Category: Security

Posted On
Take a look at the screens from a recent iPhone App release:

Girls Around Me iPhone App screen shots

[Source: Venturebeat]

Yes, it really is as creepy as it looks. Basically it looks up all Foursquare check-ins published by females in the immediate vicinity of this App’s user aka Mr Desperate Stalker.

Now while Foursquare has shut off this apps access to its site and data, this should be taken as a wake-up call of the potential dangers, especially to women, of making your location and movements publicly available via services such as Foursquare. This will, undoubtedly, be one of the first of a whole new breed of “Stalker Apps”. Even Facebook is doing mobile check-ins now via its app.

If you’re a regular user of these services, either stop using them or think very carefully about why you’re using them and why exactly you want to share your every movement with the world. At the very least, check-in after you’ve left! Also, if you use Facebook check-ins check your privacy settings carefully to ensure you control exactly which friends can and cannot see your current location.

Be careful, it’s a crazy world out there!

Posted On

I came across another fake Windows diagnostic software on a laptop today that looks real enough that it’s worth sharing here.

The software calls itself Windows Diagnostic and is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer. The catch is that it won’t actually fix any problems or restore access to your files until you click a button and pay them some money.

Windows Diagnostic is installed via Trojans that display false error messages and security warnings on the infected computer. These messages will state that there is something wrong with your computer’s hard drive and then suggests that you download and install a program that can fix the problem. When you click on of these alerts, Windows Diagnostic will automatically be downloaded and installed onto your computer.

Continue readingWindows Diagnostic malware

Posted On
I got a phone call this afternoon from a lady on the indian subcontinent that told me to quickly turn on my computer as it has a virus.

Uh oh! I’m so glad they called as my anti-virus hadn’t picked up anything!

She told me to quickly turn on my computer and open the administration tools. Urgently! Fortunately, she guided me through opening this up and and getting to the Windows Event Viewer which was great as I was quite scared and nervous that my PC would crash and I would lose everything.

And she was right… there were ERRORS in my logs! Crap!

<—- End Sarcasm —->

Ok, Ok, I wasn’t really worried and I knew this was a scam from the beginning but wanted to see where they were going and which scam they were trying to pull.

They basically want to sell you an “Extended Warranty” for your PC which includes an anti-virus subscription. This scam is several years old and gets recycled every few years. It is run by a site called “teche4pc dot com” run by some, probably dodgy, company call “Met Technologies”.

The first thing they try and get you to do is turn on your PC and guide you through opening Event Viewer (they always assume you are running Windows).

Event Viewer maintains logs about program, security and system events on Windows and, according to Microsoft, can be used to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events.

Event Viewer system logs display prominent ‘Error’ icons, which often relate to trivial matters like the failure of a process to start, but could be used by a scammer to convince someone their computer needs ‘fixing’ by running a script or, in this case, by purchasing an “Extended Support Warranty”.

However, you can bet that the support you receive would cause more problems than you started with and end up in an endless stream of invoices and credit card charges.

Be careful out there! Also, if they have blocked their Caller ID and  you can’t call back on a recognised number don’t divulge any personal information.

If you do actually need anti-virus stick to one of the known brands: AVG, Avira, Kaspersky, Symantec, McAfee, etc. Any of them are better than these questionable companies. Or, if you want a simple free solution, give Microsoft’s Security Essentials a go.

Posted On
The long run of Apple Mac users being able to look down on their Windows brethren struggling with spyware, viruses and other security exploits may, unfortunately, be coming to an end. As the popularity and market share of Apple’s OS X operating system has increased in recent years it has reached the “tipping point” at which the Internet’s scammers and other criminal elements see the potential in it as a target for their exploits.

Apple security exploits on the rise (Source: Cisco Security Annual Report 2010)

Posted On
Just a friendly warning: If you visit a site and are prompted to install Flash Player 10.37 to view any “video”, promptly close that page and do NOT go looking for this download.

Currently, Adobe’s flash player is up to version 10.1. Version 10.37 is fake.

Unfortunately, this is a common trick to try and get people to install malicious software. If you do need to install or update your flash player, always get it directly from Adobe. Ensure your browser address bar starts with: http://get.adobe.com

Posted On
It is surprising to me how common the practice of using the same password for all your logins is. Without a doubt it is hugely convenient to not have to remember dozens of password for each of the websites and other internet services you may use on a daily or weekly basis.

However, in a world where any and all information is right at our fingertips, we must consider how we are making it for our information to get in front of the wrong fingertips! If we use one password for everything, then if that password is ever compromised then so may our identity and security. We need to work to keep our personal identities safe.

Most experts suggest that everyone should choose at least two different passwords; a reasonably complex one for web sites where security is critical, such as online banking, and an easier to remember one for places where there is “less to lose”, such as social networking and entertainment sites.

You don’t have to go overboard when you to create more complex passwords; simple techniques like substituting numbers for letters and adding an extra character (e.g. # or $) can be enough. Here’s a few tips to use for creating passwords:

  • Select one with 8 or more characters
  • Add  a capital letter, number, and some form of punctuation mark (ex. Pa33w0rd!)
  • Never use your street name or your own name in a password

Here is a list of the top 32 user passwords that got hacked from a company that makes software for social media sites like Facebook and MySpace:

Most popular passwords:

1.  123456
2.  12345
3.  123456789
4.  password
5.  iloveyou
6.  princess
7.  rockyou
8.  1234567
9.  12345678
10.  abc123
11.  nicole
12.  daniel
13.  babygirl
14.  monkey
15.  jessica
16.  lovely
17.  michael
18.  ashley
19.  654321
20.  qwerty
21.  iloveu
22.  michelle
23.  111111
24.  0
25.  tigger
26.  password1
27.  sunshine
28.  chocolate
29.  anthony
30.  angel
31.  FRIENDS
32.  soccer

Source: New York Times

Now, um, if you happen to be using one of these passwords now would be a good time to change it! 😉