Tag Archives: kaspersky labs

The Snitch: Airline Boarding Passes

Boarding-passThe holiday season is fast approaching. Soon you maybe buying a plane ticket to see far flung relatives. That airline boarding pass is the ticket to get where you are going. And that boarding pass also knows a lot about you.

Airline boarding passes are a wealth of information about the passenger and in the wrong hands it can be a nightmare personal data loss. A first glance you will notice your name departure and destination information, flight number and seat assignment. Other information includes your frequent flyer account number. And in case you haven’t heard there are plenty scams that target frequent flyers and their cherished miles or points.

Cyber security firm Kaspersky Lab have spotted phishing scams that access frequent flyer accounts of airlines in order to steal the frequent flyer miles. 

Criminals have distributed emails that entice airline customers with either prizes or more points in customers’ frequent flyer account. Victims are asked to enter their login information on a fake website. Once the hacker has their user name and password the miles or points are quickly stolen.  

A lot of information on that boarding pass is encoded. You will see a lot of numbers and barcodes. But it is fairy easy for a determined criminal to decipher those numbers and alphabets and even read the bar codes. There is a website dedicated to reading barcodes that can easily decipher that information.  According to Krebsonsecurity.com a boarding pass can reveal a lot more than most people realize.

Even if you are not a frequent flyer your name or maybe you email address or phone number are valuable information for a criminal. So once the trip is over do yourself a favor and destroy that boarding pass by shredding it or any method to make the data un-recoverable.

Now you know

 

Simda Botnet Taken Down

canstockphoto23093500You may think you are in control of your computer but are you? Have you ever heard the termin the background?” That is computer terminology meaning your computer is performing a task while you the operator are doing something else.

Most programs that run in the background are harmless and helpful. But your computer may be part of a botnet. A computer that is part of a botnet is known as a zombie.  Now the question for black people remains; what is your computer doing behind your back?

On April 9th, 2015 a joint effort of international law enforcement bodies and private security and technology companies came together to shut down one the largest botnets in history. The Simda botnet is believed to have infected more than 770,000 computers in more than 190 countries around the world including the US, Canada, Russia and United Kingdom.

Last week’s botnet takedown is just the latest international operation to shut down a botnet. Another separate takedown targeted Beebone, an extremely elusive botnet that provided a captive audience of PCs  that were infected with a backdoor. A backdoor is a method that a hacker uses to gain remote unauthorized access to a computer often remaining undetected. This backdoor provides access to criminals who were looking for an easy way to quickly install malware on large numbers of computers and impact huge numbers of people around the world.

The AACR keeps things simple. A botnet is a network of computers that are communicating with one another or a master computer and working together to perform a task. These computers are usually working together to launch denial of service attacks against a target computer or network.  This means that hundreds or thousands of computers that have become enslaved in a botnet are instructed to contact a particular website repeatedly causing the website, computer or network to become overwhelmed and stop working. It happens almost everyday and your computer could be part of the attack and you would never know.

Botnets are also designed to steal personal information including passwords, social security numbers, credit card details, email contacts, addresses and telephone numbers. This data may be used in crimes including identity theft, fraud, spamming, and malware distribution. Now suddenly the question becomes relevant to any black person who owns a computer; What is your computer doing behind your back?

The Simda botnet was known for distributing banking malware, installing backdoors on hundreds of thousands of machines across the world. One of them may have been yours.

To determine if your computer was part of the Simda botnet visit the Kaspersky Labs Simda Botnet Free Scanner.

Breaking It Down

The number of computers affected was put at over 770,000 machines. That number will surely get bigger as law enforcement continues their investigation. By some estimates the number could be as high as 2 million computers. And that is just this botnet. There could be thousands or hundreds of thousands of botnets big and small all over the Internet. You have to know if you are in control of your machine. Practice computer safety and security and use the tools like the Kaspersky scanner to make sure your machine is yours alone. 

Don’t play around with this. Your computer could literally be committing crimes whenever you turn it on. Hackers are clever and have done really sinister things like using other people’s computers to store information in hidden files. And the owner of the computer has no idea. It is very possible that you could be a victim of a hacker and not know it. Be suspicious and ask yourself; what is my computer doing behind my back?

 

 

 

 

Secure Payments Arrive For Black Consumers

credit-card-safeHackers have been having a absolute field day breaking into store payment systems and stealing credit card data with impunity. The problem is intolerable for the consumer and costing everyone money everyday. Kaspersky Labs reported that over $1 billon dollars has been stolen from banks using sophisticated malware. Not to mention the additional billions lost in fraudulent credit card purchases and ATM fraud.  Last year that number topped $5 billion. In the end its always the consumer, that’s you and me, that pays for this fraud.

Securing the payment systems of American consumers has become the single most pressing cyber security problem for banks, pay services and merchants. Americans fear cyber crime and identity theft more than being murdered.

Thankfully credit card and technology companies are devising new more technologically advanced ways to combat data breaches and credit and debit card fraud. This is vitally important to African-Americans who are frequent Internet shoppers. And the last thing we tolerate is something funny happening with our money. As I have said many times before, black people don’t play when it comes to our money.

Black consumers, like all American consumers, should learn and quickly adopt the new ways that payments are being secured not only online but in brick mortar stores. Advances in technology allow payments to be made directly from a smartphone, new PIN and Chip technology prevents duplication of credit and debit cards and some systems are implementing single use tokens. The age of secure payments has arrived.

 

US-WhiteHouse-LogoThe White House Summit on Cybersecurity and Consumer Protection

This event, held at Stanford University, saw multiple companies and trade organizations announce new initiatives aimed at securing Internet transactions and reducing fraud.

A White House fact sheet revealed the efforts of the major players in the payment industry. Visa, for example, is committing to tokenization or substituting credit card numbers with randomly generated tokens for each transaction. They plan to initiate this system by the end of March.

The other payment giant, MasterCard, is investing more than $20 million in new cybersecurity tools that include the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks.

SafetyNet is designed to add an extra layer of security by working with a bank or processor’s own security systems and detecting attacks before they happen.

Intel is releasing a new authentication technology that eliminates the password. The technology employs biometrics or personal physical measurements such as fingerprints or retinal patterns. American Express also announced a new multifactor authentication technology for consumers. MasterCard and First Tech Credit Union revealed a new pilot program that would allow consumers to authenticate and verify their transactions using a combination of biometrics, such as facial and voice recognition.

The president launched the BuySecure initiative in October of 2014. The initiative priorities include;

  • Securing payments across the economy, by advancing federal efforts to transition to more secure payment systems, building public-private awareness about more secure authentication, and calling on industry to enhance the security of their own systems and offer more secure options for their customers.
  • Helping Americans secure their good name, by improving resources to identify and remediate identity theft. This includes supporting credit score transparency and improving identity theft resources available to American consumers.
  • Enhanced information sharing, by enhancing the ability of federal agencies and industry to regularly exchange information about consumers’ compromised accounts.

what-kind-of-cr-1

Apple Pay

The AACR wrote back in September of Apple’s debut of the new Apple Pay technology. While everyone was raving about the new iPhone 6 Apple murdered the credit card.

Apple Pay replaces your credit card and the traditional swipe at the register. Apple Pay has made the act of purchasing easier by allowing you to just wave your phone in front of a reader in order to make a payment.  Apple claims the system is more secure than regular credit cards since the number is never stored on the phone or Apple servers and no one ever sees it. The credit card number is replaced by a “unique device number.”

Your credit cards will be stored in Passbook. You can add cards to your phone by taking a picture of the card or typing in the necessary  information like the credit card number, expiration date, and security code. It works with pretty much all credit cards and banks. According to Apple over 220,000 merchants are currently accepting Apple Pay.

MasterCard

MasterCard announced in October 2014 that it was partnering with Zwipe to develop a payment card with a built-in fingerprint authentication sensor.

The card allows customers to make contactless payments, using their fingerprint to confirm their identity. This eliminates the need for PINs and passwords thus increasing security.

VISA

A recent study from Visa Europe indicates that the new generation of banking customers would rather use biometric security devices than PINs and passwords for authentication.

Visa found that 75% of 16- to 24-year-olds said they would have no problem using biometric security, with 69% expecting it to be faster and easier than a password or PIN.

Visa also launched the Visa Token Service (VTS) in September 2014. The one time use token replaces the 16-digit account numbers, expiration dates and security codes, with so-called tokens. The tokens are a unique series of numbers that can be used to make payments without exposing the sensitive credit data such as the numbers, security code and expiration date.

Over 500 financial institutions have already implemented VTS according to Visa. The service will be expanded this year to additional payment environments. Visa also says tech companies and device manufacturers will deploy VTS on mobile devices. Merchants will also start using the solution to secure transactions made through mobile payment applications. Online merchants are also expected to deploy the tokenization service.

American Express

Tokenization has also been embraced by American Express, and the retail industry is seeking to develop a universal tokenization standard.

Amex will replace traditional 16-digit credit card numbers with a digital token. Consumers using the card supporting the token can make purchases online, with a mobile application, or in person using Near Field Communication (NFC) devices similar to Apple Pay technology.

The movement to more secure payments methods comes as retailers see the October 2015 deadline to support chip-and-pin credit payments getting closer. Merchants are being crushed under repeated data breaches costing ten of millions of dollars in repairs and legal costs.

Breaking It Down

Alright so what took so long? If you read this article you saw that the credit card companies have until October of this year to move to the new PIN and Chip cards. They had no choice. This situation is bad for everybody. Everybody is losing money and everybody is getting sick of it and everybody sees that no end was possible as long as the hackers had the upper hand. These payment companies, merchants and banks were locked in a cycle of one data breach after another and each more expensive than the last. The government was going to force a change this so they decided to get ahead of the wave. They had no choice. They could look out from their lofty corporate towers and see the angry flames of consumer torches gathering in the street below. It was not going to be pretty and they knew it. So now after losing hundreds of millions of dollars and looking stupid compared to the hackers, they have decided to act. They had no choice. They want you to believe that they did this on their own. But this could have been done at least two years ago. Europe has had the PIN and Chip technology for at least five years. These companies decided that since no one was making them do it why do it. But then the bleeding started. Hackers were draining the life out of these corporate clowns and their bottomline. The math was starting to swing against them and the government was getting involved. That is the only reason they decided to act. They had no choice.

 

 

 

Online Transaction Security

Trying to protect your money online is no easy task. Online transaction security is almost nonexistent with some companies. And many banks will simply pay off your fraud claim rather than secure their systems. These guys at the top of banks and transaction services feel it is not yet worth the price of providing good security.  Its cheaper to simply pay the claim than investing in better security. So when you shop online, pay bills, or do your online banking its basically up to you to protect yourself and your money. Don’t depend on or even hope that the any retail or online store is looking out for your best interest. Its a dream! Why? Because you can’t really hurt them. The courts require you to prove actual damages from a data breach before you can bring a lawsuit. So unless you can prove your identity was stolen because your bank sucks at protecting data you are basically out in the cold. That needs to change. All we can hope for is that these companies lose enough money to start suing each other and that’s exactly whats happening. We are also seeing the goverment step in as the FTC is now getting in the game and suing these companies for their poor data security.

I strongly suggest that you visit Kaspersky Labs and check our their article for some helpful tips to keep you safe when conducting transactions online. Because black people don’t play when it comes to money. Yeah, I said it again.

Antivirus Myth and Reality

Courtesy of Stuart Miles

Courtesy of Stuart Miles

Antivirus myth and reality means that anti-virus software alone won’t keep you safe and secure online.

Computers are like babies; they like to be clean, safe and healthy. The truth of owning a computer is that it needs constant care and attention to keep it healthy. But if you think that a simple piece of anti-virus software is going to keep your computer safe and healthy you are flat wrong.

Black people should understand this; anti-virus software is designed to keep viruses out as long as they are updated regularly. The owner, that’s you, must make a conscientious and educated effort to properly work on the Internet. That’s where AACR comes in. We teach you these things

First of all you need to educate yourself about your computer. Basic knowledge about computers can be found here. I am truly amazed how many black people go online everyday and don’t really understand a computer. Now understanding a computer is different than using the Internet. You can find more on that topic here.

But lets get to the myths and reality of antivirus software.

Myth #1  Only Windows computers get viruses.

Fact: Windows OS computers  used to be the dominant systems in the marketplace. No longer. Hackers and other computer malcontents used to spend most of their time designing viruses to attack the Windows OS. But as you know Apple has gained traction both in private and public sectors. Apple products are big sellers now compared to the early 90’s. So hackers have stepped up their attacks on them.  And now mobile  malware (smartphones and tablets) is the new frontier for hackers. And of course they are targeting the Android phone OS, considered the dominant smartphone platform. But make no mistake they are also targeting Apple iPhones (iOS) devices. Bottom line, whether you have a Windows or Apple computer, or a Android or Apple based mobile device, having a robust antivirus program is a must.

Another thing AACR strongly recommends is that you perform regular antivirus and malware scans using a free online service such as Kaspersky Labs or TrendMicro House Call. By doing this you get a wider scan of the possible viruses that may be infecting your computer. Your on board software might not recognize the virus definition where the online scanner will. Using an online virus scanner can really help. You should check Kaspersky and TrendMicro for other free antivirus tools as well.

Here is another tip black people need to know about. Root kits! What is a root kit? Its the most evil of all malware. Its only purpose is to hide in your computer and disguise what other viruses and malware are doing. You may have a root kit operating on your computer and you would never know it. And most antivirus software tools cannot detect it. It may have been there for years working silently in the background. In order to detect a root kit you need special software detection tools. A good one to use is McAfee RootkitRemover. Other specialty root kit remover tools include, Bitdefender and Malwarebytes Anti-rootkit BETA. Now when you see the word BETA it means that you are dealing with a new product that may not be perfected. Malwarebytes has a good product but if your files are not backed up somewhere then you may want to choose another product. After all they’re all free.

Myth #2  Processing errors or poor computer performance means my computer has a virus.

Fact: A slow computer can be a symptom of a virus or other malware. But it could also indicate that your computer is cluttered and running too many programs at once. ( See “Treat The Internet Like You Treat Your Home Parts 1, 2 &3”) As I said at the beginning you need to keep your computer clean and healthy. That means eliminating any programs you don’t use or need. Make sure you have a minimum of programs set to start up as soon as the computer turns on. Make sure you update your software regularly to keep them secure. Defragment your hard drive regularly  or run the Disk Utility function on Apple computers.Watch out for things like your homepage changing or a new browser or tool bar appearing. That’s almost always malware.  For smartphones and mobile devices delete apps you don’t use.To maximize your battery life restrict the update, push notification and geo-location services on apps. These functions come standard on many games and apps  but aren’t really necessary  to their functioning.

Myth #3  All the antivirus protection I need can be downloaded  free from the web.

Fact: These free programs offer basic protections. And if you re-read the first myth you will see that in combination with other free services you can stay pretty well protected. But  education is the best defense for black people online. Phishing attacks and social engineering attacks are designed to get you to do something that compromises your security. Not the software, you. You need to understand how online scams and phishing attacks work. You need to understand what to click on and what not to click on.You need to understand how you protect your information.  No software can stop this. You need to learn about fake websites, typo squatting, drive by downloads and all the scams that come your way via the Internet. African-Americans should arm themselves with knowledge to avoid these online dangers. You can learn lot by reading these books.

Myth #4 Viruses are written by the antivirus companies

Fact; I have heard this a million times. And to be honest I can see where it comes from. I’m still not sure about the whole Y2K thing. But conspiracy theorist could be motivated by the fact that some cyber security companies create viruses to test the limits of existing protection software. In reality cyber attackers are responsible for the most dangerous malware. They are constantly changing and coming up with new and ingenious ways to infect computers. These hackers are in a never ending game to stay one step ahead of antivirus programs as they try to steal sensitive data and money from users.

Antivirus software is not enough. Black people should focus on learning what to do and how to act online. Ask yourself these questions;

1. You can’t drive your car everyday without maintenance so why would you use your computer without regular maintenance?

2. You need to understand the rules of the road before driving a car. Wouldn’t you want to know the rules of the information super highway before getting online?

3. You look for hazards, crazy drivers, and traffic signs when driving because they help you steer clear of danger. Don’t you want to look for  danger signs on the Internet?

Its easy to understand.

Know you know.