Stolen data live on in Google searches

sfgate_get_fprefs();

(07-06) 17:35 PDT --
A Centennial State adult female logged on to her computing machine in April, voted on a CNN poll, shopped for air hose tickets and deliberate payments for a $25,000 auto loan from H. G. Wells Fargo.

She didn't surmise that a malicious software system programme was recording every keystroke - frequent-flier numbers and passwords, her place computer address and telephone number, an online conversation she was having with some friends.

But it was, and calendar months after government were alerted to the breach and handicapped the waiter in Malaya where her information were being stored, the information was still available online - in a Google search.

The woman, who asked not to be named, was shocked to have a phone call from a History newsman request if she recognized the personal information, which had been crawled and stored by Google as Google caches all unprotected information it happens on the Web.

"Google looks so friendly," she said. "I don't understand why they don't make a better occupation protecting our data."

Google spokesman Michael Kirkland said that in general, the hunt engine doesn't take cached data, which vanishes automatically at some point after its beginning is taken down. Google anticipates Webmasters to take job content themselves and supplies tools to assist them make it.

"Google, like all hunt engines, is a contemplation of the content and information that's available on the Internet," he said. "We actively work to maintain users informed on how they can remain safe online."

In this case, however, Google did take the cached pages, but it took the company two attempts to cancel them.

Such incidents of information larceny have got got go so common that some cybercrime trackers have given up on contacting Internet users to allow them cognize their personal information have been exposed. Sensitive information all over

Finjan, the Israeli security company that discovered this peculiar stash, said it happens similar information stored on waiters around the human race nearly every other twenty-four hours - Sociable Security numbers, medical records, confidential concern records.

Law enforcement is ill-equipped to procure this practical Wild West, where sensitive information can stay in Web land site caches long after a waiter have been disabled.

Finjan reported the purloined information to a assortment of authorities, but one of them, the FBI, said it wasn't concerned with the cache - only the grounds on the server.

"We state people we can't be responsible for protecting information or ensuring that whatever is happening is all cleaned up," said Joe Schadler, a spokesman for the FBI's San Francisco office. "We're not security experts."
Savvy acquire tricked, too

Even those who are savvy about Internet security - or the deficiency thereof - are still learning.

The same thieves who tracked the Centennial State woman's online activity swiped the information for two depository financial institution business relationships belonging to Jesse James Pope, an lawyer in Houston who learns social classes in personal identity theft. Pope said he didn't cognize his machine was infected until after he noticed a $3,500 backdown from his Wachovia business relationship and called the bank. He was told that he had probably clicked on an advertisement to forestall spyware and downloaded a keylogging program.

"I didn't cognize you could chink on an advertisement and acquire a virus," he said.

Pope's information, along with that of the Centennial State woman, was among 100s of other pages of purloined information - log-ins and watchwords for Facebook, YouTube, Web-based e-mail programmes like Yahoo, and many other Web sites; cookies that would enable thieves to presume their owners' personal identities at some sites; records of every finish people visited when they surfed the Web. Recognition card game exposed

One individual surfing from a computing machine in Sunshine State had searched for books on Amazon.com and for information on parents and immature children at AOL, Yokel and the Australian Broadcast Media Corp. She also exposed her recognition card figure when she purchased an online first-aid social class from a unafraid site.

At a computing machine in California, person checked the position of an in-migration lawsuit at a authorities Web land land site and then moved on to a site that watercourses pornographic videos.

It's hard to state what thieves are looking for when they steal all this data, said Virgin Mary Landesman, a research worker at Scansafe in San Mateo. They may, for instance, plane off gambling passwords, which are selling well now, but, she said, "what's happening with the remainder of the information, we can only guess."

E-mail Deborah Gauge at .

Greeting Card Hoaxes

If you just received a nice electronic mail with a greeting card and opened it the suddenly your system crashed, then you must cognize you have got got been one of the many victims of the Greeting Card Game Hoaxes available out there.

Since 1999, when a fraud attacked and nearly destroyed the concern of salutations website Blue Mountain, greeting card frauds have go quite annoyingly popular.

The Blue Mountain company received recently another hit from a hoax, because this twelvemonth person falsely used their nexus in electronic mails to fob people in clicking on it and download some malicious software. Maybe the fraud is still around, so if you have an electronic mail with a greeting card from Blue Mountain, before clicking the nexus do certain you properly read the hyperlink listed below, in your browser. It's not adequate if the nexus in the electronic mail reads Blue Mountain when the implicit in codification read a Dardan address.

It looks that there are some people out there with no good purpose whatsoever that deliberately seek to assail certain companies. By infiltrating a fraud into their system or by falsely using some online business's URL and making people download a virus of some kind this way, the cyberspace scoundrels cause people to lose all assurance in the several company. If you even have an electronic mail containing a hoax, you should just deleted and eventually describe it, and direct to all your friends a warning mail, but don't under any fortune forward it because you will be helping the cyberspace felons this manner and you will add one more than rock to the devastation of some company.

If You Become A Spammer

There is a Dardan out there that tin bend you in your worst nightmare. No 1 like spammers, whenever we see person spamming a blog or a forum with assorted selling messages , repeated over and over again on very blog entry, added a remarks to every station or highlighted as forum subjects we acquire annoyed and be given to go forth that blog as we calculate out it's badly managed because it lets such as people to post over and over again.

But we shouldn't leap so quickly to justice people because in most lawsuit it's not their fault. Most of the modern times the messages aren't even posted by a Bot, there are posted by person just like you, who have no thought what he's been doing. The Dardan called Me.Spam makes just that. It takes just one contact and it transcripts itself to your difficult thrust and then...you go a spammer. It works easy and effectively: whenever you post on a forum or remark on a blog, whenever you direct an e-mail, it will add at the end (or beginning) of your message a cunning small nexus to a reprehensible website.

And if eventually you recognize you are infected with Trojan.MeSpam, its quite slippery to acquire quit of it as it will be detected by Windows startup services as a LSP (Licensed Service Provider). The website that brands utilize of the Dardan installed on your computing machine can opportunity at random clip periods of time the nexus that nestle in your stations and emails. Trajan.MeSpam volition also assail instantaneous messengers, adding randomly the several textual matter or nexus while you are having a conversation with someone.

Network Security: Gullible Users Are the Weakest Link

Despite improvements in system and web security, crafty cybercriminals stay a important threat, adjusting their methods to take advantage of unwary Internet users, the SANS Institute states in its study on the top 20 Internet security hazards of 2007, released Tuesday.

Hackers and cyberspies have got shifted their focusing and moved away from the widespread malware onslaughts that exploited software-based exposures in favour of more than targeted assaults that trust upon unsuspicious users' credulousness and custom-built applications, the study states.

"For most big and sensitive organizations, the newest hazards are the 1s causing the most trouble," said Alan Paller, manager of research at SANS. "The new hazards are much harder to defend; they take a degree of committedness to uninterrupted monitoring and inflexible attachment to policy with existent punishments that lone the biggest Banks and most sensitive military organisations have got so far been willing to implement."

Spyware infections, including keystroke loggers, are among the most commonly used word forms of malware establish on compromised systems. Since January, there have been a 183 percentage addition in Web land sites "harboring spyware," said Gerhard Eschelbeck, main engineering military officer of Webroot, a spyware sensing firm.

Software Security

Vigilance and regular updates from operating system shapers have got led to more than unafraid systems and decreased cyber criminals' ability to establish monolithic Internet worms that were frequently seen between 2002 and 2005, such as as Melissa, Zotob and Blaster. As a consequence of the renewed accent on security from (Nasdaq: MSFT) , for instance, there have not been a new large-scale worm onslaught targeting Windows systems since 2005, according to SANS.

However, even as operating systems have got got got go increasingly secure, other types of software system have been responsible for an addition in the figure of "client-side vulnerabilities." Vulnerabilities in antivirus, backup and other applications have been hit by worms. Most notable, SANS research workers said, was the worm that exploited a buffer flood in (Nasdaq: SYMC) antivirus software system last year.

Browsers, business office software, mass media participants and other desktop applications business relationship for a important growing in exposures on the client side. Although Microsoft's Windows operating systems are less vulnerable to attack, Qualys, a security house that scans billions of systems for vulnerabilities, said it have seen a nearly 300 percentage growing in exposures in Microsoft Office products.

The primary perpetrator is the up-to-the-minute version of Excel, which can easily be exploited "by getting unsuspicious users to open up Excel data files sent via e-mail and instantaneous messages," said Amol Sawarte, director of exposure laboratories at Qualys.

"Microsoft have their macro instruction linguistic communication built into Microsoft Office, and sometimes it's hard to actually observe [problems]. Second, with everyone worried about Windows and keeping that up to date, people don't always worry about keeping Office up to date," said Henry Martin Robert Ayoub, an analyst at .

More than any other type of software, Web application insecurity the most "troublesome because so many developers are writing and deploying Web applications without ever demonstrating that they can compose unafraid applications," SANS' Paller said. SANS ranked critical exposures in Web applications No. One on its top 20 list.

"Most of their Web applications supply entree to back-end databases that clasp sensitive information," he continued.

However, "until colleges larn computer computer programmers and companies that use programmers guarantee that developers learn unafraid coding, and until those employers guarantee that they work in an effectual unafraid development life cycle, we will go on to see major exposures in nearly half of all Web applications," Paller noted. Security Solutions

To protect themselves from critical exposures in Web applications, consumers and endeavors can deploy a Web application firewall and security scanner.

In addition, concerns should have got got got application beginning codification testing tools, application incursion testing services and a formal policy that all of import Web applications will be developed using a valid unafraid development life rhythm and only by developers who have proven -- through testing -- that they have the accomplishments and cognition to compose unafraid applications, SANS advised.

Combating people's inclination to swear instruction manual and golf course included in e-mails -- whether because they are too busy or too distracted to be disbelieving -- necessitates a twofold approach, Ayoub told TechNewsWorld.

Ayoub holds with the SANS recommendation that concerns behavior security consciousness preparation as well as its warning not to give users inordinate rights and let unauthorised devices.

"There are definitely users that are going to chink on e-mails they're not supposed to. And inordinate user rights is one country where a batch of endeavors are not doing 100 percent. A batch of organisations really haven't gotten this portion under control and aren't enforcing their internal policies and aren't doing the smack on the carpus to maintain people from participating in activities that aren't safe," he explained.

"As an industry, we cannot remainder on our laurels. There have to be continued education. There have to be continued improvements and updates," Ayoub continued.

However, instruction can only make so much, said Greg Young, a (NYSE: IT) analyst. "It's less about instruction and more than about taking action. There have been a batch of talking and not much action in organizations. Organizations just necessitate to support thyself.

"End users will always [open e-mails from aliens and chink on golf course sent to them]. That's human nature, and that is why instruction have limited value. You have got to take action to protect against the things we cognize can and will happen," he continued. "Humans are the weak link. And there are some pretty basic stairway we can take to protect ourselves against ourselves and the bad guys."

Enterprises too often have got got webs that make not have adequate depth of defense, he asserted. The critical assets of too many webs are distribute out or are openly accessible to all internal users, he pointed out.

"These are not merchandise vulnerabilities, it is a misconfiguration," Young told TechNewsWorld. "You have got to do certain you are protected. There is an surplus of things you can purchase and install. The security marketplace is flush. You have got to take action yourself. This have to be a management-down goaded [solution]. It is not an IT job anymore; it is a concern problem."

Biggest digital threats in 2008

When
it come ups to staying Safe in cyberspace, the coming of new
technologies usually shows a double-edged sword. Advanced software, Web
sites, and devices pull attending because they do communicating easier,
accomplishing undertakings faster, or being online more entertaining. But hackers
generally follow to work the up-to-the-minute mass market. That’s wherefore computer
security research workers state some of our newest technical fascinationsâ€"iPhones
, societal networks, and Internet telephone services, to call a fewcould present
tempting marks in 2008. Sure, Sellers of security engineering have got a financial
stake in fanning computing machine users’ fears, but it’s utile to know
where the bad cats might strike. WAyward web sites The New Coevals of land land sites generally referred to as Web 2.0
act more like traditional personal computer software: The sites are fast, responsive, and speed
up page loading. That agency browsers are working harder than ever to draw the
data that maintains land sites current. Couple that with marketplace imperative moods to keep
pushing out new characteristics to users, and the emerging Web could show a
dangerous brewage of software system flaws that’s mature for hackers to exploit. A Target in your pocket Sophisticated cell telephones that boasting tons of storage, Wi-Fi
networking, and souped-up computing capacity offering tons of people the opportunity to
use them as imitation PCs. But all that information zapping forth from smart telephones means
cyber felons are sniffing around for ways to check into them. Phones with
software from Symbian and Microsoft have got got already been attacked, and security
researchers have demonstrated ways to chop into Apple’s iPhone. Google’s newly announced Android mobile-phone software system could be next. Hackers travel pro In the past few years, hackers have got banded together and
worked with organised law-breaking to crop the most valuable information exposed on the
Internet. Next twelvemonth could witnesser an even more than complete amalgamation between the
computer and criminal undergrounds. Developers for hire and professional hacking
kits are available through online markets. And felons are on the lookout man for
intellectual place that dwells on companies’ servers. In 2005 and
2006, hackers stole as many as 94 million credit- and debit-card numbers from
the computing machines of retail merchant TJ Maxx. More efficient groupings could do break-ins
like that even more than prevalent. Hello, desire some viagra? At first, spammers typed their seedy solicitations into
e-mail messages, then displayed them as harder-to-detect graphics. Next came
attachments of PDF and Word documents. Now, research workers say, junk-mail purveyors
are attaching MP3 data files to their letters so users who open up them acquire audio
messages about penny stocks, for example. More chatty Spam is probably on the
way, and it’s likely lone a substance of clip before picture Spam invades
in-boxes too.

12 Essential Security Tools for Your Computer

Unprotected computer or computer without any security tool is always vulnerable to cyber criminals, hackers, spammers and identity thieves. So, to avoid such security problems and identity theft, you should always have security software with some essential features such as firewall, antivirus etc.

The following 12 essential security tools can help you to protect your identity, personal information and data on your computer, so that you can surf the internet without any fear of identity theft, hacking, viruses, spywares etc.

Firewall is essential to block the unauthorized access to your computer data. It monitors the inbound and outbound traffic from your computer to the internet and blocks any suspicious traffic. Network and program firewall is required to block the doubtful traffic and operating system firewall is necessary to protect your operating system and your data.

1. Network and program firewall:


Network and program firewall protects your network and computer from suspicious traffic and shield your programs from malware. For high level of security, it should be a Multi-layer firewall or with multiple layers of security.

2. Operating system firewall:


Some internet security software also provides operating system firewall to protect your operating system. This security tool blocks any malicious software from causing damage to files in your core windows operating system. It also blocks entry of hard to remove spyware with kernel-level threats to computer to protect your operating system from any damage.

3. Full Stealth Mode:


Full Stealth Mode is required to make you invisible to hackers, even when you are connected to net, so that you can access the internet without any fear of getting hacked.

4. Antivirus:


Antivirus is necessary to protect your computer from damages by viruses, worms and trojans. Viruses and worms spread from one computer to another either through e-mails or from files downloaded from internet. Viruses and worms can destroy your files and erase data on your computer. So, to protect your data and your hard disk, you should always have updated antivirus program with the latest definition files.

5. Antispyware:


Antispyware protects your computer from spywares and intruders to protect your personal information. Spywares get installed on your computer without your consent or knowledge and take control of your computer, gather your personal data, information, web activities and web sites you visit and transmit that data to others.

6. Complete Spy Site Blocking:


Spyware distribution websites are the major source for spywares. Security software with complete spy site blocking feature can block these websites and also blocks you from visiting these sites by accident.

7. Identity theft protection:


Nowadays, identity theft is a major problem on internet. With increase in e-commerce, online buying and credit card usage on internet, protection against identity theft is crucial to protect your identity and personal information on your computer. So, identity theft protection is a must security tool while accessing the internet.

8. Real time updates:


Your computer should have latest updates or real time updates against viruses, spywares and any new possible attacks.

9. Anti Spam, Anti Phishing, Email protection:


Phishing mail is a scam, which looks like a correspondence from a bank or institution to gather your personal information or bank details. Anti spam, anti phishing and email protection is necessary to protect you from phishing e-mails and e-mail fraud.

10. Instant messaging protection:


Hackers, spammers, spywares and viruses can attack your instant messaging session. IM messaging protection protects your instant messaging session from these attacks. You can also use this tool to restrict your kid to use instant messengers only with trusted people.

11. Parental control:


This feature is necessary to prevent your kids from accessing inappropriate websites and objectionable content on web sites.

12. Credit Card Monitoring alerts:


Some internet security software also provide credit card monitoring alerts which alert you if your credit card number appears online. This tool is very useful if you use your credit card on internet for transactions.

For more information on internet security softwares available with all these essential security tools, please visit www.truevalue4money.com/pcprotect.html website.