Citibank Unable to Afford Secure Web Design

Sunday, February 21st, 2016 (No comments yet)
Really Citibank?

When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak security. This has just become my new go-to example.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.

What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:

http://www.citibank.com/account.asp?were=dumbbell&we=shouldhaveknownbetter

One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Given that this kind of issue is one that security professionals have known about and handled for more than a decade apparently large (and rich) companies can somehow manage to forget the basics.

Source

Tags: , , , ,

Hijack A Facebook Account in One Click

Tuesday, March 19th, 2019 (No comments yet)
Internet, Security
(Image used under: Creative Commons 2.0 [SRC])

Ok so maybe not ONE click. But someone has put together a simple tool that you can use to take over the active sessions of anyone within wireless range of you. Hang out at the Starbucks free wi-fi and you'll be able to control the Facebook or other accounts of people nearby. It's an attack that was always simple to do for those who know how, but now any idiot can do it with a simple new interface.

By the way, they mention a few protections from this at the bottom of the article, but here's one more.

Tags: , ,

Beware of Hijacked Facebook Accounts

Saturday, March 23rd, 2019 (No comments yet)
Businesses, Internet, Security
(Image used under: Creative Commons 2.0 [SRC])

Of course this isn't a problem limited only to Facebook, but the FBI issued a warning about the rise of hijacking scams. This is where a bad guy gets your login information through various means and then poses as you on your account. They'll send an urgent request for help or money to all your friends who may be fooled and comply (as in the case of Bryan Rutberg).

Remember to use good passwords and protect them especially the password for your e-mail account (which can be used to unlock all your other accounts).
Tags: , , , , , , ,

Sarah Palin’s Private E-mail Account Hacked

Monday, March 25th, 2019 (No comments yet)
Security, Technology
(Image is in the Public Domain)

Sarah Palin's Yahoo account has been broken into and e-mails found there posted to Wikileaks. I would say this was a pretty rotten thing to do, but the perpetrators claim they did it to prove that Palin has been using her private e-mail to circumvent recordkeeping laws about government business. If that's true, then perhaps this needed to happen.

Tags: , , , ,

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

internet safety Tutorial
|INDEX|next: Online Addiction

General Safety

Avoid fake and nasty websites with my search engine trick.
Watch out for online addiction. Getting lost in fun online activities can be just as addiction as any drug.
So you want to write, publish, or share information online? Be careful. Things you say may be lost or forgotten, but things put on the Internet never are.
Don't fall for the well-known (or the new scams either) bad guys use to trick you into give away data or money.

Account Protection

Want to make an account with some online service? Read this first!
The newest, biggest risk online? Account hijacking! Don't become a victim by allowing your account to be taken over and learn to recognize when someone else has been.
Be sure transmission security is active before entering a name, password, credit card number, or other important information online.

... or check out any of my other guides and tutorials by clicking here!

How to Avoid Bogus Websites

There are bogus websites out there hoping you'll hit them by accident or using phishing to trick you into coming to them. Learn my simple trick to avoid these sites!

[Click for full description]

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Creation Tips

When you create an account with an online site, you should know a few things first.

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Using HTTPS For Secure Login and Payment Online

Making online accounts is useful and fun, but doesn't mean much if someone can capture your login information and use it against you. Make sure to use this simple trick to prevent that from happening.

[Click for full description]