Son Sues Mom Over Facebook 'Hacking'

Suing your parents isn't just for celebrities anymore--a 16-year-old Arkansas boy is suing his mother for hacking into his Facebook account and allegedly posting slanderous remarks.

Denise New of Arkadelphia is facing harassment charges from her 16-year-old. Her son, who lives with his grandmother, also requested a no-contact order. Prior to this issue, New and her son reportedly had a "great relationship," despite their living arrangements.

According to the boy, his mother hacked into his Facebook and email accounts, then changed both passwords. She also allegedly posted remarks that involved slander and information about his personal life...

New plans on fighting the charges, as she believes she was fully within her legal rights as a parent to monitor her son's online behavior.

I hardly think parent's rights extend to accessing your kids social media and email accounts and changing the password on them. If they are old enough to have such things, let them have them. The boy in question is 16, not 6.
The mom claims he left his accounts logged in on his PC...let this be a lesson to those of you that don't log out of your accounts.

TJMaxx Hacker Gets 20 Years

Remember the largest personal data theft in history? The guy that supposedly was behind it was sentenced this week to 20 years in prison. 

Albert Gonzalez, who operated under the hacker alias SoupNazi, pleaded guilty last year to slipping into the computer networks of major retailers such as TJ Maxx, BJ's Wholesale Club, Barnes & Noble, OfficeMax and Boston Market.

To pull off the caper, Gonzalez, 28, would hack into the Heartland Payment systems that handled credit card transactions for major retailers. Then the Miami resident got creative. He would cruise by stores with his laptop and infiltrate wireless Internet signals.

A Trojan Horse program would be planted in the store's network and Gonzalez would later vacuum out credit and debit numbers.

Authorities say Gonzalez operated with two co-conspirators and operated overseas as well. All told, the operation stole more than $200 million. The Secret Service estimated that the potential economic loss could be in the billions. Gonzalez personally amassed $2.8 million.

Of course, there was some fault of the retailers involved, as they were using WEP encryption, known for years prior to the data theft to be easily hacked and thus insecure, to wirelessly transmit transaction data between registers and the store office. Gonzalez and his crew were then able to repeatedly tap into the store systems this way, and learned how to login into the corporate computer system of TJX, parent company of TJ Maxx, BJ's Wholesale Club, Barnes & Noble, OfficeMax and Boston Market. Since TJX evidently was storing customer data in violation of PCI Data Security Standards, Gonzalez and crew were able to steal some 46 million customer credit cards from this company.
Amazingly, PCI standards will not ban the use of WEP in credit card systems until June 30, 2010 (although it has prohibited new systems that use WEP from being installed since March 31, 2009.)

Another Password Stealing Virus Hits Facebook

(Reuters) - Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.
The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.
If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.
Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.
A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its web site earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.
McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.
Dave Marcus, McAfee's director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.
"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," he said.
The email's subject line says "Facebook password reset confirmation customer support," according to Marcus.

Trojan Virus Has Been Stealing Bank Info For Years

The BBC is reporting about a trojan that has been quietly collecting online banking information for nearly three years. This particular virus is interesting because you didn't need to click on a pop-up or spam email link to get it. Using the 'drive-by download' method, simply visiting a website is enough to be infected.

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as "one of the most advanced pieces of crimeware ever created".
The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.
RSA said the trojan virus has infected computers all over the planet. "The effect has been really global with over 2000 domains compromised," said Sean Brady of RSA's security division.
The RSA's Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.
Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.
"One of the key points of interest about this particular trojan is that it has existed for two and a half years quietly collecting information," he said.

read more

Study Shows Online Privacy Concerns Are Rising

In the wake of the Facebook Beacon and Sears Manage My Home privacy snafus, you would expect more Americans to state they are concerned about online privacy. Interestingly, according to this study it is mainly people who don't shop online and those who are new to shopping online who express concern over privacy. I would be surprised if more than a few of those polled had heard of either incident, both of which got limited mainstream news coverage.
However, you don't even have to be online to have your privacy or identity threatened. Anyone who purchased items from a Sears store, for example, where Sears had a record of the purchaser's name and address was potentially vulnerable to that purchasing history being exposed on the web in the recent Manage My Home debacle. The largest data breach yet known was due to TJ Maxx stores not properly securing their intra-store wireless, allowing anyone with a laptop and 30 seconds to hack the signal in the parking lot. Thieves then were able to access TJ Maxx's main databases for months, stealing 46 million credit card numbers.
And yesterday, JC Penny reported their data storage company lost a backup tape that contains information on 650,000 customers, including Social Security numbers for about 150,000 people. So you don't have to shop or bank online to be subject to identity theft or privacy breaches. (If you get a letter from GEMoney, open it.)
It's no wonder that more consumers are now closely monitoring their credit or joining identity protection services like LifeLock.
Scary.

read more | digg story

Mystery eBay 'Hack' Exposes 1,200 Accounts

Folks, if you use eBay, get the $5 security key from Paypal and be done with this nonsense. Don't live in fear of your Paypal or eBay accounts being hacked. And learn to protect yourself from online scams! Here is a list of over 30 well-known eBay scams.
From arstechnica:

eBay is one of the most successful Internet-only ventures of all time, so it's not surprising that it has come under near-constant attack by fraudsters and hackers. In the latest attempt, a hacker logged on to the eBay Trust and Security forums and pretended to post as 1,200 separate users, making it appear as if he had actually logged in with each user's account. The posts contained the users' names, contact information, and credit card numbers.
read more | digg story

eBay Under Attack

eBay accounts have evidently been under attack since Monday, according to Aladdin Knowledge Systems. The security company is stating that both email phishing schemes as well as botnets- networks of compromised computers working simultaneously- are being used to gain access to eBay accounts.
There has never been a better time to make sure you follow good computing practices.

• Make sure Windows is completely updated. Malicious websites take advantage of computers that have not installed the latest OS patches.
• If you have broadband, install a router even if you only use one computer. It acts as a firewall to block unwanted incoming traffic.
• If you have to use Internet Explorer, by all means make sure you have updated to IE 7. It is far more secure than IE 6. Again, malicious websites take advantage of known vulnerabilities in IE6.
• Do not click on links in email or respond to requests to 'update' your account information. The true url destination of that link can be masked and it could take you anywhere.
• Use a solid password on sites like eBay, Paypal, and your bank. Your pet or kid's name as a password is no kind of security. Some browsers such as Firefox, have extensions that can generate secure passwords. Better yet, order the security key available for eBay/Paypal.
  

read more | digg story

Have You Ever Shopped at TJ Maxx? Uh-oh!

In what is reported as the biggest breach of personal data ever, at least 45.7 million credit and debit card numbers were stolen by hackers who accessed the computer systems at the TJX Cos. at its headquarters in Framingham and in the United Kingdom over a period of several years.
TJX operates 826 T.J. Maxx, 751 Marshalls, 271 HomeGoods, and 162 A.J. Wright stores, as well as 36 Bob's Stores, in the United States. In Canada, the company runs 184 Winners and 68 HomeSense stores, and in Europe, 212 T.K. Maxx stores.
Holy Cow.
Oh, and by the way, this was discovered before Christmas 2006. Lovely.
But wait, theres more!
TJX now believes portions of the credit and debit card transactions at its U.S., Puerto Rican, and Canadian stores -- excluding debit card transactions with cards issued by Canadian banks -- from January 2003 through June 2004 were compromised.
Oh, but notice the small tidbit in this article from Information Week.
"TJX has also likely run afoul of the Payment Card Industry Data Security Standard created by Visa and MasterCard, as a number of documents sent by Visa to financial institutions that issue cards and manage Visa transactions indicate TJX was storing credit and debit card data in violation of the standard."
You see, companies are supposed to comply with the industry standard for retaining this data and it seems our friends at TJMaxx have been keeping transaction and other data for far longer than they are supposed to. But other companies may be doing the same thing.
If you have used a credit/debit card at any of the above stores in the last 4 years, call the helpline TJX has set up at 866-484-6978.