Gmail and Google Talk users be warned, the service is under a phishing attack.
The image to the right (provided by Adam Ostrow of Mashable) shows the message people using Gmail and Google Talk have been receiving for the past few hours. When you click on the link, you are taken to a site (pictured below) named ViddyHo. The site asks for you to log in with yoru Google credentials to view the video your friend is supposedly sharing with you. Instead, what you are doing is giving your username and password to a third-party who then spams your entire Google contact list with the same message to get more people to go to their site and do the same.
Back in January we reported on a phishing attack on Twitter that was using a similar method, and again we must warn you that you should never give your login credentials for any service to any site that is unkwown to you. If you receive a message like the one shown here, ask the person what the video is before you click on it, and even if you should click through, never give your login credentials! If something like this does ever happen to you, make sure to change your password immediately upon discovering it.
Ever wondered if someone is accessing your Gmail account? You’re in luck! There is an easy way to tell.
It is inevitable that every one gets the feeling at least once that someone has accessed their email account without permission. We recently received a question from a reader about how to tell if his Gmail account had been accessed by someone other than himself. Luckily there is an easy for you to check this as often as you like with just a few clicks… two to be exact.
The first thing you need to do is scroll all the way to the bottom of the page of your inbox. In the area where it tells you how much space you’ve used and so on, you will see the word “Details”. Simply click on the word and you will see a popup window appear.
In the popup window you will see the last five sessions of your Gmail account, and the IP address you are currently using. If you see an address radically different than your own, simply click on the button that says “Sign out all other sessions”, immediately killing all other logins into your account other than the one you are currently on.
That’s it, you’re done! Super easy to check, and something you can do as many times a day as you like to see if someone you don’t approve of is accessing your account.
Popular microblogging service Twitter appears to be undergoing a phishing attack.
Phishing is an attempt by scam artists to acquire personal information about you and your login to popular sites by mimicking official information of another site. In this particular case you will receive a direct message from one of your contacts on the service that says:
hey! check out this funny blog about you… http://jannawalitax.blogspot.com/
Luckily the website has not been blocked by Google as you can see from the image below that you now receive when you go there.
When the page was unblocked it did look exactly like the Twitter login page and asked you to submit your username and password that you could see this “funny blog about you.” The problem here is that these particular scammers undercut themselves with anyone that is the least bit web savvy by directing you to a blogspot.com blog and then asking you to login in to your Twitter account which has no connection whatsoever with blogspot.
According to Pete Cashmore at Mashable, part of the problem in this particular case arises from people who have their direct messages set to be delivered to them via email. If you were to click on that link inside of a piece of mail, you might be more likely to go ahead and sign in with your user information.
As always, you need to be careful with any site you visit that then asks for your login information for a site. Does the web address look correct? How did you get there? All questions you should be asking yourself before you give any site your information.
UPDATE: They have already changed their message. The new one is:
Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login
UPDATE #2: They have changed their tactics again.
hey look at this funny blog http://rosalierebyb.blogspot.com/
UPDATE #3: You have to give them points for their persistence.
fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login
“I can help you with that, just let me have your password and I’ll be able to take care of that straight away for you.”
As hard as it may be to believe, people will just go ahead and give someone their password after being asked such a question. After you’ve gone through the trouble of picking a strong password, it would be a shame to waste it by just giving it away to someone.
It is amazing how often this actually comes up online, even after this many years of the Internet being a popular past time for people. So here are a few do’s and don’ts of online password safety.
Do’s
Make sure you went to a web site by typing in the address yourself, and not clicking on a link in an email
Click on links in emails that then ask you for your password
Give your password out to anyone in a chat room
Give it to a friend so they can help you out with something
Give out over the phone
Basically, treat passwords like you would anything like your passport or social security number, don’t just tell it to anyone on a whim. If you are curious what prompted this, I actually saw someone in a game chat room tonight trying to get someone else’s password, so it does still happen.
While it is good news that this patch is out there, you will still have to wonder how many people never even know it was there, let alone that it is now fixed. We still recommend you look at using other browsers such as Firefox, Chrome or Opera.
Some days it just doesn’t even pay to turn on your computer when you run in to malware.
Malware is short for “malicious software” which is any piece of software that loads on to your computer without your informed consent, and intends to do harm to your system in some way. One of the most popular versions is a style known as “Rogue Malware” that usually intends to in some way mimic other software. The best known example of this style is the type I get infected with last night known as “Antivirus 200X”.
Antivirus 200X (there are versions for 2008 and 2009) attempts to fool you in to thinking that it is a Windows security program and that is is scanning your system for spyware, malware, adware and viruses. It will fake reports for these items and tell you that you will need to purchase their software to remove the harmful files. Until you do buy it, it will take over your system, attacking you with pop-up ads even in web browsers you don’t currently have open.
While I had fought off Antivirus 2008 before on someone elses computer, the 2009 iteration is even more devious. It barred me from going to websites that hosted software to uninstall it, even when I did finally get the software on the computer it kept me from installing it and it also locked me out of being able to edit my registery file so I could remove it by hand.
After trying several programs, I finally found one called SpyHunter V 3 that unlocked the installation problem. Once that was done, I used a combination of other softwares, and invested around 6 hours in fighting the infection. To help save others some of these problems, here is what I suggest you use”
Malwarebytes took out the main problem of the actual Antivirus 2009. I found good instructions, and a download link, at BleepingComputer.com
AVG Free seemed to find even more and has now installed guards warning me of potential problem sites
And when I found I still was getting random popups, BleepingComputer.com again came through with ComboFix. Make sure to follow the instructions on this one closely.
So after six hours of pain, my system seems to be free of this pain finally, but I am still being cautious.
Just remember to be safe in your surfing, backup your files frequently, and keep your anti-virus software up to date!
Internet Explorer users have a new security flaw they need to be concerned about.
According to the Chicago Tribune, the “Zero-Day” flaw, meaning a flaw that has always been there, but only recently exposed, only requires a potential victim to visit a malicious website. The user does not need to download anything, so in the course of their normal Web browsing, they could simply stumble into the malicious coding. The coding installs itself on your computer and is currently used to harvest passwords for popular online games, which can then be sold on the black market.
At this time the flaw is only known to exist in Internet Explorer 7, the most popular iteration of the program, but could very well be lurking in older editions also. At this time, Microsoft, the makers of the program, have not yet released a security patch, nor have they given any indication to one may be forthcoming.
Until such a time as a security patch is released, it is recommended that users download another browser such as Firefox, Chrome or Opera (our choices are in that order, but all are good) to use.
MakeUseOf.com, a well-known tech blog, had their domain name not only stolen, but held for ransom today.
While the domain name is now back under the rightful owners control, they had a lengthy and draining battle to get it back after GoDaddy, a major web registar, transferred the title far faster than they should have. All of the details of what exactly happened still are not 100% clear, but MakeUseOf kept their readers updated with a temporary blog of the happenings as the information rolled in. This should be considered essential reading by anyone who owns domain names.
Until it is fully known what exactly happened, it’s difficult to tell you how to protect yourself from something similar happening, but if something like this does happen:
Do not panic.
Do not pay the ransom.
Contact the company you registered the domain with immediately.
Follow their instructions to the letter.
Domain names are your identity on the web, and having yours held hostage can probably feel as bad as having a loved one taken from you. Stay calm and try to follow all of the domain registars instructions as best you can.
It seems a hole has been found in Twitter, the popular micro blogging service, that allows people to see private messages you send to other users.
Valleywag is sharing information that came from a Hungarian website that it is fairly easy to see all the messages on a person’s Twitter account, including those that are private between members. It is sadly extremely easy to pull off also.
That’s it, all you need to do is put in the name of the user, without the brackets,and you can see their entire message stream.
This is a good chance to remind all of our readers that you should never trust your personal data on mainstream websites. It is also a good time to remind you that you should also have strong passwords. With recent stories of how pop singer Miley Cyrus had her MySpace account hacked into, and most famously Governor Sarah Palin had her personal emails revealed, you can never have strong enough security.
The safest thing to think is that if you put something on a site such as Twitter, it is not going to be safe, and someone will find a way to view it eventually.
WowWee, the company behind the popular Robosapien, looks to have another hot holiday gift coming out for this year’s winter holidays.
Rovio is a new item from the company, but they make it very clearly that this is not to be considered a toy. The three-wheeled robot is a Wi-Fi enabled security sentry that can be programmed with up to 10 preplanned courses, can then take pictures and email you the image so you can know what it going on at your office or home when you’re not there.
If you prefer to actually control the device in real time, you can control it via a simple interface on your computer and send signals to it via the Internet.
From everything we have read about it, the device is extremely easy to set up and use, and the possible uses for it are pretty limitless.
Have elderly parents at home? Check on them while you’re at work.
Have pets? Make sure they have food and water when you’re not home.
Check on the nanny.
Patrol your office after hours.
Patrol your house at all hours, see what’s going on when you’re away on vacation.
That is just a handful of possibilities, but this is an exciting advancement in home security, and “toy” or not, it is sure to be a hot holiday gift.
Gmail and Google Talk users be warned, the service is under a phishing attack.
Ever wondered if someone is accessing your 
Popular microblogging service 
“I can help you with that, just let me have your password and I’ll be able to take care of that straight away for you.”
All users of Internet Explorer need to update immediately to fix a critical security hole.
Some days it just doesn’t even pay to turn on your computer when you run in to malware.
