If you’re looking for videos of the killer whale attack at SeaWorld, be aware you could get yourself a virus or even get yourself a Rickroll.
People are searching for video footage of the killer whale attack of Dawn Brancheau at SeaWorld in San Diego, and finding themselves the target of Rickroll jokes, or even worse, viruses.
Graham Cluley, senior technology consultant for Sophos, spoke with Kansas City InfoZine about the situation:
It’s hard to believe that anyone would want to watch video footage of this horrible death, but it’s currently one of the very hottest search terms on the internet. These poisoned pages can appear on the very first page of your search engine’s results, and if you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software or handing over your credit card details.
This is not the first time such incidents have happened, and it is always best to be cautious when looking for a hotly sought after video such as this. Always tread lightly with this sort of material, and make sure your anti-virus protection is up-to-date before you go looking. (although in this particular case, we suggest you just don’t look for it because it’s nothing anyone needs to see.)
Be careful on what links you click on, or what you download, folks. There’s a new virus in town.
Known as the Knebet Botnet virus, this new attack of malware has already hit major companies and banking institutions, and has harvested at least 68,000 online identities thus far according to The Wall Street Journal. According to a statement from NetWitness, it seems to only be targeting larger networks at this time, but that doesn’t mean you’re safe at home. Amit Yoran, CEO of NetWitness, said that the attacks have harvested online credentials from mission critical systems at banks down to user’s Facebook logins.
The virus seems to be spreading via malicious links in e-mails, so always make sure you trust the source of any link you click on in an e-mail, and never download anything from a site you don’t trust implicitly. These are good rules of thumb at all times, but with a new virus spreading, it never hurts to up your caution.
Twitter has been undergoing an attack on passwords, and while we think some of their logic is flawed to the cause of it, they still make a good point.
Over the past few days there has been an increase in password problems at Twitter. As the popular microblogging service tried to track down the problem, they feel they tracked it down to a problem with fake Torrent sites: sites that trade in pirated movies, music, TV shows and more. Their conclusion was you created an account on those sites, used the password you use on other services, and the site owners then went around attacking you on other sites with your passwords.
While there are some flaws in this theory, namely people who have never used a Torrent site were also attacked, their reasoning is sound on using different passwords. If you always register at sites with the same email address and password, then it is easy for someone to take your information from one site and apply it to another.
Using different email addresses for each site would be a pain, but you need to at least change your password for each site to keep your security levels up.
It’s 2010, folks, shouldn’t we be passed people still coming up with lame passwords?
In yet another example of password stupidity, a recently released list of hacked passwords showed that “123456″ was still popular.
Last year RockYou was hacked and millions of passwords stolen. The list made its way on to the Web, and beyond hackers downloading the list were security experts who wanted to study it. From that list they came up with the 32 most popular passwords on the site, which you can see to the right.
According to The New York Times, it wasn’t just these 32 that bothered security experts, but the fact that around 20% of the passwords came from a pool of only 5,000 passwords.
There was another similar story recently about how Twitter has a list of 370 passwords you can’t use, and that seems like something every site should be doing as evidenced by this list. If a password is easy for you to remember, that also means it is easy to hack. The fact that some people have used a password of “0″ is just mind boggling to me.
Two sites now have revealed their passwords, and both sites have shocked us with the stupidity of the passwords people choose. Does no one care about identity theft? Does no one care about protecting their data?
Take the time, educate yourself on how to create a stronger password and start using them today!
Just a word of warning, never trust a text message about your bank account as being authentic.
Two of us here at StarterTech have gotten the following text message this week from “9099″:
customer issue, us bank service frozen. please call at 802 221 1115
Both of us have accounts with this chain, but Rosemary, who was the first to get the message, called the local branch directly and confirmed there were no issues with her account. We were suspicious of the message from the start for the main reason she has never given the bank her cell phone number. Also upon talking to the bank, they were confused by the verbiage as it didn’t sound like anything the bank uses.
Today when I got the text, I used a Skype account to call the listed phone number so it would show up as unknown on caller ID. I got a message about the mailbox being full, and that was it.
As with scam emails, pay attention to the style of the text.
Notice there are no capital letters
Improper use of grammar
This is a classic “phishing” attack, and it is just the type that throws a wide net. We have received similar texts about other banks we don’t even have accounts with, but they know they will hit people who do have accounts with them.
Apparently some people still have not learned how to create a good password.
Popular micro-blogging service Twitter has now come out with a list of 370 passwords you are now allowed to use when creating your account. Apparently more people need to learn how to pick a password. TechCrunch discovered how to see all of the banned, but ValleyWag listed all 370, and … well … they’re an interesting mix of stupidity and oddballs.
In this day and age you have got to pick tougher passwords. Remember to mix numbers, letters and symbols. For instance, say I wanted to use “StarterTech” as a password (which I would never do), I could write it out as “$t^rt3rt3ch”. It still spells out the word, but I have mixed all the symbols and numbers in so it wouldn’t be easy to hack in a brute force password hacking attempt. Don’t just use “password123″ for crying out loud.
There is no doubt that Umar Farouk Abdulmutallab’s failed terror attack has changed thing for travelers yet again, but it took a leaked document to let passengers know exactly what the new rules are.
Yesterday we told you that the Transportation Security Authority’s (TSA) new rules in the wake of Umar Farouk Abdulmutallab’s failed bombing on Christmas Day. Confusion has been the order of the day since these new rules came to be enacted, but now, thanks to a leaked document to Gizmodo, we have a bit of a clearer picture as to what is going on exactly.
U.S. DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
Aviation Security Directive
Subject: Security Directive
Number: SD 1544-09-06 Date: December 25, 2009 EXPIRATION: 0200Z on December 30, 2009
This Security Directive (SD) must be implemented immediately. The measures contained in this SD are in addition to all other SDs currently in effect for your operations.
INFORMATION: On December 25, 2009, a terrorist attack was attempted against a flight traveling to the United States. TSA has identified security measures to be implemented by airports, aircraft operators, and foreign air carriers to mitigate potential threats to flights.
APPLICABILITY: THIS SD APPLIES TO AIRCRAFT OPERATORS THAT CARRY OUT A SECURITY PROGRAM REGULATED UNDER 49 CODE OF FEDERAL REGULATIONS (CFR)1544.101(a).
ACTIONS REQUIRED: If you conduct scheduled and/or public charter flight operations under a Full Program under 49 CFR 1544.101(a) departing from any foreign location to the United States (including its territories and possessions), you must immediately implement all measures in this SD for each such flight.
1. BOARDING GATE
1. The aircraft operator or authorized air carrier representative must ensure all passengers are screened at the boarding gate during the boarding process using the following procedures. These procedures are in addition to the screening of all passengers at the screening checkpoint.
1. Perform thorough pat-down of all passengers at boarding gate prior to boarding,concentrating on upper legs and torso.
2. Physically inspect 100 percent of all passenger accessible property at the boarding gate prior to boarding, with focus on syringes being transported along with powders and/or liquids.
3. Ensure the liquids, aerosols, and gels restrictions are strictly adhered to in accordance with SD 1544-06-02E.
2. During the boarding process, the air carrier may exempt passengers who are Heads of State or Heads of Government from the measures outlined in Section I.A. of this SD, including the following who are traveling with the Head of State or Head of Government:
1. Spouse and children, or
2. One other individual (chosen by the Head of State or Head of Government)
3. For the purposes of Section I.B., the following definitions apply:
1. Head of State: An individual serving as the chief public representative of a monarchic or republican nation-state, federation, commonwealth, or any other political state (for example, King, Queen, and President).
2. Head of Government: The chief officer of the executive branch of a government presiding over a cabinet (for example, Prime Minister, Premier, President, and Monarch).
2. IN FLIGHT
1. During flight, the aircraft operator must ensure that the following procedures are followed: 1. Passengers must remain in seats beginning 1 hour prior to arrival at destination. 2. Passenger access to carry-on baggage is prohibited beginning 1 hour prior to arrival at destination. 3. Disable aircraft-integrated passenger communications systems and services (phone, internet access services, live television programming, global positioning systems) prior to boarding and during all phases of flight. 4. While over U.S. airspace, flight crew may not make any announcement to passengers concerning flight path or position over cities or landmarks.
5. Passengers may not have any blankets, pillows, or personal belongings on the lap beginning 1 hour prior to arrival at destination.
AIRCRAFT OPERATOR ACKNOWLEDGMENT: The aircraft operator must immediately provide written confirmation to its assigned PSI indicating receipt of this SD.
AIRCRAFT OPERATOR dissemination required: The aircraft operator must immediately pass the information and directives set forth in this SD to all stations affected, and provide written confirmation to its PSI, indicating that all stations affected have acknowledged receipt of the information and directives set forth in this SD. The aircraft operator must disseminate this information to its senior management personnel, ground security coordinators, and supervisory security personnel at all affected locations. All aircraft operator personnel implementing this SD must be briefed by the aircraft operator on its content and the restrictions governing dissemination. No other dissemination may be made without prior approval of the Assistant Secretary for the Transportation Security Administration. Unauthorized dissemination of this document or information contained herein is prohibited by 49 CFR Part 1520 (see 69 Fed. Reg. 28066 (May 18, 2004).
APPROVAL OF ALTERNATIVE MEASURES: With respect to the provisions of this SD, as stated in 49 CFR 1544.305(d), the aircraft operator may submit in writing to its PSI proposed alternative measures and the basis for submitting the alternative measures for approval by the Assistant Administrator for Transportation Sector Network Management. The aircraft operator must immediately notify its PSI whenever any procedure in this SD cannot be carried out by a government authority charged with performing security procedures.
FOR TSA ACTION ONLY: The TSA must issue this SD immediately to the corporate security element of all affected U.S. aircraft operators.
FOR STATE DEPARTMENT: Retransmittal to appropriate foreign posts is authorized. Post must refer to STATE 162917, 201826Z Sep 01, Subject: FAA Security Directives and Information Circulars: Definitions and Handling, for specific guidance and dissemination.
For now it appears the rules are set to expire on Dec. 30th, but don’t be surprised if these get extended in at least some sort of modified version beyond that date.
As we said yesterday, travel as light as possible for now, folks.
Ever run in to a Web site that you know for sure started loading a virus on to your computer? Why not do your part to keep the Internet safe and report them?
Last night I encountered a virus attempting to load itself on to my system. This was not a nefarious site, and one that I have been visiting for years, and much to my shock it started to load one of those “Your system is at risk!” bogus programs that tries to trick you into loading it, and then you spend 3 days trying to clean it out of your system.
Since this is a site I have visited for years, I dropped them an email as opposed to reporting them, however, if you do run into a site that is obviously malicious, did you know you can report them to Google?
Considering Google is the largest search engine, getting booted from the search results can be pretty damaging to a site, so this actually does matter. If a site is found to be truly malicious, Google will remove them from the search results, and they will also put up a page that warns you of the reports before you entire the site. All you need to do is go to http://www.google.com/safebrowsing/report_badware/, enter the URL, answer the security question and enter text about why you think the site is bad, click “Submit Report” and you’re all done!
Do your good deed for the day by reporting the bad guys.
Just in time for the holiday shopping season, Amazon has introduced a new layer of security to its Amazon Payments system which is intriguing for what it might mean later on.
Amazon Payments has been popping up all over the Web as a way for customers to pay for purchases with the information they have stored with the mega-retailer. Well, starting today, you can now use the payment system without ever having to enter your credit card information on another site that uses the system, and you can also check out in just three steps.
PayPhrase is a system where you create a phrase unique to you – each phrase can only be used once in the system, so expect some wacky combinations cropping up – that you will enter anywhere you see the Pay Phrase dialog box. You enter your phrase, enter your pin number when prompted, click the order button, and you’re done. Pretty simple, and also fairly secure as only Amazon will have access to your credit card information.
While this is already potentially handy, we here at StarterTech think the true genius of this system will be realized once it shows up in mobile applications. It doesn’t matter how good your smartphone is, typing all of your information in for an order on a mobile device gets annoying. The less you have to type in on your cell phone, the better, so this could be a major step forward for mobile payments. Heck, we could even see it being used in restaurants. Imagine a waiter walks over with an iPod Touch that has your bill shown, you type in your PayPhrase and pin number, and your bill is paid for. Your waiter never touches or even sees your credit card.
Some people are laughing this system off, saying that if people can never remember their password, how will they ever remember this? Give it some time, but we think this new tool could revolutionize several different aspects of commerce.
One of the cornerstones of the Internet since it was introduced to the public was anonymity, but now some people are calling for that to be done away with.
According to The Register, Eugene Kaspersky, CEO of Kaspersky Labs, is calling for all users of the Internet to have a passport that identifies them no matter where they go on the Internet. His reasoning is that this would lessen security attacks as you would not be allowed to go anywhere on the Internet without your passport.
Everyone should and must have an identification, or internet passport.”The internet was designed not for public use, but for American scientists and the US military. Then it was introduced to the public and it was wrong…to introduce it in the same way.
I’d like to change the design of the internet by introducing regulation – internet passports, internet police and international agreement – about following internet standards. And if some countries don’t agree with or don’t pay attention to the agreement, just cut them off.
While this is certainly a lofty goal, it is also about the most ignorant thing I have ever heard someone at his level say.
Does he really think that hackers wouldn’t figure out a way to generate fake passports? All this would end up doing is encumbering your average user while the hackers would still just run around doing whatever they wanted as they would get a hold of other people’s passport codes. Kaspersky Labs is a well respected company in the security software field, but apparently their CEO needs a muzzle before he goes off with ideas that show such an obvious lack of forethought.
And cutting off countries who don’t sign on to this idea? Excuse me, I have to stop writing so I can go and finish laughing …