Thursday, May 24, 2012

Monday, a few days late

I'm not sure what happened, but it's Thursday already.  Here's a look at some of the more interesting articles from the last few weeks:
  • There's a nasty attack out there hitting some German bank web sites that send customers transaction authorization numbers (TAN) via SMS.  Seems a man in the browser (MitB) attack using the Tatanga trojan creates a bogus web form which the customer then unknowingly enters their valid transaction authorization number (TAN).  From that point, the customer sees a display showing the expected balance and a successful transaction.  Problem is, the trojan sends in an "authorized transaction" that transfers most of the money in the account elsewhere.
  • There was an article or two about hospitals notifying medical personnel they should not associate with patients or discuss medical issues on-line.  I would think this is something that wouldn't have to be explained, but with the explosion of social networking sites, it happens quite a bit.
  • DHS released a report on medical device (in)security.  Lots of concerns ranging from taking over implanted medical devices, to gaining network access, to mobile device use.  
  • If you haven't done so already, check your computers out to see if they have the DNS Changer malware.  According to the those keeping track, there are possibly more than 300K computers world-wide still trying to resolve domain names to the bogus DNS servers.  The DNS Changer Working Group has all the information on how to check your computer and what to do if infected. Another way to check now could be simply going to Google. According to their security blog, Google will now display a banner message if it appears your computer is infected.