Ryan Naraine

Consumers Should Clean Up Their Act on Personal Security

The growing use of social networking sites is leaving PC inadvertently open to identity thieves warned Hugh Thompson, chief security strategist at People Security.

Speaking at the RSA Europe Conference, Thompson said that people were unaware just how many clues they left for fraudsters. He said such carelessness was fuelling the rise of cybercrime. He told the conference about the way he managed to access one of his wife’s friend’s bank account in a couple of hours using publicly available data – a process that he had previously documented in a Scientific American article. He warned that most people’s private accounts could be accessed in this way.  Read the full article [Techworld/Maxswell Cooter]

Microsoft Malware Data Shows Trojans Rampant in USA

One week after the release of its Microsoft Security Essentials utility, Microsoft is sharing some very useful data on malware infections globally.In the first week alone, the tool counted four million detections on 535,752 distinct machines, with ID-theft related Trojans sitting atop the detected category in the US. China has lots of potentially unwanted software threats, and worms (particularly Conficker) are very active in Brazil.

Gartner’s Pescatore: Cybersecurity Complacency Everywhere

ZDNet’s Larry Dignan has an interesting report on Gartner security guru John Pescatore providing his 2010 cyberthreat
assessment, noting that not a lot has changed — other than the complacency
levels of companies that are supposed to be protecting your data.


A former Ford Motor Company engineer has been indicted on charges of theft of trade secrets, attempted theft of trade secrets and unauthorized access to protected computers.  Xiang Dong Yu, also known as Mike Yu, was arrested last week as he entered the country at Chicago O’Hare International Airport. 

USA Today is reporting on a new variant of scareware that not only inundates users with exhortations to purchase phony antivirus software called “Total Security 2009,” but that also locks users out of nearly all applications until they purchase the disreputable product.  Once their PCs are infected with the malware, the only program users can open is Internet Explorer, so they can navigate to the site and make a purchase.

The U.S. Government Accountability Office (GAO) has painted a bleak picture of the NASA’s IT security posture.
An audit of the space agency’s computer systems found weaknesses in
several critical areas, especially in the way NASA implemented access
controls like user accounts, passwords and the encryption of sensitive
data. Here’s the gist of the audit findings:

An ongoing spam campaign is once again attempting to impersonate Microsoft’s security team by mass mailing Conficker.B Infection Alerts that drop a sample of the Antivirus Pro 2010 scareware scam. Here’s a sample of what the text looks like:

Adobe isn’t the only software vendor struggling to cope with security vulnerabilities in PDF reader applications.   According to reports, there are numerous PDF applications —  including Foxit Reader and Xpdf — that allow attackers to infect systems with malware.