In the spirit of The Avengers we have our own superhero — a superhero of computer and IT policy. This article is written — in true superhero fashion — anonymously, by The Green Geek, whose real name you may never know.

Join together with the Green Geek in the struggle against evil vector forces that willingly destroy your computer and information security. Vectors in cyber space are villains who would maim your digital dignity, steal your identity, invade your privacy, destroy your data, and ruin your gadgets. If you let them.

What threats put you at risk? What can you do about it? Defend yourself with this Five-Point Plan from The Green Geek:

5. Value your privacy.

If you think privacy is no big deal, think again. You disclose a birthday here, a school there, you friend your mother’s mother on Facebook, expose your address or phone. Here and there you leave puzzle pieces that let us assemble your whole story.

• Villains can steal your identity - costing you much time and money. Stalkers can find you. Weirdos want to know you. Friends have Too Much Information. Employers can and will use what you say against you.
• Be in control. You rule the computer not the other way around. Draw a line in the sand where you will not cross for sharing private information. Use factual security questions that only you know the answer to. Do you really need 1000 people to wish you happy birthday online? Tell us about your vacation when you get back, but don’t tell the world beforehand when your house is empty. If you use f-bombs, serial date, and drink, do we have to see you share that? Do you need to save all the web searches you ever made?

4. ”Don’t talk to strangers.” Vectors include viruses, malware, botnets, robots, scam artists, and worse. This is huge.

• Look before you click. Only open messages and emails from senders you recognize. Someone is fishing for a sucker to bite their bait, in the form of fraudulent email. This is called “phishing“. Various sources estimate spam email takes up 90-94% of ALL email! Their purpose is to get you to look, buy, send money, accept a virus, or join a global botnet. Recognize fake and unwanted messages by their familiar but wrong sender address and weird titles. Report spam to help email vendors improve spam filtering.
• Only click on links from a source you trust. Inspect hyperlinks before you click on a hyperlink, which displays one thing but underneath is the real link.
• Don’t respond to emotional appeals or act on wishful thinking. What is real and hidden in the picture? Yeah, you’re lonely AND beautiful, you believe in love; or that car is a bargain! But if it is too good to be true, then it’s probably not. Some emails are written by robots. Some generic messages say nothing specific that can’t be said to everyone.
• Never enter your password in response to links in an email.

3. Lock your doors, literally and figuratively.

Prevent the entry of illicit vectors into your space by limiting access. Consider security like an onion. At the center of the onion is treasure, payload, your precious stuff. How easy is it to peel off the layers of security, if any?

• Physical access - How safe are your things, from smartphone to PC? Stuff should not be available for just anyone to touch. Keep these objects physically secure, not left laying around. Same as you would protect a wallet. Not left in public bathrooms, unlooked cars, or on the hood of your car.
• Device access - How safe are your data files and screen displays? What if someone has access to your smartphone or PC? Require a screenlock. You should provide a uniquely personal password, finger-swipe, or biometric to see further. If you share the device or PC with other guests, then create a guest portal, so that your user session is separate from theirs.
• Network security - How safe is your connection to a network for internet access?  Beware of Wifi and untrusted networks, where your internet traffic travels on the information superhighway in full view, unencrypted for network admins or sniffers to capture. Be safe and sure, use your own encrypted 4G or 3G air card or USB modem. This is handy for reliable internet access anywhere anytime, and you not only don’t have to compete amongst an entire coffeehouse full of net surfers for bandwidth, but you also have the peace of mind that that your communications are safe.
• Software reliability - Does your software scan for malicious vectors before you open or download objects? When you use the “cloud” – all the services are provided online via the internet on a web site or web server – make sure there is rigorous protection against vectors. Good cloud service providers will filter virus vectors from reaching your PC or device.  so that you either don’t download or get your data ruined by vectors. You want to use email software that filters spam well, for example Google Mail (gmail.com).
• Device defense is 1st and last - We’ve peeled the onion back. The above inevitably fail, because new vectors can sneak through until discovered. Keep your device up-to-date with the latest:  operating system; web browser; anti-virus/anti-malware software; and storage encryption.
• Microsoft Windows vulnerabilities created a multi-billion $$ spinoff industry just to create and administer the IT security. This gave Apple one leg up to bring to market OSX or iOS which were more closed and designed for better security. The Google browser Chrome is touted for its security. Samsung Galaxy Android and Apple iPad/iPhones are now offering the NIST FIPS 140-2 standard encryption for storage.
• If you login to use software (such as email and banking), the appearance of the “padlock” icon in the browser means the network traffic is encrypted using SSL and therefore unreadable.

2. Trust NO ONE to store your credit card.

Online shopping is great. We save gas and time by browsing online, and the item is shipped faster than you can shake a green fist. Unfortunately some companies, to which we entrust our identity or financial credentials, are themselves negligently lax when it comes to IT security.

• DO NOT STORE CREDIT CARDS in online accounts with any vendor. Rather [tediously, yes], enter the credit card information for a one-time purchase each time you make a purchase. This is not risk-proof either, but incrementally better than storing your credit card like a sitting duck waiting for a hunting season.
• LIMIT CREDIT CARDS that you use online to a very short list. If something goes wrong you can more easily assess and contain the damage.
• READ YOUR STATEMENTS. We are unaware until a breach goes public. Take for example, the intrusion to Global Payments servers in March 2012 that was not reported publicly for nearly one month. Global Payments coordinates the steps involved in authorizing the charge and submitting the transaction details for VISA and Mastercard. When you hear news about credit card theft, check your statements and activity ASAP.

1. Protect your passwords.

Some of the most famous security intrusions come from hacking passwords, but your defense in this regard is totally within your control.

• Use strong passwords. A strong password is a character string generally not found in any dictionary for any language. Use a combination of Upper- and lower-case letters, mixed in with numbers and special characters. Create acronyms out of phrases.
• Use different passwords for different accounts, and change the password every 60-90 days. Yes, with all your stuff in the cloud, we’re talking about a load of passwords.
• Assess your risk, and firewall your passwords. Risk means the probability of something bad happening, and the impact if it did. It’s not kosher but the Green Geek does classify different accounts by degree of risk, and ramps up the security of passwords appropriately. For example, to comment on news or blogs, the Green Geek is known to reuse a password or two… For anything with private or banking information, the passwords are inscrutable. By “firewalling” passwords, there should be no crossover from an unimportant account to an important account.
• Use Multi-Factor Authentication! DO IT! Multi- or two-factor/two-step authentication (“MFA” or “2FA”) adds an extra step when you enter your user password, to ensure you are who you are. When you enable MFA, you define a “token” such as a phone; and when you try to login with your username and password, you will receive a message with a code (voice or text) on your phone or token. You enter this code along with the password. If your software provider, bank, or credit card company offers this option then use it (e.g. offered by Google Mail)!

“Social engineering” in IT security refers to the ability to hack based on using known info about a person, in order to crack the security procedures for forgotten passwords, or to guess or reset their passwords. While very common, social engineering can be reduced with the above privacy practices and password discipline. MFA stops social engineering dead in its tracks. Here are three epic social engineering stories:

• In 2008, when Sarah Palin was running for VP, someone hacked her Yahoo Mail and reset her password by correctly guessing Palin’s birthday and her security questions: “Where did you meet your spouse?” (Answer = Wasila High) Half the planet knows Palin’s bio; she compromised her own security when Palin chose that question.
• In 2009, the corporate email, business plans, and files of Twitter.com were hacked, when someone first hacked the wife of Twitter’s founder, and used the same passwords to gain access to the Twitter company.
• In 2011, the firm HBGary which specializes in corporate and government IT security got totally pwned and humiliated, when after bragging about exposing the hacker vigilante group, Anonymous, they were cyber attacked by Anonymous.

“I can explain it to you but I can’t understand it for you.” We can’t defend Stupid. But it’s not that hard. This Five-Point Plan breaks it down for you. The takeaway here is to learn from others’ mistakes, and get comfortable with security awareness.

Read more about internet crime at the FBI’s Internet Crime Complaint Center. If you are a victim of internet crime, file a complaint with the FBI. Crime or vulnerability that puts the nation at immediate risk should be reported to the U.S. Computer Emergency Readiness Team (US-CERT).

What is your best tip for keeping all of your devices protected? Comment below and you’ll be entered to win a $400 Amazon gift card from Kaspersky Lab.

One way to protect all of your devices is with Kaspersky ONE Universal Security. Download your FREE trial today.

This is a sponsored conversation written by me on behalf of Kaspersky Lab. The opinions and text are all mine. Official Sweepstakes Rules.

Never leave home without your IT security awareness. (Media credit/NOAA)

On May 10, the FBI’s Internet Crime Complaint Center (IC3) released its annual 2011 Internet Crime Report. The 2011 Internet Crime Report is a summary overview of online criminal activity. In 2011 the IC3 received 314,246 complaints, an increase of 3.4 percent from 2010, but less than 2009. The estimated dollar loss in 2011 was $485.3 million.

The IC3 received and processed, on average, more than 26,000 complaints per month in 2011. Many online schemes use deception schemes to de-fraud victims of identities and money. The report summarizes complaint types, along with statistical breakdowns by demographics and state.

Some common themes of internet crime include:

• Auto-Auction Fraud - 4,066 complaints at a loss of $8.3 Million. In fraudulent vehicle sales, criminals attempt to sell vehicles they do not own. Criminals advertise vehicles for sale at prices below book value, and claim they are moving for due to work or military deployment. They get the money because they are rushed, or take partial payment. The criminal does not deliver the vehicle. Demographically, males age 40-49 complained most, followed by males 20-29. Let’s say, “These prices are a steal!”
• Romance Scams - 5,663 complaints at a loss of $50.4 Million. Scammers target individuals looking for online for companionship or romance. Victims believe they are “dating” a good person. Overwhelmingly, the most frequent complainants were women ages 50-59, with women 40-49 a close second. On average, each victim reported a loss of $8,900. Dearie, when it seems too good to be true, it’s probably not.
• Work-from-Home Scams - 17,352 complaints at a loss of $20.1 Million.Cyber criminals move stolen funds using work-from-home scams. Organized crime and cyber criminals recruit victims through newspaper ads, online employment services, unsolicited emails or “spam,” and social networking sites advertising work-from-home “opportunities.” Sadly, for their participation, some “victims” are legally liable for participating in criminal activity. Victims are the “mule” for criminals who use the victim’s accounts to steal or launder money. Scammers may also damage the victim’s own identity or accounts. While all ages, except the elderly fall for this, woman are over 50% more likely than men to become victims. Everyone with an email account will probably get such an offer. PRESS DELETE, &/or report spam. Ah [sigh], don’t we wish we could get rich quick?
• Loan Intimidation Scams - 9,968 complaints at a loss of $8.2 Million. A relentless continual caller claims the victim is delinquent on a loan and must repay the loan to avoid legal consequences. The callers claim to be representatives of the legitimate-sounding law enforcement agencies such as the FBI, or they claim to be collecting debts for various companies. Callers have accurate identifying information about the victims, including Social Security numbers, dates of birth, addresses, employer information, bank account numbers, and names and telephone numbers of relatives and friends. Females age 30-39 appear most at risk; perhaps struggling single mothers who are not surprised when loansharks come calling. (One avoidance tip is to never fill out an online application for a loan or credit card.) Hmmm, now I’m starting to sweat…
• FBI Impersonation Email Scams - 14,350 complaints at a loss of $3.5 Million. Government agencies do not send unsolicited emails, but scammers do. Men ages 50-59, then over 60, often fell prey. Impersonating a federal agent, to defraud consumers, sure takes a lot of, um, nerve!

The typical American reader would not expect Alaska and the District of Columbia to have much in common; let us count the ways they differ. However, Alaska and DC have the highest rate of reporting internet crime per population; and are in the Top-7 for highest average dollar loss.

More advice: When you travel overseas – let’s generalize this advice for any WiFi or guest internet connection (domestic or foreign) – be careful what you view and click, and protect your computer/data.

IC3 receives, develops, and refers criminal complaints of cybercrime. IC3 provides victims with a convenient, central reporting mechanism, and coordinates the response with local, state, federal, and international levels. How low can these criminals go? To read the IC3 report, click here.

Mac users have had it easy. We enjoy fun stuff without worrying about the endless toil and trouble of virus scanning, security patching, and the added expense, which we see our Windows cousins engage in.

But, do you recall updating your Mac for Adobe Flash? It’s a vague nauseous feeling of been there done that. Be aware, this likely was malware.

It’s called Flashback. It simulates an update for your Adobe Flash. We all do this. Most of us are probably generally aware that Apple and Flash are like apples and oranges, or rather oil and water. It seems as if Adobe updates are as frequent as iTunes updates. After a while we get lazy and drop our guard. Therefore, when we see another [annoying] update for Flash come across the screen, it’s no surprise…

You clicked install?! If it was Flashback, then it is a Trojan horse. Malware. We know now that this fake Flash module, which was first written about back in September 2011, lurks on your Mac, takes screenshots of your password screens, and ships them off to evil locations unknown…

Don’t let that happen to you… and don’t panic. Follow the method defined by the security experts to test for the virus, and if you find it remove it.

How to test if you are affected?

1. Find “terminal.app” in your Mac’s Applications/Utilities folder.
2. Click on Terminal to open.
3. You next type in or copy and paste the diagnostic commands.
4. Type these three lines:
   • defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
   • defaults read /Applications/Safari.app/Contents/Info LSEnvironment
   • defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
5. If each time you got the response “does not exist”, then congratulations, you dodged this bullet.

For those unlucky people with the Flashback Déjà vu:

I’m guessing you didn’t win Mega Millions. No worries, no one reading or writing this did either. Doctor Web and Kaspersky Lab, antivirus companies, estimated that by the end of last week, over 600,000 Mac computers were infected with some strain of the Flashback Trojan horse.

If you’ve got Flashback, please follow the advice of experts to get rid of it. Flashback exploited a vulnerability with a version of Java. You will need to update your Java, but you don’t want to toast your Mac further with more trial and error.

You have choices for help. Kaspersky Lab launched a website to help you diagnose and fix the issue.

Credit Juan Leon for creating an automated app to fix the problem. Or if you want the devil’s details, see Arstechnica.com’s diagnostic help plus “How to get rid of Flashback“, which they copied from F-Secure which first distributed a free fix and instructions.

Two more steps:

Even if you don’t have Flashback, prevent it from happening. If you haven’t yet today, go next to System Preferences or your Apple menu, and run a “Software Update…” You want your OSX and Safari up to date.

While you are housekeeping, why not delete your Flash cache, because your Flash cache is never cleared when you clean your browser cache and cookies(back to the Apple and oranges thing)? Repeat this occasionally because over time it’s a drag on performance for some Macs.

Go to System Preferences / Other, open Flash Player, and “Delete All” Browser Data and Settings.

Are you a Mac?

Hope this helps. Stay healthy! Whoever said Macs are zero-maintenance? Still pretty good by comparison. (Hey for zero-maintenance, how ’bout those Chromebooks, for those in the cloud? But I digress.)

For more information about the Flashback Trojan malware, read the blog from The Next Web Conference.

MARLBOROUGH — The Better Business Bureau issued an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line “Complaint from your customers.”

This e-mail is fraudulent. BBB warns you to ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.

The e-mails have return addresses that BBB does not use (one example is riskmanager@bbb.org) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link.

BBB is working with law enforcement to determine its source and stop the fraudulent campaign.  http://www.bbb.org/us/article/ALERT-Malicious-Complaint-Email-Claiming-Its-From-BBB-30916

For several hours Sunday morning, Blast Magazine and many other websites in the InMotion Hosting network were attacked by a hacker called TiGER-M@TE.

InMotion, where Blast hosts one of its servers, acknowledged the breach.

“At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced. We are evaluating how this has occurred and our security team will have more information shortly,” InMotion said in a statement. “While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts.”

It is unclear how many sites were hit, but it is likely hundreds, if not thousands.

This morning, the Blast homepage was briefly replaced by a black background with the red letters “Hacked” (See photo below) and all of our blogs and articles were unreachable.

This appears to be the same hacker who successfully attacked Google previously. The Hacker News interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.

In an online posting, TiGER-M@TE claimed responsibility for launching the homepage defacement attack.

“While we can respect TiGER-M@TE’s abilities, we are disappointed that our websites were hit,” said Blast Magazine editor-in-chief John M. Guilfoil. “What truly concerns me, however, is that InMotion Hosting appeared woefully unable to prevent or defend against this kind of attack, even though homepage defacements have been going on seemingly forever. We will consult with InMotion on Monday and plan to press the company to be more proactive in its security if InMotion values its customers.”

You know the dangers of identity theft and make sure that you shred old bills and receipts before dumping them in the trash, but how do you protect your Smartphone? Since your Blackberry, Android or iPhone device is capable of a whole range of conveniences – browsing the Internet, online purchasing and banking – your Smartphone is actually a pocket-sized holder of all the sensitive information you’ve been trying so hard to keep from prying eyes.

Recent studies have found that modern users aren’t nearly as careful with a phone as they should be, particularly if it’s used for these types of activities. A recent report by CPP found that 54% of second-hand phones contained personal data such as text messages, emails and bank details –a wakeup call for consumers. Loss or theft is a common concern as well, and without sufficient protection, a stranger can easily grab web site logins, passwords and credit card details that can be used to carry out transactions and register for services in your name.

So, what can be done about it? Well, first of all it’s important to start looking at a phone in a similar way you would a wallet, purse or keys – in other words, make sure you know where it is at all times. If you are selling or recycling a phone, make sure any and all personal data is deleted before it is passed on, and don’t forget to remove the SIM card and any internal memory.

While it’s always a good idea to be aware of exactly what type of data a phone can store and take steps to minimize the chance of loss, thankfully the security industry is also weighing in with software that’s specifically designed to protect Smartphones. Using a modern mobile security suite, you can remotely lock, wipe or locate a phone as soon as you notice it missing, and of course it’s a good idea to report this yourself to the provider just as you would with a lost credit card.

Malware is also a concern, because if your Smartphone is infected by one of the growing range of malicious programs and apps that target mobile devices, sensitive data can be retrieved and sent to a third party without your knowledge. Again, security software can help, and with the wide range of games and applications now available across all phone platforms it’s more important than ever to make sure you have a suite installed that can scan these files and protect you from malicious code.

The range of features and conveniences available on Smartphones are only set to grow further as new technologies are introduced, so there’s never been a better time to increase awareness of mobile threats and consider additional protection to make sure you can enjoy using your device with peace of mind.

Walgreens pharmacy chain alerted customers today that their email addresses may have been stolen by spanners.

“We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us,” the company said in the email. “As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.”

The company did not say how many addresses may have been stolen.

According to the statement, only the customers’s email addresses were taken. No prescription information, credit card numbers or addresses were stolen.

“Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident,” Walgreens said.

Concerned customers can call Walgreens at 888-980-0963.

WikiLeaks founder, Julian Assange, 39, was at the Westminster Magistrates Court overnight after a judge refused him bail at an extradition hearing in London.

Assange is currently wanted in Sweden over claims he sexually assaulted two women in August.

The Guardian reports that Assange denies the allegations and Howard Riddle, district judge, ruled there was a risk Assange would fail to surrender if granted bail.

WikiLeaks, which published a quarter-million sensitive diplomatic cables on Sunday, came under a denial of service attack by a hacker styled “th3j35t3r” (The Jester).

When the attack happened, th3j35t3r tweeted, “TANGO DOWN – for attempting to endanger the lives of our troops, ‘other assets’ & foreign relations.”

According to PCMAG.com, F-Secure’s Chief Research Officer, Mikko Hypponen said, “It was a weird case. Everybody assumed it was some large-scale Distributed Denial of Service attack, but the guy himself says it’s not. It’s a protocol-based attack from a single source.”

WikiLeaks recovered by changing its hosting providers, which were in France when the attack happened. They are currently using two different servers hosted by Amazon.com.

The hacker, th3j35t3r, characterizes himself as ex-military and often uses military terms. He uses a Russian Hotmail account.

Here’s yet another reason to fear people on social networks.

We’ve all heard the horror stories about privacy issues on social networks, but more than 200 young girls now know the consequences of being too trusting on these sites all too well.

In a practice termed “sextortion” by the FBI, a hacker gathered personal information and used it to extort young girls into providing him with risque pictures and videos in exchange for not forwarding the information to their parents and email contacts.

The hacker, a 31-year-old California man whose name was not released, was arrested following a two-year investigation by a Los Angeles squad of Federal Cyber Investigators.

The method used to hack these computers was called “spear phishing” and the hacker posed online as a friend or relative who wanted to share a video, this was done mostly on popular social networking sites. After clicking on the video, the victims’ computers were completely compromised and the hacker instantly had access to the victim’s files, webcams, and microphones. The hacker was literally given access to spy on the individual through their webcam and could track every keystroke.

“The victims were tricked. They had no idea what had happened until it was too late,” said FBI Special Agent Tanith Rogers.

This method was easily implemented, and the hacker learned it from researching readily available online sources.

“What’s so frightening about this case was how easily the victims’ computers were compromised,” said FBI Special Agent Jeff Kirkpatrick, one of the Los Angeles cyber investigators who worked the case.

Although the hacker was only interested in exploiting these young women sexually, the privacy issues extend to all realms of personal information and security, including identity theft, access to bank accounts or any other records stored on a personal computer. Actual crimes such as robbery or assault could also be cause for concern when addresses revealed. The idea of this virtual stalking has gone from a joke within the virtual world and should now be taken seriously as a potential threat that has attracted federal attention.

What is a greater cause for concern is the potential for people who have a vested interest implementing this type of virus on your computer in order to gather incriminating information on you in your daily life.

The FBI has tips to try and avoid victimization, however until more precautions are put in place, your computer may not be a secure and private haven, not even when you are alone in your home.

Twitter says that its team has fixed a cross-site scripting vulnerability on its web interface that allowed several worms to spread across the site on Tuesday morning.

According to The Guardian Technology Blog, a Japanese developer reported the XSS vulnerability to Twitter on August 14. The company launched a new site September 14, and the new site still had the vulnerability.

Twitter said Tuesday afternoon it had fixed the vulnerability, but not before countless malicious Tweets had been sent.

“We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit,” the company said in a status message posted at 6:25 a.m.

The exploit was perfectly simple. You see, when you send a Tweet with a link attached, the URL is converted to a hyperlink. The exploit changed the way the link was translated when you hovered your mouse over it to click.

Twitter has been hacked — just for the fun of it/

The site was overrun on Tuesday morning with posts discussing a programming flaw that pranks users, spread worms, and sends porn to unsuspecting Tweeters.

According to experts, the problem was limited to a JavaScript command in the old Twitter web interface, which is gradually being phased out.

The New York Times reported that one offending post included an “onmouseover” command that caused messages to pop up and sites to open automatically when a pointer hovered over it.

The script caused some users to forward the offending links to their followers — similar to the many Facebook worms that have been found over the past few years.

Twitter hasn’t issued a statement yet, but posted a status page message saying: "We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit." At 9:50 Eastern time Twitter said it had fixed the flaw. (XSS is short for "cross site scripting" and refers to Web-application flaws that enable hackers to inject scripts into Web sites.)

News outlets reported that due to the worm, Sarah Brown, wife of former British prime minister Gordon Brown, was circulating a link on her Twitter page that sent users to a hardcore Japanese porn site.

Twitter user Magnus Holm, who says he’s a Norwegian Ruby on Rails programmer, appears to have started the slaw.

In an email to the Times, Hold said he just “wanted to experiment with the flaw.”

But the hack isn’t so harmless, and it’s led to other acts of online vandalism.

Others appear to be taking the JavaScript exploit and using it for much worse actions.

The Times reported that Holm said one malicious worm “downloaded some nasty code from a Russian server.”

There is no word on law enforcement action yet.

Thousands of Tufts University alumni have received letters over the past few days warning about a computer security breach that may have left their social security numbers and other personal information exposed.

According to school officials, several computers were exposed to an unknown virus or malicious software program. The computers contained old student files and they may have been downloaded.

"We don’t have any direct evidence of any unauthorized use of personal information, but we thought it would be a good thing to notify those individuals exposed," said Kimberly Thurler, a Tufts spokeswoman.

Seven thousand alumni are affected, and warning letters started going out May 24.

Tufts is offering each alumnus a free year of credit monitoring service from Experian.

Tufts, like many other colleges, once used social security numbers as student identification numbers. That practice is quickly going out of vogue across the country as identify theft fears have climbed. The files that were exposed were old records that still contained SSN’s.

Thurler said Tufts is in the process of seeking out and destroying these kinds of records.

"This is a case of old files that were still on isolated computers," Thurler said. "A small number of isolated computers were exposed."

At least one of the computers affected was located at Tufts’s Dining Services Department.

Thurler said she did not know the nature of the files that were breached.

Malicious software can seek out personal information like social security numbers and passwords. Infected computers can send data to a third party.

If you haven’t noticed, the internet is getting increasingly shittier with each passing day.

Whether it’s the makers of “The Hurt Locker” threatening to sue anyone who downloaded it, YouTube pulling every other clip that someone posts, or the fact I can’t figure out how to use a goddamn “keygen” so I can get all of this stolen software I downloaded to work, the web isn’t the proverbial “Wild West” anymore.

Hey, at least there’s still a healthy amount of free porn sites available at our fingertips, right?

Although, after reading articles like this, I’m sure that’ll change sooner than later, too.

Anyway, with the series finale of Lost airing this coming Sunday, some impatient fans have been (unsurprisingly) looking for any hints or plot spoilers because they’re either horribly impatient (which is dumb) or, because they’d like to ruin the ending for someone who would be super pissed if that happened (which would be hilarious and awesome.)

Regardless of the intent, fans who are looking for Lost finale spoilers not only aren’t finding them, they’re ending up with a nasty computer virus. Clearly, that’s not the kind of spoiler that anybody’s looking for. More on this story, thanks to the Boston Herald, after the jump.

Digital forensics provider Paraben Corporation has released a new product designed to detect porn on a person’s computer.

According to Paraben, the average age of a person first exposed to pornography online is 11 — whether on purpose or .. cough … not.

The Paraben Porn Detection Stick scans a PC and peripherals like flash cards and external hard drives and seeks out all those nekkid pics.

“Creating a tool that empowers parents with the ability to find risks to their children was very important to me as a parent and as a professional fighting crimes against children,” said Amber Schroader, CEO of the Utah-based firm.

The product’s internal software can scan images for skin tones and body parts on 15 supported image formats. It doesn’t say anything, however, about video files.

The product is $99 and promises a 99 percent success rate.

So that still leaves, what, 10 gigs of porn on your computer?

Research from security firm McAfee shows that some celebrities are just dangerous to Google and search for around the web because of the litany of fake websites out there that try to infect your computer with viruses and malicious code as you innocently seek out wallpaper and screensavers of your favs.

Brad Pitt leads the pack on a list that includes Jessica Alba and‚ Katherine Heigl.

“Fans searching for “Brad Pitt,” “Brad Pitt downloads,” and Brad Pitt wallpaper, screen savers and pictures have an 18% chance of having their PCs infected with online threats, such as spyware, spam, phishing, adware, viruses and other malware,” McAfee said. “Cybercriminals are using A-listers’ names and images, like Beyoncƒ© and Justin Timberlake, to lure Internet users who surf the Web for the latest gossip, screen savers and ringtones to “fake” Web sites that look legitimate.”

The list includes:

1. Brad Pitt – When “Brad Pitt screensavers” was searched, more than half of the resulting Web sites were identified as containing malicious downloads with spyware, adware and potential viruses.

2. Beyoncƒ© – Inputting “Beyoncƒ© ringtones” into a search engine yields risky Web sites that promote misleading offers to gather consumers’ personal information.

3. Justin Timberlake – Interest in his high-profile relationships makes him an easy target for spammers and hackers. When searching for “Justin Timberlake downloads” one Web site advertised free music downloads that were flagged as directly leading to spam, spyware and adware.

4. Heidi Montag – “The Hills” star is a popular search term when it comes to searching for wallpaper. A host of wallpaper Web sites contained hundreds of malware-laden downloads.

5. Mariah Carey – Spammers and hackers are using Mariah Carey screen saver Web sites to link to other sites proven to contain spyware, adware and other threatening downloads.

6. Jessica Alba – Red-ranked risky sites were identified when searching for “Jessica Alba” and “Jessica Alba downloads.” The sites contained hundreds of malicious downloads, links to other bad sites, misleading offers to gather information, and a high number of spam emails when an email address was provided.

7. Lindsay Lohan – This young Hollywood starlet is as dangerous to search online as she is famous. Searching for “Lindsay Lohan downloads” resulted in several dangerous Web sites laden with hidden adware.

8. Cameron Diaz – Cybercriminals use download Web sites related to Cameron Diaz’s image to link to other harmful sites containing spyware.

9. George Clooney, Rihanna – The technology found one Web site embedded with hundreds of dangerous wallpaper and photo downloads after inputting “George Clooney downloads.” “Rihanna pictures” was also a risky search term, as McAfee identified a site that spammed its test email address.

11. Angelina Jolie – When “Angelina Jolie downloads” was searched, the software highlighted a risky site with 978 hidden malware-infected wallpaper and photo downloads, as well as links to other potentially dangerous URLs.

12. Fergie – A Fergie screen saver site was flagged as offering 111 risky downloads that could seriously compromise a PC’s privacy with unwanted spyware and adware.

13. David Beckham, Katie Holmes – The “David Beckham” search term generated a great deal of wallpaper and screen saver downloads veiled with malware. Consumers should also exercise caution when searching for “Katie Holmes” online – one download site advertised free screen savers that, if downloaded, would infect your computer with malicious programs like spyware.

15. Katherine Heigl – Hollywood’s big headliner in recent years is now susceptible to Internet lurkers too. “Katherine Heigl” was searched and a site was identified containing hundreds of malware-infected pictures.

‚ ”Cybercriminals employ numerous methods, yet one of the simplest but most effective ways is to trick consumers into infecting themselves by capitalizing on Americans’ interest in celebrity gossip,” said Jeff Green, senior vice president of McAfee’s Product Development and Avert Labs. “Tapping into current events, pop culture or commonly browsed sites is an easy way to achieve this. And because of Americans’ obsession with following celebrities’ lifestyles, they are an obvious target. We have to take precautions in casually navigating the Web since many subtle sites may be rife with malware for consumers’ computers.”

The list was compiled using McAfee SiteAdvisor, which can be downloaded for free at‚ www.mcafee.com/siteadvisor.

McAfee Avert Labs reported Tuesday the most significant malware outbreak in three years with more than 500,000 detections of a Trojan horse they’re calling “Downloader-UA.h,” which is spreading by masquerading as a media file.

“The malicious MP3 music or MPEG video files have appeared on popular file-sharing services such as Limewire and eDonkey,” Avert Labs said in a statement.

McAfee has rated “Downloader-UA.h” as a “medium” risk threat. It is the first malware to receive that risk rating since 2005. It is the most dangerous threat to mask itself as a multimedia file ever recorded.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, threat researcher at McAfee Avert Labs. “We have never before had a threat this significant that arrives as a media file.”

The last time McAfee went to “medium” on a computer threat was W32/Sober from November 2005. Sober was a virus that proliferated massively through email.

The malicious files are all named differently in multiple languages and vary in size to make them appear like legitimate music or video files, McAfee said. Attempting to play one of the malicious files will trigger a program called “PLAY_MP3.exe” to download, launch, and force advertisements to appear on the infected computer.

Some of the sample names used by the malicious media files include “preview-t-3545425-adult.mpg” ; “preview-t-3545425-changing times earth wind .mp3″ ; “preview-t-3545425-girls aloud st trinnians.mp3″ ; “preview-t-3545425-jij bent zo jeroen van den.mp3″ ; “t-3545425-lion king portugues.mpg” and “t-3545425-los padres de ella.mpg”

If you need a another reason to get rid of Limewire and other filesharing apps, you might not get a better one.

Take a seven dollar can of compressed air from any office supply store. Flip it over, and spray its liquid nitrogen on a computer’s DRAM, or digital random access memory. Reboot the computer, or even extract the DRAM chip and clone it, then run a few relatively simple programs. Nothing that would defeat an intermediate level programmer.

It’s that easy to bypass the most popular forms of hard disk encryption software. From Windows Vista, to Mac OSX, to various flavors of Linux, it appears that all major operating systems are highly vulnerable.

Conventional wisdom held that DRAM memory was rapidly volatile, causing all of its information to fade as soon as power to a computer is cut. However, researchers with Princeton’s School of Engineering and Applied Science department have recently proved that false.

By tipping the can of air upside down over a laptop’s DRAM chips, the nitrogen gas freezes the chip within seconds. When it’s frozen, the memory can stay fresh for longer than ten minutes — more than enough time to steal the encryption keys that allow easy access to the hard drive’s data.

In their paper, titled, “Lest We Remember: Cold Boot Attacks on Encryption Keys,” they say, “We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials.”

The revelation and airtight research have knocked the computer world for a spin, as laptops containing military information to proprietary corporate research are now wide open.
In their paper, the researchers observe that many computers with inefficient cooling systems do not need the benefit of liquid nitrogen at all. The DRAM stays cool enough on its own to simply reboot the computer with the proper access tools.

The researchers end their abstract by noting, “Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.”

See also: The New York Times