TechMan: Low-tech attacks are working
Share with others:
There has been a spate of stories about cyberattacks on major U.S. media sites thought to be connected to the government of China. The New York Times, Wall Street Journal and Washington Post all have reported detecting intruders in their systems.
What struck TechMan was how the Times suspects the hackers gained entry -- by a well-known, low-tech method called "spearphishing."
The attackers send emails that contain malicious links or attachments to certain employees. All it takes is one click on the email for hackers to install "remote access tools" -- or RATs -- on the network that can siphon off all manner of information.
Spearphishing differs from "phishing" in that the attackers target certain people. They do research to make the infected email appear that it comes from someone the target knows or an organization of which he is a member.
Michael Higgins, chief security officer at The Times, said: "Attackers no longer go after our firewall. They go after individuals. They send a malicious piece of code to your e-mail account and you're opening it and letting them in."
So if you get a piece of mail you don't expect, even if the source looks familiar, be cautious.
Text message acronym of the week: DWWWI -- surfing the World Wide Web while intoxicated.
Tip of the week: Right-click on a tab at the top left of your browser and you will get a menu of actions you can take. You'll get slightly different menus in Chrome, IE or Firefox. Doesn't work on Macs -- no right click.
Microsoft released 12 patches for 57 vulnerabilities today for Windows, Internet Explorer, and Office.
Five of the updates are labeled "critical," in which malicious code can be remotely executed on users' machines.
Adobe has issued an emergency fix for Flash to prevent two ongoing malware attacks against the world's most popular Web plug-in.
In an advisory note last week, Adobe announced the latest release of Flash Player 11.5, which will patch two security zero-day vulnerabilities that are actively being used by hackers and malware writers to spread malware.
I don't know why Hasbro Inc. had to take an Internet survey to find the least popular Monopoly playing piece. In all my time playing as a youth, I never saw anyone voluntarily choose the iron. It was the piece you got stuck with.
President Barack Obama will issue an executive order aimed at bolstering U.S. cybersecurity as soon as this week, Bloomberg reports.
The executive order, expected to be released after Mr. Obama's State of the Union address tonight, sets up a voluntary program of cybersecurity standards for companies operating vital U.S. infrastructure.
The number -- 2 to the 57,885,161st power minus 1 -- is the new largest known prime number and is 17 million digits long.
Primes are numbers that can only be divided by themselves and 1, as TechMan readers probably know.
The big prime is the third discovered by Curtis Cooper of the University of Central Missouri, using 1,000 university computers. The number is so large that it took one of the computers 39 days to check that it was prime. If you wish to help find the next largest prime number, you can download software at http://www.mersenne.org/freesoft/
First Published February 12, 2013 12:12 am