Featured Posts

<< >>

How to Spot a Phish

Phishing scams are spam emails sent by cyber-criminals that can lead to identify theft at home and data breaches at work. Phishing attacks pretend to be from a legitimate person or organization to trick you into revealing personal information. A phishing attack begins when a cyber-criminal sends an email that looks like it originates from

25 Years of the Firewall

The firewall has turned 25 years old this year. In commemoration, McAfee created a timeline of the events that shaped the development of the device most of us rely on the protect ourselves from each other. The infographic shows how the firewall’s evolution coincided with high-profile security events: 1995: WM/Concept first virus to spread through Microsoft

Comcast to Unplug Motown

Comcast (CMCSA) will abandon Detroit if it’s plan to acquire Time Warner Cable Inc. is approved by the Federal Communications Commission. The cable giant filed a response (PDF) to parties objecting to the nation’s second largest provider’s plan to acquire TWC arguing against claims that it would grow too big under the merger. Under its

Patent Wars Are Pointless

The Business Insider cites new data from Florian Mueller, the founder of the FOSS Patents blog which says patent litigation is a waste of resources. The research found that the patent wars costs companies millions of dollars in time and lawyer fees. Mr. Mueller analyzed 222 smartphone patent assertions — with Android being a major target

Superman Most Dangerous on Web

Superheroes are supposed to be our friends but sometimes a plot twist allows their arch-enemies to trick our heroes turn against us. This is also true on the intertubes. Attackers are using our superheroes to infect computers to scam people into visiting compromised sites and downloading dangerous software according to Santa Clara, California-based McAfee. The security

How to Spot a Phish

How to Spot a PhishPhishing scams are spam emails sent by cyber-criminals that can lead to identify theft at home and data breaches at work. Phishing attacks pretend to be from a legitimate person or organization to trick you into revealing personal information.

PhishingA phishing attack begins when a cyber-criminal sends an email that looks like it originates from your bank. The email might hint at a problem with your account asking you to “confirm” account information by clicking on a link that takes you to a fake website. The fake website asks you to type in your bank account user name and password. The goal is to convince the target that the web page is legitimate so that they will enter their credentials. Once entered, attackers can access an individual’s finances.

RSA reports 2013 was a record year for phshing attacks. They report that nearly 450,000 phishing attacks were launched in 2013 with loses estimated to be nearly $6 Billion. The security firm believes that these attacks will continue for the foreseeable future. They point out that it only costs an attacker $65.00 to spam 500,000 email addresses.

PhishingSymantec reports (PDF) that 1 in every 392 emails a user receives is a phishing attempt. 71% of the phshing attacks were related to spoofed financial organizations and login credentials for accounts seem to be the main information phishers are looking for. Dell SecureWorks delved into the depths of the online underground economy and found the value of personally identifiable information (PII).

  • Visa and Master Card account numbers are worth up to $15
  • American Express account numbers are worth up to $18
  • Date of Birth (DOB) is worth up to $25

On his excellent excellent website, Brian Krebs revealed the black market value of hacked credentials.

  • Active accounts at Facebook and Twitter retail for just $2.50 apiece,
  • $4 buys hacked credentials at wireless providers ATT.com, Sprint.com, Verizonwireless.com, and Tmobile.com,
  • Groupon.com accounts fetch $5,
  • Fedex.com, Continental.com and United.com accounts for go for $6.
  • iTunes accounts go for $8 on the cyber underground economy.

In a new phishng twist, attackers are going after medical records to exploit the broken health-care industry. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company.

With these threats in mind, PhishMe developed an infographic, click on the image below to see the complete image.

rb-

Since many cyber attacks originate with a phishing email, the best way for organizations and individuals to protect themselves online is to identify and avoid phishing emails.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

25 Years of the Firewall

25 Years of the FirewallThe firewall has turned 25 years old this year. In commemoration, McAfee created a timeline of the events that shaped the development of the device most of us rely on the protect ourselves from each other. The infographic shows how the firewall’s evolution coincided with high-profile security events:

These security breaches triggered security developers to react with more advanced firewall technology:

  • 1998: Evasions researched
  • 2009: Native clustering for high availability and performance introduced
  • 2012: Software enabled security introduced, making blade technology obsolete.

next generation firewallPat Calhoun, SVP at McAfee, explained in a Help Net Info article that it was not until 2009 when the modern firewall we know and love began to evolve. In 2009 Gartner published its definition and a paper on “Defining the Next-Generation Firewall. (PDF)” According to its definition, NGFWs are:

…deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.

It its paper, the Gartner authors explain that “Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks.” Mcafee’s Calhoun points out that NGFW discussions started in 2003 but the technology really didn’t get on the right track until Gartner defined it in 2009.

 

25th Anniversary of the Firewall

rb-

Future NGFW development efforts need to integrate application control, IPS and evasion prevention into a single, purpose-built box with enterprise-scale availability and manageability solution.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Comcast to Unplug Motown

Comcast to Unplug MotownComcast (CMCSA) will abandon Detroit if it’s plan to acquire Time Warner Cable Inc. is approved by the Federal Communications Commission. The cable giant filed a response (PDF) to parties objecting to the nation’s second largest provider’s plan to acquire TWC arguing against claims that it would grow too big under the merger.

ComcastUnder its purchase plan, Comcast will withdraw from some markets, continuing to operate, as it does now, in 16 of 20 top markets, only a different set of 16 mostly on both coasts. Comcast lawyers stated, “Comcast will no longer have a presence in the Detroit, Minneapolis-St. Paul, or Cleveland DMAs (designated market areas).”

MLive explains that companies like Dish Network, Netflix and various TV networks have complained that the Comcast-Time-Warner merger would create a new, massive cable company with an anti-competitive advantage. Religious television programmer My Christian TV complained that the deal would make Comcast “the only significant cable outlet in approximately 98 percent of all African-American communities in the country.” Comcast’s response:

Comcast has never served several markets with significant African-American populations such as St. Louis, Cleveland, and New Orleans, among many others, and after the Transaction, will no longer serve Detroit… Comcast estimates that after the transaction, it will serve markets that include approximately 78 percent of the country’s Hispanic households (not counting Puerto Rico in the denominator), though of course many of those households will not be Comcast customers.

Comcast to cut serviceBloomberg says the castaways in Detroit, Minneapolis and elsewhere would belong to a new company, GreatLand Connections Inc., to be created in what the companies call a tax-efficient spinoff. The new company’s debt would exceed industry averages — something that has raised concerns about service in those communities.

“We don’t have the answers we need,” said Ron Styka, an elected trustee with responsibility for cable-service oversight in Meridian Township, Michigan, a town served by Comcast about 80 miles west of Detroit. Municipal officials told Bloomberg they have questions about service, including whether subscribers can keep Comcast e-mail addresses or if the cable-channel lineups may change.

Charter CableGreatLand will start with $7.8 billion in debt, according to a securities filing. Bloomberg says that debt is equal to five times Ebitda, or earnings before interest, taxes, depreciation and amortization. The debt ratio for Comcast is 1.99 times Ebitda and for New York-based Time Warner Cable it’s 3.07 times Ebitda, according to data compiled by Bloomberg. David Osberg, city administrator of Eagan, MN told Bloomberg.  “It’s not clear whether GreatLand will be financially qualified,” to provide services.

The new company will buy management services from Charter Communications Inc. (CHTR) according to Bloomberg. Charter, which had sought to buy Time Warner Cable, would own a 33 percent interest in GreatLand and become the second-largest U.S. cable company with more than 8 million customers counting GreatLand’s and subscribers it gets in purchases and swaps with Comcast after the merger is completed.

rb-

I worked a couple of jobs last year with Comcast last year and it always took them 3 or 4 months to provide service to business customers so many Detroiters may not be sad to see the cable giant go. The Philadelphia company last week acknowledged major customer service woes after a series of viral videos documented the experiences of exasperated customers.

Comcast CEO Neil Smit announced the hiring of a new head of customer service, and wrote in a blog post:

It may take a few years before we can honestly say that a great customer experience is something we’re known for. But that is our goal and our number one priority.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Patent Wars Are Pointless

Patent Wars Are PointlessThe Business Insider cites new data from Florian Mueller, the founder of the FOSS Patents blog which says patent litigation is a waste of resources. The research found that the patent wars costs companies millions of dollars in time and lawyer fees. Mr. Mueller analyzed 222 smartphone patent assertions — with Android being a major target of many of them — only to find that 90% of those cases have gone absolutely nowhere.

Patent TrollAccording to BI Intelligence Mr. Mueller’s data, says that about half (49%) of the assertions have failed thus far, while 42% of assertions were dropped without a comprehensive settlement or a “comparably negative fate.” As it turns out, only 20 or the 222 patent assertions (9%) were able to establish liability, but even in that small sample, only 10 of those 20 cases resulted in “lasting injunctive relief.” Mueller says that number would be even smaller if “the patents underlying Nokia’s German injunctions against HTC (2498) had come to judgment in the Federal Patent Court.”

The Totally Useless Patent Wars

In other words, based on patent cases brought to court by Apple (AAPL), Google (GOOG), Samsung (005930), Microsoft (MSFT), Nokia (NOK), Motorola (MSI), and a host of others, litigation is, more often than not, a serious waste of time and money for all parties involved.

 rb-

Back 2012 Boston University estimated that patent shenanigans has cost the US economy $29 Billion annually, now there is evidence it is a total waste of time and money and only funds the lawyers.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Superman Most Dangerous on Web

Superman Most Dangerous on WebSuperheroes are supposed to be our friends but sometimes a plot twist allows their arch-enemies to trick our heroes turn against us. This is also true on the intertubes. Attackers are using our superheroes to infect computers to scam people into visiting compromised sites and downloading dangerous software according to Santa Clara, California-based McAfee.

McAfeeThe security company scoured the web and identified the most dangerous superheroes online. The report, “Most Toxic Superhero 2014” estimates how likely the average user is to come across malware by searching for the name of any given superhero.

McAfee lined up 11 likely suspects. They gathered viable threat evidence from popular search engines like Google (GOOG)Yahoo (YHOO) and Microsoft (MSFT) Bing for spyware, adware, spam, phishing, viruses and other malware. The company also searched each superhero’s name in conjunction with common phrases like “free torrent download” and “free app,” as seeding fake torrents is a common way for attackers to infect computers.

The most dangerous superheros online by percent of his search traffic leading to unsafe sites are:

  1. Superman 16.5% Superman
  2. Thor 16.35%
  3. Wonder Woman 15.7% (tied)
  4. Aquaman 15.7% (tied)
  5. X-Man Wolverine 15.1%
  6. Batman 14.2%
  7. Black Widow 13.85%Batman
  8. Captain America  13.5%
  9. Green Lantern 11.25%
  10. Ghost Rider 10.83%

McAfee tells citizen do-gooders to protect themselves by:

  • Captain AmericaBeware of clicking on third party links. You should access content directly from official websites of content providers.
  • Ensure you use web protection that will notify you of risky sites or links before you visit them. Stick to official news sites for breaking news.
  • Don’t download videos from suspect sites. This should be common sense, but it bears repeating: don’t download anything from a website you don’t trust — especially video. Most news clips you’d want to see can easily be found on official video sites and don’t require you to download anything. Wonder Woman
  • “Free downloads” are by far the highest virus-prone search term. Anyone searching for videos or files to download should be careful as not to unleash unsafe content such as malware onto their computers.
  • Always use password protection on your phone and other mobile devices. If you don’t and your phone is lost or stolen, anyone who picks up the device could have access to your personal information online.
  • Don’t “log in” or provide other information: If anything asks for your information—credit card, email, home address, Facebook login, or other information—to grant access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.
  • Search online using a Internet security program in the background. These tools, protects users from malicious websites and browser exploits. A complimentary version of McAfee’s SiteAdvisor software can be downloaded at www.siteadvisor.com

rb-

Whether you live in Metropolis or Gotham, do-gooders need not work very hard to avoid these scams. Avoid dark alleys where superhero websites tend to have the same flaws as any other unsafe page. Keep an eye out for typos and files that look suspicious. Run an Internet security program in the background (your antivirus or anti-malware program probably has one built-in). Lastly, check what other commenters say before downloading a torrent.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.