home contact keylogger.org add keylogger.org to favorites set keylogger.org as homepage Anti-Keylogger.org
Keylogger testing and reviews

Keylogger testing policy

Press-releases

Keylogger developers

Links 		Monitoring Software Keylogger articles

Get Free Software

Keylogger chat

Keylogger forum

Sponsorship & services
Advertising
Your Ad Here
Site News
Current section
Keylogger.Org Site News

November 27th, 2008

New version of XPC Spy Pro added!
Security World News
Keylogger.Org Security World News

December 04th, 2008

Microsoft and RSA partner on Data Loss Prevention

Worm uses familiar brands to lure people

Company data at the mercy of crooks

Norton AntiVirus Begone!

Criminals Take Control of CheckFree Web Site

Firefox Users Targeted by Rare Piece of Malware

Hacker threat: Rudd promises action

Lib Dems criticise 'shambolic' DNA database

Experts: US cybersecurity needs fresh ideas

Pentagon hacker tries one more time to avoid extradition

Virtually every Windows PC at risk, says Secunia

Sun patches at least 14 bugs in Java

Security, civil liberties experts question data mining
Voting

We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?

Yes, I like the site as it is.
It's ok, but some changes are necessary.
It should be changed completely.
VotingView results
DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

August 26th, 2008

Researcher mines blogs, social networks to access bank accounts

A recent Google search of MySpace Inc.'s popular social networking site for several variations of terms describing a person's maternal grandparents returned more than 11,000 search results.

The search by security researcher and author Herbert Thompson illustrates the growing security threat posed by the massive amount of personal information posted on social networks, forums, blogs and other Web 2.0 destinations. Thompson sent the search results to Computerworld.

Posting seemingly innocuous information -- like a mother's maiden name or a pet's name -- could help a crook access personal data stored by banks, financial services firms and other companies, Thompson said. Many companies typically ask for such information from clients to reset a password on an account, he noted.

Thompson, who is founder and chief security strategist at People Security, a New York-based IT security consulting firm, described how easily personal information posted on a blog or social network could be used to break into a bank account in an article published in Scientific American this month.

With her permission, Thompson accessed a friend's bank account in an hour and a half after mining her personal blog personal for details like her birth date, birthplace, father's middle name and pet's name. He used the data to reset her e-mail password and gain access to an e-mail from her bank with instructions on how to reset her account password.

Thompson said in an interview that cybercriminals are increasingly mining personal data splashed throughout the Web 2.0 world. He noted that the questions that banks have long used to reset or recover passwords were typically seen as difficult for thieves to answer. Now, however, the answers to the questions are often readily available to crooks because so many people are now blogging about their personal lives or are creating personal profiles that are rife with this type of information, he noted.

As proof, Thompson pointed to the fact that thieves on underground forums typically charge 10 to 12 times more for stolen credit card numbers with the mother's maiden name or a pet's name of the owner than for the credit card alone.

"You may not think twice about posting your grandfather's name, but you've just released your mother's maiden name," he said. "There are a lot of places where you can claim to forget other questions, and the site will default to mother's maiden name. If I give you the log-in to one account, I've essentially given you a fish. If I give you the answer to people's password-recovery questions, I've taught you to fish. You can pillage their accounts."

The problem with the type of information that is posted in blogs and social networks can be compounded by the fact that "the Web -- especially Web 2.0, is very sticky," he added. Many archive sites contain snapshots of data long after the primary data has been removed. In addition, thieves can supplement information from Web 2.0 sites with public data from state motor vehicle departments or from sites containing home-ownership records, he noted.

To offset this problem, Thompson advised that people find out from their banks or financial services firms what information they use to reset passwords. Then, they can backtrack to see if any of the information about them required to answer those questions could be found on the Web, he added. If so, he advised online users to change the password-recovery answers or question.

"Most people are likely to find some scary mismatches -- that information is publicly available through some state or other government department, or it is something they have freely disclosed online. See if you are comfortable with your bank-account access … riding on those pieces of information."


Source: ComputerWorld




All news for December 04th, 2008:
17:31Microsoft and RSA partner on Data Loss Prevention
17:29Worm uses familiar brands to lure people
17:27Company data at the mercy of crooks
17:23Norton AntiVirus Begone!
17:15Criminals Take Control of CheckFree Web Site
17:14Firefox Users Targeted by Rare Piece of Malware
17:12Hacker threat: Rudd promises action
17:11Lib Dems criticise 'shambolic' DNA database
17:10Experts: US cybersecurity needs fresh ideas
17:08Pentagon hacker tries one more time to avoid extradition
17:07Virtually every Windows PC at risk, says Secunia
17:06Sun patches at least 14 bugs in Java
17:05Security, civil liberties experts question data mining

All news for December 03rd, 2008:
15:18Hackers run Linux on iPhone
15:17Your face is easy to fake, says security company
15:15Microsoft opens up Vista SP2 beta
15:09Latest VB100 malware test brings good news
14:57Botnet Master Sees Himself as Next Bill Gates
14:53Apple removes Mac antivirus recommendation
14:51License server glitch exposes SonicWall users to e-mail security threats
14:50U.S. report sees major terror attack by 2013, ignores cyberattack risk
14:48Lenovo arms ThinkPads with Intel's built-in security
14:44Feds nab more members of alleged identity theft gang
14:43Apple's antivirus advice 'big to-do about nothing,' says researcher
14:42Opinion: Is there a hidden cost to data protection?
14:41Human error is top IT security concern
14:40Workers worried about job security might steal corporate data



All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!

Advertising
Your Ad Here
| home | testing and reviews | testing policy | press_releases | developers |

| articles | contest | chat | forum | sponsorship & services | contacts | links |
Copyright © 2003-2008, Keylogger.Org Team. All Rights Reserved.
Use of any information from this website is permitted only with hypertext link to www.keylogger.org.