di Paolo Attivissimo

Una galleria di ricostruzioni di computer storici, dallo ZX80 al computer delle missioni Apollo alla macchina di Babbage al Colossus usato per craccare i codici segreti tedeschi nella Seconda Guerra Mondiale. Imperdibile per gli appassionati.

Gigabyte, terabyte, petabyte… yottabyte? Secondo quanto scritto in un libro da Matthew Aid, l’NSA statunitense starebbe costruendo nello Utah un enorme deposito di dati derivanti da intercettazioni e registrazioni che potrebbe arrivare entro il 2015 a immagazzinare uno yottabyte di dati. Un milione di miliardi di gigabyte.

I superscanner aeroportuali danneggiano il DNA? L’antiterrorismo che crede di poter vincere usando i gadget ultratecnologici ha sperimentato e installato in alcuni aeroporti degli scanner che usano onde nella gamma dei terahertz e “vedono” attraverso i vestiti, rivelando armi ed esplosivi nascosti. Solo che, stando almeno a un articolo intitolato DNA Breathing Dynamics in the Presence of a Terahertz Field di Boian Alexandrov, del Center for Nonlinear Studies al Los Alamos National Laboratory, queste onde creano fratture nel DNA che potrebbero avere conseguenze sulla salute non trascurabili. Sensazionalismo o problema reale? Difficile dirlo per ora, ma è meglio tenere d’occhio l’argomento. Una sintesi della questione è pubblicata da Technology Review.

Robot bipedi. Ricordate Big Dog, il robot quadrupede capace di riprendere l’equilibrio in modo stupefacente dopo essere stato spintonato? Adesso arriva Petman, che non è un robot programmato per emettere flatulenze, ma un prototipo bipede. Maggiori dettagli qui su Popular Science.

Google include ricerche musicali, ma solo in USA. Ha debuttato Google Music Search: digitate un pezzetto del testo di una canzone e Google vi dice qual è e dove ascoltarla e scaricarla legalmente. Peccato che per ora funzioni solo per gli utenti USA. L’annuncio è nel blog di Google; ne parlano BBC, Punto Informatico, Zeus News, The Inquirer.

Microsoft apre il formato di Outlook. I file .pst di Outlook verranno documentati pubblicamente, secondo questo annuncio del gruppo di interoperabilità di Microsoft. Non saranno necessarie licenze o permessi per reimplementare il formato .pst.

Dopo il phishing, lo smishing. Conio bruttino per una nuova forma di truffa: la vittima riceve un SMS che dichiara di provenire dalla sua banca e avvisa di un’emergenza sul conto corrente, chiedendo di richiamare il numero verde del call center. Quando la vittima chiama, trova una registrazione che chiede di lasciare le coordinate della carta di credito per autenticarsi. Il numero chiamato ovviamente non è quello vero del call center, e in questo modo la vittima regala ai truffatori i dati della propria carta. Funziona? Se si fa leva sull’emozione e l’ansia, probabilmente sì. Ne parla qui Findlaw.

Fonte: http://attivissimo.blogspot.com

Identity Theft Speaker John Sileo’s Latest Fraud Report

There is a new type of scam that tries to trick you with text messages appearing to be from one of your financial institutions. Much like phishing, SMiShing takes advantage of techonology to mine our personal information. Learn how to stop this newest form of identity theft by reading the full fraud report.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, visit John’s blog at Sileo.com.

Identity thieves are going after your cell phone in an effort to trick you into giving up your debit or credit-card information. Here’s how it sometimes works: You’ll get a text message telling you there’s a problem with your credit or debit card. You’re then asked to either call a number that they provide — or go to specific website and enter your personal information. Once the thieves get your info, they have the tools to steal your money or your identity. The new scam has been dubbed smishing. To protect yourself from data thieves, never click on links in emails from unknown senders and never give your personal information over the phone unless you can verify who you are talking to.

A recent survey by TrendMicro showed that the average crackberry/iphone addict is quite oblivious of the potential security risks of conducting his work over the mobile airwaves. Nearly 45% of smartphone users have fallen victim to the a security breach and less than a quarter of them are consciously aware of the native security features on their phone.

The typical malware writer has gradually shifted the intent of malware from pure fame and geek curiosity to more diabolical ends. A few months ago, Kaspersky reported a trojan that can steal your money by exploiting a vulnerability in the SMS implementation on your phone. Such phishing attacks are called by a new term called “smishing”. Then again F-secure has earlier demonstrated another vulnerability in Series 60 phones that allows for a privilege escalation attack that allows complete access to the underlying file system. This vulnerability has been addressed in a firmware upgrade since.Smishing attacks are not that prevalent in the United States as it is in Europe or Asia, since SMS is not the preferred way of communication yet.  This is changing though… Carriers are  now including unlimited SMS plans for under $10 and this is encouraging SMS phishing.  The also exist legitimate services out there that facilitate bulk SMS tranmission.

         Traditional phishing attacks which can be easily identified by their broken links or non-rendering images or plain bad spelling (think Nigerian 419 emails), however these shortcomings are not that evident on SMS. Typically the messages themselves are concise and are usually entirely composed of text. It is also relatively easy to spoof the sender name, so that it may look like a legitimate source. This attack has been recently demonstrated in the Blackhat conference albeit on a jailbroken iPhone.
So how does one guard against this attack? Truth be told, there isn’t a single reliable way. Most brick-and-mortar legitimate companies will not use SMS to communicate with you (exception being your carrier). If you get an SMS from your bank, utility company or even your friend, soliciting for any information, simply ignore it and try to reach them offband (i.e. from another phone or email etc.). The cell phone industry has not developed standardized and robust protocols to guarantee the security of the SMS channel. Hopefully that will change soon.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Cisco: SMS, Smartphone Attacks on the Rise

While spammers were spewing more than 2 billion spam messages the day after Michael Jackson’s death, a new form of phishing is becoming more prevalent to users of SMS/texting devices. “Smishing”, the term used for phishing via SMS/text devices has been seen in Japan, and other countries where texting is more common, for years. Only as more people are becoming familiar with and using texting are hackers seeing a larger target audience from which to secure money.

This tactic uses an older, yet more trusted form of communication, that of voice. Smishers send a text asking people to call a number. When called a friendly recording asks people to enter their personal identifiable information.

The report also discusses an increasing number of vulnerabilities with smartphone operating systems.

The report also warns of increased hacking from people with computer skills who have been negatively affected by the economy.

Click here and here for more information.

Survey finds one in six consumers act on spam

A survey of 800 consumers in the US and Canada found that 1 in 6 have, at one time, acted on spam. Such activity affirms the economic incentive for spammers to continue sending the high levels of spam each day.

Comment: A report noted in the News Bits a couple of months ago indicated 90.4% of all e-mail is considered spam.

Click here for more information.

Turkish government site hacked amid spat with China

With links to language and their common religion of Islam, the Turkish Prime Minister denounced the riots in China’s northwest province of Xinjiang against the country’s Uighurs population. Since the statement Turkey’s embassy in China has been hacked to display a message. The slow response also indicates the site is being targeted with a denial-of-service attack.

Click here for more information.

Oracle Issues Big Security Patch Update

Oracle has released 30 patches for its various products, including 10 that relate directly to its database. Three of the database vulnerabilities can be exploited across a network without the requirement of a username/password.

Click here for more information.

Anonymous web data can be personal data, claims expert

Items such as browsing history may be deemed anonymous as the only thing tying you to such content is your computer’s IP address. Because of the anonymity you may loose control of what people do with your information. However, if you provide the information provider with information such as your name, IP address, date and time of service use your information then becomes identifiable and is therefore subject to the UK’s data protection act, a law based up on the EU’s Data Protection Directive 95/45/EC.

Click here for more information.

Sixty Percent of companies Not Moving to Windows 7

Citing stability for Windows XP and Windows Server 2003, IT shops are not in a rush to upgrade to “7”. With mature computer hardware and software the need is no longer there for most companies. Portable productivity, interconnectivity and visualization are the new frontiers; frontiers on which Microsoft lags.

Click here for more information.

By now you’ve probably heard enough about Identity Theft that whenever you hear the term, your eyes glaze over and your brain goes into auto-pilot. 

Allow me to jar you back into cognizance with two scary facts:

1. The typical Identity Theft victim spends thousands of dollars to clean up the mess.

2. Perhaps even scarier — The typical Identity Theft victim spends HUNDREDS OF HOURS over the course of many months cleaning up said mess.

I don’t know about you, but I’ve got better things to do with my time.

Speaking of time, MSN Money has a great article called “Your 5-Minute Guide to Protecting Your Identity.”   Think of it as  ID Theft Prevention “Cliff Notes.”  It’s time well spent.

If you’re interested in learning even more about Identity Theft, we’ve got many valuable resources on our website.  Just go into the IRFCU Vault section, & click on the On-Line & Financial Safety page.

¿QUÉ ES EL SMISHING? – Informatica Forense.com.

Security experts have warned of a new round of ‘419′ email lottery scams targeting European smartphone users. Bogus text messages inform users that they have won the ‘GSM Mobile Sweepstakes’ contest and landed a €170,000 prize. In order to claim the prize, recipients are instructed to respond to a Yahoo webmail address. A reply offers to send the prize in the form a cheque mailed to the user. However, in order to pay for the insurance and shipping charges on the cheques, the user is asked to foot a bill ranging from €595 to €1,890. The scammers then pocket the supposed shipping costs and the user receives nothing.

Mikko Hyppönen, chief research officer at F-Secure, said: “Obviously you can’t win a lottery if you haven’t bought a ticket in the first place. “These guys just want you to pay for the ‘courier delivery’ of your ‘cheque parcel’.” Security experts have warned that mobile messaging could become a new frontier for cyber-crime owing to booming numbers of new users and a relatively inexperienced security field in comparison to the PC industry. In addition to spam runs and 419 scams, the practice of SMS phishing, or ’smishing’, has gained steam in recent years. Users are also faced with a growing crop of malware applications which target the operating systems used by smartphone devices.

Source: Vnunet, Martin

*A compound of ‘phishing’ and ‘SMS’.  SMiShing (SMS phishing) is a type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone. The term SMiShing was coined by David Rayhawk in a McAfee Avert Labs blog on August 25, 2006.

Here’s an example of how a SMiShing attack might happen. An innocent user receives a text message on their mobile phone with a link. The user responds to this link which in turn loads an unwanted application onto the device. This application can do things like propagate the message to everyone in the phone’s address book, render the device useless, send tasteless text messages to everyone in the address book, make the device act erratically, steal data from the device, and more. Imagine receiving a text message from what appears to be your spouse, friend, or boss with an embedded link. The message looks reasonable, you follow the embedded link and… voila! Your phone sends a crude text message to every mobile phone in your address book. Protecting yourself is very difficult as text messaging, especially if it’s a propagated attack originating from a trusted source, is very difficult to pick up on. Until the technology to defend against it catches up, the best defense is to avoid following links on text messages from your mobile device.