Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

The Most Important News You Didn’t Read About

Folks, this started happening in 2009, and you won’t know it unless you read certain InfoSec (ultra Geeky) blogs – today. 

Wonder what else of National Security Threat Level Red they’re not telling us? (Can’t p.o. the Chinese, man. They own our money (cuz we by cheap plastic crap from the Dollar Store/Wal Mart/etc.).)

* Chinese Hackers Steal Info from top secret U.S military data

QinetiQ, a UK-based defense contractor suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ’s faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S …Read more..

And for a more detailed report: Hackers Turned Defense Contractor QinetiQ Into Intelligence Playground For three years, digital thieves linked to China stole intellectual property and defense information from the U.K.-based firm.

For more than three years, hackers linked to China thoroughly compromised U.K.-based QinetiQ, a firm that bills itself as “a world leading defense technology and security company,” to steal intellectual property and sensitive defense information, according to reports of the incident.” Read more..

I put two up there ‘cuz this is.. kinda huge. (Make no mistake: these “hackers” are a unit in the PLA.)

Can’t say nothing ’bout that Internet-thingy that might shake consumer confidence, either. A handful of folks (like, 15 – two dozen) are making too much money.

So forget I mentioned it. But remember, not everyone in the “world wide” plays nice.

Related: The Cyber-Dam Breaks: Sensitive Army database of U.S. dams compromised; Chinese hackers suspected

The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid, including the growing percentage of electricity produced by hydroelectric dams.” Read more..

Unrelated: Beware of fake Facebook security page phishing scam

Trend Micro has spotted a malware sample, TSPY_MINOCDO.A, which targets Facebook users. The malware redirects users to a spoofed page of the social network and claims to be part of the site security check feature, even showing the tagline “Security checks help keep Facebook trustworthy and free of spam”. Users eager to log into Facebook may fall victim to this ruse.Read more...

Can’t say I didn’t warn ‘ya.

Today’s quote: When Mozart was composing at the end of the eighteenth century, the city of Vienna was so quiet that fire alarms could be given verbally, by a shouting watchman mounted on top of St. Stefan’s Cathedral. In twentieth-century society, the noise level is such that it keeps knocking our bodies out of tune and out of their natural rhythms. This ever-increasing assault of sound upon our ears, minds, and bodies adds to the stress load of civilized beings trying to live in a highly complex environment.” ~ Steven Halpern

Copyright 2007-2013 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.

May 4, 2013 Posted by | cyber crime, Cyberwarfare, hackers, Internet, Internet scam, News, security | , , , , , , , , , , , , , , , | Leave a comment

A Vast Criminal Enterprise Aimed At You

– Five Defensive Strategies

“Today’s Internet attacks are organized and designed to steal information and resources¹ from consumers and corporations. The web is now the primary route by which cybercriminals infect computers. Cybercriminals are planting malicious code on innocent websites. This code then simply lies in wait and silently infects visiting computers.

The scale of this global criminal operation has reached such proportions that Sophos discovers one new infected webpage every 4.5 seconds – 24 hours a day, 365 days a year. In addition, SophosLabs, our global network of threat analysis centers, is sent some 20,000 new samples of suspect code² every single day.

2008 at a glance

  • Biggest malware threats – SQL injection attacks against (legitimate) websites and the rise of scareware (aka “rogue” anti-malware programs)
  • New web infections – one new infected webpage discovered by Sophos every 4.5 seconds (24/7 x 365)
  • Malicious email attachments – five times more at the end of 2008 than at the beginning
  • Spam-related webpages – one new webpage discovered by Sophos every 15 seconds
  • New scareware websites – five identified every day
  • Top malware-hosting country – US with 37 percent
  • Top spam-relaying continent – Asia with 36.6 percent
  • Amount of business email that is spam – 97 percent

Injection attack? coming to get you By exploiting poorly secured legitimate websites, hackers have been able to implant malicious code onto them, which then attempts to infect every visitor. One of the reasons the web is so popular is that legitimate websites can attract large numbers of visitors, all of whom are a potential victim.
(This as also known as “poisoning”.)

Many well known organizations and brands have fallen victim to this kind of attack during 2008. Both large and small organizations have been targeted.
January 2008: Thousands of websites belonging to Fortune 500 companies, government agencies and schools/universities were infected with malicious code. more..

¹ read “money”
² read “malware”

Folks, this is taken from a whitepaper titled “Security Threat Report 2009” and produced by the IT Security firm Sophos. Some of the emphasis is mine. You can download the document here.
I want to take a moment to thank them for publishing this, and saluting their effort to combat malware and the criminals behind it. In fact, let me go a step further and salute all you whitehats out there. Thank you.

What you can do

1: please read Top 10 things you should do to your computer–updated. It is a checklist, and provides you with the How To’s for a (more) secure computer, as well as providing links to important (free) security downloads.
2: enable an anti-phishing filter, which can help alert you to poisoned websites before you go there. All modern browsers have a filter built in, and all you have to do is turn it on; or, you can add a toolbar/plug-in such as McAfee’s Site Advisor or the excellent WOT.
3: make sure ALL the programs on your computer are patched and up-to-date. The easiest and most effective way to do this (IMHO) is to download and install the PSI (Personal Software Inspector) from Secunia.
4: Never respond to e-mails asking for personal information. Legitimate businesses never contact you about “important issues” via e-mail. But criminals love to go phishing!
5: Be PARANOID on the Internet. (Use common sense) Think someone can’t trace back to you? Guess again; your browser reveals a wealth of information by default. Sound too good to be true? It is. There’s no such thing as a “free iPod”… and, no, you did not win the Irish Lottery. Is looking at sexually explicit material simply irresistible? Go to one of those video rental shops that has a back room instead of clicking links and images — a malware infection can cost you all your data and/or several hundred dollars in cleanup.. and/or many hours of your time..

Folks, the Internet is not Disneyland. Most knowledgeable people refer to it as the “wild, wild, West” (a reference to sheer lawlessness) but I like a different analogy better.. think of it as going into the Big City, and going down to the docks/warehouse district, alone, and at night.
You can do it, but you best be careful.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 12, 2008 Posted by | advice, anti-spyware, antivirus, computers, cyber crime, e-mail, hackers, how to, Internet, PC, Phishing, phraud, security, software, tech | , , , , , , , , , , , , , , , , , , | 3 Comments