Tag Archive | "web security"

Tags: , , ,

Beware: Scam Designed to Steal Gmail Info Is Difficult to Catch

Posted on 25 March 2014 by GranTorinoGuy

Hackers and cybercrooks are always on the leading edge of exploiting computer users and one of the latest scams is one that is almost impossible to catch where it pretends to be a Google document leading to a Gmail login interface that steals your login information.

Many of us use Google in some shape or form and there is a large population that utilizes actual Google services including Gmail and Google Docs. Scammers are sending out spam emails that contain an alleged Google doc that directs you to a webpage that resembles a Google Drive login and sign-up page. This Google Drive page is rather clever in that it is almost identical to the legitimate login page, which is part of why this scam is difficult to detect or catch.

The fake pages created by hackers in this scam is yet another extension of how cybercrooks are crafty in creating phishing sites that closely resemble the legitimate form that it is attempting to mimic. In the case of the Google Drive login phishing page, most computer users will not be able to decipher the real one and the phishing page as shown in figure 1 and 2 respectfully.

Figure 1. Fake Google Drive sign-in page

Figure 2. Legitimate Google Drive sign-in page

Using the fake login page will collect your login details providing hackers with unadulterated access to your Google account, which could allow cybercrooks to pilfer your personal life by accessing items within your Gmail account and others.

As an answer to this massive scam, Google has taken action to remove the fake pages. “We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again,” a representative from Google explained to the press. “If you think you may have accidentally given out your account information, please reset your password.”

In some cases, this scam is customized for different users where some systems may load a different version of the Google Drive phishing page. For now, computer users should still be on the lookout for phishing scams like this one even though Google is cracking down on them. Remember, hackers are relentless in their actions to continually attack unsuspecting computer users. In the case of this recent Google Drive phishing attack, the unsuspecting can be anyone as this clever scam is difficult to catch even for so-called computer experts.

Popularity: 9%

Comments (0)

Tags: , , , ,

Google Chrome Adds ‘Reset’ Feature For Detecting & Preventing Browser Hijacker Actions

Posted on 06 February 2014 by GranTorinoGuy

Google has upped the ante when it comes to internet security by adding a new feature to prevent browser hijacking on top of its ability to quickly reset browser settings. This new feature will now prompt users when the browser detects that it has been hijacked by an add-on or other software just installed.

Browser Hijackers are a serious issue and are growing by the minute. Usually PC users get browser hijackers on their system through the download of Freeware or some type of shareware program. Once this app installs, it will load a browser hijacker program that changes internet settings to load an alternate default home page on your browser.

The new browser hijacker detection system on Google Chrome will now display an alert asking if you would like to reset altered Chrome settings. This alert comes about in the event that it noticed another program attempting to change default or current settings within the browser, mainly being the default home page or default search engine site.

Google Chrome already had a quick reset option built into it but it took the action of the computer user to use it and most times it was too late after a browser hijacker conducted its malicious actions.

We look for this new feature to be very beneficial for computer users in the case that aggressive browser hijackers are installed and attempt to alter your settings, it can be stopped dead in its tracks. However, it is still in a computer user’s best interest to completely remove any browser hijacker software on their system. Allowing browser hijackers to continually run on your system may initiate this feature to display its alerts each time you open up a new browser window until the hijacker is completely removed.

Popularity: 11%

Comments (0)

Tags: , , , ,

Average Time It Takes Cybercriminals to Start Exploiting Breaking News Decreases to 22 Hours

Posted on 28 September 2013 by GranTorinoGuy

It is almost a daily occurrence that cybercrooks find the most popular news stories or breaking news events to exploit. Researchers from Commtouch Security have now made the conclusion for the time it takes for cybercriminals to start exploiting breaking news is now around 22 hours, the lowest we have ever seen.

Cybercrooks waste no time in their efforts to ramp up actions for exploiting some popular news story. It is almost as expected as you are to take your next breath of air. Cybercriminals in their malware distribution campaigns commonly utilize a popular news subject or breaking news to get traction on search engines. Naturally, popular search engines like Google, Bing and Yahoo will quickly pick up a breaking news story. Hackers thrive on this idea and virtually waste no time in rehashing a version of the story on either a hacked website or one specifically designed to exploit computer users through news stories eventually spreading malware.

Over the past few months, experts have taken notice to the start time of a breaking news event and how long it takes cybercrooks to react to the news by posting their malware-laced stories related to the news. It was found that, in April of this year, the average time was 27 hours when examining the Boston Marathon bombings. In recent events, such as the Royal Baby, Syrian conflict, NSA leaks and even the U.S. government shutdown, the start-time has shrunk to just 22 hours.

In retrospect, 22 hours is a short amount of time for getting breaking news stories out where the posts or pages have malware linked in one way or another. Just think, a breaking news story floods the media at 9am this morning, and the hackers have their own version of the story, only laced with malware by 7am the next morning. In some instances, this is faster than some reputable news outlets are able to confirm and relay a breaking news story on their website.

Do you think cybercrooks will eventually break popular news stories to us laced with malware faster than the top news websites in the near future? After-all, what is stopping them from doing that?

Popularity: 20%

Comments (0)

Tags: ,

Successful Failure: Facebook Employees Challenged to Crack Security

Posted on 07 July 2010 by GranTorinoGuy

Facebook Security Challenge was a Successful Failure

Facebook Security Challenge was a Successful Failure

The guys at TechCrunch.com recently posted that employees challenged to crack facebook’s security succeeded in doing so. After all of the privacy concerns within Facebook lately, it is no wonder that their employees are in the process of making sure Facebook is up-to-par on the security front.

One of the engineers at Facebook responsible for site reliability, I didn’t know there was such a thing, recently challenged Facebook employees to try and compromise him and gain access to Facebook’s administrative system. They thought they could do this through information gathered from the engineer. After 2 weeks the employees were able to successfully able to hack into his home WiFi network and then monitor his internet activity allowing them to obtain passwords and one to his personal Facebook account.

Although in the end the employees were able to comprise his home WiFi and access his personal Facebook account, they were not able to hack into Facebook’s administrative or corporate systems. Bottom line is, Facebook is secure enough to the point that employees set-out to compromise administrative systems were not able to accomplish that specific task so they resorted to hacking the engineers home network to get a password thinking then they could get access. Even with the passwords in hand, the employees could not access any of Facebook’s admin or corporate portals.

What does this prove? According to the engineer who made up the challenge, it proves that Facebook’s security systems are effective enough to deny access to any administrative or corporate systems.

Facebook engineer Pedram Keyani, who setup this challenge, responded to Techcrunch in the comments with the following statement:

I’m the engineer who made the challenge and I want to clear up some
misunderstandings. First, we perform tests on the integrity and security of
our site all the time. Second, in this particular case, the challenge
demonstrated the effectiveness of Facebook’s security systems, not the
opposite, Despite months of work and hundreds of hours of effort by a team
of specialized security engineers, the team was NOT able to access
Facebook’s administrative or corporate systems. While they were able to
access my personal Facebook account, they were not able to use this
information to access any other account on Facebook. Finally, challenges
like this are a great way for us to apply our best thinking and skills to
identify risks to our systems. We think our efforts should give users
greater confidence in Facebook and its administrative systems, not less.

Does this make you feel any better about the information that you trust Facebook with?

Popularity: 12%

Comments (0)


Your Password to Web Security

Posted on 03 February 2010 by GranTorinoGuy

After reading this post, you better think twice about using one password for all your web accounts.

Most Internet users have a small number of passwords, or perhaps even just one, which they use on every site that requires a username and password. There is no doubt that this is a bad idea, and Twitter tells a story of how this can be very dangerous.

Twitter reveals an old scheme for stealing user credentials, one built for BitTorrent sites. Someone has been creating canned Torrent site software as well as login capability for the torrents and for discussion forums. The software comes with backdoors and hidden exploits for hackers to take the user credential data from the system.

Therefore, if you use login details on one of those torrent sites, the hacker will assume that those details are used on other sites, like your Facebook or Twitter account.

Of course, this is nothing surprising, and nothing you haven’t heard before, but like the rest of us you probably tend to leave security best practices as your last task on your to-do list. Using different passwords, and making sure that their strong passwords, is one of the most important measures you can take to protect yourself.

Don’t wait for a hacker to take control of your accounts! Change your Facebook password and other other web accounts before you become the next victim of cybercrime.

Popularity: 3%

Comments (0)