Amazon really is Confusing some times!

Your Amazon.com password has been changed!

Dear [First] [Last],

This is an important message from Amazon.com

As a precaution, we’ve reset your Amazon.com password because you may have been subject to a "phishing" scam.

Here’s how phishing works:

A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.com, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company’s website, where you are asked to provide account information such as your e-mail address and password. Since that web site is actually controlled by the phisher, they get the information you entered.

Go to amazon.com/phish to read more about ways to protect yourself from phishing.

To regain access to your Amazon customer account:

1. Go to Amazon.com and click the "Your Account" link at the top of our website.

2. Click the link that says "Forgot your password?"

3. Follow the instructions to set a new password for your account.

Please choose a new password and do not use the same password you used with us previously.

Thank you for your interest in Amazon.com

Sincerely,

Amazon.com

Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.

This Happened a Few Days ago, and I thought I would talk about the security implications of this email. Some users and people are thinking this is fake. Obviously, I was concerned like everyone else so I contacted Amazon to find out about this. I talked on the Phone, and talked to a Representative that didn’t really know why my password was changed. So they told me the she’d give my email address to a specialist and that was it.

Account Alert: Please Read

Greetings from Amazon.com.

Please take the time to read this message – it contains important information about your Amazon.com account.

After careful review of your account, we believe it may have been accessed and used by a third-party to attempt to make purchases without your permission. It seems that someone obtained your personal account and/or financial information elsewhere, and used it on Amazon.com to access your account. Please note that no unauthorized charges were completed as we were able to cancel the order(s).

We have taken immediate steps to secure your account. We’ve assigned a new, temporary password to prevent further access by the unauthorized third-party, and removed any credit cards or other payment methods from your account. Additionally, if any information was added to your account by someone other than you, it has been removed. Your account access has been restored and is available to use at your convenience.

You’ll need to reset your password when you return to our site. Just click “Your Account” at the top of our Home page and select “Forgot your Password?” in the Settings section.” Enter your email address as prompted, and once completed, we’ll send you an e-mail containing a personalized link. Click the link from the e-mail and follow the directions provided. Your new password will be effective immediately. Please note that you will need to re-enter your complete credit or debit card number during the checkout process.

It is important to know that Amazon.com accounts can only be accessed by those who know personal, specific information about you and your account, including your email address and Amazon.com password. As mentioned above, it appears someone obtained this personal account information elsewhere and used it on Amazon.com to access your account.

While it is not clear how this happened in your case, we do know that personal account information is often obtained by scam artists who send unsolicited email to unsuspecting users asking them to "update" their account information. The email usually contains a link to a website that is controlled by the thief asking the user to submit personal information including email address, password, credit card number, and other relevant information. Once the information is obtained, the scam artist can then gain access to numerous online accounts since many internet users frequently use the same user name, email address, password, and financial information at multiple web sites.

Please know that Amazon.com employees will *never* ask for your password, nor will we ever send an email asking you to verify personal information.

Although it appears someone did access your Amazon.com account, they would not have been able to view your full credit card numbers as they are never displayed on our site. However, it is possible your credit card numbers may have been compromised at the time your other personal information was obtained. Therefore, we suggest you carefully review recent credit card statements to check for any unusual activity or unauthorized charges.

In the future, you can protect your Amazon.com password and account by following some of these safety tips:

———————————————————————–

1. Choose a good password: Use at least 8 characters and a combination of letters and numbers. Do not use single dictionary words, your name or other personal info that can be easily obtained, or a password that contains part of your email address.

2. Password protection: Avoid using the same password at multiple sites or for your email account. Do not share your password with others.

3. Account protection: Be cautious of unsolicited emails that appear to come from reputable online shops or services that ask you to submit personal information such as your credit card number, email address, and password. Often these emails will look as though they come from the company you’re familiar with, and the email will ask you to click on a link and "sign in". You should never provide this kind of personal information in an unsolicited email.

I don’t know if this isn’t just an automated message because anyone who know me, knows I do listen to Security Now and other such security podcasts. So I know about phishing attacks and other such ways of how someone can get your password. I’ve recommended Lastpass in the past and still recommend it. I don’t get what happened but it looks like they were concerned with my account and decided it need to be restricted until I changed my password. I even like the fact that Lastpass now uses Yubikey as a second factor of authen
tication, which I am quite glad they have implemented this. Great Going Laspass guys.

Don’t Click Links in Emails!

I’ve talked about in the past but I thought it was something that we should at least remind people. If you get an email with a link to your account and you’re not expecting it then don’t click it. You can click links if your resetting your password but those are expected. I always tell people if your not expecting it, talk to the person who sent it to you because they might have a virus or some link that will compromise your account or get your passwords. Remember, surf safe and think about your security.

Security is #1

Paul Sylvester

Security and Privacy go hand in hand! Or does it?

Brigid's Well (5 Stones to Pray the Rosary by) (7) Image by sfpanda_pix via Flickr

Privacy Really?

I’ve been commenting on Gail Garners Blog about how Google mail is putting ads in the emails.  Now I have done at least one post about Privacy and you not having it.  If you haven’t read my  post then I will give a outline of that post.

It basically boils down to some main points that I will discuss on this post:

  • No-one is Immune on the Net — Anyone and everyone has some information floating out on the internet and even celebrity information that they don’t want you find can be found if you look hard enough.
  • Know the Information before anyone else — Seriously if you want to keep track of what is being put out on the net about you.   Have Google email you when either name or some other information that you are looking for gets put out on the net.
  • Be Ready for Anything — There isn’t much you can do to actually be ready for Anything but it is more of a statement to yourself that “Nothing will surprise you.”.   Sometimes just taking a long hard look at your life and remembering some of this can be quite concerning, so you should be ready for someone to find out and have an answer for them.
  • Our life are infinitesimal compared to the scheme of things —  Everyday, I am constantly thinking what can I do to make someone’s else happy.   I find blogging makes me happy but I always want to make others just as happy as I am sometimes.   I sometimes like to wake up in the morning and just thank God for each day I can bring something new to my readers!

How Security is involved in Privacy

If you read the title and was a little curious why security is crucial to privacy.   It does not take a rocket scholar to figure this out.  If your are one to worry about your privacy then you should be also worrying about what information is leaking out on the internet from sources that you have no control over.   This means you have to figure out just how far you willing to go.

  • Friends —  Sometimes your privacy is left to who you decide who your friends are.   They might accidentally mention your name or some other random tidbit about you.   It all depends on who your really trust and tell them not to share your information.
  • Family — Almost the exact same people as friends but since they are your family, there may or may not be trust so you will have to deal with them in your own way.   This is why I grouped them separately!
  • Services — If your ever signed up for Facebook or other social websites than you have not truely read the Terms of Service.   Most of them, if not all, require to the user to have personal information on there server.   In turn, someone could get on there server illegally and copy all those names and information.

As with my previous post about epsilon having been hacked.   If you have a computer or the internet then your information is slowly being leaked and there is nothing you can do about it.   You can minimize it but that is about all.

I want to hear from you.   Do you think you can still be invisible on the internet?  Leave a comment or ask a question.   I’d love to hear what you have to say!

Paul Sylvester

Reports are coming in that WPA is no longer secure!

[ad#ad2-left-1]

According to a media reports, Erik Tews and Martin Beck claim that they have found a way to unlock the Temporal Key Integrity Protocol (TKIP) key, used by WPA, to read data sent from a wireless router to laptop computers. According to the researchers, the key can be cracked in 12-15 minutes.

[via Sophos]

According to Sophos, they are claim that people can now watch what you are doing on a Wireless router to a laptop. Although this isn’t to be unexpected this is a very serious out come. It is now easier to watch what people are doing online. So does that mean people can see everything you do? Not necessary. According to some people this is harder than it seems, most of the websites you visit are not encrypted, but websites that use the “https” protocol are more safer to use online. You should be safe if you are buying things online as long as you are sure it is secure. Some other steps to take to help make it harder to unencrypte your wireless single is to use Roboform promotion codes you will get for 10% or 20% off the purchase price!!

[ad#ad2-right]Some other steps to consider are:


If you have a wireless router and want to be secure with any transactions online you might think about hooking up to the internet via the CAT5 cable.  This is one way to prevent anyone from seeing what you are doing online and protects your privacy.  Although this too can be overcome in certain circumstances they are much harder to do and implement so you are safer this way than with most others.

Get over it, You’ve got no Privacy on the net!!

I’ve been talking to my friends at work and in other places, they’ve all asked the same question from time to time.  “Is privacy on the internet a possibility?”  and in short my answer is “No, you’ve got no privacy on the Internet!”  This is what I like to refer to as people wanting privacy to be on the internet.  Let’s face it folks, there is no privacy on the internet.  People are worried about Youtube debacle and I understand! In today’s society and time there is no privacy.  If let’s say you’ve come to my site.  What would I find out you?

  1. Your IP
  2. What you searched for in Google, Yahoo, AOL, to get to my site!
  3. Type of Operating System (Windows, Linux, or Macintosh)
  4. Where you just came from, unless you’ve chosen to come to my site directly
  5. You screen resolution
  6. You browser your using!

I don’t tell you this to make you not want to visit my site.  This type of stuff is always going to be recorded by almost 95% websites you visit.  It’s always going to be an unspoken understanding.  I have to keep up to date on what happens on my site.  It’s just normal to get the information and be able to see where everyone is coming from.

Why do sites have statsictics?  It’s to find out how well there site is doing.  It can also be used to keep up-to-date on what happens with search engines and what is popular.  So these sites can become a better site.  Yes it is true that most sites decide well in advance what looks like a popular topic. I understand this and now you can too.  They want people to come to there site.  I hope you understand that to, most bloggers, and I include myself in this, want a discussion about topic at hand.  I love to find out what people think of my site?  Here’s a little secret, a hot topic brings out the comments because the ones who are passionate about a topic will comment about it.  It comes in waves though so there will be days that nothing happens and there will be days you get a ton of people coming to my site.

It’s the nature of the beast, or I should say the internet.   “Do we need to worry about what we do on the Internet?”  and I say whole heartedly “Yes!! But if you take my advice and understand this, everyone wins.  Bloggers figured this out in the early days of blogging.  They’ve know about stats before we even had the internet before blogging was an option.   This is something that has to be present to make these website a better place for people of all nations.

In the near future, I’ll be discussing how you can prevent people from finding out some of this information by clearing your cookies and your cache.  That doesn’t mean, by doing this you’ll be anonymous it just means that no one, will know certain things about you.  For example, have you been to this or other sites before? I’ll be explaining this in detail soon, so be watching for it!

Although I’ve been collecting this data about my visitor I do no have access to other sites so in that respect I only know so much about the people who visit my site.  Now I must point out I do not nor shall I ever keep a log of what people do on my site.  The statistics that I have been gathering, I’ll on occasion just delete them and start a new. My statstics are rolling, so I only gather so much data before the new data kills the old data.  So in essence, you are somewhat protected from people looking over you shoulder, but the truth is.  Someone somewhere sometime is going to be watching everything you do at some point.  So lets sit back and relax and imagine we are sitting on a desserted island and you can call me Skipper and I’ll call you Gilligan.

While looking around the internet, I found this one article that looks somewhat truthful about the Youtube and Viacom lawsuit debacle.  I thought I’d share it with you and let you decide for yourself!!

Browse the Internet Anonymously with Tor

Video weblog Unwired explains how to browse the internet anonymously with The Onion Router network (commonly known as Tor). We’ve covered anonymous browsing with Tor in the past, but this Unwired explanation features a nice introduction to how Tor works and how to get started with Tor using the TorButton Firefox extension. Concerned about privacy at work? Check out more ways to bolster your browsing privacy on the job.