Don’t Call or Click… BEWARE: Hackers, Scammers, Trolls & Low Lifes are on Overdrive!!

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, G.E. Investigations Articles, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Feb 262013

PHISHING

Yes Virginia… It is getting worse out there!

I know, I know…. Washington D.C. keeps saying that “Everything Is Getting Better!” But, I wish Washington and our so called Leaders would tell that to the “Scumbag Trolls” on the internet that it is okay to stop ripping people off because the gravy train is back! Until then, you should BE AWARE that there are new phishing scams in the works that will not only put you, your family, your friends, co-workers financially at risk… But also cost you more money on your cellular bill in the way of unwanted text messages.

Very soon, if not already, you will begin getting text messages from somebody you don’t know telling you something like…

“Hey its Jennifer, and I just took some new pictures and wanted to know what you think”

Well, if you decide to look, YOU’RE AN IDIOT!

This is another popular one that goes like this….

“OMG, I can’t believe you let them get a picture of you like that. Check it out (with a link)”

Well, I you decide to look, YOU’RE AN EVEN BIGGER IDIOT!

Or how about these two texts…

From: 8008274203@vtext.com
Message: Call 8 0 0 8 5 1 7 2 6 8 Attention Required California C U

From: 2222817829@vtext.com
Message: Attention Required 802 851 7268 California CU

The point in a nutshell is that you should not click or call anything remotely like this nor should you trust the message because it came from what you believe to be a loved / trusted one because it could be they clicked or the information was “SPOOFED” to look legitimate.

We have been posting article on this time of “PHISHING” Schemes, Malware, Trojans, Viruses, etc for awhile now to keep you in the know and as safe as you can be, based on your own caution and habits online.

Surf Safe… Be Safe!

From Your Friends at:

G.E. Investigations, LLC

Toll Free: 866.347.7948

Website: www.GeInvestigations.com

Follow Us / Like Us for more updates and Postings to keep you aware!

** Twitter: http://www.Twitter.com/GeInvestigation

** Facebook: http://www.facebook.com/pages/Phoenix-AZ/GE-Investigations-LLC/125237851985

“ATTENTION”… IMPORTANT NOTICE That Affects YOU! : MySQL Database Flaw Leaves Passwords Vulnerable

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Jul 282012

MySQL Database Flaw Leaves Passwords Vulnerable

Major flaw in popular MySQL and MariaDB databases is trivial to exploit and leaves the databases highly vulnerable to brute-force attack.

InformationWeek

By Mathew J. Schwartz
June 12, 2012

*** Note: Highly Vulnerable if you’re using Google’s Gmail, Microsoft’s I.E. or Microsoft Office!

MySQL and MariaDB database servers are vulnerable to a brute-force attack that can reveal admin-level passwords in just seconds. The vulnerability stems from a flaw relating to how the databases verify password hashes.

Due to the flaw, there’s a chance that MySQL/MariaDB would think that the password is correct even while it is not, and then accept any password, according to Sergei Golubchi, security coordinator for MariaDB, in a security advisory posted to the oss-sec mailing list. The post continued, “Because the protocol uses random strings, the probability of hitting this bug is about [one in] 256.”

As a result, if an attacker knows a username, bypassing the password-checking mechanism would require–at most–just seconds. “If one knows a user name to connect (and “root” almost always exists), she can connect using *any* password by repeating connection attempts. [Around] 300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent,” said Golubchi.

Both MySQL and MariaDB are two of the most popular and widely used database platforms, not least because they’re free.

Thankfully, however, just because the vulnerable code is contained in a database that uses MySQL or MariaDB code doesn’t necessarily mean the database is at risk. “Although a wide range of MySQL and MariaDB versions use the vulnerable code, only some of these systems are exploitable,” said Metasploit founder, developer, and researcher H.D. Moore, in a blog post that includes workarounds for mitigating the vulnerability in exploitable systems.

To date, Moore said, researchers have found that the following implementations are vulnerable to the exploit: Ubuntu Linux 64-bit (versions 10.04, 10.10, 11.04, 11.10, 12.04), OpenSuSE 12.1 64-bit MySQL 5.5.23-log, Debian Unstable 64-bit 5.5.23-2, Fedora, and Arch Linux (versions not known). Notably, however, official builds from MySQL and MariaDB can’t be exploited, and Moore said Red Hat confirmed that the vulnerability can’t be exploited in Red Hat Enterprise Linux 4, 5, and 6.

Oracle, which develops MySQL, has patched the related flaw via its April 2012 critical patch update, while both MySQL and MariaDB have issued their own patches.

How widespread is the vulnerability? Based on Moore’s personal research, there are “approximately 1.74 million MySQL servers across the Internet [which are] at large,” he said, and about 50% of them–869,000 databases–are vulnerable to the exploit.

“This statistic includes only MySQL instances that were on hosts publicly exposed to the Internet and not bound to localhost,” Moore explained. Binding the database server to localhost means that it can’t be accessed remotely, which thus helps mitigate the attack. Likewise, putting access controls in place can block unapproved access from the Internet, which also mitigates the vulnerability.

Since vulnerable systems are easy to exploit, and many such systems likely won’t be patched for some time, expect attackers to quickly begin targeting this vulnerability. “If you are approaching this issue from the perspective of a penetration tester, this will be one of the most useful MySQL tricks for some time to come,” said Moore.

For example, he said, if a penetration tester knows the username and password for a database, then he can access it using the attack to dump the table to a local file. “This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access,” said Moore.

Moore also noted that a related exploit module for the free Metasploit penetration testing tool that targets the MySQL and MariaDB vulnerability has already been developed and released.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Direct Link: http://www.informationweek.com/news/security/storage/240001921

More Security Insights

Webcasts

More >>

White Papers

[ Should the Obama administration have confirmed its role in Stuxnet? Read more at Was U.S. Government's Stuxnet Brag A Mistake? ]

Which Web Browser Is the Most Secure?

Mar 202012

Which Web Browser Is the Most Secure?

Zone Alarm News

February 28, 2012

When a massive spam attack posted violent and pornographic images across the news feeds of many Facebook users last year, many wondered how hackers had launched the attack. Turns out, it was by exploiting a vulnerability in users’ web browsers.

The event shed light on an often-overlooked issue of online security, your web browser. There are many browsers available, such as Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But the real question is: which browser offers the most protection from malware, adware, viruses, and hackers?

Many browsers are fighting for market share, and therefore paying more attention to their security, but popularity and security are not always equal.

A recent Accuvant study revealed that Chrome (the second most popular browser) ranks as the most secure web browser when compared to Internet Explorer (the most popular) and Firefox. Interestingly, this month the German government named Chrome the most secure browser, perhaps lending weight to the study. However, critics have pointed out that the study was commissioned by Google (creator of Chrome), and the findings may therefore be skewed.

Still, according to the study, Chrome ranks the highest in creating and putting into use new safety measures to boost its security, with Internet Explorer only slightly behind Chrome. Firefox was deemed the least secure in the study.

Despite these recent findings, the browser wars remain a hot-button issue, with various entities dubbing some browsers more secure than others. During the 2011 hacker conference, Pwn2Own, hackers attacked four popular browsers: Internet Explorer, Apple Safari, Mozilla Firefox, and Google Chrome. The hackers were able to quickly compromise Internet Explorer and Safari. In fact, these hackers were able to hack the browsers so thoroughly that they managed to write files on the hard drive of the computer they were attacking. Interestingly (and contrary to the Accuvant study findings), Chrome and Firefox both resisted hacking attacks during the exercise.

Regardless of the browser, manufacturers are always working to ensure users can enjoy surfing the web safely and securely—and that’s the good news. The bad news, as the Pwn2Own conference revealed, is that cybercriminals worldwide are also working hard to figure out new ways to hack your browser.

This means that it’s important for users to educate themselves about this threat and take the steps necessary to lessen their chances of falling victim to a browser security breach. What should you do? Keep the following tips in mind.

If you plan to download a new or different browser, make sure you are downloading a legitimate version. Go directly to the manufacturer’s site, and ignore ads or popups (which may be tricks to get you to install a corrupt version).

Set your online preferences to allow for software updates. Some browsers, such as Internet Explorer and Safari, will automatically update with your operating system. But others, including Firefox, automatically update themselves to deploy security patches and provide enhanced security features.

Set your browser’s security settings to the highest possible to prevent others from exploiting your browser.

Disable popups in your browsers or install security software that prevents popup windows. Deploying infected popups is a popular way that hackers trick users into downloading malware.

No matter which browser you use, always follow safe practices and be alert to any unusual or suspicious functioning when you log onto the web.

Direct Link: http://blog.zonealarm.com/2012/02/which-web-browser-is-the-most-secure.html

Colorado man uses smart-phone game to lure girl for sex

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Law Enforcement, Social Media, Technology & Digital Security No Responses »

Nov 162011

CO man uses smart-phone game to lure girl for sex
Nov 15, 2011
By Heather Moore

Jose Sanchez
PEORIA, AZ (KPHO) -

A free, online game called Farm Story was the innocent-looking smart phone application that facilitated a predator from Brighton, CO to contact a then 14-year-old Peoria girl in March.

“There are strangers and adults on the same game, that can communicate with your child,” warned Jay Davies, a spokesman for the Peoria Police Department.

From the game, police say 37-year-old Jose Sanchez lured the young girl into a private chat room, where they communicated for several weeks.

From June to August of this year, records show Sanchez made three trips from Colorado to Peoria to see the girl, who has since turned 15.

“Apparently she would tell her mother she was going to go out for a run or go exercise, and the two would meet up in various parks and other recreational areas throughout the city,” said Davies.

According to police paperwork, their meetings began with touching, and quickly escalated to sex.

Article Video / News segment

But in August, the girl’s mother found an iPhone given to her daughter by Sanchez to keep their relationship secret. After her daughter came clean about what was going on, the girl’s mother called Peoria Police.

“Our detectives established a relationship with him online, posing as the victim. They convinced him to come back out to Peoria, which he did,” said Davies.

Jose Sanchez was arrested without incident at a Peoria Target parking lot on Saturday.

He is facing a number of felony charges, including luring a minor for sexual exploitation and sexual conduct with a minor.

For years police departments have warned parents about the dangers of the Internet, and advised them to closely monitor online activity on the family’s home computer. But in an age of cell phones where the web is so portable, the threat to children is greater than ever.

“Now kids are carrying these things around in their pockets, and parents may never even see the phones. It’s taking that to a whole different level,” says Davies.

Direct Link: http://www.kpho.com/story/16040880/colorado-man-used-smartphone-game-to-lure-14-year-old-girl-for-sex?Call=Email&Format=HTML