All posts by Mousumi

Info sec consultant and a tech newbie.

Bank of America insider leaked customer data to criminal gang

Bank of America incurred a loss of at least $10 million (£6 million) as one of the insider sold customer data to outsiders.

Though the customers are being notified of the incident, but the bank is reluctant to provide many details of the case. The case is under investigation and the bank says that a former associate provided customer information to outsiders which were then used to commit fraud against the customers.

The scammers had stolen, “names, addresses, Social Security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, email addresses, mother’s maiden names, PINs and account balances.” This information were then used for identity theft. The scammers ordered boxes of cheques and got them delivered to a UPS outlet where they picked them up. And also to prevent BofA from warning the victim, the scammers contacted the telephone company of the victims and rerouted the calls to scammer’s mobile phones.

Source : Techworld

Survery shows companies not ready for IPv6

An online survey, carried out by Ipswitch Inc.’s Network Management Division, asked network professionals of various comapnies how ready their networks were to transition to the new IPv6 protocol. There was more than 600 respondents and the results were revealed at the Intertop 2011 conference in Las Vegas.

IPv6 is a next-generation IP protocol designed to replace IPv4. The number of available IPv4 addresses are running out and thus transition to IPv6 will soon become a requirement for enterprise networks. IPv6 enables expansion of IP addresses needed to accommodate the continuously growing number internet users and also provides security features for internet traffic.

Results showed that 88.0 % of business networks were not fully ready for the change, of which 66.1% of them saying that their networks were prepared not more than 20%, though the last blocks of IPv4 addresses have already been allocated.

Below is the full result of the survey:

• 0-20% – 66.1%
• 20-40% – 9.6%
• 40-60% – 6.5%
• 60-80% – 5.8%
• 80-100% – 12.0%

According to Kevin Gillis, vice president of product management and strategy at Ipswitch Inc.’s Network Management Division, though IPv6 provides better facilities, it also poses more challenges for IPv4 based networks. Thus the companies need to develop strategies to increase IPv6 readiness among enterprise networks and prevent any future disruption to mission-critical systems.

‘World IPv6 Day’ will be held on June 8, 2011, to accelerate IPv6 deployment. On this occasion several major websites like, Google, Facebook and Yahoo, will enable IPv6 on their main services for 24 hours.

Source: ContinuityCentral

Increase in attacks on Social Networking Sites

http://images.defensetech.org/archives/hack.JPGAccording to the Microsoft Security Intelligence Report, volume 10, there is a steady increase in social engineering attacks in 2010. The data was pulled from Microsoft’s customer base as well as partners and Internet Service providers.

Most of the attempts or attacks are made to churn out the name and password of social networking sites which might be used for other financial sites. As per Microsoft the trend of phishing attacks is shifting from financial sites to social networking sites and gaming sites.

Rogue Security Software

Rogue security software or scareware is designed like legitimate software which when installed on a victim’s machine, generates erroneous alerts and tricks the users to buy more softwares or services.

As per a report on rogue security software by Symantec, it said it received reports of 43 million installation attempts. It is told that it is computer security awareness training programs are the best way to defend against these malicious activities. A few web filtering technologies provided by various vendors also help.

Source: TechTarget

‘Extremely weak’ security in file hosting sites

http://blog.host.co.in/wp-content/uploads/2009/09/file-hosting.jpgA research carried out by the Katholieke Universiteit Leuven in Belgium and France’s Institute Eurecom reveals that the private files stored on cloud sites are extremely vulnerable to attakers. After examining 100 file hosting services, the researchers concluded that the unique URIs(Uniform Resource Identifiers) were too predictable and easy to crack.

The service providers claim that these URIs are secret and cannot be guessed, but the research results prove to be otherwise. The research reveals that the ‘secret’ URIs are generated in a predictable fashion; thereby making it easy for the attackers to guess and get access to the content.

The report did not point out any particular service provider specifically. However, during a month’s testing they could extract more tha 168,000 private files.

Source: PCPRO