Strategic Security Resource

Credit card thieves are using donations to charities to test stolen credit card numbers before trying to sell them or use them to make large purchases. They are thinking the charges will be less noticed. So watch your bank statements.

Its a hard situation for banks. Since people don’t normally have everyday donations for small amount like this its hard to spot the fraud from their side as well not wanting to guess wrong and stop real donations. Its hard on the charities since they will get charge backs when the fraud is found and they end up getting up higher card fees.

In any case when you see donations show up on your statements make sure you made then and let the bank know right away if you did not before more happens.

Read more at:
NetworkWorld:Credit card thieves donate to charity
Forbes:Hack From The Rich, Give To The Poor

With the popularity of the iPhone and all the related hype people need to make sure not to fall victim to scams and security flaws. Emails are going out saying people have won an iPhone that include malware. You can read more about this at the Register. These types of scams come out all the time something new like this. Where before it was PS2/PS3/Xbox now its iPhone. Just remember, no one ever gives you something for nothing.

For people that own new iPhones you need to make sure you treat it more like a computer then like a dumb phone. Read the rest

Here are some security principles that you can use to judge the security of a system. This is not a complete list and I welcome comments that add to it.

• User side security does not work.
  If all the security is on the users side of things they have a large amount of time to hack into it and break security. Just look at all the mod chips for PS2 and Xbox out there.
• Firewalls can not protect 100% from an attack
• Viruses and Trojans can not be 100% protected against

Read the rest

Be careful in opening attachments! In the news right now are some bad things being sent out as email. The first is an email labeled “Subject: You’ve received a postcard from a family member!” that asks you to go to a web site that is just an IP address and paste in an ecard number. If you go to this site it tries three different ways to infect your computer. Read the rest

iDefense published a vulnerability advisory related to RealPlayer and HelixPlayer. The exploit is triggered by a user opening a specially crafted SMIL file. Just luring a RealPlayer/HelixPlayer user to a booby-trapped website is enough to accomplish this. Windows, Mac, and Linux machines are vulnerable. Real Networks has published a fix so make sure you are patched. The updates are available here for RealPlayer and here for HelixPlayer.

Also check out The Register for their report.

The SANS Internet storm center reports that some MySpace profiles have been hacked to include drive by exploits that use an old Internet Explorer bug that was patched back in 2006. People with unpatched browsers get infected with a fast flux bot. In this case a network gets setup that redirects to phishing sites. Several hundred MySpace profiles ended up with links to phishing sites! From what they are seeing many people are not patching their browsers! Read the rest