Tech Geek and More

• Home
• Alerts
  • Hacking / Phishing
  • Malware / Spyware / Virus
  • Recall
  • Scams
  • Spam
• Featured
  • New Years Eve 2013 – Time Square (Live Stream)
  • Commentary
  • News
  • Recommendations
  • Reviews
  • And More!
    • Hot Rod Grills
  • Digital Afterlife
  • En Espanol
• Hardware
  • Floppy Drive
  • Manufacture
    • Acer
    • HTC
    • Kindle
    • Lenovo
    • Samsung
  • Smart Phone
    • Android
    • Blackberry
    • HTC
    • iPhone
    • Sprint
    • Verizon
    • Windows Phone
  • Micro SD Card
  • Monitors
  • Computer Sound Card
  • Printer
  • Tablets
  • Wireless
• Software
  • Apps
    • Android
    • Blackberry
    • Facebook Apps
    • Google Wallet Apps
    • YouTube Apps
  • Apple
    • iCloud (Apple)
    • iPad
    • iPhone
    • iPod
    • OSX
  • Microsoft
    • Windows 7
    • Windows 8
    • Windows XP
    • Windows Vista
    • Skype
    • Windows DVD Maker
    • Windows Live Essentials
    • Windows Live Messenger
  • LastPass
  • Linux
  • Malwarebytes
  • Mozilla
  • Netflix
  • Panda AntiVirus
  • Password Management
  • Pop Cap
  • SD Card
• Solutions
  • How-To
    • Add Windows 8 Start Menu
    • Backup
    • Computer Maintenance
    • Screenshot
    • iOS Change Text Size
    • Sync iCloud and Outlook
    • Configure iPad / iPhone Mail App for Gmail
  • Fixes for Windows Errors
  • Troubleshooting
• Gaming
  • Video Games
  • Xbox360
  • Sony Playstation
  • Wii
• Must Have
  • Must Have Products (Free)
  • Must Have Products (Pay)
• Deals
  • Amazon
  • Best Buy
  • eBay
  • Groupon
  • Home Shopping Network
  • Lenovo website
  • livingsocial
  • Radio Shack
  • Shopping Alerts
  • Web Deals
  • Woot

Archive for Hacking / Phishing

Deals Website LivingSocial Reports It Was Hacked, Affects Up To 50 Million Customers

Posted on April 27, 2013 by Alex

On Friday the popular daily deal site LivingSocial (https://livingsocial NULL.com/) announce a breach of its system that could affect up to 50 million users. According to information posted on LivingSocial

“LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue. The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.”

The information provided by LivingSocial also says, “The database that stores customer credit card information was not affected or accessed”. As a precaution, even though the passwords were encrypted and should be “difficult to decode”, they are “expiring your old password and requesting that you create a new one”.

Read more

Fake Yahoo Account Verification Email Making The Rounds

Posted on January 25, 2013 by Alex

OK folks in 2013 I would have assumed that the following post would NOT be necessary, however, unfortunately I am discovering that I am wrong in my thinking so here goes. If you see it on the internet (which includes email, social media, websites), it does NOT MEAN IT’S REAL!!!!!!! A number of people have recently contacted me because they lost access to their yahoo accounts. Without explanation, one day the users could log in, the next day the “password was wrong” and they didn’t have access to their accounts anymore. In doing some research, because it isn’t normal for multiple clients to have the same password issue within days of each other (It really isn’t), I came across what I believe to be the offending email that triggered the problem.

Read more

Facebook Security Flaw Could Leave Your Mobile Phone Number Exposed (Check Your Settings)

Posted on October 12, 2012 by Alex

Among the Facebook information that you can set up is your mobile phone number. Some people included it, to use the enhanced security log-in feature, others include it, so that it can be shared among your friends or family.

(http://facecrooks NULL.com/wp-content/uploads/2012/10/contact_info_phone NULL.jpg)

As shown in the example above, when you go to the About Me area, you can include your mobile phone number, and select how you want the number shared. In the case of the example, the cell phone number is set to “Only Me”.  On its own, as a user (if I didn’t know any better), no one will see the mobile number as I only want it for the additional log-in security (http://facecrooks NULL.com/Internet-Safety-Privacy/how-to-lockdown-your-facebook-account-for-maximum-privacy-and-security NULL.html).

The problem, as discovered by Suriya Prakash, is that Facebook includes an additional setting in the Privacy Settings that overrides whatever security setting you entered in the contact info.

Read more

WordPress Plugin Issue – Sociable 4.3.2 includes malware

Posted on September 9, 2012 by Alex

This goes out to my fellow bloggers who have the Sociable plugin installed. It seems that the update to version 4.3.2 includes a file in the plugin that points to an external image. That external image then redirects to a now .ru address that is known to distribute malware. I have seen number of forum posts on the WP.org site discussing this issue. (http://wordpress NULL.org/support/topic/plugin-sociable-image-causing-malware-detected-flags?replies=17#post-3151747)

Read more

Alert – Fake Amazon Email Attempting to Trick Users (via Websense)

Posted on September 4, 2012 by Alex

Security company Websense (http://community NULL.websense NULL.com/blogs/securitylabs/) is reporting a new targeted attack that is attempting to trick users into downloading files that could infect a users pc, via an email that reports to be from Amazon. The email asks the person who received it to “Please click here and verify your order # with Amazon.com”

Read more

Keep Malware off pc – Don’t fall for Social Engineering

Posted on July 28, 2012 by Alex

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a “con game.”

Social engineering is a component of many, if not most, types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments or click on links via social media (Facebook,Twitter,Google+, etc.), phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

The biggest problem in identifying social engineering is that messages usually come from people you know. What the bad guys do is write their malware in such a way that when you fall for it and click on a link, it not only infects your pc, but it automatically sends itself (in your name) to everyone on your email or social media list. Since most people trust their friends, they are more likely to click on links from friends.

CURRENT EVENTS

One of the biggest tactics used in social engineering involves current events. Events like the recent Movie Theater Massacre in Colorado come to mind.  As you can see by this Twitter message.

Another current event is the Summer Olympics in London. During the Winter Olympics in Vancouver in 2010, a fake page was discovered that used the Olympic theme to trick people.

In the example (below) from Vancouver of social engineering, you can see the actual page and false page respectively, where a typo in the domain name is used as a strategy.

Real Website – http://www.vancouver2010.com (http://www NULL.vancouver2010 NULL.com)

Fake Website – http://vaucouver2010.com

As you can see if you compare the sites, they look almost identical. The only real difference is the fake page showing an alleged error in the flash plugin, offering to download a binary called flash-plugin_update.45125 which is a malware with a very low detection rate. Once pages like the fake Vancouver site is created, search engines (which can’t tell if a site is real or fake) add them to the search results. What the bad guys hope is that when you do a search you will not realize it, and you will click on the fake site via the search result.

WHAT CAN YOU DO

• Don’t trust your friends. I know that’s seems a little harsh, but remember that because someone you know sent you a link, it doesn’t mean that its legit, or that they even know that they sent it. If you get a link, contact your friend and confirm that they sent it, and ask questions like “what’s on the link” or “what is the link about”.
• Don’t trust links you find via search engine’s. So if you can’t trust a search engine “what are they good for” is what you are saying to yourself.  After running a search, instead of clicking on the link shown, you should manually type the address in your browser address bar, paying attention to things like misspelling.
• If you get a message from The Olympics, your bank, or any other site asking for info or telling you that you have won something, DON’T CLICK ON THE LINK. Open a web browser and go directly to the site in question, if there is a need for info (like the recent password change requests from LASTfm, LinkedIn and eHarmony) the site will have a notice posted with instructions.

LASTLY, If its TO GOOD TO BE TRUE, IT PROBABLY IS….. not everything that is posted on the internet is REAL!

Passwords Compromised – Yahoo Voice

Posted on July 12, 2012 by Alex

Update (@12:15p CST) – Per a story on ZDNET (http://www NULL.zdnet NULL.com/yahoo-confirms-400000-accounts-hacked-less-than-5-valid-7000000812/), Yahoo now confirms the event, however claims that only 5% of the over 450,000 user passwords that were compromised are valid.

 ”At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” a Yahoo spokesperson said in a statement obtained by TechCrunch (http://techcrunch NULL.com/2012/07/12/yahoo-confirms-apologizes-for-the-email-hack-says-still-fixing-plus-check-if-you-were-impacted-non-yahoo-accounts-apply/). “We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com (http://security NULL.yahoo NULL.com).”

It is still recommended that you change your password if you use any Yahoo service (Email, Chat, IM, etc.) and also change your password on any other non-yahoo site that uses the same user name and password that was used for Yahoo.

*********************************************************************

There are reports this morning that over 450,000 Yahoo Voice passwords have been compromised and posted online by a hacker group calling themselves “D33DS Company”. The group used what is known as a SQL Injection (http://en NULL.wikipedia NULL.org/wiki/SQL_injection), which basically tricks a website database into dumping its information to the attacker.

With all of the high-profile sites that have recently had their passwords compromised (Sony, LinkedIn, eHarmony, Lastfm, among others), what is surprising is that a Major company like Yahoo was storing its passwords in plain text.  What that means is that anyone at all could see the user name and password, which is like putting a piece of paper on your refrigerator with all your user name / passwords that you use, and then having someone break into your home and steal it.  Once they have it, there much they couldn’t do. Sites that actually take their security seriously keep that information encrypted in such a way that even if the file was taken, the person taken it would be unable to actually see what it says.

In the case of D33DS, they claim the following as part of the information they posted online.

If you want to try to see the list of passwords, they can be found on the D33DS site (https://d33ds NULL.co/archive/yahoo-disclosure NULL.txt), however, due to heavy traffic you may find it a little difficult to actually access the site.

Recommended Password Change 

As always when situations like these occur. It is advisable to change your password if you are a user of the affected service/site, even if you are not on the list compromised. In addition, if you use the same user name and password on other sites that you use on yahoo voice (or any other compromised site) you want to change your password on those sites as well. Read more

• Social Media

  

• Please help Tech Geek and More – Donations are appreciated (via Paypal)

  

• Search Tech Geek and More

  Search for:

• TGM in your Language

• Tech Geek and More Menu Categories

  Select Category Alerts    Hacking / Phishing    Malware / Spyware / Virus    Recall    Scams    Spam And More!    121212 Benefit Concert    Hot Rod Grills    New Years Eve 2012 – Time Square NYC Apple    iCloud (Apple)    iPad (Apple)    iPhone (Apple)    iPod (Apple)    osX (Apple) Commentary Deals    Amazon (Deals)    Best Buy (Deals)    eBay (Deals)    FREE offers    Groupon dd    Home Shopping Network dd    Lenovo website dd    livingsocial dd    Microsoft / Xbox LIVE    Olive Garden    Radio Shack dd    Shopping Alerts dd    Web Deals dd    Woot dd Digital Afterlife DVR En Espanol Featured    Reviews Gaming    Sony Playstation vg    Video Games vg    Wii vg    Xbox360 vg Hardware    Floppy Drive    Manufacture       Acer M       HTC M       Kindle M       Lenovo M       Samsung M    Micro SD Card    Monitors    PC Sound Card    Printer    Tablets    Wireless Internet Latest Blog Posts Must Have Products    Must Have Products (Free)    Must Have Products (Pay) My Phone NCAA Bracket News Slider Smart Phone    Android    Blackberry    HTC    iPhone    Sprint    Verizon    Windows Phone Software    Adobe    Apps       Facebook Apps       Google Wallet Apps       YouTube Apps    Beta    CA Anti-Virus    Calibre    Cisco    Devuvuzelator    Evernote    Excel    Freeware    Hamachi    Holdkey    iDrive    Internet Explorer    LastPass    Linux    Malwarebytes    Microsoft    Mozilla    MS Problem Step Recorder    Netflix    Nirsoft    Office    Office viewer for Android    Outlook    Panda AntiVirus    Password Management    Pop Cap    Recommendations    Redbox    Screen Lock Bypass App    SD Card    Skype    SuperAntispyware    Symantec    Thunderbird    Trend Micro    Tweaks    TweetDeck    Twitter    Unix    VPN    Windows 7    Windows 8    Windows DVD Maker    Windows Live Essentials    Windows Live Messenger    Windows Mobile    Windows Vista    Windows XP    WinFF    WordPress    Yahoo Messenger Solutions    Bios    Fixes for Windows Errors    How-To       Add Windows 8 Start Menu       Backup       Computer Maintenance       Configure iPad / iPhone Mail App for Gmail       iOS Change Text Size       Removing “Vibrant” Ad’s from Internet Explorer       Screenshot       Set Up Google Inactive Account Manager       Sync iCloud and Outlook       Uninstall TrendMicro Using Diagnostic Tool    Troubleshooting Tech Geek and More Site    Contest Translate Travel Tips    Airport / Airline    Car Rental    Road Warrior    Travel Specials TV    11 Alive Atlanta    CBS 2 Los Angeles    Fox 29 Philadelphia    Good Morning America    Hurricane Sandy Benefit Concert    Jimmy Kimmel Live    Late Show Top Ten List    New York City Stations    Philadelphia Stations    TMZ Uncategorized Video (Around The Web) Web Sites    Adobe    Amazon    American Airlines    AppJudgement    Apple    AutoSlash.com    Best Buy    BlackViper.com    Business Insider    calibre-ebook.com    CBS 2 LA    CodeTwo    Comixology    Craigslist    DealNews.com    eBay    EFF.org    eHarmony    Facebook    Facecrooks.com    Foursquare    Fry’s.com    GameStop    Gogo Wi-Fi    Google    Google+    Groupon    Holdkey.eu    Home Shopping Network    HTC USA    iDrive    Jaded Jargon    Last.fm    Lenovo    Life of Alex    LinkedIn    LivingSocial    Lockergnome.com    LogMeIn    Microsoft.com    Mind of Root    NASA    Ninite.com    Nirsoft.net    OnGuard Online.gov    OpenCongress.org    phandroid    Pocketables.com    PrivacyChoice.org    ProtectIP.org    Radio Shack    Redbox Instant    Revision3    Seesmic    Snopes.com    Sophos Naked Security Blog    Southwest.com    Sprint.com    Starbucks    Stardock    T-Mobile    techandlife.com    Technet    Technorati    TheTechFeed    ThreatMetrix.com    TMZ    Trendmicro blog    trusteer.com    Twitter    Verizon Wireless    Websense    wikipedia    Windows Updates    Woot.com    Wordpress    WSBT.com    Yahoo    Yahoo Voice    YouTube       TGM Training Video World Cup

• Featured Posts

  Google Celebrating Atari Breakout 37th Birthday

  Google is at it again, this time with a surprise for those who search for “Atari Breakout” in Go...

  How to Spot a Fake Review Online (via TechFeed)

  How to spot a fake review online. When you look at reviews online have you ever considered if the re...

  Google Adds New \"Afterlife\" Feature

  This week Google added a new “afterlife” feature to many of its Google products. In this day and...

  Tech Support 101 - Print to PDF, Free Version of Malwarebytes, What is NDA.exe

  Tech Geek and More regularly receives messages asking for tech support help. Many of those messages ...

  Shopping Coupons - Deals 4/1/13

  In this day and age, any discount helps. Here are a couple of discounts found while surfing. *Some...

• Sponsored Ad's

  

• Subscribe to Blog via Email

  Enter your email address to subscribe to this blog and receive notifications of new posts by email.

• Sponsored Ad’s

  (http://affiliate NULL.godaddy NULL.com/redirect/CBDE683E625F3202FAE6F4CC1D0E56049425806C68A4EAE3C57929B0CE1F9726403886416948173B5A0EC3E4746C0EA1A6D067D82ABBA6A9527CBD650B857E5D) (http://www NULL.bluehost NULL.com/track/techgeekandmore/CODE87)

• Twitter

  Follow @techgeekandmore

• TGM Friends - Tech

  • Black Viper
  • Facecrooks
  • Mind of Root
  • Tech and Life
  • Ultimate Boot CD for Windows
  • Windows Team Blog
  • Winrumors

• Tech Geek and More – Pages

  • (Solution) Software: Fix for Microsoft Money “Autorun.inf” error during install
  • 1/18/12 – The web protests against SOPA and PIPA
  • Android: Tech Geek and More Preferred Apps List
    • Best Android Desktop and System Apps
    • Best Android Home and Office Apps
    • Best Android Image Tools
    • Best Disk, File, and Back Up Tools
    • Best Free Remote Access and Tech Tool Apps
    • Best Internet and Email Apps For Android
    • Best Phone and Messaging Apps For Android
    • Best Security and Privacy Apps For Android
    • Multimedia Apps For Android
  • Blog
  • Front Page
  • New Years Eve 2013 – Time Square (Live Stream)
  • Recommended Computer Maintenance – Windows XP, Windows Vista, Windows 7
  • Site Map
  • Software: IDrive Backup Demo
  • Windows 8 Shortcut Keys

• Tech Geek and More Info

  • About TGM
  • Contact TGM
  • TGM Privacy Policy
  • TGM Site Map

• Recent Posts

  • Travel Light Allows Early Boarding At American Airlines
  • Google Celebrating Atari Breakout 37th Birthday
  • Deals Website LivingSocial Reports It Was Hacked, Affects Up To 50 Million Customers
  • How to Spot a Fake Review Online (via TechFeed)
  • Google Adds New “Afterlife” Feature
  • Comixology Teaming With Marvel To Offer FREE Comics
  • Scam Alert – Free Xbox Points for Microsoft Birthday
  • Tech Support 101 – Print to PDF, Free Version of Malwarebytes, What is NDA.exe