Ever got those emails about a Nigerian businessman or merchant wanting to deposit money with you? or ..something on the lines of "I don't know where to keep all this money/treasure..I have so so much!", well..it is a bull****. and popularly known as 419 fraud, or called it the "Advance Fee Fraud". There some other forms of the same fraud too, and here is why it is a "fraud". Below incident prompted me to write this blog.
So my wife wanted to sell an iPod (we had an extra one, don't ask how), so we put it up on craigslist. Out of the 10 replies she got, 7 of them were strangely saying that they will pay MORE than what we have asked for. We were selling it for $70, ..the buyer (call him Charlie) was willing to pay $200. Strange? Yes. So here was the catch. Apparently, Charlie wanted us to pay him back the difference (why!) ..and then it would be all balanced. He messed with the wrong person though, since I was reading about this fraud that week (for a class that I teach). Here is how the fraud works.
1. Charlie requests that he will buy your item for $200 (even though you are selling for $70). Sometimes he may ask to keep a few dollars as reward for yourself (well..)
2. You agree, and ask Charlie for the money.
3. Charlie sends you a fake email that the money has been deposited.
4. Fake email says that you need to type in the mailing conformation number, or the bank confirmation number (for $200-$70=$130 difference you owe Charlie) for the deposit you made into Charlie's account.
5. You hit the bank submit button and pay $130 to Charlie (and record the confirmation #). You might have already shipped the item too!
6. Guess what! you've lost your money and also the item you shipped -- there is no Charlie, and neither has he deposited $200 into your account earlier. You check your account, and call your bank multiple times -- only to hear an angry voice that there has been no such deposit from Mr. Charlie!! "No deposits, no Charlie".
7. Now your item is enroute to some address (possibly someone waiting to picked up at a side walk) ..and your $130 is also gone. Heck!
WOW. genius! But these guys have been chased before -- some have been caught, and some are still at large. So if you get an email claiming to pay more (or ship item before confirming payment) ..please beware. I was lucky!
One last note. Most such email have someone named to be in Nigeria, or East Africa -- but I doubt all are true. Someone next door could writing these email, and claiming domicile in Nigeria..though this form of fraud apparently started here. Read more here:
http://en.wikipedia.org/wiki/Advance-fee_fraud
Tuesday, December 8, 2009
Sunday, November 1, 2009
National Cyber Security Awareness Month 2009
Yes, apparently there is one -- October is the National Cyber Security Awareness Month, and there has been a a lot of buzz about security this month.
Check: http://googleblog.blogspot.com/2009/10/celebrating-national-cyber-security.html
Oktoberfest is another kind of awareness month :) ..nothing to do with cyber security, but still fun!
Check: http://googleblog.blogspot.com/2009/10/celebrating-national-cyber-security.html
Oktoberfest is another kind of awareness month :) ..nothing to do with cyber security, but still fun!
Wednesday, September 16, 2009
Top 10 Reasons Why Mac OS X has No viruses, ..at least so far!
So, I asked this question in the class I teach "Why Mac OS X has no viruses" -- it is a good question, since the Mac user-base is gradually increasing and most laptops and PCs (with Microsoft Windows-based OS) are so easily infected by malware, virus, adware, spyware, etc..unless you take proper security measures, of course.
One student answered: "..because Mac has a very small number of users, so hackers are not interested".
While this is a possible reason, but not the only reason -- so I decided to do my "homework". So below are my reasons why it is so. Oh..but I am still with a Dell running Windows XP...meanwhile, wifey has recently got a Mac Book Pro -- and flaunting it around the house right now. :-)
Top 10 Reasons Why Mac OS X has No viruses
1. OS X is built on UNIX (actually, FreeBSD) – which is a multi user system with a security architecture built into it at the beginning of design itself. WINDOWS came from single-user architecture with security and multi user capability as an “after thought”. Patching does not help much!
2. UNIX had networking built into it from the beginning; again in Windows this was included at a later date. Also, most of Mac OS X was developed after the Internet, so the vulnerabilities were addressed during the design of OS X. Most viruses exploit the Internet connections, email and file transfer.
3. Windows built Internet Explorer into the O/S at a very deep level, and allowed code execution within the browser. In OS X the browser is a completely separate application -- not an integral part of the OS. Most virus or hackers exploit this vulnerability, since some malicious code can be run in the browser itself.
4. In earlier Windows everything ran as the system user (what!), so the capability to compromise an entire system was easier. Simply during a breach, hacker=system user! Close your eyes.
5. Microsoft’s backward compatibility mantra does not do them any favors -- all Microsoft OS need to run old software, so they need so many old APIs, all of which can have holes in them. The patches help “patch” the holes, but the patches may have holes too! Like the chicken-and-egg problem?
6. OS X has no registry. Ah ha…this is one of the biggest mistakes Microsoft made though it helps in organizing the applications well – how about organizing the security?
7. OS X asks for your password before allowing you to run new software or install something. Not fool proof, but at least fool resistant. Well.
8. Where do viruses usually hang out in Windows:
a. At the root.
b. In the user’s local settings temp folder.
c. In these folders: \windows, \system, \system32 — the most common places where viruses hide.
d. As registry entries.
None of those areas are exposed to the environment (or users) in OS X. You can’t see those folders. Virus writers can’t access them. Thus, viruses can’t exploit those areas. A recent Mac virus may have tried to exploit this – not much success.
9. Earlier, Mac’s ran on PowerPC (by IBM and Motorola), so not many weaknesses were not exploited by viruses. Many PCs. Laptops run on Intel’s microprocessors. Note however that Mac has started to use Intel’s processors now – welcoming some possible viruses? You can say that Mac maintains a “clean and secure” gene-pool, but how long will it last?
10. Mac has a smaller user-base, so there is more incentive for hackers or virus coders to attack the “big-fish” Microsoft XP or Windows Vista ..but not a tasty one :)
One student answered: "..because Mac has a very small number of users, so hackers are not interested".
While this is a possible reason, but not the only reason -- so I decided to do my "homework". So below are my reasons why it is so. Oh..but I am still with a Dell running Windows XP...meanwhile, wifey has recently got a Mac Book Pro -- and flaunting it around the house right now. :-)
Top 10 Reasons Why Mac OS X has No viruses
1. OS X is built on UNIX (actually, FreeBSD) – which is a multi user system with a security architecture built into it at the beginning of design itself. WINDOWS came from single-user architecture with security and multi user capability as an “after thought”. Patching does not help much!
2. UNIX had networking built into it from the beginning; again in Windows this was included at a later date. Also, most of Mac OS X was developed after the Internet, so the vulnerabilities were addressed during the design of OS X. Most viruses exploit the Internet connections, email and file transfer.
3. Windows built Internet Explorer into the O/S at a very deep level, and allowed code execution within the browser. In OS X the browser is a completely separate application -- not an integral part of the OS. Most virus or hackers exploit this vulnerability, since some malicious code can be run in the browser itself.
4. In earlier Windows everything ran as the system user (what!), so the capability to compromise an entire system was easier. Simply during a breach, hacker=system user! Close your eyes.
5. Microsoft’s backward compatibility mantra does not do them any favors -- all Microsoft OS need to run old software, so they need so many old APIs, all of which can have holes in them. The patches help “patch” the holes, but the patches may have holes too! Like the chicken-and-egg problem?
6. OS X has no registry. Ah ha…this is one of the biggest mistakes Microsoft made though it helps in organizing the applications well – how about organizing the security?
7. OS X asks for your password before allowing you to run new software or install something. Not fool proof, but at least fool resistant. Well.
8. Where do viruses usually hang out in Windows:
a. At the root.
b. In the user’s local settings temp folder.
c. In these folders: \windows, \system, \system32 — the most common places where viruses hide.
d. As registry entries.
None of those areas are exposed to the environment (or users) in OS X. You can’t see those folders. Virus writers can’t access them. Thus, viruses can’t exploit those areas. A recent Mac virus may have tried to exploit this – not much success.
9. Earlier, Mac’s ran on PowerPC (by IBM and Motorola), so not many weaknesses were not exploited by viruses. Many PCs. Laptops run on Intel’s microprocessors. Note however that Mac has started to use Intel’s processors now – welcoming some possible viruses? You can say that Mac maintains a “clean and secure” gene-pool, but how long will it last?
10. Mac has a smaller user-base, so there is more incentive for hackers or virus coders to attack the “big-fish” Microsoft XP or Windows Vista ..but not a tasty one :)
Tuesday, September 15, 2009
Survey about Using Good Passwords (asking for your 2 minutes)
This is a small survey which I plan to use as part of a research paper. It will less take less than 2 minutes. Please answer the following questions and hit submit.
Thanks for your participation and your time! Take care.
Link to the survey:
http://spreadsheets.google.com/viewform?hl=en&formkey=dEVhR3BkcUFobWM2VUZyUWV0Tmp2WEE6MA..
Microsoft Tool
http://www.microsoft.com/protect/fraud/passwords/checker.aspx
iPass Tool (best password will be highlighted in green)
http://sunrise.webfactional.com/ipass
Thanks for your participation and your time! Take care.
Link to the survey:
http://spreadsheets.google.
Microsoft Tool
http://www.microsoft.com/
iPass Tool (best password will be highlighted in green)
http://sunrise.webfactional.
...and another PHISHING attempt
"bsnl" is an internet service provider in India. These crawlers are getting smarter..but phishing is still phishing!
I like the warning message:
"...you are required to do this before the next 48hrs of receipt of this e-mail, or your Web mail Account will be de-activated and erased from our database."
Thank you very much -- I would be happy if you delete me from the "phishing database" :)
Thursday, September 10, 2009
DGTFX Virus Alert (yeah sure, ..it is an email phishing scam!)
Received this in my INBOX today. It is a phishing scam obviously..actually -- it not that "obvious" since the email looks pretty legitimate at first examination. But the scammers forgot that I teach IT security courses here ..oops, so it is no use messing with the wrong guy :) Anyway -- be careful guys.Good idea to alert your IT department, or consult a security alert focus group if you have any doubts. As the good man says "better safe, than sorry". Peace.
Monday, September 7, 2009
"Digital Life" after Death?
Seems like an irrelevant discussion at first thought, ha? No, I thought the same..while I was browsing through the September 14, 2009 issue of the TIME magazine. But the article "Managing your Online Afterlife" caught my attention after reading a few paragraphs.
So, what happens all the digital data floating around the WWW after you die? Apparently, major companies do have some security policies now to give access to information or emails exchanged by loved ones. Facebook, MySpace, Google, Yahoo! all have a policy of their own.
I found this article particularly interesting because it shows how important we (or relatives of loved one) consider any kind of digital information. If it was of no value -- no one would fight for it. In my opinion, yes, there is a lot of "precious" - social, personal, emotional, and intellectual information out there ..stored on data servers quietly clocking away in a dark server room.
As the author points out ..soon we might see a clause in someone's Will that tells -- how and who can access, and share information in my "after life".
Humm. Do I need to start using my dairy again?
So, what happens all the digital data floating around the WWW after you die? Apparently, major companies do have some security policies now to give access to information or emails exchanged by loved ones. Facebook, MySpace, Google, Yahoo! all have a policy of their own.
I found this article particularly interesting because it shows how important we (or relatives of loved one) consider any kind of digital information. If it was of no value -- no one would fight for it. In my opinion, yes, there is a lot of "precious" - social, personal, emotional, and intellectual information out there ..stored on data servers quietly clocking away in a dark server room.
As the author points out ..soon we might see a clause in someone's Will that tells -- how and who can access, and share information in my "after life".
Humm. Do I need to start using my dairy again?
Subscribe to:
Posts (Atom)
