Citibank Unable to Afford Secure Web Design

Sunday, February 21st, 2016 (No comments yet)
Really Citibank?

When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak security. This has just become my new go-to example.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.

What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:

http://www.citibank.com/account.asp?were=dumbbell&we=shouldhaveknownbetter

One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Given that this kind of issue is one that security professionals have known about and handled for more than a decade apparently large (and rich) companies can somehow manage to forget the basics.

Source

Tags: , , , ,

Hijack A Facebook Account in One Click

Tuesday, March 19th, 2019 (No comments yet)
Internet, Security
(Image used under: Creative Commons 2.0 [SRC])

Ok so maybe not ONE click. But someone has put together a simple tool that you can use to take over the active sessions of anyone within wireless range of you. Hang out at the Starbucks free wi-fi and you'll be able to control the Facebook or other accounts of people nearby. It's an attack that was always simple to do for those who know how, but now any idiot can do it with a simple new interface.

By the way, they mention a few protections from this at the bottom of the article, but here's one more.

Tags: , ,

Beware of Hijacked Facebook Accounts

Saturday, March 23rd, 2019 (No comments yet)
Businesses, Internet, Security
(Image used under: Creative Commons 2.0 [SRC])

Of course this isn't a problem limited only to Facebook, but the FBI issued a warning about the rise of hijacking scams. This is where a bad guy gets your login information through various means and then poses as you on your account. They'll send an urgent request for help or money to all your friends who may be fooled and comply (as in the case of Bryan Rutberg).

Remember to use good passwords and protect them especially the password for your e-mail account (which can be used to unlock all your other accounts).
Tags: , , , , , , ,

Sarah Palin’s Private E-mail Account Hacked

Monday, March 25th, 2019 (No comments yet)
Security, Technology
(Image is in the Public Domain)

Sarah Palin's Yahoo account has been broken into and e-mails found there posted to Wikileaks. I would say this was a pretty rotten thing to do, but the perpetrators claim they did it to prove that Palin has been using her private e-mail to circumvent recordkeeping laws about government business. If that's true, then perhaps this needed to happen.

Tags: , , , ,

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

seminar destroy Tutorial
|INDEX|next: The Consequences of Posting Online
Online Addiction: From gambling to surfing and online gaming, people can destroy themselves and others with online addiction.
Posting Online: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Protecting Photos: The Internet never forgets anything completely. Make sure you don't make mistakes that will stick with you for the rest of your life.
Getting Tricked: You WERE doing fine... until someone convinced you to install a virus or give away your passwords. Don't fall for it!
Account Hijacking: One of the most common security risks today is people getting their accounts taken over and then used to trick their friends and family.
Trusting Webservices: An online service promises they'll 'Never abuse or misuse your data' and you believe them? Think again.

... or check out any of my other guides and tutorials by clicking here!

Online Addiction

Concerned about online addiction? You should be. Learn the types, the signs, and the preventions.

[Click for full description]

The Consequences of Posting Online

It's fun to post online. What you think, what you feel. But words typed and posted on the Internet can come back to bite you more than anything you could say with your mouth.

[Click for full description]

Photo Safety

You can reveal far more than you intended when you post a photo online. Don't make a critical mistake and check your photos before they're online.

[Click for full description]

Tricks and Scams

Just because you won't willing give up data doesn't mean that I can't trick you out of it. Don't fall for these well known tricks!

[Click for full description]

Account Hijacking

One of the newest threats we face is the risk of someone getting control of your online account and using it against you and the people you know. Do everything you can to prevent that from happening!

[Click for full description]

Trusting Companies

Store, online or off, are not known for being fair and helpful unless it benefits them to be so. Good deals exist, but many are bad deals in disguise. It's not in your best interests to be too trusting with any of them.

[Click for full description]