Maximum PC phishing RSS Feed

Google Rebuffs Claims of Gmail Security Hole

Paul Lilly — Thu, 27 Nov 2008 09:25:54 -0600

Earlier in the week, reports of a supposed newly discovered Gmail vulnerability started making the rounds on the web. The proof of concept was first posted on GeekCondition.com and showed how a hacker, with a bit of effort and persistence, could potentially infiltrate a user's Gmail account, create a malicious filter to forward emails to the hijacker, and top it off by stealing any domains the victim may have registered. But is the proof of concept truly indicative of a security flaw in Gmail?

While it's true that there have been users affected by the scheme, Google ascertains the root cause has more to do with phishing than it does with Gmail.

"With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information," Google wrote in a blog post. "Attackers sent customized emails encouraging web domain owners to visit fraudulent websites such as 'google-hosts.com' that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline."

As is often the case when it comes to security issues, a combination of common sense and safe computing habits remains your best defense.

Gmail Users Gain Immunity against Fraudulent eBay, Paypal Messages with DomainKeys

Pulkit Chandna — Fri, 11 Jul 2008 16:41:32 -0500

A man of ordinary sanity doesn’t need sophisticated e-mail filters for egregiously unconvincing messages from someone lodged in a war torn African country, informing the recipient of how the sender miraculously found him, of all Homo sapiens, and a deal worth millions awaits him. But, unfortunately enough, perfectly sane people do fall prey to such messages, and don’t fare too well against the slightly more plausible fake eBay and Paypal e-mails either.

eBay and its cognate company Paypal have tied-up with internet behemoth Google to immunize Gmail users from phishing attacks. Fraudulent e-mails, claiming to be from eBay or Paypal, would be purged by using DomainKeys and DomainKeys Identified Mail (DKIM). However, Paypal admits that the technology still needs some polishing. DomainKeys has been used for a while now and, in fact, most Yahoo Mail users might recall e-mails from some major domains including Paypal having a stamp of approval from Yahoo Domain Keys: Yahoo Domain Keys has verified that this message was sent by XYZ.com. All said, this is a good move.

Tip: If you want to be absolutely sure about your precious Paypal and eBay accounts, don’t ever click through to these websites from links embedded in emails, no matter how credible they might appear to your untrained eye. Also change your password as often as you can, preferably, as often as once a month.

Windows News, Friday the 13th Edition

Mark Soper — Fri, 13 Jun 2008 20:55:14 -0500

It may be Friday the 13th, but there's good luck in the air for 64-bit Windows, Hotmail, antiphishing, and Windows XP fans. Read on for all the details.

New MSN Messenger Trojan Targets VNCs Too [updated]

Mark 'Marcus Soperus' Soper — Mon, 19 Nov 2007 21:37:25 -0600

MSN Messenger users, it's time to batten down the hatches as a new IRC Trojan attacks both PCs and virtual network connections. Learn how it works so you can stop it.

Google's in the XSS Crosshairs - and So Are You

Mark Soper — Mon, 24 Sep 2007 23:32:52 -0500

Googling your way around the Internet? Watch out - cross site scripting (XSS) makes Google and other sites less safe than you think.

Think Before You Click on That Great "Job Offer"

By Mark Soper — Fri, 24 Aug 2007 21:21:27 -0500

In a one-two data-theft punch, several hundred thousand jobseekers using Monster.com have had their personal information stolen from the website last week. Here's how it happened and how to avoid being scammed.[updated 8-25-07]