The Latest in IT Security

When Fans Attack, Facebook Phish and Steamy Logins

13
Jul
2011

Here’s a roundup post with some snippets from the past day or two along with one or two events you may have missed.

Last week, you could (in theory) been searching for the country singer Katie Armiger.

No, I have no idea who she is. Anyway, this is what you would have seen:

Yes, it seems “testing your security” is the new “asking for autographs” with so-called fans calling her out on website security. What calling card did they leave for Katie?


Click to Enlarge

Number One with a bullet, or at least a baseball. At time of writing, the site seems to be fixed (there’s a lot of pink and frilly dresses on it, so I assume it’s fixed).

Elsewhere, we’re seeing quite a few phishing pages pretending to be Facebook security checks.

“Did you log into Facebook from somewhere new?”


Click to Enlarge

They try and scare the user with a reference to anonymous proxies being used to access the account – at this point, real name, email, password, birthday, gender, country and security question are all up for grabs. Don’t get caught out by this one.

Over at the Malware Protection Center, we’ve seen a steady stream of Privacy Center clones and the odd FakeVimes Variant. Sporting names such as Windows Armature Master, Windows Accurate Protector and Windows Test Master, you can be fairly certain that seeing the below is a sign of infection:


Click to Enlarge

Finally, another example of why you shouldn’t reuse passwords. I’m willing to bet a lot of people use the same password for both their Steam account and the EMail address associated with it. This makes you easy pickings if you lose either one to a phisher. However, split those logins up and should the evil Steam phisher grab your Steam details, when logging in on their PC they’ll see this appear:

Yes, Steam will pull them up about logging in from a new computer. At this point, an EMail is fired to your associated account and the phisher isn’t going to get very far without access to your mailbox:


Click to Enlarge

Good, eh?

Of course, this security procedure isn’t going to help the user much if they reuse passwords. For everyone else, it’s one last chance to regain control of a compromised account.

You don’t reuse passwords, do you?

Christopher Boyd

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments