Browsing Category: Social Engineering

Will Azure and Windows 7 solve the identity management mess?

From The New York Times, by Saul Hansell
Microsoft is at work on a couple of new technologies that may finally help enterprises unravel the giant ball of yarn that is user identity management. The head of the company’s server and tools business, Bob Muglia, said Microsoft’s Azure technology, as well as a tool called Direct Access in Windows 7, will give enterprises the help they need to make sense of identity management.

Read more...

Google search reveals 19,000 credit card details

Categories: Social Engineering

By Carrie-Ann Skinner, PC Advisor
 
The credit card details of 19,000 Brits that shopped online were freely available on Google, it has been revealed. Anyone using the search engine could have easily accessed not only the name and addresses of thousands [infoworld.com] of Visa, Mastercard and American Express card holders, but also the full card details too.
 
According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.  Google confirmed the information has since been removed.

Read more...

Cracking SIP passwords with SIP Digest Leak

Categories: Social Engineering, Videos

VoIP phones have taken off in both the enterprise and the consumer markets, thanks to their ease of deployment and low operating costs. But, as this video from Enablesecurity shows, there are a number of security risks that have yet to be addressed.

Read more...

Doing business with Heartland; Regaining the trust

Doing business with Heartland; Regaining the trust

By Andrew Storms
According to a this news article [computerworld.com] and a statement by Heartland [2008breach.com], competitors of the now PCI-delisted payment processor are using the breach as means to lure their customers.  Competitors are apparently suggesting that doing business with Heartland will result in fines from Visa.  That part is not true.  Visa has publicly stated that no fines will be levied against Heartland’s customers.   
However, would you continue to trust Heartland, its auditor and the PCI compliance standard to do their jobs in protecting your information?

Read more...

Card-sniffing malware on Diebold ATMs

By Bob McMillan, ComputerWorld
Diebold has released a security fix for its Opteva automated teller machines after cybercriminals apparently broke into the systems at one or more businesses in Russia and installed malicious software.

Read more...

Comcast passwords left unprotected online

User names and passwords belonging to more than 8,000 Comcast Internet customers were left exposed on the Web for at least two months. A post by Brad Stone on the Bits blog [NYTimes.com] details the situation, which was exposed by a Comcast customer from Pennsylvania.

Read more...

Sir Tim Berners-Lee is a cybercrime victim

(By Richard Gray, Telegraph.co.uk)

Sir Tim Berners-Lee, the creator of the worldwide web, has revealed how he fell victim to online fraudsters while trying to buy a gift over the internet.

Read more...

Apple patches iTunes password-stealing hole

Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player.
The company described the bug as a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user.  From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.

Read more...

Gmail flaw exposes ‘change password’ feature

Categories: Social Engineering

Dark Reading has the skinny on a new Gmail vulnerability that lets an attacker change a Gmail user’s password, wage a denial-of-service attack on the account, or even access other Gmail users’ email.

Read more...

L0phtCrack password cracker set to return

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.

The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference.

Read more...