Office by Alex Penny
My name is Bill, I am a recent graduate in Information Sciences and Technology from Penn State University and this is a place for me to post or give my 2 cents on the fascinating world of technology. I am now working for a pretty big technology related company whose name I will leave out just to avoid any possible complications, however far-fetched them happening may be. Music gets included from time to time as well.
Anonymous Operation of the Day: Legalize DDoS
Members of Anonymous are jumping on the White House petition bandwagon in an attempt to “make distributed-denial-of-service (DDoS) attacks a legal form of protesting” under freedom of speech, The Daily Dot reports. A popular tactic that’s long been associated with the infamous hacking and trolling collective, DDoS attacks have been steadily on the rise in recent years with easier access to automated software programs and its frequent appearance in the news media. As of 3 p.m. (ET), the petition has less than 500 signatures, which isn’t an impressive number but considering the reputation of the organizers, this may all change really soon.
I’m sorry but this is an awful idea that would protect those malicious intent and promote negative behavior. Perfectly reasonable organizations would be just as much at risk as those you deem worthy of protest.
(via burialonthepresidio)
McAfee’s research upheld an October report from RSA, the security wing of IT giant EMC Corp (EMC, Fortune 500).
RSA startled the security world with its announcement that a gang of cybercriminals had developed a sophisticated Trojan aimed at funneling money out of bank accounts from Chase (JPM, Fortune 500), Citibank (C, Fortune 500), Wells Fargo (WFC, Fortune 500), eBay (EBAY, Fortune 500) subsidiary PayPal and dozens of other large banks. Known as “Project Blitzkrieg,” the plan has been successfully tested on at least 300 guinea pig bank accounts in the United States, and the crime ring had plans to launch its attack in full force in the spring of 2013, according to McAfee, a unit of Intel (INTC, Fortune 500). (McAfee was founded by John McAfee, who is wanted for questioning as part of a Belize murder investigation, but he no longer has any ties to the company.)
Project Blitzkrieg began with a massive cybercriminal recruiting campaign, promising each recruit of a share of the stolen funds in exchange for their hacking ability and busywork. With the backing of two Russian cybercriminals, including a prominent cyber mafia leader nicknamed “NSD,” the recruits were tasked with infecting U.S. computers with a particular strain of malware, cloning the computers, entering stolen usernames and passwords, and transferring funds out of those users’ accounts.
The scheme was fairly innovative. U.S. banks’ alarm bells get tripped when customers try to access their accounts from unrecognized computers (particularly overseas), so banks typically require users to answer security questions. Cloning computers lets the cybercriminals appear to the banks as though they are the customers themselves, accessing their accounts from their home PCs — thereby avoiding the security questions.
And since most banks place transfer limits on accounts, recruiting hundreds of criminals to draw smallish amounts out of thousands of accounts is a way to duck those limits. The thieves could collectively siphon off millions of stolen dollars.
Stay aware, especially as more financial processes are completed with smartphones. Get software that will protect you and keep an eye out on what you download/click on just like you would a PC.
I’m having trouble seeing this take off myself. As flawed as the manner in which this guy created his estimate is and as well as it did on Kickstarter, I just don’t see the market embracing it. People may claim they’re clamoring for it, but remember Diaspora? It’s easy for everyone to jump on the wagon, but at the end of the day familiarity wins out for most of them. This doesn’t have the power to convert people from the current consoles, it will supplement them at best.
“Company X loses millions of passwords and personal data to Hackers Y. Company X says change all your passwords. End-users Z ignore or dutifully update and repeat a new password on all their sites. Law enforcement investigates but goes for donuts when the short Internet attention span sees another shiny object to fawn over.
Hackers Y pop up again six months later with phishing scams, or worse yet, attacks on business accounts using a combination of your stolen name, password, and the last four digits of your credit card number.
It’s not the passwords, folks. The infrastructure is broken. What’s that phrase about insanity and trying the same thing over and over?”
Good summary for those that aren’t sure what’s going on. It really is a good idea to change your passwords just in case.
Pretty cool thing happening at my alma mater. It appears to be a part of this start-up week thing that they’re having, apparently I graduated a year too early haha.
I’m getting really sick of these broadly written bills. Perhaps more so than SOPA, I can’t really disagree with the purpose of this bill, however the fact that the language does not set barriers that could limit personal information about users companies can share and when with the government is really frustrating. It’s a pretty ridiculous excuse when the lawmakers say that it’s okay because they aren’t going to interpret the law like that. If that’s the case, why not just change the language to better fit the specific definition that can be agreeable? I have to stress though, stay informed and read the details for yourself. Don’t just take everyone calling this “SOPA 2.0” as automatic truth. Like I said, I can’t disagree with the purpose and the importance of protecting people from hackers, we just need language that maintains the users rights at the same time.
The job of stealing your personal data is now a fully-fledged industry - in some regards, one that is becoming terrifyingly legitimized. Earlier this month, security experts with Verizon gave reporters at the RSA Conference an advance look at detailed forensics data, compiled with the assistance of the world’s law enforcement agencies including the U.S. Secret Service. That data indicated that industrialized data center incursion has become mechanized, is happening regularly, and has the goal of compiling a more comprehensive “big database” about your personal transactions than Facebook or Citicorp ever dreamed.
“Most of these automated attacks are almost exclusively on small businesses,” says Chris Porter, Verizon’s senior security analyst and co-author of its annual Data Breach Investigations Report (DBIR), whose 2012 edition was published this morning. “There’s some franchise chains, but many times it’s mom-and-pop cafés. These restaurants, retail stores, are really focused on building their business. They want to make sure when a customer comes in, they can charge him. And they’re probably less concerned about data protection.”
» via ReadWriteWeb
