Your webcam is probably being hacked by Russians

November 20th, 2014 3 Comments By Ian Wade

hackers Your webcam is probably being hacked by RussiansToday’s ‘not at all creepy. Oh no’ news now, and basically don’t get your bits out in front of a webcam ever again.

A Russian website is being shut down for streaming images stolen from the likes of baby monitors, bedroom cameras and CCTV.

The site has been featuring live feeds from basically anywhere that’s broadcasting on cam, including a gym in Manchester, a bedroom in Birmingham and an office in Leicester. The site’s database shows listings for 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.

The UK’s information commissioner Christopher Graham urged the Russian authorities to take immediate action to take down the site, but Russia being Russia at the moment, there’ll probably try and make an international incident out of it.

Graham also said he also would be working with the Federal Trade Commission in the US to try to force the site to close if the Russian authorities failed to cooperate.

Interviewed on BBC Radio 4’s Today programme, Graham said: “I’m very concerned about what this [website] shows and I want the Russians to take this down straight away … We now want to take very prompt action working with the Federal Trade Commission in the States to get this thing closed down. But the more important thing is to get the message out to consumers to take those security measures. If you don’t need remote access to a webcam then switch off that function altogether.”

WEBCAM HACK 500x351 Your webcam is probably being hacked by Russians

Graham also said consumers were too laid back about security: “We have got to grow up about this sort of thing,”

“These devices are very handy if you want to have remote access to make sure your child is OK, or the shop is alright, but everyone else can access that too unless you set a strong password. This isn’t just the boring old information commissioner saying ‘set a password’. This story today is an illustration of what happens if you don’t do that. If you value your privacy put in the basic security arrangements. It’s not difficult.”

The Russian site has been online for a month, and has already been the cause of some alert around the world. The UK have known about it for just over 24 hours.

So, watch out next time you do a broadcast. Your audience may be more global than you thought.

biscuits Some consumers cant tell the difference between brandsA lot of people can’t tell the difference between own-branded and branded goods, according to a survey by Which!!!

Which!!! asked 7,855 members various questions, and discovered that around a quarter of them have difficulty telling the brands from the own-brands, and have sometimes ended up buying the own brand goods by mistake! (the clots).

One of the main examples used was the similarity between McVitie’s Ginger Nuts and Lidl’s Tower Gate Ginger Nuts (pictured). Once the brand names had been blocked off, 39% of respondents confused Lidl with McVitie’s.

Other own-brands that the research suggested bore an uncanny resemblance to branded labels included Aldi’s Snackrite Thick Ridged Crisps (similar to McCoy’s), and Lidl’s Newgate Cream of Tomato Soup (similar to Heinz).

According to legal professional Lee Curtis, partner and trademark attorney at law firm HGF, says the basic test for a design right infringement is if the non-brand gives of the air of the real brand, but even if that’s the case, Curtis says: “Most of the main offenders for copying are big supermarkets. Brand owners will be scared of their commercial power and of being delisted – for many, supermarkets are their biggest customers, and they don’t want the hassle.”

Some companies have tried to legalise elements of their branding, but for some to no avail. Such is the case for Cadbury, which last year lost a legal battle to secure exclusive rights to Pantone 3685c purple in chocolate packaging.

broadband slow 319970 Stop fibbing about your broadband speeds say WhichWhich!!! have called on regulators to have a word with how broadband services are advertised.

At the moment, providers are allowed to use a ‘headline speed’ to advertise their services, but in reality only around 10% of their customers will actually get that. According to findings by Which!!!, a quarter of people would have selected another deal had they been better informed about what the actual speeds were.

To cover their backs, however, providers say various factors can affect the speed individual customers get.

According to Richard Lloyd, executive director of Which!!!, it’s not on: “Internet connection is now an essential part of modern life so it beggars belief that providers can sell people short by advertising speeds that only 10% of customers could receive,”

“We want advertising watchdogs to pull the plug on confusing adverts and ensure broadband providers show the speeds the majority of customers will actually get.”

Which!!! called on the advertising watchdogs, the Committee of Advertising Practice (Cap) and the Broadcasting Committee of Advertising Practice (Bcap), to review current guidelines, and now has started a campaign. Uncatchily entitled ‘Give us broadband speed guarantees‘, Which!!! are asking the public to sign up and to put pressure on those that lie.

Damn right.

creditcards Hated online card security systems to get revampedMastercard and Visa are going to replace their online security systems.

The much loathed MasterCard SecureCode and Verified by Visa systems are set to be usurped by a much easier to use set-up.

The systems that ask for further information and an extra password were meant to be a way of halting fraud and making it safer to shop on the internet.

However the systems have also been considered a bit of a faff and open to exploitation.

Initially it all sounded quite comforting. You’d get an extra window asking for fragments of your password and you’d feel all safe and that.

Yet according to customer feedback, customers have struggled to remember additional passwords, and there’s also been issues around whether the pop-up windows were not a front for some evil.

The new system will revolve around customers having passwords texted to them, which they would then type in.

Ajay Bhalla, president of enterprise security solutions at MasterCard, said: “All of us want a payment experience that is safe as well as simple, not one or the other. We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

MasterCard believe that mobile payments will account for 30% of online retail sales by 2018.

HSBC profits affected by crimes of the past

November 4th, 2014 No Comments By Ian Wade

HSBC HSBC profits affected by crimes of the pastBank trouble again, with HSBC stepping into the spotlight with their tale of mis-selling woe.

The bank’s profits didn’t quite gain the heights that were expected after they’d put aside $1.8 billion (£1.5 billion) to pay back compensation to customers as well as a possible fine for rigging the currency markets.

This does however indicate that regulators are generally stepping up to the mark and shaming bad banks and banking. If only they’d been this tough, say, six years ago.

HSBC reckon they’d spent $700 million more this year on compliance and risk than a year ago, and that level of expense looked set to stay, meaning it would miss one of its main cost targets.

HSBC said its forex investigation provision covered “detailed” talks with Britain’s financial regulator about alleged manipulation in the $5.3 trillion-a-day forex market.

The talks were in relation to systems and controls in one part of its spot forex business in London, it said. Last month HSBC fired two traders in London, sources said.

Shall we see what excuses CEO Stuart Gulliver is bleating?: “The cost base of a global bank like ourselves is higher than it was before, because … it includes a significantly higher compliance and regulatory cost than historically the banks had invested in,”

“It reflects the fact that standards, foreign policy, etc, all evolve in a world that is a lot less certain than it was 10, 15 years ago.”

HSBC added 1,400 more compliance staff in the third quarter and now had 24,800 staff in risk and compliance, or one in 10 of its employees. That’s heartwarming really, that the growth sector of banking-based employment is down to the bank themselves ripping its customers off.

We look forward to all our terms and conditions being updated in the coming weeks across the banking sector while they all fiddle with more margins and charges to claw some money back from our accounts, to atone for their mess-ups.

Look out! There’s more phone fraud knocking about!

October 29th, 2014 1 Comment By Mof Gimmers

telesales telephone Look out! Theres more phone fraud knocking about!Time to get vigilant, dear Bitterwallet reader, because there’s a scam doing the rounds that tricks you into believing you’re talking to a trusted business on the phone.

We wouldn’t be doing our civic duty if we didn’t inform you of it, but if you’re one of those lazy people who can’t be bothered reading an article, then the solution we offer is to never, ever answer a phone call, just to be on the safe side.

For those who insist on answering phonecalls or, indeed, want to learn about doing some fraud for some extra beer money, here’s the low down.

This scam has been dubbed ‘number spoofing’, where ne’er-do-wells clone a telephone number of an organisation and basically impersonate them so that, on your caller ID, you’ll think it is all legit and above board. The people at Financial Fraud Action UK reckon that this has become a bit of a problem in recent weeks.

Of course, this type of scam has been knocking around for years, but it is on the increase and criminals are using it to steal your money. At the moment, according to FFA UK, the main targets are businesses, but personal banking customers are also finding themselves being contacted by these snide gits.

Basically, fraudsters are posing as bank staff or police officers and ask you for your personal and financial details. They usually tell you that fraudulent activity has been detected on your account, which is a bit rich seeing as the scam ends up with fraudulent activity all up in your business.

If the scam artists don’t get your details, they’ll try and get you to send money to another account for ’safe-keeping’. Frankly, if you’re going to fall for that, then you need to start worrying. Remember though – no organisation, including your bank, will ever, ever ask for your password and PIN number in whole. Anyone doing so is absolutely trying it on with you.

Craig Jones, spokesperson for FFA UK, said: “Number spoofing is becoming increasingly common and it’s not difficult for the criminals to fake a caller ID. So if a number appears on your phone’s caller ID display, you shouldn’t assume you know where the call is being made from.”

“Remember that if a caller is trying to draw your attention to the number on your phone display, it’s very unlikely the call is genuine as there is no legitimate reason to point it out.”

Half of Britain victimised by cyber crooks

October 24th, 2014 No Comments By Ian Wade

cyber crime 300x223 Half of Britain victimised by cyber crooksHalf of the UK have been victims of cyber crime! According to a new report.

Well, they say ‘half’, but based on a survey of 2000 web users, 51% said they’d been affected by online scams, phishing, ID theft or some pesky virus.

The report by the Get Safe Online organisation, also said that many victims are left emotionally scarred by the experience.

Which is about right. You DO feel a bit vulnerable and freaked out that some arse has buggered your online-scene up.

Half of the victims said they felt violated by their ordeal and rued clicking on that link for free glans/baps (delete as appropriate). Only 14% of the affected felt they’d achieved any kind of redress after the matter either.

Also, a report by the National Fraud Intelligence Bureau, released to coincide with Get Safe Online Week, claimed that online scams raked in £670m between 1 September 2013 and 31 August 2014.

However an upshot of all this, has meant that those who have been violated then got heavy with web protection and not being so free and easy with their online behaviour.

Tony Neate, chief executive of Get Safe Online reckons this, by saying “Get Safe Online Week this year is all about ‘Don’t be a victim’, and we can all take simple steps to protect ourselves, including putting a password on your computer or mobile device, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when you’re finished.”

“The more the public do this, and together with better conviction rates, the more criminals won’t be able to hide behind a cloak of anonymity.”

Meanwhile Minister for the Cabinet Office Francis Maude threw his weight in and said the figures underlined the importance of doing everything possible to shore up the UK’s cyber defences, saying: “The UK cyber market is worth over £80bn a year and rising. The internet is undoubtedly a force for good, but we cannot stand still in the face of these threats, which already cost our economy billions every year.”

“We have an £860m Cyber Security Programme which supports law enforcement’s response to cybercrime, and we are working with the private sector to help all businesses protect vital information assets.”

Ebola email spreads malware! IS NO-ONE SAFE?!

October 23rd, 2014 No Comments By Mof Gimmers

hackers Ebola email spreads malware! IS NO ONE SAFE?!Even your computer isn’t safe from the threat of Ebola. Hackers and spam merchants are taking advantage of people’s panic about the disease by sending out emails that look like they’re from the World Health Organisation (WHO).

Obviously, they’re not from the World Health Organisation.

These messages encourage you to open an attachment, which will show you how to protect yourself from Ebola. However, instead of helping you, it’ll infect your computer and download malware into your system and then, as ever, will allow people to get at all your lovely personal information and bank details.

There is also a scam doing the rounds which is much less believable, where the email is from ‘an Ebola expert’. If you’re daft enough to open the attachments in that, then frankly, you deserve everything you get.

Message topics to look out for are: ‘What you need to know about the deadly Ebola outbreak’, ‘So Really, How Do You Get Ebola?’, ‘Is there ANY way to cure Ebola?’ and ‘The #1 Food Items You’ll Need In An EBOLA Crisis’.

Seeing as most people are ignoring the small threat of Ebola in real life (unless you work in a newsroom of course, where it is being heralded as the new plague), the best advice is to treat any emails with the same laissez faire attitude you’ve been employing thus far.

Apple admit that iCloud has been compromised

October 23rd, 2014 2 Comments By Ian Wade

apple icloud 300x260 Apple admit that iCloud has been compromisedApple have ‘fessed up about iCloud accounts being compromised by fake log-in pages. This follows an incident wherein Chinese users’ account names and passwords were requested by suspect looking web pages.

After all that celebrity nude action a couple of weeks ago, Apple came up with a two-password verification system to try and increase security.

Alas, reports of organised password phishing syndicates harvesting user information via fake iCloud pages emerged, and Apple had to come clean and say it’s a thing.

A statement released on Apple’s support page has confirmed that these phishers were stealing accounts and passwords, but that remained the dimensions of it. There was no further information as to when these happenings occurred or the severity of them.

Apple have helpfully told users to only use sites if there’s a padlock handy. On the site’s address bar, not around your neck.

They said: “We’re aware of intermittent organised network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”

“The iCloud website is protected with a digital certificate. Users should never enter their Apple ID or password into a website that presents a certificate warning.”

Last month, Apple chief executive Tim Cook admitted that Apple could do more to inform users how to make their iCloud accounts more secure, but was too pre-occupied with flogging new tat than being helpful.

Internet security at risk from poodles

October 15th, 2014 No Comments By Ian Wade

poodle Internet security at risk from poodlesGoogle’s security team – imagine some detective types with torches, illuminating the dark passageways of the internet – have discovered a potential vulnerability in SSL 3.0.

Google reckon that SSL 3.0 is an insecure, obsolete protocol that has since been superseded. But even when servers support the more secure TLS 1.0, TLS 1.1 or TLS 1.2, the downgrading that takes place between servers and clients can be exploited using a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.

Bodo Möller from Google’s security team points out that this move will “break some sites” and the advice is to support TLS_FALLBACK_SCSV instead, at least for the time being. OR THE POODLES WILL GET YOU.

Basically an attacker can force this protocol downgrade to take place by preventing the initial connection from taking place. The encryption used in SSL 3.0 is fairly easily cracked and a relatively simple attack can then be used to intercept and decrypt secure cookies.

What that means is that hackers could steal browser cookies and potentially end up controlling your email, bank details and social network accounts.

So yes. BEWARE POODLES! Not only that – these POODLES are similar to another vulnerability called Firesheep. It seems that the internet is under threat from animals that have fluffy fur.

These problems will only affect people who haven’t updated their browsers in a while, so if you’re using Internet Explorer 6, you may find your computer filling up with wool. So update your browser now, y’idiot.

Minimise the risk of fraud with your bank

October 14th, 2014 1 Comment By Mof Gimmers

bank sign Minimise the risk of fraud with your bankThere are millions of bank account holders who are leaving themselves wide open to fraud, according to Britain’s tops banks.

Industry body the British Bankers Association (BBA) has teamed up with the police to launch a campaign which they hope will raise the public’s awareness on all things fraud, looking at the most common scams that will happen online or down the phone.

Based on the results of a YouGov poll, the BBA said that eight million people are vulnerable to voice phishing scams, four million may transfer money to fraudsters, three million could potentially carry out “test transactions” and 1.7 million would hand their bank cards to couriers on their doorstep if they had a convincing form of ID.

Best not to answer the phone or door to anyone, ever.

Anthony Browne, chief executive of the BBA, said: “Being defrauded is a devastating experience for anyone which is why we are launching this campaign. The more people know about fraud, the less likely they are to become victims.”

“Our Know Fraud, No Fraud campaign will help you spot some of the tactics used by scammers. Your bank would never send someone to your home to collect your cash or ask you to transfer funds to a new account.”

So, for your records to be printed out and stapled to grandma’s forehead as a reminder to her and everyone else, here’s the BBA’s List of Things That Your Bank Will Never Ask For.

- Ask for your full PIN number or any online banking password over the phone or via email
- Send someone to your home to collect cash, bank cards or anything else
- Ask you to email or text personal or banking information
- Send an email with a link to a page that asks you to enter your online banking log-in details
- Ask you to authorise the transfer of funds to a new account or hand over cash
- Call to advise you to buy diamonds or land or other commodities
- Ask you to carry out a test transaction online

Dropbox: nearly seven million accounts hacked

October 14th, 2014 2 Comments By Ian Wade

Dropbox Logo 580 75 300x168 Dropbox: nearly seven million accounts hackedNearly seven million Dropbox accounts have been hacked.

The latest in the long line of unending hackery was spotted after hackers were able to get at logins and passwords via a third party affair.

Hackers leaked 400 accounts onto site Pastebin, claiming to make the remaining 6.9 million hacked accounts available to users in return for Bitcoin donations, according to The Next Web.

The post threatened that 6.9 million Dropbox accounts had been hacked, including photos, videos and other files.

Obviously Dropbox don’t want to be seen as quite so vulnerable and so dismissed it, claiming: “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

“We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Dropbox reckon that the service consistently expiries passwords for accounts that are being attacked, but could not provide a number of accounts that expired recently.

The news comes as wasteman Edward Snowden claims individuals who care about their privacy should “get rid of Dropbox”, counting it among the services that are “hostile to privacy.”

Either way, Dropbox should change their company logo from ‘your stuff, anywhere’, to ‘your stuff, bloody everywhere’.

call centre 300x168 Another attempt for nuisance calls and spam to be regulatedA change to the regulations surrounding nuisance calls and text messages has been recommended by Ed Vaizey.

The Minister of State for Culture and the Digital Economy wants to make it easier to fine the perpetrators of these heinous crimes.

Mr Vaizey would like to get it all sorted by the next general election, which suggests he needs to get his skates on.

A vague attempt at doing this last year was stopped, after a legal ruling went against the Information Commissioner’s Office (ICO) after it fined Christopher Niebel, the co-owner of marketing company Tetrus Telecoms, £30,000 for bombarding people with hundreds of thousands of texts regarding PPI and accident claims.

Simon Entwistle of ICO reckons: “This will make it much more straightforward for us to take action,”

“At the moment, it takes a large amount of effort to prove substantial distress and this change will make it much more proportionate to the problems these calls and texts cause.”

“We understand firms can have legitimate reasons to make marketing calls, but we reckon that for every one concern lodged with us there are about 1,000 nuisance calls or texts.”

Well, about time frankly.

Spamwatch: Emma Watson

October 10th, 2014 No Comments By Ian Wade

emma watson sofia vergara 300x156 Spamwatch: Emma WatsonPoor old Emma Watson – she’s become the latest front for an internet virus.

Ads claiming to have nudey footage of the Harry Potter star are actually trojans riddled with malware.

Serves you right if you’re that type of person into leaked celebrity baps to be honest.

Bitdefender’s cooly-named Chief Security Strategist, Catalin Cosoi, told Digital Spy: “It all starts with a Facebook comment promising to reveal private or leaked videos of Emma Watson”.

“The comments are automatically posted by users infected with the malware. As is the case with many Facebook scams, victims end up as marketers for cyber-crooks.”

“When users click on the malicious links, they are redirected to a salacious YouTube copycat. Future victims are then asked to update their Flash Player to the latest secured version of Video Player, as an error allegedly prevents them from watching the leaked videos of Emma Watson.”

As if you needed reminding, trojan malware is a bastard, and will rifle through your computer for anything stealable.

Disguised by the Flash Player icon, Trojan downloads the infected components into computer files. The videos themselves are hosted by a fake YouTube account, identified by the Anonymous Guy Fawkes avatar in the left hand corner.

So anyway. Norks on the internet. More harm than good.

NFL in the UK: Banning your bags

October 10th, 2014 3 Comments By Mof Gimmers

Large stadium events are always a bit of a faff, be it the limited amount of beer thanks to some watery lager sponsor, or be it it something to do with only being able to pay for things on certain credit cards.

Everyone knows the drill by now.

However, with the NFL coming to the UK, they’ve pulled a fast one that is almost impressive in its pointlessness. Basically, you can’t take any bag at all into Wembley stadium. Look at this exhaustive list of prohibited bags, which of course, are banned ‘for your safety’, even if you’ve been to big stadium shindigs before and managed to avoid a backpack maiming.

20141010 083454 e1412929164544 281x500 NFL in the UK: Banning your bags

 

If you have a bag for your medicine and whatever, that’s fine, but as the warning leaflet says: “entry will be permitted, however you may experience a delay in entering the stadium.”

So what is fine then? What is permitted? Why, NFL approved bags you can buy outside the ground, which of course, are considerably safer than your average bag.

20141010 083515 e1412929499224 281x500 NFL in the UK: Banning your bags

Of course, a huge sporting franchise taking the Michael at a enormodome is along the lines of “is the Pope Catholic?”, but this is next level ridiculousness.

If you want to watch an informative video and, if you’re going to any of the games and want to know the exact dimensions of purses that women are allowed to take, click here for the NFL’s official take on the whole thing.