wavuti
 
Picture
Several security websites are reporting a flaw in one telephone company that is transiting malware via HTC phone's USB port port when connected to computers.

A person recently bought an HTC Magic (Android) phone and when she connected it to her PC over USB, the antivirus (Panda) software went off.  The say that the phone had malicious autorun and other files identified as a "Mariposa" bot tied to a botnet run by a Spanish hacker. There was also Conficker and a Lineage password stealer.

Other smart phone users need to be aware of this threat in order to prevent their phones and computers from getting these malicious files that could severely affect their documents.

Click here to read and see screen capture of the  Vodafone HTC malware issue.
 
 
Katika posti iliyopita, tulizungumzia kuhusu namna ya kutambua na kujikinga na wizi wa mtandaoni. Leo tutizame kanuni za utengenezaji nywila imara na madhubuti na na hivyo kuepuka kutengeneza nywila nyepesi, legevu, nyong'onyevu, jinga kabisa na ambazo ni rahisi kubambwa.
  1. Usitumie tarakimu au herufi zinazofuatana. (Do Not use similar or sequentials). 
    Mfano: "12345678," "88888888," "abcdefg," au herufi zinazofuatana juu na chini ya kibodi kama vile yhbujnikm ama xswcdevfr
  2. Usitumie alama ambazo ni rahisi kufahamika kuwa zimetumika badala ya herufi. (Do Not easy to identify reversed letters or numbers).  Mfano: '1' badala ya 'i' au '@' badala ya 'a'  au '0' badala ya 'O' au 'E' badala ya '3' au "P@ssw0rd" nk.
  3. Usitumie jina lako la login au username wala sehemu ya majina yako rasmi au tarehe ya kuzaliwa au namba ya TIN au SSN au sanduku la posta au namba ya simu au namba ya nyumba unamoishi n.k. kutengenezea nywila. (Do Not use your official names, date or birth, SSN, TIN, postal office box number, zip code, post code, phone number, house number etc to create a password). 
    Unaweza kushangaa, 'wezi wanawezaje kupata taarifa hizi zote?', ni rahisi. Wezi hutafuta habari zako kwa kina kupitia vielelezo vyako kwenye mitandao jamii kama vile Facebook, Twitter, Hi5, LinkedIn, nk. vile vile katika Wasifu wako wa CV au Resume, na kwenye tovuti yoyote ile ambamo umeacha taarifa zako na ikawa rahisi kuzipata kwa njia mitandao ya utafutaji (search engines) kama vile google, yahoo, ask nk.
  4. Usitumie meneno ya kwenye kamusi ya lugha yoyote. (Do Not use words from a dictionary to create a password).
    Utawakuta baadhi ya watu hutengeneza nyila kwa kutumia maneno ya kamusi na kuyageuza kinyumenyume au kuandika maneno ya kutusi nk. Hii ni rahisi kwa wezi kutumia software ya word-scramble na kupata aina mbalimbali ya maneno yanayoweza kutengenezwa kutoka katika neno hilo, hasa pale wanapokuwa wameshapata 'hint'. Kumbuka kuwa wapo watu wanaolipwa kwa kufanya kazi ya kuiba nywila, hivyo ni ajira na huwza kuifanya kazi hii kwa saa hata kumi mfululizo ikiwa wameahidiwa donge nono na hasa kama walishawahi kufanikiwa kung'amua nywila nyingine. 
  5. Acha tabia ya kutumia nywila moja kwa akaunti zako zote. (Do Not use only one password for all your accounts).
    Wapo baadhi ya watu ambao hupenda kujifanyia urahisi kwa kutumia nywila moja kwa ajili ya akaunti zao mbalimbali, kwa mfano, mtu anatumia nywila ya Facebook kufungulia Twitter au LinkedIn. Hii ni makosa kabisa. Ukitumia nywila moja kwa akaunti zako zote, siku mwizi atakapofanikiwa kuibamba moja, basi utakuwa umewarahisihia kazi ya kujaribu akaunti zako zote kukamilisha ujangili wao. 
  6. Kuwa mwangalifu unapotengeneza neno la siri la kukumbushia anwani yako pale utakapoipoteza. (Be careful with password recovery questions).
    Mara nyingi unaposahau anwani yako, huwa unatakiwa kubofya neno, 'I forgot my password' na hapo huanza utaratibu wa kukuuliza neno la siri kabla ya kukurekebishia nywila yako. Kuwa mwangalifu na swali la siri pamoja na jibu lake. Mara nyingi kampuni au huduma husika watakupa maswali yaliyoandaliwa ambapo utatakiwa kuchagua mojawapo na kulitolea jibu. Kwa bahati mbaya au nzuri, maswali haya ni rahisi kwa mtu kuyakisia. Mfano, Shule yako ya msingi inaitwaje? Swali kama hili ni rahisi kwa mtu anayekufahamu kulijua hasa kama mlisoma pamoja shule ya msingi au ni jirani yako au alisoma nawe shule ya Sekondari au Chuo au anafanya kazi nawe au ndugu, jamaa na rafiki mnayefahamiana akawahi kutamka kuwa mmesoma pamoja, huyu anaweza kupata urahisi wa kuiba nywila yako.
  7. Jiepushe na matumizi ya stoo za mtandaoni (Do Not trust any online storage).
    Mwizi atakapoweza kuiba online storage yako,  ni rahisi sana kuiba nywila na taarifa zako ikiwa umezihifadhi humo
Ukitaka kusoma vidokezo vya namna ya matumizi mazuri na angalifu ya emails, tafadhali peruzi kwenye lebo katika 'Computer Or Email Tips & Tricks'. (To read previous email tips, use the search box located above the page or click through 'Computer Or Email Tips & Tricks' under the labels).
 
 
Picture
Scam or phishing is a method of sending email messages to other people with the purpose of stealing their sensitive and personal data and/or financial information for a wrongful use in the future.

While this could be an easy task for someone, it can be a hard task to others. In order to be able to differentiate between the two, build a habit of reading as many tips as you can regarding internet scams. No one can say they have qualified in this subject as phishing tactics change almost every day. Keeping yourself abreast of these new ways will save you out of a lot of troubles.
  1. Do not reply to any message coming from a person unknown to you. Do not reply even to a person you know if you are suspicious that the contents of their message seem unrelated. It is sound too good to be true, it probably is.
  2. Do not provide any personal information such as your date of birth, place of birth, nationality, bank account number, password(s), telephone number, social security number (SSN or SS#), TIN, passport ID # etc. There is no legitimate business that will just ask you for this information especially when you have already provided it in the past during registration. Be sure by calling them and asking if they wanted your information. When calling, do not use the number in the email which says call this # instead, go to the bank or company's OFFICIAL website and get the customer service number from there. Sometimes, spammers could give you a number to call and they will pick and give you wrong answers, their goal being to mislead you so that you give them your information.
  3. Do not click on any URL address link inside an email message, instead, point your mouse on it, then read the words which shows up at the bottom, left corner of your browser. This will help you see if the URL is pointing to what is being talked about. Even when the URL is correct, the best way to access it is by copying the URL and pasting it on your browser's address location bar. Sometimes, pasting the URL link address on search engines may give you results for genuine and false links.
  4. Do not trust all shortened URL. Use websites such as www.untiny.me or sucuri.net which can uncover the URL and show where it really points.
  5. Do not call any telephone number in order  to provide your information over the phone. Some scammers can mask their numbers so that it is impossible to tell where the call is being routed.
  6. Do not open any attachment you receive, even if it is coming form a person you know but you didn't expect. Call them (if possible) and ask for details or keep quiet and if it is important, they will send again the attachment or call you to ask whether you received the attachment or not and what it was in it.
  7. If you live in a country where their mode of transaction is through credit or debit card, make sure you review your account statements regularly to ascertain bank activities. If you see even a single cent deducted from your account without clear clarification, call or visit your bank to report and ask for clarification.
  8. Make sure you are using secure and encrypted website whenever necessary especially when providing sensitive information. The way to know if a site is encrypted or not is by looking at the browser's address to see if the prefix http has an 's' at the end of it, i.e https and not just regular http. The 's' denotes 'security' or 'secure' feature.
Test yourself, try these tests and see if you can spot a scam
It is reported that, people who spent at least 15 minutes playing the Anti-Phishing Phil game were better able to identify fraudulent websites than people who spent the same amount of time reading traditional anti-phishing tutorials.
Better still, learn some tips from:
 
 
A friend sent some pictures of manufactured eggs which are believed to have come from one Eastern Country. A little search on the internet showed some results that man made eggs have been in existence for quite some times now; in fact, one country issued a warning against fake eggs urging residents to be extra cautious; imposing fines to anybody who will be caught in this kind of business.

Unfortunately these fake eggs have found their way into the market, and because of the cheap price, majority of the poor will fall victim of fake products once again. Apparently, eggs are not the only food products being manufactured artificially, but also fruits such as grapes. You can click here to see a video clip showing a person explaining how these fake eggs and other food stuffs are made.

It is with no doubt that fake products have very many detrimental effect in the general health of a human being. For example, fake eggs contains calcium carbonate, starch, resin, gelatin, alum and some other chemicals. One scientist goes far to the truth by saying that, the ingredients used to make fake eggs could even result in dementia (forgetfulness). It's these effects that continue to lengthen the chain of the cycle of poverty. One wonders, will this ever come to an end? Are we becoming more of a lesser human?
How will you be able to tell a fake egg apart from the real one?
  1. The shell. The shell of fake eggs are a little shinier than the real ones. You have to be careful to see otherwise, they are hard to tell apart.
  2. Feel. Touch the egg by hand and you will notice that the fake ones feels a little rougher than the real ones which are a bit smooth.
  3. Shake. When shaking the eggs, the fake ones will make some noises because of the liquid overflowing around the solid material.
  4. Odor. Notice that real eggs smells a little like raw meat.
  5. Tap the egg lightly. Real eggs make a more crisp sound than the fake ones.
  6. Break it. Shortly after opening the eggs, the egg yolk and egg white of a fake egg will melt together since the yolk and egg white are made of the same raw materials.
  7. Cook. If you deep fry eggs, real egg yolk remains intact when untouched but fake ones will spread throughout since they are made of artificial materials.
  8. If you eat in a restaurant, be careful with how you want the eggs made, if possible skip egg meals, you won't loose much ( besides, you can easily prepare them at the comfort of your house to know exactly what you eat).
Remember, 'cheap is expensive', protect yourself, monitor what you eat.
 
 
A few days a go we published a post about a  hacking tool that was developed and started attacking jail-broken iPhones. This week again news out there suggests that there has been another developed tool which targets and attacks vulnerable jail-broken iPhones. The most affected ones with this new tool are those which have SSH installed in them, also if the default password was not changed, this makes it even easier for the attack to propagae. So, this worm gains access to the vulnerable iPhone, changes the default password to something 'unmentionable', then spreads itself out or throws up a funny picture.

What kind of damage it does?
Well, just like the other one, the worlm steals your information and send it to servers somewhere and that's how crooks gets access to your personal data and start the stealing spree.

If you are one of the people with that kind of phone, you may want to read the previous post on how to protect your phone and also learn how to protect your phone from this new attach via Paul Ducklin's blog blog.

This news info was obtained from Chester Wisniewski’s blog and http://eset.com/threat-center
 
 
Kisa hiki hakijanitokea mimi bali kimepokelewa toka kwa mtu ninayemfahamu. Soma na upate maarifa ya kuchukua tahadhari pindi utakapojikuta katika hali ya utata kama hii.

Ndugu wapendwa,
Story ifuatayo ni ya kweli maana imenitokea mimi binafsi jana tarehe 11/11/2009. Najua kwa kiasi fulani itakuwa inaninizalilisha kwa kutokuwa makini lakini naona ni vyema niwashirikishe rafiki zangu ili msije mkatapeliwa kama mimi na wengine wengi wameshatapeliwa kama vile ndugu yake Galeba, laiti Galeba angeweza kutuelezea yaliyomsibu ndugu yake labda na mimi ningeweza kuepuka utapeli huu. Kinchosikitisha matapeli wenyewe ni watu wanaotufahamu vizuri.
 
Mnamo muda wa saa tano asubuhi nikiwa nyumbani (nipo likizo) nikapokea simu nisiyoifahamu kutoka kwa mtu ambaye alijitambulisha ananifahamu, na kwa jinsi alivyonitaja kwa jina na career background  details zangu sikuwa na shaka kwamba hanifahamu. Mazungumzo yalikuwa kama ifuatavyo:
 
 
 
DV Green Card Lottery is FREE! You may need to pay for internet access at internet café, or photo processing if you don't have means to do it youself but the DV Green Card Lottery itself is NOT FOR PAY.

Laziness and reluctance in reading some WARNINGS and INSTRUCTIONS may result in loss of money, personal data or a combination of all, and even more.

A reader by the name Blackmannen left a warning message in the previous posts urging people to take note of DV lottery and Green Card scams. I agree and strongly support his message.

Recognize and stay away from scams! That sentence can not be over emphasized, even though it has been written before and covered by many websites, people are still getting ripped off by crooks and scammers who pose as agents of the popular US DV Green Card Lottery.

Here is the correct information you need for USA's DV Lottery
The ONLY VALID and CORRECT website address for USA's DV Lottery is http://www.dvlottery.state.gov/ NOTHING LESS. NOTHING MORE. If the domain name does not END in .gov it is NOT a US government site.

For extra security, when starting filling out the form, opt for the SSL Entry
The SSL is encrypted in order to provide protection of your personal information. The protection feature is denoted by the letter 's' just next to 'http'.
It will therefore be: https://www.dvlottery.state.gov/application.aspx

Here are websites that has detailed information on how to avoid scams
US Department of State Warns of Impostor or Fraudulent Websites, Emails or Print Advertisements
http://travel.state.gov/visa/immigrants/types/types_1749.html#Imposter

US Federal Trade Commission Diversity Visa Lottery: Read the Rules, Avoid the Rip-Offs
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt003.shtm

Here are some 'stay away' warnings
Any person or website saying one or a combination of the following sentences is a crook, a thief and a scammer. Keep far from anybody, any group, any company, any agency, any organization, any website, any email and anything which convinces you that:
  • they are affiliated with the U.S. government;
  • they have special expertise or a special entry form that is required to enter the lottery;
  • their company has never had a lottery entry rejected;
  • their company can increase an entrant’s chances of “winning” the lottery;
  • people from ineligible countries still are “qualified” to enter the lottery.
USA's DV Green Card Lottery FACTS
  • There’s no charge to enter the green card lottery.
  • Submit only one entry. If you submit more than one, you will be disqualified.
  • Selection of entries is random. Spouses who are eligible for the DV lottery can apply separately.
  • Be alert to Web sites promising government travel or residency documents online or by mail. 
  • Be skeptical of Web sites posing as U.S. government sites. Most of the wrong website try to have a 'look alike' of the USA's government agencies, official-looking emblems (eagles, flags, or other American images like the Statue of Liberty or the U.S. Capitol), the official seals or logos of — and links to — other government sites, and list Washington, D.C., mailing addresses.
Now don't say you were not warned.
 
 
Just learning from  Trend Micro that the Koobface botnet has just invaded Google Reader (definition) and now it hosts images that link to a malware.

Koobface computer worm that targets users of the social networking websites such as Facebook and MySpace. Reading backwards, you will realize that Koobface is a rewording of the word Facebook i.e Koob for Book and putting 'face' at the end instead of, the usual, at the beginning. Read more about Koobface by clicking here.

Koobface engineers have spoofed YouTube videos, attaching an image that encourages the reader to click on it. Once clicked, a message pops out wanting you to update your Flash Player in order to see the video. Once you click on it Koobface downloads into your computer start it's malicious attack.

The two images below shows how the Koobface mimics YouTube and install Flash Player windows.
 
 
Panda labs blog has an update about a rogueware that attack computers and demand ransom before they allow you access to any files in your computer. This particular rogueware will throw a pop up notice demanding a hefty $79 in order to 'remove malware it claim to have found in your computer system'. The truth of the matter is, there is no any malware, instead, this rogueware is going to install some.

Good thing is, Panda and may other genuine anti-virus softwares have a cure for it. See the video below. But, probably the best cure for this and many other similar threats will be to NEVER open any suspicious attachment from anybody (people you know or don't know). Also as a rule of thumb, never click a link coming from a person you don't know, if you receive it from a person you might know and it still doesn't feel okay, do yourself a favor and double check with them. Asking if they sent an attachment, what it was and why, could save your computer data and personal information.

Read more at: http://pandalabs.pandasecurity.com

There is a blog dedicated to reporting about roguewares, you can subscribe for updates. Here is the link http://rogueantispyware.blogspot.com/
 
 
This message is posted here 'as is' from ELSEVIER: http://www.elsevier.com/wps/find/authorsview.authors/spam
Thanks to Dr. Bruno (LeBron) for the alert. Please take note.

It has come to our attention that fraudulent emails are being distributed widely in the scientific community. These spam emails use fake publisher email addresses and attempt to appear as official communications from the publisher.

The fraudulent e-mail messages are generally called "Manuscript Submission", "Call for Papers" or "European-Elsevier Scholarships" and are typically sent using e-mail accounts supported by Gmail, Hotmail or other free e-mail providers. Typically, the body of these messages contain a "Call for Papers", requesting that authors submit scholarly articles via e-mail for publication by Elsevier in various Elsevier journals and other publications. These fraudulent e-mails involve a request for the victims to send "handling fees" to cover the processing of the article submitted.

Another message called "Editorial/Reviewer Appointment" asks potential reviewers to pay a fee to sign up as a reviewer.

Please be assured that Elsevier, Inc. is in no way associated with these fraudulent e-mail campaigns. Elsevier is currently investigating this fraud to identify the persons responsible and to bring them to justice. Elsevier does not solicit intellectual property or sign up fees from authors and reviewers in this fashion, and does not utilize Gmail, Hotmail, or any other free third-party e-mail providers in communications with authors and editors.

If you receive any e-mail messages that appear to be a part of this fraudulent solicitation, DO NOT respond to the message and do not open any attachments contained in the message. Rather, please forward the message to Elsevier's Fraud Department at emailabuse@elsevier.com We will use the information included in the message to aid in our investigation. If you know of someone who has received this message, please pass along the above information and ask them also to forward the message to the Elsevier's Fraud Department.