Passwords: still terrible

January 21st, 2015 No Comments By Ian Wade

password 300x225 Passwords: still terribleRejoice, for the most popular (and worst) passwords of 2014 have been unveiled! And it’s a list that makes security experts weep, as the most popular are the most obvious.

As with 2013, variations on passwords like 123456 continue to be the most popular passwords. Other obvious choices such as “password” and “qwerty” are also in the top five.

There’s new entries for the likes of “baseball” (8), “dragon” (9), “football” (10) and, ahem, “Master” (19).

Superheroes such as Superman (21) and “batman” (24) proved popular, as did the winning “Michael” coming fresh in at No.20. We especially like that “trustno1″ is hanging on in there gamely, proving that irony is lost on the Cyberdog/conspiracy theorist set.

The list was compiled by password company SplashData, and combed from leaks from North America and Western Europe.

The ideal password that SplashData recommends, is one of eight characters or more with mixed types of characters. They also “helpfully” suggest not using the same password on all of your sites.

The full list of the worst passwords (with last year’s ranking in brackets) is:

1 (1) 123456
2 (2) password
3 (20) 12345
4 (3) 12345678
5 (4) qwerty
6 (6) 1234567890
7 (16) 1234
8 (-) baseball
9 (-) dragon
10 (-) football
11 (7) 1234567
12 (17) monkey
13 (14) letmein
14 (5) abc123
15 (7) 111111
16 (-) mustang
17 (-) access
18 (18) shadow
19 (-) master
20 (-) michael
21 (-) superman
22 (-) 696969
23 (11) 123123
24 (-) batman
25 (24) trustno1

Millions lost in investment scams last year

January 13th, 2015 No Comments By Ian Wade

scam Millions lost in investment scams last year£212 million was lost in investment scams last year, a rise of 20%, according KPMG’s Fraud Barometer.

(You could quite easily imagine someone named Fraud Barometer, couldn’t you?)

This increase lost to investment fraud came alongside a £824 million pound drop in the total to £717 million.

Now KPMG reckon that the numbers indicated that “victims are now being targeted because of vulnerability rather than wealth,” according to a report in the FT.

KPMG also said that part of this increase could be traced to such things as rising incomes and as investors search for ‘yield-bearing’ alternatives.

“You’ve got a generation of pensioners that actually has money but is not getting great returns on that money,” said KPMG partner Hitesh Patel.

“Pensioners effectively become targets for organised crime. A lot of people are being targeted by quite sophisticated criminals with compelling explanations of the ‘investments’.”

Apple’s Spotlight opening you to hacks?

January 13th, 2015 No Comments By Mof Gimmers

sad apple logo Apples Spotlight opening you to hacks?On OS X Yosemite, you may have noticed that Apple’s Spotlight search function is rather sophisticated, allowing you to search the web as well as peering into your machine for content too. All very clever.

However, it also has a flaw that could well expose your local information to nefarious types. Not so clever.

So what’s going on? Well, the weakness focuses on Apple Mail. Basically, as Spotlight Search indexes emails that have been received within Apple’s email service, it also shows previews of your emails, your images and such.

All a hacker would need to do is to insert a tracking pixel into one of your email’s images and hey presto! They could well be enjoying access to your data!

While the email is in your inbox, you can ignore scams, but Spotlight’s preview function opens up a vulnerability. Seeing as Spotlight opens previews of your junk and spam messages, this could be a problem. Even if you have switched off the “load remote content in messages” feature, it doesn’t exactly fix the problem.

Until Apple issue a fix, the best thing for you to do is to go to your Mac System preferences and switch off email indexing.

iPod Nano: Now a spy camera on cash machines

January 9th, 2015 No Comments By Mof Gimmers

spy title cropped iPod Nano: Now a spy camera on cash machinesThieves eh? They’re tricksy buggers. The latest scam that’s afoot (which reports like this will advertise to other sods to try out themselves, where once they wouldn’t have thought of it) is using iPod Nano devices as spy cameras on cash points!

The police were notified of an ATM in Gatley near Stockport and there, they found a camera fashioned from an iPod Nano, duct tape and a home made plastic front.

GMP Stockport tweeted a number of photos of the device and obviously, warned everyone about them, while asking us all to keep an eye out for them.

They said: “Reports of an ATM in #Gatley being found with a card reader and mini camera attached to it. Be vigilant when using them….It was the one on Northenden Road.”

“From experience they tend to leave the devices on for only a short time…First pic shows the ATM with devices attached. Second the fake front. Third pic shows the camera. We find most of them in the evening. They are usually placed near pubs and restaurants etc.”

B63CBroIcAEmplp 500x281 iPod Nano: Now a spy camera on cash machines

Obviously, if you see them and want to scupper some criminals from spying on you, contact the police on 101 or Crimestoppers, anonymously, on 0800 555111.

Speeding fines increase to five year high

December 31st, 2014 No Comments By Ian Wade

speeding car Speeding fines increase to five year highMore than 115,000 people were fined for speeding offences in England and Wales last year – the fines are at the highest number since 2009.

115,549 fines were dished out in 2013, according to figures from the Ministry of Justice.

South Wales had one of the biggest increases, with the number of people fined tripling last year to 6,491, from 2,181. Earlier in 2014 a speed camera in Cardiff generated more than an estimated £800,000 worth of fines in just six months.

While London saw the most people fined last year, the figure for the Metropolitan police area has fallen to 7,736 – its lowest level in five years.

A unnamed spokeshuman for the Department for Transport said: “Speeding can have devastating consequences and it’s right that drivers should abide by the speed limit. These fines were issued at the discretion of the magistrates and show the number of fines issued is in decline across many police force areas.”

Tune in next year to see if 2014 has been beaten!

Hurray! A crackdown on card fraud!

December 19th, 2014 No Comments By Mof Gimmers

creditcards Hurray! A crackdown on card fraud!Good news everyone – new rules have been revealed which aim to beat down on card payment fraud! Aren’t you thrilled about that?

The European Banking Authority (EBA) has shared their new, tougher guidelines, making payment service providers get serious about customer identification before payments are processed.

There’s good reason for this too – in the last four years, the yearly cost of card fraud in the UK has jumped up from £365 million to somewhere in advance of £450 million! Two thirds of that came from the dastardly practice of ‘skimming’, where small amounts of money are continually removed from an account in the hope that the victim won’t even notice.

Of course, there’s been an increase in digital snidery too, with ne’er-do-wells using malware and the like. There’s also the tried-and-tested tactic of just nicking your card too.

Anyway, all this means is that you’ll carry on as normal while fraudsters will have to learn a new set of tricks to try and get at all your precious money.

GearBest’s customers are not happy

December 9th, 2014 3 Comments By Mof Gimmers

gearbest GearBests customers are not happyYou may have seen GearBest knocking around, selling video games, gadgets, clothes and all that, but it looks like there’s a lot of people that are desperately unhappy with them.

One reader got in touch with us and said: “Ordered from Gearbest 4 items the promised 3-5 days when nothing came I emailed them they gave me a false tracking number… thanks to this scam £186 taken from my account”, adding: “they said payment was made into their paypal account £186 inc insurance, I am so mad and gutted for my kids, i doubt i get my money back they have lied in emails (at least 20!)”

So we decided to look into it a little further and it seems like problems aren’t uncommon with GearBest. There’s been complaints of issues with shipping and money being taken multiple times.

Elsewhere, people who have shopped with GearBest have said: “I FEEL CHEATED! Deducted 3 times from credit card for cancelled item!” which no confirmation emails for products and featuring items that are out of stock, taking the money for them and leaving customers in limbo. On top of that, customers have said that GearBest aren’t exactly forthcoming with information when they’ve been sent queries.

One customer, unsatisfied with the slow return on emailing with problems noted that the helpline requires you to call long-distance, saying that the whole thing was the “worst experience of my life.”

Another complaint said: “Ordered tablets from this website, they’re now asking for pictures of debit card and passport, this is completely unacceptable this is my private information, I have never heard of a website asking for this type of information before, unless a scam.”

We should point out that GearBest is a legitimate business and not a scam site and that there are some positive comments floating around about them. However, at best, GearBest sound like a hassle and at worst, it looks like they may have taken money from customers without fulfilling orders with subsequent and frustrating chasing.

One to avoid if you’re Christmas shopping (and beyond).

Starbucks and their tax issues: Part 425

December 2nd, 2014 No Comments By Ian Wade

starbucks logo 300x300 Starbucks and their tax issues: Part 425Starbucks will not be paying a ‘normal’ amount of tax for the next three years, according to the gloop-peddler’s new UK boss.

British Chief Executive Mark Fox said the giant chain’s UK operations are likely to be profitable within three years, however until Starbucks returns to profit, corporation tax is not applicable.

Fox reckons it’s nothing unusual, but did find it odd that the chain had yet to make a profit from the average £3.50 a coffee.

Tax avoidance is nothing new with Starbucks, when it emerged two years ago that it had only paid £8.6 million in corporation tax, despite a £3 billion in the bank since it first infested the UK in 1998. Back then it was accused of funnelling profits through the Netherlands because lower tax. They’re still under investigation for that.

Fox has admitted to the Evening Standard that Starbucks had been damaged by the tax row, but insisted that Starbucks’ tax affairs were very, very ordinary. He said: “It happens across the sector and therefore it didn’t bother me at all.”

“There was nothing abnormal about the way Starbucks is run in the UK. What is abnormal is that we haven’t been making a profit,” adding: “I look at the business now with eight quarters of growth, I don’t see a damaged brand, I see a brand that is starting to regain its mojo.”

‘Mojo’. Honestly.

Syrian Electronic Army attack OK magazine

November 28th, 2014 No Comments By Ian Wade

hackers Syrian Electronic Army attack OK magazineA number of websites have fallen prone to being attacked by the SEA.

The Syrian Electronic Army (who sound like more like an underground rave set-up than terrorists) claimed to have hacked a number of websites.

The SEA exploited a fault with a content delivery network and soon visitors to the Independent, OK magazine and the Evening Standard websites were given a blank screen and a javascript popup telling them they had been hacked.

The Syrian Electronic Army are a pro-Assad Syrian hacker group. Of course they’d head straight for OK magazine.

The ad network were first in line for blame, due to the sporadic nature of the outages, which are difficult to replicate and spread over a number of sites.

The Independent reckon the hack came via the Gigya CDN, but stress no information on users was compromised.

Ernest Hilbert, a security consultant at Kroll Cyber, agreed that “it was Gigya. It is a DNS takeover, and this is what the Syrian Electronic Army does. Normally, you type in a URL, it goes to a domain name server, and it says ‘those words equal this website’.

“But not every user can get in through one connection, particularly at bigger sites. A CDN means that, because you can’t all fit in through the same door, it sends you to another one, another version of the content. And one of those versions, which hosts copies of all these affected sites, appears to have been compromised by the Syrian electronic army.”

This isn’t the first time the SEA have done this. They have form going back to 2011. They did The Sun and the Sunday Times in June, and The Guardian in 2013, when it sent spoof emails to staff encouraging them to reset passwords through a malicious link. Fancy that!

A million odd gas customers have been overcharged

November 27th, 2014 1 Comment By Ian Wade

British Gas 300x193 A million odd gas customers have been overchargedMore than a million pre-paying gas customers have been overcharged due to faulty meters.

Industry body Energy UK believe customers could have been overcharged by as much as 25p for each top-up. According to them, around 1.5 million meters haven’t been working correctly for as long as seven years, as the meters were not properly calibrated to measure the cost of the gas being used.

In the worst cases, some customers may have been rinsed for as much as £110 extra.

“We apologise unreservedly to customers,” said Lawrence Slade, the chief operating officer of Energy UK. ”We have acted quickly, and we want those affected to get their money back as soon as possible,” he told the BBC.

Gas customers will be refunded by their energy dealers, and their cards will be updated when they next need a top-up. British Gas, have already said more than 700,000 of its customers may have been overcharged.

Regulator Ofgem has called for a timetable for refunds and repairs, and it is thought that refunds will go out before Christmas.

“That overcharging has been going on for seven years shows the second-class service prepayment customers get,” said Gillian Guy, Citizens Advice chief executive, adding: ”Prepayment meter customers are already paying higher charges than direct debit customers, so this is adding insult to injury.”

Magical journey: not so magical

November 24th, 2014 No Comments By Ian Wade

A Christmas wonderland has been closed after one day due to hundreds of complaints. The Magical Journey was a trip designed by designer ponce and Dave Grohl lookalike Laurence Llewelyn-Bowen.

The attraction opened on Saturday at the Belfry, near Sutton Coldfield, and had been bugled up as a ‘snow-covered winter wonderland’. However, customers demanded refunds after dismissing the site as a rip off.

Magical Journey Map 500x419 Magical journey: not so magical

Event director Paul Dolan has apologised and said preparation had been “severely hampered” by recent torrential rain.

“It’s clear to us now that we should have postponed the opening, but we didn’t want to disappoint those families already booked. That was the wrong decision and we apologise.”

Lots of disappointed visitors posted messages on the attraction’s social media pages. Visitor Matt Freeman said on Facebook: “You have used Christmas as an excuse to exploit people and part with hard earned money for what turned out to be a joke. “I shall take this further and as for Laurence Llewelyn-Bowen he should be ashamed of this because quite honestly I could have cobbled something together better than this in my own back garden for half the cost.”

Ben Harvey also chipped in with the comment of the week: “There is nothing for kids to do, the elf who is meant to be Simon Cowell is completely pointless.”

Plus it wasn’t cheap: the top price for a child is £22.50. While most customers threw shade, some users encouraged others to give the Magical Journey “a chance” and to reserve judgement until it re-opened.

In a post on its website, organisers announced the attraction would close for three days for improvements and changes to be made. They’ve also offered refunds to anyone who has already visited the site.

Your webcam is probably being hacked by Russians

November 20th, 2014 5 Comments By Ian Wade

hackers Your webcam is probably being hacked by RussiansToday’s ‘not at all creepy. Oh no’ news now, and basically don’t get your bits out in front of a webcam ever again.

A Russian website is being shut down for streaming images stolen from the likes of baby monitors, bedroom cameras and CCTV.

The site has been featuring live feeds from basically anywhere that’s broadcasting on cam, including a gym in Manchester, a bedroom in Birmingham and an office in Leicester. The site’s database shows listings for 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.

The UK’s information commissioner Christopher Graham urged the Russian authorities to take immediate action to take down the site, but Russia being Russia at the moment, there’ll probably try and make an international incident out of it.

Graham also said he also would be working with the Federal Trade Commission in the US to try to force the site to close if the Russian authorities failed to cooperate.

Interviewed on BBC Radio 4’s Today programme, Graham said: “I’m very concerned about what this [website] shows and I want the Russians to take this down straight away … We now want to take very prompt action working with the Federal Trade Commission in the States to get this thing closed down. But the more important thing is to get the message out to consumers to take those security measures. If you don’t need remote access to a webcam then switch off that function altogether.”

WEBCAM HACK 500x351 Your webcam is probably being hacked by Russians

Graham also said consumers were too laid back about security: “We have got to grow up about this sort of thing,”

“These devices are very handy if you want to have remote access to make sure your child is OK, or the shop is alright, but everyone else can access that too unless you set a strong password. This isn’t just the boring old information commissioner saying ‘set a password’. This story today is an illustration of what happens if you don’t do that. If you value your privacy put in the basic security arrangements. It’s not difficult.”

The Russian site has been online for a month, and has already been the cause of some alert around the world. The UK have known about it for just over 24 hours.

So, watch out next time you do a broadcast. Your audience may be more global than you thought.

biscuits Some consumers cant tell the difference between brandsA lot of people can’t tell the difference between own-branded and branded goods, according to a survey by Which!!!

Which!!! asked 7,855 members various questions, and discovered that around a quarter of them have difficulty telling the brands from the own-brands, and have sometimes ended up buying the own brand goods by mistake! (the clots).

One of the main examples used was the similarity between McVitie’s Ginger Nuts and Lidl’s Tower Gate Ginger Nuts (pictured). Once the brand names had been blocked off, 39% of respondents confused Lidl with McVitie’s.

Other own-brands that the research suggested bore an uncanny resemblance to branded labels included Aldi’s Snackrite Thick Ridged Crisps (similar to McCoy’s), and Lidl’s Newgate Cream of Tomato Soup (similar to Heinz).

According to legal professional Lee Curtis, partner and trademark attorney at law firm HGF, says the basic test for a design right infringement is if the non-brand gives of the air of the real brand, but even if that’s the case, Curtis says: “Most of the main offenders for copying are big supermarkets. Brand owners will be scared of their commercial power and of being delisted – for many, supermarkets are their biggest customers, and they don’t want the hassle.”

Some companies have tried to legalise elements of their branding, but for some to no avail. Such is the case for Cadbury, which last year lost a legal battle to secure exclusive rights to Pantone 3685c purple in chocolate packaging.

broadband slow 319970 Stop fibbing about your broadband speeds say WhichWhich!!! have called on regulators to have a word with how broadband services are advertised.

At the moment, providers are allowed to use a ‘headline speed’ to advertise their services, but in reality only around 10% of their customers will actually get that. According to findings by Which!!!, a quarter of people would have selected another deal had they been better informed about what the actual speeds were.

To cover their backs, however, providers say various factors can affect the speed individual customers get.

According to Richard Lloyd, executive director of Which!!!, it’s not on: “Internet connection is now an essential part of modern life so it beggars belief that providers can sell people short by advertising speeds that only 10% of customers could receive,”

“We want advertising watchdogs to pull the plug on confusing adverts and ensure broadband providers show the speeds the majority of customers will actually get.”

Which!!! called on the advertising watchdogs, the Committee of Advertising Practice (Cap) and the Broadcasting Committee of Advertising Practice (Bcap), to review current guidelines, and now has started a campaign. Uncatchily entitled ‘Give us broadband speed guarantees‘, Which!!! are asking the public to sign up and to put pressure on those that lie.

Damn right.

creditcards Hated online card security systems to get revampedMastercard and Visa are going to replace their online security systems.

The much loathed MasterCard SecureCode and Verified by Visa systems are set to be usurped by a much easier to use set-up.

The systems that ask for further information and an extra password were meant to be a way of halting fraud and making it safer to shop on the internet.

However the systems have also been considered a bit of a faff and open to exploitation.

Initially it all sounded quite comforting. You’d get an extra window asking for fragments of your password and you’d feel all safe and that.

Yet according to customer feedback, customers have struggled to remember additional passwords, and there’s also been issues around whether the pop-up windows were not a front for some evil.

The new system will revolve around customers having passwords texted to them, which they would then type in.

Ajay Bhalla, president of enterprise security solutions at MasterCard, said: “All of us want a payment experience that is safe as well as simple, not one or the other. We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

MasterCard believe that mobile payments will account for 30% of online retail sales by 2018.