 |
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
As mobile telephones get 'smarter', they are becoming more prone to viruses and hacking, just like the personal computers and Personal Digital Assistants they are starting to resemble.
Already, in Japan, a wireless company was forced to stop putting through emergency calls when a malicious email made cell phones dial the national number for emergencies again and again. European hackers have sent short text messages that crashed the recipients' cell phones. Those phones would only work again when the battery was removed and reattached. In a new version of this malicious code even that fix doesn't work. The phones will continue to crash until the phone company takes the message off its server.
Virus writers have the potential to make telephones do anything the user can do, from dialing numbers to erasing passwords. Even worse, telephones that belong to innocent users could be used to forward threats or plant viruses on other targets.
Third-party software companies are writing programs for the new generation of telephones, even as hackers use the same software tools to write the destructive code that could cripple them. And, of course, these third party software companies are beginning to release the anti-virus and encryption software that is now a necessary companion of innovation.
North American cell phone users have so far been immune from such attacks because conflicting standards and bitterly competing carriers have kept cellular technology relatively primitive. Unfortunately, people who want to use high-end, feature-rich telephones and avoid the attacks they enable will have to install protective software, just like personal computer users. The safe alternative, of course, is to stick with a mobile telephone that does just one thing - telephone calls.
|
|
|
|
|
|
|
|
|
|
|
| Spoofing -- No Laughing Matter |
|
|
|
|
|
|
|
|
|
|
"Spoofing" may sound like fun but it's no laughing matter when someone uses your company's email address to send out thousands or even millions of malicious messages. The person sending email from a stolen or invented email address can be anyone, from an unethical salesperson looking for leads, to a disgruntled employee hoping to taint a company's reputation. Unfortunately, from a technical standpoint, there is nothing difficult about sending email that pretends to come from someone else.
The increase in spoofing is due in part to the installation of 'spam' filters by many individuals and organizations. Because they reject mail from unknown addresses or popular mail systems like Hotmail, spammers have become more creative and spoofing is often their next step. Spoofers like to use return addresses with the credibility of a company name, or an .edu or .gov suffix, indicating the sender is a university or government department. Then, when the recipient clicks on a link or attachment, the damage is done; perhaps a virus runs on their computer, or their browser is pointed to an advertising site.
The stakes get higher when spoofers use a real email address and trick people into revealing confidential information. In one scenario, recipients are directed to a fake Web site where they are asked to enter their password or answer a series of questions.
IT departments should be on the alert for unusual volumes of bounced mail and complaints. Fast action is imperative to minimize the damage. It's not a bad idea to have a form letter prepared and approved, ready to send should an attack take place. Beyond that, there is very little companies and individuals can do to prevent their email identity from being spoofed.
|
|
|
 |
|
|
|
|
|
|
|
| Watch Out For DDOS Attacks |
|
|
|
|
|
|
|
|
|
|
Most people who use the Internet are familiar with Instant Messaging (IM) systems like AOL's AIM, ICQ and Yahoo Messenger. Millions of people 'message' with their friends in real time. However, in a dangerous new development some of the people they are communicating with may not be so friendly.
Hackers are starting to use IM networks to deliver software for Distributed Denial Of Service (DDOS) attacks. DDOS hackers plant programs on unsuspecting users' computers and then use those computers to flood a target system with traffic. In recent years, Yahoo, eBay and CNN Online have all been disrupted by DDOS attacks.
Now, the CERT Coordination Center is warning against people who use IM to trick people into downloading and running DDOS programs on their computers. The key is "social engineering" which simply means that the hacker knows how to gain someone's trust. For example, it is easy enough for a hacker to 'harvest' the ICQ numbers of people who are interested in playing Quake or Unreal over the Internet and send them a message offering an interesting program. Hackers have even urged people to download phony 'anti-virus' software to protect their systems.
If the intended victim does nothing and deletes the message, there is no potential for harm. Once they download and run the program, however, they can become part of a DDOS attack. Clearly, computers users should never run programs whose origins they do not know but they should run updated anti-virus programs regularly. Ironically, social engineering takes advantage of the human tendency to trust others to spread technology that can only breed suspicion.
|
|
|
 |
|
|
|
|
|
|
|
  |
|
  |
|