Today I received an email from Wachovia asking me to update my Halifax information. Strange that Wachovia would send me an email to update information for another institution. It struck me that this was most likely a phishing scam. It is, if you see a message like this DELETE IT.

Here is a picture of that email:

Read more! »

Last night I received the following email, supposedly from Bank of America.

It is NOT from Bank of America, it is a phishing email. If you get an email like this DELETE IT

Read more! »

I received two identical emails the other day. Neither message was addressed to me, so I had to be on the BCC, blind carbon copy, list. After a quick review, I determined that these emails were nothing more than a variant message on the standard next of kin scam.

If you receive a message like this Delete It do not reply to it and do not forward it to any one.

Here is a picture of the message I received.

Read more! »

People buying computers need to be aware of the security and system software that is installed on new computers. Not only the software installed at the factory, but also by the techs at the elctronics stores.

Case in point:

Last week a friend of mine purchased a new computer at a local Electronics superstore. As part of the purchase the store's techs would remove all garbage software that is installed by the manufacturer, make a restore cd, and install a full fledged virus scanner ( not a trial version ). The virus scanner that was being touted by the sales guys as the one to choose was Microsoft's OneCare.

When they finally got to the check out and were able to talk to the techs, my friend asked if there were any other options. The tech person said that a Symantec was also available. My friend chose the Symantec product, mostly because of name recognition and he had used the product before with no real issues.

A good location to learn about AV product testing and results is Virus Bulletin.

If consumers are internet savy, a search for "independent virus testing" will yield some nice results.

Consumers must stay informed, they have to do the same type of research on security products as they do when purchasing bigger ticket items. You absolutely do not want a "lemon" when it comes to securing your computer in this day and age.

Here is a link that provides the results of the testing that was performed.
http://www.av-comparatives.org/seiten/ergebnisse_2007_02.php

The ISSA-NWA March 2007 meeting will be held at 11:00 am at the Whole Hog Café in Bentonville. Google map to the Cafe.

The meeting should last about two hours. You may purchase your lunch and eat it during the meeting.

Our agenda will be chapter business (about 45 minutes), followed by a technical and strategic discussion on Windows Vista BitLocker (about 1 hour).

BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Ultimate for client computers and in Windows Server “Longhorn”. BitLocker is Microsoft’s response to one of our top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows Operating System. The BitLocker Drive Encryption feature of Windows Vista poses an interesting set of security and performance requirements on the encryption algorithm used for the disk data, much of which we will examine.

This discussion will be facilitated by Christopher Beasley, Enterprise Strategy Consultant for Microsoft.

ISSA "1+1" Membership Drive

Please bring a colleague to the meeting. If that new member joins ISSA and:

You're an ISSA General or CISO Member.
You recruit a new ISSA General Member.
Your name is in the section: "referred by a member."

You and the new member each get an opportunity for:

Round trip airfare
Hotel accommodations
Information Security Conference Fees
300 US Dollars for expenses
Dinner with the ISSA Board of Directors (if attending a CISO Executive Forum)
Picture and interview for the ISSA Journal

Article Review:

Information Week published an intriguing article on the cyber-criminal economy.

On the cyber-criminal black market:
Credit cards with their pin numbers sell for nearly $500
Credit card numbers with security code and expiration date are worth $6-$24
Billing data, including account number, address, Social Security number, home address, and birth date, fetches $78-$294
Trojan programs to steal online account information will set a hacker back $980-$4,900. A computer program to exploit a flaw in Windows new Vista operating system was being sold for $50,000.