security posts

App Developer Sued for Stealing Customers' iPhone Numbers

by Terrence O'Brien (RSS feed) — Nov 7th 2009 at 10:29AM

iPhone Game Developer Sued for Secretly Collecting Customer Phone Numbers

Storm8, the developer of popular (but terrible) iPhone games like 'Vampires Live' and 'iMobsters,' has found itself on the wrong end of a potential class-action lawsuit.

A lawsuit has been filed, on behalf of Washington resident Michael Turner, that alleges Storm8 built its games with a "feature" that automatically sends the phone number of each host iPhone to the developer. Turner is suing on the grounds that this practice is in violation of both the federal Computer Fraud and Abuse Act and California state law, and is pushing to turn it into a class-action suit, on behalf of all Storm8 customers.

Storm8 has admitted to collecting the phone numbers, but denies any real responsibility, attributing the "phone home" function to a simple bug in the code. The company maintains that the glitch has been fixed. Turner countered that a "glitch" could not lead to the collection of phone numbers and that specialized code would have to be purposely placed within the games to have that effect. Not being programmers,we can't say for certain whether or not the collecting of phone numbers was intentional, but it doesn't sound like the sort of feature that could be accidentally implemented.

Tags: class action, ClassAction, computer crimes and abuse act, ComputerCrimesAndAbuseAct, lawsuit, privacy, security, storm8, top

Computers, Advice, Windows Software, Mac Software

Just How Risky Are Public Wi-Fi Hotspots?

by Terrence O'Brien (RSS feed) — Nov 2nd 2009 at 6:16AM

Ever wonder how safe all your personal information is when it's beamed through the air over Wi-Fi ? If you haven't, then chances are, you haven't taken the right precautions to keep that information safe, either. In clear, easy-to-understand language, the 'Today Show' recently examined the security of Wi-Fi networks. While the video above is a little on the fear-mongering side, it does make some good points about the vulnerability of wireless traffic, in particular, those public hot-spots at your local coffee shop, park, or airport.

Here's what you need to know: Public hot-spots -- most of which are open and don't require a password -- are, by nature, insecure. Sure, they may be easy and convenient to hop on from your computer, but that very openness is also what allows anyone, including hackers, to just walk in and sign on. In other words, when you're signed on to a public Wi-Fi hotspot (or at an unsecured network at your or someone's private home), it's entirely possible for someone to come along and snatch your data, literally out of the air.

Luckily, there are some essential precautions you can take to protect yourself when you're in a public hotspot. First and foremost, get a good firewall program -- not the one built into Windows or Macs, though. Most security suites from Norton, McAfee, and others come with one, and you can download free ones from the likes of Zone Alarm and Comodo. These apps are designed to prevent hackers from gaining access to the data on your PC, and will block and alert you to any attempts to wirelessly access your computer.

Tags: hackers, hacking, security, top, wi-fi, wifi, wifisecurity

Web, Social Networking

Twitter Hit by Another Direct Message Phishing Scam

by Caleb Johnson (RSS feed) — Oct 29th 2009 at 11:01AM

It seems like every day that a new phishing scam hits Twitter, and Wednesday was no different. According to CNET News, Twitter warned its users to be on the lookout for a phishing scam that attacks via direct messages. "[If] you've received a strange (direct message), and it takes you to a Twitter log-in page, don't do it!," Twitter warned in a post.

Of course, this isn't the first scam that disguises itself in a direct message. But this message attempts to fool you by posing as a dear friend. According to Sophos, the message reads: "hi. this you on here?" and is followed by a link to the phishing site. The link, if clicked, redirects you to a fake Twitter log-in page, where the phishers intend to steal your user name and password. If you enter both, you'll see a faux over-capacity page that's supposed to make the scam seem more real. When Sophos logged in to the false page, it was directed to the over-capacity page, and then to a blog by someone called NetMeg99. It's unclear as to whether or not that blog is part of the scam, too.

Tags: microblogging, password, phishing, scam, security, socialnetworking, top, twitter, web

Computers, Web

Lazy Passwords Leave 21K Routers, Cams, Phones Open to Attack

by Evan Shamoon (RSS feed) — Oct 28th 2009 at 4:58PM

In the "yet another thing to be paranoid about" category comes a report that nearly 21,000 routers, webcams and VoIP products are wide open to remote attack, simply because their owners have committed the ultimate sin: failing to change the manufacturer's default password for the devices.

The study was performed by Ang Cui, a grad student at Columbia University's Intrusion Detection Systems Laboratory, which has sponsored the likes of DARPA and the Department of Homeland Security. Researchers have now scanned over 130 million IP addresses, and discovered nearly 300,000 devices to be remotely accessible. And the 21,000 devices with default passwords are, of course, the most vulnerable -- "runts of the litter", if you will.

Tags: hack, hacker, password, router, security, top, wifi, wireless

Web, Social Networking

Fake Facebook 'Password Reset' E-Mails Hiding Malware

by Terrence O'Brien (RSS feed) — Oct 27th 2009 at 3:57PM

Facebook's good name is being leveraged for yet another brutal round of malware dispersal. The trojan, Bredolab, is being distributed via e-mails with the subject line "Facebook Password Reset Confirmation". The message generally reads:

Hey (insert username),
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

The attachment, a .zip file, will have the name "Facebook_Password_" followed by a short sequence of random numbers and letters. Inside, there is an identically named file, except that it's an .exe (or executable) file instead of an archive. Run that file and you'll be kick-starting a torrent of malware downloads, including a fake anti-spyware program. Bredolab is able to hide by injecting its own code into existing Windows components, and by automatically shutting down if it detects another program (such as an anti-virus package) investigating its activities.

Tags: bredolab, facebook, malware, scam, security, spam, top, trojan

Advice, Editor's Picks, Web

10 Ways to Spot an E-Mail Scam

by Chris Morris (RSS feed) — Oct 26th 2009 at 12:24PM

The increasing flood of e-mail hitting your inbox can lower the guard of even the most cautious person. In the rush to keep up with important notes, it's easier than ever to fall prey to the scam artists and identity thieves who lurk online.

E-mail scams and phishing attempts evolve constantly, hoping to take advantage of the latest trends and current events. Although the e-mails change, the people behind them inadvertently send up the same warning signs again and again. We dug through mountains of spam to find the most prevailing trends. We've collected some actual scam e-mails and highlighted the warning signs to help you spot a hustle the next time one lands in your inbox.

Tags: e-mail, e-mailscams, features, phishing, scams, security, top, web

Computers, Web

Atheists Fall Victim to Cyber Attack

by Amar Toor (RSS feed) — Oct 22nd 2009 at 4:15PM

Months before the Global Atheists Convention is held in Melbourne this March, a couple of major atheist Web sites have been forced to shut down due to coordinated, denial-of-service attacks. The Sydney Morning Herald reports that the Atheist Foundation of Australia (AFA) and the Global Atheist Convention both had their sites paralyzed by the attack, which overloaded both sites with traffic. At that point, the Global Atheists Convention had already sold over 1,000 tickets, with the AFA hailing it as the largest gathering of atheists in Australian history. Yesterday's attack, though, put a sudden stop to the sales, and, as of Thursday morning, both sites had still not yet regained full consciousness.

Tags: atheism, cyberattack, denial of service, DenialOfService, hack, religion, security, top

Web, Social Networking

Twitter Lets Users Fight Back as Phishing Scams Spread

by Terrence O'Brien (RSS feed) — Oct 15th 2009 at 6:34AM

As Phishing Scams Proliferate Twitter Fights Back

The pool of phishing scams on Twitter is seemingly bottomless. Every time we turn around, there is a new one popping up, or an old one reemerging, or some other unfortunate development that sends us rushing to the presses only to give users the same advice over and over again: Don't click on that link.

The most recent scam comes in the form of a direct message declaring "you're on this vid!" followed by a link. Click the link and you'll be led to a page that looks an awful lot like the login page for Twitter. But don't be fooled. Check that address bar and you'll quickly see that you are not, in fact, on Twitter. If you make the mistake of trying to log into the fake page, your account will be hijacked and used to send the same message to all of your followers.

Tags: phishing, scam, security, spam, top, twitter

Computers, Web

Hotmail Scam Reveals Most Common Password: 123456

by Caleb Johnson (RSS feed) — Oct 7th 2009 at 1:11PM

It's never fun to be on the wrong end of a hack. But often, we can use them as learning experiences So, what did we learn when around 10,000 Hotmail, MSN, and Live.com account passwords were revealed on PasteBin last weekend? Either people are lazy or our memories have withered away to nothing in this digital age. According to Wired, the most common password on the list was "123456." That's right, a series of consecutive numbers was the password to 64 e-mail accounts on the list.

Bogdan Calin from the security site Acunetix analyzed the password list and found other disturbing trends, too. For example, just 6-percent used passwords that mixed numbers and letters. Nearly 42-percent of the passwords used only lowercase letters. What's truly scary is that the list only included addresses beginning with the letter 'A' or 'B,' which means we're only seeing a small small sampling.

Tags: email, hack, hotmail, msn, password, security, top, web

Web, Social Networking

FBI Issues Warning Over Friendly Facebook Scams

by Terrence O'Brien (RSS feed) — Oct 6th 2009 at 7:23PM

The disturbing evolution of the 419 scam from e-mails from Nigerian princes to hijacked Facebook accounts is raising serious alarms within law enforcement circles. We originally reported this new tactic in January, but users still haven't caught on. Just last month a Missouri woman was taken for $4,000 by a scammer posing as a friend on Facebook, and the 'Today Show' recently aired a segment about Sister Erma, a nun, whose Facebook was hijacked and used to dupe her friend Debbie Peterson in to handing over $3,000.

The scam starts with spam messages that contain malcious links. People careless enough to click on these links, like the previously mentioned CooooL Video and FBAction messages, are either led to fake Facebook log in pages that steal your e-mail and password, or are infected with a keylogger that captures all of your usernames and passwords across several different sites. Once the scammers have collected this information they begin sending messages to friends and family of the hijacked account claiming to be in trouble -- in most cases stuck traveling abroad. The messages claim that the person has lost his or her wallet or been mugged and needs a loan (of several thousand dollars) to pay off hotel bills.

Tags: 419, facebook, fbi, ic3, scam, security, top

Web

Hotmail Password Scam Spreads to Gmail, AOL Mail, Yahoo!

by Warren Riddle (RSS feed) — Oct 6th 2009 at 4:05PM

Yesterday, reports emerged that 10,000 Hotmail account addresses and passwords had been posted to the site PasteBin.com. Today, BBC News revealed that it has discovered another incriminating list containing log-in information for 20,000 additional e-mail addresses. The new batch, though, not only includes information from compromised Hotmail accounts, but also from Gmail, Yahoo!, AOL, and several other major e-mail providers.

Some of the accounts are dormant and unused, making them easy marks for scammers, but the BBC says that it has confirmed the authenticity of many of the addresses. A Google spokesperson said the lists were the fruits of an "industry-wide phishing scheme," and that the passwords for all of the compromised Gmail accounts have been forcibly reset.

Tags: AOL mail, AolMail, e-mail phishing scam, E-mailPhishingScam, Gmail, Hotmail, password protection, PasswordProtection, phishing, safety, security, top, yahoo mail, YahooMail

Car Tech, Web

Scammers Expose Thousands of Hotmail Passwords, Microsoft Confirms

by Lee Bains (RSS feed) — Oct 5th 2009 at 5:12PM

Just today, news broke that an anonymous user of PasteBin.com, a legitimate site marketed to software developers, posted more than 10,000 Hotmail addresses and passwords to the site last Thursday. According to NeoWin, most of the addresses appear to belong to European users, and all seem to be authentic. As shocking as it may be to find out that a benign site like PasteBin could host (albeit unwittingly -- reports have come in suggesting that the PasteBin user account was hacked) such grossly illegal content, TheNextWeb tells us we shouldn't be particularly surprised. A recent blog post on the site reports that a quick Google search will yield several PasteBin posts containing the passwords for thousands of Hotmail, Yahoo!, and even Gmail accounts.

NeoWin has alerted Microsoft to the problem and PasteBin has taken down the original Hotmail posting. Still, we should all stay on our toes. Today would be a good day to change that e-mail password. It'll only take a couple minutes, and might save you a lot of grief. [From: NeoWin, via TheNextWeb]

Tags: email, gmail, hack, hotmail, security, top, YahooMail

Web

Woman Finds Bank Account Hacked, With $27k Extra

by Lee Bains (RSS feed) — Oct 5th 2009 at 1:29PM

In a strange twist on a now familiar story, an English woman last May found that her bank account had been accessed by criminals and that the money therein had increased. Amanda Fothergill, 40, of Darlington, received a phone call from a stranger who claimed to have deposited a substantial amount of money in her account. Shocked, Fothergill checked her balance only to discover a brand new deposit of £17,200 (around $27,500). The crook, who would call in ensuing weeks as frequently as once a day, tried to convince Fothergill to transfer £14,000 to another account, leaving her with £3,000 for her trouble. For her part, Fothergill wasted no time in notifying both the police and her bank, Abbey. Sadly enough, her prompt honesty was not exactly rewarded.

Tags: banks, hack, identity theft, IdentityTheft, security, top

Computers, Advice, Editor's Picks, Windows Software, Mac Software, Laptops, desktops, Web

5 Essential Tips to Keep Your PC Safe

by Terrence O'Brien (RSS feed) — Oct 5th 2009 at 12:30PM

One of the most important things everyone -- even Mac users -- needs to do with a computer is to make sure it is as secure from viruses, phishing scams, and other 'net threats as possible. No matter how often you practice safe browsing habits or think twice before clicking on a random link in your e-mail, you'd be surprised how often even the most cautious of folks can be caught off guard, which is why you need to have some basic security measures in place to protect you (and your computer), should something slip past. We've boiled it down to five basic steps that everyone -- even the computer and 'Net-threat-savvy -- should take to make sure that their PC and personal data are safe.

Tags: features, safety, security, spyware, top, virus

Web, Social Networking

Facebook Hit by Fake Profile Scam

by Terrence O'Brien (RSS feed) — Oct 2nd 2009 at 4:10PM

Facebook has been beset by its share of scams, hacks, and attacks. The latest breach of security though is particularly worrisome, with fake profiles containing a link to a supposed home video flooding the site. If you click through, you'll be greeted with a piece of malware posing as an anti-virus program that tries to trick you into handing over credit card information to buy fake security software.

What makes this scam unique is that rather than using hijacked accounts, the malware is spreading through software-generated profiles. The existence of these fake accounts, completely identical outside of the name, indicates that hackers have figured out a way to defeat the Captcha system that is meant to keep bots out.

Tags: facebook, malware, scam, Scams, security, top

Most Emailed Stories

Editors' Picks

Deals of the Day

http://xml.channel.aol.com/xmlpublisher/fetch.v2.xml?option=expand_relative_urls&dataUrlNodes=uiConfig,feedConfig,entry&id=758444&pid=758443&uts=1256672453

http://cdn.channel.aol.com/cs_feed_v1_6/csfeedwrapper.swf

'Black Friday' Deals to Watch For

Getty Images

Black Friday' Deals to Watch For

Traditionalists might balk, but the holiday shopping season is already underway. Skeptical? Head to your local department store and you'll be inundated by Christmas trees and ornaments. Bargain hunters, though, know that the real deals are more than a month away.

Black Friday, traditionally, is when retailers truly slash prices. Early birds can save hundreds, if not thousands, of dollars off of their holiday bills. Switched.com checked with a few elves, who gave a sneak peek at what you can expect deal-wise this year.

Blu-ray Players and Movies: Blu-ray is shaping up to be the biggest door buster of this year's Black Friday. de Grandpre expects at least one retailer will offer a Blu-ray player for just $49. Look for bargains on Blu-ray films as well, with last year's hit titles (such as "Iron Man") to fall as low as $5.

Laptops: With the proliferation of Netbooks this year, it's never been easier to find affordable portable computing, but Dan de Grandpre, CEO of DealNews.com says it will get even cheaper on Black Friday. Look for well-equipped Netbooks to sell for $199 – and basic 15" laptops to go for as little as $249.

HDTVs (Pretty big): The holidays are typically the best time to buy a new TV – and Black Friday is the time to do it. If you're looking for a normal sized set, you're in luck. Piper Jaffrey analyst Mitch Kaiser says he expects to see 32-inch LCD sets for as low as $299. GottaDeal.com is estimating 37-inch plasma and LCD sets will fall to $399 or less.

HDTVs (Really big): Need something bigger? How about a 46-47 inch LCD set for $599 – a 25 percent savings? Or a 52-inch LCD for $999? Dealnews says you can expect both. Plasma deals will be a little harder to come by, but a 50-inch set should run roughly $899.

HD Camcorders: You've wanted to shoot your child's school play in HD for a while, but haven't been able to spring for the pricey camcorder. This might be the year. Low-end, flash-based 720p models could drop as low as $60 (though you won't be able to zoom with those). Expect a high quality 1080p HD camcorder for $349.

GPS: While navigation systems have dramatically expanded their reach this year – even making it onto the iPhone – there's still a market for car-based systems. Dealnews predicts you'll be able to find a no-name entry-level system for $49, while a Garmin or Tom-Tom brand will be as low as $69.

Digital Picture Frames: Showcasing your digital pictures consistently gets cheaper. This year, skip the 7-inch screens and focus on the 8- or 9-inch ones, which should be available on Black Friday for as little as $30.

Monitors: Computer monitors might not be the sexiest of gifts, but they're usually welcomed with open arms – and they'll be cheap this year. Name brand 22-inch LCD models may go for as low as $99, while 24-inch models will drop below $150.

Memory: Don't know anyone who needs a monitor? External hard drives are always popular, since they're an easy way to back-up data. Dealnews expects a 1TB drive to fall as low as $49 this year. Gottadeal is looking for 8GB flash drives to hit $15.

Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Home Audio Reviews
9.0 out of 10
Definitive Technology BPX
Works great with Dolby Pro Logic and Dolby Digital. Full Review
9.0 out of 10
Denon AVR-4306 (black)
Incredibly well-featured 7.1-channel receiver; excellent sound quality; three HDMI inputs; converts analog video to HDMI output; upconverts analog video to 720p/1080i HD resolution; iPod and USB MP3 player connectivity; Internet radio and MP3/WMA streaming audio via built-in Ethernet port; XM Satellite Radio compatible; touch-screen remote; multizone, multisource operation; browser-based control via home network; accurate autocalibration routine. Full Review
8.8 out of 10
KEF KHT3005 (black)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
Cell Phone Reviews
Digital Camera Reviews

9.3 out of 10
Canon EOS 1D Mark III
Extremely fast, 10-megapixel continuous shooting; very low noise; highly customizable; well-designed body with weather sealing; 3-inch LCD; abundant optional accessories. Full Review
9.3 out of 10
Nikon D3 (body only)
Full-frame sensor; well designed, pro-level weather-sealed body; very low noise, even at extremely high ISOs; fast. Full Review
9.0 out of 10
Canon EOS-1Ds Mark III
Very low noise, high quality images; 21.1 megapixels; live view shooting; pro-level build-quality and performance. Full Review
Desktop Reviews