Latest News On The #1 Crime In America & Tips On How Thttp://www.kathy1313.como Keep Your ID Your Own!
Welcome to the September 2009 Identity Theft Newsletter!
Id Theft is the number one fastest growing crime in America yet most people people believe it will never happen to them.
It is my sincere hope that by helping to get the word out through these newsletters that some may be saved from the personal nightmare of having there identity stolen.
Identity Theft Victim Meets Her Identity Thief
Back in January, Michelle McCambridge found herself staring into the face of the woman who stole her identity.
Only a week earlier, she learned that someone had taken out credit cards in her name and racked up thousands in charges. A federal agent had shown her a surveillance photo. But the image didn't ring a bell.
Now the woman in thick-rimmed glasses was standing there at McCambridge's women's-casual counter at J.C. Penney at Southcenter, asking to open a credit account.
http://clicks.aweber.com/y/ct/?l=EQNY_&m=1dvgwuLjKmGWfD&b=iW4R32.w0fLSFOGmfviSFw
Identity theft growing, getting harder to stop
MIAMI - With a few keystrokes, computer security expert Esteban Farao can find all the wireless networks in use in a half-block radius from a Starbucks.One of them, it appears, is intended for guests at the Marriott. Others are private networks for individual businesses.Farao, of Coral Gables-based Enterprise Risk Management, said the security of any of those networks could be compromised - a la Albert Gonzalez."It's a matter of time," Farao said, even for networks that are encrypted and password protected.http://clicks.aweber.com/y/ct/?l=EQNY_&m=1dvgwuLjKmGWfD&b=XpTSy3onzmeuBWLKXHkWCw
TJX hacker pleads guilty in major ID theft case
The hacker involved in a massive data breach at TJX Companies has pleaded guilty to identity theft and fraud for the theft of more than 40 million credit and debit card numbers from TJX and other retailers.Albert Gonzalez, 28, of Miami, pleaded guilty in Massachusetts to 19 charges related to the hacking of computer systems at TJX and retailers including Barnes & Noble. He also pleaded guilty to a charge brought in the Eastern District of New York for hacking into the systems of the Dave & Buster's restaurant chain.
http://clicks.aweber.com/y/ct/?l=EQNY_&m=1dvgwuLjKmGWfD&b=u.93zNj9Lht8tHd6w8.f2w
Keep an eye out for the Computer Security Newsletter October first...
PC Security & Identity Theft
Protection 661-256-6642
Kathleen’s Personal Identity Theft Blog.
http://www.kfidentity.com/
Kathleen’s Complete Internet Protection Web Site. Includes tons of computer and identity theft protection information:
http://www.kathy1313.com
Add Me To Your Address Book
To help ensure that you receive all email messages consistently in your inbox with images displayed, please add this address to your address book or contacts list:
synergymrktng@aweber.com
Identity Theft Facts:
The FBI receives close to 300,000 complaints of suspicious activity per month and only investigates around 6,000.
73% of Identity Theft victims suffered due to the misappropriation of their credit card info.
Identity Theives Targeting Small Businesses
Businesses lose an estimated 57 billion dollars a year to identity theft.
Small businesses are even more vulnerable for two reasons:
1.) They rely on local law enforcement to investigate but most local law enforcement agencies are not prepared to handle business identity theft.
2.) As larger companies have taken on more sophisticated computer network protections, cyber criminals have adapted and gone after smaller businesses who do not have high-level security.
In other words, to identity thieves, small businesses are the low hanging fruit just ripe for the picking!
Business Owners, are you complying with the Red Flags Rule?
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs - or "red flags" - of identity theft in their day-to-day operations.
The deadline is November 1, 2009.
Are you covered by the Red Flags Rule?
http://clicks.aweber.com/y/ct/?l=EQNY_&m=1dvgwuLjKmGWfD&b=2mL35GnR3khOp5HyCqUyAQ
Online Red Flag Training
Red Flag Rules training, is designed to familiarize public sector employees with terms, definitions, and requirements related to FTC Government Red Flag Rules.
It teaches the participants to detect, address, and respond appropriately to Red Flags.
http://clicks.aweber.com/y/ct/?l=EQNY_&m=1dvgwuLjKmGWfD&b=QEvEzHG8.wpqj_ttk8UydQ
http://www.leadsleap.com/?referid=fulghamkathleen
http://www.DesktopLightning.com/fulghamkathleen
http://perfecttrafficstorm.com/aff/4163
Saturday, September 26, 2009
Thursday, September 24, 2009
Sophisticated Botnet Causing a Surge in Click Fraud
Thursday, September 17, 2009 4:10 PM PDT
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because initially it was redirecting traffic through 200,000 parked domains in the Bahamas, although it now is using sites in Amsterdam, the U.K. and Silicon Valley.
Click fraud affects marketers who spend money on pay-per-click (PPC) advertising on search engines and Web pages. It happens when a person or a machine clicks on a PPC ad with malicious intent or by mistake.
For example, a competitor may click on a rival's PPC ads in order to drive up their ad spending. Also, a rogue Web publisher may click on PPC ads on its site to trigger more commissions, which is probably what's behind the Bahama botnet.
Click fraud also includes nonmalicious activity that nonetheless yields a click of little or no value to the advertiser, such as when someone clicks on an ad by mistake or two consecutive times.
Click Forensics has been warning recently that click fraud scammers are increasingly resorting to botnets, which are networks of computers that have been secretly compromised for a variety of malicious tasks.
The Bahama botnet is masking the source of its clicks to convince click-fraud filters they are coming from high-quality, legitimate sources, such as U.S. libraries and schools. The botnet is also altering the "interval and breadth" of the attacks from the compromised PCs, according to Click Forensics.
In a piece of extremely bad news for advertisers running PPC campaigns, Click Forensics has seen worst-case scenarios in which as much as 30 percent of a monthly ad budget is swallowed by Bahama botnet click-fraud traffic.
Ordinary users' PCs are made part of the Bahama botnet with malware. Click Forensics found links to the malware in search results for queries about the non-existent Facebook Fan Check virus.
Last week, security company Sophos and Facebook both warned that malicious hackers were setting up malware-infested Web sites that falsely claimed to remove a non-existent virus from a new Facebook application called Fan Check.
False rumors spread that Fan Check infected PCs with malware, so scammers tried to capitalize on the concern that many Facebook members had about the application.
As Facebook members used popular search engines to find antivirus information about Fan Check, they got results that pointed to sites that offered false virus removal kits and instead infected their computers with malware.
Click Forensics also said the botnet malware is "extremely similar" to the "scareware" program found in malicious ads that The New York Times was tricked into serving up on its Web site last weekend. Before the Times eliminated them, the ads displayed pop-up messages falsely telling users their PCs were infected so they would buy a fake anti-virus program.
Click Forensics is in contact with major search engines, ad network providers, advertisers, publishers and security companies regarding the Bahama botnet and ways to address it.
Neither Google nor Yahoo, which operate the two largest search engines and PPC ad networks, immediately responded to a request for comment.
http://www.kathy1313.com/
http://perfecttrafficstorm.com/aff/4163
http://www.DesktopLightning.com/fulghamkathleen
http://www.leadsleap.com/?referid=fulghamkathleen
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because initially it was redirecting traffic through 200,000 parked domains in the Bahamas, although it now is using sites in Amsterdam, the U.K. and Silicon Valley.
Click fraud affects marketers who spend money on pay-per-click (PPC) advertising on search engines and Web pages. It happens when a person or a machine clicks on a PPC ad with malicious intent or by mistake.
For example, a competitor may click on a rival's PPC ads in order to drive up their ad spending. Also, a rogue Web publisher may click on PPC ads on its site to trigger more commissions, which is probably what's behind the Bahama botnet.
Click fraud also includes nonmalicious activity that nonetheless yields a click of little or no value to the advertiser, such as when someone clicks on an ad by mistake or two consecutive times.
Click Forensics has been warning recently that click fraud scammers are increasingly resorting to botnets, which are networks of computers that have been secretly compromised for a variety of malicious tasks.
The Bahama botnet is masking the source of its clicks to convince click-fraud filters they are coming from high-quality, legitimate sources, such as U.S. libraries and schools. The botnet is also altering the "interval and breadth" of the attacks from the compromised PCs, according to Click Forensics.
In a piece of extremely bad news for advertisers running PPC campaigns, Click Forensics has seen worst-case scenarios in which as much as 30 percent of a monthly ad budget is swallowed by Bahama botnet click-fraud traffic.
Ordinary users' PCs are made part of the Bahama botnet with malware. Click Forensics found links to the malware in search results for queries about the non-existent Facebook Fan Check virus.
Last week, security company Sophos and Facebook both warned that malicious hackers were setting up malware-infested Web sites that falsely claimed to remove a non-existent virus from a new Facebook application called Fan Check.
False rumors spread that Fan Check infected PCs with malware, so scammers tried to capitalize on the concern that many Facebook members had about the application.
As Facebook members used popular search engines to find antivirus information about Fan Check, they got results that pointed to sites that offered false virus removal kits and instead infected their computers with malware.
Click Forensics also said the botnet malware is "extremely similar" to the "scareware" program found in malicious ads that The New York Times was tricked into serving up on its Web site last weekend. Before the Times eliminated them, the ads displayed pop-up messages falsely telling users their PCs were infected so they would buy a fake anti-virus program.
Click Forensics is in contact with major search engines, ad network providers, advertisers, publishers and security companies regarding the Bahama botnet and ways to address it.
Neither Google nor Yahoo, which operate the two largest search engines and PPC ad networks, immediately responded to a request for comment.
http://www.kathy1313.com/
http://perfecttrafficstorm.com/aff/4163
http://www.DesktopLightning.com/fulghamkathleen
http://www.leadsleap.com/?referid=fulghamkathleen
Sunday, September 20, 2009
Officials: Special Plastic Sleeves May Stop Identity Theft
To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver's licenses in "radio-opaque" sleeves.
That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology.
The cover of the e-passport booklet contains a metallic sheathing that can diminish the distances radio waves travel, presumably hindering unwanted interceptions.
Alloy envelopes that come with the PASS cards and driver's licenses do the same, the government says.
The State Department asserts that hackers won't find any practical use for data skimmed from RFID chips embedded in the cards, but "if you don't want the cards read, put them in an attenuation sleeve," says John Brennan, a senior policy adviser at the Office of Consular Affairs.
Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says the envelope her state offers with the enhanced driver's license "ensures that nothing can scan it at all."
But that wasn't what researchers from the University of Washington and RSA Laboratories, a data security company in Bedford, Mass., found last year while testing the data security of the cards.
The PASS card "is readable under certain circumstances in a crumpled sleeve," though not in a well maintained sleeve, the researchers wrote in a report.
Another test on the enhanced driver's license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard.
Will Americans consistently keep their enhanced driver's licenses in the protective sleeves and maintain those sleeves in perfect shape — even as driver's licenses are pulled out for countless tasks, from registering in hotels to buying alcohol?
The report's answer: "It is uncertain ... "
And when the sleeves come off, "you're essentially saying to the world, 'Come and read what's in my wallet,'" says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C.
By obliging Americans to use these sleeves, he says, the government has, in effect, shifted the burden of privacy protection to the citizen.
Meanwhile, researchers have raised other red flags.
— In 2006, a mobile security company, Flexilis, conducted an experiment in which the transponder of a partially opened e-passport triggered an explosive planted in a trashcan when a dummy carrying the chipped passport approached the bin. A video of the experiment was shown that year at a security conference.
Flexilis has suggested that the government adopt a dual cover shield and specifically designed RFID tag that would make the e-passport remotely unreadable until it is fully opened.
No changes have been made to the U.S. e-passport in response, according to the State Department.
— Some RFID critics wonder: Could government officials read the microchips in an enhanced driver's license or passport card by scanning people via satellite or through a cell phone tower network?
The short answer is no — because the chips in PASS cards and EDLs are "passive," or batteryless, meaning they rely on the energy of readers to power up. Passive tags are designed to beam information out 30 feet.
However, research is moving forward to make batteries tinier and more powerful, says Ari Juels, director of RSA Laboratories.
A "semi-passive" tag that could transmit into the atmosphere when triggered by a reader "may be feasible at some point," he says.
Separately, a system called STAR, that adapts deep-space communications technologies to read passive tags from distances greater than 600 feet, was announced last year by a Los Angeles startup called Mojix, Inc.
It uses "smart antennas" and "digital beam forming" to process signals in four dimensions — time, space, frequency and polarization.
Mojix, founded by a former NASA scientist, promotes the technology for supply chain management and asset tracking.
http://www.wysong.net/
That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology.
The cover of the e-passport booklet contains a metallic sheathing that can diminish the distances radio waves travel, presumably hindering unwanted interceptions.
Alloy envelopes that come with the PASS cards and driver's licenses do the same, the government says.
The State Department asserts that hackers won't find any practical use for data skimmed from RFID chips embedded in the cards, but "if you don't want the cards read, put them in an attenuation sleeve," says John Brennan, a senior policy adviser at the Office of Consular Affairs.
Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says the envelope her state offers with the enhanced driver's license "ensures that nothing can scan it at all."
But that wasn't what researchers from the University of Washington and RSA Laboratories, a data security company in Bedford, Mass., found last year while testing the data security of the cards.
The PASS card "is readable under certain circumstances in a crumpled sleeve," though not in a well maintained sleeve, the researchers wrote in a report.
Another test on the enhanced driver's license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard.
Will Americans consistently keep their enhanced driver's licenses in the protective sleeves and maintain those sleeves in perfect shape — even as driver's licenses are pulled out for countless tasks, from registering in hotels to buying alcohol?
The report's answer: "It is uncertain ... "
And when the sleeves come off, "you're essentially saying to the world, 'Come and read what's in my wallet,'" says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C.
By obliging Americans to use these sleeves, he says, the government has, in effect, shifted the burden of privacy protection to the citizen.
Meanwhile, researchers have raised other red flags.
— In 2006, a mobile security company, Flexilis, conducted an experiment in which the transponder of a partially opened e-passport triggered an explosive planted in a trashcan when a dummy carrying the chipped passport approached the bin. A video of the experiment was shown that year at a security conference.
Flexilis has suggested that the government adopt a dual cover shield and specifically designed RFID tag that would make the e-passport remotely unreadable until it is fully opened.
No changes have been made to the U.S. e-passport in response, according to the State Department.
— Some RFID critics wonder: Could government officials read the microchips in an enhanced driver's license or passport card by scanning people via satellite or through a cell phone tower network?
The short answer is no — because the chips in PASS cards and EDLs are "passive," or batteryless, meaning they rely on the energy of readers to power up. Passive tags are designed to beam information out 30 feet.
However, research is moving forward to make batteries tinier and more powerful, says Ari Juels, director of RSA Laboratories.
A "semi-passive" tag that could transmit into the atmosphere when triggered by a reader "may be feasible at some point," he says.
Separately, a system called STAR, that adapts deep-space communications technologies to read passive tags from distances greater than 600 feet, was announced last year by a Los Angeles startup called Mojix, Inc.
It uses "smart antennas" and "digital beam forming" to process signals in four dimensions — time, space, frequency and polarization.
Mojix, founded by a former NASA scientist, promotes the technology for supply chain management and asset tracking.
http://www.wysong.net/
Subscribe to:
Posts (Atom)