News Posts matching "phishing"

Return to Keyword Browsing

Cryptojacking: Over 2,500 Websites Out There to Steal Your CPU Time

Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.

According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.

ISPs Should Do More to Safeguard the Web: FCC Chairman

US Federal Communications Commission (FCC) chairman sought "smart, practical, voluntary solutions", without mandating his own, for internet service providers (ISPs) to fight online fraud and data theft. Chairman Julius Genachowski estimated that 8.4 million credit-card details are stolen online, each year. "If consumers lose trust in the Internet, this will suppress broadband adoption and online commerce and communication, and all the benefits that come with it," Genachowski said in a speech. The FCC feels ISPs can come up with solutions that prevent client PCs in the US from being forced into malicious botnets by hackers, without having to encroach upon users' privacy.

Genachowski urged ISPs to adopt DNSSEC, a system that ensures people accessing sensitive sites such as their banks' online transaction portals go to the right address, and not redirected to a fraudulent password phishing site. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," said Comcast/NBCUniversal President Kyle McSlarrow in a blog posting. Comcast is one of America's biggest ISPs. This is an example of how threats to the sanctity of a productive internet can be defeated with highly-specific solutions that don't threaten privacy and freedoms, instead of broad-scoped legislations that potentially do.

Source: Reuters

Majority of Facebook Attacks Feed Fraudulent Affiliate Marketing Sites: Commtouch

Commtouch (NASDAQ: CTCH) today published an in-depth analysis of 2011 Facebook attacks within its Internet Threats Trend Report, a year-end synopsis of Internet threats. The report and infographic present a comprehensive analysis of scores of malicious Facebook activities during the past year, as identified by Commtouch Labs. Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to the report. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.

Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: “You have to see this!” After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or “self-XSS,” each of which is described in the report.

Password Security The Windows 8 Way

Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways:
Return to Keyword Browsing