The US Department of justice said it has arrested 10 people from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States related to the operation of the butterfly (mariposa) botnet.  The exact infection rate can't be ascertained with certainty however it is believed over 11 millions systems are infected worldwide. As one of the biggest and most widely known botnets, experts estimate that it stole close to $850M by harvesting financial information from 800,000 people.

Continue reading →

Richard Stallman, the creator of the GNU Project and a leader of the Free Software Foundation, recently called Ubuntu spyware. He made that claim because the latest version of Ubuntu (12.10) sends desktop search information to Canonical (the makers of Ubuntu) so they can show you customized Amazon ads directly in Ubuntu's program called Dash. His exact explanation was "Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical’s servers.

Continue reading →

Go through your facebook friends list and I guarantee you will quickly find a handful of people you don't know why you friended. It is a good habit to periodically review your friends list and unfriend people you are no longer interested in.  Keeping a "clean" friends list means you are sharing your personal information (pictures, locations, personal relationships, etc) with the appropriate people.  Q. If you unfriend someone, do they get notified? A.

Continue reading →

Most social media users don't realize how much of their information they allow 3rd party apps to access. It is such a problem that I use IFTTT to send me a monthly reminder to check my social media security settings. My recommendation is to use MyPermissions and I recommend you read my write-up here. It takes 5 minutes each time and it is time well spent. If there are any accounts you want to close, take a look at AccountKiller, a neat site that shows you (step by step) how to delete your account from the most popular sites on the internet.

Continue reading →

A recently discovered vulnerability on Instagram for iPhone makes your account vulenrable to hacking. This vulnerability was discovered by Carlos Reventlov and he explains how a hacker can seize control of a victim's account. The description he provides is: The Instagram app communicates with the Instagram API via HTTP and HTTPs connections. Highly sensitive activities, such as login and editing profile data, are sent through a secure channel. However, some other request are sent through plain HTTP without a signature, those request could be exploited by an attacker connected to the same LAN of the victim’s iPhone.

Continue reading →

A technique used by hackers is hiding a malicious URL using a URL shortening service like Goo.gl, TinyURL or the automatic shortening done by twitter using the t.co address. There are plug-ins for most browsers that show the actual URL however you may not want to install another browser plug-in (that may compromise your security or slow down the browser). LongURL performs this function without having to install anything. 1. GO to LONGURL 2. Enter your short URL

Continue reading →

Social networks are interesting things, they allow people to connect and share data. Casinos spend billions of dollars to carefully design every aspect of their location, games and services to maximize your spend. Social networks spend a great deal of time figuring out how to "encourage" you to over-share. The advantage social networks have is that they are impersonal and thus users seem to be willing to share far more information online than they would during a face to face encounter.

Continue reading →

As the CISO of a large multinational organization, I understand the fine balance between flexibility/usability and security. Absolute usability means no security and vise versa. So when I look at cloud storage solutions like Dropbox, Skydrive, Google Drive, SugarSync , Cubby, iCloud & al, I understand the attraction. You pay a reasonable monthly fee and all of your important data is backed up to the cloud and available everywhere on all your devices. They provide ultimate flexibility. Unfortunately the average consumer isn’t thinking about the security of their in-cloud files, because this would add a layer of complexity and would reduce the ease and flexibility of the solution.

Continue reading →

The interwebs are buzzing about a Skype vulnerability that anyone can use to access your account using only your email address. In response, skype has disabled with password reset page (to protect against the exploit).  The vulnerability is simple and doesnt require any special skills or tools. You can follow their updates on the Skype heartbeat page. 

Continue reading →

As the Chief Information Security Officer of a large multinational company, I am willing to look under any stone to provide a safer more secure computing environment for my company. Like a large company, there is one characteristic that is likely increasing your risk profile and making you more susceptible to hackers, malware and virus. Old not updated software. Old software has many more bugs that can be exploited to commandeer your computer. Secunia PSI is your solution The fine folks at Secunia offer their Personal Software Inspector for FREE!

Continue reading →

It seems like every day, we hear about another web service that was hacked and whose account information was stolen. Most internet users aren’t connected to the hacker underground and have no way of finding out if their account may have been leaked. Enter PWNEDLIST, a free service that can tell you if your account information was disclosed as part of a hack. The site started in July 2011 and was the idea of Alen Puzic, a white-hat security researcher.

Continue reading →

A recent Splashdata news released shared the 25 worst passwords to use in 2012 (these are the most commonly used passwords exposed by hackers this year). The words “password”, “123456” and “12345678” are popular this year and were popular last year too. New entrants (in the 2012 list) include “welcome”, “jesus”,”ninja”, ”mustang” and “password1”.  password (Unchanged) 123456 (Unchanged) 12345678 (Unchanged) abc123 (Up 1) qwerty (Down 1) monkey (Unchanged) letmein (Up 1) dragon (Up 2) 111111 (Up 3) baseball (Up 1) iloveyou (Up 2) trustno1 (Down 3) 1234567 (Down 6) sunshine (Up 1) master (Down 1) 123123 (Up 4) welcome (New) shadow (Up 1) ashley (Down 3) football (Up 5) jesus (New) michael (Up 2) ninja (New) mustang (New) password1 (New)   If you use any of these, change it now.

Continue reading →

AccountKiller is an interesting website that provides instructions on how to delete your account from most major online sites (e.g. Skype, Facebook, Live.com, Yahoo, Google, Twitter, etc.) What do you do when you no longer use an online site? Most users unfortunately just stop visiting the site but never go through the process of deleting their accounts. When you ask them why, they say it is "too complicated" or that "they couldn't figure it out". AccountKiller provide instructions for most major online sites making the delete process as easy as possible.

Continue reading →

Results from a recent getsafeonline.org survey show that 56% of adults in the United Kingdom have been targeted through online attacks. Interestingly, 65% of those attacked haven’t changed their computing behavior. The top 5 attacks where:  Viruses Email attacks Social media attacks Fraud driven sales Online credit card fraud  29% of respondents didn’t realize that they were increasing their risks of becoming victims. Interestingly 17% of respondents admitted that they were embarrassed to admit having fallen victim to online attack.

Continue reading →