Facebook Becomes A Favorite Target Of Phishers
Posted by at 2:06 am, December 26th 2010.

Due to widespread concerns about its thoughts on users' privacy, Facebook has been under all sorts of fire lately, facing criticism from U.S. senators, European data protection authorities, and many tech experts. Now, yet another problem's cropped up, as Facebook's been called a top target of phishers. The Securelist division of Kaspersky Labs issued a report yesterday, and the identities of the top three organizations that have been targeted by phishers may not come as a surprise to anyone; they're PayPal (with 52.2 percent of all attacks aimed at it), eBay (with 13.3 percent), and HSBC (with 7.8 percent).

The report, which covered the period between January and March of this year, next stated, though, "Facebook popped up unexpectedly in fourth place. This was the first time since we started monitoring that attacks on a social networking site have been so prolific."

By way of explanation, the report then continued, "Having stolen users' accounts, the fraudsters can then use them to distribute spam, sending bulk emails to the account owners and their friends in the network. This method of distributing spam allows huge audiences to be reached. Additionally, it lets the fraudsters take advantage of the social networking sites' additional options, like being able to send different requests, links to photo's and invitations, all with the advertisement attached, both within the network and to users' inboxes."

Obviously, this isn't good news for Facebook's users or the security community as a whole. Facebook acts as a sort of point of entry to information about a whole lot of people (the social network had 400 million users in early February).

This isn't good news for Facebook, either, though - nothing that makes its users uncomfortable or unhappy, and therefore likely to leave, is - so perhaps we'll at least see the company make some attempt(s) to address this problem.

Anyway, if you're curious, the list of phishers' targets picked up after Facebook with Google, the IRS, Rapidshare, Bank of America, UBI, and Bradesco.

0 Comments  |  Make a comment

A Lesson In Password Security
Posted by at 2:06 am, December 26th 2010.

t seems today that every website you go to wants you to sign up for their site with a username and password. Not only this, but each site has its own restrictions on what your password can be. Some require you to use both letters and numbers, while others kick out anything less than (insert random number here) characters long. The worst though is when you are required to change your password after so much time has passed. Well, those restrictions exist for a reason, and there are certain things you can do to stay safe when you're browsing online. The biggest problem with passwords is that you have to remember so many of them. You have passwords to different shopping sites, bank sites, news sites, webmail sites, the list goes on and on. It is so easy to just find one password that you can remember and use it everywhere. This is a big mistake, as has been displayed by the Gawker incident. If one password on one site is discovered by a hacker, they now have all your passwords to all your websites. Using a unique password for each site you frequent makes it much harder to remember them all, but it is much safer. A safe alternative to post-it notes on you monitor is to use a password manager, such as 1Password or RoboForm.

Another important thing to remember is to use strong passwords. The Gawker hackers posted the most commonly used passwords retrieved from the Gawker database, and at the top of the list is "12345", which is in the words of Dark Helmet, "the kind of thing an idiot would have on his luggage!" Also on the top ten list were such gems as "password" "qwerty" "abc123" and "monkey". Using a combination of letters and numbers, in a not-so-easily guessed order, makes it much harder to guess, which keeps you safer.

0 Comments  |  Make a comment