Funny Story

January 23, 2012 — Mrs. Mecomber

Funny story

Content by Kyle Lowe

My husband told me a funny story the other day. He said that a few weeks after we got married, we were both asleep in the middle of the night when he thought he heard someone in our house. He did not want to wake me up because he knew that I would be afraid, so he decided to handle it himself. We did not own any guns or even a baseball bat, so my husband began creeping around the house looking for whomever it was that was in the house. When he got to the kitchen, he decided to grab the largest weapon he could think of and reached for the meat cleaver. It turned out that there was no one in the house, but I am so glad I did not wake up and flip on the light to find him with a meat cleaver raised above his head. A few days after that happened, I found him searching online for montana home security and asked him why he was interested in a security system. He told me that he just wanted me to feel safe in our home. Now I know the true reason was to make him feel safer.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in business services, Make Money Blogging, security news, surveillance. No Comments »

Lots of Bots

November 26, 2010 — Mrs. Mecomber
ew90085093

Yikes. According to CNet, more than 2 million computers in the the United States host botnets! Botnets are malicious programs that infect computers. They are spread through viruses and worms, and are controlled by a “master” somewhere on the Internet. Botnets spew out spam, more viruses and worms, and phishing attacks. Computers under the control of botnets are called “zombies.”

Many times, computer users are unaware that their computers are infected. Unfortunately, these innocent parties can sometimes get in trouble with the law or their ISP for spewing out spam and other filth, even if they are unaware that their computer has been programmed by someone else. I’ve heard of people being thrown into court or paying large fines for sending spam, having filthy images on their computer, or sending out worms… totally unaware that their computer was a zombie.

You can protect your computer from botnets:

  • ALWAYS install a firewall and anti-virus program– use them, and keep them updated.
  • Keep your operating system updated.
  • Be very careful of the websites you visit. Music and video sites are “risky” sites.
  • Reformat your computer every once in a while. It’s a big project, yes, but I do it once a year or so. Not only does a reformat erase everything on the hard drive, it restores the operating system back to factory settings which makes everything faster like it was originally.
  • NEVER open email attachments unless you are 100% positive you know what it is. Some bots infect email accounts, and send out mail to everyone in the contact list (including you), so a bot can disguise itself as a legitimate email from someone you know. It’s a good policy to email the sender and ask if they did indeed send an attachment before you open the attachment.

With proper security measures and clean online behavior, you can eliminate the risks of botnets.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in computers, crime, firewalls, security news. Tags: , , , , . 2 Comments »

Banks Need to Tighten Online Security

December 16, 2009 — Mrs. Mecomber

This news does not surprise me. I have long lamented the weak security measures of banks and credit card companies. For one, I am astounded that banks require you to make weak passwords– 8 to 10 characters, all letters and/or numbers. That is SO easy to crack! My Photobucket account has a better password than my bank online account.

Banks have recently tried using “one-time” passwords for “added” security. But the news is that hackers find these a piece of cake:

Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns.

Increasingly, such measures are overwhelmed by online criminals looking to pillage bank accounts using valid login credentials stolen from customers, the report said.

Going forward, banks need to quickly implement additional layers of security to protect their customers from falling victim to online fraud, said Avivah Litan, Gartner analyst and the report’s author.

Gartner’s warning comes amid a sharp uptick in fraud involving the exploitation of valid online banking credentials. In August, NACHA- the Electronics Payments Association issued an alert, warning members about attacks involving the theft of online banking credentials, such as usernames and passwords mostly from small- and medium-size businesses. Cybercriminals used the stolen credentials to take over corporate accounts and initiate unauthorized transfers of funds via electronic payment networks, NACHA said in its warning. NACHA, with more than 11,000 financial institutions as members, oversees the Automated Clearing House (ACH) electronic payments network.

Just a few days earlier, a similar alert was sent to members of the Financial Services Information Sharing and Analysis Center. The alert identified organized cybercrime groups in Eastern Europe as predominantly responsible for illegally siphoning millions of dollars off corporate accounts and sending the money overseas via popular money and wire transfer services.

Last month, the FBI’s Internet Crime Complaint Center noted that as of October, cybercrooks had attempted to steal approximately $100 million from U.S. banks using stolen log-in credentials. On average, the FBI is seeing several new cases opened each week, the complaint center said. In most instances, the crooks used sophisticated keystroke logging Trojan horse programs to steal login credentials from company employees authorized to initiate funds transfers on behalf of the business, the FBI noted.

I am suspicious as to why banks and credit card companies are SO SLOW to adopt tighter security. With the technology and ability already out there, why are banks not taking advantage of it? Why are they so reticent to make our money and transactions more secure?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in business services, crime, security news. Tags: , , , . Comments Off »

Microsoft Update Causes Black Screen for Some

December 7, 2009 — Mrs. Mecomber

Has your computer suddenly been getting a black screen? The latest Microsoft Windows Update may be to blame. Apparently, it’s affecting versions of XP, Vista, and Windows 7.

Microsoft’s latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless.

The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.

Prevx was alerted to the problem by users of its security software last week, Morris said. Microsoft apparently made changes to the Access Control List (ACL), a list of permissions for a logged-on user. The ACL interacts with registry keys, creating visible desktop features such as a sidebar.

However, the latest patches appear to make some changes to those registry keys. The effect is that some installed applications aren’t aware of the changes and don’t run properly, causing a black screen, Morris said.

Prevx has a fix that you can get from their site.

Updates are tricky, especially with the zillions of them that we get all the time, coupled with our own software programs, and then our own software/operating system changes. There’s been a huge push to update computers– they claim we must do so for our computers to staty secure– but I’ve never been comfortable with them. I always hold my breath when I do them.

Anyway, if you have been experiencing the Black Screen of Death ad wonder why, check your updates. It just may be them. You can uninstall certain updates through your Control Panel and Add/Remove Programs or Programs and Features settings.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in news, security news, Windows. Comments Off »

Federal Data-Protection Law

November 24, 2009 — Mrs. Mecomber

On the surface, this sounds like good news. Basically, it’s a bill that would create a national standard for protection of data, and would require notification of breaches of sensitive data. Data breaches, data sharing, and data theft has become FAR too common, and businesses and the government have treated it very lightly. So, I’m hoping this new bill would help resolve it– of course, I’m also hoping the government hasn’t added a ton of pork or liberty-killing bills dog-eared with this bill. :-p

Federal data-protection law inches forward
The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration.

If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data, and protecting data while it is in transit and at rest.

The bill would introduce a federal breach-notification standard under which companies would be required to notify not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures — such as encryption — to protect sensitive data. Companies would also not be required to immediately disclose a breach if it would hinder a criminal investigation. But such exemptions would need to be vetted by the Secret Service. The law provides for penalties against executives of companies that willfully conceal a data breach.

Here’s hoping we see some change….

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in crime, security news. Tags: , , , . Comments Off »

Another Security Breach: Health Net of Northeast Inc.

November 22, 2009 — Mrs. Mecomber

I don’t have anything to add. I’ll only get angrier than I am. This story just speaks for itself.

Health Net says 1.5M medical records lost in data breach

November 19, 2009 (Computerworld) A hard drive with seven years’ worth of personal financial and medical information on about 1.5 million customers of Health Net of the Northeast Inc. was reported missing to state officials yesterday — six months after the drive went missing.

Along with medical records, the hard drive contains names, addresses and Social Security numbers of Health Net customers from Arizona, Connecticut, New Jersey and New York. Connecticut has data breach laws requiring individuals be notified of the loss of their personal data without reasonable delay.

The data loss, which occurred in May, was only reported by the insurance company to the Connecticut state attorney general’s office and the Department of Insurance yesterday. The device containing the data was an external, portable hard drive. The data had not been encrypted.

Health Net, based in Shelton, Conn., had no information about the data breach on its Web site.

Connecticut Attorney General Richard Blumenthal said his office is investigating the data breach. “Health Net’s incomprehensible foot-dragging demonstrates shocking disregard for patients’ financial security, as well as loss of their highly sensitive and confidential personal health information,” he said in a statement.

“Shocking disregard” is an understatement. After such things happening AGAIN and AGAIN.. ya just come to the point where you wonder if these companies are doing it on purpose?! I mean, HOW MANY TIMES can companies constantly “lose” very, very important data????

All they are offering people is a free year of credit report checks. Big whoop. There should be a financial disincentive for such security breaches, like $10,000 per customer whose information has been “lost.” I’ll betcha we’d see the government and companies quit fooling around and shape up REAL fast.

Health Net of the Northeast is a subsidiary of managed health care provider Health Net Inc., based in Woodland Hills, Calif. Health Net Inc. is a $15.3 billion company that provides managed medical coverage to some 6.7 million customers in the U.S.

Health Net of the Northeast currently has about 580,000 members and a physician network comprising more than 160,000 doctors, 5,440 pharmacies, and 244 hospitals throughout Connecticut, New York, New Jersey, and Pennsylvania.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in crime, security news. Tags: , . 1 Comment »
« Older posts «
»