Archive: Misc.
Gov't Secrecy and the Mysterious Cyber Initative
The secrecy surrounding the Bush administration's updated National Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be...
By Brian Krebs | May 15, 2008; 03:50 PM ET | Comments (2)
Three Charged With Hacking Dave & Buster's Chain
Three men have been indicted for hacking into a number of cash registers at Dave & Buster's restaurant locations nationwide to steal data from thousands of credit and debit cards, data that was later sold or used to cause more...
By Brian Krebs | May 14, 2008; 05:15 PM ET | Comments (3)
Microsoft Patches Six Security Holes
Microsoft today issued four updates to fix at least six security flaws in its Windows operating system and Office software. The bundle includes a patch for a critical flaw that hackers already are exploiting to break into vulnerable Windows systems....
By Brian Krebs | May 13, 2008; 03:30 PM ET | Comments (11)
Online Sellers: Beware of Fake Check Scams
If you sell enough stuff online at sites like Craigslist and eBay, eventually you will receive an offer for your wares that far exceeds your asking price. Such offers are often the first stage of a scam in which the...
By Brian Krebs | May 13, 2008; 11:30 AM ET | Comments (6)
A Case of Network Identity Theft?
Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers. What's remarkable...
By Brian Krebs | April 28, 2008; 06:35 PM ET | Comments (13)
Hundreds of Thousands of Microsoft Web Servers Hacked
Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software...
By Brian Krebs | April 25, 2008; 08:00 AM ET | Comments (65)
Badware Threat Changes Apple's Tune on Safari
In response to mounting criticism from security and privacy experts, Apple has changed the way its Software Update program pushes out the Safari Web browser to Windows users. But the changes may not go far enough for many people because...
By Brian Krebs | April 23, 2008; 11:27 AM ET | Comments (32)
Identity Theft Smash & Grab, CEO Style
Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far. Early Monday morning, according to two security experts with firsthand...
By Brian Krebs | April 15, 2008; 10:44 PM ET | Comments (30)
Online Security: A Closer Look at a Negative Example
It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. Sprint makes it very easy for customers to go online to view and...
By Brian Krebs | April 15, 2008; 06:09 PM ET | Comments (7)
Security Fix Pop Quiz, Spring 2008 Edition
Have you been keeping up to date with the latest security patches? Examine the list below to see how you've done. If you're not sure which version of a program you're running, you can usually tell by selecting "Help" and...
By Brian Krebs | April 14, 2008; 10:07 AM ET | Comments (27)
Time to Patch Your Flash
Adobe has issued an update to patch several security holes in its Flash player. Most people will have some version of Flash installed on their computers, so it's a good idea to take a moment and make sure your system...
By Brian Krebs | April 11, 2008; 03:31 PM ET | Comments (20)
Online Banking: Do You Know Your Rights?
The financial industry in the United Kingdom recently reaffirmed a policy that holds online banking customers liable for losses if they fail to secure their personal computers against data-stealing computer viruses. While this policy may seem surprising or even draconian...
By Brian Krebs | April 10, 2008; 08:49 AM ET | Comments (27)
Microsoft Fixes 10 Security Vulnerabilities
Microsoft today issued software updates to plug at least 10 security holes in its Windows operating systems and other software. More than half of the vulnerabilities fixed by these patches earned the company's most dire "critical" rating, and several of...
By Brian Krebs | April 8, 2008; 03:01 PM ET | Comments (9)
Kraken Spawns a Clash of the Titans
Most of my waking hours on Monday were spent fielding indignant queries from sources in the anti-virus industry who were wondering what I knew about reports of a new family of malicious software that allegedly had managed to infect more...
By Brian Krebs | April 8, 2008; 11:38 AM ET | Comments (10)
Social Networking Accounts Prized By Cybercrooks
Cyber criminals increasingly are moving away from trying to break into computers directly, choosing instead to target Internet users where they spend much of their time online -- at social networking Web sites, new data suggests. In an analysis of...
By Brian Krebs | April 8, 2008; 12:01 AM ET | Comments (16)
Opera Updates and a Black Tuesday Preview
Opera this week released a new version of the Web browser to correct at least two remotely exploitable security vulnerabilities. Separately, Microsoft said it plans to release eight updates on Tuesday as part of its regular monthly patch cycle. The...
By Brian Krebs | April 7, 2008; 10:45 AM ET | Comments (1)
Consumers Report $239 Million Lost To Cyber Fraud In '07
U.S. consumers reported losing more than $239 million from online fraud last year, up from $198 million in 2006, according to data released today by the FBI. Internet auction fraud (35.7 percent) and merchandise non-delivery (24.9 percent) were the most...
By Brian Krebs | April 4, 2008; 12:49 PM ET | Comments (2)
Reach Out And Hack Someone
Gone are the days when telephones were dumb appliances that you simply plugged into the wall and forgot: Security researchers from one Internet security firm say they have located more than 100 vulnerabilities in hardware and software that powers the...
By Brian Krebs | April 3, 2008; 05:15 PM ET | Comments (10)
Secret Service Agent To Lead DHS Cyber Division
A cybercrime investigator at the U.S. Secret Service has been named to head the Department of Homeland Security's National Cyber Security Division, Security Fix has learned. Cornelius F. Tate, a graduate of University of Mississippi, currently heads up the Technical...
By Brian Krebs | April 3, 2008; 12:43 PM ET | Comments (1)
Apple Issues QuickTime Update for Mac, Windows
Apple on Wednesday pushed out an update to its QuickTime media player software, fixing at least 11 security vulnerabilities in the software for both Mac and Windows systems. Mac users can get the latest version through Software Update. Windows QuickTime...
By Brian Krebs | April 3, 2008; 06:45 AM ET | Comments (14)
8.3 Million Records Spilled in Data Breaches This Year
At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today. The San Diego based Identity...
By Brian Krebs | April 2, 2008; 03:00 PM ET | Comments (7)
April Fool's Day Warning, And Some Fun
This post has been updated. Please read through to the end. Original post: The cyber criminal(s) behind the Storm worm want to make an April Fool out of you today. The Storm worm author(s) likes to use holidays and other...
By Brian Krebs | April 1, 2008; 01:50 PM ET | Comments (8)
The Curious Case of Dmitry Golubov
Earlier this month, Security Fix took a look at Dmitry Ivanovich Golubov, a Ukrainian politician once considered by U.S. law enforcement to be a top cybercrime boss. Golubov took rather strong exception to the way he was characterized in that...
By Brian Krebs | March 28, 2008; 10:50 AM ET | Comments (16)
U.S.-Based ISPs Count Known Terror Groups as Clients
Herndon, Va.-based Network Solutions said Wednesday that it suspended Hizbollah.org, an official site of Hezbollah, a Lebanese political and paramilitary group. Turns out, Network Solutions, which was one of the original firms in the domain registration business, was accepting payment...
By Brian Krebs | March 27, 2008; 04:46 PM ET | Comments (11)
Don't Depend on Anti-virus to Save You
Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded...
By Brian Krebs | March 25, 2008; 09:28 AM ET | Comments (42)
They Told You Not To Reply
When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread. But when those messages are sent...
By Brian Krebs | March 21, 2008; 09:30 AM ET | Comments (132)
White House Taps Tech Entrepreneur For Cyber Post
The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government's efforts to protect its computer networks from organized cyber attacks. Sources in the government contracting community said...
By Brian Krebs | March 19, 2008; 11:11 PM ET | Comments (1)
Hannaford Breach May Presage '08 Trend
The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide. While the banks appear all but...
By Brian Krebs | March 18, 2008; 11:08 AM ET | Comments (25)
The Anatomy of a Vishing Scam
A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies. The scams in this case took...
By Brian Krebs | March 15, 2008; 05:54 PM ET | Comments (5)
Six Degrees of E-Separation
If you've ever played the game "Six Degrees of Kevin Bacon," you know there's a lot of truth to it. It's based on the notion that any actor can be linked through his or her film roles to Mr. Bacon....
By Brian Krebs | March 12, 2008; 05:23 PM ET | Comments (8)
Microsoft Patches 12 Office Security Holes
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or...
By Brian Krebs | March 11, 2008; 02:30 PM ET | Comments (6)
When Ads Go Bad
A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing...
By Brian Krebs | March 10, 2008; 12:34 PM ET | Comments (20)
The FDIC Computer Intrusion Report
Last week, Security Fix featured the highlights from a non-public report by the Federal Deposit Insurance Corp. (FDIC) that examined a huge recent spike in the cost of computer intrusions for banks and consumers. I chose not to publish the...
By Brian Krebs | March 5, 2008; 10:12 AM ET | Comments (8)
When Blocking Porn Isn't Enough
Last year, Security Fix looked at a free service that helps parents and other network administrators block adult Web sites for all of the PCs they control, without installing any software. Now, the company and community that built that service...
By Brian Krebs | February 26, 2008; 01:28 PM ET | Comments (30)
YouTube Censorship Sheds Light on Internet Trust
If you happened to be searching for a video at YouTube.com Sunday afternoon, there's a good chance your browser told you it was unable to locate the entire Web site. Turns out, much of the world was blocked from getting...
By Brian Krebs | February 25, 2008; 11:08 AM ET | Comments (32)
Wall Street Reports Increase In PC Intrusions In '07
On Thursday, Security Fix featured an exclusive look at data pulled from an unreleased government report showing a steep increase in the amount of funds that banks, businesses and consumers lost last year due to computer hacking and malicious software...
By Brian Krebs | February 22, 2008; 09:40 AM ET | Email a Comment
Banks: Losses From Computer Intrusions Up in 2007
U.S. financial institutions reported a sizable increase last year in the number of computer intrusions that led to online bank account takeovers and stolen funds, according to data obtained by Security Fix. The data also suggest such incidents are becoming...
By Brian Krebs | February 20, 2008; 10:40 AM ET | Comments (19)
Research May Hasten Death of Mobile Privacy Standard
Researchers at a computer security conference in Washington, D.C. this week detailed a method for dramatically reducing the cost and time needed to crack the security that prevents eavesdropping of GSM-based mobile phones. The weaknesses in the GSM encryption technology...
By Brian Krebs | February 19, 2008; 12:52 PM ET | Comments (24)
Fake Prez. Campaign Video Spreads Malware
Spammers are taking advantage of public awareness about the U.S. presidential race to trick people into installing malicious software. A recent blast of spam purports to contain links to a video of Sen. Hillary Clinton (D-N.Y.) on the campaign trail,...
By Brian Krebs | February 14, 2008; 04:50 PM ET | Comments (9)
Beware Bogus E-Valentines
If you want to express your affection for someone this Valentine's Day, try to find a more original way to do it than by sending e-greeting cards. You could be training your loved one to respond to scammers who are...
By Brian Krebs | February 13, 2008; 11:17 AM ET | Comments (20)
Hackers Exploit Adobe Reader Flaw
Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers. On Wednesday, we alerted...
By Brian Krebs | February 9, 2008; 08:55 AM ET | Comments (25)
The Storm Worm's Family Tree
New research suggests that the infamous Storm worm has its roots in a computer worm that first surfaced as early as 2004, two-and-a-half years prior to Storm's widely-recognized birthday. The findings come from security researchers at Damballa, a start-up in...
By Brian Krebs | February 7, 2008; 03:05 PM ET | Comments (2)
RealPlayer Labeled 'Badware'
An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as "badware," charging that the software surreptitiously installs pop-up ad serving software as well...
By Brian Krebs | January 31, 2008; 01:23 PM ET | Comments (31)
Just Say No To Work-At-Home Money Mule Scams
washingtonpost.com today ran a story I wrote that examines the ever-evolving scams that organized cyber thieves are coming up with to con people into laundering stolen funds on their behalf. The piece features interviews with a couple of unfortunate victims...
By Brian Krebs | January 25, 2008; 11:00 AM ET | Comments (30)
Massive Java Update Includes Security Fixes
Sun has released another update to its Java software that brings some 370 bug fixes, including a number of security updates. For most home users, this update brings the latest version of the software to Java 6 Update 4. Most...
By Brian Krebs | January 23, 2008; 01:42 PM ET | Comments (38)
Report: 51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect the visitor's PC with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today....
By Brian Krebs | January 22, 2008; 09:29 AM ET | Comments (5)
Drawing a (Scary) Face On Malicious Software
If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu,...
By Brian Krebs | January 18, 2008; 01:10 PM ET | Comments (6)
Scareware Program Targets Mac Users
The same tried-and-true social engineering tactics traditionally wielded against Windows users to frighten people into buying bogus security software are now being employed to target Mac users. Security experts say the curators of macsweeper.com warn visitors that their machine is...
By Brian Krebs | January 15, 2008; 01:50 PM ET | Comments (4)
Safeguarding Your Passwords
It's tough to navigate the Web and do business online without having to remember dozens of passwords, yet in my experience, very few people give much thought to securing these precious credentials. Most folks simply take advantage of the simple...
By Brian Krebs | January 13, 2008; 09:20 AM ET | Comments (23)
Report: TSA Site Exposed Travelers To ID Theft
A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government's no-fly list. It conlucded that cronyism and a lack of oversight exposed...
By Brian Krebs | January 12, 2008; 09:15 AM ET | Comments (59)
Microsoft Patches Three Windows Security Holes
Microsoft yesterday pushed out a couple of patches to fix at least three separate security flaws in its various Windows operating systems, including one that could be especially dangerous for Windows home users. The most serious update is included in...
By Brian Krebs | January 9, 2008; 10:43 AM ET | Comments (12)
New Nasty Hides From Windows, Anti-Virus Tools
A new family of malicious software that runs before Windows even boots up has infected thousands of PCs worldwide and remains undetected by virtually all of the commercial anti-virus tools, security experts warn. The newly-discovered malware is what's known as...
By Brian Krebs | January 8, 2008; 02:10 PM ET | Comments (67)
Class Action Suit Alleges Sears Privacy Failures
Class-action lawyers are circling around retailer Sears, Roebuck & Co., just days after privacy activists revealed that the company's Web site exposed the details of customer purchases going back more than a decade. In a complaint filed Friday in Cook...
By Brian Krebs | January 5, 2008; 02:10 PM ET | Comments (43)
Sears's Privacy Promises Broken?
Sears is having a bit of a rough day with the privacy community. The company got off to a rocky start with revelations that many customers who gave Sears their personal details after shopping at the company's Web site also...
By Brian Krebs | January 3, 2008; 06:40 PM ET | Comments (72)
The Mysterious Unsent 'Bounced' E-mail
The subject line from the e-mail that just landed in your inbox indicates the message was returned because it could not be delivered. Upon closer inspection, the message -- hawking cheap designer watches -- doesn't look like any message you've...
By Brian Krebs | January 2, 2008; 11:15 AM ET | Comments (27)
Microsoft Plugs 11 Windows Security Holes
Microsoft today released software updates to plug at least 11 security holes in PCs powered by its Windows operating systems and other software. Windows users can download the fixes either directly through the Microsoft Update Web site or via Automatic...
By Brian Krebs | December 11, 2007; 03:15 PM ET | Comments (14)
Top 10 Best & Worst Anti-Phishing Web Registrars
Web site domain name registrars are increasingly finding themselves at the forefront of the never-ending slog against online con artists and phishers. But there is little consensus on how far registrars should go to police their pool of names for...
By Brian Krebs | December 11, 2007; 08:30 AM ET | Comments (35)
Feds Put More Botmasters, Phishers Behind Bars
The FBI today released details of several cybercrime cases against individuals accused of defrauding banks, companies and consumers of more than $20 million with the help of "botnets," large groupings of hijacked personal computers. The computer crime crackdown is Part...
By Brian Krebs | November 29, 2007; 01:00 PM ET | Comments (17)
Credit Card Thieves Flood Wikimedia With Pennies
The Wikimedia Foundation, the parent organization of the free online encyclopedia Wikipedia and other open-source projects, recently increased the minimum amount it will accept in donations after scammers apparently began testing the validity of stolen credit cards by sending a...
By Brian Krebs | November 20, 2007; 02:57 PM ET | Comments (31)
Apple Plugs 44 Security Holes
Apple released updates to fix at least 44 different security vulnerabilities in its software for Mac OS X and Windows. Forty of the flaws reside in OS X itself, while the rest are specific to Apple's version of the Safari...
By Brian Krebs | November 15, 2007; 10:15 AM ET | Comments (16)
Security Pro Admits to Hijacking PCs for Profit
A Los Angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements. John Kenneth Schiefer, 26, variously known...
By Brian Krebs | November 10, 2007; 06:03 PM ET | Comments (140)
Russian Business Network: Down, But Not Out
A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be...
By Brian Krebs | November 7, 2007; 12:31 PM ET | Comments (11)
Salesforce.com Acknowledges Data Loss
Business software provider Salesforce.com acknowledged that a recent spate of targeted e-mail virus and phishing attacks against its customers resulted from one of its own employees falling for a phishing scam and turning over the keys to the company's customer...
By Brian Krebs | November 6, 2007; 11:34 AM ET | Comments (19)
Anti-Virus On A Mac?
Every other week, I host a Security Fix Live chat with readers, and almost invariably, one of the questions that comes up is: "Hi. I'm a Mac user. Should I be using anti-virus software?" I usually answer that while there...
By Brian Krebs | October 31, 2007; 06:00 PM ET | Comments (35)
'Net Governance Body Punts On WHOIS Privacy
The nonprofit organization that manages the Internet's domain-name system has voted to punt on a proposed change to the global WHOIS database of Web site name registrants. The changes would have given Web site owners the ability to shield their...
By Brian Krebs | October 31, 2007; 04:20 PM ET | Comments (14)
Hiding In Plain Sight
Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file? It's actually an executable file (one...
By Brian Krebs | October 31, 2007; 11:42 AM ET | Comments (19)
Spammers Tempt Surfers to Help Solve Captchas
Call it an online game of strip poker, only spammers are the ones walking away with all the winnings. The latest innovation in malicious software takes the form of shapely "Melissa," an alluring, scantily clad blond who requests the victim's...
By Brian Krebs | October 30, 2007; 10:20 AM ET | Comments (10)
Simplifying Long-Distance Tech Support
When you're the de facto tech support guy for most of your family and friends, you quickly find yourself making a lot of house calls. But if you're not being summoned to help install memory or a new hard drive,...
By Brian Krebs | October 29, 2007; 09:37 AM ET | Comments (9)
Equifax Details Credit Freeze Plans
Big three credit reporting bureau Equifax on Wednesday detailed its plan to offer certain consumers the ability to freeze their credit files as a means of preventing identity theft. The offering provides a clearer picture of how the credit bureaus...
By Brian Krebs | October 25, 2007; 04:00 PM ET | Comments (13)
Firefox Update Plugs 8 Security Holes
Mozilla has shipped an update to its Firefox Web browser that corrects at least eight separate security flaws, including two that Mozilla flagged as especially serious. Firefox users should have already received an update that brings the browser to version...
By Brian Krebs | October 25, 2007; 09:38 AM ET | Comments (23)
Stock Spammers Pump It Up With MP3 Files
Spammers involved in pump-and-dump scams touting penny stocks now are using MP3 music files to lure investors, a switch security experts say is the latest tactic designed to sneak the messages past spam filters. According to e-mail security provider MessageLabs,...
By Brian Krebs | October 18, 2007; 01:48 PM ET | Comments (5)
The Russian Business Network Responds
An individual claiming to represent the Russian Business Network has denied media reports (including a Washington Post story I wrote that ran last week) the company provides Web hosting services to numerous cyber criminal operations. Experts quoted in my story...
By Brian Krebs | October 16, 2007; 03:45 PM ET | Comments (6)
Taking on the Russian Business Network
The text below was originally included as part of the story The Washington Post ran today on the Russian Business Network. The content below was cut for space reasons, but I thought the anecdote was interesting and timely enough to...
By Brian Krebs | October 13, 2007; 12:01 AM ET | Comments (13)
VOIP Mix-Up Exposes Customer Call Data
Bill Adler was relieved to get his old phone number back. The Washington-area resident's digits were marooned shortly after his former Internet-based phone service provider -- Sunrocket -- abruptly closed its doors in mid-July. Relieved, that is, until he received...
By Brian Krebs | October 8, 2007; 11:10 AM ET | Comments (2)
Second Credit Bureau Offers File Freeze
Consumer credit reporting bureau Experian today announced that it would allow consumers in all 50 states to freeze their credit histories, becoming the second of the three national credit bureaus to offer the freeze option. The service, which will be...
By Brian Krebs | October 4, 2007; 09:32 AM ET | Comments (15)
Just How Bad Is the Storm Worm?
The Storm worm has earned its share of superlatives, but security experts disagree over just how many computers running Microsoft Windows have been compromised by the e-mail worm. Some new figures released from Microsoft and estimates obtained by Security Fix...
By Brian Krebs | October 1, 2007; 10:31 AM ET | Comments (11)
Microsoft's Stealth Update Backfires for Some Users
A software update Microsoft quietly delivered to millions of PCs this summer prevents the installation of at least 80 security updates when some Windows users try to fix a problem with their computer using the software's "repair" feature, according to...
By Brian Krebs | September 28, 2007; 10:23 AM ET | Comments (18)
Apple Ships iPhone Security Updates
Apple today issued a software update to plug at least 10 security holes in the iPhone, including at least seven fixes for Safari, the device's built-in Web browser. The updates are available only through iTunes, recent versions of which are...
By Brian Krebs | September 27, 2007; 04:47 PM ET | Comments (19)
Calculating the Costs of Cyber Crime
On Monday, Security Fix looked at figures published by the Justice Department suggesting that the FBI had between 3 and 6 percent of its field agents dedicated to fighting cyber crime. On the surface, that number may seem low for...
By Brian Krebs | September 27, 2007; 11:25 AM ET | Comments (6)
The Threat of Reputation-Based Attacks
CastleCops.com is accustomed to being attacked by online crooks: The volunteer-led cybercrime-fighting group has endured nearly a month long siege by thousands of criminally-controlled PCs aimed at crippling its Web site. So when the latest attack failed to prevent legitimate...
By Brian Krebs | September 18, 2007; 10:00 AM ET | Comments (20)
Report: Four Percent of E-Crime From Fortune 100
Roughly four percent of all spam, malicious software attacks, phishing Web sites and other cyber crime activities detected in the first half of 2007 emanated from the networks controlled by the world's 100 highest-grossing companies, according to a new report...
By Brian Krebs | September 17, 2007; 03:27 PM ET | Comments (10)
AOL's Free Anti-Virus Switcheroo
A number of AOL users who have taken advantage of the free "Active Virus Shield" anti-virus offer from Kasperksy are complaining that the software has ceased downloading updates. Turns out AOL recently severed its relationship with Kaspersky, and is now...
By Brian Krebs | September 12, 2007; 11:10 AM ET | Comments (13)
Security Updates for Windows 2000, Instant Messager
Microsoft Corp. released a mercifully light batch of software updates today as part of its regularly scheduled "Patch Tuesday" release cycle. Most Windows users will likely have to install just a single security update this time around. The fixes are...
By Brian Krebs | September 11, 2007; 02:27 PM ET | Comments (7)
Skype Users: Beware of Instant Message Worm
Skype, the eBay-owned Internet telephone service, is warning users to be on guard against a new computer worm that arrives disguised as a chat invitation via Skype's built-in instant messaging feature. The worm, which goes by the names "W32/Ramex.A," "W32/Pyskpa.D"...
By Brian Krebs | September 11, 2007; 09:10 AM ET | Comments (4)
E-Greeting Card Giant Unaffected By Storm Worm
It's been nearly three weeks since I first wrote about the Storm worm authors using fake online greeting cards to trick people into clicking on links to Web sites that try to download and install malicious software. Since then, it...
By Brian Krebs | September 6, 2007; 08:52 AM ET | Comments (14)
A Time-to-Patch: Apple 2006
Apple computer users mostly stayed off the radar screens of the criminal hacker community in 2006, even as the Cupertino, Calif., software company learned of an unprecedented number of serious security holes in its Mac OS X systems and other...
By Brian Krebs | September 4, 2007; 08:00 AM ET | Comments (43)
Hacking Groceries: Internet Coupon Fraud
Over the weekend, my wife and I were shopping at Magruder's, a local grocery chain to which we're fiercely loyal, and we noticed a handwritten sign attached to the credit-card reader in the checkout line: "Attn customers: Due to coupon...
By Brian Krebs | August 27, 2007; 12:15 PM ET | Comments (19)
Storm Worm Authors Turn to YouTube Lures
Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised...
By Brian Krebs | August 27, 2007; 10:22 AM ET | Comments (8)
Skype Bug Triggered by 'Patch Tuesday'
Internet telephony provider Skype today placed at least part of the blame for a two-day outage last week on Microsoft's monthly patch update, which was rolled out last Tuesday. In the latest update on the situation, Skype's Villu Arak said...
By Brian Krebs | August 20, 2007; 04:49 PM ET | Comments (14)
Beware of Five-Star Vaporware
U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from...
By Brian Krebs | August 20, 2007; 10:08 AM ET | Comments (8)
Would You Like A Job With That Virus?
Cyber crooks are targeting a wave of new attacks at people searching for jobs online, security experts warn. Oddly enough, the criminals behind this scam appear to be just as interested in hiring you as they are in hijacking your...
By Brian Krebs | August 17, 2007; 04:20 PM ET | Comments (12)
A Heads-Up For Yahoo! Messenger Users
People who use Yahoo! Messenger to video chat online with friends and family should be extra wary of incoming chat invitations from strangers. Reports suggest the presence of a previously unknown security hole in the software that attackers could...
By Brian Krebs | August 16, 2007; 12:02 PM ET | Comments (10)
Microsoft Fixes 14 Software Security Flaws
Microsoft today released software updates to plug at least 14 security holes in computers powered by different versions of its Windows operating system and other software. The updates are available from the Microsoft Update Web site or via Automatic Updates....
By Brian Krebs | August 14, 2007; 02:01 PM ET | Comments (12)
Security Fix Pop Quiz, Summer 2007 Edition
Yes, dear readers, it's time once again for a Security Fix Pop Quiz, intended to serve as a gentle reminder to install security updates for third-party programs. The table below lists the software title, the date each update was released,...
By Brian Krebs | August 13, 2007; 02:57 PM ET | Comments (13)
Attacks Prompt Update for 'Tor' Anonymity Network
One of the best-known and free services for helping Internet users maintain their anonymity online - a network known simply as "Tor" -- suffered an attack this past week that may have exposed the identities of thousands of users. The...
By Brian Krebs | August 8, 2007; 02:00 PM ET | Comments (1)
Internet Explorer and Your Web Site's Privacy
Several months ago, Security Fix looked at a feature of Microsoft's Internet Explorer 6 Web browser that was difficult to fathom (see: Clipboard Data Theft Optional in IE7). While interviewing a source at the DEF CON hacker conference last week,...
By Brian Krebs | August 7, 2007; 01:30 PM ET | Comments (24)
Citing Security Concerns, California Limits E-Voting
California has placed tough restrictions on the nation's top electronic voting machine makers in the upcoming 2008 presidential primary, citing reports of security vulnerabilities in the devices that could jeopardize the integrity of the elections. The decision comes roughly a...
By Brian Krebs | August 6, 2007; 02:05 PM ET | Comments (5)
Report: E-Voting Systems Hackable
Researchers at the University of California were able to hack into all of the electronic voting systems they tested, finding multiple security weaknesses that could allow hackers to break into and modify the systems, alter polling results, or interfere with...
By Brian Krebs | July 30, 2007; 06:00 PM ET | Comments (40)
The Yin and Yang of Internet Security Research
A law that makes it a crime to host online or otherwise provide software that could be used in cyber attacks went into effect in Germany this month. While the reaction from Germany's hacker culture has been somewhat muted, the...
By Brian Krebs | July 30, 2007; 12:34 PM ET | Comments (5)
Software Vulnerability Auction Stokes Researchers
Last week, a number of news outlets spotlighted a Swiss Internet start-up -- curiously named "WabiSabiLabii" (pronounced "wobby-sobby-lobby") -- that is trying to establish an eBay-style auction site for software security vulnerabilities. I held off in covering this important story...
By Brian Krebs | July 12, 2007; 09:00 PM ET | Comments (6)
Microsoft Plugs 11 Software Holes
Microsoft Corp. today pushed out software updates to plug at least 11 separate security holes in its Windows operating system and other software. Windows users can grab the updates via the Microsoft Update Web site, through Automatic Updates, or download...
By Brian Krebs | July 10, 2007; 02:55 PM ET | Comments (7)
Terrorism's Hook Into Your Inbox
Want an extreme example of what can happen to your personal and financial information if you fall for a phishing scam? Check out my story, published on washingtonpost.com today, which follows the trail of a woman's stolen personal data back...
By Brian Krebs | July 5, 2007; 04:41 PM ET | Email a Comment
Web Worm Whacks MySpace Users
A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses. Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three...
By Brian Krebs | June 27, 2007; 01:52 PM ET | Comments (21)
Red Cross Scam Targets Military Families
Low-life scam artists have sunk to new depths by posing as American Red Cross workers in an effort to steal personal information from military families with loved ones in Iraq. The caller, who sounds like a young American, calls a...
By Brian Krebs | June 22, 2007; 04:34 PM ET | Comments (4)
LexisNexis Warns of Consumer Database Breaches
Last month, Security Fix wrote that scam artists were trying to steal the login credentials that law enforcement officers use to access their accounts at Accurint, a database operated by LexisNexis owner ReedElsevier that contains highly detailed and personal files...
By Brian Krebs | June 21, 2007; 09:34 AM ET | Comments (6)
Glubble: The Web in a Kid-Friendly Bubble
Last week, Security Fix highlighted a software-free approach to helping parents block objectionable online content. Today, I'm profiling a new service that debuted this week - an "add-on" or extension for Mozilla's Firefox Web browser that takes the opposite approach:...
By Brian Krebs | June 19, 2007; 11:41 AM ET | Comments (8)
Mpack Exploit Tool Slips through Security Holes
Researchers have been charting the rise in threats created by a new software exploit tool known as "Mpack," a virtual attack kit designed to be embedded in hacked or malicious Web sites. It targets security holes in multiple software products,...
By Brian Krebs | June 18, 2007; 04:15 PM ET | Comments (10)
PayPal to Roll Out Buyer Vetting Service
In a move designed to attract more online sellers to accept its virtual payment service, PayPal this year plans to roll out a voluntary service designed to warn merchants if a transaction presents a fraud risk. Merchants who adopt PayPal's...
By Brian Krebs | June 18, 2007; 01:55 PM ET | Comments (3)
A Software-Free Approach to Blocking Online Porn
Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn, so over the next week or so Security Fix will examine various free methods for helping users block adult Web sites...
By Brian Krebs | June 15, 2007; 02:22 PM ET | Comments (20)
House Approves Anti-Caller ID Spoofing Bill
The U.S. House of Representatives on Wednesday approved legislation that would make it a crime for someone to fake their phone's outgoing Caller ID information for nefarious purposes. The "Truth in Caller ID Act of 2007" would make it "unlawful...
By Brian Krebs | June 14, 2007; 05:01 PM ET | Comments (8)
Apple Issues Windows Safari Bug Fixes
Apple today issued software updates to fix at least three security vulnerabilities in the new version of the Safari Web browser, designed for Windows PCs. The fixes are available in a new version of the browser, Safari 3.0.1 Public Beta...
By Brian Krebs | June 14, 2007; 10:15 AM ET | Comments (21)
FBI Unveils Movable Feast with 'Operation Bot Roast'
The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites. The...
By Brian Krebs | June 13, 2007; 05:03 PM ET | Comments (6)
ZoneAlarm for Windows Vista Released
For the millions of computer users who purchased a new PC during the past five months, there have been precious few options for true, two-way firewall software on Windows Vista. But now, Check Point Software Technologies has released its popular...
By Brian Krebs | June 13, 2007; 10:35 AM ET | Comments (30)
Microsoft Plugs 15 Security Holes
Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates. Nine of...
By Brian Krebs | June 12, 2007; 02:22 PM ET | Comments (18)
Yahoo! IM Users Should Upgrade Immediately
People who chat online using Yahoo! Messenger software should upgrade their program. The company has pushed out a fix to plug two newly discovered security holes. The two critical vulnerabilities reside in Yahoo! Messenger versions 8.1.0.249 and earlier. The flaws...
By Brian Krebs | June 9, 2007; 02:30 PM ET | Comments (13)
Sun Issues Java Security Update
Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content. One of the...
By Brian Krebs | June 8, 2007; 02:59 PM ET | Comments (8)
Report Shows 7 Percent of Sponsored Links Dangerous
Clicking on a search engine's results of popular computer terms like "wallpaper" or "screensaver" remains a fairly risky endeavor when it comes to security, according to an updated study. The second annual State of Search Engine Safety report from McAfee...
By Brian Krebs | June 4, 2007; 10:52 AM ET | Comments (5)
A New Vector For Hackers -- Firefox Add-Ons
Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. By design, each Firefox extension -- any...
By Brian Krebs | May 30, 2007; 05:01 AM ET | Comments (41)
Apple, Microsoft Issue Security Updates
Apple yesterday pushed out an update to plug at least 17 separate security holes in its Mac OS X operating system and other software. Mac users can get the latest patch bundle from Apple Downloads or through the built-in Software...
By Brian Krebs | May 25, 2007; 03:29 PM ET | Comments (6)
Phishing Attacks Soar as Scammer Nets Widen
Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers, Security Fix has learned. Typically, phishing scams involve phony e-mails...
By Brian Krebs | May 24, 2007; 05:20 PM ET | Comments (9)
Cyber Crooks Hijack Activities of Large Web-Hosting Firm
Organized crime groups have modified a significant share of the Web sites operated by one of the Internet's largest Web hosting companies to launch cyber attacks against visitors, Security Fix has learned. Last month, Phoenix-based IPOWER Inc. was featured prominently...
By Brian Krebs | May 23, 2007; 10:30 AM ET | Comments (21)
Scammers Target Elderly With Aid of Data Brokers
Consumer data broker infoUSA reaped huge profits selling lists with the names of elderly individuals and others likely to be easy targets for identity thieves and con artists, according to a harrowing story in Sunday's New York Times. The newspaper...
By Brian Krebs | May 21, 2007; 02:15 PM ET | Comments (1)
Firefox Surfers More Likely Patched Than IE Users
New statistics released today indicate that people who use Mozilla's Firefox Web browser are more likely to be cruising the Web with all of the latest security updates installed than those surfing with Microsoft's Internet Explorer. Internet Security vendor Secunia...
By Brian Krebs | May 16, 2007; 04:16 PM ET | Comments (24)
Tuning Up Uncle Sam's Cyber Crime Laws
Lawmakers in the House of Representatives on Monday introduced a bill that seeks to modernize the nation's computer crime laws and give prosecutors more leeway and resources in going after cyber crooks. The Cyber-Security Enhancement Act of 2007, authored by...
By Brian Krebs | May 15, 2007; 11:34 AM ET | Comments (4)
The Politics of Identity Theft
Washingtonpost.com today ran an in-depth story I wrote examining the politics behind the identity theft problem in one state. It is told through the eyes of a Delaware resident who championed a measure and ultimately won passage of a law....
By Brian Krebs | May 9, 2007; 11:25 AM ET | Comments (22)
Apple Patches QuickTime Security Hole
Apple today issued a software update to plug a security hole in its QuickTime media player software. The flaw is present in both Mac OS X and Windows versions of the player. Mac users can get the fix through Apple's...
By Brian Krebs | May 1, 2007; 05:22 PM ET | Comments (9)
Building A Web-Based Neighborhood Watch
At any given time, tens of millions of personal computers around the globe are infected with malicious software that criminals use to turn them into spam-relaying "zombies." But many machines could be inoculated if there was a distributed, Internet-wide system...
By Brian Krebs | April 30, 2007; 12:18 PM ET | Comments (9)
Rogue Networks Stir Trouble for Firms of All Sizes
It is disconcerting to hear that a recent audit of the Internal Revenue Service's computer security posture revealed that some field offices were operating wireless networks accessible to anyone lurking nearby with a laptop. The IRS inspector general's office scanned...
By Brian Krebs | April 20, 2007; 02:15 PM ET | Comments (8)
Apple Issues Patches for 25 Security Holes
Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web...
By Brian Krebs | April 19, 2007; 05:41 PM ET | Comments (40)
Smile, You're on Criminal Camera
Security Fix recently highlighted a pair of surveillance devices that criminals had attached to an automated teller machine in Tyson's Corner, Va., to steal financial data from unsuspecting bank machine customers. A few readers responded by asking why they should...
By Brian Krebs | April 18, 2007; 04:44 PM ET | Comments (8)
Data Breach Aided University Phishing Scam
A highly targeted phishing attack last year that scammed dozens of Indiana University students out of their personal and financial data appears to have been aided in part by a previously undisclosed hacker break-in at one of the school's main...
By Brian Krebs | April 16, 2007; 04:30 PM ET | Comments (9)
Practicing Street Smarts at the ATM
Each time I pull money out of a bank's automated teller machine -- even if it's an ATM that is very familiar to me -- I always use caution to ensure that no one or thing is surreptitiously trying to...
By Brian Krebs | April 16, 2007; 10:30 AM ET | Comments (20)
Tax Time Means Fraud Time
The arrival of tax season brings the inevitable scam e-mails and Web sites claiming to be affiliated with the Internal Revenue Service, the Treasury Department, or an online tax refund or preparation service. Here's the latest scam: Members of Phishtank,...
By Brian Krebs | April 13, 2007; 04:39 PM ET | Comments (1)
Microsoft Warns of Attacks on Web Service Flaw
Attackers are actively exploiting a newly reported flaw in Microsoft's software that is allowing them to break into vulnerable systems, the software giant warned Thursday. The vulnerability applies to Windows 2000 Server and Windows Server 2003 running the DNS Server...
By Brian Krebs | April 13, 2007; 01:30 PM ET | Comments (10)
Uncle Sam Earns "C-Minus" in Computer Security
The federal government earned an overall grade of "C-minus" last year for securing its computer systems and networks from hackers, malicious insiders and viruses, a slight improvement from scores awarded to agencies in 2005, Security Fix has learned. Last year,...
By Brian Krebs | April 11, 2007; 05:01 PM ET | Comments (10)
I'd Like a Double Espresso and Your Password, Please
One of the perennial questions I get from readers is whether it is safe to log into personal e-mail accounts at the local coffeehouse or even via a neighbor's wireless network. My answer remains the same: If you do not...
By Brian Krebs | April 9, 2007; 01:30 PM ET | Comments (18)
Yoo-Hoo! Do You Yahoo?
Yahoo! is urging users of its Yahoo! Messenger instant messaging software to update the program with a patch plugging a serious security hole that bad guys could use to break into PCs. Anyone who downloaded the program prior to Mar....
By Brian Krebs | April 4, 2007; 04:15 PM ET | Comments (12)
Microsoft Issues Emergency Patch
Microsoft Corp. today issued an emergency software update to plug a critical security hole in its Windows operating system. The free update is available either from the Microsoft Update site or via the company's automatic updates feature. Alternatively, Windows users...
By Brian Krebs | April 3, 2007; 03:58 PM ET | Comments (24)
Microsoft Rushes Out a Security Update
Microsoft Corp. yesterday said it plans to issue a software update on Tuesday to fix a dangerous security flaw in its Windows operating system -- a flaw that cyber criminals are actively targeting to gain access to computers across the...
By Brian Krebs | April 2, 2007; 01:20 PM ET | Comments (51)
Fortune 500s Unwittingly Become Spammers
The next time you receive a piece of junk e-mail touting penny stock, pimping Rolex watches, or lauding a work-at-home scam, consider investigating who really sent it. You may be surprised. Security Fix reviewed spam samples captured in the last...
By Brian Krebs | March 29, 2007; 11:11 AM ET | Comments (12)
Enabling the Spammers
Spammers are having a field day with a string of recently discovered security vulnerabilities in MailEnable, an e-mail server program offered by many large, dedicated Web hosting companies. Over the past few months, MailEnable has released updates at least a...
By Brian Krebs | March 27, 2007; 04:52 PM ET | Comments (3)
They Say They Want a Revolution
Educational institutions churn out computer science degrees to fresh faced graduates bursting with new ideas and skills to match, but how well do they hammer home the need to write software securely? Judging from the massive number of software vulnerabilities...
By Brian Krebs | March 26, 2007; 04:45 PM ET | Comments (21)
A Fresh Look at Password Thieves
Security Fix recently published information about thousands of U.S. residents whose passwords and other data had been stolen by nefarious hackers. Last week, I received more data about the number of victims caused by the hackers' Trojan horse computer program...
By Brian Krebs | March 23, 2007; 03:19 PM ET | Comments (4)
Online Trading Firms to Swap Fraud Tips
Washingtonpost.com today ran a story I wrote about representatives from some of the nation's top online stock trading firms who will meet tomorrow with federal law enforcement officials to discuss ways they can work together to combat Internet fraud. From...
By Brian Krebs | March 22, 2007; 08:28 PM ET | Email a Comment
Task Force Shapes ID Theft Policy
A viral epidemic of consumer identity fraud and data theft prompted President Bush last year to create a task force charged with crafting proposals to marshal Uncle Sam's resources to prevent identity fraud, assist victims and more aggressively prosecute those...
By Brian Krebs | March 15, 2007; 09:36 AM ET | Comments (16)
Tracking the Password Thieves
The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting,...
By Brian Krebs | March 14, 2007; 12:01 AM ET | Comments (63)
Online Anti-Virus Scans: A Free Second Opinion
Periodic online virus scanning is a good idea for Windows users, even for people already using up-to-date anti-virus tools. There are a couple of reasons I suggest this: First, anti-virus software is frequently slow to spot new threats. Take a...
By Brian Krebs | March 9, 2007; 10:53 AM ET | Comments (27)
Vishing: Dialing for Dollars, Part II
Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down. Sure, Bank of America is hit by this sort of thing...
By Brian Krebs | March 8, 2007; 12:26 PM ET | Comments (7)
RFID Flap Silences Security Researchers
New research into security vulnerabilities in radio frequency identification cards made by technology giant HID Global has been pulled from the lineup at an East Coast security conference this week. Researchers from Seattle-based security provider IOActive were planning to detail...
By Brian Krebs | February 27, 2007; 04:43 PM ET | Comments (11)
They'll Always Have Paris
The young men who reached notoriety for illegally accessing the cell phone of socialite Paris Hilton are now either in federal prison or headed there shortly. Security Fix has learned the whereabouts of the hackers who pleaded guilty last fall...
By Brian Krebs | February 27, 2007; 12:58 PM ET | Comments (5)
Fool Me Once, Shame On You But Fool Me Twice...
In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers. A Security Fix reader forwarded an e-mail about a benefit he allegedly was eligible to collect as...
By Brian Krebs | February 26, 2007; 03:35 PM ET | Comments (35)
Mozilla Plugs Firefox Security Holes
Mozilla on Friday published software updates to fix a baker's dozen security and compatibility problems with its Firefox Web browser. The new version includes fixes for serious security flaws along with updates designed to make Firefox play nicer with Vista,...
By Brian Krebs | February 26, 2007; 10:31 AM ET | Comments (4)
Congressman Wants Answers About TSA Site
Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline...
By Brian Krebs | February 24, 2007; 12:30 PM ET | Comments (4)
Mass. Bill Would Make Retailers Pay for Data Breaches
Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers, according to a story in today's Wall Street Journal (link is by...
By Brian Krebs | February 22, 2007; 03:27 PM ET | Comments (2)
Apple Works To Stave Off Big Mac Attack
Apple Inc. on Thursday issued patches to plug five separate security holes in software included on its Mac OS X computers. Mac users can download the free updates through the Mac's built-in software update feature or directly from Apple downloads....
By Brian Krebs | February 16, 2007; 10:40 AM ET | Comments (28)
Microsoft Releases Patches to Fix 20 Security Holes
Microsoft Corp. today issued a dozen software updates to plug at least 20 security holes in its Windows operating system and other software, including fixes for a number of vulnerabilities in Office that hackers are currently exploiting to hijack vulnerable...
By Brian Krebs | February 13, 2007; 02:22 PM ET | Comments (3)
Paypal Sells Anti-Fraud Token
PayPal, the online payment company owned by Internet auction giant eBay, is now selling a $5 "security key" to help customers prevent their accounts from being hijacked if someone guesses or steals their passwords. The key is a small, oval...