>The Independent Online Edition reports how online technologie available to everybody either for free or a few bucks can reveal everything and more about you, your family, home, business, etc.
The article also referst to a few websites that help to defend one’s reputation online.
“Crimeware” is the latest label given to the technology toolkit criminals (and wanna-be kiddies) use to get information on Internet users’ identities for fraudulent purposes — or just for fun and the 15 minutes of fame in the case of kiddies.
A report by the Anti Phishing Working Group (download link) lists common penetrating mechanisms:
- Attachments sent via email or instant message – or in an apparently
discarded hardware devices such as USB keys;
- Piggybacking schemes in which crimeware is embedded into another piece
of software such as an apparent shareware application;
- Internet Worms that exploit vulnerabilities within networks and PCs to
propagate themselves and install back doors and other crimeware
- Web Browser Exploits in which browser vulnerabilities are leveraged to
directly infect PCs from the compromised server by the pages being
viewed or by injecting crimeware code remotely via scripting exploits
into the PC;
- Distribution via Hacking in which crimeware is installed manually by
hackers who have discovered or exploited vulnerabilities that give them
access and control of a PC;
- Distribution via Affiliate Marketing in which marketing programs
provide incentives to 1) install malware on visitors PCs, some of which
can be later exploited to plant crimeware or 2) to directly install
crimeware on visitors’ PCs.
While this does not sound new, really, it report is a truly nice textbook approach explaining how these attacks work, backed up with some nice statistics, too. It makes a good read for people with an intermediate knowledge of Internet technology; and it provides ideas for countermeasures against the featured modes of attack.
Download, read, enaction, … and distribute.
How malicious hackers attack — an overview by Roger A. Grimes, for InfoWorld
‘When it comes to network defense, the adage “know thy enemy” is never more appropriate.’ — But this is probably the best technique:
‘Every professional penetration tester can easily, and laughingly, recount numerous stories about how easy it is to get unauthorized access from a normal corporate employee. I often walk up to the CEO’s executive secretary and say something like, “Hello, my name is Roger Grimes. I’ve been hired by IT to do password penetration test auditing. I need the CEO’s password.”
How often does this work? So far, 100 percent of the time.’
Viruses, spam, spyware, phishing – computer security risks and solutions from ConsumerReports.org
Consumer Reports® and ConsumerReports.org® are published by Consumers Union, an expert, independent nonprofit organization whose mission is to work for a fair, just, and safe marketplace for all consumers and to empower consumers to protect themselves.
How to Foil Identity Thieves, by Ryan Singel, Wired News
several tools are available now to individuals that reduce their risk of identity theft…