May 21, 2012

Posts Comments

You are here: Home / Archives for Blog / IT Professionals

Chilling Introduction to the Cyber Crime Black Market

January 21, 2011 By 1 Comment

Cyber Crime CloudPanda Security recently released an excellent document entitled “The Cyber-Crime Black Market: Uncovered” that is probably the easiest to read and best piece that has been made available to the general public in recent years about these underground criminal enterprises. The picture that this document presents is of an illicit industry that is trying desperately to grow and earn more income at all of our expense. Here is a sobering view of the “competition”:

Price wars, numerous ‘special offers’ and the diversification of the business are all indications of how these mafias are desperately trying to drive up revenue. A few years ago, it was just a question of the sale of a few credit card details. Now, in addition to offering all types of information about victims -even the name of the family pet-, other services are available, including physical cloning of cards or making anonymous purchases and forwarding the goods to the buyer.

The document also integrates key information integrated from the FBI, perhaps the most interesting aspect is how they categorize the professional positions within these organizations. Here are the most common positions per the FBI:

  1. Programmers. Who develop the exploits and malware used to commit cyber-crimes.
  2. Distributors. Who trade and sell stolen data and act as vouchers for the goods provided by other specialists.
  3. Tech experts. Who maintain the criminal enterprise’s IT infrastructure, including servers, encryption technologies, databases, and the like.
  4. Hackers. Who search for and exploit applications, systems and network vulnerabilities.
  5. Fraudsters. Who create and deploy various social engineering schemes, such as phishing and spam.
  6. Hosted systems providers. Who offer safe hosting of illicit content servers and sites.
  7. Cashiers. Who control drop accounts and provide names and accounts to other criminals for a fee.
  8. Money mules. Who complete wire transfers between bank accounts. The money mules may use student and work visas to travel to the U.S. to open bank accounts.
  9. Tellers. Who are charged with transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.
  10. Organization Leaders. Often “people persons” without technical skills. The leaders assemble the team and choose the targets.

Perhaps the most chilling aspect of this document begins on Page 18 “The Sales Process” where real examples of price lists, resources (as in how much are in the bank accounts, etc) ordering details:

Prices vary according to the vendor, although the average is $150 for a complete card and a minimum order of five units. There is an additional cost for the plastic: $30 white plastic, and $80 for color printing. You also have to add to the cost of the information (the card number, PIN and other details) for which, as we’ve seen before, there are various offers.

If you have the time it might be a good opportunity to better educate yourself on the operations of these organizations, this should be a “must read” for any aspiring information security professionals. Understanding the enterprise behind the malware, botnets and other security risks is a key aspect of understanding how to prevent it.

Disclosure – we are not a Panda Software reseller, nor were we paid to post this. We are not in any way advocating a product or service in this post. Please review our Product and Partner Policy for more information.

Popularity: 7% [?]

Filed Under: Featured, IT Professionals, Security

Why 2011 may be the Year of Privacy

January 4, 2011 By 3 Comments

As we roll into our 14th year here at Managed Solutions taking stock of the last 14 years many trends have dominated our priority list. In 2010 the focus was extending the life of under-maintained hardware, Cloud Computing and Security. Signs are pointing to privacy being a very relevant issue for 2011. The Wall Street Journal really started the ball rolling with their privacy series in 2010. That really set the tone with many consumers learning and becoming much more concerned about their data privacy. Also it seems like everywhere you looked in 2010 Facebook was being criticized for their at times what appeared to be utter contempt for the privacy of their users. See also “Frustrated by the new Facebook groups? So am I, and something you can do.” on amplify for some additional discussion on that.

Photo credit Opensourceway, Creative Commons

Spokeo.com got “spinsucked”

Gini Dietrich posted a great article this week that struck a chord with the readers. It’s been viewed, shared and commented on heavily since it came out. The post was about “Deleting Your Spokeo Profile” and it detailed what information could be found on Spokeo.com and how to delete the profile. I thought based on the comments that it was worthy of a screencast so I recorded it and shared it with Gini. You can view it on Youtube. At one point Spokeo was not able to process requests, so I joked with her on her blog that there is a new /. in town and that spokeo had gotten “spinsucked” so henceforth that will be my story, and I will stick to it.

As further proof that this issue really resonated with many of us, I had one person completely disconnected from the matter ask me on Facebook last night if I had “heard of Spokeo” at that point I realized this was really circulating far and wide.

Learning from the debate

Some debates did come up over the spinsucks post, here were the opposition arguments to removing your profile from spokeo:

  1. There are many other sites that mirror the same data
  2. They are probably harvesting the required email address to sell
  3. The information is public domain only, readily available

One less site is better

In response to argument #1, one less site is certainly better is it not? Not to mention Spokeo actually did a bang up job of getting a lot more data than other sites seem to have to offer. I’d rather not be listed there.

Avoid the harvest

Avoiding the email harvesting concept is easy, you should use either an alias that can be tracked and later deleted or a “junk” email that is only checked in these circumstances.

The information is public domain only

I don’t think this is the case, it appears that Spokeo has found or paid for some really unique data or at least their paid for service touts that. If it is all public domain it’s usually not in one place. If someone is going to go after it, let’s make them work for it, does that sound like a decent strategy?

What does it mean?

I think these developments solidify the position that 2011 is the year of privacy, why? We know now, and we care, and we’re reading and watching and opting out to the tune of disabling a website. Our current privacy laws are not reacting fast enough for the changes in this digital world. This disparity is creating a vacuum that will be filled one way or another.

What happen’s next? Predictions

So the question is do the companies that are gathering this information and making it available cave from the pressure cooker that is likely to develop from consumers this year? Does the government step in and pass new privacy legislation more geared to our digital and interconnected age? Or does a group of entrepreneurs put together a service that opts out and erases data that can be masked, opts you out of junk mail and create an opportunistic menu of other privacy features?

I’ll be talking privacy a lot more this year and making it a priority to educate and discuss both here on Managed Solutions and also on my blog. Please join the conversation and share your thoughts. The most compelling comments will be added to the post and the authors cited. Or perhaps you’d like to guest post about this, if so please contact me.

Popularity: 4% [?]

Filed Under: Business/Productivity, IT Professionals, News, Security Tagged With: , , , , , , ,

American Honda warns their customers of Privacy Breach

December 24, 2010 By 1 Comment

American Honda Motor Company, Inc. is warning their customers today of a privacy breach that resulted in the compromise of private information about their customers. In this instance they are advising their clients of the following client information being compromised:

  1. Email Addresses
  2. Names
  3. Vehicle Identification Number (VIN)
  4. User ID

Their formal statement to their customers claims that no other information such as password, address where included in the breach. Hopefully a more thorough investigation will occur to verify the claim because if customer physical addresses were also compromised this would be a major concern.

Here is the entire message:

Honda Logo

Dear Customer,

American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.

We apologize for any inconvenience this may cause. As a company, we believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident. Additionally, we have taken steps to minimize this type of exposure in the future.

As a Company, we encourage you to continue to be aware of the increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information — Be cautious when opening links or attachments from unsolicited third parties. Also, know that American Honda Motor Co., Inc. will not send you emails asking for your credit card number, social security number or other personal information. If ever asked for this information, you can be confident it is not from us.

Again, let us reassure you that we are taking necessary steps to safeguard your personal information.

If you would like further information on this topic please visit honda.com/info/b

Thank you.

American Honda Motor Co., Inc.

Popularity: 4% [?]

Filed Under: IT Professionals, News, Security Tagged With: , , , ,

How to add valuable information to your Windows desktop background (Video)

December 21, 2010 By 1 Comment

It seems as though basic system information is often needed but not always easy to get. This video demonstrates how to use the BGinfo program by Sysinternals to display important information on the desktop background of your windows PC. The first couple of minutes show how to edit and use the program then a demonstration showing how to add it to a login script follows that for network admin types.

Here is a screenshot example of the output on one of our test machines:

BGinfo on a Windows 7 Aero Desktop

Have an idea you’d like to see a video demonstration of? If it’s not already here, let us know via comments, contact form or Facebook and we’ll try to get it added to our library.

Popularity: 6% [?]

Filed Under: Business/Productivity, Howto, IT Professionals, Quicktips, Videos Tagged With: , , , , , ,

Good Personal Choices – the most powerful Information Security Tool

October 25, 2010 By 15 Comments

Korean Road Sign

Dali Burgado posted a really interesting article from infosecurity.com today about combating Twitter worm threats being personal. The gist of the article was that the best way to combat these information security threats was by reporting them. We’ll take this idea a step farther in this article, that information security really centers around making good personal choices. Unfortunately a lot of people are not very cautious in their experience and bad choices lead to big compromises, expenses and a bevy of other problems. In fact did you read about the man in Australia who had one of his investment properties sold as the result of identity theft?

What areas do these personal choices affect your information security?

  • Competency – learning.
  • Hardware and networking devices (especially wireless!).
  • Security software.
  • Participation.
  • G Factor

Competency and learning – the core of information security

At the core of information security is what you as a user are willing to do to educate and protect yourself. Do you take a cautious and guarded approach or do you throw caution to the wind and click every link in sight? Perhaps one of the biggest challenges for new users is there are not many best practices training programs available for end users (know of some, please share the wealth as a comment to this post!). You really have to actively seek out the information. There are a number of paths for professionals to get the training including Sans Institute (Dali Burgado who inspired this post works for them!) among others. We provide end user information security and best practices training to our small business clients and you can always inquire at my “speaking” page on my personal blog to inquire on behalf of a group.

Hardware, Wireless and networking device choices

wifiA little bit of prior planning in the hardware arena can close some huge gaps in information security. The biggest risk and most difficult choice the average home owner or business can make is the decision to have wifi on premises. You may have read this week that Google Street View Cars were collecting a lot more than pictures of the streets in your neighborhood. I don’t think the information Google collected will be used against you but to that point if they can do it anyone can do it. The decision to add wireless to your home or business network should not be taken lightly. Educate yourself on the security best practices and realize that even if you do a reasonable job of securing the device it is just one more thing that could be compromised at some point. Any networking gear you add to your network needs to be updated from time to time, do you have the ability to do that? Does the benefit of that hardware outweigh the expense of hiring a professional to provide you with the updates? These are questions that are best asked in advance.

Security software choices

Computers need extra protection against threats, the simplest protection is keeping your software updated. Think about this when you decide to install a new application, it is another spoke in the growing wheel that you will need to keep updated. Software updates are a fact of life in our modern age, be prepared to understand what they are and how to upgrade them. A great resource for finding out about new threats is CERT in fact I highly recommend you sign up for their weekly alerts or feed. In fact I used to do a weekly feature here that will give you an idea of what to look for at the CERT website.

In addition to keeping your software up to date, it is a great idea to protect your system with antivirus and/or a security suite. We became a reseller of Eset NOD32 a number of years ago and have found over time that they continue to provide a quality product. Do not for a minute think that antivirus/security suite software will protect you from everything. It is the “last resort” and even the best products will not catch everything. The personal choices you make will have more to do with your information security that the anti virus software you choose. (In the interest of disclosure we are an affiliate of Eset, and if you use the link provided below to purchase the software we will get royalties, see our product and partner policy.


Click Here - Free Trial of ESET NOD32 Antivirus

Participation choices

Where you choose to be present can have a direct impact on your information security. The allure of social media sites like Facebook is great, and there are a number of advantages, but any place you choose to participate has it’s own risk, practices and learning curve. You should be aware and remain aware of these risks and practices, never assume that because a lot of people are using something that it is safe. The opposite is often true, the criminals often go where the people are because they have more potential targets. I have an article that I’ve started to work on that goes into detail about how social media has really become a vulnerable spot for many internet users. I will add a link to this post when it is done.

The Gullibility and Greed Factor

Gullibility and greed are major contributors to information security compromise. I think Facebook is a great example of where this occurs, I have seem more hacked Facebook accounts than I imagined I ever would, why? People thought that their really easy password was fine or they clicked a link or installed a rogue app. Now some malicious app or user is posting things to their friends walls, sending messages, etc trying to further perpetuate the compromise.

Beyond the gullibility of individuals that help their stranded friend at
greed is an often overlooked factor in information security. Do people really believe they will get something for nothing? Judging by the ongoing “Nigerian”, “419″ or “advanced fee fraud” scams, they do. If it didn’t work they would not be so prolific. Some very senior executives have been caught by these scams in the past, it is believed that many more have been victimized as well but did not come forward due to embarrassment.

Keep in mind the oldest trick in the book by con artists (pre-dating the internet) is to exploit a persons gullibility or greed. If you’re going to be information secure you’re going to also have to learn to be a little street wise.

Summary

Hopefully this will be a good primer and starting point for people to start to move towards a more information secure computing experience. While there are links to a number of great resources we’d be happy to have your feedback about other possible resources, we’ll also feature the best of the suggestions to the article itself. You can share your feedback, suggestions or questions in the comments below.

Popularity: 8% [?]

Filed Under: Business/Productivity, Eset, IT Professionals, Security Tagged With: , , , , , ,

4 Tips to extend the life of your laptop

October 15, 2010 By 5 Comments

Laptops and netbooks are great devices, they provide us with portability, we can take them anywhere and work conveniently with them, well, in our laps. Due to their small size there are some inherent problems, the biggest enemy of a laptop is heat. The components are very similar to the ones in your large desktop PC just smaller, sometimes modified to generate less heat.

Be aware of your cooling vents!

If you operate your laptop on a soft surface like your lap be mindful of where the ventilation ports are. The air that cools a lot of the most critical components needs to enter through the bottom of the laptop. Check out the vents on this Sony Vaio netbook:

Vaio cooling intakes

Vaio cooling intakes

Above: You’ll note that it is extremely easy to block the vents on this Sony Vaio Netbook. Below: Here is a laptop – a Lenovo W510:

Lenovo W510 Air Intakes

Lenovo W510 Air Intakes

The Lenovo has much better distribution but it is still possible to block them all if you lay it on a soft surface. It is always best to lay laptops on hard surfaces whenever possible. That allows them to breath fresh cooling air through the bottom and allows the large side exhaust vents (not pictured) to properly eject the hot air from your expensive and useful laptop or netbook PC. You can keep those vents free using a little blast of canned air when you notice dust accumulating.

Tips Summary:

  1. Be aware of where your intake and exhaust vents are and don’t block them.
  2. Try to place your laptop on hard surfaces when operating it for long periods of time.
  3. Occasionally use canned air to clear out dust or particles from the intake and exhaust.
  4. Consider using a ventilated laptop cooling device if you work for long periods of time.

My Very Biased Opinion:

We are a Lenovo Partner and we recommend and sell their products. With 13+ years in the business I can say with great confidence that Lenovo Thinkpads are the best in the business. If you really want your laptop to last, buy a Thinkpad. While preparing this article I was greatly surprised by the contrast in the ventilation on all the laptops I looked it while making preparations.

Popularity: 7% [?]

Filed Under: Featured, Hardware, IT Professionals, Lenovo Tagged With: , , , , ,

Joe Reviews SB10-242 Cert Report (Video)

August 30, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. This includes issues with Adobe products, Chrome and Mozilla Firefox. Be sure to update these products if you haven’t recently. This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Popularity: 4% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , , , , ,

Joe Reviews SB10-221 Cert Report (Video)

August 9, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. This update contains issues with Apple iTunes, Safari and Mozilla Firefox. Be sure to update these products if you haven’t recently. This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Popularity: 4% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , , , , , , ,

Plague of Adobe Acrobat and Reader Vulnerabilities Continues

July 7, 2010 By Leave a Comment

I seem to write a post on this once a month minimum. When I opened this weeks Cert advisory there were 14 9.3 vulnerabilities for Adobe Reader and Acrobat. This plague of vulnerabilities and the related exploits that have popped up remind me of Internet Explorer 5 years ago. So here at Managed Solutions we are once again advising our clients to apply any updates to Adobe products when prompted or to exercise extra caution with .pdf files. Here is the menacing list of vulnerabilities announced on 6/30/2010:

Click to view full size.

14 Adobe Acrobat Vulnerabilities

Enhanced by Zemanta

Popularity: 6% [?]

Filed Under: IT Professionals, Security, Technology Tagged With: , , , ,

Quick Tip MrFixit for Windows Update Issues

July 5, 2010 By Leave a Comment

Have you ever encountered errors with Windows Update or had it just stop prompting you all-together? This might be the solution to your problem. Either way it is a web page at Microsoft that will provide the right tool depending on what Operating system you are running.

To run the utility navigate to http://support.microsoft.com/kb/971058 and click on the Microsoft Fix It icon or link:

Mr Fixit Utility

You will have one option that can be selected, only use this option if the first attempt without it checked was not successful:

Mr Fixit Aggressive Options

After running the utility in either mode an additional screen will pop up with other options:

MrFixit Complete

If after a restart you still experience issues, you can run the utility again to access the help links in the utility. Microsoft does provide free support for windows update issues.

Related Posts Plugin for WordPress, Blogger...

Popularity: 16% [?]

Filed Under: Howto, IT Professionals, Quicktips Tagged With: , , , ,
« Older Posts
Newer Posts »