Posts Tagged: ‘facebook hacked’

Scam of the day – April 10, 2014 – Serious security danger on the Internet of Heartbleed

April 10, 2014 Posted by Steven Weisman, Esq.

The term “Heartbleed” sounds serious and it is.  Heartbleed is the name of the recently discovered security flaw in the Open SSL encryption security technology that is used by up to 2/3 of websites on the Internet.  An indication that the website you are communicating with uses Open SSL is the presence of the tiny padlock icon next to the website address.  Another indication of the use of Open SSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address.  The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers.  Now we have discovered that this encryption technology had been cracked by attackers as long as two years ago.  This means that your communications online with your bank and retailers may have been compromised.  Many websites that have used the Open SSL encryption technology including Amazon and Facebook have fixed the problem or are working on it.  There are patches available.

TIPS

The first thing that you should do is to change your passwords at websites you have used that utilized the Open SSL encryption because your password may be in the possession of hackers.   However, do not change your password until you have confirmed with the Website that it has patched the security flaw.   Heartbleed is a good reminder to us all that we should change our passwords on a regular basis as well as have different passwords for every website where we use a password so that if one gets hacked, identity thieves would not have the passwords for all of our other accounts.  It doesn’t have to be a difficult task as just adding or changing a letter or two can do the trick if you have a good, complex password with letters both capital and small as well as figures and signs.  Also, again as we all should be doing, monitor all of your accounts regularly for evidence of fraudulent use.

Here is a helpful link you can go to in order to check and see if the websites you go to were among those affected by Heartbleed.  One word of caution, this is not guaranteed by its creator to be 100% accurate: http://filippo.io/Heartbleed/

For people who have websites that use Open SSL, here is a link to the notice from the Department of Homeland Security with the links to rectify the situation.https://www.us-cert.gov/ncas/alerts/TA14-098A

Scam of the day – December 6, 2013 – Massive hack of two million internet accounts

December 6, 2013 Posted by Steven Weisman, Esq.

Trustwave, a cybersecurity company has just uncovered a hacking of close to two million Facebook, Google, Twitter, Yahoo, LinkedIn and other social media accounts.  Even more ominously, the hacking includes other Internet sites including ADP, a payroll service provider.  The hackings appear to have started on October 21st and still are going on.  Compromised information includes usernames and passwords.  The hacking is a worldwide phenomena with computers affected in more than 100 countries.  ADP, Facebook, LinkedIn and Twitter have already notified its users to reset passwords for affected accounts.  Particularly troublesome is the hacking of ADP, the payroll company.  Approximately 2,400 accounts had their security breached.  Although the exact manner that the hacking was accomplished still has not been identified, what is known is that the hacking was achieved by luring people into downloading keystroke logging malware that stole the information from their computers.  This technique is referred to as phishing.  You will find more about phishing in my book “50 Ways to Protect Your Identity in a Digital Age,” but in essence phishing occurs when an identity thief sends you an official looking email or you go to a counterfeit website where although the email and the website appear legitimate, they are not.  When you click on links in the email or website you download the malware.

TIPS

Also distressing is the fact that in uncovering this hacking, Trustwave identified the passwords that were compromised and the large majority of them were simple passwords that are easy for identity thieves to guess.  The most common password of the stolen passwords was 123456.  Another problem for people who had their passwords and user names stolen is that people often use the same password for many different accounts so they are in danger not just in the hacked accounts, but in others they use.  Scamicide and “50 Ways to Protect Your Identiy in a Digital Age” provide detailed help in picking a simple to remember, but complex password that will make you safer on line.  Also, it is important to have anti-malware and anti-virus software installed on your computer and maintained up to date with the latest patches.  Also keep all of your software updated with the latest security patches.  For this reason, whenever software companies issue security patches, I provide links to them here on Scamicide.  Check this site each day to make sure you are safe.  Finally, do not click on links or download attachments in emails or on websites unless you are absolutely sure that they are legitimate.

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

February 25, 2013 Posted by Steven Weisman, Esq.

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.

TIPS

You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.  http://www.us-cert.gov/cas/techalerts/TA13-051A.html

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.

Scam of the day – February 17, 2013 – Facebook hacked – the lesson for us all

February 17, 2013 Posted by Steven Weisman, Esq.

Facebook has announced that its internal computer network has been hacked in what it described as a “sophisticated attack.  According to Facebook, users of Facebook did not have their data compromised – this time.  As I have warned you over and over again, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need.  The hacking of Facebook occurred when a Facebook employee went to the website of an app developer with which Facebook does business.  The app developer had unwittingly been hacked through the use of the Java program and when the Facebook employee went to the website of the app developer, the computer virus was passed on to Facebook.  This might be particularly disturbing to some people because Facebook uses, and was using at the time of its security breach, the latest security software programs, which did not protect Facebook from the hacking.  As I have told you previously, unfortunately, the makers of computer security software are always behind the hackers.  It has been estimated that when a new virus is developed only about 5% of security software programs are effective at first.  Generally, the computer security software companies take about a month to catch up with the new viruses.

TIPS

There are a few lessons for us all from this security breach.  According to the computer security company, Kaspersky Lab, Java is a dangerous program constantly exploited by hackers.  According to Kaspersky, Java software was the culprit in about half of all cyber attacks in 2012.  On January 12, 2013 I passed on a warning from the Department of Homeland Security warning people to disable Java due to serious security threats.  Five days later on January 17th I provided you with a link to remedy for that particularly vulnerability.  However, problems with Java continue to occur and some computer security experts suggest that you disable Java and not use it in order  to protect yourself.  I will discuss this in more detail in future Scams of the Day.  The particular problem with Java that led to the hacking of Facebook has been fixed, but it is likely that Java will be attacked again.  Another tip that you must follow is to make sure that your computer security software is constantly updated.  I will provide you with particular warnings and updates, but you should make sure that your security software is always current.  People who do not do so are easy targets for identity thieves.