New Free Web Service Confirms Theft Of Your Identity

A new, free Web-based search service that combs real identity-theft trafficking forums used by criminals lets consumers proactively check if they are a victim of identity theft.

The StolenID Search site is a partnership between ID theft prevention firm TrustedID and U.K.-based Lucid Intelligence, a firm founded by two former Scotland Yard investigators that maintains a massive database of more than 120 million compromised personal accounts. In July Lucid announced plans to launch identity theft search services using the database, which was built from a collection of stolen identity information from law enforcement databases and from volunteers who monitor criminal ID theft marketplaces.

To research whether they’re at risk of ID theft using TrustedID and Lucid’s StolenID Search service, users type in their names and email addresses for an initial search. They are prompted for more information if there’s a match — as well as verification that they are who they say they are — to drill down into more detail about which of their personal information is making the rounds on the black market.

“This is the first time Americans have direct access to information that’s out there that indicates their information has been compromised,” says Lyn Chitow Oakes, chief marketing officer for TrustedID, which launched StolenID Search yesterday. “This tells you that someone is trying to buy your stolen information from a thief who’s trying to sell it. Whether or not they are successful in using that information, we don’t know.”

Oakes says the search encompasses everything from a victim’s name, address, and phone number to secret passwords, financial information, health insurance data, credit cards, and bank account numbers.

For $15, the service offers more specific details on how the data was compromised, where it came from, as well as instructions on what to do next as a victim.

Source:
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=220000940&cid=RSSfeed

Posted in Internet, Privacy, Security | No Comments

Your Web Browser Knows Where You Are

Allowing your Web browser to determine your physical location opens the door to some seriously nifty features. Some iPhone apps (such as Yelp for iPhone) can help you find nearby restaurants, bookstores, or other places within walking distance, for example. But such functionality, available in the newest Firefox and in Safari on the iPhone, also opens the door to some serious privacy concerns: Where you physically sit or stand at any given moment is deeply personal information that you don’t want to give to just any site. I tried the new features to see how the browsers handle such privacy concerns.

Firefox 3.5 works in conjunction with the Google Location Service. If you visit a site that can use your location, a pop-up bar at the top of the page asks you to allow or block the request. Allow it, and Firefox sends your IP address and data about nearby wireless access points to Google. Clicking the ‘remember’ box tells it not to ask you again for that site. Google then sends Firefox its best guess of your whereabouts, and Firefox sends that data to the requesting site. Google never learns which site wants the info; and though it uses a unique ID tag for your location requests, the tag is randomly assigned and resets every two weeks, so Google has no practical way to associate you with your browser’s where-am-I’s.

You can completely disable Firefox’s location service by typing about:config in the address field and then typing geo.enabled in the filter box. Double-click the setting to change the ‘true’ setting to ‘false’.

Source:
http://www.pcworld.com/article/170537/your_web_browser_knows_where_you_are.html

Posted in Internet, Privacy | No Comments

New phishing attack chats up victims

With many who bank online now wary of phishing attacks, criminals are adding fake live-chat support windows to their Web sites to make them seem more real.

RSA Security spotted the first ever of these “chat-in-the-middle” attacks in the past few hours, according to Sean Brady, a manager with the security company’s identity protection and verification group.

The phishers send e-mails that direct victims to a fake Web page designed to look like a banking site. That’s a standard technique, but what’s different in this case is that the phishing site comes with a fake online chat option, so that scammers can talk directly with their victims.

After the crooks prompt victims for their credentials, they pop up a browser window designed to look like a chat session from the bank’s fraud department. Then, via chat, they ask for even more information, including the victim’s name, phone number and e-mail address.

The phishers used the open-source Jabber chat software, Brady said.

Source:
http://www.computerworld.com/s/article/9138152/New_phishing_attack_chats_up_victims?source=rss_security

Posted in Internet, Privacy, Security | No Comments

Google Groups Used To Direct Trojan Malware

Google’s free online newsgroup Google Groups hosts plenty of harmless user-generated content. But like any service that allows users to post information, it also turns out to be useful for “misuser-generated content.”

A Symantec security researcher has found that Trojan malware is using Google Groups to fetch commands for directing its attacks.

“A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands,” said Symantec security researcher Gavin O Gorman in a blog post on Friday. “Trojan distribution via newsgroups is relatively common, but this is the first instance of newsgroup [command and control] usage that Symantec has detected.”

The Trojan is designed to request a page from escape2sun, a private newsgroup. The page lists instructions for the malware: an index number, a command line to execute, and, optionally, a file to download. The newsgroup also stores responses from the infected host. Commands and responses are encrypted, to conceal the information.

The Trojan itself doesn’t appear to be particularly sophisticated. The fact that the private newsgroup containing the commands is in simplified Chinese and the fact the stored commands include references to the .tw domain suggest the author(s) designed it to operate in Taiwan.

Source:
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219900032&cid=RSSfeed_IWK_All

Posted in Internet, Security | No Comments

VirtualBox 3.0.6 released

VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software.

Sun today released VirtualBox 3.0.6, a maintenance release of VirtualBox 3.0 which improves stability and performance. See the ChangeLog for details.

Download:
http://www.virtualbox.org/wiki/Downloads

Posted in Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments