Shortest Scam ever, and worth $1,600,000!

This is a great one – short and to the point. I hope you can all understand that I’m going to cash in and spend the rest of my days on a desert island. How does this stuff get through my spam filter!

Date: Mon, 1 Feb 2010 15:36:00 +0100
From: British Telecom <15189085@users.siol.net>

Your email ID has been awarded 1,000,000,00 GBP. in our British telecom Promo. Do send your:
Name:
Occupation:
Country:

MA 201 CMR 17 Revisited..

Though the deadline for MA 201 compliance has been extended until the end of the quarter, it’s a good time NOW to review what this regulation means to you and your business.

I must start with the usual “ask Gary” disclaimer – I’m not a lawyer, but the regulation is pretty easy to read (compared to many others) and I reccomend anyone subject to it prints it out and pays attention.

So, how do you know if you’re subject to MA 201 CMR 17 or not? Lets start from the top of the regulation itself: Read more…

Bank sues customer for $200,000 of unrecovered cybercrime losses..

An interesting standoff going down in Plano, Texas, between Hillary Machine Inc, a manufacturer and supplier of fabricating equipment, and their Bank, PlainsCapital.

It seems back in November 2009, Cybercriminals obtained the details to Hillarys account in the PlainsCapital online banking system, and made a series of transfers totalling $801,495.  Roughly $600,000 was recovered, and the remainder is now subject to dispute. Read more…

Offer of $5.5m from a VERY SHOUTY NIGERIAN

I think this got through my spam filter because Brian was SHOUTING so loud. It fascinates me how you can be so computer illiterate as to not understand how to use capitals (or not), yet feel you have some chance of success in pursuing this kind of scam..

I had a mind to tell him I’d meet him at a NYC Police Station (for security reasons), but some other guy is offering me $10.8m, so I’m going to put my efforts there Read more…

Scam Of The Week – $10.8m from Barclays..

Yes, I know these mails go out to all and sundry, but I can’t help being amused that me, of all people still get them. You’d think that whoever sends them would be a little more targeted.

Still, when one makes it through my spam filter, I can’t help but be intrigued.. So, here’s a good one courtesy of Barclays Bank, who still use Yahoo as an email address provider it seems… Read more…

83,000 Toronto Health users PHI exposed…

Today it was announced that the personal information of 83,000 users of the Durham health systems became exposed when an unprotected USB stick containing their information was “lost”.

Not too uncommon you might think, but in this case, Ann Cavoukian, the Ontario privacy commissioner (who I had the pleasure of speaking with last year at than annual Privacy-By-Design conference), stepped in, demanding that they

“immediately implement procedures to ensure that any personal health information stored on any mobile devices [laptops, memory sticks, etc] is strongly encrypted.”

CBC news further reported that Commissioner Cavoukian expected every health authority in her province to follow suit.

Eugene School leaks “potential” 26,000 records, Could be none?…

This week, datalossdb.org reported the first major suspected PII breach of the year, reported by George Russel, Superintendant of the Eugene School District of Oregon. You can find the full story on the KVAL news site.

Apparently some suspicious activity was noticed on one of their internal servers, which was subsequently shut down and isolated before being analyzed. The server in question had PII related to around 2,500 individuals, but was connected to other servers containing records of 13,000 former employees of the school district, and around 13,000 vendors. Total possible exploit of around 26,000 records.
Read more…

Ghana takes first steps towards Data Protection Legislation…

This week Ghana News reported some sweeping changes proposed in the countries telephony infrastructure, designed to reduce fraud and increase the revenue contribution to the Ghana budget. There has been some talk in the past re Ghana adopting legislation along the lines of the UK Data Protection Act, but this is one of the first clear indications of sponsorship at a ministerial level.

The Minister (Mr. Haruna Iddrisu, the Minister of Communications) also said plans were afoot for a number of supplementary legislations including data protection/privacy, cyber security legislation, intellectual property legislation, and e-transaction regulations.

“Cheap” Secure USB Sticks, you get what you pay for?

Recently a whole slew of news sites announced a newly discovered vulnerability (care of the German Security firm SySS) on a range of “supposedly” secure consumer USB sticks.

These models from SanDisk, Kingston and Verbatim were apparently easy to defeat and retrieve the data from without knowing the users password or having any prior knowledge or touch on the stick.

The exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, ALL sticks use the same auth key. By simply sending this known ack key to the stick, you can unlock it, or any other stick.

Interestingly, some of these insecure devices had been through FIPS 140-2 Level 2 security certification, so should really have been immune to this kind of attack.

Read more…

Tools and Utils – Latest Versions

This page is mostly machine readable by my various tools and utilities so they know when to tell you there’s a new version.
But, if you find it interesting, well, all the better.

START: ProductVersionList
Livelog|1.40|4th Feb, 2010|http://mcafee-int.hosted.jivesoftware.com/docs/DOC-1150|Changes to add menus and better error handling
EEPCFSExplorer|1.08|5th Feb 2010|http://mcafee-int.hosted.jivesoftware.com/docs/DOC-1123|Changes to add menus and better error handling
ProductUpdate|9.99|4th Feb, 2010|No URL|Test update text
END: ProductVersionList