Scam of the day – January 6, 2014 – The threat to you of Yahoo hacking

Fox IT, an Internet security firm has just uncovered a hacking of Yahoo’s ad network that appears to have started on December 30th, but may well have begun earlier.  Estimates are that about 27,000 people had their computers and other electronic devices infected each and every hour since the hacking began.  The vulnerability exploited by the hackers involves flaws in the security of Java software used in the online advertisements and by many individual computer users.  As I have warned you for more than a year, Java is a dangerous software program.  Java software which is popular software program made by Oracle has been a particularly successful target of hackers and identity thieves.  According to Kaspersky Lab, flaws in Java software was responsible for about half of all the cyber attacks by hackers in 2012.    Much of the recent wave of attacks against American companies by the hundreds involved Java software vulnerabilities.  The Department of Homeland Security earlier this year identified new and dangerous vulnerabilities in Java software that can lead to your identity being stolen and your computer being compromised by hackers.  The Department of Homeland Security even advised that people disable Java or prevent Java apps from running in their browsers.A recent study from Palo Alto Networks, a software security company found that only 6% of malware infections are coming from tainted email while 90% came from malware unwittingly downloaded when people went to legitimate websites that you had reason to trust, but had been infiltrated by hackers.  This type of identity theft has come to be known as a “drive by” identity theft.  To make things worse it usually takes as long as three weeks for anti-malware software makers to identify the latest malware threats.  Java software which is used on many legitimate websites has proven to be a rich target for identity thieves because of its continuing vulnerabilities to hackers.  It is for this reason that the Department of Homeland Security advised people to consider uninstalling Java software.The Yahoo hacking, which the company says has now been fixed enabled the hackers, while the hacking was active, to install various malware programs called ZeuS, Andromeda, Dorkbot, Tinb and Necurs, which enabled the hackers to steal personal information from people who unwittingly installed the malware by clicking on infected ads unless the computer user was protected by proper anti-malware security programs or was not using Java.  You can find out if your computer was infected by going to Microsoft’s safety scanner at http://www.microsoft.com/security/scanner/en-us/default.aspx

TIPS

Along with avoiding obvious scam emails, the best thing you can do is to make sure that your security software and anti-malware software are constantly kept up to date with the latest revisions, updates and patches.  You also may want to uninstall software programs, such as Java which have proven to be an Achilles heel for many legitimate websites.  Finally, if you want to be extra careful, you may even want to consider having a separate computer for your financial dealings and purchases while using a separate computer for surfing the Internet so that if you do go to a tainted website, there would be nothing of value on that computer for an identity thief to use.

I strongly advise people who do not need to use Java that they disable it.  Here is an important link from the Department of Homeland Security with information as to how to disable Java or to otherwise deal with its vulnerabilities: http://www.us-cert.gov/ncas/alerts/TA13-064A

Scam of the day – October 20, 2013 – Important Java updates

If you are a regular reader of Scamicide, you know that Java software has proven to be a frequent target of hackers and identity thieves.  Java is a very popular software made by Oracle.  Unfortunately, it is also a software that has proven to be very vulnerable to being hacked by identity thieves and exploited for purposes of stealing information used to make you a victim of identity theft.  One of  the more interesting facts about identity theft,  as indicated by Kaspersky Lab, a security firm is that flaws in Java software were responsible for almost half of all cyber attacks by identity thieves and hackers last year.  The Department of Homeland Security has even gone so far as to advise people to disable Java or prevent Java apps from running on their computers.  However, many people still use Java for their work and personal computer use.  If you are one of these people it is imperative that you update your Java software with the latest security patches as soon as their are released.  Recently Java announced a new security patch, which you should install on your computer as soon as possible if you use Java software to help protect you from hacking and identity thieves.  Identity theft statistics show that if you install the security patch, you will lower, although not eliminate, your chances of becoming a victim of identity theft.

TIPS

Here is a link to the latest Java security patch information: https://www.us-cert.gov/ncas/current-activity/2013/10/15/Oracle-Releases-October-2013-Security-Advisory

Unless you absolutely must use Java, my advice is to disable it.  You can find a link with instructions as to how to disable Java in my Scam of the Day for April 22, 2013 which can be found in the archives of Scamicide which you can access at the top right hand corner of this blog.

Here also is a link to a page where you can find alternative pdf readers that are safer than Java : http://www.pdfreaders.org/

If you still wish to use Java software, make sure that you check for and download the latest Java security patch at the link indicated above.  It will help provide identity theft protection.  Here on Scamicide I will provide access to these updates as they are released.