LinkedIn Scamming Customers?

Anyone who is active in the professional world loves LinkedIn. (In my opinion) it is an absolutely flawless way to network, get your name out there, and build up on online resume that is able to be referenced on websites,blogs, or emails. It allows companies seeking employees an easy venue to find qualified personnel, helps skilled labor to find a company looking for someone just like them, and rekindles old flames left to die. Okay, so maybe isn't the hotbed of romantic activity on the internet, but its great for business. Especially LinkedIn's bottom line.


"How can LinkedIn benefit from networking?"

When you sign up for LinkedIn, you are asked to complete a resume of sorts. This initial information includes your name, date of birth, field of business,location and interests. Then you of course have the option of adding where you have worked, gone to school, and clubs/associations you are a part of. After all these personally identifiable things, you are then given the option of Joining Linkedin "Groups". These are generally trade groups or groups that allow a person to further network their profile. In short, LinkedIn has developed a complete advertiser's dream scenario. A company can buy your profile information from LinkedIn, and are provided with all of your information, along with means of contact for you. In general, LinkedIn has a full demographical breakdown of you and anyone you "Invite" to LinkedIn. And whereas the majority of LinkedIn users are over 40 and have incomes of over $100,000 dollars- they are the ideal targets of marketers, both legitimate and not. Recently LinkedIn decided to advertise merchandise to its users, but in a selective manner. For example, if Mercedes decided to advertise its new model, it would go to LinkedIn and they would choose from the member database the ones that fitted the marketing campaign. Then, LinkedIn decided to make a little more money by offering Premium Business and Premium Business Plus. With a regular membership you couldn't just send someone an e-mail, you had to be introduced first; with the new types of membership, this was no longer an issue. HR companies saw a great opportunity in this and for good reason. All they had to do was pay and they had access to all sorts of potential job candidates.

Their new Enterprise Corporate Solution gives access to all 23 million users of LinkedIn.

British Health Records Stolen

This is really beginning to get to me. With the proliferation of laptops in our society, you would think that knowledge of security would begin to rapidly spread as well. However, this is the second story in less than a week of a laptop being stolen from a car. Now, if this was an office of some sort, with semi-inconsequential data it would be understandable. But it seems that more and more, Healthcare IT staff are carrying around patient data on their personal laptops. These are people who are carrying around credit card info, banking numbers, social security numbers, Names, dates of birth. And i still wouldn't have a problem with it if they would take some sort of rudimentary precautions to ensure the protection of the data. However, there have been cases of IT staff storing full system backup tapes, laptops, USB Crypto keys, and entire servers in the back of their cars. They are then completely amazed when these top-level security measures are thwarted by a crook with a crowbar. This latest incident occured after a British IT worker for the NHS trust left his laptop unsecured in his car, along with 21,000 patients details. To make things worse, none of the information was encrypted. So the thief now has complete access to any and all patient data. The NHS trust reinforced the now common perception that they were completely technologically incompetent by stating (trying to make the situation better) "the data will almost certainly by wiped by the thief"

What steps should you take in order to secure a system from theft?
A. Set a Bios Level Password
B. Set at least a 14 digit password.
C. Require some sort of Biometric Authorization for Access
D. Always keep your data in an encrypted folder
E. If practical, Hide private data inside of another file
F. Keep any backups in humidity controlled, insulated environment.
G. Rule of Thumb: If your system can be seen, its public data.
H. Thumb of Rule: If your system is in your car, it deserves to be stolen.

Millions of Health Records stolen. Again.

And here I am, Sitting at my desk in the middle of a storm, watching twitlive, browsing the internation. What do I come across? Another, Another, Another, Another, Theft of CONFIDENTIAL information. Did the criminal slide in under the cover of darkness, bypass laser security, and swiftly crack into a safe containing a base of backups? Nope, the ever intelligent Network Admin decided to keep the backups in, the back-of his car. Do you want more info on the massacre of confidential information? If you must, read on:

The University of Utah Hospitals & Clinics is currently notifying 2.2 million patients about the theft of medical billing records. On June 2, a box of backup tapes containing patient and guarantors billing records was stolen out of a car belonging to a contracted independent storage company. The tapes contained the personal information on 2.2 million patients and guarantors including patient names, related demographic information and diagnostic codes. In addition, these records contained the Social Security numbers of 1.3 million patients. The Salt Lake County Sheriff’s Department, the FBI and the U.S. Postal Service are investigating the theft. According to Lorris Betz, M.D., Ph.D, Senior Vice President for Health Sciences, University of Utah Hospitals & Clinics is taking aggressive steps to protect patient confidentiality including notifying all 2.2 million individual through postal mail, offering one year of free credit monitoring to those whose SSNs were on the tapes and offering a $1,000 reward for the return of the tapes, no questions asked. The University of Utah Hospitals & Clinics has also setup a hotline - 866-581-3599 - and a web site - healthcare.utah.edu/billingrecordstheft - to help answer any questions and provide more information about the theft.

MICROSOFT SCAMS AGAIN!

Businesses that skip Windows Vista and upgrade their computers directly from the XP operating system to Windows 7 could expose themselves to security risks and other problems, Microsoft says in a new white paper.

Bypassing Vista could have "implications for security, support, and regulatory compliance and reduce flexibility in the face of changing business requirements," writes Microsoft VP Mike Nash, in the paper.Specifically, Nash says that businesses that wait for Windows 7 -- set for release in late 2009 or early 2010 -- to upgrade from XP could find themselves using outdated applications that don't employ proper security safeguards or are no longer supported.

They also won't get the advantage of new security technologies and other improvements that Microsoft embedded in Vista, Nash says. "By not deploying Windows Vista, it means missing out on the proven benefits such as better security, productivity, search, mobility, manageability and infrastructure optimization," Nash says in the paper, which is titled "The Business Value Of Windows Vista."

Do you remember any similar pushes with previous operating systems? This could possibly be because of the absolute travesty that is Vista security, that has kept so many large businesses from switching to the operating system. After such an outcry from the IT community and backlash against their prettiest operating system, Microsoft has decided to switch their tactics from marketing to George Bush-esque "strategertizing". Overheard in a consultation, "OH so you don't want to upgrade to Vista? If you don't You will never be able to Upgrade again!!!" Basically they are trying to tell you that if you don't upgrade to Vista, You can't upgrade to 7. And you can bet that the software of 7 wont allow a install from XP. And will most likely have a discount upgrade to Vista. 49.99 so that you can upgrade to vista so that you can upgrade to 7 (It's a steal!!!)

HP Support Hacked! UPGRADE NOW!

A customer support application that comes bundled with HP PCs have been found to harbour multiple security vulnerabilities.

The pre-installed software is designed to make it easy for users to keep drivers and HP software automatically updated. But flaws in ActiveX components within HP Instant Support give rise to multiple vulnerabilties that lend themselves to drive-by download malware attacks in cases where Windows users running the vulnerable software stray onto insecure or hacker controlled websites, CSIS Security Group warns.

HP Instant Support HPISDataManager.dll version 1.0.0.22 and earlier are vulnerable. Users need to upgrade to version 1.0.0.24 as explained in a security bulletin from HP here.

A CSIS advisory containing proof of concept demos of the flaws can be found here. And there's an easy to digest bit from Secunia here.

It's not the first trouble HP has had with rogue ActiveX controls in its pre-installed utilities. In December last year two ActiveX bugs created a mechanism for hackers to either thrash or inject hostile code onto HP PCs running either HP Software Update or HP Info Center, respectively.

Alert: LinkedIN Scams Rampant

Have you heard of the professional networking site linkedin? Well, a number of professional users (Including Myself) have been using this site to increase their job prospects, clientele,  and associates. It seems that more and more, professional scam artists are trying to prey off of the unsuspecting users of LinkedIn. It seems that common sense isn't all that common. Just because someone has a LinkedIn profile- Doesn't mean that they are trustworthy.

     Unsuspecting professionals, driven by the urge to make quick millions off of a simple transaction, willingly turn over their bank information to a person who has made their acquaintance online. Why? Well, the scammers are using a '419 Scam'. What happens is the attacker claims to have inherited/ claimed a large sum of money, and is willing to give you a large fee to deposit the newly acquired funds into a US Bank account.

The best possible way to prevent this kind of attack is to: (A) Only accept mail from people you know, Or who have a related Interest (B) Never execute any financial transactions based solely upon knowledge recieved via virtual communications, Be it Email, Social Networking, Or other communications.  Unless you know the person, don't allow someone access to your account.