The Bad Guys use “Good” Security Practices in their Ruses

March 7, 2013

There have been in recent weeks a lot of publicity about security incidents at Evernote, Microsoft, LinkedIn, and numerous others. In Evernote’s case they took the step of cancelling the passwords for all their customers and asking them upon next login to change to something new.

Now the bad guys are doing the same thing. I’ve received numerous emails from what appears to be O2, a large European mobile phone company.

The email has the subject “Changing your O2 Username”. It has embedded images which I did not load.
Screen Shot 2013 03 07 at 09 07 11

At first glance it looks legitimate. But then why would O2 want me to change my ID? I logged in to O2’s web site with my account info and they said nothing about this need. I looked further at the email headers and can see it originates from a server at rpi.edu, an American University.

Spam with unknown security implications. It plays on people’s fear of IT security. How many people will fall for this?

Advertisements

Ken Burns’ “Civil War”

March 5, 2013

Broadcast on PBS many years ago, but really enjoying re-watching it on my Macbook via iTunes.