Your data means a lot to you, and Lenovo is looking to add one more layer of security to it with their latest concoction – a remote disable that you activate using a text message. The system, called Lenovo Constant Secure Remote Disable will be rolling out as early as 2009.
The remote disable allows anyone with a lost or stolen laptop to simply send a text message that will completely lock down the computer. According to Stacy Cannady, Lenovo’s Product Manager of Security, the computer waits to be turned on by the would-be thief, then locks itself down and uses this time to encrypt the hard drive. Once the machine is recovered all it takes is a “resurrection” password to completely unlock the whole thing.
According to Cannady, “The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it. If that is true, when someone steals the PC, you can whip out your cell phone and send a message to your PC, wherever it is, and when the PC gets that message, it will shutoff at that moment. The only way to get it back is to type in the resurrection code.”
Now, let’s just hope that once this technology comes full circle to the Twitter using public, they don’t get the two mixed up!
While fears of a recession are the on the minds of those looking to make an honest living, unscrupulous hackers are thriving in an underground economy worth billions of dollars. The revelation comes as part of new report released today by Symantec titled "Report on the Underground Economy."
The eye-opening report reflects activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. During that time, Symantec claims to have witnessed 44,752 unique samples of sensitive information publicly posted on various servers. These samples, which represent 10 percent of the total distinct messages, serve as proof that the seller in question has the information they claim to have, as well as to show potential buyers the quality of goods they can expect to receive.
According to Symantec, credit card information reigns supreme and accounts for nearly a third of the total. Credit cards were seen selling for as little as $.10 to $25 per card, despite an average advertised limit of $4,000. When added up, Symantec calculated the total potential worth to be in the neighborhood of $5.3 billion.
But that number doesn't take into account stolen financial accounts, which makes up 20 percent of the total. Stolen bank accounts were seen seling for between $10 and $1,000 with the average balance hovering at nearly $40,000. By Symantec's math, that puts the total worth at $1.7 billion, or around $7 billion for credit cards and bank accounts combined.
Cyber attacks on the Pentagon are nothing new, but the latest infiltration has the Defense Department taking unprecedented steps to prevent further damage. In doing so, the Pentagon has banned the use of DVDs, flash drives, and all external hardware, according to Fox News.
"We have detected a global virus for which there has been alerts, and we have seen some of this on our networks," a Pentagon official told FOX News. "We are now taking steps to mitigate the virus."
The official stopped short of saying where the virus originated from, and as long as the information remains classified, we may never know. But Fox News did learn that the Pentagon has been aware of an impending attack from a memo that was sent out a week ago.
The internet has become a breeding ground for scams of all shapes and sizes, but perhaps none more popular (and thus more easily recognizable) than the email rouse of a long lost relative, government official, or bank employee holed up in Nigeria and needing your help in securing a large sum of money. There's really no need to go on because you've undoubtedly received variations of this scam in your inbox countless times and, well, it never works. Or does it?
Not only does the old Nigerian bit still lure victims, the scam claimedits biggest known payday to date thanks to Janella Spears who forked over a mind boggling $400,000. Despite the big payout, Spears still contends she isn't easily duped. After all, she works as a registered nurse, teaches CPR, is a reverend who has married many couples, and also learned sign language to communicate with her hearing impaired husband. So what possible spin could this common scam have come with that got a seemingly intelligent woman to take the bait?
Hit the jump to find out what it was that convinced Spears the scam might be legit.
Because hackers target Microsoft's Windows operating systems more than any other OSes, one could argue that it would be only fitting for the software maker to offer its users a free security suite, and that's exactly what Microsoft intends to do. Noting the rapid increase in the prominence of malware, Microsoft says it will discontinue retails sales of it's fee-based Live OneCare subscription service by June 30, 2009 and replace it with a free security suite currently code-named "Morrow."
"Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware."
Morrow, which will offer protection against viruses, spyware, rootkis, Trojans, and other malware, will be built to use fewer resources, which Microsoft claims will make it well suited for both low bandwidth situations and low-power PCs. According to Microsoft, Morrow's protection will be on the same level as the company's enterprise solutions.
While that sounds like good news for Windows users, McAfee sees it as an even better opportunity for themselves and doesn't appear worried that it might lose paying customers to Morrow.
"Consumers have voted; OneCare, in its two years on the market, has achieved less than 2 percent market share," he said in an interview. "Microsoft is giving up and has defaulted to a dressed-down freeware model that does not meet consumer security needs. This is good news for McAfee."
Is McAfee underestimating Morrow? Hit the jump and give us your thoughts.
It's that time of year again when scorching hot deals start to scatter the web in anticipation of Black Friday, one of the biggest online shopping days of the year. Despite still being almost two weeks away, several retailers have already posted Black Friday ads, giving bargain hunters a head start. But lest the hunter becomes the hunted, buyers should take caution not to fall prey to identity thieves.
According to the FTC, consumers were stung for more than $1.2 billion in losses last year as a result of identity theft and fraud. Consumers, who are already stretched thin amid a struggling economy, should be extra cautious this shopping season.
"While the holiday season is surely a time for cheer and celebration, it is also a time when identity thieves are waiting for the perfect opportunity to pounce on unsuspecting consumers," said LifeLock CEO Todd Davis. "Whether it takes place at shopping malls or online, identity theft can increase over the holidays."
Most, if not all of LifeLock's recommended safety precautions will rank as obvious to seasoned shoppers and the tech savvy alike, but they're worth brushing up on before going on that holiday spending spree.
Given the widespread availability of free solutions, we know how power users hate to pay for security software. If you fall into this category, your options will become slightly more robust this Tuesday, November 18.
According to a spattering of reports, a company spokeswoman for Check Point said the company plans to celebrate its 15th anniversary by giving away a 1-year subscription to its ZoneAlarm Pro software security suite. For those not familiar with the program, ZoneAlarm Pro expands on the company's popular firewall solution by throwing in a spyware remover, protection against rootkits, ID theft protection, and other security odds and ends. The full program typically sells for $40/year.
If the reports hold true, you can download your copy from this link beginning at 6:00 AM PDT Tuesday morning. Procrastinators be warned, the link will only stay active for 24 hours.
Thanks to a borked update, some PC users running AVG's free antivirus were in for a long and frustrating weekend. The virus definition update, which was released on Saturday, erroneously detected the "user32.dll" file for the Trojan Horse PSW.Banker4.APSA instead of recognizing it as a critical Windows component. Once the scanner went active, users found their AVG software recommending that they delete the quarantined file. Doing so caused systems to either stop booting or enter into a continuous reboot loop. Whoops!
The misinformed update affected both AVG 7.5 and AVG 8.0 installations on Windows XP. Vista users appear to be in the clear, though a spattering of user comments around the web have indicated otherwise. In any event, another update has corrected the error. For those who already deleted the critical system file, AVG is providing step-by-step instructions on how to restore your system back to a working state. Whether or not it restores your faith back in the program is another question altogether.
Hit the jump and let us know what security software you're using.
This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
Microsoft last week released the fifth volume of its Security Intelligence Report (SIR) covering the period between January through June of 2008. The report, which purports to offer an "in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software," uses data derived from what Microsoft claims are hundreds of millions of Windows users, all of which is analyzed and laid out in a tidy 13MB PDF download.
According to the 150-page report, hackers are increasingly honing in on third party applications rather than attempting to attack Microsoft directly. Vulnerabilities in programs like RealPlayer, QuickTime, WinZip, and other non-operating system software provide hackers with a greater number of exploits requiring a low degree of complexity, the report claims.
"It is alarming to see that more than 90 percent of vulnerabilities disclosed in 1H08 affected applications, and nearly half of all industry vulnerabilities are rated as High Severity," Microsoft says in its report. "Additionally, 1H08 showed how threats are increasingly affecting a variety of vendors beyond Microsoft."
The report also notes several geographical trends in security threats. Among them, password stealers such are Win32/Bancos are most prominent in Brazil where the overall infection rate has risen an alarming 81.8 percent from 2H07 to 1H08. In the U.S., trojan downloaders, like Win32/Zlob, account for the largest single category of threat.