Alan Claridge of Indiana sued RockYou for data breach after the company admitted that they have lost the personal identification data of their 30 million users because of a hack. The only mistake of RockYou was that they didn’t acknowledge the online attack for almost two weeks after it happened.

How were the personal data of RockYou’s million users lost?

RockYou kept its users’ personal data which are all confidential only in plain-text files or .txt docs. They have failed to protect the personally identifiable information (PII) of their users letting it be accessed by anyone who is capable to hack. No wonder the hacker, “igigi”, didn’t have a hard time exploiting RockYou’s SQL injection vulnerabilities because of its poor coding.

After that attack, RockYou sent a mail to its users, including Claridge, received an e-mail from RockYou saying that their information might have been compromised. But 12 days before that, RockYou already knew its own liabilities and decided to shut down the site. It even published an apology and explanation on the attack that happened on the website.

To prevent this from happening again, RockYou will cooperate with the investigation of the authorities on the illegal breach of its database. They will also encrypt all passwords, evaluate their data security features and upgrade their legacy platform with the standard security protocols. RockYou is sued for nine counts which include negligence, breach of contract, violation of California’s Computer Crime Law, and California’s Security Breach Information Act, among others.

How Can Techie Now Help?

Alan Claridge did the right thing when he sued RockYou for data breach. Regardless of RockYou’s website being hacked, they should still protect customer data and not to have waited for 12 days before informing its users about the hack. You’ll never know but you might be the next victim of these hackers. Protect your PC now! Contact Techie Now for PC support services that you need like virus and spyware removal, performance optimization, installation and configuration and general repair.

www.TechieNow.com

If you sent an e-mail in the first few hours of 2010, there’s a possibility that your recipient has not received your e-mail because of the bug hidden in the open source SpamAssassin used by internet service providers (ISP). The rule used to score emails as possibility of being spam was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5.

SpamAssassin is a computer program used for e-mail spam filtering based on content-matching rules. Mike Cardwell found out that a rule named ‘FH_DATE_PAST_20XX’ triggered the program to give a high spam scores to any e-mail, legitimate or not, that has arrived within its header a date beyond a defined point in the future. He searched for the rule in Google and found out that the said issue, #5852, was first identified in November 5, 2008 and was already fixed in June 30, 2009. He is using Debian for his operating system which doesn’t contain the fix needed for that problem.

The rule ‘FH_DATE_PAST_20XX’ was not updated in compiled versions of Apache SpamAssassin 3.2.0 thru 3.2.5 before the New Year started. So any e-mails sent between 2010 and 2099 will automatically have high spam scores. Even though this problem has not directly stopped e-mail, the number of the legitimate e-mails mistakenly marked as spam would have been raised until the service providers detect the problem.

We’ll never know how many e-mails were affected by bug. According to reports, false positives appeared in Sweden, Germany, and The Netherlands. Daniel Axster of CronLab, an open source anti-spam company from Sweden, stated that it would have affected worldwide if it crossed the date line since almost all ISPs use the standard rule set with some modifications.

Axster advised the providers that they should do regular updates for the filters and archive spam monthly or in case of problems. They should also propose a mechanism to end users that will check their filtered emails for false positives. CronLab usually follow these techniques. Customers should store those emails suspected as spam so that the ISP can analyze about it.

SpamAssassin quickly fix the problem and offered a help page on its website as soon as they discover the problem. If you feel that you might have been affected with this bug but doesn’t know how to check it, you just have to press the resend button to send your email again.

How Can Techie Now Help?

The SpamAssassin 2010 bug blocked the emails enabling for other users not to receive emails sent to them. ISP should update their filters regularly. It’s the same as users updating security software for their computers for protection. If you are looking for PC support services like virus and spyware removal, performance optimization, installation and configuration and general repair, Techie Now is here to help you.

www.TechieNow.com

We all have experienced many online threats last year. And as year changes to 2010, the more online threats are changing too. Cybercriminals will be more eager to spread online threats and attack computers to benefit with any valuable information challenging users for security.

Here are some of the predictions that will challenge computer security this year:

1. Spam, Scams on Social Networking and Real-time Sites – A group of security researchers belonging from Websense, Breach Security, IBM Internet Security Systems‘ X-Force, and Symantec agreed that cybercriminals will focus their attacks on social networking sites such as Facebook, MySpace, and LinkedIn, and on real-time social sites like Twitter. When it comes to real-time features, Google, especially Google Wave, as well as Bing will be their target. The attackers enjoy the fact it will take time for others to discover the existence of a malicious link or file. Users may recognize one but still one way or another, there will still be victims.

2. Crime Cloud – Security vendors specifically AVG, M86, and RSA predicted that criminals will be attacking and using use cloud services directly to control attacks. and using them to direct and control attacks. IBM researchers are anticipating to see attackers exploiting more services. Take Amazon AWS for example which already served as a host for a malware command and control server.

3. Malware Hijacking Trusted Sites – Breach Security observes continuous improvements when it comes to compromising trusted sites and infecting them with malware. Numerous incidents of SQL injection has been proven successful in attacking sites. No doubt, it will happen again. Cybercriminals prefer to have a third-party that will distribute their malware.

4. Macs Will Be Compromised – It’s been years now that security companies have been talking about Mac being targeted by attackers for malware. According to Websense, exploitation will happen affecting Safari under Mac OS X which will invite hackers to target the Mac platform. Symantec is worried that Mac users who are not spending money to buy antivirus software yearly will not be protected with such attack. Zscaler still believe that Apple can somehow oblige the company to strengthen its security to surpassed continuous attacks. Many think Macs will be widely affected because of Adobe Flash vulnerability.

5. Search Engine Poisoning and Malvertising – Cybercriminals will exert more efforts on exploiting trusted sites. For them to infect sites, they will make use of search engines and advertisements. They will continue to threaten and weaken search results and enjoy the attention breaking news and events. Google together with Microsoft will assure its users for a safe search and advertising. Of course, they wouldn’t want their users to not trust them.

6. Increasing Number of Bots – Why would cyber criminals waste their time with cloud-hosted malware when botnets can do the same thing? Botnets are better than cybercriminals. It can also be a source of income generating cash for criminals and hijacking other botnets for money. This will cause conflict preventing botnets to grow and attracting security experts and law enforcement. It’s botnets against other botnets. It’s like what happened to Zeus/Zbot being shut down by Bredolab botnet. Symantec claimed that botnets have become the foundation of cybercrime.

7. Piracy Gets Riskier – Microsoft has started making a move to lessen software piracy since last December. They received many complaints from users who buy the pirated version of Windows. IBM researchers are expecting that the continuous use of the pirated software will infection more users will malware.

8. Mobile Security Issue – Smartphones like iPhone and Android-based handsets are like miniature personal computers. They are being used for business purposes. In 2010, Websense predicted that smartphones will be targeted for attacks just like the computers. Nowadays, security vendors either have or are developing a mobile security product service. IBM thinks that mobile attacks will still be limited.

9. Major Insider Theft Scandal Will – It is expected next year that someone who has been in a large organization accessing company data will be caught to be working for or with a cybercrime group. The Identity Theft Resource expected that the number of insider cases will increase because of failure to follow basic workplace security protocols.

10. Clickjacking is Back – According to Zscaler, clickjacking will strike back. Clickjacking is a malicious technique that tricks users to reveal confidential information or take control of their computer while clicking the sites. Jeremiah Grossman of WhiteHat Security and Robert “RSnake” Hansen of SecTheory reveal about the technique in October 2008. Efforts have made to lessen the risk of clickjacking but it is still effective to use especially with a social engineering component.

How Can Techie Now Help?

The above security threats serves as a reminder for computer users to be careful over the web. You’ll never know what security threat you will be into. For now, the best protection is a reliable and updated antivirus software that will keep you and your computer in trouble. When it comes to your computer’s protection, Techie Now is the name you can trust. Techie Now offers PC support services: virus and spyware removal, performance optimization, installation and configuration and general repair.

www.TechieNow.com

The Federal Bureau of Investigation (FBI) is investigating a small school in upstate New York for being a victim of online theft for almost half million dollars. The said school is the Duanesburg Central School District. Cyber thieves tried to rob the district online bank accounts for about $3.8 million.

By December 18, the thieves attempted to transfer $1.86 million from the district’s account at NBT bank to an overseas account. They tried to transfer again another $1.19 million to different overseas location after a week. The bank representative suspected and flagged the money transfer amounting of $758,758.70 after they discovered the two previous unauthorized transactions.

Fortunately, Duanesburg and NBT bank have recovered the $2.55 million stolen funds from them but still lacking $497,000. According to Duanesburg Central, more than a quarter of district’s budget for a year has been targeted by the thieves, which is less than $15 million. It is servicing about 1,000 students from kindergarten to 12th grade near west of Albany.

The same attack also happened on school districts, cities, counties and small businesses across the country last year. Attackers use malicious software get the user names and passwords and steal from the users’ online bank accounts. The FBI and the New York state are helping each other to investigate but it’s still unclear if malicious software has something to do with the attack. Duanesburg Central School District stopped online access to its bank accounts and requested that payments should be sent and received through paper check for now.

How Can Techie Now Help?

It’s really impressive how cyber criminals are able to create an online attack, steal money or infect computers worldwide without being caught in what they do. The only thing you can do for now is prevent yourself from being their victims. Of course, be careful when visiting websites, opening e-mails or downloading files. Also use authentic antivirus software to prevent your computer from being infected. If you need help with PC services like virus and spyware removal, performance optimization, installation and configuration and general repair, contact Techie Now right away!

www.TechieNow.com

The Federal Bureau of Investigation (FBI) advised the people to be alert of fake antivirus software which has victimized a lot losing $150 million.

An intelligence notice was posted by the FBI on the Internet Crime Complaint Center’s website warning the people while browsing the web to be careful of Antivirus programs pretending to be credible but they are not. These programs are considered scareware or rogueware. According to the internet security bloggers/writers, scareware are software products, most usually commercial firewall and registry cleaner software, produce a lot of perky and alarming warning or threat notices serving some desired purpose. It is considered scam software which has a limited or no benefit at all. Rogueware is a form of computer malware that convinces users to pay for the fake removal of malware.

The notice states that these scareware programs are very aggressive and dangerous threats claiming that they clean computer viruses and attracting the users to buy them. Online criminals engage with the process called malvertising or malicious advertising where they even use botnets in posting ads in websites to convince and victimize more users.

As soon as you download the fake Antivirus software, a pop-up will appear. Closing this pop-up is not as easy as you think as hitting the X button or clicking the Close button. If the user agreed to press the Yes button to buy the Antivirus program, a form will prompt asking for payment information for the fake item. This fake software can install viruses, Trojans, and/or password intercepting keylogging programs in your computer.

Anti-Phishing Working Group stated that the total number of scareware programs from January to June last year has surpassed 2008 as a whole. Security analysts noticed that different AV programs are created so that it will be difficult for real antivirus software detect the threats. FBI recommended the users to always update their security software and operating systems. If ever you encounter a rogue Antivirus pop-up, quickly shutdown PC or close browser. Perform a complete secured Antivirus scan as soon as you turn on your computer again.

How Can Techie Now Help?

Scareware or rogueware can keep you and your computer in trouble. So like what FBI advises the computer users to do, you should be careful with those fake Antivirus programs that you see while browsing the web. Don’t let those scareware or rogueware fool you. For now, update your security software and operating system. If you need help, contact Techie Now. We offer PC support services like virus and spyware removal, performance optimization, installation and configuration and general repair.

www.TechieNow.com