Phisher-Friendly
The impending addition of new alphabets to Internet domain names may be a boon for phishers, The Times of London reported last week.
Today domain names are written in Roman characters regardless of the language used on a Web site. The planned addition of non-Roman character sets
Spoof sites aim to steal financial data by impersonating a legitimate bank or retail Web site. If the ruse is convincing enough, visitors may be tricked into typing in their credentials. Though banks have gotten more aggressive about registering domain names that are similar to their own (a practice that a 2005 "Jeopardy!" contestant named
According to the Times article, PayPal could again be a victim if someone were to use the Russian alphabet to spell out a domain that resembles "paypal.com" but uses Russian characters.
Charlie Abrahams, a vice president with the San Francisco brand-protection firm MarkMonitor Inc., told the Times that "the risk for general brand abuse is going to increase exponentially" once these new character sets are allowed by the Internet Corporation for Assigned Names and Numbers.
Put It to the Test
There's a growing business in helping programmers determine if their password-stealing programs
Virus-testing Web sites come in two flavors, Brian Krebs wrote on his KrebsonSecurity.com blog last week. One kind, meant to protect users who suspect they've discovered a new virus, sends its results to the antivirus community to protect the Internet from infected files; the other kind, aimed at virus developers, promises the exact opposite.
Sites like av-check.com and virtest.com "bank on the guarantee that they won't share your results with the antivirus community," Krebs wrote.
For $40 a month, or $1 per file, av-check.com says it will determine whether a file can be detected by 22 popular antivirus products — and keep its findings private.
Virtest.com promises to prevent the antivirus programs from reporting their findings to the companies that wrote them, ensuring the scans are not even communicated by accident.
"The proprietors of these services don't even try to hide the fact that they have built it for malware writers," Krebs wrote.
The Password Is No
"Star Trek" may be a great movie franchise, but it is not a great password.
It is one of several hundred phrases that Twitter Inc. has banned as passwords. An exhaustive list of banned passwords — including some movie references, like "startrek" or "matrix," as well as references to sports or sex — is coded into the sign-up page for Twitter accounts. And yes, "twitter" is also a password the company deemed too obvious for use.
Several Internet sites, including
Other weak passwords on the list include the word "password," various proper names and movie references like "starwars" and "topgun."
Oddly, "Enterprise" did not make the list, but the fictional starship's registry number, "ncc1701," did. And it seems few Marx Brothers fans use Twitter —
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any