Jan 27 2011

Cyber Attacks Jeopardize Superpower Status

Category: cyber securityDISC @ 3:09 pm

Cyberspace enable e-mail, electricity grids, international banking and military superiority.
We can’t live without cyberspace – but increasingly, experts say its openness is putting the United States in jeopardy.

“We can say that sovereignty’s at risk,” said Sami Saydjari. He heads the Cyber Defense Agency, an information security company.

“Basically our whole superpower status as the United States depends on computers,” he said. “We lose them, we lose our status as a superpower. We become a Third World country overnight.”

http://www.youtube.com/watch?v=V3rNiKF4ku8

Tags: Cyber Defense Agency, Cyber-warfare, cyberwar, Sami Saydjari, superpower status

Jan 25 2011

Cisco Security Report Says Unemployed Are Targeted By Money Mules

Category: CybercrimeDISC @ 5:26 pm

By Samuel Rubenfeld

Add another burden to being unemployed: Those seeking work are increasingly targeted by money mules for laundering operations.

The “Cisco 2010 Annual Security Report,” (pdf) released Thursday, says that alongside ongoing threats from phishing attempts, viruses, trojans and more, the unemployed–or the underemployed–may become unsuspecting conduits for money laundering. This can happen through “work-from-home” scams where a person’s “job” is to receive items, repackage them and ship them abroad, not knowing that the items were obtained illegally using stolen or fraudulent credit cards that further the money laundering operation.

“People scouring employment ads on legitimate, well-known job search sites also have been duped by these scams,” the report says, later adding: “Individuals who come in contact with these operations usually have no idea they are being recruited as money mules, and believe they are dealing with a recruiter for a legitimate company.”

Titles below explain how money laundering works…

Tags: money laundering, money mules

Jan 19 2011

Zeus Toolkit Gangs Staging Mass Attacks on Banking Applications

Category: App Security,CybercrimeDISC @ 11:12 am

Since 2007, illicit organizations have employed Zeus to launch damaging, highly publicized attacks targeting the login credentials and other personal data associated with millions of computers, thousands of organizations, and uncounted numbers of users and their accounts. Relatively small groups of sophisticated criminal bands based in various nations–particularly in Eastern European countries such as Russia and Ukraine–have stolen tens of millions of dollars. Computers in 196 countries have been subject to attack. The countries most affected include the U.S., U.K., Saudi Arabia, Egypt, and Turkey.

To read the full article ….

Jan 13 2011

Meet Stringent California Information Security Legislation with Comprehensive Toolkit

Category: ISO 27kDISC @ 4:06 pm

Three years ago, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386.

This legislation deals with the security of personal information and is applicable to all organisations (state and government agencies, non-profit, companies of all sizes, regardless of geographic location) holding personal data on any person living in California. SB-1386 requires such information holders to disclose any unauthorised access of computerised data files containing personal information.

In response, IT Governance’s comprehensive ‘SB-1386 & ISO27002 Implementation Toolkit’ is specifically designed by experts in data compliance legislation to guide organisations on how to conform to SB-1386. The toolkit conforms to ISO27002 and, if desired, also helps organisations prepare for any external certification process (ISO 27001) that would demonstrate conformance with such a standard. The State of California has itself formally adopted ISO/IEC 27002 as its standard for information security and recommended that organisations use this standard as guidance in their efforts to comply with California law.


Which businesses are affected by SB 1386 law?
o If you have a business in California
o Outsourcing company who does business with a company in California or have customers in California
o Data centers outside of California which store information of California residents

sb1386

Toolkits are designed to help organizations who need to comply with a law like SB 1386. SB 1386 and ISO 27002 implementation toolkit assist ISO 27002 compliance. Also help organizations who are interested in certification to lay in the ground work for (ISO 27001) certification that would demonstrate the conformance with world class information security management systems.


The Comprehensive SB1386 Implementation toolkit comprises of:
1. The SB 1386 Documentation Toolkit: a download with nearly 400 of densely packed pages of fit-for-purpose policies and procedures ensuring full compliance with SB 1386.
2. International IT Governance: An Executive Guide to ISO 17799/ISO 27001 (Soft Cover) This is the US version of the long established world leading manual on designing and implementing an Information Security Management System (ISMS) in line with the best practice guidance of ISO27001/ISO17799.
3. vsRisk™- the Definitive ISO 27001: 2005-Compliant Information Security Risk Assessment Tool which in summary:
o automates and delivers an ISO/IEC 27001-compliant risk assessment
o Uniquely, can assess confidentiality, integrity & availability for each of business, legal and contractual aspects of information assets – as required by ISO 27001
o Comprehensive best-practice alignment
o Supports ISO 27001
o Supports ISO 27002 (ISO/IEC 17799)
o Conforms to ISO/IEC 27005
o Conforms to NIST SP 800-30
o The wizard-based approach simplifies and accelerates the risk assessment process;
o Integrated, regularly updated, BS7799-3 compliant threat and vulnerability databases.
4. Plus an electronic copy of the Information Security Standard ISO/IEC 27002: (formerly ISO 17799).

Buy The SB-1386 & ISO27002 Implementation Toolkit NOW!

ISO assessment is a great first step towards ISO 27002 compliance and toward the final goal of ISO 27001 certification.

vsRisk and security risk assessment

ISO 27002 Framework for Today’s Security Challenges
httpv://www.youtube.com/watch?v=yRFMfiLbNj8

Tags: iso 27001, iso 27001 certification, iso 27002, iso 27005, ISO 27k, iso assessment, iso compliance, sb 1386

Jan 11 2011

Biggest mobile malware threat

Category: Malware,Smart Phone,Web 2.0DISC @ 2:39 pm
Image representing Facebook as depicted in Cru...
Image via CrunchBase

Facebook is biggest mobile malware threat, says security firm
Researcher claims bad links on Facebook responsible for much higher infection rate that targeted mobile malware

By Joan Goodchild -CSO

The biggest mobile infection threat isn’t malware that specifically targets mobile devices, according to new research from security firm BitDefender. Malware that targets Facebook is a far bigger problem for mobile security, the firm claims.

Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs.

BitDefender officials point to Google statistics, which reveal almost one quarter of Facebook users who fell for a recent scam on the social network did so from their mobile device. The URL that was studied was one that claimed to show users a girl’s Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme.

“When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source — the social network,” said George Petre, BitDefender Threat Intelligence Team Leader.

Mobile Malware Attacks and Defense

The Truth About Facebook – Privacy Settings Every Facebook User Should Know, and Much More – The Facts You Should Know

Tags: facebook, Google, Koobface, Malware, Mobile device, Mobile operating system, Social network, Uniform Resource Locator

Jan 09 2011

Information Systems Security

Category: CISSP,Information SecurityDISC @ 1:20 pm

CISSP: Certified Information Systems Security Professional Study Guide

CISSP: Certified Information Systems Security Professional Study Guide

Totally updated for 2011, here’s the ultimate study guide for the CISSP exam
Considered the most desired certification for IT security professionals, the Certified Information Systems Security Professional designation is also a career-booster. This comprehensive study guide covers every aspect of the 2011 exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, 250-question sample exams to test your progress.

CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the 2011 CISSP exam
Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical (environmental) security, security architecture and design, and telecommunications and network security
Also covers legal and regulatory investigation and compliance
Includes two practice exams and challenging review questions on the CD
Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.

From the Back Cover
Comprehensive preparation for the 2011 CISSP certification exam

With pages of in-depth coverage, real-world scenarios, and detailed explanations of all domains from the Common Body of Knowledge (CBK) for the CISSP certification exam, this complete guide not only thoroughly prepares you for the exam, it also helps you develop practical skills for success on the job. Key topics include access control, business continuity, cryptography, biometrics, and more. You’ll also find helpful advice on how to pass each section of the exam. Inside, find:

Full coverage of all exam objectives in a systematic approach, so you can be confident you’re getting the instruction you need for the exam

Real-world scenarios that put what you’ve learned in the context of actual job roles

Challenging review questions in each chapter to prepare you for exam day

Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam

A handy tear card that maps every official exam objective to the corresponding chapter in the book, so you can track your exam prep objective by objective

Look inside for complete coverage of all exam objectives.

SYBEX TEST ENGINE

Test your knowledge with advanced testing software. Includes all chapter review questions and two full-length, 250-question practice exams.

ELECTRONIC FLASHCARDS

Reinforce your understanding with electronic flashcards.

Also on CD, you’ll find the entire book in searchable and printable PDF. Study anywhere, any time, and approach the exam with confidence.

Includes Real-World Scenarios, Written Labs, and

Leading-Edge Exam Prep Software Featuring:

Custom Test Engine

Two Full-Length, 250-Question Practice Exams

Electronic Flashcards

Entire Book in PDF

Tags: CISSP book, CISSP book recommendation, information systems security

Jan 06 2011

The Basics of Stuxnet Worm and How it infects PLCs

Category: MalwareDISC @ 1:01 pm
Future of Mobile Malware & Cloud Computing Key...
Image by biatch0r via Flickr

Considered to be the most intricately designed piece of malware ever, Stuxnet leverages attack vectors onto industrial control systems, a territory rarely ventured into by traditional malware. Stuxnet targets industries, power plants and other facilities that use automation and control equipment from the leading German industrial vendor, Siemens. The term, critical infrastructure refers to industrial systems that are essential for the functioning and safety of our societies. Considering the profound dependence of critical infrastructure on industrial control and automation equipment, it is essential to reassess the impact this new generation of malware on the stability and security of our society.

Download WhitePaper

Has Israel Begun A Cyber War On Iran With The Stuxnet ‘Missile’?: An article from: APS Diplomat News Service

The New Face of War: How War Will Be Fought in the 21st Century

Related articles

Tags: Business, Control system, Critical infrastructure, Industrial control systems, Iran, Malware, Siemens, Symantec

Jan 06 2011

Security 2020: Reduce Security Risks This Decade

Category: Information SecurityDISC @ 10:59 am

 

Security 2020: Reduce Security Risks This Decade

Identify real security risks and skip the hype. After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today’s IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.

IT security needs are constantly evolving; this guide examines what history has taught us and predicts future concerns
Points out the differences between artificial concerns and solutions and the very real threats to new technology, with startling real-world scenarios
Provides knowledge needed to cope with emerging dangers and offers opinions and input from more than 20 noteworthy CIOs and business executives
Gives you insight to not only what these industry experts believe, but also what over 20 of their peers believe and predict as well

With a foreword by security expert Bruce Schneier, Security 2020: Reduce Security Risks This Decade supplies a roadmap to real IT security for the coming decade and beyond.

Order this book for advice on how to reduce IT security risks on emerging threats to your business in coming years. Security 2020: Reduce Security Risks This Decade

From the Back Cover
Learn what’s real, what’s hype, and what you can do about it
For decades, security experts and their IT peers have battled the black hats. Yet the threats are as prolific as ever and more sophisticated. Compliance requirements are evolving rapidly and globalization is creating new technology pressures. Risk mitigation is paramount. What lies ahead?

Doug Howard and Kevin Prince draw upon their vast experience of providing security services to many Fortune-ranked companies, as well as small and medium businesses. Along with their panel of security expert contributors, they offer real-world experience that provides a perspective on security past, present, and future. Some risk scenarios may surprise you. Some may embody fears you have already considered. But all will help you make tomorrow’s IT world a little more secure than today’s.

Over 50 industry experts weigh in with their thoughts

Review the history of security breaches

Explore likely future threats, including social networking concerns and doppelganger attacks

Understand the threat to Unified Communication and Collaboration (UCC) technologies

Consider the impact of an attack on the global financial system

Look at the expected evolution of intrusion detection systems, network access control, and related safeguards

Learn to combat the risks inherent in mobile devices and cloud computing

Study 11 chilling and highly possible scenarios that might happen in the future

Related articles

Tags: Bruce Schneier, Computer security, Consultants, Doug Howard, Intrusion detection system, Kevin Prince, Security, United States

Jan 04 2011

Electronic Pick Pocketing with RFID

Category: Cybercrime,pci dssDISC @ 9:10 am

RFID Security

Thieves now have the capabilities to steal your credit card information without laying a hand on your wallet.

It’s new technology being used in credit and debit cards, and it’s already leaving nearly 140 million people at-risk for electronic pickpocketing.

It all centers around radio frequency identification technology, or RFID.

You’ll find it in everything from your passports to credit and debit cards.

It’s supposed to make paying for things faster and easier.

You just wave the card, and you’ve paid.

But now some worry it’s also making life easier for crooks trying to rip you off.

In a crowd, Walt Augustinowicz blends right in.

And that’s the problem.

“If I’m walking through a crowd, I get near people’s back pocket and their wallet, I just need to be this close to it and there’s my credit card and expiration date on the screen,” says Augustinowicz demonstrating how easily cards containing RFID can be hacked.

Armed with a credit card reader he bought for less than $100 on-line and a netbook computer.

RFID Security

Tags: credit card fraud, electronic pick pocketing

Jan 03 2011

New virus threatens phones using Android

Category: MalwareDISC @ 5:39 pm
it's real :)
Image via Wikipedia

Mobile Malware Attacks and Defense

WASHINGTON (AFP) – A virus infecting mobile phones using Google’s Android operating system has emerged in China that can allow a hacker to gain access to personal data, US security experts said.

A report this week from Lookout Mobile Security said the new Trojan affecting Android devices has been dubbed “Geinimi” and “can compromise a significant amount of personal data on a user?s phone and send it to remote servers.”

The firm called the virus “the most sophisticated Android malware we’ve seen to date.”

“Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone,” Lookout said.

“Geinimi’s author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities.”

The motive for the virus was not clear, accoring the Lookout, which added that this could be used for anything from “a malicious ad-network to an attempt to create an Android botnet.”

But the company said the only users likely to be affected are those downloading Android apps from China.

The infected apps included repackaged versions sold in China of Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

“It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected,” the security firm said.

Mobile Malware Attacks and Defense

Related articles

Tags: Android, china, Google, Malware, mobile phone, Security, Servers, Trojan horse

Dec 30 2010

Information Security Law: The Emerging Standard for Corporate Compliance

Category: Information Security,ISO 27kDISC @ 3:25 pm

Order Information Security Law: The Emerging Standard for Corporate Compliance today!
Information Security Law: The Emerging Standard for Corporate Compliance

In today’s business environment, virtually all of a company’s daily transactions and all of its key records are created, used, communicated, and stored in electronic form using networked computer technology. Most business entities are, quite literally, fully dependent upon information technology and an interconnected information infrastructure.

Emerging information security compliance requirements.
While this reliance on technology provides tremendous economic benefits, it also creates significant potential vulnerabilities that can lead to major harm to a company and its various stakeholders. As a result, public policy concerns regarding these risks are driving the enactment of numerous laws and regulations that require businesses to adequately address the security of their own data.

Information Security Law: The Emerging Standard for Corporate Compliance is designed to help companies understand this developing law of information security, the obligations it imposes on them, and the standard for corporate compliance that appears to be developing worldwide. ISO/IEC 27001, the international information security standard, should be read alongside this book.

Emerging global legal framework – and compliance in multiple jurisdictions.
This book takes a high level view of the multitude of security laws and regulations, and summarizes the global legal framework for information security that emerges from them. It is written for companies struggling to comply with several information security laws in multiple jurisdictions, as well as for companies that want to better understand their obligations under a single law. It explains the common approach of most security laws, and seeks to help businesses understand the issues that they need to address to become generally legally compliant.

About the Author
The author, Thomas J. Smedinghoff, is an attorney and partner in a Privacy, Data Security, and Information Law Practice in Chicago. He has been actively involved in developing e-business and information security legal policy, both in the US and globally. He currently serves as a member of the US Delegation to the United Nations Commission on International Trade Law (UNCITRAL) and chairs the International Policy Coordinating Committee of the American Bar Association (ABA) Section of Science & Technology Law.

ORDER YOUR COPY OF THIS INFORMATIVE BOOK ON INFORMATION SECURITY LAW NOW….Information Security Law: The Emerging Standard for Corporate Compliance

Author: Thomas J Smedinghoff
Publisher: IT Governance Publishing
Format: Softcover
ISBN: 9781905356669

Pages:185
Published Date: 7th October 2008
Availability: Immediate

Dec 26 2010

Information Security Risk Management for ISO27001/ISO27002

Category: ISO 27k,Security Risk AssessmentDISC @ 8:56 pm

Expert guidance on planning and implementing a risk assessment and protecting your business information. In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information security management system (ISMS) is ISO27002. As the code of practice explains, information security management enables organisations to ‘ensure business continuity, minimise business risk, and maximise return on investments and business opportunities’.

ISMS requirements
The requirements for an ISMS are specified in ISO27001. Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001.

International best practice
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

Benefits to business include:

Stop the hacker. With a proper risk assessment, you can select appropriate controls to protect your organisation from hackers, worms and viruses, and other threats that could potentially cripple your business.

Achieve optimum ROI. Failure to invest sufficiently in information security controls is ‘penny wise, pound foolish’, since, for a relatively low outlay, it is possible to minimise your organisation’s exposure to potentially devastating losses. However, having too many safeguards in place will make information security system expensive and bureaucratic; so without accurate planning your investment in information security controls can become unproductive. With the aid of a methodical risk assessment, you can select and implement your information security controls to ensure that your resources will be allocated to countering the major risks to your organisation. In this way, you will optimise your return on investment.

Build customer confidence. Protecting your information security is essential if you want to preserve the trust of your clients and to keep your business running smoothly from day to day. If you set up an ISMS in line with ISO27001, then, after an assessment, you can obtain certification. Buyers now tend to look for the assurance that can be derived from an accredited certification to ISO27001 and, increasingly, certification to ISO27001 is becoming a prerequisite in service specification procurement documents.

Comply with corporate governance codes. Information security is a vital aspect of enterprise risk management (ERM). An ERM framework is required by various corporate governance codes, such as the Turnbull Guidance contained within the UK’s Combined Code on Corporate Governance, and the American Sarbanes-Oxley Act (SOX) of 2002, and standards such as ISO310000.

Order this book for advice on information security management that can really benefit your bottom line! Information Security Risk Management for ISO27001 / ISO27002

About the authors

Alan Calder is the founder director of IT Governance Ltd. He has many years of senior management and board-level experience in the private and public sectors.

Steve G Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors he has been responsible for most support disciplines. He has over 20 years’ experience of managing integrated management systems, and is a lead auditor for ISO27001 and ISO9000. He is now an ISMS Technical Expert for UKAS, and provides them with advice for their assessments of certification bodies offering certification to ISO27001.

Dec 23 2010

Social Engineering: The Art of Human Hacking

Category: social engineeringDISC @ 11:32 am

“Social engineering” as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick
Social Engineering: The Art of Human Hacking

Christopher Hadnagy, Author
The first book to reveal and dissect the technical aspect of many social engineering maneuvers
From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

“Most malware and client-side attacks have a social engineering component to deceive the user into letting the bad guys in. You can patch technical vulnerabilities as they evolve, but there is no patch for stupidity, or rather gullibility. Chris will show you how it’s done by revealing the social engineering vectors used by today’s intruders. His book will help you gain better insight on how to recognize these types of attacks,” said Kevin Mitnick, about the book.

Order this book today to know more about present and emerging social engineering threats to your business Social Engineering: The Art of Human Hacking

Examines social engineering, the science of influencing a target to perform a desired task or divulge information
Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
Reveals vital steps for preventing social engineering threats
Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

From the Inside Flap
Forward written by Paul Wilson from The Real Hustle UK.
rpaulwilson.com/

Dec 21 2010

Digital Photocopiers Loaded With Secrets

Category: cyber security,Information PrivacyDISC @ 10:13 pm

How a digital copier can become a treasure trove for an identity thief, because they have a hard drive which permanently store all images which have been digitally printed, scanned, faxed, emailed or copied on that printer. Storing images on the hard drive can be a huge threat to the security of an organization and a serious breach to the privacy law when these printers need maintenance, needed to be returned at end of a lease period or simply retired without erasing the data from the hard drive.

Due diligence of erasing the data before an identity thief gets their paws on it is squarely falls on the shoulder of the organization who owns the digital printer.

Dec 19 2010

Protect your credit card information and avoid Fraud

Category: cyber securityDISC @ 10:51 pm
NEW YORK - MAY 20: In this photo illustration...
Image by Getty Images via @daylife

Essentials of Online payment Security and Fraud Prevention

As we all know that credit card frauds are on the rise and crooks are utilizing more advanced techniques to acquire credit card information. In these circumstances anyone can lose their private and credit card information to crooks. Individual due diligence is necessary to protect credit card information and below are few measures which can help to protect it.

– At least once a year (or preferably every 6 months) report each one of your cards missing, so that your credit card company would issue you a new card. This is because often crooks steal credit card info but they wait to collect many (at least a million) before they sell them and this process typically takes a year (according to FBI) so most of the times your credit card info may be compromised but you don’t know about it until the crook sells it to a buyer and then in a matter of 1-2 weeks you get hit by tons of purchases and before you know it you credit card is maxed and you are stuck with proving it wasn’t you.

– Sign up with www.LifeLock.com, instead of the many identity theft programs that your bank offers. This program costs about $80-$100 a year (similar in cost to what banks like Chase and WFB offer) but this program TRULY covers all the costs of when your identity is stolen and cards are maxed. They do by far MORE than the other programs that banks offer and they cover all the costs that you may incur (including replacing your PC that maybe infected with a virus).

– If anyone calls you (from Visa, MC, AmEx or any credit card company) and told you anything like your credit card has been used, stolen, etc, get their telephone number and tell them you will call them back before you say ANYTHING to them. And then call the 800 number on the back of your card and verify that the phone number they gave you is indeed a valid number. Do NOT give anything, specially the 3 digit off the back of your card to anyone who calls you.

– As always, do NOT enter your ATM card PIN into any email.

– Do NOT open any emails from anyone that you do NOT know. If you do, and there is a .pdf file is attached, make sure it makes sense that the sender has sent you this file otherwise do NOT open the .pdf file. Many viruses are embedded in .pdf files (Not pictures or txt files, just .pdf)

– If you do on-line banking (as we all do) do NOT do bill payment or if you do then once a day check the balance in your account. Also, if possible contact your bank and BAN any WIRE TRANSFERs from your account. Tons, tons of wire transfer fraud has happened during the past year or two and people have LOST THEIR MONEY, the banks have NO obligation to repay even if you can prove you didn’t do the transfer. They say that your computer was hacked and that is YOUR fault not theirs. Check your bank account balances DAILY as with wire transfer you have 24 hours (in most cases) to reverse it but if it is gone then your money is GONE and you may never be able to collect it back.

– NEVER give your laptop for repair or upgrades to anyone that you do NOT know really well. Once your laptop or computer is in the hands of a crook he can install spyware and other programs that will go into the core of your PC and nothing, as in NOT EVEN FORMATTING YOUR HARD DISK, can get rid of the virus or spyware. Your only option is to throw away your PC and buy a new one.

– When online, if you happen to go to a website that had many different items on it; such as “Sarah Palin’s info”, “Earthquake victims”, “Las Vegas Deals”, etc. DO NOT open any files or documents (don’t click on them). These websites are put together by very smart crooks who want to attract people so they have a variety of info posted but each article has a virus/spyware loaded in it and if you click on it the virus will be loaded into your PC and from that point on they can monitor your keyboard entries, even the screens you look at. Avoid any website that has an unusual or strange collection of info on them.

– Have one credit card with a low limit ($1000-$2000) only for use on internet purchases.

– Have another card with even a lower limit ($500) only for use in Gas stations. Gas stations have the highest rate of fraud because the pumps have Readers/Pin pads in them that are really old and do NOT have any security feature in them. So have a very low limit card only for use in Gas stations.

– Have one/more high limit cards that you only use when you purchase something that you SIGN for, and always check your statements at the end of the month.

Related articles

Tags: Business, Consumer, Credit card, Financial services, Identity Theft, Merchant Services, Sarah Palin, Wire transfer

Dec 13 2010

Cyber War: The Next Threat to National Security and What to Do About It

Category: cyber security,CybercrimeDISC @ 5:54 pm

Richard Clarke’s credentials are well established, having been a national security advisor to presidents of both parties

“The major shock about the mischievous WikiLeaks—even more than the individual headline items—is that it dramatizes how vulnerable we still are. Digitization has made it easier than ever to penetrate messages and download vast volumes of information. Our information systems have become the most aggressively targeted in the world. Each year, attacks increase in severity, frequency, and sophistication. On July 4, 2009, for instance there was an assault on U.S. government sites—including the White House—as well as the New York Stock Exchange and Nasdaq. There were similar attacks that month on websites in South Korea. In 2008, our classified networks, which we thought were inviolable, were penetrated. Three young hackers managed to steal 170 million credit-card numbers before the ringleader was arrested in 2008.”

From Publishers Weekly
“On today’s battlefields computers play a major role, controlling targeting systems, relaying critical intelligence information, and managing logistics. And, like their civilian counter-parts, defense computers are susceptible to hacking. In September 2007, Israeli cyber warriors “blinded” Syrian anti-aircraft installations, allowing Israeli planes to bomb a suspected nuclear weapons manufacturing facility (Syrian computers were hacked and reprogrammed to display an empty sky). One of the first known cyber attacks against an independent nation was a Russian DDOS (Deliberate Denial of Service) on Estonia. Since it can rarely be traced directly back to the source, the DDOS has become a common form of attack, with Russia, China, North Korea, the U.S., and virtually every other country in possession of a formidable military having launched low-level DDOS assaults. Analysts across the globe are well aware that any future large-scale conflict will include cyber warfare as part of a combined arms effort. Clarke and Knake argue that today’s leaders, though more computer savvy than ever, may still be ignorant of the cyber threats facing their national security.”

Dec 06 2010

U.S. looks to protect computer networks as rogues hack away

Category: cyber securityDISC @ 10:16 am

By Lolita Baldor

WASHINGTON — It will take several more years for the government to fully install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say.

As the Department of Homeland Security moves methodically to pare down and secure the approximately 2,400 network connections used every day by millions of federal workers around the world, experts suggest that technology already may be passing them by.

The department that’s responsible for securing government systems other than military sites is slowly moving all the government’s Internet and e-mail traffic into secure networks that eventually will be guarded by intrusion detection and prevention programs. The networks are known as Einstein 2 and Einstein 3.

Progress has been slow, however. Officials are trying to complete complex contracts with network vendors, work out technology issues and address privacy concerns involving how the monitoring will affect employees and public citizens.

The WikiLeaks release of more than a quarter-million sensitive diplomatic documents underscores the massive challenge ahead, as Homeland Security labors to build protections for all of the other, potentially more vulnerable U.S. agencies.

“This is a continuing arms race and we’re still way behind,” said Stewart Baker, former Homeland Security undersecretary for policy.

The WikiLeaks breach affected the government’s classified military network and was as much a personnel gap as a technological failure.

Officials believe the sensitive documents were stolen from secure Pentagon computer networks by an Army intelligence analyst who downloaded them onto a CD.

The changes sought by Homeland Security on the government’s non-military computers would be wider and more systemic than the immediate improvements ordered recently by the Departments of Defense and State as a result of the WikiLeaks releases.

Those changes included improving the monitoring of computer usage and making it harder to move material onto a portable computer flash drive or CD.

Related articles

Tags: DHS, Einstein 1, Einstein 2, IDP, IDS, Intrusion Detection and Prevention, WikiLeaks

Nov 30 2010

Due diligence is the cost of doing business for healthcare

Category: hipaaDISC @ 1:31 pm


According to an estimates, the Healthcare in US may be vulnerable to $6 billion annually from data losses in various forms.

A survey done by the privacy and data-management firm Ponemon Institute found that Healthcare organizations are still using primitive data management techniques and run the risk of spending an average of US $1 million per year dealing with data losses. These can be in the form of damage control, litigation and loss of revenue from clients transferring to other facilities, among others.

From October 2009 to March 2010, patient information from insurance company WellPoint was accessible to the public through its website, revealing information on 32,000 new clients. Meanwhile, insurance company AmeriHealth Mercy recently admitted to misplacing a USB drive that contained information for 280,000 Medicaid members.
Data included full names, birth dates, addresses, SSNs, telephone numbers, email addresses, financial information, and health records. Patients risk suffering public embarrassment and identity theft, which can be used for both medical and financial purposes.

Build your own Information Secrity Management System which cover the HIPAA controls, basic due diligence for information security and privacy controls will pay its dividend in the long run and simply is the cost of doing business for healthcare industry.

Nov 29 2010

Google Bomb: The Untold Story of the $11.3M Verdict That Changed the Way We Use the Internet

Category: Information SecurityDISC @ 4:05 pm

Google Bomb: The Untold Story of the $11.3M Verdict That Changed the Way We Use the Internet [Paperback]
John W. Dozier Jr. (Author), Sue Scheff (Author), Michael Fertik (Author)

Google Bomb (n) or ‘link bomb’: Internet slang for a certain kind of attempt to raise the ranking of a given page in results from a Google search. (Wikipedia)

Nov 29 2010

US shuts down file-sharing sites

Category: CybercrimeDISC @ 2:08 pm
Seal of the United States Department of Justice
Image via Wikipedia

By BBC@MMX

More than 70 sites alleged to be selling counterfeit goods or offering pirated content have been shut down by the US government.

The action was taken by the Immigration and Customs Enforcement agency, part of the US Department of Homeland Security.

Domains seized included a BitTorrent search engine, music download sites and shops selling fake designer clothing.

Many of the sites who lost their domains have continued trading via alternative addresses.

ICE confirmed that it had taken the action to the New York Times but said it could not provide any details because the seizures were part of an “ongoing investigation”.

Anyone trying to visit the seized pages was confronted by a screen saying that the domain had been taken over by ICE and which quoted US laws on copyright infringement and trafficking in counterfeit goods.

Domains seized included louis-vuitton-outlet-store.com, burberryoutletshop.com, rapgodfathers.com, mydreamwatches.com as well as BitTorrent search engine Torrent-Finder.com.

ICE’s action involved gaining control of the domain name that sites were trading under. It did not involve removing any content from the sites affected or blocking the use of an IP address.

Many of the sites that lost their domains have moved to new names in a bid to keep running.

The seizures follows similar action earlier in 2010 against nine sites also believed to be involved in counterfeiting and pirating copyrighted material.

The action comes as the UK’s Serious and Organised Crime Agency seeks similar powers over .uk domains it deems are involved in criminal activity.

Related articles

« Previous PageNext Page »