This might be off interest to some people.
Four Corners Monday 17th August at 8.30pm on ABC1
Fear in the Fast Lane
Reporter: Andrew Fowler
Broadcast: 17/08/2009
Australia may be one of the most internet-connected countries on earth, with a super-fast broadband network on the way. But now the experts are warning there's danger with cyber crooks roaming the super highway.
In a story that will make you review the use of your home computer, reporter Andrew Fowler tells how foreign online crooks took down a multi-million dollar Australian business. He explains how you can have your identity stolen, your phone disconnected and your bank accounts emptied in just hours. Perhaps most alarmingly, Four Corners reveals first-hand how wireless connections are an invitation to thieves.
"I expect at some stage in the future there will be a real debate on the benefit of the internet. Should we turn it off?" Police officer
There's little doubt the internet has changed our lives for the better. You can book holidays, do your banking and pay bills online. But do you realise how easy it is for a cyber-crook to take control of your computer without you even knowing it?
Imagine this! You go to book tickets at a reputable theatre web site. That site has been infected by mal-ware. By simply clicking on that site your computer can become a slave to a central computer and join millions of other infected computers in what's called a 'botnet'. Immediately it is possible for a criminal to steal information from you, including your bank details and credit cards card details but the thief can do even more. Your computer could be used to send thousands of spam emails a day to people around the world. It could even be used to attack businesses, or even entire countries. And you wouldn't notice a thing.
It sounds remarkable but, as Four Corners explains, one in six computers in Australia is, or has been, part of a 'botnet' and a 'botnet' attack has already destroyed a major business. Other 'botnet' attacks have resulted in personal information being stolen and then sold on the international black-market. The result? Bank accounts are emptied and millions of dollars stolen.
Police told Four Corners they are now so concerned by this type of crime they have set up covert operations on the web to infiltrate illicit marketplaces.
"We obtained access to one of these sites and we were quite stunned initially by what we saw. I think the term's been used, an Aladdin's cave of criminality, an opportunity to inflict global economic harm." Police investigator
The police have every reason to be concerned. Despite the fact that major banks, utilities and retail outlets encourage you to do business on the web (saving them money), they don't reveal how vulnerable you are to web theft. Many Australians have found out the hard way. One Brisbane man who spoke to reporter Andrew Fowler told how he had his phone and internet cut off and $80,000 stolen from his bank accounts, after replying to a message purportedly from his bank.
"I don't think we're anywhere near its peak. I think we're just a small swell building. This is going to get much bigger." Police Investigator
Authorities are now working hard to keep up with the crooks. They are having trouble though. Crooks working from countries in Eastern Europe are hard to catch. Home-grown criminals are easier to bring down, but police reveal the legal system doesn't treat cyber-theft with the seriousness it deserves. One young man stole more than 50,000 credit cards card details but received a suspended one year sentence, $2,000 good behaviour bond and court costs of $150.
Adding to the problem, most computer users don't realise how vulnerable they are. Four Corners took an e-security expert to an ordinary city street and asked him to assess computer security. Using a basic wireless interceptor our expert found he could tap into up to 20 per cent of wireless computer networks, potentially accessing bank accounts and other personal information. Even those systems that had been encrypted took just 10 minutes to crack. No wonder police are warning we are right to have"Fear in the Fast Lane".
The program goes to air on Monday 17th August at 8.30pm on ABC1. It is repeated on Tuesday 18th at 11.35pm.
Look Here -> |
Most users think they are safe cause its someone elses job. I've seem some market research that asked users if the would install software on works computers, and the answer was YES, our IT Team keep us safe. Then asked if they would d/l and install software on there home computer, again YES, the IT Team at work make us safe, even at home. Users Expect IT People to tell them about the bad things, but they want a list, not an awareness.
eg:
Dont install a,b,c,d
Dont visit web sites 1,2,3,4
But of coure we all know, the bad guys keep changing all the time, IP address, websites, files, attacks.
When the police said they were going to scan for unprotected wifi's, most people said "whats it got to do with the police?"
You may remember that their was a flaw in how image files incuding JPEGs, were decoded and display. Most OS's used the same code and shared libraries. Then applications used those libraries. This meant that just by showing a jpeg image in email, web page, graphics application, could cause code to be run on your computer. There are plenty more examples of how easy it is to get code on a remote computer.
I like the DNS injection. This works by having a remote computer visit your web site. The web site that you look at is 100% safe, but the DNS look up not only told your DNS server the IP address of the web site, but give it other data as well, such as a doggy IP address for banking and other interesting sites. This then meant that oneone who uses that DNS (the rest of the ISP Customers) would get the wrong host for the injected record.
People also think they are safe because the secure padlock shows up. But when was the last time you checked the certificate. It could be a valid certificate for a doggy site. If someone can install a ca master certificate on your computer they can then create SSL sites that look like real ones with their own certificates.
Well, I think you get the idea.
If people really new how easy it was, they would not use the net, but how do you teach those that dont want to know, but will be happy to complain when it happens to them.
when you go yo use internet banking or credit cards you will have to supply a phone phone to be contacted and when you answer you will be proven that you are the real person by voice bio metrics security,when you register you registed your voice you will be asked to give a distress word that you will use like if your name you use is danny the distress code name you could use would be Daniel, Simptel Communications a Queensland company have the world rights to a patent for this , every person will be soon required to register there voice , it may go with finger prints and iris (eye) as well,this is the better way we can stop this fraud
See the follow up to this?
LMAO
Leroy
XCRUISER HDSR600HD twin sat and terrestrial receiver $OOS *
XCRUISER HDSR385 Avant - sold out$OOS UltraPlus DVB-T and DVB-S2 tuners $49 Remotes $OOS
Not really to smart, by the AFP. I would imagine that the hackers will not stop to prove a point.
Regs
Extra
Last edited by Extradry; 18-08-09 at 09:56 PM. Reason: embeded all by itself :(
Yep, there the ones...
WPA TKIP and be decrypted, but a little harder to get access and use the connection.
WPA2 AES is stronger, but the weakness is in the KEY Size. If people use short keys or common words (or real words) they can be brute foreced. But if you use big keys, its much safer.
If you go WPA2 Enterprise, there is no PSK to brute! its based on other 802.1x authentication.
I can crack my demo wep box in 10 mins max no matter what the key is.
I have never cracked the WPA2 AES with big keys.
I wrote an SSL "replace" proxy app to prove it could be done at work a few years back.
I repleced the SSL Vendor certificate with mine (Note this was done in a controlled environement as a demo and all users knew I was doing it). This was made simplier at work as it is a controlled environment and we have our own CA Certificates on each computer.
Even after I showed it could be done, the still didn't beleive I could see the traffic in the clear, till I posted it on the projecter.
What this proves is the SSL can be intercepted, decypted, modified re-crypted with a DIFFERENT certficiate and forwarded to the client. New generation firewalls have this built in now.
Once the public learn this can and IS being done, I expect trust in the internet will be lost and eTrade will start to fail.....
I'm expecting the internet to go through a very big change over the next few years.....
One of the nice things about being incharge of the network is i get to play with all these things to eval how safe they are and ID the actual risk for risk assesment.
Really? I thought IBM does.
Patent filed by IBM is for Using Voice Biometrics in Internet Based Activities. Good luck taking IBM to court lol!
IBM has dedicated teams of attorneys and data gatherers whose sole purpose is finding expired and/or short term patents of which they register, one of the worlds biggest patent buyers.
IBM has PATENT FOR BIOMETRICS ON COMPUTERS BUT NOT BY PHONE THATS SIMPTELS
Australian Securities and Investments Commission records show that Simptel had not filed its latest financial accounts.
The most recent statements were for the year ended June 2009, when the company recorded a $304,000 loss and had just $442 cash in the bank, down from $75,000 a year earlier.
Another investor and a former consultant to the company, Tristram Morgan, said Simptel appeared to have missed the boat in getting its technology to the market.
But a legal stoush with software developer North Shore Connections (NSC) last year appears to have put a dent in Simptel's plans.
Court documents reveal that Sydney-based NSC, which is headed by Craig Neil, owned the technology and was developing it on behalf of Simptel.
Simptel alleged a breach of contract by NSC, arguing that it failed to deliver the technology that was promised.
But the Supreme Court of NSW disagreed and dismissed Simptel's claim for damages.
NSC is a major player in the telecommunications space and has a reported turnover of about $60 million a year.
Mr Neil, a shareholder in Simptel after investing $50,000, told the Bulletin that NSC retained ownership of the technology but it had yet to decide what it would do with it.
SIMPTEL 21/4/2012
Still no responce
Holy thread revival batman!!!
Jaded investor trawling the web for answers? Prophetic nic perhaps?
Shareholders who have poured about $2 million into the company say they had been frustrated by a lack of information coming from Simptel since then.
<<<<<<<<<<<<<<<< All the money is down at the Casino Invester's are advised to go to the casino for a bowl of soup tell them to put it on Danny's high roller's card.
If you have something to say Titanic, say it. Cryptic bumping of threads that are years old can be boring for the rest of us.
Bookmarks