Thursday, December 18, 2014

Banks allow phishers to log in using Tor



The Financial Crimes Enforcement Network (FinCEN), a department of the US Treasury that combats financial crimes such as fraud and money laundering, recently released a report stating that "nearly $24 million in likely fraudulent activity" involved known Tor network nodes. The proportion of fraud that involves Tor is increasing rapidly: according to the report, October 2007 to March 2013 saw an increase of 50% in Tor-related fraud reports, whereas the most recent and much shorter period of March 2013 to July 2014 saw an increase of 100%. The report, which is not public, was obtained by computer security journalist Brian Krebs.

Tor is a piece of open-source software that attempts to provide online anonymity using a technique known as "onion routing". Messages sent by the user, such as HTTP requests from the user's web browser, are sent across the Tor network, instead of being sent directly to the destination server. Before a user sends a message, it is encrypted several times, along with information describing how the message should be routed through a virtual circuit across the Tor network. Circuits consist of a series of three randomly-selected Tor nodes: an entry node, a middle node and an exit node. The user's traffic enters the Tor network at the entry node. Each successive node is able to remove a single layer of encryption, which also reveals the next node to send the message to – akin to peeling the layers of an onion. When the message reaches the exit node, the final layer of encryption is removed and it is sent out across the Internet to its final destination. A similar procedure applies to messages travelling in the opposite direction back to the user, such as HTTP responses.


Banks allow phishers to log in using Tor



The Financial Crimes Enforcement Network (FinCEN), a department of the US Treasury that combats financial crimes such as fraud and money laundering, recently released a report stating that "nearly $24 million in likely fraudulent activity" involved known Tor network nodes. The proportion of fraud that involves Tor is increasing rapidly: according to the report, October 2007 to March 2013 saw an increase of 50% in Tor-related fraud reports, whereas the most recent and much shorter period of March 2013 to July 2014 saw an increase of 100%. The report, which is not public, was obtained by computer security journalist Brian Krebs.

Tor is a piece of open-source software that attempts to provide online anonymity using a technique known as "onion routing". Messages sent by the user, such as HTTP requests from the user's web browser, are sent across the Tor network, instead of being sent directly to the destination server. Before a user sends a message, it is encrypted several times, along with information describing how the message should be routed through a virtual circuit across the Tor network. Circuits consist of a series of three randomly-selected Tor nodes: an entry node, a middle node and an exit node. The user's traffic enters the Tor network at the entry node. Each successive node is able to remove a single layer of encryption, which also reveals the next node to send the message to – akin to peeling the layers of an onion. When the message reaches the exit node, the final layer of encryption is removed and it is sent out across the Internet to its final destination. A similar procedure applies to messages travelling in the opposite direction back to the user, such as HTTP responses.


Wednesday, December 17, 2014

Apple Cider Vinegar Detox

12 ounce glass of water

5 Tbsp. Apple Cider Vinegar
1 tsp. ground cinnamon
4 Tbsp. lemon juice
1 pinch red pepper

Mix

Apple Cider Vinegar Detox

12 ounce glass of water

5 Tbsp. Apple Cider Vinegar
1 tsp. ground cinnamon
4 Tbsp. lemon juice
1 pinch red pepper

Mix

Tuesday, December 2, 2014

FDIC: What to Expect in New Guidance


When the Federal Financial Institutions Examination Council releases new cybersecurity guidance, it will address specific types of cyber-attacks and threats, according to examination specialists from the Federal Deposit Insurance Corp., one of the FFIEC's regulatory agencies.

See Also: Threat Intelligence: Real-Time Breach Discovery

During a Nov. 20 community banking advisory committee meeting, members of the FDIC's Division of Risk said future IT examinations for banking institutions of all sizes will include reviews of specific cybersecurity initiatives, such as employee awareness and training, as well as software and operating system patching.

FDIC: What to Expect in New Guidance


When the Federal Financial Institutions Examination Council releases new cybersecurity guidance, it will address specific types of cyber-attacks and threats, according to examination specialists from the Federal Deposit Insurance Corp., one of the FFIEC's regulatory agencies.

See Also: Threat Intelligence: Real-Time Breach Discovery

During a Nov. 20 community banking advisory committee meeting, members of the FDIC's Division of Risk said future IT examinations for banking institutions of all sizes will include reviews of specific cybersecurity initiatives, such as employee awareness and training, as well as software and operating system patching.