rate – Paul's Tech Talk

Careless Facebook profiling can lead to Identity Theft!

PaulFebruary 19, 2009

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity. You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

This deservese a little mind and a lot of understanding. By the spammers hacking into facebook accounts they have the chance to scam or spam people with links to possibly have a virus or trojan installer.

[ad#ad2-right]For example This one blog talks about the Virus:

Symantec’s Norton Antivirus software has flagged this as a “high risk” Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is “low,” since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it’s from a friend, but they did not intentionally send it to you — and yes, their Facebook photo is attached, too.

[Via Sync-blog]

Now I went searching through my friends list and also found this little bit of information. As you can see this one is asking for people to use there account to scam people out of money. They could use this to find out even more information of the Other partner and make you believe your talking to the real deal. Saying they need money because they are stuck over seas or something like that. I’ve seen this on other blogs where people have sent money to “friends” but are actually people who are the scammers. Then if you send the money you are out of luck with your money and possibly your friends to. I am sure there are more but this is prime examples of what you shouldn’t do and why.

So what can you do to prevent Identity Theft and/or being scammed?

Roboform Review — A Password Manager that will help protect your passwords from key loggers and other such phishing sites. I strongly recommend it to to all who are security minded. (Never use the same password for all your accounts)

Are you worried about your identity? — This is good information in checking out sites that might be questionable. You can find out what type of site it by using your brains.

Old Phish Become New again — This is blog post about twitter and what may happen if you did give out your password. This is a good example of why you never should give out your password to third party websites.

Twitter Spammers a getting more smarter — This is also good example of what happens when you see become friends with someone who isn’t real. You could be the next to be spammed and/or impersonated.

If you follow some common steps you to could prevent from being the victim or getting your Identitiy stolen. Some things to remember is Never tell anyone your Birthday the whole date like someone did on twitter a few days ago. It’s nice that they are growing older but that gives people that much more information to use to steal your money or your idenitiy. Think before you give out any personal information like Age, Married, who your married to and anything that might be used to be able to access your account or your impersonate you. Remember only you can prevent from being scammed or lossing your identity, you wouldn’t want to have to pay for your mistakes.

Some program Vulnebilities Detected!!

PaulNovember 25, 2008

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure. if I find any others I’ll let you know!!!

Google SearchWiki dies after two days!!

PaulNovember 22, 2008

According to Techcrunch Google Pulls the Google SearchWiki. Unsure as to way but here’s what they said:

Users are reporting that the recent changes to Google’s search engine, called SearchWiki, have simply disappeared from the site. It’s certainly gone from my account.

[ad#ad2-right]User reactions were mixed but weighted heavily towards “this is lame,” and there was no way to turn off the features other than to conduct Google searches without being logged in. Another way to turn it off was to switch search engines.

[via TechCrunch]

I’ve got my theory on this, and it’s quite a good theory. I think it was a making search results come up wrong or not at all. The last two days they’ve had that going my page views have drop BIG time. According to my Stats I’ve had 236 Unique Visits for Thursday, and 232 Wednesday. My Friday stats show that I only got 185 Unique Visits, dropping 40 to 50 people. My stats for today which is incomplete shows that I’ve only gotten 136 unique visits. Although that is complete you can see where I dropped drastically. I think Google was getting yelled at by websites due to the stats dropping. I am guessing people could tell if they wanted to go to a site just by reading the comments. This will hurt every site, including TechCrunch. I will say this is only a theory and this might or might not be the case.

This however is the best possible explanation that I could come up with. Do you know why they did that? I don’t know?

Google Creates the ultimate Search Wiki!!

PaulNovember 21, 2008

Google has started to do let people rate the searches and help find the better articles. Google is calling it Searchwiki. Here is a screen shot:

[ad#ad2-left]You can now help judge and rate search results. You can also X out the ones that are not right. I am going to play around with this even more. It started out on Google Trends and Now people are all wanting to know more about this. This could help my site even more. I want to know what others are thinking about this? Is this Good or can this be good for the spammers? You decide.

Some other Websites talking about this are:

TechCrunch

Wall Street Journal

ZDNet

These are just a few but I wanted to let you see what other websites are talking about this new feature. I do want to hear what you think about all this and what is likely to come later on?

How to disable autorun the easy way!!!

PaulNovember 21, 2008

I read a report from Cnet about USB devices spreading Virus and I will quote:

The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices,” said Gunter Ollmann, chief security strategist for IBM’s ISS security division. “They are today’s floppy drives.”

[ad#ad2-right]An infected computer can spread a virus to a clean USB thumb drive that is inserted. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled. The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann.

[Via Cnet]

In order to disable “autorun“, which in Vista is called Autoplay. In order to disable Autoplay from starting when you insert media into your computer here is how you do it:

You will need to be Logged in as Administrator before this can be done:

Next click start and type “Autoplay” without quotes. It will bring up a screen but all you have to worry about is this:

You will need to make sure there is no check mark for “Use AutoPlay for all media and Devices”. Click save and close.

[ad#ad2-left]Once that is done, you will have no more Autoruns from USB devices. If you want to disable Autorun in XP, I’d suggest reading some of these articles for XP.

Wikipedia – AutoRun

How to Disable Autorun

These are just a few and are really nice to articles but there are others out there that might be more to your liking. I suggest searching Google for them. I hope this helps you out!!!