Facebook Malware

  • By jsanders
  • February 20, 2012

Hackers attack social networks through a variety of means. Attacks often include posting links on a user’s wall that appear to be from a trusted friend or infect fake ads with “likes” that appear to be from someone familiar. These techniques trick users into trusting the source. Users are then more likely to perceive the links as safe and click on them.

Malware authors also take advantage of users’ tendency to use the same passwords for all their online profiles, making it easy to gain access to private information.

Sophos, a security firm, reported earlier last week, more than 60,000 Facebook users shared a link to a malware-laden fake CNN news page reporting the U.S. had attacked Iran and Saudi Arabia.

Users who followed the link and clicked to play video coverage of the attack, were then prompted to update their Adobe Flash player with a pop-up window that looks like a real update prompt. Those who accepted the prompt unwittingly installed malware on their computers.

The end result: Facebook users unknowingly shared their personal information with a nefarious interloper. However, attacks like this can be defended against. Facebook does provide a malware scanner from Bitdefender called Safego (pronounced safe-ego) to help its Users protect their personal information.

Otherwise, once a hacker has a foot hold in your computer, it’s just a matter of time before additional vulnerabilities are introduced to the system, if not complete sabotage.

Further, your computer could become a hive for bots that allow the hacker to perpetrate other hacks on people under the guise of being you.

With more businesses turning to social media to have conversations with their customers, it’s important to be aware of the vulnerabilities they can introduce. Being aware of these types of attacks is the best way to protect yourself against them.

 

Could your restaurant survive a 15% decrease in business?

  • By Bradley Cyprus
  • February 10, 2012

 The question we field more than any other when talking to small merchants is, “Who is making me become PCI compliant?”  The answer is too complicated to simply point at one entity and say, “It’s this guy, right here.”  In a few states, elements of PCI are law, but for the most part, Level 4 merchants (the smallest merchant type that makes up over 95% of all businesses) do not have to prove their PCI compliance to anyone.  Some acquiring banks are running a program with their smaller merchants and forcing them to validate, and the credit card companies have dictated that all merchants must be PCI compliant at all times, even if they only accept a single credit card per year.  However, the credit card companies are not currently forcing the merchants to prove their PCI compliance.  The issue only comes to a head when a breach happens.

If a merchant loses credit cards, then the whole game changes.  The acquiring banks, credit card companies, and law enforcement will be much more interested in seeing proof of PCI compliance.  At that point, the merchant involved will need to prove that not only are they compliant at the time of the investigation, but that they had been compliant before the breach occurred.  Merchants who have been lax in their compliance will face potential fines, penalties, and other sanctions from the credit card companies.  The cost associated with this phase of a breach can easily run into tens of thousands of dollars with $35-50K being the average for a small merchant.

More important than the actual fines is the loss of business.  When people learn that their credit card was stolen when they shopped at a particular location, they tend to avoid that location in the future.  There are numerous retailers who have lost too many customers to stay in business after the public learned of their breach.  With a recent restaurant breach in Texas, the proprietor of Flores Mexican Restaurant, is asking the public to forgive him and come back to his business.  By his own estimates, he has lost 15% of his revenue after hackers managed to steal credit cards from his point of sale system using malware, malicious software.

Small businesses are a prime target for hackers, and you should never believe that you are too small to be noticed.  If you do not take security seriously, it is only a matter of time before you are a victim.  It is always easier to keep a customer than to regain the trust of one.  If you are a merchant and you are deciding to wait until someone forces you to be compliant before doing anything, then conservatively you should project at least a 15% loss in revenue.  Hackers are not going away, and ignoring the problem makes you a prime target.

‘Anonymous’

  • By jsanders
  • February 8, 2012

The Internet has a self-proclaimed protector and advocate named Anonymous. Anonymous is a loose, secretive federation of hackers whose main interest is the free flow of information across the Internet.

If you watch or read the news, you have heard of their recent antics.  Reacting to proposed government legislation to regulate what is publicly available online, Anonymous has orchestrated the online equivalent of a sit-in.  The difference is, this sit-in defaces or completely shuts down company websites.

In some cases they have done more than crash company websites.  Anonymous has stolen private company data. They’ve stolen emails, credit card data and software. Their objectives have grown beyond embarrassing companies and moved on to more political statements about globalization, the democratizing force of the Internet and the powers that wish to control it.

But is Anonymous a threat or just a nuisance?  To those seeking to regulate the Internet, they are indeed a threat.  They argue the real enemy is government control and law enforcement. To everyone else, they are merely a digital gadfly reminding the world – ironically – when it comes to life online, it may be impossible to stay anonymous.

Cyber Sibling Squable

  • By jsanders
  • February 6, 2012

Sibling rivalry has a new face in the digital age.  In a recent lawsuit, filed in both the U.S. and UK, the plaintiff accuses his brother of hiring hackers to hack his email account and steal thousands of confidential emails.

You might see the incident as a benign impulse, equivalent to reading your sister’s diary. However, the legal ramifications are clear. It is an invasion of privacy with a stiff penalty that involves federal incarceration and a mountain of fines.

Hackers are easily found online, with websites selling their skills through legitimate storefronts.  Surprised?   Hackers are often hired by people to test their own systems.  Known in security circles as white-hat hacking, it is a legitimate business endeavor.  However, in the above lawsuit, clearly that is not strictly the case.

 This incident underscores important security issues and even larger privacy issues.  Whether you’re an avid user of social networks or only get online to check your email, there are growing questions over whether or not these services are secure.  Further, it is increasingly questionable whether privacy exists at all online.