Blog Speak

Updated: Dec 23 2008, 04:33am hrs
Holiday scammers

Debbie Dreyer

http://www.intent.com

Its the season for the scammers to beef up their attacks...pay close attention and double check every move if it involves your safety and security. The Federal Bureau of Investigation (FBI) has identified a new technique used to conduct vishing attacks where hackers exploit a known security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate private branch exchange (PBX) systems with voice over internet protocol (VoIP) digital internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.If a consumer falls victim to this exploit, their personally identifiable information (PII) will be compromised.

Vishing attacks MGM

http://idtheftblog.

blogspot.com

We continue to see more and more vishing attacks mounted against unwary consumers. Attackers typically like to target large consumer bases so they focus efforts on impersonating large organisations. It is very easy to become a victim. Identity theft wouldnt be the popular crime that it is if it didnt pay well for the attacker and was reasonably easy to execute successfully. It only requires that the target drop their guard for a moment. If you receive phone calls like this, be suspicious and verify the source. A healthy dose of skepticism will go a long way.

Steganophony KFC

http://arxivblog.com

Steganophony is the term coined by two researchers at the Warsaw University of Technology in Poland to describe the practice of hiding messages in internet telephony traffic. The growing interest in this area is fueled by the fear that terrorist groups may be able to use services such as Skype to send messages secretly by embedding them in the data stream of internet telephony. The pair has developed a method for doing exactly that called lost audio packets steganography. But is this really an area driven by the threat of terrorism If anybody really wants to keep messages secret then there are plenty of easier ways to do it, such as pretty good privacy. Theres a far more powerful driver for this kind of work. Its name Paranoia.