Category: Security

Amazon really is Confusing some times!

Paul

Your Amazon.com password has been changed!

Dear [First] [Last],

This is an important message from Amazon.com

As a precaution, we’ve reset your Amazon.com password because you may have been subject to a "phishing" scam.

Here’s how phishing works:

A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.com, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company’s website, where you are asked to provide account information such as your e-mail address and password. Since that web site is actually controlled by the phisher, they get the information you entered.

Go to amazon.com/phish to read more about ways to protect yourself from phishing.

To regain access to your Amazon customer account:

1. Go to Amazon.com and click the "Your Account" link at the top of our website.

2. Click the link that says "Forgot your password?"

3. Follow the instructions to set a new password for your account.

Please choose a new password and do not use the same password you used with us previously.

Thank you for your interest in Amazon.com

Sincerely,

Amazon.com

Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.

This Happened a Few Days ago, and I thought I would talk about the security implications of this email. Some users and people are thinking this is fake. Obviously, I was concerned like everyone else so I contacted Amazon to find out about this. I talked on the Phone, and talked to a Representative that didn’t really know why my password was changed. So they told me the she’d give my email address to a specialist and that was it.

Account Alert: Please Read

Greetings from Amazon.com.

Please take the time to read this message – it contains important information about your Amazon.com account.

After careful review of your account, we believe it may have been accessed and used by a third-party to attempt to make purchases without your permission. It seems that someone obtained your personal account and/or financial information elsewhere, and used it on Amazon.com to access your account. Please note that no unauthorized charges were completed as we were able to cancel the order(s).

We have taken immediate steps to secure your account. We’ve assigned a new, temporary password to prevent further access by the unauthorized third-party, and removed any credit cards or other payment methods from your account. Additionally, if any information was added to your account by someone other than you, it has been removed. Your account access has been restored and is available to use at your convenience.

You’ll need to reset your password when you return to our site. Just click “Your Account” at the top of our Home page and select “Forgot your Password?” in the Settings section.” Enter your email address as prompted, and once completed, we’ll send you an e-mail containing a personalized link. Click the link from the e-mail and follow the directions provided. Your new password will be effective immediately. Please note that you will need to re-enter your complete credit or debit card number during the checkout process.

It is important to know that Amazon.com accounts can only be accessed by those who know personal, specific information about you and your account, including your email address and Amazon.com password. As mentioned above, it appears someone obtained this personal account information elsewhere and used it on Amazon.com to access your account.

While it is not clear how this happened in your case, we do know that personal account information is often obtained by scam artists who send unsolicited email to unsuspecting users asking them to "update" their account information. The email usually contains a link to a website that is controlled by the thief asking the user to submit personal information including email address, password, credit card number, and other relevant information. Once the information is obtained, the scam artist can then gain access to numerous online accounts since many internet users frequently use the same user name, email address, password, and financial information at multiple web sites.

Please know that Amazon.com employees will *never* ask for your password, nor will we ever send an email asking you to verify personal information.

Although it appears someone did access your Amazon.com account, they would not have been able to view your full credit card numbers as they are never displayed on our site. However, it is possible your credit card numbers may have been compromised at the time your other personal information was obtained. Therefore, we suggest you carefully review recent credit card statements to check for any unusual activity or unauthorized charges.

In the future, you can protect your Amazon.com password and account by following some of these safety tips:

———————————————————————–

1. Choose a good password: Use at least 8 characters and a combination of letters and numbers. Do not use single dictionary words, your name or other personal info that can be easily obtained, or a password that contains part of your email address.

2. Password protection: Avoid using the same password at multiple sites or for your email account. Do not share your password with others.

3. Account protection: Be cautious of unsolicited emails that appear to come from reputable online shops or services that ask you to submit personal information such as your credit card number, email address, and password. Often these emails will look as though they come from the company you’re familiar with, and the email will ask you to click on a link and "sign in". You should never provide this kind of personal information in an unsolicited email.

I don’t know if this isn’t just an automated message because anyone who know me, knows I do listen to Security Now and other such security podcasts. So I know about phishing attacks and other such ways of how someone can get your password. I’ve recommended Lastpass in the past and still recommend it. I don’t get what happened but it looks like they were concerned with my account and decided it need to be restricted until I changed my password. I even like the fact that Lastpass now uses Yubikey as a second factor of authen
tication, which I am quite glad they have implemented this. Great Going Laspass guys.

Don’t Click Links in Emails!

I’ve talked about in the past but I thought it was something that we should at least remind people. If you get an email with a link to your account and you’re not expecting it then don’t click it. You can click links if your resetting your password but those are expected. I always tell people if your not expecting it, talk to the person who sent it to you because they might have a virus or some link that will compromise your account or get your passwords. Remember, surf safe and think about your security.

Security is #1

Paul Sylvester

Five Essential Packages for Ubuntu/Kubuntu!

Paul

Why do I need these packages?

There is no right or wrong answer but when I say it is needed, it is because us as a community should be ready. I know I already talked about people getting a Virus on Linux, and that some people think you can’t get a Virus. In all aspects, the Linux community is in a holding when it comes to security and viruses. I will not discuss this enough but for today we will discuss what packages you should have already installed when you first start using Linux. Even the Ubuntu developers have talked about viruses on their main website, so it isn’t something that I am not a little worried about when people start to use Linux.

The Packages I have installed!

While there is no right or wrong package for your Linux system, I thought I would at least recommend the ones that I did install not just for security but also for convenience. It will be your decision on which ones you will be install and which ones you think you’ll need. This list is for those who are serious about security and want to avoid any chances of being compromised.

  • VLC Media Player — Although this has nothing to do with security it is something that will prevent those nasty attempts, claiming your don’t have the right Codex to play this streaming Video. At least, if you have this installed you are one step closer to and knowing that this is a fake because I have found to be very affective having all the codex I will ever need.
  • AVG Antivirus — I have personally installed means I am a little more safer but not out of the woods just yet. Although, I am much safer having installed there is a long way to go before there is a good enough Antivirus program for linux and that I hope that changes in the future.
  • Firewall — Although this is your choice, I picked arno-iptables-firewall, which seems to be what I need right now. It however is something of a personal choice and probably even an OS choice.
  • Password Manager — Yes you heard it right, if you have a good Password manager then you are less likely to give out your password to sites that look like the real thing, which is called phishing attacks. With a good Password manager, you can go to right the right site with a click of the manager. I personally recommend Lastpass, but it is all up to your which one you want to use. I really don’t know if there are more linux based password manager but I am sure you can find them.
  • VPN — Although this isn’t really a package per say, but one that talked about in the past. How to get a VPN on Ubuntu/Kubuntu. I am sure there are others out on the internet. I just don’t want to make it to complicated for beginners, so I did make my own tutorial on getting a free VPN. You really don’t want anyone listening in while at a public hotspot do you?

Your one step closer!

As you can see these are what I call essential because of most of these will make you a little more security conscience and that in turn will make you a better Linux user. for the most part your be more ready than a lot of Linux user but that doesn’t mean your invulnerable, just more educated the rest. If you have a recommendation, I encourage you to leave a comment and let others know, but for the time being these are just what I have installed on my Kubuntu 11.04 right now and I’m really happy.

See you on the Flip Side

Paul Sylvester

Get Thunderbird to launch Firefox/Chrome browsers in Linux!

Paul

This isn’t like Windows!

If your like me you probably clicked a link in Thunderbird and thought you would be taken to your favorite browser but that isn’t the case with Linux. The pop up screen asking you which application to launch is quite similar to Windows but there is a problem. If you have had no experience with Linux then you might ask yourself “Where’s the program files?” It seems that Windows and Linux differs from each other in that aspect. I did have to do some things to get Thunderbird to get it to launch a browser. This quick tutorial will help those new to Linux to do what they have always done on Windows. I will warn people that clicking on links in your emails is the first way to get a virus or a credit card stolen but that is for another topic and discussion!

Some Preparations are in order!

For some of use this is something that should already be included, but it seems that Mozilla didn’t add some important config scripts into the Thunderbird application for Linux. Thanks to Google, I found the answers and I thought I would also share them with people so it would be much easier for others to enable launching the browser in Thunderbird.

You will need to add these strings in Thunderbird:

In Thunderbird: edit > Preferences > Advanced > Config Editor

Right click anywhere in the list and click ADD > String. Then add these strings with values!

  • String: network.protocol-handler.app.http Value: x-www-browser

  • String: network.protocol-handler.app.https Value: x-www-browser

  • String: network.protocol-handler.app.ftps Value: x-www-browser

Once that is done, your ready for the next step of the process.

Where Do I find these files?

Most cases you will find these files in only one place and that is almost like a C: Drive. In order to find the right program, you first need to go:

  1. /usr/bin/firefox.sh (shell script)

  2. /usr/bin/chromium-browser.sh (shell script)

  3. /usr/bin/rekonq.ex (Executable)

These are the two files you will need to tell Thunderbird to launch the right application when you click on a link. You should only need to do this once for each type of link from http, https, and the last one is the file transfer protocol but if you do this, I see no reason why you would be able to launch your favorite browser. Depending on which browser you have installed, it should be easily found in the the bin directory and you should be able to launch your browser even if it is not a well known browser. .

Let’s Rock Linux

Paul Sylvester

Does Linux need an Anti-Virus?

Paul6 Replies

Anti-virus Programs and Linus Torvalds

Hey let’s face it with the recent virus problems Machnitoshes has had, we’ve got a bit of problem on our hands.   I’ve come to the realization that there must be a way to protect my Linux operating system much better.   Although there are several different programs out there that can be used with Linux.  I however wanted to talk about the necessity of having a program installed and running to better protect me from doing something bad.   Hey I admit it, I occasionally click on links when I shouldn’t and also occasionally like to see what is in my spam folder just to make sure I am not missing something that I should.

Is Anti-virus Really needed for Linux?

There have been advocates for Anti-virus programs for the Linux community over the past few years.   I have been one of those myself.

 

Any antivirus/spyware needed?

 

I have been an advocate of “Linux” “doing” “enabling” antivirus/spyware for over 6 years now….it WILL hit “us” sooner or later….but given the money involved I think…..MUCH later….so….no, for now, do not worry about it at all.

If you get “something” that says it is “checking your computer” it is because WINE has automatically been enabled and the malware is seeing that and NOT Kubuntu….so….ummmm….close the browser….re-open and get on with your malware free life.

Via Kunbuntuforums.net

Now I tell you,  What is wrong with this picture?   Are the Linux users acting a little like Apple users, and thinking they can’t get a virus.   I won’t say that right now there are any viruses in the wild but I would caution everyone not to consider your system invulnerable even though there aren’t as many reports of virus out in the wild.   It will hit us next if not this year probably in a year or two.

Linux is Next for sure!

I don’t say that lightly, I am sure in the coming years to even months that the malware writers and virus writers will be looking at Linux more and more.   With Apple just being hit and finally admitting that they have been hit with a virus, you can bet that some of the Apple users will convert to Linux just because they were using Apple’s believe that they were immune to viruses and malware.   They will come and when that comes the eyes of the world will be on Linux users.   It will be our job to get ready for these nefarious users and fight them off.   So I call to the community to get ready for this to happen.   I know it is coming almost as much as I know I am going to keep blogging.   Only time will prove me right, but I know it is going to happen and if your not ready then you can only blame yourself.

Stay Safe

Paul Sylvester

Related articles

Apple Needs to Worry about Security and Virus!

Paul2 Replies

Let’s Face It, Mac isn’t Virus Free no more!

I know I’ve been saying this for a few years, but In all truthfulness it is more of a fact than a few years ago.   Apple needs to change their policy on how they do commercials.   I don’t say that light hearted because I actually think the commercials are really funny sometimes but that is besides the point.  They have not in the past changed their tactics because of the new malware that is going about.   Some experts are saying this malware doesn’t require you to enter a password or even have you allow or deny the installation.  Although, I have no Apple computer to test this observation, it seems quite possible depending on how people have their system setup.   Thought most Mac users are not thinking about security or even the possibility of a virus because of the advertisements that Apple has put up in the past.   More and more their seems to be a growing number of viruses and malware for the Macintosh.

Security Through Obscurity is No More with Apple!

I say that know that in the past most Apple users always thought since the Operating system of the Apple was not well known that they could get away with installing unknown software or programs that Windows users would think twice on.   I honestly don’t see how people would download bit torrent files thinking that they were safe on the Mac because “Apple Could never get a Virus” advertising has stuck in their minds.   Yet Apple has in the past fought this through new changes to their advertising but the fact remains anytime you think of a Macintosh, you first thought would be about it being Virus.   I know some of you probably though the first thought would be the speed and ease of the Operating, and although that is true that isn’t my thought when I think of a Apple Operating System.

Don’t Presume anything!

I might not be a Mac User but I don’t presume anything when it comes to running a Windows or even a Linux Operating System.   That Being said when Apple finally realizes that they are no longer able to hide from the bad guys, then we will see them start fighting back.   Until then though, most Mac Users will make the mistakes they have always done because of Apple stance and the ignorance of the problem.  I have said how hackers will start targeting Apple Users and this seems to be the case even now.   If you have a Mac Machine, I suggest looking for a good Antivirus and sticking with them.   You are not longer safe not having an Antivirus software installed on your system.

Stay Safe!

Paul Sylvester

Related articles