By ARUN MARBALLI
Crime exists because criminals are always one step and occasionally two steps ahead of the law. Before technology enabled crooks to cover large geographical distances, these smooth operators were limited by how far they could physically travel to ply their skills. Being one or more steps ahead, however, they are quick to leverage new tools and mass-psychology to their benefit and this is becoming increasingly clear in the bold new world of cyber-technology.
As I am writing this column, Uncle Sam�s tax deadline is looming ahead. Appropriate to the season and consistent with the use of mass-psychology, I saw a report a couple of days ago that there have been phishing attempts centering around the one theme that causes everyone�s pulse to quicken and maybe even cause the heart to skip a beat around this time of the year � receiving a note from the Tax-Man. E-mails have been reported, that have an official IRS look, directing the receiver to respond immediately by following an included link to provide some personal information. Very believable, perhaps, given that most of us now resort to e-filing, however, think for just a minute and the fallacy is quickly apparent � why would the IRS ask you for your information, they already have it!
Another situation that has been reported is a Trojan virus called Cryzip that apparently uses a commercial zip library to encrypt and store the victim�s documents inside a password-protected zip file and leaves step-by-step instructions on how to pay a ransom in order to retrieve the files. The problem is it is not clear how this Trojan virus is being distributed although it is believed that it was distributed via spam e-mail.
How about phishing with a social-engineering twist? An alert was recently issued by a security firm in San Diego in connection with excerpts of news stories from BBC being used as a bait to lure unsuspecting Internet Explorer users to visit websites that launch downloads of bots, spyware and Trojans. The e-mail received actually includes a genuine news story and a link for �read more �� that if followed does all the damage. So, think twice before following such a link from an e-mail that you may not recognize.
Closer to home, last month three regional Florida banks have had their Web sites compromised by hackers. The hackers were able to break into the servers that hosted the three banks� Web sites and redirect the banks� traffic to a bogus server that resembled the banks� Web site. Bank customers were asked to provide their credit card numbers, PINs and other types of sensitive information. Again, if you think about it why would the bank ask you for this information � they already have it.
Banks typically do not take attacks lying down and there are at least two banks that have changed their modus operandi to protect their customers better. Online Irish Bank RaboDirect has implemented what they call a two-factor authentication scheme based on two core security principles for identification � (1) Something you know � a customer number and PIN; and (2) Something you have � a digital security device that generates a new synchronized password every 36 seconds. Both of these identity authenticators are needed to allow access to the online account. Using a slightly different tact, the German bank Postbank has implemented electronic signature authentication for all e-mail communication from the bank. Customers will be able to verify the authenticity of e-mails by clicking on a symbol (such as verisign) on the e-mail.
Regardless of all steps taken by banks and other institutions, keeping our software upgraded still remains the best defense. In this connection during the last month, a number of software vendors have released updates to their software to take care of security vulnerabilities. Probably, the one that may affect the most people is the update released by Hewlett-Packard. HP has updated the Toolbox Software for their Color Laserjet 2500 and 4600 series of printers. Another vendor that has released updates is Real Player. Due to a security problem, a new version of Real Player has been made available. If you use Real Player on your computers, it would be a good idea to upgrade. Similarly, Adobe has updated their Flash Media Player because it had a critical security issue. If you have these software products installed on you computer, I strongly recommend a visit to the vendor�s Web site to download and upgrade the software.
Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].
|
Contact Information
Anything that appears in Khaas Baat cannot be reproduced, whether wholly or in part, without permission. Opinions expressed by Khaas Baat contributors are their own and do not reflect the publisher's opinion.
The Editor: [email protected] Advertising: [email protected] Webmaster: [email protected] Send mail to [email protected] with questions or comments about this web site. Copyright � 2004 Khaas Baat.
Khaas Baat reserves the right to edit and/or reject any advertising. Khaas Baat is not responsible for errors in advertising or for the validity of any claims made by its advertisers. Khaas Baat is published by Khaas Baat Communications.
|