LinkedIn Now Considered as Front Door For Phishing Attacks

A recent web seminar by Computing revealed that LinkedIn now is being considered a front door access for potential phishing attacks in order to encourage careless users to open malicious emails and their links. Now LinkedIn isn’t in itself the issue here, it is more the way people act that is and in combination with already available information.

We mostly see DDoS and similar attacks make the headlines, but phishing is now considered to be the top threat to businesses and it is constantly increasing in severity. The attacks use novel methods to make potential victims feel comfortable before they send their malicious payload. LinkedIn is now being used in a big fashion as that entry point. This is where hackers make the first contact with potential victims. After an initial trust has been built, it is far more likely for a victim to click a malicious link without double checking what it will do. Another reason that phishing has grown as a method of attack is that it doesn’t take any skill at all to do so. Anyone with bad intentions can do it.

One of the examples given at the seminar was from the law firm BLM that continuously is a target of phishing attempts. For example, they have had both email and phone calls attempting to extort money by someone purporting to be the CFO, and they very often originate from LinkedIn contacts.

Not all phishing attacks are as sophisticated, but they’re still very effective because people have developed a click mentality for their inbox. An example for this was given too. In one day they received 2500 copies on the same email in 10 minutes that seemed to come from the department of motor vehicles, and people just clicked the included link, no questions asked. Even though the email had a specific registration number listed, people still clicked it despite not being one they own. One person even clicked it not owning a car at all. Luckily BLM runs everything in a sandbox and these things are caught, but there are still a lot of companies that don’t take this threat seriously.

In most instances phishing can be combated with common sense, but in a world as busy as ours, common sense is often turned off in exchange for productivity.

Personally, I’ve seen a big rise in SMS fishing lately and I regularly get suspicious messages from numbers and names that appear to be genuine – but on close inspection they never are.

Image courtesy of Hotspot Shield

EA Claims “We’re on a Journey to Regain The Trust of PC Gamers”

EA’s reputation in the gaming community is appalling and often perceived as a development studio obsessed by profits at the expense of making compelling games. Furthermore, the disappointment surrounding Star Wars: Battlefront, eventual demise of Maxis and a host of other failures hasn’t helped matters. Similarly, the advent of pre-order bonuses, DLC, microtransactions and anti-consumer measures all appear to be introduced by EA at some point. While other developers have engaged in similar activities, EA popularized it which makes consumers very suspicious of anything they produce. Despite ruining Maxis, one of the most iconic PC studios ever devised, EA appears to be trying to regain the trust of the PC gaming audience.

According to industry website MCV, Origin’s senior marketing director, Peter O’Reilly proclaimed:

“We are on a journey to regain the trust of the PC gamer,”

“Over the last couple of years we have focused on ensuring a great play experience from launch and bringing players a better experience on Origin with programs like the Great Game Guarantee, On the House, and now Origin Access.”

“We’re excited about the progress we’ve made, but are always pushing ourselves to innovate on behalf of players.”

While many decisions from EA have been absolutely atrocious, I have to commend them for the Origin refund policy. Arguably, this encouraged Valve to offer a similar service on the Steam platform, although their decision might have been more to do with European legislation. EA Access is also an interesting initiative and could provide good value-for-money. However, the majority of consumers judge EA on the basis of game releases, microtransactions and other business decisions.

The Origin platform is still disliked, because it’s not Steam, and forces users to install two clients. Even if Origin was the best system out there, it still wouldn’t help EA because their core games prioritize profit over gameplay. Don’t get me wrong, publishers exist to make money, but that shouldn’t happen by looking at a short-term gain, and ruining a number of historic studios.

Don’t Trust the Internet

From time to time we like to keep things mellow here at eTeknix. We bring you the latest news from around the world, so let’s take a seat and let the internet entertain us. This time, in the form of never trusting photoshop users on the internet. Photoshop is a powerful image editing tool from Adobe; its main use is to edit images in ways that would otherwise be impossible to achieve by a camera alone.

Intagrammer Sid Frisjes loves to take ridiculously bad photos while on holiday and leaving them with the hashtag “#Nailedit”. On a recent trip to Paris, Frisjes took another standard photo of trying to touch the top of the Eiffel Tower yet failing once again. Someone then borrowed the image and put it on the dubious 4Chan forums asking for help off some professional photoshoppers to move his finger to the top; you already know the result. Here are just a samples of the amazingly edited images, you can really tell many hours of effort went into these.

Oh internet, how you amuse us so. Do you have an internet folly you’d like to share? Why not go across to our forums and let us in on your secrets.

Thank you to Mashable for providing this information.

Urgent Certificate Patch Issued by Microsoft to Address ‘Out-of-Band’ Foreign Certificates

It is said that Microsoft normally releases their patches and updates on the second Tuesday of every month, also known by most as being Patch Tuesday. This time however, they have apparently been forced to release another update having discovered that foreign encryption certificates for big websites, such as Google, had been coming from the National Informatics Center of India’s certificate server.

The problem here is that attackers have allegedly gained access to the certificate generation system and have issued at least 45 certificates, allowing them to pose as companies ranging from email providers to search engines and even banks, as well as credit card processors. Having NIC generating the certificates, the possibility of becoming a victim is extremely high due to browsers showing the given web sites as being trustworthy, having Microsoft flagging the issue as top priority and issuing the urgent ‘out-of-band’ patch.

“The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties,” Microsoft warned in its emergency bulletin. “The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.”

Microsoft has stated that the update in question is being rolled out automatically to all Windows 8 and Windows 8.1 users, as well as users of older Windows operating systems who have installed a recommended Windows Update patch, adding the certificate revocation support to the operating system.

Thank you Bit-Tech for providing us with this information