Entries in Security (34)

Friday
Jan252013

Is your cell phone number going public this month?

By now you should know the answer, NO!  Three times in the past two months clients have received a email identical, or similar to this,  

Subject: Cell phone numbers go public this month - Do Not Call number

 PLEASE READ CAREFULLY

REMINDER..... all cell phone numbers are being released to telemarketing companies and you will start to receive sales calls. ....YOU WILL BE CHARGED FOR THESE CALLS.

To prevent this, call the following number from your cell phone: 888-382-1222. It is the National DO NOT CALL list. It will only take a minute of your time.. It blocks your number for five (5) years.

You must call from the cell phone number you want to have blocked. You cannot call from a different phone number. HELP OTHERS BY PASSING THIS ON. It takes about 20 seconds. 

https://www.donotcall.gov/default.aspx

You cell phone number is not going public, here is the statement straight from the FCC, 

The Facts

At present, a wireless 411 directory is only in the idea stage.
Even if a wireless 411 directory is established, most telemarketing calls to wireless phones would still be illegal. For example, it is unlawful for any person to make any call (other than a call made for emergency purposes or made with express prior consent) using any automatic telephone dialing system or any artificial or prerecorded voice message to any telephone number assigned to a paging service, mobile telephone service or any service for which the called party is charged for the call. This prohibition applies regardless of whether the number is listed on the national Do-Not-Call list.

FCC Website Link

It look like the FCC is painfully aware of the scams that have been going on.  If you receive one of these emails, please reply to the sender with this post.   The only way that we can stop these hoaxes is with facts and follow up.   If you are interested in more information on the hoax, check out the Snopes listing,

Celling your Soul


Wednesday
Jan162013

New Twitter Phishing Scam

Recently a friend of mine received a strange email supposedly via Twitter.   The message claimed that someone was spreading negative information about them via a blog linked to Twitter, see the message below, 

 

So if you click on the link here is what you get, 

This is a clasic phishing scheme tied to Twitter.  You enter your Twitter account User ID and Password and then get your account compromised.  Always be wary of a unsolicited email from some you do not know.   Verify the links, especially if the go to a URL different from the stated location.

As always if you have any questions, please contact me via comments.

 

Tuesday
Jan152013

Time to Update Java

Over the past week there have been multiple updates concerning Java.   Here is a brief explanation of what Java is, straight from Oracle, Javas developer, 

 

What is Java technology and why do I need it?

Java is a programming language and computing platform first released by Sun Microsystems in 1995. It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices.
Why do I need Java?

There are lots of applications and websites that won't work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!

Java at Oracle

Now there has been a lot of concern over people exploiting security flaws in Java,

Oracle Java 7 Security Manager Bypass Vulnerability

Oracle Security Alert for CVE-2013-0422

If you want to skip the technical side, my recommendation is to update Java as soon as possible, so here is a link to the Oracle site to download the latest software,

Latest Java Download

As always, if you have any questions, feel free to contact me.

Friday
Dec142012

What you don't know can hurt you...

A lot of my blog is devoted security threats and issues.   While I cover the majority of these issues, in some cases the threat outstrips my capabilities.

In these cases I have a great referral partner with Red Team USA.   Their services cover the gambit of from threat analysis, security / breach testing, to development of policies and procedures to ensure security at your home or business. Here is an excerpt from an excellent 30 min presentation, 

"Despite what many believe, cyber-security is a risk management issue that must be addressed by the leadership of the company. In many cases the problem is funneled to the IT department. The company leadership cannot avoid dealing with this issue. If a breach occurs, the IT department, whether internal or outsourced, will not be held liable. It is the leadership of the company and its management who will be held responsible for the loss and associated fallout.

Taking active involvement, making clear decisions about security, and putting the right pieces in place is the only way for companies to reduce or eliminate the liability associated with a breach (loss of money, time, and reputation)"

I highly recommend that if any of the above resonates with you and your current situation, get in touch with Red Team USA.  Your first point of contact should be Alfred Gizzo, click on his name to email him.  He can walk you through a very helpful 30 min presentation and answer all of your questions. 

 

Wednesday
Dec052012

Is something "Rouge" on your computer?

(Please ignore the SP above I had a linking error to my site that required it)

Another entry from that anti-virus files, rogue security software.   On at least two occasions I have had clients come in with rouge security software, in both cases XP Antivirus Pro 2010.   What is rogue software, here is the description from wikipedia, 

"Rogue security software is a form of Internet fraud using computer malware (malicious software) that deceives or misleads users into paying money for fake or simulated removal of malware or claims to get rid of malware, but instead introduces malware to the computer.  Rogue security software has become a growing and serious security threat in desktop computing in recent years (from 2008 on)."

Link to Article

The types and names of software are always changing, but again wikipedia provides a pretty good list, List of rogue security software.

How do you avoid rogue software, only download or install software from a trusted source.  If you have questions about trusted sources, I will provide a follow up blog post next week,  or call us in the meantime.  

In the meantime, please give to wikipedia

Errors occurred while processing template[pageRendered/journal.st]:
StringTemplate Error: Can't parse chunk: {settingHomePageKBArticle}" target="_blank">Learn how.</a></li>
<li>If you have already selected a front page, make sure it is enabled. Click on the Cubes icon (top right) and then click the "enable page" button.</li>
</ol>
</div>

: expecting '"', found '<EOF>'
StringTemplate Error: problem parsing template 'pageRendered/noDefaultModule': null
StringTemplate Error: problem parsing template 'pageRendered/noDefaultModule': null