulnerability to attack by outsiders.

Friday, December 26, 2008

Fake Christmas, HolidayGgreetings Spread New Malware over Internet

Fake Christmas, Holiday Greetings Spread New Malware over Internet

New malware is spreading via Christmas and holiday greetings, security researchers said today, a tactic reminiscent of those used last season by the notorious Storm Trojan horse.

Researchers at the Bach Khoa Internetwork Security Center in Hanoi, Vietnam, reported today that a new piece of malware, dubbed "XmasStorm" by the center, is spreading through holiday-themed spam.

Touting subject lines such as "Merry Xmas!" and "Merry Christmas card for you!" the spam includes links to sites that purportedly host electronic greeting cards waiting for the recipients. In fact, the sites are serving up malware that hijacks the visiting PC, then installs a bot that waits for commands from the hacker controllers.

Nguyen Minh Duc, manager of Bach Khoa's application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign's holiday theme in the last month, including "" and "" According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.

"Special occasions such as Christmas and New Year have always been the periods when hackers distribute viruses via fake e-card with malicious code," said Nguyen in an e-mail Wednesday. "Therefore, users should be careful on receiving greeting e-mail from unknown sources for safety's sake."

Similar attacks have been monitored by other researchers, including those at ESET LLC, a Slovakian security company that has offices in San Diego. On Monday, ESET researcher Pierre-Marc Bureau reported a spike in holiday spam that pointed to sites hosting a file named "ecard.exe" that was not, of course, a greeting card, but instead malware.

"The reason this wave has attracted our attention is that it is very similar to the Storm worm attacks we were seeing last year," said Bureau in an e-mail.

Source: Computer World.

Credit Card Theft Underground - Awareness Article

Credit Card Theft Underground - Awareness Article

This is a fascinating article in the recently-released January issue of Wired magazine about the credit card theft and fraud underground. It's the story of the rise and fall of a completely criminal -- and quite technically sophisticated -- business enterprise.

Unlike the print version, which I just picked up, the online article has a video with Detective Bob Watts of the Newport Beach PD, telling how some of it was done, complete with card pressing and embossing equipment. The machines were used to press real cards from the stolen data.

The article also has a link to another video on the Identity Theft Secrets web site about, one of the web sites used in the criminal venture.

And while we're on the subject of credit card security, here's five tips from SC Magazine for successfully complying with the Payment Card Industry Data Security Standard (PCI DSS). Besides being required for any business involved with credit cards, PCI compliance is one big step in protecting against credit card crime.

The Duhs of Security

The Duhs of Security

This security awareness video was developed by the Commonwealth of Virginia to promote simple changes in behavior that will strengthen security.

* Dont allow tailgating
* Guard your password and change it often
* Safe sensitve information to secure backed-up network storage areas
* Lock the computer when unattended
* Pick up sensitive printouts immediately
* Dont have sensitive conversations where you can be overheard.
* Be wary of suspicious emails
* Keep electronic media secure and safe from theft or damage.

Nokia Phones vulnerable to Java Attacks

Nokia Phones vulnerable to Java Attacks

A pair of critical vulnerabilities in Sun Microsystems Inc.’s Java technology for mobile devices could be used by hackers to surreptitiously make calls, record conversations, and access information on Nokia Series 40 cell phones, a Polish researcher said Monday.

Adam Gowdiak, a researcher who has found numerous bugs in Java 2 Micro Edition (J2ME) in the past, said he reported the two vulnerabilities to Sun last Thursday, and notified Nokia the same day of the security issues in its handsets. However, Gowdiak is taking a disclosure tack he admitted will be controversial. He has provided the vendors with only a small subset of the information he’s uncovered, approximately one-to-two pages worth. To obtain the remainder, which includes proof-of-concept code, Sun or Nokia will have to pony up $29,826.

The flaws can be used by attackers to force-feed malicious Java applications to Nokia Series 40 phones, said Gowdiak. Those applications, in turn, could be crafted to conduct all kinds of mischief, including making phone calls from the phone, sending text messages from the phone, and recording audio or video. Hackers could also access any file on a Nokia 40 model phone, obtain read and write access to the phone’s contact list, access the phone’s SIM card, and more, added Gowdiak.

“This can completely wipe out any security within J2ME,” said Gowdiak in an interview Monday. “It allows [attackers] to do anything malicious on any mobile device.”

All told, Gowdiak said he had found 14 security issues with the Nokia Series 40 handsets. The Series 40 is the world’s most widely-used mobile platform, according to Nokia. Gowdiak estimated that approximately 140 different Nokia handsets use the Series 40 platform.

All an attacker needs to hack a specific Series 40 handset is its phone number, Gowdiak claimed. A security flaw in the platform can be exploited by simply sending a maliciously crafted series of messages to a given phone. “By combining the vulnerabilities with the Series 40 issues, one could develop malware which could be simply deployed. And that malware won’t be visible to the user,” he said.

Gowdiak tested seven different Nokia Series 40 handsets — “At least one from each major family in the series,” he said — but he suspects that other manufacturers’ phones that use J2ME may also be vulnerable.

He said that the most current version of Sun’s Java Wireless Toolkit also contains the critical bugs. The Toolkit is essentially a software developer’s toolkit, or SDK, for building wireless applications based on J2ME. The implication, said Gowdiak, is that any application created with the Toolkit would also be open to attack, including those installed on handsets other than Nokia’s.

Nokia did not respond to a request for comment Monday, and although Sun did return a call, its spokeswoman did not have any immediate information about the vulnerabilities reported by Gowdiak.

For his part, Gowdiak said security teams at both companies had confirmed receiving his reports last week. “They seem to be working on these issues,” he added.

But the vulnerabilities may not be what many focus on, Gowdiak admitted.

To fund his start-up — a Polish-based company called Security Explorations — Gowdiak is selling copies of his research for 20,000 euros each. “There are six long months of work in this research,” he said in justifying the price. “It was an enormous amount of research.”

But Gowdiak is savvy enough to know that the move will be controversial. “Of course. The whole security arena is divided,” he argued. “Some will be against this and some will be for it.”

He said that the amount of information he had turned over to Sun and Nokia was “similar” to what he had disclosed to vendors previously. “We’re not blackmailers, we’re not black hats,” he said. “They have a choice whether they want to sign up for our security research or whether they want to [devote] research engineers of their own to investigate the vulnerabilities.

“But in our opinion, they have full vulnerability information.”

He also stressed the special nature of the vulnerabilities he had discovered. “This is the first time that such a widespread and critical attack has been demonstrated against Nokia’s Series 40 devices,” he said. “We have proved that these devices can be hacked and infected with malware in a very similar way PC computers are.”

Still, he was on the defensive. “Some people will attack us, and hate us,” he said, for selling research in this fashion. “But in time, people will be able to judge on their own whether we got it right.”

He stopped short, however, of promising to release more information once Sun and/or Nokia had patched their software. “We’re considering it,” was as far as he would go.


Wednesday, December 3, 2008

Salute To Indian Security Forces In Mumbai

Salute To Indian Security Forces In Mumbai

This video is dedicated to all the Indian Security Forces who are involved in saving lives of the people from all over the World in Mumbai.

Thursday, November 13, 2008

VISCOMSOFT Online Audio Video Chatting

VISCOMSOFT Online Audio Video Chatting

Google Introduce Voice and Video Chat Facility from Gmail

See and hear family and friends right inside Gmail . You can talk face to face with Gmail voice and video chat. You can Chat more ways than ever from within Gmail. From Goolgle you can enjoy Look and sound your best with high quality audio and video.

Goolge Talk is free and you need an OS having configuration Windows XP or higher.

How to using Gamil Voice and Video Facilities
  • Download the Gmail voice and video chat plug-in, quit all open browser windows, and install the plug-in.
  • Sign in to Gmail.
  • In the Chat section of your Gmail, select the contact you want to call. If they have a camera icon next to their name, you can make a voice or video call to them; just click Video & more.
To Download Gmail Voice and Video Chat Plug-in click here.

To download the Plug-in for Mozilla Firefox Browser click here.

See this Video for more information:

Sunday, November 9, 2008

Social Networking - Safety Tipsp to protect yourself

Social networking Web sites like Orkut, MySpace, Facebook, Twitter, and Windows Live Spaces are services people can use to connect with others to share information like photos, videos, and personal messages.

As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.

The following tips are helpful to protect from cyber criminals when you use social networks.

1. Use caution when you click links that you receive in messages from your friends on your social Web site. Treat links in messages on these sites as you would links in e-mail messages. (For more information, see Approach links in e-mail with caution.)

2. Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find out. This includes invitations to join new social networks.

3. To avoid giving away e-mail addresses of your friends, do not allow social networking services to scan your e-mail address book. When you join a new social network, you might receive an offer to enter your e-mail address and password to find out who else is on the network. The site might use this information to send e-mail messages to everyone in your contact list or even everyone you've ever sent an e-mail message to with that e-mail address. Social networking sites should explain that they're going to do this, but some do not.

4. Type the address of your social networking site directly into your browser or use your personal bookmarks. If you click a link to your site through e-mail or another Web site, you might be entering your account name and password into a fake site where your personal information could be stolen.

5. Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you. This is known as social engineering.

6.Choose your social network carefully. Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out if the site monitors content that people post. You will be providing personal information to this Web site, so use the same criteria that you would to select a site where you enter your credit card.

7. Assume what you write on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print the information or save it to a computer.

8. Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications in order to steal your personal information. To download and use third-party applications safely, take the same safety precautions that you take with any other program or file you download from the Web.

9. Think twice before you use social networking sites at work. For more information, see Be careful with social networking sites, especially at work.

10. Talk to your kids about social networking. If you're a parent of children who use social networking sites, see How to help your kids use social Web sites more safely.

Tuesday, November 4, 2008

Beware of debit card skimmers

Police in at least two cities advise consumers not to use their debit
card at a gas pump because there’s no way to be sure it hasn’t been
tampered with.
By Herb Weisbaum
Becki Turner got the call from her bank’s fraud department on Labor
Day. The investigator wanted to know if she had withdrawn $500 from an
ATM in California over the holiday weekend. She hadn’t. She couldn’t.
Turner was home in Puyallup, Wash.

“I was just flabbergasted,” she says. “I had the card with me, the ATM
was in another state, and the person using the machine had to have my
security code.” Turner worried crooks had gotten into the banking
system and stolen her password.

It wasn’t anything that complicated. Puyallup police say thieves
snagged her account information — along with the debit card numbers
and PIN codes of hundreds of other people — at two gas stations in the

They did it by installing their own hard-to-spot card reader, called a
skimmer, on top of the card reader built into the pump. The skimmer is
able to grab the account information from the card without interfering
with the legitimate payment transaction.

The crooks used the stolen data to create (or clone) fake debit cards
that were used at ATMs in Washington State over the Fourth of July
weekend and in Northern California on Labor Day weekend. The bad guys
like three-day holidays because it gives them more time to use the
cards before the unauthorized withdrawals are spotted.

“We are looking at a sophisticated, very well-organized group of
individuals,” says Detective Jason Visnaw with the Puyallup Police
Department. When all the victims from these two incidents are
identified, the total loss could reach half a million dollars.

Why steal debit card numbers? “With a credit card you have to go and
buy merchandise and then you have to fence it or pawn it,” Det. Visnaw
explains. “With a debit card, you’re getting cash money.”

This is not an isolated case. Gas pumps are being compromised in
cities across the country. “We don’t view it as an epidemic, but there
are cases open in at least a half dozen states right now,” says Ed
Donovan, spokesman for the U.S. Secret Service. These investigations
are underway in California, Nevada, Pennsylvania, Delaware and

Donovan tells me the Secret Service believes some of these crimes are
inside jobs, involving someone at the service station.

Gas pumps are just the latest target

Skimming credit cards and debit cards is not new. Portable card
readers make it possible for anyone to copy the information stored on
a card’s magnetic stripe. This information is not encrypted so it’s
easy to steal.

“You just run it through the skimmer and it has all the information
right there in plain text,” says former White House cyber security
advisor Howard Schmidt. “It’s very easy to imprint that data on
another magnetic strip and use it somewhere else.”

The first skimming cases were reported at restaurants and stores where
dishonest employees ran cards through their reader before ringing up
the sale. As technology improved, the bad guys developed skimmers for
ATMs. Now they’ve added gas pumps.

The skimmers are designed to slip over the real card reader. They can
be hard to spot. And quite frankly, most of us would never look for
something like this anyway. We want to pay and go.

So how do they get your PIN number? They can hide a little camera in
the skimmer or on the pump. It shows your fingers as you type in the

There are also fake keypads that slip over the real keypad that can
transmit the PIN code as you enter it.

In Las Vegas, police have discovered even more sophisticated
technology – wireless transmitters installed inside the pump. “They
can actually sit in the parking lot with a laptop and get real-time
information as victims use their card,” explains Lt. Robert Sebby of
the Las Vegas Metropolitan Police Department. Because there’s nothing
on the outside of the pump, there’s no way you can tell the pump is

Not a safe way to pay

Nancy and Jim Tew no longer use their debit cards to pay at the pump —
and for good reason. They both had their debit card numbers stolen at
one of those gas stations in Puyallup, Wash.

Nancy Tew found out about the theft when her card was rejected at the
grocery store. “To my astonishment, I had no money in the bank,” she

The thieves used her account number at ATMs in Hollywood, Calif., to
steal $600. They got $900 from her husband’s checking account. She
tells me it was “totally bizarre and really scary” to be targeted like
that and not even know it.

The Tews now pay for their gas — with cash or debit card — at the
register. That may sound paranoid, but other victims of this skimming
attack tell me they now do the same thing.

Police in Puyallup and Las Vegas now advise residents not to use their
debit card at a gas pump because there’s no way to be sure it hasn’t
been tampered with.

That’s smart advice and here’s why. Debit cards do not offer the same
fraud protection as credit cards. If crook armed with a skimmer snags
your credit card number and uses it to buy things, you can dispute the
charges with the credit card company. You won’t owe a thing while they

If the crook grabs your debit card number, he can go to a cash machine
and pull money out of your checking account. It could take days for
the bank to investigate and put that money back into your account.
During that time checks could bounce or you might not be able to pay
your bills. That’s why the only way I pay at the pump is with a credit

Monday, October 27, 2008

Microsoft facing bleak outlook for Vista sales

Microsoft's recent quarterly revenue report indicated troubling numbers for the Vista operating system that could continue into next year, according to Computer World. Although the company has shown strength in its business division, the client division, which is primarily driven by Vista, showed only two percent sales growth year over year. In contrast, the overall shipments of PCs increased by 10 to 12 percent. Microsoft claimed the soft sales of its core product was the result of unimpressive shipments of PCs to developing countries and the booming production of neetbooks.
Source: Mccn

Friday, July 18, 2008

Microsoft Free Tech Support to All Windows Vista SP1 Customers

Microsoft offer now Free unlimited installation and compatibility support is available for Windows Vista, but only for Service Pack 1 (SP1). You can contact Microsoft directly over phone, email or web chat for finding the correct printer driver for your Windows Vista computer or some of your software programs and hardware devices stop working after you installed SP1 or are you facing trouble while installing Vista SP1. If you are in India, you will get email and phone support, the phone support is available from 9:00 AM - 6:00 PM from Monday to Friday. As per Microsoft, this support for SP1 is valid until March 18, 2009.

I you want advanced issues include problems that are associated with software and hardware development, network connectivity, server-based technologies, and business-critical systems. Issues can also include problems that are associated with configuration and deployment of business workstations and servers.

Advanced Support is available for Rupee 4,100 during business hours.

After-hours support is available for Rupee 8,200 and provides support only for business-critical issues. Business-critical issues are defined as situations that involve a system, a network, a server, or a critical program down situation that severely affects customer production or profitability. These are high-impact issues where production, operations, or development are proceeding but could be severely affected within several days.

If you want more information visit Microsoft links.

Thursday, May 22, 2008

Vulnerabilities in Apple's iCal application

According to Researchers at Core Security Technologies, they have uncovered three vulnerabilities in Apple's iCal application that hackers can exploit to take over vulnerable machines or launch denial-of-service attacks. iCal is a personal calendar application provided by Apple on Mac OS X and serves as a client-side component to a calendar server, allowing users to create and share multiple calendars. It can also be used as a stand-alone application.
The most serious of the bugs is the result of a memory corruption vulnerability that can be triggered if a user runs a malicious .ics (iCal calendar file). The other two are null-pointer errors caused when parsing malformed .ics files, Core researchers wrote in the advisory. Version 3.0.1 of iCal, running on the Mac OS X 10.5.1 platform, is vulnerable, Core researchers wrote.

US Military Botnet - Weapons of Mass Denial

U.S. military is planning to botnet attacks to its enemies computer network. US botnet is a disturbing concept, but next to cluster bombs and cruise missiles it's War Lite. According to Col. Charles W. Williamson III proposes that "...America needs a network that can project power by building an robot network [botnet] that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack." Wow, them's fighting words.
In a real war this would all be devastating for the civilian infrastructure, but I doubt it would stop troops from moving or planes from flying or submarines from diving. Perhaps that's the best reason to follow Williamson's advice: Once deterrents are in place, launching an attack only ends up shooting you in the foot.

Source: eweek

Thursday, March 27, 2008

PC Tools AntiVirus Free Edition - Powerful FREE protection against malicious virus infections

Going online without protection against the latest fast-spreading virus and worms, such as Netsky, Mytob and MyDoom, can result in infections within minutes. Once infected, the virus will usually attempt to spread itself to your friends, family and associates by accessing your email contacts and networked PCs. The infection may also allow hackers to access files on your PC, use it to launch attacks against other computers and websites or to send mass SPAM email.

PC Tools AntiVirus Free Edition will thoroughly scan and protect your PC from virus attacks. With PC Tools AntiVirus Free Edition you may be protected against the most nefarious cyber threats attempting to gain access to your PC and personal information. PC Tools products are trusted and used by millions of people everyday to protect their home and business computers against online threats.

PC Tools AntiVirus Free Edition feature highlights

* Protects your PC as you are working, surfing and playing
* Detects, quarantines, disinfects and destroys Viruses, Trojans and Worms
* IntelliGuard™ protects your computer against threats in real-time
* Automatically checks for frequent updates against the latest threats
* Best of all it's FREE. No catches, limitations or time-limits.

To download PC Tools AntiVirus Free Edition click here.

Sunday, March 23, 2008

Windows XP & Vista Full Take-over Hack with Firewire

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. The utilizing the fire wire port to hacked into a target system.

This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode - not just what it needs to function - so you can read from anything stored in memory with the right tools. There is a few ways to secure yourself if you feel this is a threat (Disable the 1394 bus or disable DMA). f you have a Firewire port, disable it when you aren't using it

The security hole is not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire.

Thursday, February 28, 2008

Vishing - The Newest Weapon for Phishing

As Internet users learn not to divulge confidential information on websites, phishers move to new, uncharted territories. Their newest weapon is called “vishing”, as in “Voice Phishing”. It relies on Internet telephony to trick users to hand over their private data.

People trust phone transactions more than they trust the Internet, because the traceability and cost of landline or cellular phone service make mass phone fraud impractical. Moreover, vishing mimics the legitimate ways people interact with their financial institutions - one that has been touted as being safer. After all, many institutions advise calling by phone when in doubt. So victims are more likely to respond without hesitation to a vishing trap.

But VoIP service has brought together the Internet and telephone worlds, and makes such attacks easy and more cost-effective.

Internet-based phone companies make it easy to obtain an anonymous account and to handle large call volumes at little cost.

Inexpensive software lets thieves create an interactive voice response system that sounds exactly like the one your bank uses—even matching the on-hold music.

Traditional anti-phishing tools cannot easily detect a false telephone number within an email text, so protection against vishing is up to the user.

How to protect yourself

Common sense is the only true universal weapon when ID theft is involved!

Never respond to an email or voice mail that asks you to go to a website or to call a phone number to resolve an account problem. These are never legitimate.

If there is any question, call the merchant or institution at a number you know is genuine - either one found on the regular website (after having entered the address yourself!) or in the Yellow Pages.

Sunday, February 17, 2008

Why you probably aren’t practicing good password security

Most of the online users are not practicing good security practices in respect of password policies and other security habits. It’s common sense for most people on the hacking side of computer security as we know how easy it is to break a password when it’s only a few characters long or it uses a dictionary word. I think, the following are the reasons why most of us are not practicing good password security.

Strong passwords are difficult to remember.
Juggling a multitude of passwords is a pain.
Updating passwords compounds the memorization problem.

Due to vulnerabilities in Operating System and other application software users' online accounts can become compromised through phishing schemes, viruses, and spyware.

I suggest the following good security practice for you:

Strong passwords that are hard to guess.
Different passwords at each site.
Periodically changing existing passwords.

Tuesday, February 12, 2008

How to Protect your online accounts

Due to vulnerabilities in Operating System and other application software users' online accounts can become compromised through phishing schemes, viruses, and spyware. Users can secure their own account and their online identity quickly and easily by following the online safe practices. Some of the safe practice I regularly follows are listed below. You may look into these steps and take a decision today itself to safe guard from Online frauds.

1. Don't share: Keep your username, password and personal information secret. You are requested to change your password regularly. Password must be alphanumeric with special character and greater than 8 character in length.

2. Don't click: Never click on any link you suspect to be malicious, even if sent by someone you trust. Scan your computer regularly for viruses, spyware and adware. Updates your Operating System and other application software regularly.

3. Don't click: Never click on links in emails that claim to be from mail provider (,, bank authorities (,, auction sites (, or social networking sites (, Scan your computer regularly for viruses, spyware, and adware.

4. Don't spread: Never enter your account login and password on sites other than the original site. Never check remember me when you're using a shared computer.

5. Don't Share Personal Data: Avoid posting sensitive personal data, such as email addresses, phone number or pictures, in public places.

6. Don't forget to click the Logout link of the page when you're done using an online account.

7. Don't script: Never paste a URL or script into your browser while logged into a account especially social networking site viz., no matter what it claims to do.

Saturday, February 9, 2008

Over 1 Million Potential Victims of Botnet Cyber Crime - FBI News

The FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with their industry partners, viz. Microsoft Corporation, the Botnet Task Force and the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers and referring criminal botnet activity to law enforcement. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

Protect your PC from being hijacked - Norton AntiBot

“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”

Cyber security tips include updating anti‑virus software, installing a firewall, using strong passwords, practicing good email and web security practices. Although this will not necessarily identify or remove a botnet currently on the system, this can help to prevent future botnet attacks.

The following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:

* James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);

* Jason Michael Downey of Covington, Kentucky, is charged with an Information with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and

* Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)

Protect your PC from being hijacked - Norton AntiBot

More information on botnets and tips for cyber crime prevention can be found online at To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center,

Protect your PC from being hijacked - Norton AntiBot

Tuesday, February 5, 2008

Identity Theft one of the increasing security risk of 2008

Identity Theft continuous to become an increase threat to security. Identity theft is a catch-all term for crimes involving illegal usage of another individual's identity. The most common form of identity theft is credit card fraud. While the term is relatively new, the practice of stealing money or getting other benefits by pretending to be a different person is thousands of years old.

The major type of identity thefts are Financial Identity Theft (using another's identity to obtain goods and services), Criminal Identity Theft (posing as another when apprehended for a crime), Identity Cloning (using another's information to assume his or her identity in daily life) and Business/Commercial Identity Theft (using another's business name to obtain credit).

We must be address by using regular awareness sessions with end-users to secure about their identity from fraudsters. Here is an Identity theft security awareness training session by Mr. Jorge, Founder and CEO, Limassol, Cyprus. Jorge helps organizations and individuals understand and get the best out out of latest in Information and Communication Technology.

You can also download the audio of this Identity theft security awareness training session by clicking here.Download this episode (21 min)  

Monday, February 4, 2008

Orkut Trends - Indian women are among the world’s heaviest receivers of ‘scraps’

According to a new report from Orkut, Indian users are among the top five countries to get the maximum number of scraps posted on their Web pages. While globally, women receive just under half (48 per cent) of all scraps, Indian women score a higher percentage than men. Women from the Cayman Islands receive the most and Albanian women had the fewest scraps.

Another interesting fact is that the scraps are usually very brief. According to Orkut’s research the most popular scrap is ‘Hi’, which occurred 1,131 times out of a sample of 1 lakh short scraps. Short words such as ‘Ok’, ‘hello’, and ‘congratulations’ are the other most commonly used scraps.

Indian users on Orkut receive as many as 345 scraps on an average, which is quite impressive when compared to 423 scraps per user in the US. More than 16 per cent of members on Orkut are from India, which is the second largest community from a single country after Brazil.

Source: Orkut Blog, TheHinduBusinessLine

Recent Comments