uc logo white
Text Size

Announcement: New Study

Check out Smithton Medical's new study!!

Home

Russian Organized Crime: Krem D’la Krem of Hackers

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

And these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.

Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.

This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.

This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.

Tips for Preventing Getting Hacked

  • Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
  • URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
  • Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
  • Online banking. If possible, conduct this on a separate computer just for this purpose.
  • Change the router’s default password; otherwise it will be easy for hackers to do their job.
  • Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
  • Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
  • Say no to third-party Wi-Fi hotspots.
  • Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
  • Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
  • Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.
____________

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The “Heartbleed” Bug has not been exterminated

Though the breaking news of the Heartbleed vulnerability is a month old, this doesn’t mean that this “bug” has been squashed.

Though the breaking news of the Heartbleed vulnerability is a month old, this doesn’t mean that this “bug” has been squashed.

There still remain about 318,000 servers that are vulnerable to this OpenSSL bug, according to security researchers, though this figure is about half of what it was a month ago.

The Errata Security blog announced they calculated the 318,000 via a recent global Internet scan, which also revealed that more than 1.5 million servers still remain supportive of this “heartbeat” thing.

And there may actually be a lot more servers “bugged” because the count applies only to verified cases. Nevertheless, why are there over 318,000 still affected a month after aggressive Heartbleed mitigation went into effect?

Fraudsters can use this bug to attack those 318,000 systems. This flaw in encryption leaves private data like credit card numbers and passwords open for the kill.

Though many of the giant services fixed this problem within a prompt timeline, the smaller services are still struggling with it, and hackers know this. A crook can identify the compromised server and then exploit the bug and steal the private data that’s in the server’s memory or take control of an online session.

So how can you protect your private information?

  • Go to http://tif.mcafee.com/heartbleedtest, which is McAfee’s Heartbleed Checker tool. Enter the URL of a website to see if it’s vulnerable.
  • If no vulnerability is detected, change your password for that site. After all, if a site has already been bugged, changing your password at that point is useless.
  • If vulnerability has been detected, then keep an eye on your account activity for signs of unauthorized activity.
  • After a site has been patched up, then change your password.
  • And this time (if you already didn’t originally), create a strong, long password. This means use a mix of characters (letters, numbers, symbols) and use more than eight. And don’t include a word that can be found in the dictionary unless your password is super long, such as “I eat Martians for breakfast.” (The spaces count.) This would be a nearly uncrackable password due to its length and nonsensicality. But so would the more difficult to remember Y48#dpkup3.
  • Consider a password manager for creating strong passwords and remembering them, such as McAfee SafeKey.
  • For better security use two-factor authentication. This involves a one-time code for each time someone tries to log into an account.
  • As ongoing protection consider a credit freeze and identity theft protection to prevent new account fraud.

__________

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Michaels Stores and Aaron Brothers Announce Massive Data Breach

April 21, 2014 - Michaels, a retail chain of arts and crafts stores has announced a massive data breach affecting more than 3 million credit and debit cards. One of the company's subsidiaries, Aaron Brothers, announced a separate data breach affecting as many as 400,000 additional cards. Both data breaches took place over a period of months, beginning in 2013 and ending early this year. April 21, 2014 - Michaels, a retail chain of arts and crafts stores has announced a massive data breach affecting more than 3 million credit and debit cards. One of the company's subsidiaries, Aaron Brothers, announced a separate data breach affecting as many as 400,000 additional cards. Both data breaches took place over a period of months, beginning in 2013 and ending early this year. The Michaels breach occurred between May 8, 2013 and January 27, 2014. Although the company has said that 3 million credit and debit cards may have had their numbers compromised, the company has said that hackers were not able to access additional personally identifiable information. Nor were they able to access debit card PIN numbers. This significantly reduces the risk of fraud or identity theft from this breach. The Aaron Brothers breach occurred between June 262013 and February 27, 2014.That cyberattack affected 54 of the company's stores. Consumers who shopped at either Michaels or Aaron Brothers during the times listed above should carefully check their credit and bank card statements for fraudulent charges. Any unauthorized charges should be reported to their credit card companies or banks. __________ Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org