Lionheart Group Scam Prevention Toolkit » security

How the EPA is Ruining American Industry – Family Security Matters

Mon, 17 Oct 2011 12:49:45 +0000

Family Security Matters How the EPA is Ruining American Industry Family Security Matters First, though cap-and-trade is indeed dead, the Obama administration's EPA has been as successful in curtailing America's ability to use cheap, plentiful coal as if cap-and-trade had been passed. They've done so by promulgating a devilish mix of … and more

Money order scam: Beware of jobs that sound too good – Coos Bay World

Tue, 30 Aug 2011 23:05:01 +0000

Money order scam : Beware of jobs that sound too good Coos Bay World John Aaron was sent these counterfeit money orders as part of an employment scam. The only discernable difference between these and real money orders is the security stripe; the real ones use a strip woven into the fiber of the paper, while these fakes …

See original here:
Money order scam: Beware of jobs that sound too good – Coos Bay World

Germany’s Renewable Energy ‘Madness’ and its Lessons for America – Family Security Matters

Fri, 21 Jan 2011 14:56:01 +0000

Family Security Matters Germany's Renewable Energy 'Madness' and its Lessons for America Family Security Matters While cap & trade legislation appears doomed at the federal level for now, it is alive and well in California, which seems all too anxious to catch up with … and more

Would Safetouch Security 904-309-5370 Stop Calling, I am on the Do Not Call List

Mon, 12 Jul 2010 18:02:00 +0000

Jeez, even when you have had your phone numbers on the do not call list ( www.donotcall.gov ), idiots like Safetouch Security (904) 309-5370 call anyway. They never leave a message when I don’t pick up, then when I do it’s dead air (TCPA – Telephone Consumer Protection Act violation) so I hang up. They call several times a week without fail. I have a security system that a local company installed and maintains, so I don’t need an alarm system and anyone that repeatedly calls my numbers will **NEVER** get a dollar from me. I don’t buy anything over the phone. From what I can find online Safetouch security calls a lot of people on the Do Not Call list . I’ll be glad when the Federal Trade Commission nails them to the wall. Safetouch Security as annoying as they stupid extended car warranty robocallers are. I’ve never done business with you so stop calling. To whom it may concern at Safetouch Security. Your telemarketing tactics aren’t working and annoying consumers especially those on the Federal Do Not Call List is going to land you in hot water. You can bet every time you call us, a report is filed with Do Not Call and the FTC . I am just waiting on the day that the Federal Trade Commission announces an investigation into your telemarketing tactics and sticks you with a huge fine. On Top of that check out all of the consumer complaints against SafeTouch Security . Have you been harassed repeatedly on the phone by Safetouch Security? Give them a piece of your mind and on their own dime:

Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information

Thu, 24 Jun 2010 19:39:22 +0000

Social networking service Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the 30th case the FTC has brought targeting faulty data security, and the agency’s first such case against a social networking service. The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain administrative control of Twitter, including access to tweets that consumers had designated private, and the ability to send out phony tweets pretending to be from then-President-elect Barack Obama and Fox News, among others. “When a company promises consumers that their personal information is secure, it must live up to that promise,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure.” Twitter allows users to send “tweets” – brief messages of 140 characters or less – to “followers” who sign up to receive such messages via e-mail or phone text. Twitter offers privacy settings through which a user may choose to designate tweets as nonpublic. For instance, users can send “direct messages” to a specified follower such that only the specific author and recipient can view such a message. Twitter users can also click a button labeled “Protect my tweets,” which makes that user’s tweets private so that only approved followers can view them. The privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.” According to the FTC’s complaint, between January and May 2009, hackers who gained administrative control of Twitter were able to view nonpublic user information, gain access to direct messages and protected tweets, and reset any user’s password and send authorized tweets from any user account. In January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter, after submitting thousands of guesses into Twitter’s login webpage. The administrative password was a weak, lower case, common dictionary word. Using the password, the hacker reset numerous user passwords and posted some of them on a website, where other people could access them. Using these fraudulently reset passwords, other intruders sent phony tweets from approximately nine user accounts. One tweet was sent from the account of then-President-elect Barack Obama, offering his more than 150,000 followers a chance to win $500 in free gasoline. At least one other phony tweet was sent from the account of Fox News. During a second security breach, in April 2009, a hacker compromised a Twitter employee’s personal e-mail account where two passwords similar to the employee’s Twitter administrative password were stored, in plain text. Using this information, the hacker was able to guess the employee’s Twitter administrative password. The hacker reset at least one Twitter user’s password, and could access private user information and tweets for any Twitter users. According to the FTC’s complaint, Twitter was vulnerable to these attacks because it failed to take reasonable steps to prevent unauthorized administrative control of its system, including: requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks; prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts; suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts; providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users; enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days; restricting access to administrative controls to employees whose jobs required it; and imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses. Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by a third party every other year for 10 years. The Commission vote to accept the proposed consent agreement was 5-0. The FTC will publish an announcement regarding the agreement in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through July 26, 2010, after which the Commission will decide whether to make it final. Comments should be addressed to the FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. To submit a comment electronically, please click on: http://public.commentworks.com/ftc/twitter . NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the respondent has actually violated the law. Consent agreements are for settlement purposes only and do not constitute an admission by the defendant of a law violation. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000. The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC s Web site provides free information on a variety of consumer topics .

Does Windows 7 Offer Increased Protection Against Brute Force Password Attacks?

Wed, 26 May 2010 09:00:54 +0000

When you think of attacks on your computer you probably think of the attacks coming from intruders on the outside of your network. But, unless you are on a home network, then there are plenty of forces inside of your corporate network that would love to take it down. The person who tries to take it down may have several issues that are causing this behavior – They may be doing it for the money, meaning someone on the outside is paying them to cause damage to your internal network. Alternatively, they can be upset about the way that they were treated recently. When someone feels that they were wronged, sometimes they can take these types of hostile feelings to the extreme and attempt to retaliate against the company. This may lead them to doing something as boneheaded as trying to take down the company’s network. Even if they are not an advanced black hat hacker, they can find some of the tools that they will need to accomplish this over the internet – you do not need to be a genius hacker to be able to take down a network from the inside – all you need is that one right tool. Does Windows 7 Offer Sufficient Protection In This Area? One of the tools that an attacker from the inside would need is something that would allow them to get your password and username. The username may be a little easier to get than the password but, with the right software tool, the password is not that hard either. An attack that is easy for just the average person to pull off is called a brute force attack . Unfortunately, even though Windows 7 has prepared for a lot of attacks against its software, it is still susceptible to a brute force attack. A brute force attack is when a piece of software just starts to throw out random information in the hopes that it can find the password that an administrator has used to secure their system. It attempts to query the system over and over again until it guesses the right information. Once it does, it then saves the information and uses it at another time. There are different variations of a brute force, such as a dictionary attack , but no matter the variation it can prove to be a very effective attack for someone that is new to hacking. If you have been on the underground scene for a while then you would know that there are quicker ways to get into someone’s computer other than a brute force attack. A brute force attack would be the last option for someone who has had a lot of experience. Microsoft has increased its security a great deal with Windows 7 but a brute force attack may be hard for even them to stop. There are certainly ways to block it, but all a person needs is time and the right time pattern and then they can just make the attempts to guess the password look more natural. Try to make sure that your computer has limited access at work – you do not want anyone trying this with your workstation. Read more on Windows 7 Security Does Windows 7 Offer Increased Protection Against Brute Force Password Attacks? is a post from: Security FAQs

See the original post:
Does Windows 7 Offer Increased Protection Against Brute Force Password Attacks?

How Could A New ATM Rootkit Turn The World Of Banking On It’s Head?

Mon, 24 May 2010 09:00:06 +0000

The world of banking online is a scary place. People hear all of the news on television about the many break-ins that happen so, even though they may still do it, they are nervous about putting their numbers onto the site. Many of these same people have no such apprehension when they use an ATM machine outside. They feel no pressure that they are going to be robbed or that it is even dangerous to use but the fact is that there are more and more attacks being leveled at ATMs all of the time. ATM Rootkits The bad guys have found out that they are not as secured as people think, so they have found ways to bypass the security. But for the average person there is even more disturbing news that is coming out about the safety of these machines – there are hackers that have figured out a way to place a Rootkit inside of an ATM machine . This is bad news for everybody. So far this attack is not in the wild and it was discovered by security researchers. Even though it was only recently discovered it doesn’t mean that bad guys won’t have it soon – Black hat hackers are always trying to find new and creative ways to exploit anything that will make them money – so it is likely only a matter of time before they figure out how to do this as well. Some people reading this story may have heard of a Rootkit but they do not realize how dangerous it really is. A Rootkit allows a program to sit on a computer and not be able to be detected by the operating system or other software programs that normally detect viruses. It takes a special software program to be able to detect a Rootkit so for someone to be able to install a Rootkit inside of an ATM machine is a big deal. The rootkit could hide inside of it, functioning in a way that would allow the program to be able to capture the banking information of the people who are using the ATM machine. It can then take that information and send it to a server that will store it. Since the infection is a Rootkit it may be able to sit there for months at a time before anyone was able to discover it. With that much time to sit there and gather information, it could possibly gather hundreds of thousands of banking credentials. That is a lot of people that can be put at risk. Luckily for us, the technology that goes into being able to detect a Rootkit has improved over the years – we are now able to detect them better than we were ever able to before. Since we know that an ATM machine is now able to be attacked we can use this knowledge to come up with a solution before there is even a major problem. The new ATM rootkit can cause major problems to the banking industry if not handled properly. It also serves as a timely reminder that computer security applies to the real world too , not only the internet. It is a good thing that we have the technology to combat this problem early on. How Could A New ATM Rootkit Turn The World Of Banking On It’s Head? is a post from: Security FAQs

Excerpt from:
How Could A New ATM Rootkit Turn The World Of Banking On It’s Head?

Why Fake Windows Update Sites For Windows 7 Present A Danger

Wed, 19 May 2010 09:00:12 +0000

There are, unfortunately, a lot of people who use pirated software these days and that includes versions of the Windows operating system. In fact, I would imagine that it is one of the most pirated systems in the world. In China, Microsoft had to pretty much offer a seriously reduced price for Windows since almost everybody over there had a pirated copy of the system. As a business, when you have a system that is pirated so much, you tend to do things that will encourage people to purchase a legitimate copy of the software. One of the things that Microsoft does to promote that mindset is to not allow anyone to update the Windows 7 software without having a legitimate copy. If they do not have a legal copy then they cannot get the updates for their computer . No Security Updates Unfortunately, perhaps, this includes security updates as well. Not having the security updates installed on your computer will leave you open to infections down the line. So people found out that they could get around this restriction by using third party web sites that would deliver all of the Windows updates for them. To get all of the updates that Microsoft were releasing, all they had to do was to go to these sites and download a program that had all of the updates already in the program. They would then install the updates. Afterwards their computer would be up to date just like everyone else’s. Just by the details that I have told you, you can probably figure out that this is a very dangerous thing to do. This way of updating your computer has so many weak points, as far as security goes, that it creates a long list all on its own. The first thing on the list is that you do not know what kind of software is being loaded onto your computer. Sure, there may be some of these third party sites that have been vetted but you never know when they can turn rogue. They can just name a program as part of the software update but in reality it is some vicious tool that they have created to release malware. There are so many pieces to a normal update, that it can be hard to confirm if each piece of software is legitimate or not. Another big hole that getting your security updates like this opens is the fact that a third party server knows your IP address. They also know that you do not have the latest protection on your computer. Both of these two pieces of information put together can lead to a dangerous mess. They can fake you out as if they have installed all of the software on your computer but instead leave a huge hole that they can enter later. This can happen all because you gave them so many details about your computer. The Moral Of This Story? This is a good reason why you should use legitimate copies of software, especially operating systems such as Windows 7. Leaving your computer at the mercy of some third party web site that you cannot fully trust can lead to some bad things happening later on down the line. Do not give them a chance to do that to you. Read more on Windows 7 Security Why Fake Windows Update Sites For Windows 7 Present A Danger is a post from: Security FAQs

Excerpt from:
Why Fake Windows Update Sites For Windows 7 Present A Danger

Can I Limit My Exposure To Malware By Reading Web Site RSS Feeds?

Tue, 18 May 2010 09:00:59 +0000

When you think of getting information off of a web page you usually think of it being a simple process – you type the URL of the site that you want to go to in the browser, go to the web page, and then read the content that is on the page. It sounds simple, right? Most of the time it is, but there are times when this is not so simple. Inside of the code that made it possible for you to read the page that you are looking at could be lurking some dangerous malware. Malware can be easily picked up and hidden on a web page. So, unless it is a trusted site, then you are taking a chance that nothing is going to happen to your computer when you actually visit the page. But there are other ways that you can get the information off of the site as well. Subscribe To Your Favourite Sites Via RSS You can use a technology called RSS that will allow you to see the content as well, at least most of the time. Some web pages will limit the amount of lines that the RSS feed shows so that you will be forced to visit the web page itself (this is typically because they are afraid of having their content scraped) . Other RSS feeds will only give you the title of the story that is being discussed – you must, again, visit the web page to get the full details. But by far, most web pages will allow you to read the entire story in the RSS feed itself. They may show little ads in the RSS feed so that they can provide you the content while at the same time they are still able to get paid. RSS Feed Reading May Be Safer If you are reading the information about the web page on an RSS feed then this means that you are less vulnerable to an attack as the majority of attacks happen when you are exposed to the code that is on the actual web page itself. With an RSS feed the actual page is not going to your browser, it is only the content of the site that is being delivered to you. Keep in mind; even though it may be safer to receive the content like this, it is not fool proof. If someone wanted to, they could easily attack the RSS feed as well. The main reason that this is safer at this point is because attackers do not bother with it. There are not that many reported attacks when it comes to the RSS feed. Even though RSS feeds are not one hundred percent safe, they seem to be safer than visiting the actual web page. So if you want to make sure that your computer is not attacked, try subscribing to the RSS feed of a site instead. Can I Limit My Exposure To Malware By Reading Web Site RSS Feeds? is a post from: Security FAQs

Latest Coupons For Panda Offer Discounts Of Up To 40% On Their Security Products

Mon, 17 May 2010 23:58:29 +0000

Panda really do offer good value on their range of internet security products and, luckily for any of you thinking of buying any, that value just got much, much better. I just received an email from Panda which contains the following links in order to get yourself some pretty impresive discounts on their key security products. Check them out now – Coupon USA : Panda Global Protection 2010 – 40% OFF – Exp. 05-31-2010 Coupon USA : Panda Internet Security 2010 – 40% OFF – Exp. 05-31-2010 Coupon USA : Panda Anti-Virus 2010 – 30% OFF – Exp. 05-31-2010 Coupon USA : Antivirus for Netbooks – 20% OFF – Exp. 05-31-2010 Coupon : Panda Active Scan 2.0 Pro – 10% rebate – Exp. 05-31-2010 If you take advantage of any of the great discounts above then please do let me know how you get on with the products. Latest Coupons For Panda Offer Discounts Of Up To 40% On Their Security Products is a post from: Security FAQs

Continued here:
Latest Coupons For Panda Offer Discounts Of Up To 40% On Their Security Products