Tech Talk

Some of the most prominent people on earth may be vulnerable to spam and malicious hacking, according to a published report.

The security breach threatens the identities of Apple’s iPad owners, including CEOs, military and finance officials, members of the media and the Washington elite, Gawker reports. The information exposed include subscribers’ e-mail addresses and the numbers used to identify the SIM cards that associate a mobile device with a specific user.

The information was obtained by a group calling itself Goatse Security, according to Gawker.

Goatse Security reportedly obtained the information through a script on AT&T’s website. The security hole was repaired after Gaotse Security notified AT&T of the breach, Gawker reports.

According to Gawker:

According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment.

Although AT&T closed the security hole recently, the victims were not immediately notified, according to Gawker.

The problem, according to Gawker, appears to be AT&T fault, and will likely complicate an already strained relationship with Apple.

Among others, affected accounts, according to Gawker, belonged to folks from:

• Department of Defense
• New York Times
• Time Warner
• News Corporation
• Hearst
• Amazon
• Google
• Microsoft
• Goldman Sachs
• Morgan Stanley
• JP Morgan
• Citigroup
• GMail user who appears to be Rahm Emanuel
• Senate and House of Representatvies
• NASA
• Department of Justice
• Department of Homeland Security
• FAA
• FCC

This incident should remind users that it’s a good idea to use a separate e-mail address for the registrations of products — like the iPad. Such e-mail addresses could then be automatically forwarded to one’s primary inbox. By doing such, one’s primary personal e-mail will not be as likely to be compromised.

To read much more, including analysis, details about how the breach was perpetrated and a statement from AT&T, please click here.

A popular social networking site is washing more egg off of its face.

Facebook inadvertently allowed some users’ instant messages and friend requests to become public, the Wall Street Journal reports, as a result of a bug.

Ironically, some users were able to see live chats of users’ of other users in a feature that was intended to enhance privacy.  TechCrunch posted a video demonstrating the exploit.

As a precaution, chat access was disabled for a short time, but appeared to be back by 1 p.m. on Wednesday.

Facebook has been reeling from criticism over the way it has handled users’ privacy in recent weeks, and this latest issue is sure to only fan the fire.

Social network users should be wary of this issue, and use extreme caution when communicating on sites like Facebook and Twitter. It is always best to assume that even the most private information will eventually be public.

Another Connecticut bank appears to have been targeted by folks who tried to steal personal banking information.

Suspects allegedly used a skimming device to capture card and PIN information at a People’s United Bank early Thursday, the Darien Patch reports.

Three women were led away by police in handcuffs, the Patch reported, and police are reportedly seeking a fourth individual.

In July, Tech Talk reported the arrest of a man who allegedly attached skimming devices to ATMs in two Wallingford banks.

“As technology evolves, there are more and more ways for criminals to circumvent the process,” Connecticut State Police spokesman Sgt. Chris Johnson told the New Haven Register at the time.

Thieves can capture ATM, debit and credit card information through a process called skimming anywhere such cards are used by capturing the information contained on the cards’ magnetic strip.  In many cases, cameras are also attached nearby to capture PIN information.

However, by following but a few simple tips, you could avoid becoming a victim.

Consumer Reports recommends:

• Don’t type in your pin at the gas pump for your debit card because they are produced by only a couple manufacturers making it easier for someone to gain the ability to insert a skimming device inside the pump where it cannot be seen.  If a credit card is unavailable, the publication suggests choosing the screen prompt that identifies the card as a credit card so a PIN is not required; greater protection from liability is gained if fraud occurs this way.
• Closely monitor your bank accounts — preferably online — because federal law limits consumers’ liability for fraudulent debit-card charges to $50, but only if the  theft or loss is reported within two business days. Failing to report unauthorized charges within 60 days of the date of the statement could make you liable for any unauthorized withdrawals afterward.  Visa and MasterCard have zero liability policies that go beyond federal law by exempting debit users from liability in most circumstances when a bank investigation confirms a transaction is fraudulent.  However, dealing with debit-card fraud has the potential of having a greater impact on your finances than credit-card fraud as you won’t be out any money while the disputed charges are being investigated.
• Use ATMs at banks because there’s generally more traffic and surveillance cameras to prevent someone from attaching a skimming device.  Granted, as noted in the ABCNews.com report, bank ATMs could also be targeted.  And, in fact, ABCNews.com reports that criminals are beginning to target ATMs in banks because the increased traffic gives thieves the potential for more activity and subsequent money.

ABCNews.com offers six recommendations of how to spot ATM skimmers:

• Be aware of your surroundings. Be extra careful of machines in dark areas or in places that don’t look well guarded and monitored.
• Pay attention to the front of machines. If it looks different from others in the area (for example, it has an extra mirror on the face), has sticky residue on it (potentially from a device attached to it) or extra signage, use a different machine and notify bank management with your concerns.
• Notice how it feels to type in your PIN code. If it’s difficult to punch the keys or you feel resistance, it could mean that a keypad overlay is present.
• Cover your hand as you type in your PIN. If a camera is present or someone is trying to look over your shoulder, this will obstruct their view.
• If you think the area around the card entry slot looks peculiar, pull on it. If it comes off or loosens, alert bank management but try to leave the machine as you found it. Leaving the evidence in place could help authorities track down the criminals.
• If you find a skimming device, in addition to notifying bank management, the ATMIA says to notify local law enforcement.

If things get completely out of hand, American banks might resort to a South African technique of loading pepper spray into automatic teller machines to deter crooks, as Tech Talk reported here.  Granted, a few modifications would have to be made first.

Internet surfers have yet another thing to worry about — having their browsing history posted for hundreds of millions of people to see.

A Japanese trojan virus known as Kenzero is installing itself on computers using a popular file-share service, the BBC reports.

But that’s only the beginning.

The malware, which targets folks downloading illegal copies of certain games, then reportedly publishes the user’s surfing history and demands ransom via e-mail or pop-up message to “settle your violation of copyright law.”

The BBC reports that 5,500 people have been infected.

Kenzero has also been known to encrypt users’ files before demanding a fee for a decryption key, the news organization reports.

The BBC reports:

It offers a “pretrial settlement” fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice. However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.

Users are advised not to pay the blackmail, but rather to remove the malware.

When you enter information online, it is always best to assume it will be compromised — particularly on unsecure Web sites, like Facebook.

The Christian Science Monitor reports that a glitch resulted in the exposure of “many Facebook users” on Tuesday night.

The bug, the publication reports, lasted for at least 30 minutes and prevented users from hiding contact information.

The episode should remind us all that if you don’t want information revealed, then don’t enter it.  If that means limiting your social networking capabilities, then so be it.  There are countless places one could attain alternative e-mail and phone numbers, such as Google.

Facebook has a relatively good track record of keeping its users safe and information secure.  However, incidents like this are more likely than not to happen again and users should act accordingly.

For more news, tech and otherwise, follow Jamie DeLoma’s Twitter feed.

It is important to understand the risks of the gadgets you are bringing into your home — and bedroom.

A lawsuit alleging that officials from a high school in an affluent area in Pennsylvania watched a 15-year-old at home on a school-issued laptop’s webcam has raised awareness of a relatively unknown risk.  Many laptops sold today have webcams built into the monitor creating for the potential of increased voyeurism.

According to an article on philly.com:

In a lawsuit filed Tuesday in federal court, the family said the school’s assistant principal had confronted their son, told him he had “engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district.”

The Lower Merion School District, the suit alleged, was able to turn on the webcams and illegally invade students’ privacy.

According to the publication:

A statement on the district Web site said the lawsuit’s allegations “are counter to everything that we stand for as a school and a community.”

Stephen Henderson, a law professor interviewed for the story, told philly.com that using such a camera for home surveillance “would violate wiretap laws, even if done to catch a thief.”

It is important for folks with webcams to understand how the popular device works. Some have lights that illuminate when activated, while some do not.  Many have the potential to be activated remotely.  To preserve one’s privacy, users with webcams could simple place a small Post-it note over the camera’s hole to avoid any unexpected or undesired exposure.

It is important to remember to always think of the worst-case scenarios with any piece of technology you bring into your home, because chances are someone else already is.

America must look to technology to protect its citizens and infrastructure from 21st century threats.

Dennis Blair, director of national intelligence, said that the United States is at risk of a cyberattack that could “wreak havoc,” FOX News reported Wednesday. It is substantially easier to launch a digital attack than defend against one, the intelligence czar reportedly told the House Intelligence Committee.

“What we don’t quite understand as seriously as we should is the extent of malicious cyberactivity that grows, that is growing now at unprecedented rates, extraordinary sophistication,” Blair said. “And the dynamic of cyberspace, when you look at the technological balance, right now it favors those who want to use the Internet for malicious purposes over those who want to use it for legal and lawful purposes.”

Al Qaeda could attempt to carry out an attack in America within the next six month, FOX News quoted senior intelligence officials as telling Congress on Tuesday.

Despite President Obama’s promises to make cybersecurity a priority, FOX News reports that his budget actually requests a decrease in funds for America’s cybersecurity division of Homeland Security.

Our government has for too long been reactive, rather than proactive. Just consider how the TSA operates. New policies and protocols are routinely instituted AFTER threats are made known, rather than before. The alleged Christmas Day bomber is the perfect example.

Tech Talk has reported extensively on potential cyber threats facing this country.  You can sample our cyberwarfare archives here.

As America becomes increasingly dependent on technology — to do everything from manage finances, sewage treatment plans, sustain missions in space and operate military operations, it is increasingly important to take the mounting cyberthreat seriously.  Or else, it will be too late.