If you haven’t JUST NOW re-set your Facebook password, don’t open that e-mail!

Mashable is reporting that there is yet another trojan horse making the rounds, appearing to be an e-mail confirmation that your Facebook password has been reset:

…This one – known as Bredolab – masks itself as a ‘Password Reset Confirmation Email,’ appears to come from Facebook, and attaches a file that purports to contain a new password.

That file is actually a trojan horse that will download a host of nasty files from the Web and infect your computer with them…Continue reading Facebook Password Reset Confirmation Email Contains Virus [ALERT] >>

 

Attacked by Viral Marketing!

Viruses are in the air. They are in my body and a course of antibiotics will hopefully cure me–but a virus is also in my computer!

Did I infect my own computer?

No, it is not possible to transfer human viruses to machines; at least, not yet. My computer genius, Mitchell Price, tells me that “Malware has destroyed my computer!” This means that a “company has made a false anti-virus application” and then swooped right in ostensibly to protect me from their own spyware.
For a fee, they offered to correct the problem that they themselves had caused. I refused to ransom my computer and so they ruined my hard drive, just hijacked it.

This can happen to anyone of us. As yet, there is no protection against it. Rather, the only protection against it is to never go on the internet. Mitchell advises us all to be “very careful of links that we may in good conscience, click. They may have a bug or a virus.”

Continue reading on Chesler Chronicles >>

 

What Happened to Jenn Sierra on Facebook?

(Updated 10/18/09)

Greetings, fellow WebWarriors!

This is just a quick update on that Facebook database problem that I wrote about earlier in the week.

Facebook claims the problem has been fixed, but the problems with my account are continuing. I’m having a very difficult time accessing my account, my friends list, my pages, my groups, and my FB e-mails. It’s obvious there’s an attack of some sort going on – I don’t believe I’m the target of the attack, but instead that my account is being used somehow. I also don’t believe it’s because of my conservative activism, per se, but instead I believe it’s related to my support for the JIDF on the web and on Facebook.

I can’t get a response from Facebook on this after NUMEROUS tries, and I’m not comfortable with not understanding what is happening to the account – I have no way of knowing if the account is secure, and whether or not my friends’ accounts are being affected by this. So, I have deactivated the “Jenn Sierra” user ID for now.

Ft. Hard Knox is still going strong, and the FHK Facebook Group will not be affected by this. We have several great administrators who will continue to keep this going, and I’m still working in and supporting the group – just “from behind the scenes.”

-Jenn

P.S. – Several people have asked for more details on exactly what is happening to my account, to see if their own experiences are similar. Basically when I’m logged in, my account is acting the same way home computers act when the modem has been hijacked…like the account has a “mind of its own.” It works sporadically, but simply accessing any page (or the account itself) usually takes several tries. Plus, my entire friends list (of nearly 3,000 people) keeps disappearing.

Hotmail Users: Update your passwords forthwith! UPDATE: Everyone else update your passwords, too.

UPDATE: ReadWriteWeb is reporting that Gmail, Yahoo, AOL, Comcast, and Earthlink have also been hit by the same phishing attack that hit Hotmail. Bottom Line: Update your e-mail passwords, ASAP. Then, it is important to update your password on any other social network where you’ve used that password.

Also see: Scam hits more e-mail accounts

---

ORIGINAL POST 10/5/09: NetworkWorld is reporting that a hacker posted about 10K passwords of hotmail users briefly, and that other lists may exist. Here’s what you need to do to protect yourself, if you’re a hotmail user:

Update your password.

1. Log-in
2. Go to your username at the top-right of the page, then click “view your account” on the drop-down list
3. In the left-hand column, about half-way down, click “Change” next to “Password: ******” and follow the instructions.

For more information, go to NetworkWorld >>

 

Should you post your childrens’ photos online?

There’s a lot of information available on teaching your kids to be safe online, but one aspect of child safety online that seems to seldom be addressed is the behavior of the parents.

Lately, I have been noticing an increasing number of parents who seem to have no qualms about posting their kids’ photos on the social networks. Some even use a child’s photo in place of their own for their profile avatar. This, to me, seems about as safe (not!) as bumper stickers I’ve seen which list the name of each child on the back of the family minivan. I mean, any child predator that might be on the network instantly has your child’s first and last name, and a good idea of where they live…in some cases, even a link to contact them through their own social networking profile. I did some research on this, and the good news is that it seems that my fears on this might be a bit somewhat overblown. I wasn’t able to locate examples of child predators locating victims in this manner. At least not yet. Right now, kids are too easy to locate through their own online activities.

There are examples of people, however, using family photos indiscriminately. Recently, a mother discovered that an international adoption scam outfit used a photo she posted of her child on her personal family blog as a photo of a child that was supposedly up for adoption. Thankfully, the scammers were “only” after money, and the child was never in any phsical danger, but the mother was quite understandably very upset.

Not being a parent myself and not an expert on this topic of any sort, I won’t presume to tell parents how or where they should and shouldn’t post their kids photos. I do think it’s important, however, to remind all of us to follow common-sense safety in posting any photos online. We do not have control over how they will be used.

I can speak from experience on my impression of parents who use their kids’ photos for their own profile avatars. This makes me uncomfortable. I sometimes can’t tell whether the photo is a childhood photo of my new online friend, or if it’s a photo of his/her child. And things really get bizarre when the child is the opposite gender. I’m very careful about not interacting with young children online, because I have no way of knowing whether they have their parents’ permission to be talking with me, or if their parents would even approve. So, when I see an avatar of a child, I then have to do additional research just to make sure I’m actually talking to an adult. I completely understand why the adult would not be comfortable posting his/her own photo as an avatar (I often don’t post mine). But I can’t help wondering if someone is not comfortable posting his own photo, why on earth would he be comfortable posting his child’s photo? But that’s just me.

In most cases, I’m sure folks are just so darned proud of their kids they can’t resist the urge to show them off. That’s understandable, but it’s important to really think about who is viewing that photo, about the fact that once it’s online, you have no control over how it will be used.

Oh, and whatever you do, don’t assume it’s OK to post photos of your friends’ children online. This mother is an example of someone who has pretty strong feelings about that.

UPDATE: No, that’s not you in the video, and don’t click on that link! (Twitter Worm – Now on Facebook, Too)

UPDATE 09/26/09: Same worm – now on Facebook – Don’t click that link! Mashable has more about what to do if it’s too late:

Immediately change your password, delete all of the malware posts, and post a warning to not visit the link in question.

 

---

ORIGINAL POST – 09/23/09: This is from Mashable:

Unsuspecting users are receiving DMs [Direct Messages on Twitter] with the following text:

 

If you get this DM, DO NOT VISIT THE LINK. It takes you to a replica of the Twitter login page where the hackers will steal your account and use it to send out more infected DMs to your friends.

If you’re one of the unlucky ones to be fooled by this worm, make sure you change your password. Also delete any tweets or DMs that have the link. If you can’t log into your account, reset the password and contact Twitter Support…Continue reading WARNING: Twitter Worm Spreading via Direct Messages

 

A Blonde and Her Password

I got this by e-mail from a friend, today:

During a recent password audit, it was found that a blonde was using the following password:

MickeyMinniePlutoHueyLouieDeweyDonaldGoofy

When asked why such a long password, she said she was told that it had to be at least 8 characters long.

 

Jim Kouri on Obama’s Cyber Power Grab

Jim Kouri, CPP, of the National Association of Chiefs of Police and the New Media Alliance, has a report on the Law Enforcement Examiner of OKC today:

…Critics point out that any high-tech program that entails government intrusion should be carefully monitored by not only the US Congress but also private sector experts in cyber security and computer-based espionage.

“People went ballistic when they discovered the Bush White House authorized the interception of telephone and other electronic communications by intelligence and law enforcement agencies, and rightly so. Yet, I haven’t heard a peep from these same people who claim they are concerned with ‘privacy rights,’” said security expert and former NYPD cop Mike Fitzgerald.

“This may come back to haunt us as the first step down a truly slippery slope,” said former the Police detective and director of security.

“The technology involved is so complicated that it may take computer scientists to discover whether the government is protecting Americans on the worldwide web or spying on them. And what are businesses that rely on the Internet supposed to do if the President closes down the Internet?” asks Sam McCarthy a former police commander now a computer security expert..

The cyber infrastructure is not limited to the federal government. The office will work with state and local governments and international partners to combat cyber attacks, and also will work with the private sector to ensure an organized and unified response to future cyber incidents, Obama stated….Read Cyber attack? The Internet power grab by the Obama White House

 

Also see: And Our New Diversity Czar is…Our What?!

 

Important: Update Adobe Reader (aka Adobe Acrobat) AND Adobe Flash

(Updated)

We received this from Tom Reynolds and Paul Croteau (”The Loud Talker”) over at RFC Radio:

If you have not updated BOTH Adobe Reader (aka Adobe Acrobat) AND Adobe Flash since July 31st YOUR SYSTEM IS VULNERABLE! It doesn’t matter if you use a PC, a Mac, or Linux. It doesn’t matter which browser you use. It doesn’t matter if you just paid 80 bucks for a fancy security suite. If you play flash games, watch flash videos, chat in flash chat, or read Acrobat documents your system is at risk. If you want to read more about it than most people want to know, you can read more AT NetworkWorld.com.

If your computer (PC or Mac) is compromised you risk the computer of everyone you communicate with, and everyone you share files with. Since you all send files to the station, that means that not practicing good sanitation risks the computers of your friends, family and co-workers. They may have protection on their computers, but nothing that is open to the world is perfect. If you don’t care about your computer think of your friends, your family, or your boss, and how a few days without their computer would affect them.

Below are instructions for each program:

If you use Adobe Reader start the program and go to Help > About. If it reports version 9.1.3 you’re up to date. If it says anything other than 9.1.3 then go to Help > Check for Updates. (If you want to install from scratch, Adobe’s patching system for Acrobat is screwy, so you have to, go to get.adobe.com/reader and install the version there, 9.1. When you run 9.1 it will prompt you to download a patch. The version you need to get to is 9.1.3.)

Flashplayer download site is get.adobe.com/flashplayer. The latest Adobe Flash Player version is 10.0.32.18. Just follow the link and click on the “Install Now” button and follow the prompts. Reinstalling the same version doesn’t hurt, and sometimes makes things work a little smoother for a bit. Checking the version takes almost as long as installing without checking, but if you want to check, right click on something that uses flash (like the RFC chat room) and select “About Adobe Flash Player 10.” (If you have a Mac and a 1 button mouse, Control-Click.)

Palin Email Intrusion Investigation Moves Forward

According to Fox News, warrants have been served in the Governor Palin / Yahoo! Email breakin. As I wrote previously, the person of interest is one David Kernell, a student at the University of Tennessee-Knoxville. Kernell is the son of Mike Kernell, a Democratic state representative in Tennessee. Per Fox News “A witness told the station they took photos inside Kernell’s apartment and that his three roommates were subpoenaed to testify this week in Chattanooga.”

Also of particular interest to me is that the perportrator used a service called CTunnel.com while committing this crime. For those who don’t know, such a service is a way of “hiding” where the network traffic is coming from, by proxying the connection. What I find interesting however is that I dont recall such a service actually aiding in the investigation of such a crime. The CTunnel.com owner Gabriel Ramuglia is cooperating with authorities, of his own volition it seems.

My point is that some people seem to think that if they just take a step or two to hide their electronic footprints, it’s not necesarily going to make them invisible. There is always a trail when it comes to the Internet. For better or worse, your actions online are tracked *somewhere*, even if you take steps to obfuscate your actions. CTunnel, for example, kept logs of the traffic it was proxying…and is now apparently handing them over to the Feds.

Also see: Michelle Malkin – On the Palin Hacker E-Mail Trail

Palin Email Intruder’s Father – Democratic Rep in Tennessee

According to an article at Wired.com –

“Threat Level was unable to reach the student by phone because his number is unlisted. A person who identified himself as the student’s father, when reached at home, said he could not talk about the matter and would have no comment. The father is a Democratic state representative in Tennessee. Threat Level is not identifying them by name because authorities have not identified any suspects in the case, and the link to the student so far is tenuous.”

This is unacceptable. I sincerely hope that the investigation of this issue is being handled seriously, and intensely. Out of all the people out there with the knowledge and skill (not that much needed, but still) to accomplish this breach, the person who does it just happens to be the child of a Democratic Party politician?

On another note, I sincerely urge all who read this blog to take seriously their online security. Yahoo mail has been demonstrated to be insecure, other online email services can be exploited as well. Regularly change your passwords. Regularly inspect your email for anything out of the ordinary.

---

Also see:

• Password Security Tips
• BREAKING: Obama’s Email Hacked! UPDATED
• How Many Emails Accounts Do You Have?