If so, the FAA has launched campaign targeting you as a rookie drone pilots Drones are no longer high priced specialty item, they come in all shapes and sizes. From affordable film-quality options to toy-sized mini versions now most anyone can own one. Drones have become cheap, fun, and easy enough to control that they make good gifts for any holiday season. But that means that where tech-savvy families would have had to remember to wrap batteries alongside holiday gifts, now they need to worry about Federal Aviation Administration flight regulations.
Thanks to the massive rise of consumer drones, the FAA released a video this week that proposes best practices to help people “stay off the naughty list” as they play with their airborne gifts. The “Know Before You Fly” video is available here: https://www.youtube.com/watch?v=XF5Q9JvBhxM
It’s safe to say drones were one of the hottest topics in 2014. “Drone porn” became a thing, and the FAA spent so much time going back and forth on how to regulate them that we might not have regulations until 2017. So it’s no surprise that the issue of privacy is actually on a lot of people’s minds:
If you were gifted a drone for Christmas, the Federal Aviation Administration (FAA) has you in its sights. It may not be in the form of long-awaited laws for unmanned aerial vehicles (UAVs) that are due later this year, but is a campaign directed at rookie pilots whose expertise may be outstripped by their unbridled enthusiasm.
With the increasing availability of cheap and feature-packed drones, these aircraft have become an aviation concern. The danger is the potential for swarms of drones taking to skies across the US, controlled by people who mightn’t have such a great handle on how to use them.
The FAA is continuing to work away on new regulations to keep all these flying vehicles in check, but in the meantime it has teamed up with UAV organizations and hobby groups to launch Know Before You Fly, a public awareness campaign promoting its already existing rules. Primarily, this means keeping the drone within sight, not flying it over 400 ft (122 m), conducting routine inspections of the craft, keeping clear of manned aircraft and notifying airports or control towers if flying within 5 miles (8 km).
The FAA has also attracted criticism for its slow progress in revamping rules for what is a new era in unmanned flight. It remains illegal to fly UAVs for commercial purposes unless granted permission from the agency, a roadblock that has seen some private firms promise to take their operations overseas.
But Know Before You Fly is at least an acknowledgement of the sharp uptake in the number of drones taking to the skies and expresses a desire to inform and cooperate with budding pilots. The campaign will incorporate a website, educational materials offered at the point-of-sale, along with digital and social media campaigns.
Recent internet threats like Heartbleed indicate that we need a more secure way to do our work online. Eyelock, a New York based company, has responded with Myris, a palm sized device that scans your irises to log you in to your favorite sites.
Myris uses patented technology to convert your individual iris characteristics to a code unique only to you, then matches your encrypted code to grant access to your PCs, e-commerce sites, applications and data— all in less than 1 second.
Myris works easily with digital networks, including online bank accounts, social media accounts, Internet VPNs, email and more. On the back end, you can set passwords as complex as you like and once you link Myris, you can forget them. Myris is robust and reliable enough to secure workstations, high-value transactions, critical databases, and information systems for enterprise and small business.
• FAR (False Accept Rate) is 1 in 1.5 million (single eye)
• Video-based system • USB powered
• Authentication occurs on device • Multiple user capacity—*up to 5 people per device
• Secure communication and encryption (AES 256)
• Easy set-up—user-friendly application software included
• Compatible with Windows 7 & 8, 8.1 and Mac OS 10.8 +
• Only DNA is more accurate
• Fast and easy to use—as easy as looking into a mirror
• No recharging, works with any USB device
• Protects your privacy—no personal information is transmitted
• Only one device needed per household
• Your information is kept safe and secure
• Easily manage your access to digital networks
• Works with most PC and tablet operating systems
Never type a password again—Myris grants you access to your digital world. It’s portable, lightweight, fits in the palm of your hand—and is as easy to use as looking at a mirror.
Myris will be featured at CES 2015 and expect to see demos of an integrated Myris version featured by laptop partners including HP and Acer. Myris has also been nominated for an innovation award at CES 2015.
You can get more information on Myris here: http://www.eyelock.com/
FBI reminds shoppers to be aware of cyber criminals offering scams this holiday season!
If the deal sounds too good to be true, it probably is.
The FBI reminds shoppers in advance of the holiday shopping season to beware of cyber criminals and their aggressive and creative ways to steal money and personal information. Scammers use many techniques to defraud consumers by offering too good to be true deals via phishing e-mails advertising brand name merchandise, quick money making offers, or gift cards as an incentive to purchase a product. Remember, if the deal looks too good to be true, it probably is and never provide your personal information to an unknown party or untrusted website.
Scammers often use e-mail to advertise hot-ticket items of the year that may become hard to find during the holidays to lure unsuspecting consumers to click on links. Steer clear of untrusted sites or ads offering items at unrealistic discounts or with special coupons. You may end up paying for an item, giving away personal information and credit card details, and then receive nothing in return, along with your identity compromised. These sites may also be offering products at a great price, but the products being sold are not the same as the products they advertise. This is known as the bait and switch scam.
Beware of posts on social media sites that appear to offer vouchers or gift cards, especially sites offering deals too good to be true, such as a free $500 gift card. Some may pose as holiday promotions or contests. It may even appear one of your friends shared the link with you. If so, it is likely your friend was duped by the scam after it was sent to them by one of their friends. Oftentimes, these scams lead to online surveys designed to steal personal information. Remember, if the deal looks too good to be true, it probably is. And never provide your personal information to an unknown party or untrusted website.
When purchasing gift cards online, be leery of auction sites selling discounted or bulk offers of gift cards. When purchasing gift cards in the store, examine the protective scratch off area on the back of the card to see if it has been tampered with.
Be on the lookout for mobile applications designed to steal your personal information from your smartphone. Such apps are often disguised as games and are often offered for free. Research the company selling or giving away the app and look online for third party reviews before installing an app from an unknown source.
Tickets to theater, concerts, and sporting events are always popular gifts during the holidays. If you purchase or receive tickets as a gift, do not post pictures of the tickets to social media sites. Protect the barcodes on tickets as you would your credit card number. Fraudsters will create a ticket using the barcode obtained from searching around social media sites and resell the ticket. You should never allow the barcode to be seen on social media.
If you are in need of extra cash at this time of year, beware of sites and posts offering work you can do from the comfort of your own home. Often, the work from home opportunities rely on convenience as a selling point for applicants with an unscrupulous motivation behind the posting. You should carefully research the job posting and individuals or company contacting you for employment.
As a consumer, if you feel you are a victim of an Internet-related crime, you may file a complaint with the FBI’s Internet Crime Complaint Center at http://www.IC3.gov
Here’s some additional tips you can use to avoid becoming a victim of cyber fraud:
• Check your credit card statement routinely.
• Protect your credit card numbers from “wandering eyes”.
• Do not respond to unsolicited (spam) e-mail.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
• Avoid filling out forms contained in e-mail messages that ask for personal information.
• Always compare the link in the e-mail to the link you are actually directed to and determine if they actually match and lead you to a legitimate site.
• Log on directly to the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
• If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
• Verify any requests for personal information from any business or financial institution by contacting them using the main contact information on their official website.
• Remember if it looks too good to be true, it probably is.
When we first heard about the CryptoLocker malware a year ago or so, I thought, as cybercrime goes, that’s about as bad as you can get.
CryptoLocker is a very malicious form of malware: unlike a virus infection, it totally blocks access to your data but leaves your computer and your software running just fine.
Then the demand, “Pay us $300 within three days, and you’ll get your data back. Otherwise… it’s gone forever.” The $300 payment buys you the 2048-bit RSA private key needed to unscramble your encrypted data.
But, as malicious as CryptoLocker and now CryptoWall 2.0 are, there is another contender in this game of hacker warfare.
Fake support calls
Fake support scammers are the people who phone you out of the blue (whether you are on the Do Not Call register or not) and, not to mince words, scare you heck out of you spouting lies about malware on your computer.
For $200 – $300 or so, the same price point as CryptoLocker, the scammers will fix your computer, but any “fix” you get is as bad or worse then the “problem” you didn’t have in the first place.
Many people have reported that these guys don’t just call once if you fail to cough up the $300. They often call again and again, with the calls getting more insistent – outright threatening, by many reports – and with no real hope that they will stop.
Dealing with the scam
It’s easy for us to say, “But all you have to do is hang up, so this scam could never work.” But it’s also easy to see how a well-meaning but not very technically savvy user, especially someone without a network of family or friends to ask for IT help, could be scared into paying up.
Imagine the questions that worried users might ask themselves:
- Didn’t the caller say he was from Microsoft?
- Didn’t he say that a virus on my computer was attacking his company’s servers?
- Didn’t he find evidence of it in my system log, just as he predicted?
- Isn’t most computer support done over the phone and online these days?
- Isn’t this the third time he’s called, with the symptoms getting worse every time?
- Can’t you get sued for a cyberattack because you didn’t have a virus scanner?
- Won’t it end up costing $300 anyway, or even more, if I go to my local shop instead?
Demanding money with threats is what it sounds like to me, amounting to extortion or blackmail. And these guys have your phone number!
With that in mind, it’s always a good thing when fake support callers get bagged and thanks to the Federal Trade Commission (FTC), Uttam Saha and Tiya Bhattacharya, who ran a company called Pairsys in Albany, New York, have been shut down by court order.
That may not sound like much, as I’m convinced that there are still MANY other individuals and groups perpetrating this scam but in this case, the settlement with the FTC will see the scammers’ operation shuttered and their assets frozen.
Indeed, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said: ”We are pleased that the court has shut down the company for now, and we look forward to getting consumers’ money back in their pockets.”
There’s a lot of money to recover: the FTC claims that the pair have pulled in about $2,500,000 in the past two-and-a-half years.
Is it real punishment?
Of course, just giving the money back isn’t really a punishment for these 2 crooks, because they weren’t supposed to have it in the first place. It’s still a direct result for the FTC’s internet crime fighting efforts, so, “Well done, Bureau of Consumer Protection.”
The next question should be – how do you think the courts should punish fake support scammers?
Dealing with fake support calls
So if you have friends or family who have been pestered to the point of worry by fake support callers, here’s a short podcast you can tell them about. The podcast makes it clear that these guys are scammers (and why), and offers some practical advice on how to deal with them.
Avoiding fake support calls
The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite their claims, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.
Let’s look at that a bit more in detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known have an identified signature so that anti-virus programs can detect the threat and get rid of it. This is called reactive detection. Then, there are threats that are still unknown, usually new threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.
This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry’s premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for “Reactive And Proactive”. They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all tested products. The proactive score is on the X-axis, and the reactive score is on the Y-axis.
The results are not pretty. One major antivirus industry player is routinely scoring no better than 75% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by malware. Check out the test results. Click here to see the most recent graph at Virus Bulletin: You can check there how your antivirus vendor is doing also. https://www.virusbtn.com/vb100/rap-index.xml
The bad guys know this and count on it. Simply having anti-virus protection alone creates a false sense of security. It’s just as important for all employees undergo regular Internet Security Awareness Training and to enforce compliance. Just one employee in a weak moment, clicking on a phishing email, can cause untold grief, losses of hundreds of thousands of dollars, and potentially massive legal bills. Businesses and consumers definitely need both an endpoint security software solution AND education on the perils of using the internet. We use and recommend Threat Tracks VIPRE Antivirus business edition as it scores very well in the RAP tests and isn’t a resource hog negatively affecting computer performance.
Whatever Antivirus product you ultimately use to protect your computer – remember, the protection is only as good as the updated virus definitions. ALWAYS check and verify that your AV has the most up-to-date definitions to maximize your protection.
Five Reasons Why Clicking “Unsubscribe” May Be A Bad Idea!
When you get on a mailing list you don’t want to be on, it’s easy to get off – just click on the “unsubscribe” link. But should you? Maybe not. When you unsubscribe, you’re giving the organization that sent you the message information about yourself that you may not want them to have:
1. You have confirmed to the sender that your email address is both valid and in active use.
If the sender is unscrupulous then the volume of email you receive will most likely go up, not down. Worse, now that you have validated your address the spammer can sell it to his friends. So you are probably going to get phishing attacks from them too.
2. By responding to the email, you have positively confirmed that you have opened and read it and may be slightly interested in the subject matter, whether it’s getting money from a foreign prince, a penny stock tip or a diet supplement. That’s very valuable information for the mailer and his pals.
3. If your response goes back via email – perhaps the process requires you to reply with the words “unsubscribe,” or the unsubscribe link in the message opens up an email window – then not only have you confirmed that your address is active, but your return email will leak information about your email software too. Emails contain meta information, known as email headers, and you can tell what kind of email software somebody is using (and imply something about their computer) from the contents and arrangement of the headers.
4. If your response opens up a browser window then you’re giving away even more about yourself. By visiting the spammer’s website you’re giving them information about your geographic location (calculated based on your IP address), your computer operating system and your browser. The sender can also give you a cookie which means that if you visit any other websites they own (perhaps by clicking unsubscribe links in other emails) they’ll be able to identify you personally.
5. The most scary of all: if you visit a website owned by a spammer you’re giving them a chance to install malware on your computer, even if you don’t click anything. These types of attacks, known as drive-by downloads, can be tailored to use exploits the spammer knows you are vulnerable to thanks to the information you’ve shared unwittingly about your operating system and browser.
So how do you avoid unwanted email without unsubscribing?
If the message is unsolicited then mark it as spam.
Marking something as spam not only deletes the message (or puts it into your trash) it also teaches your email software about what you consider spam so that it can better detect and block questionable messages in the future and adapt as the spammers change their tricks.
All 500,000 victims of Cryptolocker can now recover the files encrypted by the malware without paying a ransom. The malicious program encrypted files on Windows computers and the hacker demanded a substantial fee before handing over the key to the scrambled files.
Thanks to security experts and law enforcement, an online portal has been created where victims can get the decryption key for free.
The portal was created after security researchers grabbed the hackers hardware and got a copy of Cryptolocker’s database of victims.
“This time we basically got lucky,” said Michael Sandee, principal analyst at Fox-IT – one of the security firms which helped tackle the cyber-crime group behind Cryptolocker.
In late May 2014, law enforcement agencies and security companies seized a worldwide network of hijacked home computers that was being used to spread both Cryptolocker and another strain of malware known as Gameover Zeus.
This concerted action seems to have prompted an attempt by the gang to ensure one copy of their database of victims did not fall into police hands. What the criminals did not know was that law enforcement personnel and the security firms were already in control of part of the network and were able to grab the data as it was being sent.
The action also involved the FBI charging a Russian man, Evgeniy Bogachev, aka “lucky12345” and “slavik”, who is accused of being the ring leader of the gang behind Gameover Zeus and Cryptolocker.
The Gameover Zeus family of malware targets people who bank online, and is thought to have racked up millions of victims.
Cryptolocker was created by a sub-group inside the larger gang and first appeared in September 2013, since then, it has amassed about 500,000 victims.
Those infected were initially presented with a demand for $400 – $500 or an equivalent amount in the virtual Bitcoin currency. Victims had 72 hours to pay up or the specific keys that would unlock their files would be destroyed.
Analysis of the back-up database indicates that only 1.3% of all the people hit by the malware paid the ransom.
Despite the low response rate, the gang is believed to have netted about $3m from Cryptolocker alone. Many of those caught did not pay because they were able to restore files from back-ups. However, others are believed to have lost hug amounts of important files and business documents to the cyber-thieves.
Security firms Fox-IT and FireEye – who assisted in the efforts to shut down the Gameover Zeus group – have created a portal called Decrypt Cryptolocker via which any of the 500,000 victims can find the decryption key needed to unlock their files. All they have to do is submit a file that’s been encrypted and from that file we can figure out which encryption key was used,” said Greg Day, chief technology officer at FireEye.
People wishing to use the portal should submit a file that does not contain sensitive information to help verify which key they need.
Here’s the link:
Computer users pass around USB sticks like electronic business cards. Although we know they often carry malware infections, users depend on antivirus scans and the occasional reformatting to keep thumb drives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.
That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present this week at the Black Hat security conference, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken.
The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted.
These problems can’t be patched by antivirus or anti-malware programs because it’s actually exploiting the very way that USB is designed. So, if you’re concerned about this security exploit, you have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.’
The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones and USB Cameras have firmware that can be reprogrammed—in addition to USB memory sticks. It even possible to impersonate a USB keyboard and suddenly start typing commands.
The malware can silently hijack internet traffic too, mimicking a USB network card and changing a computer’s DNS settings to redirect traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.
Another major concern is that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer.
BadUSB’s ability to spread undetectably from USB to PC and back raises questions about whether it’s possible to use USB devices securely at all. We’ve known all along that if you give someone access to your USB ports, they can do bad things to your computer. What this appears to demonstrate is that it’s also possible to go the other direction, which suggests the threat of compromised USB devices is a very serious problem.”
There’s even some speculation that the USB attack may in fact already be common practice with the NSA based on a report about a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. The device, which hid in a USB peripheral plug, was identified in a collection of NSA internal documents as surreptitiously installing malware on a target’s machine. The exact mechanism for that USB attack wasn’t described.
The short-term solution to BadUSB isn’t a technical patch so much as a fundamental change in how we use USB devices. To avoid the attack, all you have to do is not connect your USB device to computers you don’t own or don’t have good reason to trust—and don’t plug untrusted USB devices into your own computer.
In the long term, USB manufacturing companies could change their process and implement code-signing protections on all of their devices.
In the immediate future, BadUSB-created cracking tools will be able to create compromised devices that will have the potential to be a new and deadly attack vector for hackers.
You can read more about these USB threats here:
How to safely dispose of computers and other technology devices
When you get rid of sensitive paper documents, it’s a good idea to shred or burn them to help protect your privacy and prevent identity theft. Similarly, it’s important to erase your personal information from computers (desktop, laptop, or tablet) and other devices (smartphone, gaming consoles) before you dispose of or donate them.
If your device was provided to you by your employer, or if you own a small business, you may also risk loss of intellectual property, legal penalties, and potential damage to your corporate reputation.
So, what should you do?
1: First you should back up the files or data you want to keep
Start the process by making a copy of your information somewhere else like a portable USB drive. To create a backup of the files on a computer running Windows, you can use the Backup and Restore feature that’s built into Windows Vista and Windows 7, or File History in Windows 8. If you’re moving your files to a new computer, you can use Windows Easy Transfer to transfer your files from one computer running Windows to another.
2: Choose the best option for removing your data
Simply reformatting a disk or reinstalling the operating system does not guarantee the old data is unreadable. Your two best options for data removal are to use a certified refurbisher (this is the preferred course of action for business computers) or you can do it yourself. The following information will help you choose what is most suitable for your situation.
Microsoft has a listing of authorized technology refurbishers that can help you with data destruction and proper disposal practices. You can see them at this website: http://www.microsoft.com/refurbishedpcs/Disposal.aspx
If this high end disposal service is beyond your needs, you do have a couple FREE download options to Do-It-Yourself:
1: Softpedia’s DP Wiper:
2: Active @ KillDisk:
The 2 FREE applications mentioned above are tried and true and their websites are not infected with any drive by Trojan attacks. I DO NOT recommend simply opening up Google or any other search engine and searching for Disk Wipe utilities. In testing this, I found that more than ½ of the links I checked were in fact infected with some type of Trojan trying to infect my system. REMEMBER – anytime you search for something “FREE” you’re apt to get more trouble than you bargain for…
Microsoft’s cybercrime-related seizure of 23 domains from No-IP.com, a Reno, Nev.-based company that provides a popular free dynamic DNS service, is causing outages for millions of legitimate users of the service — and at least one security vendor.
The No-IP.com outages are having an impact on some customers with SonicWall firewalls. SonicWall, which Dell acquired in 2012, supports No-IP.com and other dynamic DNS services in its products.
Hundreds of his SonicWall customers began experiencing outages on Monday. Some of these customers are apartment complexes that run security surveillance cameras behind SonicWall firewalls, using No-IP.com’s dynamic DNS service to relay the video feeds.
No-IP.com and other dynamic DNS services are commonly used by remote workers to connect VoIP phones and video cameras to the Internet. Their popularity stems in large part from the fact that purchasing static IP addresses are expensive.
Microsoft has justified its actions by claiming that No-IP.com’s domains have been regularly used in malware attacks against millions of Windows users. And in Microsoft’s view, No-IP.com hasn’t done enough to stop this activity.
Microsoft filed a restraining order against No-IP.com in the U.S. District Court for Nevada on June 19. The court transferred DNS authority over the domains to Microsoft a week later.
Microsoft, which has a well-established track record of using legal means to break up botnets, said No-IP.com bears the brunt of the blame for allowing criminals to use its service for nefarious purposes.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure,” Richard Domingues Boscovich, assistant general counsel in Microsoft’s Digital Crimes Unit, said in a blog post Monday.
If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online.
However, in seizing the domains, Microsoft has disrupted service for a large chunk of the dynamic DNS service’s users, No-IP.com said in a statement Monday. The company also claims that Microsoft never reached out to it first before going to the courts. “Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors,” No-IP.com said in the statement.
Security experts applaud Microsoft’s malware-fighting tactics. Big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move. With DNS names black-holed, the botnet essentially becomes useless since it cannot communicate back to its command infrastructure.
Unfortunately, it’s unclear how much of a long-term benefit Microsoft’s latest antimalware actions will have. Malware creators are always developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems.
Was Microsoft right in taking this action? Even though they had a court order, did they overstep their bounds? Let us know what you think.