Archive for security

Hacker admits to Twitter account hijackings

Posted in General, Technology with tags , , , , , , on Thursday, 8 January 2009 by Deems

openpadlockwithkeysRecently a few celebritie’s twitter accounts were hacked – and yesterday an 18-year old hacker revealed that he was indeed the cuprit behind the hijacking. All because of a Twitter moderator’s poor choice in a password for their account. 

He even posted a video (below) to prove that he had gained administrative access to Twitter.

Coding Horror has explained why it was so easy, and why as application developers we need to insist on building more stringent methods in our applications and highlighting this potential security flaw, if not implemented correctly, to companies we build these applications for.

Advertisements

Credit card scams and hoaxes

Posted in General with tags , , , , , , , on Friday, 2 January 2009 by Deems

credit-cardsOn Wednesday, the last day of 2008, I recieved an email from a friend regarding a credit card scam affecting Visa and MasterCard holders. Now, I’ve been using the Internet for over 15 years now so I’ve seen most of the scams and hoaxes out there, which has made me scpetical about a lot of things I recieve via email – always taking them with a pinch of salt. 

It outlines a case of someone having been scammed by being allegedly called by a security department representative of Visa or MasterCard informing the caller that they’ve noticed irregular transactions on the card-holder’s credit card and want to verify some information. They don’t ask you for any information in the beginning, in fact, they provide you with all your correct information, like address, credit card number, expiry date, etc, which they already have and to make the call sound more legitimate. Then the only piece of information they ask you for, so that they can “confirm it” are the 3 security digits (CVV2/CVC2) printed on the back of the card.

Now, this is where the scam comes in and this is the only other piece of information they need to make manual (card holder not present) transactions without your knowledge.

If the scam is believable, which it sounds like it very well could be since there’s so much identity theft out there already, you should be cautious and worried. 

However, just do a quick search on Google for “credit card fraud scam visa mastercard phone” and you’ll come up with over 46,000 results. Notice, I didn’t add the word “hoax” to the results, yet your top results are sites like HoaxBuster, Hoax-Slayer, Sophos and Snopes

Snopes, is usually my first port-of-call when I get these types of emails – yes, this one is plausible (just look at the Snopes article and you’ll see why), but since neither MasterCard nor Visa provide actual statistical information or corroboration of this, it remains a hoax.  

It’s just like all those our 411/419 type scams out there, just use your head and a little bit of logic, if it sounds too good to be true, it usually is.

A picture is worth a thousand words…

Posted in General, Technology with tags , , , , , , , on Friday, 1 August 2008 by Deems

… or maybe a few lines of malicious code?

Yup, it appears that hackers will shortly be able to post pictures on various websites (probably targeting social networking sites) and lure unsuspecting victims to browse a page with the infected picture or GIFAR. This GIFAR (GIF and JAR) will be interpreted by the browser as a normal GIF and displayed but the Java Runtime on the user’s machine will extract and execute it as a JAR file.

At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack. – SlashDot News

For more information on this read the article on InfoWorld’s website.

Skype Backdoor

Posted in General, Technology with tags , , , , , , , , on Friday, 1 August 2008 by Deems

Skype

I was reading a post this morning on MyBroadband and I was wondering about other IM/VoIP software out there to use as an alternative to landline/mobile communication to circumvent this ludicrous bill that they want passed in SA soon.

So, whom better than probably the most widely known and best-publicised product out there, Skype! And then I did a little digging and it didn’t take me long to come up with this article where they’re talking about a backdoor in Skype for listening in on VoIP calls or monitoring IM chats. Although Skype denies the allegations, it’s still of concern.

Skype VoIP Calls

Which brings me to another point, alternatives – trustworthy alternatives. The words “trust” and “internet” just don’t go hand in hand anymore these days or are we just becoming a bunch of cynics. So I looked at what other alternatives for IM/VoIP software there is out there and it’s almost a limitless list, where to begin, which is better?

Where to from here? Encrypted smoke-signals? Or do we just learn how to communicate telepathically (encrypted of course) to prevent Big Brother from listening in?