Cyber Crime Protection Methods

There is a very old and correct saying that goes on to say that a coin has two sides.

Like a coin almost every aspect of life has two sides. For example the most common example can be taken of the advent of technology and the crime associated with it. With the advent of time and technology, computers have formed an integral part of the working society.

Computers along with them have brought greater work and time efficiency in the working circle of the society as a whole. But there comes the twist. Along with all the benefits that computers and technology have brought, there also comes the rising and alarming threat of cyber crime.
Continue reading “Cyber Crime Protection Methods”

Internet Security Through Code Signing, 2017 revision

I originally posted this article in 2014 and I wanted to rehash a few methods of performing code signing.

Internet Security Through Code Signing

Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted. Continue reading “Internet Security Through Code Signing, 2017 revision”

Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com

Hello,

You authorised a payment of 37.81 GPB to eBay International UK (UK-ebay-inc-admin@ebay.co.uk)

Your funds will be transferred when the merchant processes your payment. Any money in your PayPal account balance will be used first. If you have a zero balance or insufficient funds in your account, your backup funding source will be charged for the full or remaining payment. Please note that your bank or card provider may charge a dishonour fee if you have insufficient funds to make the payment.

Thanks for using PayPal. To view the full transaction details, log in to your PayPal account.

Email1

Email2

Let me tell you how to spot the phishing details: Continue reading “Spam of the Day – Receipt for Your Payment to Uk-AdCommerce-EOM@ebay.com”

The Trojan of the Month Award goes to: Avril Sparrowhawk CWIH8974 PAYMENT RECEIVED

I just got a bit of malware spam: “CWIH8974 PAYMENT RECEIVED” / “Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]”

This fake financial spam does not come from Les Caves de Pyrene but is instead a simple forgery with a malicious attachment. How did I know it was spam? I don’t buy wine. 🙂

If you receive this e-mail, delete it immediately and contact your IT Support company. Do not open the attachment(s).

virusThe attached file is a malicious document “CWIH8974.doc” which has a low detection rate. There are likely other variants of this virus going around but in the cases we’ve seen it downloads a malicious executable file from.

The virus itself allows the hacker to compromise the web browser so that when the user tries to log in to their Internet Banking, the details are leaked to the hacker who attempts to withdraw funds from the user’s bank account.

From: Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]
Date: 22 December 2015 at 11:14
Subject: CWIH8974 PAYMENT RECEIVED
Continue reading “The Trojan of the Month Award goes to: Avril Sparrowhawk CWIH8974 PAYMENT RECEIVED”

How can I report a person attempting to hack me?

There are a number of laws regarding hacking a computer you don’t have authorization to hack, the CFAA in the USA, the CMA in Great Britain, the CHM in Australia, and the list goes on. All of which make it illegal to do what you want to do, and in some cases have pretty strict penalties for even the smallest of actions.

The term most often used to describe what you’re talking about is Hacking Back. It’s part of the Offensive Countermeasures movement that’s gaining traction lately. Some really smart people are putting their heart and soul into figuring out how we, as an industry, should be doing this. There are lots of things you can do, but unless you’re a nation-state, or have orders and a contract from a nation-state your options are severely limited.

There’s always an “Abuse” email address on the whois of a netblock for reporting misuse of an IP address.

You can use http://whois.domaintools.com/ to do a whois lookup to get the address.

hackers-hacking-4

If you are using WordPress, use Wordfence! They are really good!

Continue reading “How can I report a person attempting to hack me?”

The A-Z of computer security threats

Sophos is one of the major players in the anti-malware business. They publish a Threatsaurus to help you remember and define the terms relating to malware. The Threatsauras is a plain-English guide, to help IT managers and end users understand the threats posed by malicious software. The Threatsaurus, includes:

  • an A–Z glossary on computer and data security threats
  • practical tips to stay safe from email scams, identity theft, malware and other threats
  • a guide to Sophos’s security software and hardware.

Finally, a guide to help your coworkers think like you do!Threatsaurus a-z of computer and data security threats

Sophos Threatsaurus is a 100-page directory of security alerts and tips, written in language that even non-IT professionals will understand.

Sophos_Threatsaurus_AZ

Cyber Security

Cyber security is definitely one of those areas where you need to evaluate the validity of any information you find online before accepting it. The figures about the prevalence and under reporting of cyber attacks comes from a 2010 CyberSecurity Watch survey carried out in the US by a number of organisations, including the US Computer Emergency Response Team. The survey states that ‘the public may not be aware of the number of incidents because almost three-quarters (72%), on average, of the insider incidents are handled internally without legal action or the involvement of law enforcement.’

https://www.youtube.com/watch?v=Qyy5YSo8vbY Continue reading “Cyber Security”