Viewing entries in
Security

Comment

Windows Technical Department

My wife got a call this evening on our phone from someone claiming to be from "Windows Technical Department" saying that my Windows computer had a virus.  Knowing that this was some sort of scam, Nicole says let me give you to my husband so he can work with you.  ;)  Oh, goodie.  I get to have fun with the guy.  We exchange pleasantries over the phone and trying to be as pleasant and chipper as I could be.  The poor sap does not know about what is going to hit him...

Me - "I will be happy to work with you to solve our virus problem."

Him - "Go ahead and turn on your computer."  Okay....my first problem.  He wants me to turn on my computer...I have 3 of them on in a 5 ft reach...all of them on.  :)

"Okay - Turned on."  I wonder if the 5 seconds it took me to "turn on my computer" was enough time.  "My Ubuntu Linux box is turned on."

"Look at your keyboard.  Do you see the 'C-T-R-L' key on the lower left of your keyboard?"

"I see the control key.'

"Do you see the key that looks like the Windows logo?"

"No, I see the Option key on my Apple keyboard."

"Uh...are you in front of your Windows computer?"

At that point I had enough.  I told him to stop trying to scam me ("this is not a scam", "Let me get one of my Microsoft certified people."...give me their numbers and I will check them out).  I told them if they Google their own company, there are many links that say they are a scam.  Protest after protest until I was done with the call.  The number of the caller ID shows up as 987654321 (spoofed caller ID).  

I really have to get up a VM quicker next time so I can try to see what they want me to do and better understand the scam.  They will call back (obviously) because they called here 2 weeks ago from 0256592258.

 

Microsoft has even put up their own site to avoid these kind of phone scams.  The US site on this can be found here.

Comment

1 Comment

Ohs Noes...my computers havings problems

Ah...the joys of Saturday morning.  I am sitting here this a.m., while trying to convince Joshua that going to his friend's birthday party might be fun (and not winning), when we get a call with caller ID reading UNAVAILABLE.  It is election time, so I assume it is some campaign trying a last ditch effort to bull$**t me into voting for them.  However, Nicole had mentioned that she had been receiving missing several of these calls recently and I was curious what the call was.  I answer the call and have a large pause before I get an individual (ah...an autodialer, this is not a recorded message).  Finally, on the other end, comes a voice with a thick accent (likely Indian).

The "fun" begins.  The gentleman on the other end of the line picks up and asks for me by name.  Here is how the conversation went (not verbatim, but close enough to get the gist of the call:

"May I speak to Kirk Becker...."

"Speaking"

"This is (name forgotten) from Online PC Support," (I think that was the name).  "I am calling you because you may be having a problem with your computer. "

"Okay...."  I think I see where this is heading...***SCAM ALERT ALARM SOUNDS GOING THROUGH MY HEAD***

"Yes, your computer has been reporting errors online to us.  Can you tell us what operating system you have?"

"Okay...um..."  Do I have time to play around with the guy?  Nah...I still have to help my youngest get dressed.  "I somehow don't think so.  You see, I am an IT professional that might have a clue on how my computer actually operates.  Please take me off your calling list."

Click......

 

Turns out this scam may be more widespread than I had originally thought.  Doing a quick google search brought me to the following website where at least 900 different people have commented about the scam, and there was a police crackdown in July in the UK on one of these outfits.  The website has links to several videos where people are on the phone with these "PC support experts."  Some reports from individuals getting called in the US can be found here.

Obviously, don't give them any more information or a credit card.  They are out to steal something from you.

 

I do hope ignore me and call back.   I would love to get help on an OS2 Warp system.  :)

1 Comment

Comment

Responsible Disclosure vs Client Confidentiality

As I was looking through my Twitter feed at lunch, I ran across the following article by noted security blogger, Brian Krebs.  The story tells about a vendor (in particular a core vendor in the Fiserv family) who had made an announcement to its clients that going past Adobe 8.1 is currently not recommended as it breaks functionality. First of all, it probably is not the brightest thing for the vendor to recommend an obsolete version of Adobe, especially with all the vulnerabilities and compromises because of Acrobat, and should have been working diligently over the past year to repair that issue.  However, the announcement came over a client only secured web site.  This was information that was being relayed to the client institutions so they can make the proper risk assessment for the organization, and weigh whether or not that the affected optional enhancement that relies on older versions of Adobe is needed for business purposes. As a user of the software (though not affected by the vulnerability), we weighed the need of the optional software and found a workaround that does not expose us to a known vulnerability (but given time, there will be more).  It is disappointing, though, in the credit union arena that a client would expose confidential information that affects up to 300 other credit unions.  An intelligent black hat can take the information that was shared with Brian Krebs and information filed quarterly with the federal regulators to target specific institutions with Adobe PDF vulnerabilites.  Credit unions oftentimes do not have the security expertise and could have a higher risk than most financial institutions.   If you are going to shame a vendor (especially one you pay tens of thousands a year for support from them), find a better way without putting hundreds of thousands of credit union members at risk.

Comment

1 Comment

Don't be a Billy

The National Cyber Security Alliance has put out a very "cute" video on staying safe online.  Think June Cleaver in the internet age.

1 Comment

Comment

Patch Tuesday this week

Another Microsoft "Black Tuesday" passed this week with 13 patches covering 34 vulnerabilities. In addition, Adobe released Reader 9.2 with patched 29 vulnerabilities. Get those systems patched!

Comment

Comment

3 "Hackers" indicted with Credit Card and Debit Card theft

Apparently, criminals in the Heartland Payments Services, Hannaford Brothers, and 7-11 hacks have been indicted and arrested for their crimes.  According to this Wall Street Journal Article, they netted around 130 million credit card and debit card numbers, and were responsible for the TJX breach as well (which were 40 million cards).  These compromised cards were sent to different sites within the United States and overseas to Latvia, the Netherlands, and Ukraine (no surprise there).  Do you think that this may be one of the reasons that the "price" for compromised cards has gone down in the black market. Some of these criminals must learn the rules of free market supply and demand. :)

Comment

Comment

Bad Security Week

Boy, what a week for computer security...and it isn't even Friday yet. Let's look at the different headlines just from the Internet Storm Center. Let's see...Internet Explorer and Firefox is approximately 85% of the browser traffic out there, so millions are likely affected by these.  I also have seen recent patches released by Apple for both Safari and Itunes, so if you haven't patched recently on any of your systems, please take some time this weekend and patch patch patch.

Comment