If you’re looking for videos of the killer whale attack at SeaWorld, be aware you could get yourself a virus or even get yourself a Rickroll.

People are searching for video footage of the killer whale attack of Dawn Brancheau at SeaWorld in San Diego, and finding themselves the target of Rickroll jokes, or even worse, viruses.

Graham Cluley, senior technology consultant for Sophos, spoke with Kansas City InfoZine about the situation:

It’s hard to believe that anyone would want to watch video footage of this horrible death, but it’s currently one of the very hottest search terms on the internet.  These poisoned pages can appear on the very first page of your search engine’s results, and if you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software or handing over your credit card details.

This is not the first time such incidents have happened, and it is always best to be cautious when looking for a hotly sought after video such as this.  Always tread lightly with this sort of material, and make sure your anti-virus protection is up-to-date before you go looking.  (although in this particular case, we suggest you just don’t look for it because it’s nothing anyone needs to see.)

Categories: Scams, Security   
 

Be careful on what links you click on, or what you download, folks. There’s a new virus in town.

Known as the Knebet Botnet virus, this new attack of malware has already hit major companies and banking institutions, and has harvested at least 68,000 online identities thus far according to The Wall Street Journal.  According to a statement from NetWitness, it seems to only be targeting larger networks at this time, but that doesn’t mean you’re safe at home.  Amit Yoran, CEO of NetWitness, said that the attacks have harvested online credentials from mission critical systems at banks down to user’s Facebook logins.

The virus seems to be spreading via malicious links in e-mails, so always make sure you trust the source of any link you click on in an e-mail, and never download anything from a site you don’t trust implicitly.  These are good rules of thumb at all times, but with a new virus spreading, it never hurts to up your caution.

Categories: Security   
 

PasswordsTwitter has been undergoing an attack on passwords, and while we think some of their logic is flawed to the cause of it, they still make a good point.

Over the past few days there has been an increase in password problems at Twitter. As the popular microblogging service tried to track down the problem, they feel they tracked it down to a problem with fake Torrent sites: sites that trade in pirated movies, music, TV shows and more. Their conclusion was you created an account on those sites, used the password you use on other services, and the site owners then went around attacking you on other sites with your passwords.

While there are some flaws in this theory, namely people who have never used a Torrent site were also attacked, their reasoning is sound on using different passwords.  If you always register at sites with the same email address and password, then it is easy for someone to take your information from one site and apply it to another.

Using different email addresses for each site would be a pain, but you need to at least change your password for each site to keep your security levels up.

It’s 2010, folks, shouldn’t we be passed people still coming up with lame passwords?

Categories: Security, Twitter   
 

In yet another example of password stupidity, a recently released list of hacked passwords showed that “123456″ was still popular.

Last year RockYou was hacked and millions of passwords stolen.  The list made its way on to the Web, and beyond hackers downloading the list were security experts who wanted to study it.  From that list they came up with the 32 most popular passwords on the site, which you can see to the right.

Apparently some need lessons in how to pick a password.

According to The New York Times, it wasn’t just these 32 that bothered security experts, but the fact that around 20% of the passwords came from a pool of only 5,000 passwords.

There was another similar story recently about how Twitter has a list of 370 passwords you can’t use, and that seems like something every site should be doing as evidenced by this list.  If a password is easy for you to remember, that also means it is easy to hack.  The fact that some people have used a password of “0″ is just mind boggling to me.

Two sites now have revealed their passwords, and both sites have shocked us with the stupidity of the passwords people choose.  Does no one care about identity theft?  Does no one care about protecting their data?

Take the time, educate yourself on how to create a stronger password and start using them today!

Categories: Security   
 

Just a word of warning, never trust a text message about your bank account as being authentic.

Two of us here at StarterTech have gotten the following text message this week from “9099″:

customer issue, us bank service frozen. please call at 802 221 1115

Both of us have accounts with this chain, but Rosemary, who was the first to get the message, called the local branch directly and confirmed there were no issues with her account. We were suspicious of the message from the start for the main reason she has never given the bank her cell phone number.  Also upon talking to the bank, they were confused by the verbiage as it didn’t sound like anything the bank uses.

Today when I got the text, I used a Skype account to call the listed phone number so it would show up as unknown on caller ID.  I got a message about the mailbox being full, and that was it.

As with scam emails, pay attention to the style of the text.

  • Notice there are no capital letters
  • Improper use of grammar
  • No personalization

This is a classic “phishing” attack, and it is just the type that throws a wide net.  We have received similar texts about other banks we don’t even have accounts with, but they know they will hit people who do have accounts with them.

Always be wary of this type of communications.

Categories: Security   
 

PasswordsApparently some people still have not learned how to create a good password.

Popular micro-blogging service Twitter has now come out with a list of 370 passwords you are now allowed to use when creating your account. Apparently more people need to learn how to pick a password.  TechCrunch discovered how to see all of the banned, but ValleyWag listed  all 370, and … well … they’re an interesting mix of stupidity and oddballs.

1. 111111
2. 11111111
3. 112233
4. 121212
5. 123123
6. 123456
7. 1234567
8. 12345678
9. 131313
10. 232323
11. 654321
12. 666666
13. 696969
14. 777777
15. 7777777
16. 8675309
17. 987654
18. aaaaaa
19. abc123
20. abc123
21. abcdef
22. abgrtyu
23. access
24. access14
25. action
26. albert
27. alexis
28. amanda
29. amateur
30. andrea
31. andrew
32. angela
33. angels
34. animal
35. anthony
36. apollo
37. apples
38. arsenal
39. arthur
40. asdfgh
41. asdfgh
42. ashley
43. august
44. austin
45. badboy
46. bailey
47. banana
48. barney
49. baseball
50. batman
51. beaver
52. beavis
53. bigdaddy
54. bigdog
55. birdie
56. bitches
57. biteme
58. blazer
59. blonde
60. blondes
61. bond007
62. bonnie
63. booboo
64. booger
65. boomer
66. boston
67. brandon
68. brandy
69. braves
70. brazil
71. bronco
72. broncos
73. bulldog
74. buster
75. butter
76. butthead
77. calvin
78. camaro
79. cameron
80. canada
81. captain
82. carlos
83. carter
84. casper
85. charles
86. charlie
87. cheese
88. chelsea
89. chester
90. chicago
91. chicken
92. cocacola
93. coffee
94. college
95. compaq
96. computer
97. cookie
98. cooper
99. corvette
100. cowboy
101. cowboys
102. crystal
103. dakota
104. dallas
105. daniel
106. danielle
107. debbie
108. dennis
109. diablo
110. diamond
111. doctor
112. doggie
113. dolphin
114. dolphins
115. donald
116. dragon
117. dreams
118. driver
119. eagle1
120. eagles
121. edward
122. einstein
123. erotic
124. extreme
125. falcon
126. fender
127. ferrari
128. firebird
129. fishing
130. florida
131. flower
132. flyers
133. football
134. forever
135. freddy
136. freedom
137. gandalf
138. gateway
139. gators
140. gemini
141. george
142. giants
143. ginger
144. golden
145. golfer
146. gordon
147. gregory
148. guitar
149. gunner
150. hammer
151. hannah
152. hardcore
153. harley
154. heather
155. helpme
156. hockey
157. hooters
158. horney
159. hotdog
160. hunter
161. hunting
162. iceman
163. iloveyou
164. internet
165. iwantu
166. jackie
167. jackson
168. jaguar
169. jasmine
170. jasper
171. jennifer
172. jeremy
173. jessica
174. johnny
175. johnson
176. jordan
177. joseph
178. joshua
179. junior
180. justin
181. killer
182. knight
183. ladies
184. lakers
185. lauren
186. leather
187. legend
188. letmein
189. little
190. london
191. lovers
192. maddog
193. madison
194. maggie
195. magnum
196. marine
197. marlboro
198. martin
199. marvin
200. master
201. matrix
202. matthew
203. maverick
204. maxwell
205. melissa
206. member
207. mercedes
208. merlin
209. michael
210. michelle
211. mickey
212. midnight
213. miller
214. mistress
215. monica
216. monkey
217. monkey
218. monster
219. morgan
220. mother
221. mountain
222. muffin
223. murphy
224. mustang
225. naked
226. nascar
227. nathan
228. naughty
229. ncc1701
230. newyork
231. nicholas
232. nicole
233. nipple
234. nipples
235. oliver
236. orange
237. packers
238. panther
239. panties
240. parker
241. password
242. password
243. password1
244. password12
245. password123
246. patrick
247. peaches
248. peanut
249. pepper
250. phantom
251. phoenix
252. player
253. please
254. pookie
255. porsche
256. prince
257. princess
258. private
259. purple
260. pussies
261. qazwsx
262. qwerty
263. qwertyui
264. rabbit
265. rachel
266. racing
267. raiders
268. rainbow
269. ranger
270. rangers
271. rebecca
272. redskins
273. redsox
274. redwings
275. richard
276. robert
277. rocket
278. rosebud
279. runner
280. rush2112
281. russia
282. samantha
283. sammy
284. samson
285. sandra
286. saturn
287. scooby
288. scooter
289. scorpio
290. scorpion
291. secret
292. sexsex
293. shadow
294. shannon
295. shaved
296. sierra
297. silver
298. skippy
299. slayer
300. smokey
301. snoopy
302. soccer
303. sophie
304. spanky
305. sparky
306. spider
307. squirt
308. srinivas
309. startrek
310. starwars
311. steelers
312. steven
313. sticky
314. stupid
315. success
316. summer
317. sunshine
318. superman
319. surfer
320. swimming
321. sydney
322. taylor
323. tennis
324. teresa
325. tester
326. testing
327. theman
328. thomas
329. thunder
330. thx1138
331. tiffany
332. tigers
333. tigger
334. tomcat
335. topgun
336. toyota
337. travis
338. trouble
339. trustno1
340. tucker
341. turtle
342. twitter
343. united
344. vagina
345. victor
346. victoria
347. viking
348. voodoo
349. voyager
350. walter
351. warrior
352. welcome
353. whatever
354. william
355. willie
356. wilson
357. winner
358. winston
359. winter
360. wizard
361. xavier
362. xxxxxx
363. xxxxxxxx
364. yamaha
365. yankee
366. yankees
367. yellow
368. zxcvbn
369. zxcvbnm
370. zzzzzz

In this day and age you have got to pick tougher passwords.  Remember to mix numbers, letters and symbols.  For instance, say I wanted to use “StarterTech” as a password (which I would never do), I could write it out as “$t^rt3rt3ch”.  It still spells out the word, but I have mixed all the symbols and numbers in so it wouldn’t be easy to hack in a brute force password hacking attempt.  Don’t just use “password123″ for crying out loud.

Categories: Security   
 

There is no doubt that Umar Farouk Abdulmutallab’s failed terror attack has changed thing for travelers yet again, but it took a leaked document to let passengers know exactly what the new rules are.

Yesterday we told you that the Transportation Security Authority’s (TSA) new rules in the wake of Umar Farouk Abdulmutallab’s failed bombing on Christmas Day.  Confusion has been the order of the day since these new rules came to be enacted, but now, thanks to a leaked document to Gizmodo, we have a bit of a clearer picture as to what is going on exactly.

U.S. DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
Aviation Security Directive
Subject: Security Directive
Number: SD 1544-09-06
Date: December 25, 2009
EXPIRATION: 0200Z on December 30, 2009
This Security Directive (SD) must be implemented immediately. The measures contained in this SD are in addition to all other SDs currently in effect for your operations.
INFORMATION: On December 25, 2009, a terrorist attack was attempted against a flight traveling to the United States. TSA has identified security measures to be implemented by airports, aircraft operators, and foreign air carriers to mitigate potential threats to flights.
APPLICABILITY: THIS SD APPLIES TO AIRCRAFT OPERATORS THAT CARRY OUT A SECURITY PROGRAM REGULATED UNDER 49 CODE OF FEDERAL REGULATIONS (CFR)1544.101(a).
ACTIONS REQUIRED: If you conduct scheduled and/or public charter flight operations under a Full Program under 49 CFR 1544.101(a) departing from any foreign location to the United States (including its territories and possessions), you must immediately implement all measures in this SD for each such flight.

1. BOARDING GATE

1. The aircraft operator or authorized air carrier representative must ensure all passengers are screened at the boarding gate during the boarding process using the following procedures. These procedures are in addition to the screening of all passengers at the screening checkpoint.
1. Perform thorough pat-down of all passengers at boarding gate prior to boarding,concentrating on upper legs and torso.
2. Physically inspect 100 percent of all passenger accessible property at the boarding gate prior to boarding, with focus on syringes being transported along with powders and/or liquids.
3. Ensure the liquids, aerosols, and gels restrictions are strictly adhered to in accordance with SD 1544-06-02E.
2. During the boarding process, the air carrier may exempt passengers who are Heads of State or Heads of Government from the measures outlined in Section I.A. of this SD, including the following who are traveling with the Head of State or Head of Government:

1. Spouse and children, or
2. One other individual (chosen by the Head of State or Head of Government)
3. For the purposes of Section I.B., the following definitions apply:
1. Head of State: An individual serving as the chief public representative of a monarchic or republican nation-state, federation, commonwealth, or any other political state (for example, King, Queen, and President).
2. Head of Government: The chief officer of the executive branch of a government presiding over a cabinet (for example, Prime Minister, Premier, President, and Monarch).

2. IN FLIGHT

1. During flight, the aircraft operator must ensure that the following procedures are followed:
1. Passengers must remain in seats beginning 1 hour prior to arrival at destination.
2. Passenger access to carry-on baggage is prohibited beginning 1 hour prior to arrival at destination.
3. Disable aircraft-integrated passenger communications systems and services (phone, internet access services, live television programming, global positioning systems) prior to boarding and during all phases of flight.
4. While over U.S. airspace, flight crew may not make any announcement to passengers concerning flight path or position over cities or landmarks.
5. Passengers may not have any blankets, pillows, or personal belongings on the lap beginning 1 hour prior to arrival at destination.

AIRCRAFT OPERATOR ACKNOWLEDGMENT: The aircraft operator must immediately provide written confirmation to its assigned PSI indicating receipt of this SD.
AIRCRAFT OPERATOR dissemination required: The aircraft operator must immediately pass the information and directives set forth in this SD to all stations affected, and provide written confirmation to its PSI, indicating that all stations affected have acknowledged receipt of the information and directives set forth in this SD. The aircraft operator must disseminate this information to its senior management personnel, ground security coordinators, and supervisory security personnel at all affected locations. All aircraft operator personnel implementing this SD must be briefed by the aircraft operator on its content and the restrictions governing dissemination. No other dissemination may be made without prior approval of the Assistant Secretary for the Transportation Security Administration. Unauthorized dissemination of this document or information contained herein is prohibited by 49 CFR Part 1520 (see 69 Fed. Reg. 28066 (May 18, 2004).
APPROVAL OF ALTERNATIVE MEASURES: With respect to the provisions of this SD, as stated in 49 CFR 1544.305(d), the aircraft operator may submit in writing to its PSI proposed alternative measures and the basis for submitting the alternative measures for approval by the Assistant Administrator for Transportation Sector Network Management. The aircraft operator must immediately notify its PSI whenever any procedure in this SD cannot be carried out by a government authority charged with performing security procedures.
FOR TSA ACTION ONLY: The TSA must issue this SD immediately to the corporate security element of all affected U.S. aircraft operators.
FOR STATE DEPARTMENT: Retransmittal to appropriate foreign posts is authorized. Post must refer to STATE 162917, 201826Z Sep 01, Subject: FAA Security Directives and Information Circulars: Definitions and Handling, for specific guidance and dissemination.

Gale Rossides
Acting Administrator

For now it appears the rules are set to expire on Dec. 30th, but don’t be surprised if these get extended in at least some sort of modified version beyond that date.

As we said yesterday, travel as light as possible for now, folks.

Categories: Security, Travel   
 

computer virusEver run in to a Web site that you know for sure started loading a virus on to your computer? Why not do your part to keep the Internet safe and report them?

Last night I encountered a virus attempting to load itself on to my system.  This was not a nefarious site, and one that I have been visiting for years, and much to my shock it started to load one of those “Your system is at risk!” bogus programs that tries to trick you into loading it, and then you spend 3 days trying to clean it out of your system.

Since this is a site I have visited for years, I dropped them an email as opposed to reporting them, however, if you do run into a site that is obviously malicious, did you know you can report them to Google?

Considering Google is the largest search engine, getting booted from the search results can be pretty damaging to a site, so this actually does matter.  If a site is found to be truly malicious, Google will remove them from the search results, and they will also put up a page that warns you of the reports before you entire the site.  All you need to do is go to http://www.google.com/safebrowsing/report_badware/, enter the URL, answer the security question and enter text about why you think the site is bad, click “Submit Report” and you’re all done!

Do your good deed for the day by reporting the bad guys.

Categories: Security   
 

amazon paymentsJust in time for the holiday shopping season, Amazon has introduced a new layer of security to its Amazon Payments system which is intriguing for what it might mean later on.

Amazon Payments has been popping up all over the Web as a way for customers to pay for purchases with the information they have stored with the mega-retailer.  Well, starting today, you can now use the payment system without ever having to enter your credit card information on another site that uses the system, and you can also check out in just three steps.

PayPhrase is a system where you create a phrase unique to you – each phrase can only be used once in the system, so expect some wacky combinations cropping up – that you will enter anywhere you see the Pay Phrase dialog box.  You enter your phrase, enter your pin number when prompted, click the order button, and you’re done.  Pretty simple, and also fairly secure as only Amazon will have access to your credit card information.

While this is already potentially handy, we here at StarterTech think the true genius of this system will be realized once it shows up in mobile applications.  It doesn’t matter how good your smartphone is, typing all of your information in for an order on a mobile device gets annoying.  The less you have to type in on your cell phone, the better, so this could be a major step forward for mobile payments.  Heck, we could even see it being used in restaurants.  Imagine a waiter walks over with an iPod Touch that has your bill shown, you type in your PayPhrase and pin number, and your bill is paid for.  Your waiter never touches or even sees your credit card.

Some people are laughing this system off, saying that if people can never remember their password, how will they ever remember this?  Give it some time, but we think this new tool could revolutionize several different aspects of commerce.

Categories: Security, Shopping   
 

passportOne of the cornerstones of the Internet since it was introduced to the public was anonymity, but now some people are calling for that to be done away with.

According to The Register, Eugene Kaspersky, CEO of Kaspersky Labs, is calling for all users of the Internet to have a passport that identifies them no matter where they go on the Internet.  His reasoning is that this would lessen security attacks as you would not be allowed to go anywhere on the Internet without your passport.

Everyone should and must have an identification, or internet passport.”The internet was designed not for public use, but for American scientists and the US military. Then it was introduced to the public and it was wrong…to introduce it in the same way.

I’d like to change the design of the internet by introducing regulation – internet passports, internet police and international agreement – about following internet standards.  And if some countries don’t agree with or don’t pay attention to the agreement, just cut them off.

While this is certainly a lofty goal, it is also about the most ignorant thing I have ever heard someone at his level say.

Does he really think that hackers wouldn’t figure out a way to generate fake passports?  All this would end up doing is encumbering your average user while the hackers would still just run around doing whatever they wanted as they would get a hold of other people’s passport codes.  Kaspersky Labs is a well respected company in the security software field, but apparently their CEO needs a muzzle before he goes off with ideas that show such an obvious lack of forethought.

And cutting off countries who don’t sign on to this idea?  Excuse me, I have to stop writing so I can go and finish laughing …

Categories: Opinion, Security   
 
Subscribe to our feed
Subscribe via Email
  • Your Add Here
  • Search & Win
  • J&R Computer/Music World