Currently Browsing: Security

Mr. Barkev Hagopian

UPDATED: Since we’re getting random traffic for searches on “Mr. Barkev Hagopian” I’m here to tell you it is a spammer nom de plume. He’s also apparently the CEO of something called the Barkev Loan Firm, surely a demanding position, leaving him precious little time to spend with Mrs. Hagopian and all their little Hagopian children.

———————————————————————

Spam is funny. And by funny, I mean crippling.

Sir,

Good day to you. I am looking to work with a reputable firm to mop up most of my portfolio funds under. With your assistance I could evade high taxes that are frustrating the wealthy in US.

Can we work for the mutual beneficial relationship between yourself and my company?

I look forward to your prompt reply

Yours faithfully,

Mr. Barkev Hagopian,
USA.

WSG comments on that Congressman Weiner Twitter thing you’ve heard so much about.

There’s no such thing as privacy on social networks and web applications; there are only degrees of sharing. You can intend to share with only one person or intend to share with millions. He wrote “@username ” instead of “D @username ” and the rest is history. But what’s the difference between these two extremes of sharing? In the case of NY Congressman Andrew Weiner, it appears the difference was as slight as a keystroke, but is that really the case?

Weiner’s mistake was sending a public message when he wanted to sent a private message, but how much protection would that really have provided? What if he had succeeded in sending his lewd photo as a private missive and the recipient had turned around and posted it to Twitter, Facebook, Digg, their blog, anywhere? The point here is that once you’ve sent it, private or public, you have surrendered control of the content. And if you’ve sent it from an account which is unquestionably yours, you can’t claim it wasn’t you. You can claim someone hacked your account, but that’s not a smart move unless you can prove it. Weiner tried to say he was hacked. Tried, and failed.

So, to summarize the take away:

1. Most private case: Send a piece of content to a friend or trusted recipient and only your friend reads it.
2. Least private case: Sent a piece of content to everyone who’s looking, whether you’re aware they’re looking or not.

In case 1, when anyone can pretend to be someone they’re not, your internet trolling might end with you sending sensitive information to the wroooooong person. Then case 1 turns into case 2, and your boat is sunk.

There is no such thing as privacy on social networks. Just degrees of sharing. Be. Careful.

Barracuda Labs: Phishing Spam Targets Netflix Users

If you use Netflix, like me and 10 million other people, watch out for a phishing scam.  Barracuda Labs pushed out this warning today:

Just yesterday, Barracuda Labs intercepted thousands of copies of a spammed phishing attack aimed at customers of the popular online video rental service Netflix. While phishing attacks are nothing new, especially against financial institutions, this attack is particularly well done.

Their blog post is comprehensive, and worth a read.

Barracuda Networks Points Finger at Google in 2010 Mid-Year Security Report

Finger Pointing 3244332524_203683a98f_oBarracuda Networks today released their 2010 mid-year security report, and they’re looking askance at some big names.  For one thing, the headline on Barracuda’s site reads:

Google Crowned “King of Malware” – Has Two Times More Malware than Bing, Yahoo! and Twitter Combined

So, search with care, friends. We encourage you browse the report and see what they mean.

The finding are worth a read, and you can get through the report quickly.  The payoff is learning things like: of every 100 Twitter users, 90 have less than 100 followers.  (I’m in that top ten percent, if you’re wondering, and so is the WSG Twitter account.)

The 80-page report can be found here in PDF form.

TimesUnion inserts Albany Med ad on same page as St. Peter’s scandal story

Now, this is really nobody’s fault, but it is notable.  On the same page as a TimesUnion.com story about the theft of personal information at St. Peter’s Hospital here in Albany was a banner ad for their biggest competitor, Albany Medical Center.

The ad should have said – “Don’t go to the place where your personal data is stolen by a file clerk – Go to the place where the same thing could probably happen, but hasn’t yet.”

I refreshed this page 15 times for good measure, and saw the Albany Med ad twice, an ad for Ellis Hospital’s Mother of the Year program, and the rest of the ads were not related to medicine or hospitals.

timesunionstpetersalbanymedicalcenterad

Phishing attacks always a threat; When in doubt, just ask us.

A client of ours sent this over to me today asking if it was legitimate or not.  We get questions like this quite often, and we always tell folks to reach out to us in moments of doubt, rather than doing something potentially harmful.  We’re always, always glad you asked.  Here’s what was sent over this morning. 

Look below for the rest of the post.

—–Original Message—–

From: C Web Mail Team [mailto:webmailteam@webname.com]

Sent: Tuesday, April 13, 2010 8:00 AM

Subject: Attn: webmail Owner

Attn: webmail Owner

We just confirmed that you have not upgrade to the new web-mail version. That is why we are sending

you this massage to upgrade your account now. This is because we are preventing your web-mail from

closure. And also we have notice that your mail have been used for send spam mail to other mail.

To prevent your account from this you will have to send a verification massage so that we will

confirm from our computer system that you are the rightfully owner of this mail and also to upgrade

your account to the version. To upgrade your account you have to send us the following information

so that we can upgrade as soon as possible.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email User name : ……….

EMAIL Password : ………..

Date of Birth :………….

Last login:……………..

Warning!!! if you refuse to send this information to us within (1) weeks of receiving this warning you will

lose your account. Warning Code: PX2G99AAJ

Thank you for using webmail

………………………………………………..

NOTE: This message is authorize by the webmail Project email account protector unit.Notification message will be send back to you after verifying your account before account could be reset.

C All right reserve.

This is a common occurrence, and a nasty potential threat so let’s look at how this played out.  Someone – let’s call them Janice – receives an email asking her to click on a link, submit personal information, reply with answers to questions and so on, all in the name of making sure something bad doesn’t happen to her.  Things like the protection of her bank account, the continuity of her webmail access, a shinny opportunity like free tickets or an iPod and so on.  The request is presented in ambiguous enough a manner as to keep Janice from dismissing it out of hand.  If it was something more cartoonish like a Viagra solicitation or an invitation to a gambling web site, Janice might have been able to click ‘delete’ and move on.

In this case, Janice is left to wonder – should she or shouldn’t she.  Should she send her birthday, password and username to the system administrator or not?  What if her webmail access was turned off?  How would she re-activate it?

We hope that Janice and everyone else will consider a third option – ask for help.  We can quickly answer the question for you.  Avoid, avoid avoid complying with requests like this, no matter now legitimate it might look.  Just ask us.  We can help you stay out of hot water.

Page 1 of 3123