Top

Identity Theft and Windows Updates

May 14, 2008

Identity theft and Windows updates.. Say what?

No, I’m not trying to say Microsoft is going to steal your identity if you don’t install their Windows updates. But a hacker will.

Whenever a security flaw is found in Windows, their engineers work on a ‘patch’ for it so that hackers can’t get into your computer and install nasty little programs that steal your information. Hackers and spammers have automatic robots (‘bots’) continously crawling the internet looking for computers that have a weakness in them. These bots run 24/7.

Why should you install the update immediately?

Once a security flaw is found and an update issued, the flaw then becomes public knowledge. The bad guys know exactly where to find an opened, unlocked backdoor into your computer. So they ‘tell’ their little bots what to look for.

Even more dangerous to your security than not installing all updates right away is to never install them at all.

Some people think that because they rarely go on the internet that they’re safe from viruses, worms, trojans and all the other little nasties. In reality, they’re making themselves into easy targets. Everytime they go online, their computers become sitting ducks for every single bot out there – including all the old, outdated ones.

 How to Get Automatic Updates Automatically

You can set your computer to get all new updates as they’re released. Here’s how:

  • Click on the "Start" button.
  • Choose "Control Panel".
  • Find the icon for "Security Center".
  • Choose "Turn on Automatic Updates".

You can also go to  Microsoft’s update site – http://www.update.microsoft.com – and find out how to update your computer straight from the horse’s mouth.

Don’t put off updating Windows on all your computers (unless you have a Mac). What you don’t know can hurt you on the internet. Keep your identity safe!

Related Articles:

Reverse-Engineering Exploits from Patches
FAQ:What you should know before installing Windows XP SP3
Microsoft starts Vista SP1 auto delivery

Identity Theft – How Much Are You Worth

November 13, 2007

Internet Cyber Crime Pays Well.

Not only that, but it’s a relatively safe crime to commit. Law enforcement estimates that only 1 in 7,000 hackers is convicted. And that’s a low estimate. It’s very difficult to gather all the evidence to put them behind bars. No wonder so many hackers succumb to the lure of easy money.

Identity thieves don’t just steal your personal information for only themselves to use. There’s a bunch of well funded international criminals willing to pay good money for your personal information. Hackers can make money by finding your numbers and selling them. Quite a nasty litte work at home job.

Bank account numbers along with authentication codes are the most valuable commodities. They can easily bring from $30 to a whopping $400. The more money you have available in your account, the higher the asking price. They are the second most advertised numbers for sale on the underground black market.

Credit card numbers are the most popular items for sale. Even though they bring considerably less money than bank numbers, they are the easiest to steal. Their value is anywhere from $.50 to $5.

According to Symantec’s Internet Security Threat Report for the first six months of 2007, banking information and credit cards amounted to 43% of the information available for sale in the criminal community.

The next most valuable piece of info is your email password. It can bring from $1 – $150 depending on whether your account has been used for spamming previously. Email passwords allow access to an email account and are typically used for sending spam. They can also be used to recover a user’s passwords from various Web sites that will email password-reset information to the user’s email account.  Here’s another kick – email accounts with usernames in standard English are generally higher priced. Kinda makes you want to change your name to "Qwerty".

Your full identity goes for $10 – $150. That includes name, DOB, address and social security number. Surprisingly, your social security number will fetch a paltry $5 – $7. They are more valuable when attached to the rest of your personal info.

How do the bad guys get your information to sell?

Bot infected computers are the most common way. They can be in your personal computer or in a company or organization. Bots can also be used by attackers to harvest confidential information from compromised computers, which can lead to identity theft. Furthermore, they can be used to distribute spam and phishing attacks, as well as spyware and adware. Between January 1and June 30, 2007, Symantec observed an average of 52,771 active bot-infected computers per day. P2P sites make it even easier to snoop through your computer.

Security breaches are another huge way thieves get information. Finding a spreadsheet with thousands of credit card numbers worth 50 cents or more is a big payday. Even though hard drives on stolen laptops are generally encrypted, hackers can usually break the code. Remember how fast the iPhone was hacked?

Identity theft continues to be the fasted growing crime in the world.

It’s now bringing in more money than drug trafficking. From a thief’s point of view, online identity theft is a safe and profitable business. Don’t look for it to slow down any time in the near future. Protect yourself with Identity Theft Solutions.

Identity Theft and Peer to Peer Sites

November 5, 2007

Are P2P sites safe?

Peer-to-peer (P2P) file sharing networks are very popular. Especially the music sites. Napster got this started back in the late 90’s.

The problem with P2P file sharing sites is that you can share a whole lot more than you thought you were sharing. Identity thieves can use these programs, including Limewire, to search your computer for tax returns, bank statements, credit reports and student financial aid info. They know exactly what they’re doing and what to look for.

Tiversa Inc. is a computer security company monitors global file sharing networks on behalf of the world’s largest financial institutions, government agencies and individual consumers. The US Attorney General asked them to monitor the P2P sites for a two week period.

At the end of the two weeks, Tiversa reported:

  • Almost 56,000 requests for files involving “credit card”
  • Over 75,000 requests for specific credit card statements by brand
  • 50,000 requests for ‘tax returns’
  • Over 317,000 requests for files involving ‘pin’and ‘user id’

 File sharing networks open your computer and your sensitive data to thousands of cyber-criminals. They happily use or sell your information to commit identity theft and fraud.

To secure the personal information stored on your computer, the FTC suggests that you:

  • Set up the file-sharing software very carefully. If you don’t check the proper settings when you install the software, you could open access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents.
  • Talk with your family about file-sharing. Parents may not be aware that their children have downloaded file-sharing software on the family computer and that they may have exchanged games, videos, music, pornography, or other material that may be inappropriate for them. Kids may not understand the security and other risks involved with file-sharing and may install the software incorrectly, giving anyone on the Internet access to the family’s private computer files.
  • Be aware of spyware. Some file-sharing programs install other software known as spyware. Spyware monitors a user’s browsing habits and then sends that data to third parties.
  • Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.
  • Close your connection. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and could increase your security risk. "Always on" connections may allow others to copy your shared files at any time.

 Here’s a list of P2P sites:

Acquisition eDonkey2000 Kazaa Media Desktop Phex WinMX
Aimster Freewire LimeWire Piolet  XoLoX
Ares Gnotella LordofSearch Poisoned  
Ares Lite Gnucleus Mactella Qtella  
Audiogalaxy Grokster Madster Shareaza  
BearShare GTK-Gnutella Morpheus SoulSeek  
BitTorrent iMesh NeoNapster SwapNut  
Blubster Kazaa Lite OneMX TrustyFiles  
Direct Connect Kazaa Lite K++ Overnet Warez P2P  

The University of Chicago has a page with directions to disable the above P2P sites – http://security.uchicago.edu/guidelines/peer-to-peer/

Identity Theft – Spear Phishing – MySpace

September 11, 2007

What do Identity Theft, Spear Phishing and MySpace have in common?

Everybody’s on Myspace – it’s gotta be safe!

MySpace, Facebook and other social networking sites are great ways to share news, photos and details of your life with friends and family. We all love using these social networking sites that let us create a personal statement on the web. We collect ‘Friends‘ and because they’re our ‘Friends‘, of course we can trust them.

Identity thieves have also figured out that ‘trusting friends’ thing. It’s really easy to surf MySpace and find profiles containing lots of personal information like birthdays and addresses. Then you also write about the music you like, your favorite food, the parties you went to, your family… you know what I mean.

A thief, posing as a ‘Friend’, will send you messages and develop a relationship that feels, well, friendly. Then they’ll send messages with pictures or links to click on. Or maybe a file to download. Normally, you’d blow this off as spam if it arrived in your email inbox. But because it came from a ‘Friend’ and had personalized info about you, you click without giving it too much thought.

This is called ‘Spear Phishing’. It’s a highly targeted type of phishing attack aimed directly at you. Spear Phishers want to trick you into revealing more of your personal info like credit card numbers, login passwords or phone numbers. They know you’re more likely to let your guard down – after all, they’re your trusted ‘Friend’.

How many times have you downloaded an unknown file from another person’s profile? The National Cyber Security Alliance (NCSA) estimates at least 83% of users do. This downloading habit is especially widespread with teens who tend to be much more trusting and think it’s socially acceptable to do. Most of the time it’s harmless. But not always.

ID Thieves throw bait in the water and wait til you’re not paying attention and bam – they nail you. Once they get your personal info, you can’t get it back. There’s no undoing it. Too bad – so sad.

Just clicking on a link can infect your computer with all kinds of malware if you don’t have up-to-date virus and spyware protection. Keystroke loggers will grab all your usernames, passwords and sites you visit.

Keep enjoying MySpace but keep your guard up.  Yes, everybody is on MySpace – even the bad guys.

Bottom