The Battle Against Spam and Phishing Scams is Officially On
Google, Microsoft, Yahoo!, AOL and Facebook are setting aside their online rivalry to fight a common enemy: email spam and “phishing” attacks.
The Web giants said Monday they have teamed up with Bank of America, PayPal and others to combat spam and phishing, where emails seeking to obtain passwords or other information are sent to unsuspecting recipients.
Following 18 months of private collaboration, they’ve announced the formation of a technical working group known as DMARC.org, drawn from the acronym for Domain-based Message Authentication, Reporting and Conformance.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole, industry cooperation — combined with technology and consumer education — is crucial to fight phishing,” said Brett McDowell, the chair of DMARC.org and senior manager of customer security initiatives at PayPal.
The members of DMARC are proposing email authentication standards for email senders and receivers designed to make impersonation more difficult for the fraudsters behind phishing attacks.
Currently, email providers must rely on “complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.
By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure.
AOL, Google, Microsoft and Yahoo!, the leading email providers, are members of DMARC.org along with Bank of America, Fidelity Investments, PayPal, American Greetings, Facebook, LinkedIn and email security providers Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
SOPA and PIPA What Went Wrong
The postponing of SOPA and PIPA last week was a relief to security gurus who foresaw major technical problems inherent in the bills’ provisions. Last week U.S. Congress was rushing to pass a controversial bill that most security experts maintained could throw a monkey wrench into the gearbox of the Internet.
The bills themselves have been postponed, and their main sponsors have specifically disavowed the supposed security pain points they contained.
The Stop Online Piracy Act (SOPA), filed in the U.S. House of Representatives, and its Senate counterpart, the Protect IP Act (PIPA), proposed that Internet Service Providers (ISPs) be called on to block the DNS addresses of websites suspected of violating the rights of copyright holders.
But after weeks of controversy from opponents of the legislation, capped by a one-day blackout of Wikipedia and other sites in protest of the measure, the sponsors of the bills decided to strip out the DNS requirements.
“After consultation with industry groups across the country, I feel we should remove Domain Name System blocking from the Stop Online Piracy Act so that the [Judiciary] Committee can further examine the issues surrounding this provision,” SOPA’s sponsor Lamar Smith (R-Texas) said.
PIPA’s sponsor, Patrick Leahy (D-Vermont), was skeptical of the critics of the DNS provisions in his bill, but also agreed to shelve the provision.
“I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest,” he said. “Nonetheless,” he continued, “this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”
The DNS concessions were good news for white hats like Dan Brown, a senior security researcher with Bit9. “Anyone who understands how the Internet works thinks it’s a bad idea for Congress to fiddle with something they don’t understand,” he told TechNewsWorld.
“These bills are still bad because they will have a negative impact on free speech and free communication on the Internet,” he asserted, “but they appear to be moving in the direction of not having any major technological impact on the Internet.”
For more info check out this online article from PC World
http://www.pcworld.com/businesscenter/article/248586/sopa_and_pipa_what_went_wrong.html
Anonymous lashes out and promises more to come
Government and big business once again clashed with the anarchic hacker collective “Anonymous” last week. The sore point between the two this time was the FBI’s shutdown of the alleged pirate haven Megaupload and the arrest of its founder and other executives in the company.
Megaupload has been in and out of hot water since it was launched in March 2005. Since that time, according to the FBI, the site has produced $175 million in “criminal proceeds” for its owners.
In retaliation for the government action, the hacker group known simply as “Anonymous”, launched a series of denial of service attacks against servers at the U.S. Department of Justice, the Motion Picture Association of America and Universal Recording. The attacks were able to cripple or stop operation of those sites temporarily. To do so, however, the hactivists had to resort to unusual tactics.
Through Twitter and the group’s chat rooms, it spread a booby-trapped URL. Clicking on the Web address involuntarily turned the clicker into one of the Anonymous attacking hordes.
Now Anonymous is threatening to bring down Facebook this weekend in the same manner. They’re even asking for end users help with this “project” and suddenly we’re seeing videos supposedly from Anonymous (no one has verified that these videos can actually be attributed to the group – after all, they are Anonymous) but it’s interesting to see and listen to all the chatter.
Here’s a link to the video supposedly attributed to the hacker organization – to be fair, the group has tweeted publically that this video is a fraud. Boy… just who can you trust these days?
http://www.youtube.com/watch?feature=player_embedded&v=oVSQ3JIgIXE#!
What’s your stand on this – should pirate sites like Megaupload and other torrent sites be allowed to store and share pirated and copyrighted movies and music for anyone to download for free? I’d love to hear your thoughts on this…
Instant Facial Recognition and Detection
Instant facial recognition and detection, is it Science Fiction or Science Fact? Facial recognition and detection technology is getting cheaper, faster, and much more commonplace, raising the question of whether people will be able to remain anonymous in the near future.
Digital signs and sensors that detect and recognize faces are no longer a matter of science fiction. They are real and are popping up everywhere from malls to bars to smartphones.
So what’s protecting you from Big Brother tracking your movements and invading your privacy?
As of right now, technology is the only significant barrier.
Today, the technology is not quite robust enough to snap a photo of someone on the street and instantly know who they are. Computer processors aren’t fast enough to scan across billions of images in real time to match an offline face to an online photograph. But that’s coming soon.
“To match two photos of people in the United States in real time would take four hours,” said Alessandro Acquisti, professor of IT and public policy at Carnegie Mellon University’s Heinz College. “That’s too long to do in real time. But assuming a steady improvement in cloud computing time, we can soon get much closer to that reality than many of us believed.”
Acquisti and his research team at Carnegie Mellon have already developed a proof-of-concept iPhone application that can snap a photo of a person and within seconds display their name, date of birth and social security number.
Currently, the reference photos have to be uploaded to a database, but Acquisti said that processing speeds will soon become fast enough to do the whole process online and in an instant.
Though computers still have difficulty identifying faces in low light or poor photo quality, programs are now able to capture a profile of a face, build a 3D model of it, rotate the photo and identify the person the face belongs to.
If a future in which you can always be identified really is around the corner, what will stop advertisers or even the government from putting names to previously anonymous faces of people walking into a store, strolling down the street or protesting a convention? That’s what the Federal Trade Commission sought to find out at a facial recognition policy conference in Washington last month.
The answer as of now: industry self-regulation. The Digital Signage Federation, a consortium of companies operating digital signs that detect or recognize faces, developed privacy guidelines that require consumers to “opt-in” to being detected or recognized. But that “opt-in” can be made as simply as walking into a store that posts on its window that it detects faces.
As of today, no laws or regulations specifically prevent your face from being detected or recognized without your consent. “Is U.S. privacy law ready for facial recognition? It’s not even close,” said Daniel Solove, professor at the George Washington University Law School.
The solution, however, isn’t easy. Warning people that a particular venue is equipped with face detection technology means the only way for people not to be detected would be to avoid the location. But what if it’s a drug store and someone needs to get a prescription filled?
More than 35,000 developers have built apps that have detected and recognized more than 35 billion photos using Face.com’s online software. They range from fun toys like Celebrity Findr, which scours Facebook and Twitter for photos of celebrities, to practical tools like Fareclock, which tracks when employees punch in and out by scanning their faces.
Somewhere in between is Find Your Facemate. Upload your photo and the service will find a potential future love interest who uses the service and looks like you.
How long will it be before someone decides to put together all these online images into a central database and in many online repositories like Facebook and Twitter, our name is already linked to the photo.
Face recognition and detection is real, but the government doesn’t yet have a way to protect its citizens from potential abuse of the technology. With the vast network of internet based security cameras recording much of our daily lives, this is just the next logical step. Are you ready for this? In the future, can anyone remain anonymous?
Where is SANTA – NORAD Knows
It’s that special time of the year again.
NORAD (North American Aerospace Defense
Command) has been helping Santa make his rounds for 53 years. The site went live on December 1st for those who are ready to start searching for St. Nick. While you won’t actually get to track him until Christmas Eve, there are tons of resources, fun and games available on the site now. There’s a new video direct from NORAD this year introducing NORAD Santa located here: http://www.noradsanta.org/en/anorad.html
This year, NORAD teamed up with the Colorado Springs School District 11. Here’s a link to the contests winning video and dance from the students at Wasson High School along with some of the students stories. http://www.noradsanta.org/en/d11.html There’s also many student videos from around the world posted on teh site for you to view and enjoy: http://www.noradsanta.org/en/video_world.html
How does NORAD track Santa?
Santa Cams are ultra-cool, high-tech, high-speed digital cameras pre-positioned at many locations around the world only on Christmas Eve. The cameras capture images and videos of Santa and his reindeer as they make their journey around the world.
All the preparations for this year are in place! Be sure visit each day to get important updates from the North Pole and to discover new surprises in the Kids’ Countdown Village. Santa’s elves have been busier than usual this year preparing for Christmas Eve. Visit Santa’s Village to see what’s been going on, and join in the fun!
Santa Snacks
Santa takes breaks during his Christmas Eve trip around the world – especially for snacks left for him by children. Do you put a snack out for Santa? Kids all over the world do. Some even leave carrots for Santa’s reindeer. (carrots are their favorite food.) Be sure to check back on Christmas Eve to see how many cookies Santa eats during his journey. No wonder he’s so jolly and round!
This year you can track Santa in many different ways. In addition to the website you can use Google Earth/iGoogle Gadget, Twitter and Facebook – get the links and info form the websites home page – http://www.noradsanta.org
So don’t miss out on the fun this year. Log in on Christmas Eve and watch as Santa makes his way around the world and more importantly – to your house!
Why Does NORAD Track Santa
Here’s the link explaining how this 53 year old tradition got started by Colonel Harry Shoup (Retired USAF) as well as a short audio of his recounting that fateful night and the first phone call into NORAD headquarters. http://www.noradsanta.org/en/whytrack.html
Want to know how NORAD accomplishes this tremendous task each year http://www.noradsanta.org/en/howtrack.html
How would you (or your child) like to talk to someone at NORAD to find out where Santa is located?
The NORAD Tracks Santa Operations Center is fully operational beginning at 4:00 a.m. MST on December 24. You can call 1 877 HI-NORAD (1.877.446.6723) to talk directly to a NORAD staff member who will be able to tell you Santa’s exact location!
Perhaps you’d like to send an email to NORAD to find out where Santa is located?
On December 24, you can send an email to noradtrackssanta@gmail.com. A NORAD staff member will give you Santa’s last known location in a return email.
Merry Christmas from all of Santa’s Elves at ACTSmart!
Cyber Monday Shipping Woes
With Cyber Monday, the “official” start of the online holiday shopping frenzy now just a fond memory, online shoppers should remember to be vigilant about any email messages they receive relative to their shopping extravaganza..
Pretty much everyone is in a hurry to get their online holiday shopping done and shipped. During the next few days and weeks you may see what appears to be an email from UPS saying “package not delivered,” and please click on a link to get the issue resolved. Don’t just blindly follow these instructions. Chances are the email is a fake, intended to infect your computer with a virus..
The scam is designed to prey on online shoppers who are worried about the timely delivery of their purchases. The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the HTML content..
In the email screen capture shown, there’s one big clue in the message that indicates it’s a fake: “We were not able to delivery the post package“ reads the “mish-mashed” sentence in the message..
There have been a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic ‘UPS Customer Services.’.
UPS itself is quite aware of scammers using its corporate name to spread malware or take advantage of unsuspecting users who might be willing to hand over credit card or other information to cyber criminals. The company recognizes it as a “continuing global issue,” and has a Web page devoted to fraud protection that’s definitely worth checking out if you ship or receive packages using the service..
The company “may send official notification messages,” a UPS spokesperson has said, but there are — and this is important — “rarely attachments.”.
If you get such an email, you can forward it directly to UPS at: fraud@ups.com..
“You should not open attachments and should delete the email after forwarding,” UPS advises. The company continues to work with local and national authorities as well as participate in a cyberspace fraud task force. It’s a continuing challenge..
.
No matter how eager shoppers are for their shiny new purchases to arrive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made. In addition, rather than clicking on embedded links in an email, shoppers should go directly to the shipping site and plug in the tracking number.
Facebook gets attacked again.
Over the last few days, Facebook users have been experiencing a flood of links, videos, and images depicting pornography, violence, and a myriad of unseemly images. Facebook confirmed the problem, in short, stating it was hit by a coordinated spam attack leveraging a browser vulnerability.
Some members of the social network are complaining about violent and/or pornographic pictures showing up in their News Feeds without their knowledge. Others are being told by their friends that they are sending requests to click on links to videos, sending out bogus chat messages, or writing mass messages and tagged photos leading people to believe they are in the link.
We’ve seen this type of spam on Facebook before, but it’s coming in at a much faster pace. According to the company, this spam attack all started with users being tricked into pasting and executing malicious JavaScript in their browser’s URL bar. Facebook says it has been shutting down the malicious pages and accounts that attempt to exploit this flaw and has been giving users guidance on how to protect themselves. Overall, the company claims it has managed to drastically reduce the rate of the attack, but didn’t elaborate with actual numbers.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms,” a Facebook spokesperson said in a statement. “Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.”
“Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
Users are outraged, and as is typical with Facebook members, many are already threatening to close their accounts. That being said, it’s still not known how many of the site’s 800 million active users are affected.
Think you may have a Facebook virus or your account has been hacked? Here are three things you should try: change your password, remove suspicious apps, and perform a virus scan.
Change your Facebook password
It’s possible your Facebook woes are coming from the result of a phishing scam. Someone may have created a fake website that looks like Facebook or another online service you visit and tricked you into logging in. Their goal was to steal your password and other account credentials, and they may have succeeded.
In this case, you should change your password on Facebook. :
If changing your password fixes your Facebook problems, you should change your password for all your other services too, especially if you use the same password for them as you previously used on Facebook. If this doesn’t fix the problem, try the next step.
Remove unwanted Facebook apps
It’s possible your Facebook problems are coming from a rogue app that you accidentally installed or were tricked into installing. Every Facebook app has certain permissions to your account. Some of these permissions you can modify, while others you cannot.
Your best bet is to remove all the Facebook apps you find suspicious. If you don’t know how to do so, there are guides on Facebook itself.
If cleaning out your apps fixes your Facebook problems, tell your friends they should do the same (chances are the app asked your friends to install it as well). If this doesn’t fix the problem, try the next step.
Get some security software and run a virus scan
It’s possible the problems are coming from some sort of malware, be it a keylogger, a trojan, or some other type of virus. Even if you think your computer is clean, it can’t hurt to check.
I recommend Microsoft Security Essentials –it’s free and gets the job done very well. Another good one is Malwarebytes. Other free alternatives include Avira and Avast.
The aforementioned security programs are for Windows. If you have a Mac, try using the antivirus from Sophos.
After running the virus scan, clean out whatever the program detects.
Slow PC Getting You Down
5 easy ways to fix a slow Windows PC. It happens to almost every Windows user over time: You buy a new desktop or laptop PC. It runs fast. But a few months later, you’re sure it’s slower than it used to be. Ask for help on the Internet or in real life, and you usually get one of two answers: you must have downloaded a virus, or you need to defragment your hard drive. This is usually NOT the answer. Unless you are experiencing virus like activity, you probably don’t have a virus, and Windows doesn’t need you to run the defragmenting tool yourself these days. Your problems most likely lie elsewhere.
Microsoft offers some basic help on how to solve the problem with five suggestions for getting a Windows machine back up to speed.
Check for viruses — This usually isn’t the problem, despite what your friendly, neighborhood geek told you, but it’s worth a look. If you haven’t got antivirus software running already, download the free Microsoft Security Essentials software.
Run Windows Update — If you haven’t updated your Windows operating system in a while, there may be speed fixes that Microsoft has published since you bought it. Of course, that doesn’t explain why your PC would have actually become slower, but it might improve the problem. Microsoft recommends that you turn on automatic updating, but many computer users hate automatic updates — they always seem to insist on installing themselves in the middle of a deadline or an important chat session. It’s easy to make Windows wait until you tell it to update – just remember to do it regularly.
Reduce your Web page history — This little nugget works. Internet Explorer stores a historical archive of Web sites you have visited. If it gets too big, managing it slows the browser. Microsoft recommends keeping no more than a week’s worth of Web history. The company has instructions for how to reduce the size of your history.
Disable add-ons — Browser add-ons can slow down browsing tremendously, especially if you install several of them. To disable add-ons, go to the Internet Explorer option Tools -> Manage Add-ons. Other browsers have similar configuration controls and suffer the same hit on performance. Use a few add-ons as possible.
Free up some disk space — A disk that’s running out of space can slow Windows performance down a lot, as it juggles data that it would normally just write out to the disk. To reclaim space, run the Disk Cleanup tool (bring up the Start menu and type “disk cleanup tool” into the search box) to remove Internet cache files, clear the Recycling Bin and delete installed programs that you never use.
Still too slow? Here’s a fast and easy way to get some help from the people who make Windows: Log in to Twitter and post a tweet with @MicrosoftHelps in it to get attention from the Microsoft customer support team. The team is available weekdays 7:30 a.m. to 5:30 p.m. Pacific time. Microsoft has plenty of online documentation, but having a human being help you navigate the software is much quicker—especially if your system is already crawling.
Box.net One-Ups Apple’s iCloud with 50GB of Free Storage
Box.net is thumbing its nose at Apples iCloud and turning up the iCloud competition by offering 50 GB of free cloud storage for anyone who uses a Box Personal account on an iPhone or iPad.
The Box offer of free cloud storage on the iPhone, iPad and iPod touch comes as Apple officially launched iCloud, its cloud storage platform for iOS devices, this week. Box’s 50 GB of free cloud storage trumps the 5 GB free on iCloud. 50 GB of storage on iCloud would run about $100 per year.
“That’s right, it’s 50 GB in the cloud completely free, forever,” says Box Social Media Manager Mark Saldana in a blog post. “Your 50 GB of storage isn’t just limited to your mobile device — you get it anywhere you use your Box account, like on your laptop at home or your desktop at the office.”
According to Box, which has become a cloud storage, file sharing and content management darling, users have to visit the Apple App Store and download the newest Box app for their iPhone, iPad and iPod touch; log into the account or register for a new one from the app; start using Box for file sharing and storage.
If you already have a Box.net account, you’ll need to update to the newest Box for iPhone and iPad app, version 2.4.3, then log into Box in order to get 50 GB. An is that wasn’t enough, your new account will have an increased file size upload limit of 100 MB instead of the usual 25 MB.”
It has also updated its app with new features. It can leverage AirPlay for wireless streaming of Box content to Apple TV, meaning photos, videos and presentations can be shown.
The 50GB free cloud storage deal comes three years after Box launched its iPhone app and just days after Apple released their new iOS with iCloud included.
Box.net has made great strides in the cloud storage world of late, breaking onto the scene offering 50 GB of free storage to buyers of the HP TouchPad, the short-lived HP tablet; and free storage to users of HTC smartphones. Those moves have made Box.net a cloud storage, file sharing and content management sensation.
The company also recently added new syncing capabilities and security to its offerings, which it unveiled at its first-ever BoxWorks customer conference last month. Box also reportedly also recently deflected a potential acquisition from Citrix for an estimated $600 million and just weeks later announced raising $81 million in funding.
Social Engineers’ Latest Pick-up Lines
You may now be savvy enough to know that when a friend reaches out on Facebook and says they’ve been mugged in London and are in desperate need of cash, that it’s a scam. But social engineers, the criminals that pull off these kinds of ploys by trying to trick you, are one step ahead.
Social engineering attacks are getting more specific because targeted attacks are generating far better results.
What that means is the hackers may need to do more work to find out personal information, and it may take longer, but the payoff is often larger.
Today’s attacks are not just a broad spam effort, sending out a million emails with an offer for Viagra. These are now individual attacks where they are going after people one by one.
Here are five new scams circulating that involve greater individual information gathering tactics.
This is Microsoft support –we want to help
A new kind of attack is hitting many people lately. It starts with a phone call from someone claiming to be from Microsoft support, calling because an abnormal number of errors have been originating from your computer.
The person on the other end says they want to help fix it because there is a bug and they have been making calls to licensed Windows users. All this pretext makes sense; you are a licensed Windows user, you own a machine with Windows on it and the caller wants to help you.
The caller tells the victim to go to the event log and walks them through the steps to get to the system log.
Just about every Windows user will have a multitude of errors in the event log, simply because little things happen; a service crashes, something doesn’t start. There are always errors, but when a non-experienced user opens it up and sees all these so called “critical errors”, it looks very scary.
At that point, the victim is eagerly ready to do whatever the alleged “support” person wants them to do. The social engineer advises them to go to Teamviewer.com, a remote-access service that will give them control of the machine. Once the social engineer has access to the machine, they then install some type of rootkit or other piece of malware that will allow them to have continual access.
Donate to the hurricane recovery efforts!
Charitable contribution scams have been a problem for years. Any time there is a high-profile incident, such as the devastating earthquake in Haiti or the earthquake and tsunami in Japan, criminals quickly get into the game and launch fake contribution sites. The best way to avoid this is to go to a reputable organization, such as the Red Cross, and initiate the contact yourself if you want to donate. However, a particularly vile targeted social engineering ploy has cropped up recently that seeks specifically to target victims who may have lost loved ones in a disaster.
In this example, about 8-10 hours after the incident occurs, web sites pop up claiming to help find those who may have been lost in the disaster. They claim to have access to government data bases and rescue effort information. They typically don’t ask for financial information, but do require names, addresses and contact information, such as email and phone numbers.
While you’re waiting to hear back about the person you are seeking information on, you get a call from a charity. The person from the charity will often strike up a conversation and claim to be collecting contributions because they feel passionate about the cause as they have lost a family member in a disaster. Secretly, they know the victim they’ve contacted has lost someone, too, and this helps build up a camaraderie.
Touched by the caller, the victim then offers up a credit card number over the phone to donate to the alleged charity. Now they have your address, your name, relative’s name from the web site and also a credit card. It’s basically every piece of information they need to steal one’s identity.
About your job application…
Both job seekers and head-hunting organizations alike are being hit by social engineers who know they are looking for employment or seeking new employees.
In both instances, this is a dangerous scam. Whether you’re the person looking for work or the company posting new jobs, both parties are stating – I’m willing to accept email attachments and information from strangers.
According to a warning from the FBI, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware that resulted from a job posting.
The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company, the FBI alert reads. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.
Malicious attachments have become such a problem that many organizations now require job seekers to fill out an online form, rather than accept resumes and cover letters as an attachment. And the threat for job seekers of receiving a malicious message from a social engineer is high, as well. Many people now used LinkedIn to broadcast that they’re looking for work, a quick way for a social engineer to know who is a potential target.
@Twitterguy, what do you think about what Obama said on #cybersecurity? http://shar.es/HNGAt ”
Social engineers are taking the time to regularly observe what people tweet about and using that information, launch attacks that seem more believable. One way this is happening is in the form of popular hashtags. In fact, earlier this month, the U.K. debut of the new season of Glee prompted social engineers to hijack the hashtag #gleeonsky for several hours. British Sky Broadcasting paid to use the hashtag to promote the new season, but spammers got ahold of it quickly and began embedding malicious links into tweets with the popular term.
These spammers can redirect you to any webpage they like once you have clicked on the link. It could be a phishing site designed to steal your Twitter credentials, it could be a fake pharmacy, it could be a porn site or it could be a website harboring malware.
Twitter mentions are another way to get someone’s attention. If the social engineer knows enough about what you’re interested in, all they have to do is tweet your handle and add some information in that makes the tweet seem legitimate. Say you’re the politically active type who is tweeting quite a bit about the GOP primary race lately. A tweet that mentions you, and points you to a link asking you what you think about Mitt Romney’s latest debate statements can appear perfectly legitimate. Once you’ve clicked through – they’ve got you!
Get more Twitter followers!
Be warned of services claiming to get Twitter users more followers. If you spend any time at all on twitter, you’ll see tweets all over that say something like: GET MORE FOLLOWERS MY BEST FRIENDS? I WILL FOLLOW YOU BACK IF YOU FOLLOW ME – [LINK] Clicking on the link takes the user to a web service that promises to get them many more new followers.
The pages ask you to enter your Twitter username and password. That request alone should instantly have you running for the hills – why should a third-party webpage require your Twitter credentials? What are the owners of these webpages planning to do with your username and password? Can they be trusted? Twitter itself even warns about these services on their help center information page.
Remember, when you give out your username and password to another site or application, you are giving control of your account to someone else,” the Twitter rules explain. “They may then post duplicated, spam, or malicious updates and links, send unwanted direct messages, aggressively follow, or violate other Twitter rules with your account. Some third-party applications have been implicated in spam behavior, fraud, the selling of usernames and passwords, and phishing. Play it safe – do not give your username and password out to any third-party application that you have not thoroughly researched.
These are just some common sense rules to follow. For more information visit the Department of Homeland Security Website and blog: http://blog.dhs.gov/2011/07/protect-yourself-against-social.html
The Entire Cloud Is Your Hard Drive For Only $10 Per Month
The cloud is now your hard drive. And not just a few dozen Gigabytes, Terabytes or even Petabytes, but all of it – infinite storage – for only $10 per month. That’s the incredible promise of the new TechCrunch Disrupt finalist Bitcasa.
The company is launching a new cloud storage, syncing and sharing service that blows away its competitors, including hard drive manufacturers and online services like DropBox and SkyDrive, with ease. In fact, beyond the pricing and limitless storage, the most disruptive thing about the service is its complete integration with your device. You don’t see it, it’s not an icon on your desktop, you don’t drag-and-drop files or folders into it. Instead, you write to the cloud when you save a file on your computer. The cloud is your hard drive, and your actual hard drive is just the cache.
The idea of using the cloud to store files or sync files between devices is not new. Dropbox, SkyDrive, Google Docs, Amazon and countless others have been offering online storage for some time. Plus, companies like Mozy and Carbonite use the cloud to back up your files. Other services, like Megaupload or YouSendIt revolve around sharing files through the cloud.
But Bitcasa is not like any of those services. It doesn’t move files around. It doesn’t sync files. It deals in bits and bytes, the 1′s and 0′s of digital data.
When you save a file, Bitcasa writes those 1′s and 0′s to its server-side infrastructure in the cloud. It doesn’t know anything about the file itself, really. It doesn’t see the file’s title or know its contents. It doesn’t know who wrote the file. And because the data is encrypted on the client side, Bitcasa doesn’t even know what it’s storing.
So if you want to cloud-enable your 80 GB collection of MP3′s or a terabyte of movies (acquired mainly through torrenting, naughty you!), go ahead. Even if the RIAA and MPAA came knocking on Bitcasa’s doors, subpoenas in hand, all Bitcasa would have is a collection of encrypted bits with no means to decrypt them.
If you’re still having a hard time wrapping your head around this idea, think of it like this: instead of relying on the fallible and limited hard drive in your computer (and soon, your smartphone), your data is stored on an array of thousands of hard drives and streamed to you on demand. And in order to deal with the “offline” problem, the files you use the most are intelligently cached on your computer, allowing you to work when the cloud goes down, which is rare, as well as when you don’t have an Internet connection, which is more common.
Sharing files via Bitcasa is simple too: just copy and paste a file’s or folder’s link (a URL, available on right-click) and send to someone via email, IM or some other service. They click the link to have the file delivered directly to their desktop.
And the pricing! How on earth is it so cheap?
That’s the easy part, actually. Explains Bitcasa CEO Tony Gauda, $10/month still gives the company good margins. The fact is, 60% of your data is duplicate. If you have an MP3 file, someone else probably has the same one, for example. Each person only tends to have around 25 GB of unique, personal data, he says. Using patented de-duplication algorithms, compression techniques and encryption, Bitcasa keeps costs down (way, way down, but that’s it’s secret sauce), which is what makes it so affordable. Bitcasa also explained that a freemium model is on its way with less-than-unlimited storage for free.
This service sounds almost too good to be true, leaving us with questions that need still need to be answered. Does it really work? Does it slow down your computer? Can it scale? The company is positive it’s ready, but we need to see it to believe it.
Bitcasa currently has 20 patents for its technology and plans to add more in the future. It will also offer mobile applications that run in the background to do on mobile what it does on the desktop today. And it will work on other features, like real-time video transcoding, so your movies can stream to any device, without any manual effort on your part. There are even more things in the works, too, but those are being kept tightly under wraps for now.
The Bitcasa founders include CEO Tony Gauda, Joel Andren and Kevin Blackham, whose combined work experience includes time spent at MasterCard, VeriSign, Classmates.com, Mozy and more. In total, Bitcasa has raised $1.3 million from Andreessen Horowitz, First Round Capital and Pelion Venture Partners.
Bitcasa will be free while in limited beta trials. Sign up for beta access here.
http://www.bitcasa.com/
