It’s super FREAKy

You may have heard about the FREAK exploit that has been talked about lately, and you might think you are secure using the bank app, or medical records app that you downloaded directly from the Apple Store or Google Play.

A new study just released has shown that isn’t quite the  case, as the FREAK exploit is based on the encryption keys that the server you connect to, not the App on the phone alone.

Ars Technica has an article about the study, and points out that users of apps should contact the vendors to inquire wether they have corrected the app to prevent FREAK attacks.

WHAT SHOULD I DO?

1 – Upgrade your phone to the latest versions, as they have tried to prevent a vast majority of FREAK attacks in the latest versions.  The study found that even after the update on iOS, there were still 7 apps that were vulnerable.

2 – Don’t trust public wifi for secure transactions – you never know when the guy or girl next to you at the library is actually trying to hack your bank account.

SWAT – not just for old reruns anymore

SWAT – the Strategic Weapons and Tactical force

The SWAT force is called in when there is a highly volatile situation needing immediate, tactical force to deal with the situation.

However, Internet trolls have taken to using the SWAT teams around the country as their very own revenge squad.  If you are active on the internet, especially in the gamer community, you need to prepare yourself for possibly being SWATted (having the SWAT team dispatched to your home to deal with a falsely reported violent encounter).

Digg.com has a very good article explaining this, and what you should know.

Food Porn?

Jamie Oliver – The Naked Chef probably never intended his tongue in cheek title to foreshadow the use of his website to distribute malware the way that porn sites are notorious for doing.

You might remember the post earlier in the month when I warned you of how his website was infected with malware.  Well, less than a month later, the bad guys have reinfected his site, this time with a better grade of malware.  The arms race is real, and you must be vigilant.

Malwarebytes Blog

What would you do if you got a purchase confirmation from the Apple Store…

for a purchase that you never authorized?

Would you report it on the included Transaction Cancellation form on the email?

Fake Transaction Cancellation Form – by filling this out, you give your account information and credit card information to the bad guys

 

If you have an Apple ID and have made purchases in the past, you should know that there is no Transaction Cancellation Form on your receipts.

But it looks so real!

That is the point of phishing – it makes it hard to tell when it is fake.  You have to think twice before putting your credit card information in anything you have received without your request.

Source: Malwarebytes Blog

Chef Jamie Oliver’s Site Serves Up Delicious Malware

For all of my readers that think they are safe from malware because they don’t go to “questionable” websites …. you are not necessarily safe.  Malwarebytes has discovered that the website for Jamie Oliver has been compromised by hackers and infects the computers of visitors with a drive by infection.

The site has already been cleaned up, but this is a reminder that there is no such thing as a “safe” website.

Keep a close eye on your accounts

Experts are predicting that 2015 will be the worst year ever for credit card fraud, as the US begins transitioning to the EMV card standard.  The US accounts for over 47% of all fraudulent card transaction losses on 23% of all fraudulent transactions.  That is primarily because we haven’t moved to the chip card standard.

So look for your bank to be issuing you a new card with a chip in it soon.

If you are thinking that Apple Pay (the secure credit card transaction method in the new iPhones) will stop this….well not so fast.  Hackers have found a way to use the iPhones as accomplices.  They buy credit card numbers on the black market, and load them into an iPhone, eliminating the need to create fake pieces of plastic.

If you are an Apple Pay using iPhone owner, your information in the phone is not being hacked, so don’t worry.

Computer Security is hard…unless you learn these rules.

Infoworld has an excellent article on computer security.

To summarize it for you:

1- Patch the popular software first – and do it as soon as the patch is announced

2 – Don’t fall prey to the scams (social engineering) You are more likely to get scammed from sites you “trust” than those you don’t.  Don’t EVER give information to unsolicited callers.  Know what programs you have installed and ignore threat warnings from software you don’t recognize.

3-Don’t use the same password in multiple locations.  If one site gets hacked, that password is added to the dictionary so it can be used to try to hack other locations.

4 – 2 Factor authentication has its benefits.  Sure it is a pain in the butt, but if you are concerned about the security of your information/accounts, then the additional inconvenience is worth it.