ILL_Natured_gr’s team Weblog

ILL_Natured_gr’s team Weblog at WordPress

Archive for the ‘PC Security’ Category

BlackBerry ‘spyware’ can steal secrets

Posted by ILL Natured_gr on September 11, 2007

BlackBerry ‘spyware’ can steal secrets

Brett Winterford and Munir Kotadia, ZDNet Australia

03 July 2007 06:30 PM

Research in Motion’s (RIM) BlackBerry which is popular with corporate users due to its secure management of mobile e-mail is vulnerable to ‘legal’ spyware that has been classified as a Trojan by several security vendors.

RIM’s BlackBerry has won significant market share in the corporate sector due to a perception that it is impervious to security attacks.

But an updated version of the FlexiSPY application, considered a security threat by most IT security vendors, enables a remote attacker to tap into phone calls and e-mails sent to and from a Blackberry-enabled device.

“This is the first [Trojan] for a BlackBerry we have ever seen,” said Patrik Runald, senior security specialist with F-Secure.

Marketed as a spyware device for BlackBerry phones, the FlexiSPY application by Bangkok-based manufacturer Vervata is sold on the premise that it can “spill BlackBerry secrets.”

Once physically installed on a mobile device, a remote user is given complete monitoring and access control.

This includes bugging voice calls, logging mobile e-mail messages and SMS, tracking the location of the user, or even remotely switching on the phone’s microphone to bug a user regardless of whether they are on a call.

While FlexiSPY also works on Windows Mobile and Symbian-based devices, and is sold on the premise of catching a cheating spouse, ‘disloyal’ employee or for the monitoring children, there can be no doubt that a BlackBerry targeted version is aimed squarely at corporate espionage.

Its use in a boardroom, for example, could have catastrophic implications for any organisation.

RIM, manufacturer of the BlackBerry, was unavailable for comment by press time.

The full artcle can be found HERE

Posted in PC Security | Leave a Comment »

News : Seattle man arrested for P-to-P ID theft

Posted by ILL Natured_gr on September 9, 2007

News: Seattle man arrested for P-to-P ID theft (07 Sep 2007)

A Seattle man has been charged with using P-to-P networks to steal sensitive information from victims.Robert McMillan (IDG News Service) 07/09/2007 10:20:54 A Seattle man faces as many as 29 years in prison after being charged with using the LimeWire and Soulseek P-to-P (peer-to-peer) networks to commit identity theft.

Gregory Kopiloff was arrested Wednesday on charges of mail fraud, accessing a protected computer without authorization and two counts of aggravated identity theft, said Emily Langlie, a spokeswoman with the U.S. Attorney’s Office for the Western District of Washington. This is the first case that Langlie’s office is aware of that involves P-to-P identity-theft charges, she said.

In court filings, federal prosecutors alleged that Kopiloff began the scam around March 2005, using the P-to-P networks to search for victims who had accidentally configured their software to share sensitive documents. Hard drives were searched for “federal income tax returns, student financial aid applications and credit reports that had been stored electronically,” court filings state.

Using that information, Kopiloff would fill out online credit-card applications, and then buy products such as iPods or computer hard drives, which he then resold for cash, typically at about US$0.50 on the dollar, federal prosecutors claim.

Kopiloff was allegedly able to buy more than US$73,000 worth of merchandise using online credit-card accounts he’d set up using the identities of at least 83 victims.

It’s easy for unsophisticated users to accidentally share sensitive information via P-to-P networks said Christopher Boyd, director of malware research with FaceTime Communications. “Some P2P programs have ‘share folder’ options and if you accidentally hit it, bam — it’s out there without you even knowing about it,” he said in an instant-message interview.

But luckily there’s an easy fix for the problem. Boyd recommends that P-to-P users place all of their sensitive documents on a stand-alone drive, separate from the main PC. “It’s about the best way to ensure you don’t accidentally share your life story with the rest of the world via P2P,” he said.

The full article (at site) can be found HERE

Posted in PC Security | Leave a Comment »