Posts tagged "John Sileo"
Did Edward Snowden Actually Comment on the Dropbox Breach? No.
Almost as fast as every media source out there could jump on the “Yet Another Breach” bandwagon and report that Dropbox had been hacked, the company was denying it. So let’s play a little game of true or false to try to sort out fact from fiction:
Statement: Hackers were able to access logins and passwords of Dropbox users and then leaked 400 account passwords and usernames on to the site Pastebin.
Statement: The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox.
True. (In fact that is a direct quote from the Dropbox blog of October 13, 2014 in which they bluntly proclaim “Dropbox wasn’t hacked”.)
The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.
Overview of GameOver Zeus
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011,  uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Systems Affected by GameOver Zeus Virus
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
- Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Impact of GameOver Zeus
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.
Home Depot Data Breach Exposes Our Growing Complacency
When Target suffered a data breach back in December of 2013, you couldn’t look at a news source without seeing a new story about it. Yet when the Home Depot data breach was revealed recently, it received almost a ho-hum reception in the news. This, even though, it was the biggest data breach in retailing history and has compromised 56 million of its customers’ credit cards! It seems we have come to expect these data breaches to the point where we have become almost complacent.
Consumers, like the companies that breach our data, have become apocalyptic zombies, staring unquestioningly forward as we are attacked from all sides.
Is Apple Pay going to be secure?
Apple has us ooing and ahhing about the iPhone 6, it’s big brother the 6+ and finally the Apple Watch. But the biggest announcement of all didn’t even have to do with gadgets. The most significant announcement was about a new service that will be built into those devices…
It is Apple Pay, Apple’s own version of a “mobile wallet” that will allow Apple users to pay for items with just a tap or wave of their device. That is if those items happen to be in stores that have agreed to install the technology necessary to allow near-field communication (NFC – no not the football conference, the radio-wave technology) to work. Of course, Apple has done the background work to ensure a lot of big names (MC, Visa, AMEX and retailers such as Target, Macy’s and McDonald’s to name a few) are already on board, which is a significant mark in their favor. And with the upcoming mandatory implementation of EMV technology, Apple may have just timed this perfectly.
I mentioned anti-SPAM software on a 9News piece regarding email scams and ways to avoid them. The anti-SPAM software that I use (and get paid nothing to mention) is called SpamSieve for Apple devices. In the future, I will review anti-SPAM software more comprehensively.
When JP Morgan was recently asked about reported cyber attacks, their spokesperson replied that they were “closely safeguarding information and would notify anyone affected” and went on to add that companies of its size experience cyber attacks “nearly every day”. It seems a rather casual reply for an event that may have resulted in the theft of multiple gigabytes of sensitive data!
Yet that is the reality today. In fact, the financial industry, and most of the business world, has been described as being in a state of almost perpetual cybersiege. Cyber attacks have become so commonplace that most businesses have almost come to expect it.
Which is why we have stopped paying attention, because breach is so normal. And breach is so normal because corporations don’t train their employees correctly on how to avoid it.
One of the quickest identity theft prevention tips is to protect your purse or wallet from being stolen. Here are three tips from ID theft expert John Sileo on protecting wallet identity.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
The so-called “Inheritance Scam” is resurfacing in Colorado, but it has a new look.
No longer do you simply receive an email claiming to be from the representative of a long-lost relative. The new format involves what security experts call the “Accomplice Ploy” in which the thieves attempt to engage you through a long series of queries (one method) reaching out to you as if they know who you might be.
We have developed five questions you should ask about any email or phone call you suspect might be a scam. They are called the 5 indicators of the inheritance scam:
Sileo’s Scam-Detection Questions
1. Were you expecting a windfall?
2. Is it too good to be true?
3. Are you being rushed/threatened?
4. Do they ask for secrecy?
5. Do they request more information?
Product Review on Password Manager Software
I’m often asked during my keynote addresses for specific, actionable items that will help keep personal and company data secure. I could reel off ideas for literally hours, but one of the easiest things anyone can do is utilize a password manager program. There are a lot to choose from but the one I personally recommend is the award-winning 1Password, which remembers and securely encrypts all of your passwords so you don’t have to. You merely come up with one secure master password and then train 1Password to log in to sites for you.
It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:
- Ignorance: “I didn’t know there was a helmet law in this state.”