Thursday, October 28, 2010

Cleaning crew at conference caught on video swiping a laptop

[Editor’s Note: This account of a theft earlier this month at the ASIS security conference in Dallas, TX, was provided by Milestone Systems.]

Around 10 p.m. on Tuesday night, October 12, a few of the cleaning crew did more than just vacuum and dust on the evening tour of duty -- they also allegedly swiped computer equipment from exhibitors' booth displays.

However, failing to notice that the convention had gathered the best of the security industry’s video surveillance equipment, the crew didn’t realize this would be the last time they performed that sanitation job.

At the ASIS 2010 security trade show, several exhibitors discovered missing electronics on the second morning of the event. Milestone Systems fortunately had a booth adjacent to one of the victim’s booth, with surveillance cameras set up to demonstrate Milestone’s XProtect IP video management software, which recorded the dirty deeds.

See the video of the alleged thief in action at: http://www.gsnmagazine.com/node/21718?c=video_surveillance_cctv

"I arrived at our booth early Wednesday morning to get our security systems up and running when I realized the laptop that ran our radar surveillance system was gone; it stored proprietary software from Moog QuickSet,” said Trish Logue, a marketing manager at Moog QuickSet. “I immediately reported it to the Arata event managers, who contacted the security personnel, as well as the Dallas police.

“They suggested I ask booths around mine if they were missing anything, so I approached Kevin Gramer from Rimage, who was exhibiting in the Milestone booth,” Logue continued. “He immediately fired up the Milestone video from an Axis camera that was pointing at the Moog QuickSet booth all night. Needless to say, I was more than impressed when he pulled up the video of the two individuals clearly stealing the laptop.

“Kevin was extremely accommodating, showing me the features of the software, zooming in on the individuals' faces, slowing down the video, rewinding, etc. He burned five CDs for me and I immediately gave Arata services a copy of the video clearly showing the perpetrators in action. The video surveillance helped the Dallas police positively identify them; they were apprehended and we got our laptop back," said Logue.

Tuesday, October 26, 2010

The Facebook Account of A Credit Union CEO

What do you suppose could happen if a person with malicious intent was able to gain access to the Facebook account of a credit union CEO? What about a corporate Twitter account? There has been an old hacking technique called HTTP Session Highjacking that has recently been brought to the front of the pack with the release of Firesheep by Eric Butler, and covered by TechCrunch.

When you sign in to an online service, such as your email, online banking, Facebook, or Flickr, the website gives your computer a session cookie. Generally, the login page is secured behind an SSL certificate, meaning that the traffic is encrypted and can’t be deciphered. However, as is the case with Facebook and Flickr, once you’ve logged into the service, you browse the site over regular HTTP that is not encrypted. Firesheep is an extension for Firefox that sniffs internet  traffic on a network and finds cookies from websites like Facebook. Since these cookies aren’t encrypted and you are browsing Facebook without any security, these cookies can easily be copied and a person identity can be spoofed very easily.

Firesheep makes this as easy as installing the plugin and click a button. It sits there and gathers all of the cookie traffic across a network and present you with the results, let you click on more button and logging into the Facebook account of someone.

(Read the rest of this article at: http://cuinnovators.com/blog/the-facebook-account-of-a-credit-union-ceo/

The sneakiest new shopping scams

Easy ways to avoid the biggest rip-offs online and in stores

Just as important as knowing how to sniff out great buys is understanding what it takes to avoid rip-offs. And with Internet fraud on the rise, it's getting tougher to outsmart the criminals. Complaints to the Internet Crime Complaint Center, a joint operation of the FBI and the National White Collar Crime Center, jumped 22 percent last year. The complaints include plenty of run-of-the-mill scams, like sellers who steal credit-card numbers or take the money and run. But those are child's play compared with what else is brewing.

Think you're too savvy to get taken? OK, maybe you don't fall for those e-mails from Nigerian royalty asking you to wire money, but digital criminals are getting sneakier every year. One scam that can trip up even the most cautious consumers involves "skimmers" attached to ATMs. Those devices record account numbers and passwords so that thieves can clean out your bank account.

"These guys are constantly thinking of new ways to swindle you, some of which are quite sophisticated," says Brian Krebs, a computer security expert and author of "Krebs on Security" at Krebsonsecurity.com.

Think you're safer shopping at the mall? Official purse-snatching statistics show there's been a downward trend, but many of those crimes aren't reported to law enforcement officials. And pickpocket activity always jumps around holiday time, says Bob Arno, co-author of "Travel Advisory! How to Avoid Thefts, Cons and Street Scams While Traveling" (Bonus Books, 2003). But you can outsmart even the craftiest swindlers if you know what's in their bag of nasty tricks. Here's a guide to the latest, sneakiest scams, and simple tips that can help you protect yourself.

Read the rip-off tips at: http://shopping.yahoo.com/articles/yshoppingarticles/448/the-sneakiest-new-shopping-scams/

Friday, October 22, 2010

One of the worst kept secrets - http://join.me

About join.me

Get your people together, without actually getting them together. Just instantly share your screen so everybody's on the same page. No need for a plane, a projector or a sandwich platter. Just gather at join.me. You can also use Join.Me to help a friend or relative resolve a problem or for you to "show" them the solution by dialing into their computer.

So what is join.me exactly? It's an impromptu meeting space that happens wherever, whenever. It's getting a second or third pair of eyes on your presentation from across the hall or across the continent. It's sharing your screen instantly with anyone or everyone to get stuff done, quickly.

It's join.me, the last two words in an invitation to collaborate, meet, train, demo or show-off.

Free version

•screen sharing

•chat

•file transfer

•remote control

There's also a pro version version available that offers:

•personal link

•meeting scheduler

•user management

•meeting lock

•all the goodies in free
 
Check it out at: http://join.me/
 
http://blog.join.me/
 
In what has to be one of the worst kept secrets in history, we just told the world at large about some new, fast and easy screen-sharing product called join.me.  I know.  Hardly new news, right?  Well, consider yourself among the proverbial early adopters.  The join.me insiders.

Mistaken Identity

LETTER: Mistaken identity

Source: Independent, The; London (UK)

Sir: Last week I made a short business trip to Padua, flying between Heathrow and Marco Polo airports. My passport was examined 11 times - four times times by airport security, three times by airline staff, twice each by Italian and UK immigration. Only it wasn't my passport, it was my wife's, mistakenly picked up when I left home. Our friends are kind enough to say we bear little resemblance.

JULIAN MORRIS
Appleton, Oxfordshire

Wednesday, October 20, 2010

Facebook Launches New Feature

Facebook launched a new feature that lets you share your location throughout the day. It's call "I want to get robbed."

24-Hour Banking

I saw a sign that said "24-hour Banking."  Since I didn't have that much time, I went home.

Tuesday, October 19, 2010

CU, bank employees aid fin. fraud fight, FinCEN finds

WASHINGTON (10/19/10)--"While suspected cases of identity theft are on the rise, vigilant financial institution employees are reportedly rejecting over half of fraudulent vehicle or student loans facilitated by identity theft prior to funding," a Financial Crimes Enforcement Network (FinCEN) survey has found.

"FinCEN's study of identity theft Suspicious Activity Reports (SARs) reveals how important suspicious activity reports can be to deterring illicit activity," FinCEN Director James Freis Jr., said. "The vigilance of employees of financial institutions is apparently deterring greater losses when the employees suspect loans are tied to false identities," Freis added.

The FinCEN study found that identity theft "was the sixth most frequently reported characterization of suspicious activity," behind structuring/money laundering, check fraud, mortgage loan fraud, credit card fraud, and counterfeit check fraud.

The number of identity theft-related SARs filed increased by 123% over the number reported in 2004. The total number of SAR filings increased by 89% during that same time period.

FinCEN found that credit card fraud "was the most frequently co-reported suspicious activity characterization with identity theft, appearing in over 45.5% of sample filings," and that just over one-quarter of total reported identity thefts were committed by a perpetrator that knew the victim.

SAR report filers "credited routine financial institution account monitoring" with revealing identity theft in over 20% of the filings covered by the survey, FinCEN said. While 28% of identity theft victims uncovered the thefts during a review of their own accounts, "credit reports, law enforcement investigations, collection agencies, and credit monitoring services were responsible for revealing identity theft in a decreasing percentage of sample filings," FinCEN added.

Treasury Department Says Identity Theft Up Dramatically

The number of suspicious activity reports that involve identity theft increased by 123% from 2004-2009, according to a report issued today by the Treasury Department’s Financial Crimes Enforcement Network.

During the same period, there was an 89% increase in SAR filings. In 2004, there were 15,445 SARs with identity theft and there were 36,210 last year, according to the report. The report said the largest single kind of identity theft involved credit cards, which was cited in 45.5% of the filings sampled. Of those, 30% involved the takeover of an existing account and 17% involved setting up a new account.

In 31% of the filings, the abuse involved loan accounts, and among those 56.5% involved student loan fraud.

In 27.5% of the cases, the victim knew the person suspected of stealing their identity and 4% of the filings involved computer-assisted identity theft.

Thursday, October 14, 2010

Phishing Attacks Continue to Spread

Phishing fraudsters are still targeting banks and credit unions but are expanding their search for online credentials to universities and social media sites, according to Cyveillance Inc.

Banks accounted for 69% and credit unions for 9% of the new brands attacked for the first time in the first half of 2010, the company said in its latest report. That compares with 60% and 28% for the previous five years, the cyber intelligence firm said.

Meanwhile, university and social media sites are growing in popularity in part because of the tendency of users of those sites to publicly reveal personal information, the company said.

Cyveillance said it detected a total of 126,644 phishing attacks during the first half of 2010, down slightly from the previous six months.

The company also said its testing of 13 leading antivirus software vendors found that only 19% of malware threats such as Trojans and other keyloggers were detected as they first appeared and only 61.7% were detected after 30 days.

Cyveillance, based in Arlington, Va., said it now provides monitoring through its clients for more than 100 million end users, scanning more than 200 million unique domain servers, 190 million websites, 80 million blogs and 90,000 message boards, discovering more than 100,000 new sites per day.

Phishing fraudsters are still targeting banks and credit unions but are expanding their search for online credentials to universities and social media sites, according to Cyveillance Inc.

Banks accounted for 69% and credit unions for 9% of the new brands attacked for the first time in the first half of 2010, the company said in its latest report. That compares with 60% and 28% for the previous five years, the cyber intelligence firm said.

Meanwhile, university and social media sites are growing in popularity in part because of the tendency of users of those sites to publicly reveal personal information, the company said.

Cyveillance said it detected a total of 126,644 phishing attacks during the first half of 2010, down slightly from the previous six months.

The company also said its testing of 13 leading antivirus software vendors found that only 19% of malware threats such as Trojans and other keyloggers were detected as they first appeared and only 61.7% were detected after 30 days.

Cyveillance, based in Arlington, Va., said it now provides monitoring through its clients for more than 100 million end users, scanning more than 200 million unique domain servers, 190 million websites, 80 million blogs and 90,000 message boards, discovering more than 100,000 new sites per day.

Sunday, October 10, 2010

USB Microwave Oven – Smallest in the World

Beanzawave is the name of this brand new USB-powered gadget from the American food company Heinz. It is the world’s smallest, portable microwave oven.

This small but hot device, measuring 7.4(H) x 6.2(W) x 5.9(D) inches, is still only a prototype the technology required to make it into a real product exists. The price will be around $160 if Heinz ever does decide to make this USB microwave oven into something that you can buy.


For more info: http://www.geekalerts.com/usb-microwave-oven/
or
http://www.dailymail.co.uk/sciencetech/article-1191606/Beanz-meanz-microwaves-Heinz-create-gadget-heat-snack-60-seconds.html

Saturday, October 9, 2010

Google cars drive themselves in traffic

Anyone driving the twists of Highway 1 between San Francisco and Los Angeles recently may have glimpsed a Toyota Prius with a curious funnel-like cylinder on the roof. Harder to notice was that the person at the wheel was not actually driving.

The car is a project of Google, which has been working in secret but in plain view on vehicles that can drive themselves, using artificial-intelligence software that can sense anything near the car and mimic the decisions made by a human driver. With someone behind the wheel to take control if something goes awry and a technician in the passenger seat to monitor the navigation system, seven test cars have driven 1,000 miles without human intervention and more than 140,000 miles with only occasional human control. One even drove itself down Lombard Street in San Francisco, one of the steepest and curviest streets in the nation. The only accident, engineers said, was when one Google car was rear-ended while stopped at a traffic light.

Autonomous cars are years from mass production, but technologists who have long dreamed of them believe that they can transform society as profoundly as the Internet has.

Robot drivers react faster than humans, have 360-degree perception and do not get distracted, sleepy or intoxicated, the engineers argue. They speak in terms of lives saved and injuries avoided - more than 37,000 people died in car accidents in the United States in 2008. The engineers say the technology could double the capacity of roads by allowing cars to drive more safely while closer together. Because the robot cars would eventually be less likely to crash, they could be built lighter, reducing fuel consumption. But of course, to be truly safer, the cars must be far more reliable than, say, today's personal computers, which crash on occasion and are frequently infected.

The Google research program using artificial intelligence to revolutionize the automobile is proof that the company's ambitions reach beyond the search engine business. The program is also a departure from the mainstream of innovation in Silicon Valley, which has veered toward social networks and Hollywood-style digital media.

Read the entire article at: http://www.stltoday.com/business/article_74fb2f8e-d3fe-11df-aaed-0017a4a78c22.html

Friday, October 8, 2010

CUs Recognized for Best Tech Practices

Three credit unions received the Best Practices Award at the CUNA Technology Council's 15th annual conference last week in Las Vegas.

They were $1.3 billion Affinity Plus FCU of St. Paul, Minn., $1.6 billion Travis CU of Vacaville, Calif., and $222 million Envision CU of Tallahassee, Fla.

Affinity Plus won two awards, one in the information/security privacy category for an automated employee access program and another in the miscellaneous category for an automated in-house statement and notice printing system. Envision CU also won in the miscellaneous category for developing in-house tools to customize software applications.

Travis CU won in the member service/convenience category for its use of Oracle middleware to integrate data warehouse, business intelligence, enterprise content management and business process management functions to meet the needs of each business area at the big credit union.

A panel of CUNA Technology Council members selected the winners, based on strategy, process, application and results, without regard to credit union asset size.

Friday, October 1, 2010

CSI Offered by CUNA Mutual

CUNA Mutual Group has partnered with a major risk consulting firm to offer its own cyber and security incident package, or CSI.

The package combines data breach recovery services with an insurance policy to protect credit unions and their members from the fallout of an internal data breach that compromises member data.

It offers a choice of two policies--both underwritten by CUNA Mutual's CUMIS Insurance Society--that cover items not typically included in traditional coverage, such as security breach liability, programming errors and omissions liability, public relations expenses, website publishing liability, replacement of electronic data and protection against extortion threats.

The breach services are from New York-based Kroll and include preparedness resources as part of the package and, at no charge unless they're used, incident recovery services that range from high-tech investigative forensics to public relations counsel.