Looks as though a third party app was hit for a phishing scam that has allowed the perps to appear to take over hundreds of Twitter accounts. According to Mashable, since all of the spammed tweets mention coming from the API, the accounts themselves are probably still OK. It’s the app they’ve allowed access to that’s been compromised.
TIP: Always think twice before giving an app access to your account. Do your friends use it? Have they had problems? When in doubt, Google the app. See if it’s legitimate before you click allow.
Spammers harvesting emails from Twitter in real time!
As if you didn’t have enough things to worry your pretty heads about, spammers have figured out a simple email harvesting trick using Twitter. This is too easy. Straightforward queries for tweets containing, “gmail.com”, “email me at”, “contact me at” etc. reveal thousands of tweets that can be quickly scraped and harvested with a script.
TIP:Never reveal your email openly on Twitter. DM only!
Attackers, like marketers, are targeting brands better
“Cyveillance determined that during the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of the year. Averaging more than 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed, the report says.”
Investigators in Spain shut down the Mariposa botnet, finding out the perps weren’t the sophisticated geniuses they expected.
“They’re not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime,” said Cesar Lorenza, a captain with Spain’s Guardia Civil.
Blippy = TMI
For the life of me, I cannot figure out why anyone would use this service. Blippy allows you to post your purchases—in real time—to credit cards, ecommerce sites, etc., publicly and let your friends like or comment on your purchases. Seriously. Dancho Danchev’s post, Does Blippy really pose a security risk? is a must-read wake-up call for anyone using or planning to use this service. Hint: Don’t. Even Web Celebs like Leo LaPorte post rather sizable purchases on Blippy, making question whether or not he realizes what a target he is making himself into.
This scam is pretty ingenious in an evil way. According to the MarkMonitor blog,
“This recent attack also stands out because it utilizes some advanced technologies and suggests possible directions of future cybercriminal activity. First, the attack uses server-side logic that hides the phishing site unless it is accessed through the browser produced by the smartphone company. Second, the attack uses additional protective technology in the form of a fast-flux network, which hides the phishing site behind a dynamic network of ever-changing proxies. These two smart technologies demonstrate how cybercriminals continue to focus their efforts on making their attacks targeted, stealthy, and resilient.”
Choosy hackers choose PDF
According to a recent report of more than a trillion Web requests, PDFs were responsible for a staggering 80% of all exploits targeted at Adobe Reader vulnerabilities. The report (ironically itself a PDF) mentions that Flash-based attacks actually dipped from 40% to 18% in Q4 2009 while malicious PDFs rose from 56% to 80%.
More stories tomorrow. Lots going on! What do you think of Blippy? Too much info? Let us know!
If you mark yourself as a fan of McAfee on Facebook, you can have a free six month trial of of McAfee Security Software for your PC. This is possible because of an agreement between McAfee and Facebook. According to McAfee:
“Research has shown that up to 78 percent of consumers do not have updated anti-virus, an enabled firewall and anti-spyware, and 48 percent of them have expired anti-virus, the most fundamental protection. So many people without even the most basic protection for their computers are an obvious risk to themselves, but also to people with whom they interact online. The agreement between McAfee and Facebook is designed to address this problem.”
To take advantage of this offer, head over to the Facebook Security page and click the tab titled, “Protect Your PC.”
I read a news story last night about high school privacy invasions that irritated me to no end. Apparently, Harriton High School in the Philadelphia area supplied its students with laptops with built-in webcams (Macbooks), and then allegedly turned them on randomly to spy on kids in their own bedrooms! According to the report from Philly.com:
In a lawsuit filed Tuesday in federal court, the family said the school’s assistant principal had confronted their son, told him he had “engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district.”
This is way too much like Big Brother for my taste. I understand (and approve of) schools knowing what is on their laptops, but to turn on cameras remotely and spy on kids off school property? No way.
“My first thought was that my daughter has her computer open almost around the clock in her bedroom. Has she been spied on?” —Parent, Candace Chacona
According to Philly.com, Lillie Coney, (Associate Director of the Electronic Privacy Information Center), had not heard of any other case in which school officials were accused of spying on students at home through a webcam. If the allegations are true, she said, “this is an outrageous invasion of individual privacy.”
We all know that Generation Y shares too much. They post all kinds of photos to social sites that are better left unseen by parents and potential bosses. Their optimistic, yet naïve view of the world seems to have no shame in showing everyone their sexuality, their partying, their embarrassing moments. At the same time, these posted photos are their choice, and no one has the right to invade their personal space.
