As reported in March, the FBI has uncovered a network of rogue DNS servers and has taken steps to disable them. DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.

When you enter a domain name, such as www.fbi.gov, in your browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website.

DNSChanger is malicious software created by cybercriminals to redirect the Internet traffic of millions of unsuspecting users to websites where the thieves have profited from advertisements. All computers still infected with DNSChanger malware will no longer be able to access websites, email, chat, or social networking sites like Facebook after July 9th.

Most of us will have a difficult time manually changing these settings on our own. To help with this, McAfee has released a free tool to you find out if you are infected or not.

To see if you are infected with the DNSChanger virus visit http://www.siteadvisor.com/dns_checker.html then click on the “Check Now” button. If your computer is fine, you will receive a green check message and if your computer is infected you will see a red X mark. You can then download a free update to clean up your PC and restore your Internet settings.

It is quite possible that if your computer is infected with this malware, it may also be infected with other malware. To protect yourself you should:

 Make sure your PC has comprehensive protection with antivirus, antispyware, anti-phishing, antispam and a firewall

Set up regular updates of your operating system so you get critical security patches and keep your browser updated too

Be cautious of clicking links in the body of an email

Stay safe!

Robert Siciliano is an Online Security Evangelist to McAfee. 

“Dumps” are batches of stolen credit card numbers. In most cases, these stolen numbers were compromised in one of the hundreds of data breaches currently affecting millions of consumers and, in turn, causing nightmares for banks and retailers, who end up losing big money when they fail to put systems in place that would evaluate transactions for fraud risk before the crime occurs.

This example of a criminal’s sales pitch for stolen dumps came to me through a comment on a blog post I wrote about credit card security. Go figure!

I censored identifying information to protect the guilty, but if you scan the following message line by line, you’ll see there’s a great deal of thought put into the pitch. Some of the rhetoric is a bit ironic, such as, “TO DEAL WITH ME First is TRUST me, if you cant Trust don’t contact.” Yeah, okay, buddy. Ever hear the expression, “There is no honor among thieves?”

“Author : visadumps (IP: 195.24.XXX , 195.24.19XXX)
E-mail : This email address is being protected from spambots. You need JavaScript enabled to view it.
Whois  : http://whois.arin.net/rest/ip/195.24.XXXX

New Hacked stuffs available** Selling Dumps With Hacked Track 1 Track 2 , Best Dumps For Sale From Old Vendor!!!!

We will give order immediately after payment if payment was thru libertyreserve (Lr).

If you pay Western Union or Moneygram you receive your stuff in 2-6 hours.

INFINITE , BLACK AMEX , MC WORLD – $200

* USA DUMPS

US Classic – $25
US MC Standart – $25
US Gold – $35
US Platinum – $30
US Purchasing/Signature – $40
US Bussines/Corporate – $40
US MC World – $40
* CANADA DUMPS
Standart/Classic $40
Gold/Platinum $55
* EUROPE
EU Gold – $80
EU Platinum – $905
EU Business – $150
EU Corporate/Purchasing – $100
EU Classic – $70
EU Infinite – $200
EU 201 $100
EU 101 $120
******************
Other countries: ( 101 -121 ) , BRAZIL , AUSTRALIA , CHINA , JAPAN , UK , etc
MasterCard Visa Classic – $80
Visa Gold Platinum Corporate Signature Business ? $100
==================
sample of dumps :
MC: 5424180*****509=0906101085010581 ; B5424180*****09^LISA/MICHAEL D ^090610100000008501000000581000000

542418*****6583=0909101226010498 ; B542418*****6583^PETERS/ANGELA M ^090910100000022601000000498000000

VISA:
41144******501329=091110114013216 ; B41144******501329^BALANGERO/ JUSTIN M^091110100000014013216000000

41212******22456=09091010000092900000 ; B41212******22456^CORNELL/LORI^09091010000000000 092900000000000
———————————————— ———————————————— ——————
Contacts : icq#: 639512XXX
ATM CARDS PLASTIC….yescards. atm

Send By DHL 2 days and u get price 300€ or 320$ upfront 150€ or 150$
sure and u past me ur post code
and u get after 2 days sure but before i past tracking ……

payment Via Westernunion; LR don’t ask me for test

CONTACT ME :
Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.
YH : franceparie
ICQ : 639512294
==========
RULES
1. I DONT give test free or demo or Screenshot . TO DEAL WITH ME First is TRUST me, if you cant Trust don’t contact
2. I only accept western union (WU) and liberty reserve (LR)
3. Replacement is within 48hrs of purchase and replacement is once per order
4. I send you your stuff immediately after payment confirmation or money pick up
5. western union (WU) minimum is 200$
6. minimum order for us dumps paying with liberty reserve(LR) 5pieces minimum”

So…would you like to buy some dumps? The guy seems credible. But then, he is a criminal. When stolen credentials from sources like these are used to make fraudulent purchases, device-based technologies like those offered by iovation Inc., provide real-time intelligence that help retailers, banks and shipping companies detect fraudulent transactions as they are being attempted. This way, bad actors and fraudulent transactions can be stopped before the product has shipped and chargebacks and bank fees incurred. This emerging technology examines the PC, smartphone, or tablet being used to conduct an online transaction in order to determine whether the device’s characteristics, behavior, and history indicate high-risk activity.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

In the United States, credit and debit cards rely on magnetic stripe technology. The magnetic stripe is the black, brown, gold, or silver band on the back of your credit or debit card. Tiny, iron-based magnetic particles in this band store your account number. When the card is swiped through a “reader,” the data stored on the magnetic stripe is accessed. Card readers and magnetic stripe technology are inexpensive,  readily available and  vulnerable to fraud.

The other, more secure type of credit card is called “EMV,” which stands for Europay, MasterCard, and Visa. According to the Smartcard Alliance, “EMV is an open-standard set of specifications for smart card payments and acceptance devices. EMV chip cards contain embedded microprocessors that provide strong transaction security features and other application capabilities not possible with traditional magnetic stripe cards.”

If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard.

The Smartcard Alliance explains: 

“U.S. travelers are reporting troubles using their magnetic stripe cards while traveling. Aite Group has estimated that 9.7 million U.S. cardholders experienced magnetic stripe card acceptance issues when they traveled internationally in 2008, costing banks $447 million in lost revenue. The most common areas where travelers may face issues are at unmanned kiosks for tickets, gasoline, tolls and/or parking, and in rural areas where shop owners do not know how to accept magnetic stripe cards.”

To avoid payment problems, follow these steps:

• Ask your bank if they offer an EMV card. Most major banks do, including Bank of America, Chase, Citibank, U.S. Bank, and Wells Fargo.
• Pay in cash.
• Don’t expect your debit cards to work at payment terminals. Yes, your debit card requires a PIN, but that doesn’t make it an EMV card. You should be able to use your debit card to get cash from ATMs.
• Inform your bank you will be traveling, otherwise they may flag your card for fraud.
• Visit GetFluentC.com to share your story and learn more.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Let’s get one thing straight: it’s no longer possible to deny that your life in the physical world and your digital life are one and the same. Meaning, while you are present here on the ground, you also exist online, whether you know it or like it or not. Coming to terms with this reality will help you make better decisions in many aspects of your life.

Get device savvy – Whether you’re using a laptop, desktop, Mac, tablet, or smartphone, learn about it. No excuses! No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

Get social – One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. You should think about what you post on social networks—don’t put anything on there that you wouldn’t want anyone you see. A good rule of thumb to follow is to be aware of all the information you have available online, and consider everything you post as public, even if you are using the strongest privacy settings available.

Manage your online reputation – Whether you are socially active or not, or whether you have a website or not, there are plenty of websites that know who you are, and either mention you or are listing your information in some fashion. Google yourself and see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence in your voice. And don’t let others use your name on a site—go ahead and secure your identity on a site, even if you don’t actively use it so someone else can’t take your identity and pose as you.

Get secure – There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Make sure you invest in software to protect all your devices—not just your PCs. With the power of smartphones, tablets and notebooks, it is critical to protect all these devices, not just your home computer. Software like McAfee All Access can provide a complete solution for protecting all your devices including PCs, Macs, smartphones and tablets as well as providing protection for your kids online.

Digital devices are a reality for most of us and while they provide a myriad of conveniences, they could also open us up to potential risks. By taking just a few simple precautions you can keep yourself safe online.

Robert Siciliano is an Online Security Evangelist to McAfee. 

Wi-Fi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, even airplanes.

Wi-Fi wasn’t born to be secure; it was born to be convenient. Wireless networks broadcast messages using radio and are therefore more susceptible to eavesdropping than wired networks.

Today, with criminal hackers as sophisticated as ever, if you are using an open unsecured network on your mobile device, you risk exposing your data. There are many ways for hackers to see who’s connected on a wireless connection, and to gain access to your information including passwords, emails, and all the data on your device.

To protect yourself and your data when using Wi-Fi, you should:

Turn it off: the most secure Wi-Fi is one that is turned off. Disabling the Wi-Fi signal on your device prevents anyone from seeing your device and prevents your mobile from randomly connecting to just any available Wi-Fi.

Limit your use of hotspots: When you’re away from your home or work network, use a 3G or 4G data connection instead since most mobile phone providers encrypt the traffic between cell towers and your device.

Use a Wi-Fi connection is protected: Make sure you don’t see the message you are “connecting to an unsecured network.” You may also need a password or code to get access to the Wi-Fi connection.

Use a VPN: a Virtual Private Network (VPN) is one set up with encryption to protect your data from unauthorized access. A VPN may be available through your workplace or at home. A quick search in your mobiles application store will quickly result in numerous free and paid apps to go online in a VPN.

Only use https: Hypertext transfer Protocol (http) with Secure Sockets Layer (SSL, hence the S) is a more secure option set up by a website that knows security is essential. Look for https:// in the address bar signifying it’s a secure page. Even on an open unsecure wireless connection https is more secure.

If you do use public Wi-Fi, make sure not shop online or access your personal and financial sites. And remember to keep in mind that potentially anything you are doing online can be accessed by someone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft. 

A federal investigation dubbed “Operation Open Market” recently yielded 19 arrests in nine states, for crimes including identity theft and counterfeit credit card trafficking. The defendants allegedly participated in “Carder.su,” a Las Vegas-based transnational ring that bought and sold stolen personal and financial information and manufactured counterfeit IDs and credit and debit cards in order to commit fraud. This criminal organization has also been known to host online forums wherein members are encouraged to buy and sell counterfeit documents and stolen data.

Executive Director of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations James Dinkins commented, “The actions of computer hackers and identity thieves not only harm countless innocent Americans, but the threat they pose to our financial system and global commerce cannot be understated.”

According to the Federal Financial Institutions Examination Council’s latest update, “Fraudsters use keyloggers to steal the logon ID, password, and challenge question answers of financial institution customers. This information alone or in conjunction with stolen browser cookies loaded on the fraudster’s PC may enable the fraudster to log into the customer’s account and transfer funds to accounts controlled by the fraudster, usually through wire or ACH transactions.”

The FFIEC recommends that financial institutions incorporate device identification into their layered security approach in order to thwart attacks like these, but smart financial institutions are going a step further by employing device reputation analysis approach.

iovation, an Oregon-based firm helping to fight cybercrime, offers device reputation, which builds on its complex device identification technology. It does this by offering real-time risk assessments which look at evidence of past fraud attacks, risk profiles, detects anomalies, and uncovers relationships between devices and accounts that have a history of working in collusion to stealing from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

It has become standard practice to upgrade to a newer device, and people often sell, donate, or discard the old one. Or maybe you’ve received a new computer or mobile phone as a holiday gift and need to get rid of the old one. You consider selling them so you can get some money back—maybe to purchase your newest device, but is this really worth it?

After what I’ve seen, I don’t think so. I conducted a test where I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on the devices. I found a startling amount of personal data including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we were safe if we did a factory reset on our mobile device, we also need to remember to remove or wipe any media like internal drives, SD cards, and anything else that stores data really should be destroyed. And for Android phones, even though some of the phones had done a factory reset, I was still able to find data on them. Furthermore, after having spent a few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

So whether you destroy your smartphone with a sledgehammer, use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist. Yes, this will not provide much help for resale value, but you’ll have some fun and know that your information is safe.

Robert Siciliano is an Online Security Evangelist to McAfee.