Tag Archives: Hacker


Don’t Get Bit – Prevent Online Vampires from Sucking the Life from Your Meetings

cartoon comic vampire

One side effect of the COVID crisis has been an increase in the use of online based video chat services like Zoom. Unfortunately, this also has created a new type of online cyber-criminal… the ZOOMPIRE!

This “vampire” isn’t after your blood but, instead, specializes in sending fake zoom meetings to users to steal their personal data with specialized links used to fool the person into believing they’ve been invited to an online meeting.

Researchers at INKY say that these new attacks are even fooling some Secure Email Gateways (SEGs), making them harder to catch.

In addition, they can send a direct link, preventing your browser’s fraud prevention, as well. “If the hacker includes a fake attachment, it leads to a fake login page that’s locally hosted on the recipient’s computer, not the internet,” the researchers write.

The solution here may be a low tech one. By texting or calling to confirm any meetings you didn’t set up yourself, you can be sure you’re only joining meetings you’re supposed to join – and prevent the ZOOMPIRE!

 


Tech Tip Tuesday: February 25, 2014

Apple’s Serious Security Issue: Update Your iPhone or iPad Immediately

The security hole in Apple's mobile and desktop operating systems had to do with validating the security certificates that are sent back and forth when you’re establishing a secure connection.
 
The security hole in Apple’s mobile and desktop operating systems had to do with validating the security certificates that are sent back and forth when you’re establishing a secure connection.This week, Apple rushed out a patch for its iOS 7 and iOS 6 operating systems to fix a serious security issue. Before I explain further, let me just say this: If you’ve gotten the prompt to update and you haven’t, do it now. If you’re still running older versions of iOS on your iPhone, iPod, or iPad, update now.

Done? O.K., good.

While you’re at it, go download either Chrome or Firefox for your Mac, and stop using Safari immediately until you see a security update for OS X Mavericks, as well.

In a nutshell, Apple has a security hole in both its mobile and desktop operating systems that could let a malicious hacker jump in on what you think is a secure Web transaction if you’re on a public Wi-Fi network like those at a coffee shop, airport or some other location.

The vulnerability affects SSL/TLS, or Secure Socket Layer and Transport Layer Security. These are the two technologies that supposedly encrypt the conversation between your browser and the server you’re trying to access when you visit a website. They’re represented by an “https” rather than “http” in your browser’s URL bar, and they’re supposed to mean you’ve got a secure browsing session in effect.

In fact, thanks to this bug, it’s very possible you don’t. The problem lies in validating the security certificates that are sent back and forth when you’re establishing a secure connection. Thanks to this flaw, your browser can’t verify the authenticity of an encryption certificate, meaning someone could easily be pretending to be your bank’s website, your doctor’s office site or a credit card application form.

There are excellent posts here and here about the severity, technicalities and potential of the vulnerability.

The update to iOS fixes the problem, but as of now, it’s still an issue on OS X Mavericks (although it may not exist in earlier versions of the operating system) for Macintosh computers. There’s a workaround on your Mac, though — use an alternative browser and avoid public Wi-Fi hotspots until there is a fix. That method won’t work on an iPhone, iPad or iPod, because alternatives like Chrome for iOS use the same security background as Safari.

Yes, by the way, people are deeply suspicious of both the timing of when this bug appeared and how it got there, in light of recent revelations about spying activity by the National Security Agency. I’ve also spoken to one engineer who said the errant line of code that caused the security hole could easily have been a copy/paste error that would have been extremely hard to detect.

In today’s environment, I tend to assume the worst, but the important thing now is to download the patch, watch for the Mavericks fix, and as usual, trust no one.

By: Molly Wood, New York Times