tag:blogger.com,1999:blog-36073860315370858862024-02-22T12:44:49.502-05:00Security Mike's BlogSecurity Mike's Blog about helping readers protect themselves (and their kids) from hackers, identity thieves, and other online mayhem.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.comBlogger45125tag:blogger.com,1999:blog-3607386031537085886.post-21267020680074412192008-03-05T10:32:00.004-05:002008-12-10T03:54:53.019-05:00Full disk encryption for all!To echo <a href="http://www.schneier.com/blog/archives/2007/12/how_to_secure_y.html">Bruce Schneier's comments</a>, it's important to encrypt the data on your laptops. Yes, the laptops get stolen, they get lost and your private data is on them. So if you scramble up that data (using an encryption product), then you are somewhat insulating yourself from having that data stolen.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrbIxJwOjbijmysmHcHK4UyS4hcJ1BWvR53G1W2rn5Hm4bfL9kC1rDdrI-EHJY2cRtVq9i8Hv6d7s6ov2bdeabPqYkl8A-5uEVgDqiH1j_KImy693ZpnhXZNTptoLWJCVl2uzWV_OIcBHQ/s1600-h/FileVault.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrbIxJwOjbijmysmHcHK4UyS4hcJ1BWvR53G1W2rn5Hm4bfL9kC1rDdrI-EHJY2cRtVq9i8Hv6d7s6ov2bdeabPqYkl8A-5uEVgDqiH1j_KImy693ZpnhXZNTptoLWJCVl2uzWV_OIcBHQ/s200/FileVault.jpg" alt="" id="BLOGGER_PHOTO_ID_5174285558837898418" border="0" /></a><br /><br />A <a href="http://citp.princeton.edu/memory/">new attack was introduced by Ed Felten</a> and his band of merry Princeton grad students a week ago, which showed how to steal the encryption key and gain access to hard drive data, even if the data is encrypted. Let's just say, this is not an attack that most of you need to worry about. You are still much better off encrypting your data, than not encrypting your data.<br /><br />I personally use the FileVault capability within Mac OS X. There are a bunch of 3rd party utilities, but FileVault works fine for me. I don't see any reason to make it harder than it needs to be.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-84201076933751601652008-03-04T11:00:00.003-05:002008-03-04T11:11:43.376-05:00There is no 100% security<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://farm1.static.flickr.com/28/42532636_bf725ebe27_m.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 320px;" src="http://farm1.static.flickr.com/28/42532636_bf725ebe27_m.jpg" alt="" border="0" /></a><br />I've seen a couple of data points recently where folks have published personal information, with the idea that the bad guys couldn't use if for identity theft. They were wrong and pretty stupid for doing it in the first place.<br /><br />The first is Todd Davis, CEO of a company called LifeLock. I'm actually a customer and they do identity theft protection services. They've built a marketing campaign around this guy publishing his Social Security Number and challenging the bad guys to try to rip him off. You've probably seen the ads.<br /><br />He did get compromised. How? Basically, there was a failing on the part of a 3rd party that didn't do the proper credit authorizations. This had nothing to do with LifeLock, but he was compromised nonetheless.<br /><br />The second example is a UK media personality called Jeremy Clarkson. <a href="http://news.bbc.co.uk/2/hi/entertainment/7174760.stm">This guy published his bank account and it was then looted by an identity thief.</a> Of course, these are outlandish examples of people doing stupid things to prove a point. And they did just that.<br /><br />The moral of the story is not to paint a target on your head. There is no way to be 100% secure. That's why credit monitoring and making sure you understand exactly what is happening in your bank and credit accounts is so important. If you know something is an issue, you can start working immediately to fix it and hopefully contain the real damage.<br /><span style="font-size:78%;"><br />Photo credit: <a href="http://www.flickr.com/photos/alicetiara/42532636/">alicetiara<br /></a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-35414974104530319032008-03-03T15:38:00.004-05:002008-03-03T15:51:18.135-05:00Are you clean? Let Google decide for you.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.onedigitallife.com/images/googlewhacking.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px;" src="http://www.onedigitallife.com/images/googlewhacking.jpg" alt="" border="0" /></a><br />Interesting post on <a href="http://explabs.blogspot.com/2008/02/google-defames-saints-bolts-of.html">Roger Thompson's blog here</a> about Google (in their infinite wisdom) deciding to block organic search links to sites they deem "bad." 90% of the time this works and is a good thing. If there is malware hosted on a site, you want Google to be blocking access from the search engine.<br /><br />But what if there isn't malware there? What if it's a case of mistaken identity? The idea that it could take 12 months to get this fixed would do significant damage to the web sites that are mistakenly accused.<br /><br />The answer? Actually there isn't one. You should be using a tool like <a href="http://linkscanner.explabs.com/linkscanner/default.asp">Roger's LinkScanner</a> or <a href="http://www.siteadvisor.com/">McAfee's SiteAdvisor</a> as a matter of practice (yes, it's one of Security Mike's suggestions). But there isn't much you as a user can do besides cutting and pasting the URL into your own browser, which is a pain the backside.<br /><br />Although hope is not a strategy, we can only hope that Google is right a lot more often then they are wrong...<br /><br /><span style="font-size:78%;">Image credit: <a href="http://www.onedigitallife.com/2006/03/22/whacking-day-google-logo/">onedigitallife.com</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com1tag:blogger.com,1999:blog-3607386031537085886.post-73874307019923354162008-02-28T10:11:00.004-05:002008-02-28T10:20:47.324-05:00PayPal takes a bite out of Apple<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.pragmaticcso.com/Images/rotten-apples.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px;" src="http://www.pragmaticcso.com/Images/rotten-apples.jpg" alt="" border="0" /></a><br />I'm a big fan of the Mac as a computing platform. No, OS X isn't more secure than Vista. But there are a lot less folks looking to exploit it and it's certainly architected (as is Vista) in a more secure fashion than Windows XP.<br /><br />But does that mean you should be using all of Apple's applications. Like the Safari browser? Not necessarily. <a href="http://www.networkworld.com/news/2008/022808-paypal-steer-clear-of-apples.html">The CSO (chief security officer) of PayPal goes on a bit of a tirade in this NetworkWorld article about why Safari isn't a good option - for those that care about security anyway.</a><br /><br />The reality is that he's right. I personally use Firefox on all my devices (both Macs, PCs, and virtualized PCs running on my Mac). I do that because of <a href="http://noscript.net/">NoScript</a>. I've mentioned that plug-in before, but until it is ported to (or that capability included in) the other browsers, I'm not going anywhere. It's that important.<br /><br />So yes, Safari is missing some stuff. Like no built-in phishing filter or support for extended validation SSL certificates. I find the former to be a much bigger issue than the latter, as evidenced in today's <a href="http://securityincite.com/TDI-2008-02-28#TBP3">Daily Incite</a>. But suffice it to say, these aren't deal breakers for me. It's all about NoScript and that drives me to Firefox.<br /><br /><span style="font-size:78%;">Photo credit: <a href="http://www.flickr.com/photos/lin/41271850/">karmablue</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-88597792213210032732008-02-26T19:58:00.005-05:002008-02-26T20:23:25.178-05:00Should you use virtual credit cards?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://farm1.static.flickr.com/41/118904267_408117316b_m.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px;" src="http://farm1.static.flickr.com/41/118904267_408117316b_m.jpg" alt="" border="0" /></a><br />I got a press call this morning from a guy looking to learn more about "virtual credit cards." These are one-time use numbers that protect your main credit card and can only be used one time on one site. This capability is available from a few of the large credit card banks. Check out more information at the <a href="http://www.cardratings.com/feb01new.html">Cardratings site</a>.<br /><br />The reality is that using these virtual credit card numbers are a pain in the butt. You have to either download some software or go to yet another web site to get the right credential to use it. Is it worth it? The answer is a big maybe.<br /><br />If you are doing business with a totally new site, then it probably does. Credibility and trust are earned and until a vendor has an opportunity to earn my trust, I'd rather shield my true financial information.<br /><br />On the other hand, you are now pretty much insulated since you will be reimbursed on any fraudulent charges on your card. But to be clear, having your credit card compromised is a huge hassle, so you want to avoid it.<br /><br />Truth be told, I don't use virtual credit cards very often. But I am also very selective about the online merchants I use. As always, you are better safe than sorry.<br /><br />Photo credit: <a href="http://www.flickr.com/photos/pmtorrone/118904267/">pt</a>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-74959469548808336082008-02-25T21:20:00.004-05:002008-02-25T21:32:48.738-05:00Wherefore broadcast SSIDs?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.pragmaticcso.com/Images/wireless-compromised.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 320px;" src="http://www.pragmaticcso.com/Images/wireless-compromised.jpg" alt="" border="0" /></a>It really is amazing how many open wireless network you can find. If you are somewhat technical, get a wireless scanner (like NetStumbler) and see what you can find. Once you are in there, you can use an open source tool like Metasploit to attack, I mean test, the machines you find on the open network. Statistically, you'd probably be successful in compromising machines a majority of the times you try.<br /><br />Yes, that's scary stuff. It's also why the first step on Security Mike's Guide is to secure your networks. One of the common misconceptions is that you need to stop broadcasting your SSID, which is the network identifier of your wireless network. I'm with Steve Riley on this one. <a href="http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx">He does a pretty good treatment about why it doesn't matter whether you broadcast or not</a>.<br /><br />Whether someone can see your network or not is besides the point. The real question is whether they can access it. By doing some very simple security configurations on your wireless router, you can make it a LOT harder to penetrate.<br /><br />Photo credit: <a href="http://www.flickr.com/photos/smarta/2105851299/">dasmart</a>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-10313247101092686112008-02-22T06:33:00.004-05:002008-12-10T03:54:53.580-05:00PayPal E-mail authentication<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1d-7uBD2bb3vPECVxht0l-B-2he6F6dcus92qHnJgNNiyGCFXjrNRmjyIjsKpajCA2g9l51jLjyH-f24OpYwQZJt7xYM_uh1uKuItP4oVbBflCEP2KRRFfqcZaWCfa4CHU0fuwvxPzjtr/s1600-h/PayPal-logo.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1d-7uBD2bb3vPECVxht0l-B-2he6F6dcus92qHnJgNNiyGCFXjrNRmjyIjsKpajCA2g9l51jLjyH-f24OpYwQZJt7xYM_uh1uKuItP4oVbBflCEP2KRRFfqcZaWCfa4CHU0fuwvxPzjtr/s400/PayPal-logo.jpg" alt="" id="BLOGGER_PHOTO_ID_5169771366328959826" border="0" /></a><br />PayPal is one of the 2-3 most phished brands out there. That means they are targeted more often by phishing attacks than anyone else. If you use PayPal, then you need to be aware of the security capabilities they use to protect your account information. <a href="http://www.networkworld.com/news/2008/020408-paypal-email-authentication.html">NetworkWorld had a recent interview discussing their security methods.</a><ol><li><span style="font-weight: bold;">Two-factor authentication</span> - PayPal will issue you a token to more securely authenticate to your account. It costs $5 and you'll have to carry it around. I definitely adds more security to your account, but you have to carry the thing around. Did I mention you have to carry it around? I think using a strong password will provide enough security.<br /><br /></li><li><span style="font-weight: bold;">Signed e-mail</span> - PayPal also used a technology called DKIM (domain keys internet mail) to add a digital signature to any emails they send to you. Many of the major email client (yahoo and gmail for sure) will tell you the message is signed. This verifies that the message is actually from PayPal and not from an attacker. Below you can see what the signature looks like in Gmail. The "signed-by" and "mailed-by" fields show that paypal.com has sent the message.<br /></li></ol><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjjoBHvEN4V2V9OjudoOySUHJh9SZ9bAyuatiAqgUxPGgp7KQp4aVR69UqGvdh23PnaFge63lfJ_GtihUw8gpPcRwc_5HFKrN7mYrsKUYjHmEKAZZXFNnNwIDF21cMrnVDNe5n3Q928LJo/s1600-h/PayPal-DKIM-signed.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjjoBHvEN4V2V9OjudoOySUHJh9SZ9bAyuatiAqgUxPGgp7KQp4aVR69UqGvdh23PnaFge63lfJ_GtihUw8gpPcRwc_5HFKrN7mYrsKUYjHmEKAZZXFNnNwIDF21cMrnVDNe5n3Q928LJo/s400/PayPal-DKIM-signed.jpg" alt="" id="BLOGGER_PHOTO_ID_5169769897450144578" border="0" /></a><br />As usual, an ounce of awareness is worth a couple of pounds of protection. Your own knowledge is far and away your best defense.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com2tag:blogger.com,1999:blog-3607386031537085886.post-34157134475002486332008-02-21T12:32:00.003-05:002008-12-10T03:54:53.779-05:00Don't bank at Starbucks<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo7km_tXW7B2tO7bk_dAGE7ntHF3pJ1zQXF9eYPcKl8v_NvJBxkL5VA3kKbuxhPXoVTqQGANMcaLm-JNI6UHNqygM3xCANxNwHpTTiQhyphenhyphenk_RkYUApbfgApKdEtDJ47R9Uiia-1TewXJB-z/s1600-h/Mossberg-public-WiFi.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo7km_tXW7B2tO7bk_dAGE7ntHF3pJ1zQXF9eYPcKl8v_NvJBxkL5VA3kKbuxhPXoVTqQGANMcaLm-JNI6UHNqygM3xCANxNwHpTTiQhyphenhyphenk_RkYUApbfgApKdEtDJ47R9Uiia-1TewXJB-z/s400/Mossberg-public-WiFi.jpg" alt="" id="BLOGGER_PHOTO_ID_5169487915667292978" border="0" /></a><br /><a href="http://mailbox.allthingsd.com/20080124/when-your-computer-starts-up-slowly/">The Wall Street Journal's Walt Mossberg has some sage advice here</a> about what you should and SHOULD NOT do on public Wi-Fi networks. The reality is that it's easy to compromise your machine and your data on these networks. A bad guy can set up a fake access point, or compromise your internal routing tables, or download a Trojan onto your machine.<br /><br />I know, I know - what else are you going to do at Starbucks? You've got a couple of options. Personally, I use a 3G EVDO wireless service from Verizon (Sprint and AT&T also have competing services) to provide my connectivity when I'm out of the office.<br /><br />Yet, the reality is that I do connect on some public WiFi networks. It's not frequent, but it does happen. To protect those sessions, I use a public VPN service to encrypt the traffic from my machine to the Internet. The service I use is from <a href="http://www.witopia.net/personalmore.html">WiTopia</a>. There are a bunch of other one's and you could also set up a proxy server on your own network if you are technically-inclined.<br /><br />The main point is to reiterate Mossberg's view. Don't do anything sensitive on a public WiFi network. It's bad for the health of your identity.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-16234383876555878112008-02-20T15:06:00.003-05:002008-12-10T03:54:53.944-05:00Make sure it's really Microsoft Update<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpxw5tH2pscNGZwcUy642VC30tCxA-QoLrks0tY0LUglY4VBEUOxvytpAbrhKZO7f1gq-b5Q_Bk8tUj-S_K3pR_1N-mDeIr3gXE1X-1W894_qJFSPCtUOkQPa-szPl_GTbCvsw5hGc1a9P/s1600-h/Windows-Update.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpxw5tH2pscNGZwcUy642VC30tCxA-QoLrks0tY0LUglY4VBEUOxvytpAbrhKZO7f1gq-b5Q_Bk8tUj-S_K3pR_1N-mDeIr3gXE1X-1W894_qJFSPCtUOkQPa-szPl_GTbCvsw5hGc1a9P/s400/Windows-Update.jpg" alt="" id="BLOGGER_PHOTO_ID_5169159904719930146" border="0" /></a><br />The innovation on the part of the bad guys continues to amaze. <a href="http://www.scmagazineus.com/Bogus-Microsoft-Update-page-appears-in-wild-delivered-under-real-URL/article/105155/">Per SC Magazine</a>, these folks are using some URL obfuscation to get you to a Microsoft Update imposter site. <a href="http://www.f-secure.com/weblog/archives/00001374.html">F-Secure is credited with finding the bad site</a>, and there are lots of details on their blog site.<br /><blockquote><p><span style="font-size:85%;">Finnish anti-virus firm F-Secure warned Friday that a new malware-laced Microsoft Update page has appeared in the wild and is hosted on a URL that incorporates the actual Microsoft Update address – microsoft.com/cfm48 – with a period substituted for a forward slash.<br /></span></p> <p><span style="font-size:85%;">The slightly modified URL takes the victim to a fake Microsoft Update “welcome” page that prominently features an urgent notice telling the visitor to install a “critical Windows XP/2000/2003/Vista update!” Install is mispelled on the bogus update page (“intall”), F-Secure reported. </span></p> <p><span style="font-size:85%;">An “Urgent Install” button appears in the fake notice, next to a prompt reading “Get critical update (obligatory).” Users who click on the button receive a file labeled WindowsUpdateAgent30-x86-x64.exe, which installs a trojan-dropper on the victim's PC. F-Secure said the bogus update page is a “fast flux” site and uses a wide range of IP addresses attached to the “cfm48.com" portion of the URL.</span></p></blockquote>If you are a consumer, what to do? Basically, make sure you launch Microsoft (or Windows) Update yourself. DO NOT click on a link that you get via email. Launch Microsoft Update and then it will take you to the correct update site. Scrutinize the address in the bar and make sure it's really a Microsoft site.<br /><br />And just be aware. That's usually the best defense.<br /><br /><blockquote></blockquote>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-46652117877677934592008-02-15T09:14:00.003-05:002008-02-15T09:27:55.521-05:00Now this is security awareness!<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://farm1.static.flickr.com/49/174591615_4cde21c829_m.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://farm1.static.flickr.com/49/174591615_4cde21c829_m.jpg" alt="" border="0" /></a><br />My friend Alan Shimel tells a great story about <a href="http://www.stillsecureafteralltheseyears.com/ashimmy/2008/02/is-security-in.html">how his oldest son is more security-aware</a> than 98% of the Internet users out there. And I may be conservative on that front.<br /><br />Yesterday I talked about <a href="http://securitymike.blogspot.com/2008/02/protecting-keys-to-your-kingdom.html">using strong passwords and protecting them</a>, since they are the key to the kingdom. But, as a technologist tends to do, I focused on throwing technology at the problem.<br /><br />The first rule of thumb is to not tell anyone your passwords. Not your wife, your dog, and certainly not your mother in law. And I get along with my mother in law. Shimel's son is right, he shouldn't tell his Dad the password. Trust has nothing to do with it.<br /><br />That being said, you always want to have fail safes. So make sure your passwords are stored somewhere, so if something does happen to you - someone else can pick up the pieces. Maybe keep it in your safety deposit box or with the trustee of your estate.<br /><br />And teach your kids these lessons. It's never too early to teach them safe Internet practices.<br /><br /><span style="font-size:78%;">Photo credit: <a href="http://www.flickr.com/photos/carina/174591615/">Silfverduk</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-48288521497990457062008-02-14T18:43:00.004-05:002008-12-10T03:54:54.384-05:00Protecting the Keys to Your Kingdom<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcSCAdTCeUHk1hsGiM-eDHE4ViUcelrtoXQjc23rRQrhCpQ3qU8GQAnkTxY9GHPviDfbyfhe3xhF5CgW__bTisN4aqHg87yd0fOfIUZcL18oCWJJW58AscTqtR9ODfwM1dws54GBJDefhw/s1600-h/secure-password-of-the-week.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcSCAdTCeUHk1hsGiM-eDHE4ViUcelrtoXQjc23rRQrhCpQ3qU8GQAnkTxY9GHPviDfbyfhe3xhF5CgW__bTisN4aqHg87yd0fOfIUZcL18oCWJJW58AscTqtR9ODfwM1dws54GBJDefhw/s320/secure-password-of-the-week.jpg" alt="" id="BLOGGER_PHOTO_ID_5166987600455926546" border="0" /></a><br />Passwords are the path of least resistance. Almost everything you do online is protected by a password. Your bank accounts. Your credit cards. Your online merchants. Of course, you could use different, very strong passwords (15-20 random characters) on each site, but who has time for that?<br /><br />Odds are you are like everyone else out there and use the same 2 or 3 passwords for all of your sites and you write them down on a piece of paper that you store in your wallet or at your desk. Don't feel bad, you aren't alone.<br /><br />But it's still not a good idea. <a href="http://blog.washingtonpost.com/securityfix/2008/01/safeguarding_your_passwords_1.html">Brian Krebs goes over a few password storage tips and tools in this post</a>. Send him a note and thank him. He's provides some great advice.<br /><br />I use Mac OS X for 95% of my computing tasks. So I bought the leading password manager for Mac users - <a href="http://1passwd.com/">1Password</a>. It works great. I let it generate very strong passwords for my sensitive sites. They are stored in it's secure vault and I let the tool fill in the forms on the web sites. It does cost money, but for me it's worth it.<br /><br />If you are looking for some free stuff, then Brian's post points to a couple of open source tools. I can't vouch for them because I've never used them. But figuring out a way to increase the strength of your passwords should be a priority.<br /><br /><span style="font-size:78%;">Photo credit: <a href="http://www.flickr.com/photos/slieschke/226873460/">Secure password of the week by Simon Lieschke</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-52537092260430799602008-02-14T18:31:00.004-05:002008-12-10T03:54:54.565-05:00To Catch a Phish: Practice, Practice, Practice<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqBt4a96itLoSLZMKVKngCajDSGY_3fSG_F0YT0ylOat2D2VtOfH6ZdYVuSNwTZph76XOIbAy9AUSUEELIdlPpVVlcLH7_BICLH5xVxIxPcqZ8OK7sIWFpkv-fQqxhFEv-WT02NeXKYJVY/s1600-h/phishing-victim.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqBt4a96itLoSLZMKVKngCajDSGY_3fSG_F0YT0ylOat2D2VtOfH6ZdYVuSNwTZph76XOIbAy9AUSUEELIdlPpVVlcLH7_BICLH5xVxIxPcqZ8OK7sIWFpkv-fQqxhFEv-WT02NeXKYJVY/s320/phishing-victim.jpg" alt="" id="BLOGGER_PHOTO_ID_5166984774367445762" border="0" /></a><br />Our adversaries are very good. Very very good. They are experts at deception and intrigue. They make a living (and a very good living at that) from separating you from your personal information. They prey on your gullability and trusting nature.<br /><br />I don't advocate that you become a full on paranoid like me. Everytime I get a strange email that seems suspicious, I'm tearing apart the headers and doing link analysis to figure out if the message is legit. And I'm just an amateur. I know a lot of guys that pull these messages apart professionally.<br /><br />Unfortunately, I'm not opening up your email nor are my security research friends. So you've got to learn to walk for yourself. How do you do that? I'm glad you asked. Step 7 in Security Mike's Guide will be all about detecting attempts at identity theft and other fraud techniques. What they look like, how to detect them, all of that stuff. I'm trying to teach you to fish (no pun intended), as opposed to just giving you a fish.<br /><br />But you can get started, while I'm still working on the Security Mike content. <a href="http://www.crn.com/security/205918025">CRN does a nice job in highlighting 10 phishing scams.</a> The bad guys have moved on from these, so the likelihood that you'll get this very attack is small. But the techniques don't change that often. So pay attention and apply a wee bit of paranoia when you are opening your emails and surfing the web, and you'll be a lot better off for it.<br /><br /><span style="font-size:78%;">Photo credit: <a href="http://www.flickr.com/photos/toasty/1276202472/">Hook, line and sinker... by ToastyKen</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-78110400971433926992008-02-13T10:33:00.003-05:002008-12-10T03:54:54.702-05:00February Patch Tuesday - Making up for Lost Time<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUFuYOJpcfhNoJ_34ec63fnf4BlYDXxRt6jA0m9QaP9wNkZAY2XjpxsFcH_ETsg3dr2m4_2wyteNLPtJ8bh6YZzoAV62394LW0RJEZCU1PIQK9u-oNecWGYVCne-Bec24LdBtrN73pF4pu/s1600-h/patch-tuesday.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUFuYOJpcfhNoJ_34ec63fnf4BlYDXxRt6jA0m9QaP9wNkZAY2XjpxsFcH_ETsg3dr2m4_2wyteNLPtJ8bh6YZzoAV62394LW0RJEZCU1PIQK9u-oNecWGYVCne-Bec24LdBtrN73pF4pu/s200/patch-tuesday.jpg" alt="" id="BLOGGER_PHOTO_ID_5166490080034292466" border="0" /></a><br />I sure hope we weren't lulled into a false sense of security by the very light January Patch events (only two fixes shipped). This month, we make up for lost time with 11 new patches to install. 6 critical, but all the same - just install them all. Better safe than pwned.<br /><br />You can get <a href="http://www.networkworld.com/news/2008/021208-microsoft-patch-tuesday.html">the specifics of the patches from NetworkWorld</a> or directly from the <a href="http://blogs.technet.com/msrc/archive/2008/02/12/february-2008-monthly-release.aspx">Microsoft Security Response Center</a>.<br /><br />Later today, updates (with screenshots of all the updates you should have installed) for Vista, XP, and two flavors of Mac (Leopard and Tiger) will be up on Security Mike's Portal. Log in to get the latest and greatest.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-71828132444615608402008-02-12T15:45:00.000-05:002008-12-10T03:54:55.441-05:00This Cupid I don't need<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilaNPkkkNJTaXLOaJAWVlUfl_dyQ0q3T1yJU-3tCo8rA9twjih1eKzHIxgDco6HmFo62eMDE1O4PEq9qjWBGiz8KLLDDRzGHq7qXq1Y8PrKq28iGsXc00ejw6vhfx4idPzsiK9Hsyl-PQP/s1600-h/cupid_tattoo.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilaNPkkkNJTaXLOaJAWVlUfl_dyQ0q3T1yJU-3tCo8rA9twjih1eKzHIxgDco6HmFo62eMDE1O4PEq9qjWBGiz8KLLDDRzGHq7qXq1Y8PrKq28iGsXc00ejw6vhfx4idPzsiK9Hsyl-PQP/s320/cupid_tattoo.jpg" alt="" id="BLOGGER_PHOTO_ID_5166200698022789858" border="0" /></a><br />With this weeks festive Valentine's Day celebration upon us, the social engineers are back at work. These folks come up with new and innovative ways to get you to open email and then own your machine. The payload is usually the eponymous Storm worm, so be on your guard. You can get more details about what the <a href="http://www.networkworld.com/community/node/24930">FBI thinks is in store for the rest of this week</a>.<br /><br />Don't fall for it. By using the tactics discussed in <a href="http://www.securitymike.com">Security Mike's Guide</a> you are reasonably protected, but there is nothing that substitutes for good old common sense.<br /><br />I'm sure you have plenty of secret admirers, hopefully they'll send you flowers. Email solicitations to click on links, you don't need. If it seems too good to be true, it is. If it's a love note from someone that doesn't love you, don't open it.<br /><br />The best way to protect yourself online is constant vigilance. Expect the worst from folks on the Internet, they rarely let you down.<br /><br /><span style="font-size:85%;">Cupid image originally uploaded by <a href="http://www.flickr.com/photos/shoelessjoe/2052098058/">Shoeless Joe/64.</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-38454670801177900902008-02-08T06:31:00.000-05:002008-12-10T03:54:55.650-05:00Mike Rothman - The 419<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI8xc0i1eogKuYBbxnxbjfVM8yiuiWT0jyhcqcwGFw4iXQqBl_Jkl35xkBaz_Yo0a5DrCu5JEj5kc7nJE7sxCV0k2ccpnexynmHhZBgetaSIEsGwnY0Wjja1dL7xiFtZfuvk7WAufHBOAi/s1600-h/scam-truck.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI8xc0i1eogKuYBbxnxbjfVM8yiuiWT0jyhcqcwGFw4iXQqBl_Jkl35xkBaz_Yo0a5DrCu5JEj5kc7nJE7sxCV0k2ccpnexynmHhZBgetaSIEsGwnY0Wjja1dL7xiFtZfuvk7WAufHBOAi/s400/scam-truck.jpg" alt="" id="BLOGGER_PHOTO_ID_5164575070813463138" border="0" /></a><br />I do get some random stuff in my email, but this one takes the cake. Evidently, someone calling themselves Mike Rothman is running a <a href="http://en.wikipedia.org/wiki/Advance_fee_fraud">419 scam</a>. Here is the message, then we can decompose it to see the typical "tells" that indicate that there is a REALLY high likelihood the message is bogus.<br /><br /><blockquote> From: XXXXX<br />To: mike_rothman@XXXXXX<br />Subject: RE: Att.<br />Date: Thu, 7 Feb 2008 22:36:52 +0100<br /><br /><br />Dear mr Rothman,<br /><br />I do not know you either, so I will send you some pictures of my estate in Germany, you can look at it at google earth from above. Sended you the adress before.<br /><br />XXXXXX<br />Barendorf<br />Germany<br /><br />#############<br /><br />My age is 50, married with a German Lady, having two Sons.<br /><br /><br />Further, I 'am not interested in the company you are working for, only how to get the money to Germany. <strong>BUSINESS</strong> ! ! !<br /><br />Now it's your turn.<br /><br /><br />Sincerely<br /><br />XXXXXXXXXXX<br /><br /><br /><br /><hr /> From: mike_rothman@XXXXXX<br />To:<span style="text-decoration: underline;"> XXXXXXXXX</span><a href="mailto:multimodis_hoeksema@hotmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"></a><br />Subject: Att.<br />Date: Thu, 7 Feb 2008 21:25:38 +0100<br /><br />Att. XXXXX,<br />I received your quick response to my proposal. To formally introduce my self to you, I am an old top banker and have worked with Scottish Investment Trust for so many as one of their fund manager. I am an international staff, presently in Scotland office.<br />Scottish Investment Company is registered in Scotland number 1651. I started work with SIT 2004 and I am responsible for the European Jurisdiction Equity. I was with Abbey National Asset mangers before I moved to SIT, and a member of CFA institute.<br />I graduated from University of Dundee and Edinburgh where I got my BSc and MBA in civil engineering respectively.<br />First, I believe it is necessary for me to express my profound gratitude to you for even responding to my email with interest. I am obliged to you for your gracious concern and I hope your assistance is really genuine, although through your email I would know if I could count on you at least to an extent. <script><!-- D(["mb","\u003cbr\u003eI sincerely, appreciate your interest to assist me in this project. I need a reliable foreigner who would be of assistance to me in order to have the funds transferred. \u003cbr\u003eHowever, I would like to be convinced of your willingness, commitment and most of all your trustworthiness to execute this deal with me. I certainly cannot compromise any of these virtues, you know what I mean, and I have my principles.\u003cbr\u003eWithout doubt, you will eventually earn the benefits or our partnership if we are able to work things out and have the funds relocated within couple of weeks or thereabout and thereafter disbursed to your other respective accounts. \u003cbr\u003eIndeed, it is necessary for me to be certain of the person to whom I will be entrusting this deal, my trust will definitely not be given out lightly, I need to be fully convinced that you are a matured person with some integrity, we should at least have respect for each other, this I would say is very essential. \u003cbr\u003e\u003cbr\u003eScottish Investment Trust (SIT) was founded in 1887; The Scottish Investment Trust (SIT) today is one of the world’s oldest and largest independent, self-managed investment trusts with assets of over £45 billion at 30 September 2007.\u003cbr\u003eWe have been working to provide solid returns for investors for over 115 years - through a number of bull and bear markets and the most volatile conditions. Our approach has generated real long term growth in both capital and income.\u003cbr\u003eWhen you invest in SIT you are buying shares in a company that invests in the stocks and shares of companies on the world\u0026#39;s major stockmarkets. Your investment has the potential to grow both through incomes from dividends and through capital growth from increases in share price.\u003cbr\u003eSIT has a diversified equity portfolio and invests in a broad spread of international equities. Although there is always an element of risk involved in any stockmarket investment, we aim to lower this by spreading investment over numerous companies and sectors around the world, while actively searching for opportunities to benefit our investors and maximise returns.",1] ); //--></script><br />I sincerely, appreciate your interest to assist me in this project. I need a reliable foreigner who would be of assistance to me in order to have the funds transferred.<br />However, I would like to be convinced of your willingness, commitment and most of all your trustworthiness to execute this deal with me. I certainly cannot compromise any of these virtues, you know what I mean, and I have my principles.<br />Without doubt, you will eventually earn the benefits or our partnership if we are able to work things out and have the funds relocated within couple of weeks or thereabout and thereafter disbursed to your other respective accounts.<br />Indeed, it is necessary for me to be certain of the person to whom I will be entrusting this deal, my trust will definitely not be given out lightly, I need to be fully convinced that you are a matured person with some integrity, we should at least have respect for each other, this I would say is very essential.<br /><br />Scottish Investment Trust (SIT) was founded in 1887; The Scottish Investment Trust (SIT) today is one of the world’s oldest and largest independent, self-managed investment trusts with assets of over £45 billion at 30 September 2007.<br />We have been working to provide solid returns for investors for over 115 years - through a number of bull and bear markets and the most volatile conditions. Our approach has generated real long term growth in both capital and income.<br />When you invest in SIT you are buying shares in a company that invests in the stocks and shares of companies on the world's major stockmarkets. Your investment has the potential to grow both through incomes from dividends and through capital growth from increases in share price.<br />SIT has a diversified equity portfolio and invests in a broad spread of international equities. Although there is always an element of risk involved in any stockmarket investment, we aim to lower this by spreading investment over numerous companies and sectors around the world, while actively searching for opportunities to benefit our investors and maximise returns.<script><!-- D(["mb","\u003cbr\u003eWe aim to provide steady growth in both capital and income, whilst prudently spreading investment risk. We consider these to be the key requirements for anyone seeking a solid core holding for their investment planning. \u003cbr\u003e\u003cbr\u003eHowever, in my First Email Proposal to you, I stated that the said funds came out as a result of the following: \u003cbr\u003e\u0026quot;\u0026quot;I handle all our Investor\u0026#39;s Direct Capital Funds and secretly extract 1.3% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the Investor\u0026#39;s Magellan Capital Funds. \u003cbr\u003eAs an expert, I have made over £27.4m from the Investor\u0026#39;s EMRCP and hereby looking\u003cbr\u003efor someone to trust who will stand as an Investor to receive the funds as Annual Investment Proceeds from Scottish Magellan Capital Funds. \u003cbr\u003e\u003cbr\u003eEXPLANATION: I have more than 158 Corporate Investors attached to my PORTFOLIO who’s Capital Investment Funds are been managed and administered by me alone.\u003cbr\u003eThis Capital Investment Funds has a value of US$5.4Billion FIXED. The $5.4billion is been used for trading in Stock Market, Crude Oil and Lending with Profit Returns. \u003cbr\u003eEvery Year, each Corporate Investor is expected to receive 20% interest from his total Investment Capital Funds which is paid to the Investor annually as their Excess Maximum Return Capital Profit (EMRCP). However, I made average of 21.3% from the Investor\u0026#39;s Investment Capital Funds annually, which have exceeded our targeted 20% of Total Investment Capital Funds. On this note, I retained the extra 1.3% from the 21.3% as my personal profits for managing the Capital Investment which is this £27.4m. On the other hands, I cannot claim this funds without presenting someone to stand as an Investor otherwise our Establishment will convert the funds into the Company\u0026#39;s Treasury. This is why I came to you for the deal to take place. \u003cbr\u003eDURATION: If you are very serious as I am, we will have this transaction concluded with 25 Banking days from the date of start. \u003cbr\u003eHowever, for such a business of lofty magnitude, I think the most important thing is for us to build a strong association between each other so that I can be able to trust you because I have been betrayed by so many people even by my co workers that I have now decided to play my cards very close to my chest. I will like this deal to be secret and confidential. No third party. Just between you and me. Do not discuss it with any Scottish Investment staff to avoid jeopardizing my work and position.",1] ); //--></script><br />We aim to provide steady growth in both capital and income, whilst prudently spreading investment risk. We consider these to be the key requirements for anyone seeking a solid core holding for their investment planning.<br /><br />However, in my First Email Proposal to you, I stated that the said funds came out as a result of the following:<br />""I handle all our Investor's Direct Capital Funds and secretly extract 1.3% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the Investor's Magellan Capital Funds.<br />As an expert, I have made over £27.4m from the Investor's EMRCP and hereby looking<br />for someone to trust who will stand as an Investor to receive the funds as Annual Investment Proceeds from Scottish Magellan Capital Funds.<br /><br />EXPLANATION: I have more than 158 Corporate Investors attached to my PORTFOLIO who’s Capital Investment Funds are been managed and administered by me alone.<br />This Capital Investment Funds has a value of US$5.4Billion FIXED. The $5.4billion is been used for trading in Stock Market, Crude Oil and Lending with Profit Returns.<br />Every Year, each Corporate Investor is expected to receive 20% interest from his total Investment Capital Funds which is paid to the Investor annually as their Excess Maximum Return Capital Profit (EMRCP). However, I made average of 21.3% from the Investor's Investment Capital Funds annually, which have exceeded our targeted 20% of Total Investment Capital Funds. On this note, I retained the extra 1.3% from the 21.3% as my personal profits for managing the Capital Investment which is this £27.4m. On the other hands, I cannot claim this funds without presenting someone to stand as an Investor otherwise our Establishment will convert the funds into the Company's Treasury. This is why I came to you for the deal to take place.<br />DURATION: If you are very serious as I am, we will have this transaction concluded with 25 Banking days from the date of start.<br />However, for such a business of lofty magnitude, I think the most important thing is for us to build a strong association between each other so that I can be able to trust you because I have been betrayed by so many people even by my co workers that I have now decided to play my cards very close to my chest. I will like this deal to be secret and confidential. No third party. Just between you and me. Do not discuss it with any Scottish Investment staff to avoid jeopardizing my work and position.<script><!-- D(["mb","\u003cbr\u003e\u003cbr\u003eBefore we go into this deal, I will like to know about you.\u003cbr\u003eFollowing this mail, send me your telephone number so I can call you to discuss on the modalities of the transaction. You may as well call me on my number +44 704 571 0649 so that we can discuss on the modalities of the transaction. \u003cbr\u003eSincerely \u003cbr\u003eMike Rothman\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\n\u003cblockquote\u003e\n\u003chr\u003e\nFrom: \u003ca href\u003d\"mailto:multimodis_hoeksema@hotmail.com\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003emultimodis_hoeksema@hotmail.com\u003c/a\u003e\u003cbr\u003eTo: \u003ca href\u003d\"mailto:mike_rothman@live.com.au\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003emike_rothman@live.com.au\u003c/a\u003e\u003cbr\u003eSubject: \u003cbr\u003eDate: Thu, 7 Feb 2008 13:09:36 +0100\u003cbr\u003e\u003cbr\u003e\n\n \u003cbr\u003e \u003cbr\u003eDear mr. Rothman,\u003cbr\u003e \u003cbr\u003eI\u0026#39;am a businessman, Dutch, living and working in Germany have several companies.\u003cbr\u003e \u003cbr\u003eoff course I\u0026#39;am interested for the 30%.\u003cbr\u003e \u003cbr\u003eWhen this is phishing I\u0026#39;am not interested and can you better try to find someone else.\u003cbr\u003eI will not pay any money for taxes, transport, lawyers, barristers or others.\u003cbr\u003e \u003cbr\u003e \u003cbr\u003eSincerely\u003cbr\u003e \u003cbr\u003e \u003cbr\u003edrs. J.Hoeksema\u003cbr\u003e0049 173 2433 759\u003cbr\u003e\u003cbr\u003e\n\u003chr\u003e\nBlijf onderweg online met Windows Live for Mobile! \u003ca href\u003d\"http://www.windowslivemobile.msn.com/nl/\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003eDownload \u0026#39;t nu op jouw mobiele telefoon.\u003c/a\u003e \u003c/blockquote\u003e\u003cbr\u003e\n\u003chr\u003e\nExpress yourself instantly with MSN Messenger! \u003ca href\u003d\"http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003eMSN Messenger\u003c/a\u003e \u003c/blockquote\u003e\u003cbr\u003e\n\u003chr\u003e\nIn 2 tellen je eigen webpagina voor al je foto\u0026#39;s! \u003ca href\u003d\"http://spaces.live.com/\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003eMakkelijk en gratis met Windows Live Spaces\u003c/a\u003e \u003c/blockquote\u003e\u003cbr\u003e\u003chr\u003eExpress yourself instantly with MSN Messenger! \u003ca href\u003d\"http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\u003e",1] ); //--></script><br /><br />Before we go into this deal, I will like to know about you.<br />Following this mail, send me your telephone number so I can call you to discuss on the modalities of the transaction. You may as well call me on my number +4XXXX so that we can discuss on the modalities of the transaction.<br />Sincerely<br />Mike Rothman<br /><br /><br /><hr /> From: XXXX<br />To: <a href="mailto:mike_rothman@live.com.au" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mike_rothman@XXXXX</a><br />Subject:<br />Date: Thu, 7 Feb 2008 13:09:36 +0100<br /><br /><br /><br />Dear mr. Rothman,<br /><br />I'am a businessman, Dutch, living and working in Germany have several companies.<br /><br />off course I'am interested for the 30%.<br /><br />When this is phishing I'am not interested and can you better try to find someone else.<br />I will not pay any money for taxes, transport, lawyers, barristers or others.<br /><br /><br />Sincerely<br /><br /><br />XXXXXXX</blockquote>To be clear, I haven't called the numbers to truly verify it's a phishing scheme. Who has time for that? But this message would have been on the express train to the circular bin for a couple of reasons:<br /><ol><li><span style="font-weight: bold;">The complicated story</span> - The scammer uses a fairly complicated story, which would really require an investment professional to figure out whether it's kosher or not. But all that complicated vernacular contributes to building a credible front in the form of the Scottish Investment Trust, which is a global and well known investment house.<br /><br /></li><li><span style="font-weight: bold;">The request for "confidentiality"</span> - The fact that this guy is claiming that he's got some additional funds because he "out-performed" sound like a hoax to me. Also the fact that he's requested confidentiality, even from other SIT personnel means this is a ruse.<br /><br /></li><li><span style="font-weight: bold;">The fact that he needs a "foreigner" to place the money</span> - Again, this just sounds funky. If he outperformed the expectation, I'm sure he'd be due a nice bonus from SIT. Not an illicit $35 million dollar payout that he needs to get out of the country.<br /><br /></li><li><span style="font-weight: bold;">Other inconsistencies</span> - You can't see the domain (I removed it), but it's a public email service in Australia. Yet the phone number he provided (I removed that also) is in the UK. These are inconsistencies that you need to catch.</li></ol>But most of all USE YOUR HEAD. Seriously. Even if you play the lottery, you need to take action to buy the ticket. Beware of strangers offering gifts in the millions of dollars. If it sounds too good to be true, it pretty much is.<br /><br />Instead the victim shared information about his life and family. He attached pictures of his house and put in addresses and phone numbers (which I removed to protect the idiotic). It's just ridiculous.<br /><br />As Barnum said, there is a sucker born every minute. Don't you be one of them.<br /><br /><span style="font-size:78%;">Photo credit: <a href="http://www.flickr.com/photos/jepoirrier/2046188221/">http://www.flickr.com/photos/jepoirrier/2046188221/</a></span>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com1tag:blogger.com,1999:blog-3607386031537085886.post-69047770045418081922007-12-07T14:35:00.000-05:002007-12-07T14:41:27.979-05:00Can you hear that? It's a Skype vulnerability.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.feelphones.com/wp-content/uploads/2007/10/skype-logo.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://www.feelphones.com/wp-content/uploads/2007/10/skype-logo.jpg" alt="" border="0" /></a><br />Those of you out there that really enjoy the free (or low cost) calling afforded by Skype need to be aware of a recent vulnerability found in Skype for Windows. TippingPoint's Zero Day initiative is responsible for the disclosure and pushing Skype to patch the issue. So update your Skype as soon as you can. You want to make sure you have version 3.6.0.216 or later.<br /><br />For more information, check out <a href="http://secunia.com/advisories/27934/">Secunia's write-up of the vulnerability</a>.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-50963875764214130322007-12-04T08:56:00.000-05:002007-12-04T09:03:52.428-05:00When typos attack<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.typolover.com/images/TYPO.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 200px;" src="http://www.typolover.com/images/TYPO.jpg" alt="" border="0" /></a><br />We all make mistakes. In my case, it's pretty much all through the day. I tend to type pretty fast and let spell checker figure it out. But in the case of browsing the web, these innocent typos may not be so innocent.<br /><br />According to a recent McAfee study, <a href="http://biz.yahoo.com/prnews/071119/aqm043.html?.v=24">a new attack vector is called "typo-squatting,"</a> which preys upon the folks that make simple typos when browsing. The bad guys register domains that seem like the one you are looking for. Then the fun begins. "<span style="font-style: italic;">These squatter-run sites generate click-through advertising revenues, lure unsuspecting consumers into scams and harvest email addresses to flood users with unwanted email.</span>"<br /><br />Since drive-by Trojans and other nasty web attacks don't need user interaction anymore, it's all the more important to make sure your devices are configured securely. Right, that's Step 2 in <a href="http://www.securitymike.com/">Security Mike's Guide</a>. Step 3 focuses on securely configuring your browser.<br /><br />Over the next week or so, when Step 4 goes live, you'll also learn about a utility that plugs into your browser to show whether a web site is good. None of these methods are totally foolproof, but the more layers of security you have, the more likely you won't get nailed.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-58229029975854126272007-12-03T15:51:00.000-05:002008-12-10T03:54:55.834-05:00A downside to being a Billionaire<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMqxf6c3Gy2xG4J5UoUotgMFsMzXvfE0oofr9HSIAZB2R8Q2SP2lsUW4oLR3VO-xGWw6tVv1iI2a4IZES0kcnbl6SKR_B1PamESU2T-bF144_1ZGMcJ_DmZN9OHC5jLj6WobqlBrnL0nx1/s320/michael_bloomberg.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMqxf6c3Gy2xG4J5UoUotgMFsMzXvfE0oofr9HSIAZB2R8Q2SP2lsUW4oLR3VO-xGWw6tVv1iI2a4IZES0kcnbl6SKR_B1PamESU2T-bF144_1ZGMcJ_DmZN9OHC5jLj6WobqlBrnL0nx1/s320/michael_bloomberg.jpg" alt="" border="0" /></a><br />I guess the grass isn't always greener on the other side. Even if the other side is you having a couple billion dollars. I dug into the archives for this post by Ed Dickson, which described how <a href="http://fraudwar.blogspot.com/2007/10/how-was-mayor-bloombergs-bofa-account.html">NYC Mayor Bloomberg was victimized twice</a>, almost simultaneously, by thieves trying to get at his multi-billion dollar wallet.<br /><br />Check out Ed's post for the details, but let's take a quick look at what we can learn from these attacks. The first was a pretty standard check counterfeiting attack. Not much you can do about that. If someone gets a copy of your check, with the routing number and account number, then they can produce a likeness that could be accepted by any number of merchants out there.<br /><br />The banks invest a lot in anti-counterfeiting marks on the checks, but in the end it's up to the merchant and your bank as to whether they will accept the fake. Most of the time they won't, but other times they may. That's why it's so important for you to keep on top of your finances and check your balances daily. Then you'll know if unauthorized charges are showing up. This is discussed in detail in Step 6 of <a href="http://www.securitymike.com/">Security Mike's Guide to Internet Security</a>.<br /><br />The second attack involved the criminal logging into Mr. Mayor's bank account and transferring money to a 3rd party financial institution. How did someone get his login and password? Who knows? It could have been anything. This is another example where staying on top of your account balances would have shown a weird transfer and you could have investigated it.<br /><br />I'm sure Bloomberg has people to look into this. That's how they found the issues and with a high profile victim like the Mayor, the banks and law enforcement will work hard to bring the perpetrators to justice. It makes for good PR. I'm sure the bank also returned the money right where they found it, and no one but the criminals are any worse for wear.<br /><br />So I guess the grass is greener after all for the Billionaires out there. If it's not, you certainly can afford a lot of spray paint, sod or whatever else you want to use to make your grass seem greener.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-47506573227965133442007-12-03T15:47:00.000-05:002008-12-10T03:54:55.998-05:00Did you blink? You may have missed Firefox 2.0.0.11<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUCFAcNi49naCs1yr8HvqsocRneTx2dFCcYG6_uXjh1CeYmiKWxsfrMv_wY0gFinMA8Tn_wtQyoa9WEDfQDBt1HmpPEuQskgpYdBppRzLTcIiyW40yLhJKh_ki3c7tlyzsiErHTWp1fZ7q/s1600-r/Firefox-2.0.0.11-success.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMfCbVI-Wf8soHnlFgUJN2ctRwUpPko09Y5hyphenhyphenxjagaeYD7LnG3hrGWlYxNjP8KKOD97rNl91b0DpIeJkenmdfMRI3iQCqNFkVSC2Jr72pXwbh0jbO7h1mOwT3ZmdvrLxAlIXJyTF3I4Txd/s200/Firefox-2.0.0.11-success.jpg" alt="" id="BLOGGER_PHOTO_ID_5139851975328870178" border="0" /></a><br />That's right, the fine folks at Mozilla bungled one of the updates associated with 2.0.0.10. I could do some research to figure out what they messed up, but do you really care? Right, I didn't think so.<br /><br />So just update to the latest version of Firefox and rejoice. Detailed instructions are on the <a href="http://www.securitymike.com">Portal</a> for Security Mike members.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-87125935981099546202007-11-30T10:41:00.000-05:002007-11-30T10:49:20.757-05:00Turn off Autorun - yet another reminder<a href="http://hackreport.net/2007/11/27/autorun-autocompromise/">Tony Bradley makes a great point on the Hack Report site about Autorun</a>. Sure it seems convenient that when you load in a CD, DVD, or USB stick to take some automatic actions. Isn't is great to have the new Springsteen disc start to play once you put it in?<br /><br />Actually, not so much. If any of that media is malicious, you've got no defense. If you remember back to the original Sony Rootkit issue from a few years back, most folks ended up installing the rootkit because they had Autorun engaged and the software automatically launched when the disc was loaded.<br /><br />It was my Velvet Revolver disc that infected me. But I'm reasonably technical, so I was able to remove it pretty quickly.<br /><br />I've already posted about this back in September in <a href="http://securitymike.blogspot.com/2007/09/autorun-is-hazardous-to-your-health.html">Autorun can be hazardous to your health</a>. But I think it's important enough to mention it again.<br /><br />So do yourself a favor and turn off Autorun. Detailed instructions are in Step 2 of Security Mike's Guide.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-87812304052398383222007-11-30T10:28:00.000-05:002007-11-30T10:32:59.177-05:00Security Mike Update: QuickTime 0day attack<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.geniusdv.com/weblog/archives/Avid%20and%20Quicktime.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://www.geniusdv.com/weblog/archives/Avid%20and%20Quicktime.jpg" alt="" border="0" /></a><br />The QuickTime 0day is out there and has gotten a lot of press this week. I've published an Update notification for Security Mike Members. Check out the Portal for instructions on how to deal with the issue. For the most part, the configurations shown in Security Mike's Guide protects against the QT attack, but there are exceptions.<br /><br />Once again, thinking before you click is a good thing to do.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-13895852177270570832007-11-27T18:44:00.001-05:002007-11-27T18:48:56.274-05:00I'm back<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://newsimg.bbc.co.uk/media/images/39921000/jpg/_39921764_shining_203.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 200px;" src="http://newsimg.bbc.co.uk/media/images/39921000/jpg/_39921764_shining_203.jpg" alt="" border="0" /></a><br />My little flirtation with blogging using the capabilities built into Security Mike's Portal didn't last too long. It turns out Blogger is really a great blogging platform and the stuff built into the Portal sucks. Sucks really bad.<br /><br />Sorry for the little diversion. If you have subscribed to the Feedburner feed (either through RSS or email) you don't have to do anything. If you do check out the web page, once again set your phaser to stun and point it at <a href="http://securitymike.blogspot.com/">Security Mike's Blog</a>.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-29725317858361045632007-11-27T18:26:00.000-05:002007-11-27T18:28:48.536-05:00Firefox 2.0.0.10 Update Posted<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.securitymike.com/Images/Updates/Firefox-2.0.0.10-version.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px;" src="http://www.securitymike.com/Images/Updates/Firefox-2.0.0.10-version.jpg" alt="" border="0" /></a><br />Another day, another Security Mike Update. This time Mozilla has updated the Firefox browser to 2.0.0.10 to address a pretty serious URI handling issue.<br /><br />Step by step instructions are available on the Portal. Once you log in, hit PAGES, then SECURITY MIKE'S UPDATES, then PATCHES and you'll see the Update.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-21712520484180353072007-11-27T18:21:00.000-05:002007-11-27T18:25:54.991-05:00TinyURL could be hazardous to your healthAs mentioned in this post by <a href="http://www.micropersuasion.com/2007/11/could-a-billion.html">PR aficionado Steve Rubel</a>, the TinyURL service went down briefly, which potentially leaves lots of other services in the lurch.<br /><br />Personally, I felt no pain because TinyURL was down. That's because I don't use it and I don't think you should either.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://tinyurl.com/toolbar.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 200px;" src="http://tinyurl.com/toolbar.jpg" alt="" border="0" /></a><br />Why? Because it allows potential attackers to hide bad URLs. Indulge me for a second, if an attacker wanted to get you to click on a link and browse to a web page with malicious cargo, all they would have to do is send you a spam email with a TinyURL link.<br /><br />Most people would just click on it and their machine would be compromised. But since you are reading Security Mike's Blog, you aren't most people. Thus, you'll get into the habit of not clicking on any obscured links - like TinyURL provides.<br /><br />I know the TinyURLs are much prettier. Beauty is only skin deep - remember that.Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0tag:blogger.com,1999:blog-3607386031537085886.post-84449980972010948942007-11-27T18:17:00.000-05:002007-11-27T18:21:27.642-05:00Apple Mac OS X 10.4.11 Update Posted<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://361degrees.files.wordpress.com/2007/05/mac-os-x.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 200px;" src="http://361degrees.files.wordpress.com/2007/05/mac-os-x.jpg" alt="" border="0" /></a><br />As part of Security Mike's update service, subscribers get step-by-step instructions on how to apply the most recent patches from the major OS vendors.<br /><br />Last week, Apple released a MASSIVE patch which updates the OS X operating system to version 10.4.11.<br /><br />If you are a Security Mike member and have registered for the Portal, you can get detailed instructions at this link:<br /><a href="https://www.securitymike.com/site.php/spgs/read/apple-osx-update-nov-2007/">https://www.securitymike.com/site.php/spgs/read/apple-osx-update-nov-2007/</a><br /><br />If not, you can subscribe at this link:<br /><a href="http://buy.securitymike.com/">http://buy.securitymike.com</a>Mike Rothmanhttp://www.blogger.com/profile/00774921525435236600noreply@blogger.com0