security

Fake Facebook Email

Fake Facebook Email

It is not legit.

It’s spam, and likely of the bad kind.

Do not click any links in it.

In the image above, I made two clues be red font:

  • That first email address doesn’t look real persuasive as a corporate address, does it now?
  • That second email address ain’t me.

The third clue — the most important of all, really — lies in the links contained in the email.

Notice what shows up in the browser status bar (is that what it’s called down below?) when I put my cursor on one of the links:

Fake Facebook Email

Again, notice the red part. If you only read the first part of the URL, it looks like the link points to facebook.com — but you must keep reading till you get to the first forward slash. Then you’ll see the link doesn’t point to facebook.com at all.

If you didn’t know that yet regarding links, learn the lesson and remember it well!

PS: Thanks to the wonders of CSS, the above images are actually the same image. Click on either image above to see the full thing.

Adobe Reader: Critical Vulnerability

“Everybody” uses PDFs, right?

A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 “New Adobe Reader and Acrobat Vulnerability,” CVE-2009-4324. A critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier for Windows, Macintosh and UNIX operating systems. This vulnerability CVE-2009-4324 could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Customers should refer to the Security Advisory for information on mitigating this vulnerability. The advisory will be updated once a schedule has been determined for releasing a fix.

More here: Adobe Product Security Incident Response Team PSIRT

“Are You Virginia?”

The few times we’ve air-traveled post-911 with minors, I’ve been grateful for this loophole:

Loophole allows minors to bypass airport security

When an Oregon teen talked his way onto an airplane bound for Chicago last weekend, he unknowingly revealed a little-known hole in airport security.

Kids don’t have to show photo ID.

That may come as a surprise to many air travelers. Since the Sept. 11, 2001, terrorist attacks, travelers are accustomed to removing their shoes, not carrying liquids and otherwise coping with strict protocols of airport security.

But when it comes to conducting minors through airports, security and efforts to preserve air passenger convenience intersect in a highly unusual way.

The Transportation Security Administration requires all air travelers 18 and older to show a boarding pass and government-issued photo ID to enter security screening.

But minors generally don’t have government-issued IDs. So security officers don’t expect them to have one, says Dwayne Baird, the TSA’s public information officer for the Northwest.

That makes sense enough. But….

Read it all

PC Security: Portable Linux?

In scanning the comments of a post at a UK news site, I saw a new-to-me concept: Having Linux on a travel drive to use for online banking.

Is that a sensible thing to do? Why or why not?

Do you do it? If so, tell me about the advantages as well as the process to setting it up. I have no experience with Linux.

WordPress Under Attack

Lorrelle is urgently warning:

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

Update your WordPress blog before you continue reading this post. That’s how critical this issue is.

If you blog with a private installation of WordPress, heed the warning. Update now.

Then read the rest of what Lorrelle on WordPress has to say: Old WordPress Versions Under Attack.

Mark Ghosh of weblogtoolscollection weighs in as well:

Older version of WordPress are being attacked and characters are being added to the permalinks. Sure signs of the attack include strange characters in your permalinks (single posts do not work) and an extra administrator account in the users control panel which you cannot see. Look for the administrator count in brackets at the top. Is the number there what you would expect on your blog?

Please upgrade your WordPress blog to the latest version ASAP. Our own PluginBlog was vulnerable and was compromised (shame on me for not having upgraded from a really old version). Our blog had registration turned off.

After upgrading your blog and changing your password to a strong one, you can visit Lorelle’s post to find more ways to secure your install and remove the extra admin account that might have been created as part of the attack.

If your WordPress blog is not hosted at wordpress.com — I urge you to update your installation. Now!

Pitching Pitiful Passwords

So how do you protect all your accounts online?

How do you go about making up passwords for all those accounts?

I just got one of Clark Howard’s emails with a link to a post on that subject. So here you go:

With all the talk of high-level hacking, it’s easy to forget that it is we who make ourselves most vulnerable on a very individual level. PC Magazine recently compiled a list of the 10 most common passwords in the United States today. Do not use these on confidential e-mail accounts! Read it all

This Is News?!

More importantly, is it news that the average American cares about?

And even more important than that, do you care about this?

The National Security Agency is facing renewed scrutiny over the extent of its domestic surveillance program, with critics in Congress saying its recent intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged, current and former officials said.

Then there’s this later in the story:

it is unavoidable that some innocent discussions of Americans will be examined.

Do you mind if something you say or write is examined?

How about anything?

How about everything?

“Oh be careful little tongue…. Oh be careful little hands….”

Yeah, that’s part of a children’s song that I and you would be wise to follow.

Source: E-Mail Surveillance Renews Concerns in Congress

Private
Above all, love God!