Independent – Page 207 – Computer Security Articles

Credit to Author: Sharky| Date: Fri, 23 Feb 2018 03:00:00 -0800

It’s the 1990s, and this pilot fish is hired at a big international company to maintain a group of Linux servers — and they definitely need help.

“My initial survey of the systems uncovered some serious security problems,” says fish. “Everything had been set up and users added with no regard to security.

“As a temporary holding action, I set all the users’ login shells to a custom restricted shell that allowed each user access to only the directories and commands necessary for their work while I analyzed all the systems, planned a decent security configuration for each, got approvals, did testing and, finally, implemented the new security.”

To read this article in full, please click here

Independent Krebs

February 22, 2018 admin

Chase ‘Glitch’ Exposed Customer Accounts

Credit to Author: BrianKrebs| Date: Fri, 23 Feb 2018 00:35:30 +0000

Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by a two an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack.

ComputerWorld Independent

February 22, 2018 admin

Throwback Thursday: Now he's feeling even LESS secure

Credit to Author: Sharky| Date: Thu, 22 Feb 2018 03:00:00 -0800

This organization’s IT security officer leaves and isn’t replaced. “A year and a half goes by and the organization suffers a web page defacement,” says a pilot fish on the scene. “During the course of the remediation, another server that has a couple of Trojans on it is found.”

That’s not really a big surprise. Since the infosec guy’s departure, the CIO has repeatedly demanded that ports be opened in the firewall, external connections be made to servers bypassing the firewall and servers in the DMZ be connected to internal servers.

The support manager objects every time — and is always overruled.

“Worse, support isn’t part of the process of selection or meetings with potential vendors for the new web services,” fish says. “Support only finds out about the requirements when they are directed to create the holes.”

To read this article in full, please click here

ComputerWorld Independent

February 21, 2018 admin

Intel releases more Meltdown/Spectre firmware fixes, Microsoft feints an SP3 patch

Credit to Author: Woody Leonhard| Date: Wed, 21 Feb 2018 07:56:00 -0800

One month ago today, Intel told the world that their Meltdown/Spectre patches were a mess. Their advice read something like, “Ooopsie. Those extremely important BIOS/UEFI firmware updates we released a coupla weeks ago are causing Intel machines to drop like bungee cows. In spite of what we told you then, stop installing them now. And if you installed a bad BIOS/UEFI patch, well golly, contact your PC manufacturer to see if they know how to get you out of the mess.”

To read this article in full, please click here

ComputerWorld Independent

February 20, 2018 admin

Time for a wake-up call…

Credit to Author: Sharky| Date: Tue, 20 Feb 2018 03:00:00 -0800

This pilot fish supervises the IT help desk, so he’s on the scene when one of his support techs takes a call that’s very ordinary — mostly.

“It was some normal problem like ‘install this printer’ or ‘the computer forgot my password, please reset it,'” says fish.

“But at the end of the call, when they were discussing various things, the user happened to mention, very proudly, that she always turns off her computer at the end of the day every Friday, so it can get its updates over the weekend.

“The tech didn’t have the heart to break the bad news to her. He just told her that was a good idea and to have a nice day.”

Sharky has a better idea: Send me your true tale of IT life at sharky@computerworld.com. You’ll score a sharp Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here

Independent Krebs

February 20, 2018 admin

Money Laundering Via Author Impersonation on Amazon?

Credit to Author: BrianKrebs| Date: Tue, 20 Feb 2018 11:51:12 +0000

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.

Independent Krebs

February 19, 2018 admin

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Credit to Author: BrianKrebs| Date: Mon, 19 Feb 2018 14:44:49 +0000

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.” In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency. This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time.