Top 10 stupid security stories of 2011
Top 10 stupid security stories of 2011Posted on 2 Jan 2012 at 08:40
Davey Winder rounds up the most brainless security moments from the past year
Stupidity comes in many guises, covering the spectrum from funny through FUD to fail. During the course of 2011 the IT security industry has seen almost every conceivable definition of stupid, including more than a handful that have originated from within the industry itself. Davey Winder has been raking through the archives to compile his top ten stupid security moments of the year...
1. Your printer will not kill you
Ah yes, file this one under “too much time on their hands” perhaps? A security story about a printer. Not a network-enabled printer that may allow a clever hacker access to your data in a slightly convoluted manner. Oh no, a printer that could be hijacked by terrorists and blow up. Yep, security researchers from Columbia University warned that it was possible to exploit a security vulnerability in the firmware of certain HP printers that enabled hackers to overheat paper and disable a thermal cut-off switch to cause a fire. Possibly. Apart from the fact that HP soon poured cold water on this by confirming said thermal breakers couldn’t be controlled by the firmware updates mentioned.
2. GCHQ code breaker blunder
GCHQ, for those of you who don’t know, is the UK's top secret Government Communications HQ - the place where all the spying on telephone calls and reading of emails goes on. It is, quite rightly, thought of as being home to some very clever people indeed. In 2011 GCHQ decided to run a recruitment campaign for more clever people to join in the snooping fun. Applicants needed skills in C++ and cryptography, of course, and the ability to break a specially created code consisting of 160-paired alphanumeric characters in order to find out more and move to the next step in the application process. So why is this in my stupid security list? Ah, well that would be down to whoever created the code-breaking job application Can You Crack It? micro-site, forgetting that a simple Google search would reveal the location of the webpage supposedly only visible to the clever types who could, indeed, crack it. Whoops.
Hsbc Personal Login Uk - News
The argument, put forward by security vendor SecurEnvoy, was essentially that using physical tokens (you know, the little calculator things that create a one-time password for login) is damaging the planet. Samsung R700.
We moved to Jersey as we were at the time both bank managers for HSBC. Jon is still with HSBC. “After 20 years in the bank I resigned as I have set up a children's fitness business here. I am a qualified fitness instructor and I felt there was a need
Account Security Update - HSBC Phishing Scams - MillerSmiles.co.uk
Email asks you to confirm/update/verify your account data at HSBC by visiting the given link. You will be taken to a spoof website where your details will be captured for the phishers.
HSBC never send their users emails requesting personal details in this way.
The REAL URL of the spoof website is disguised as "http://hsbc.co.uk/1/2/personal/pib-home/ login/confirm".
The spoof website this email links to was not online at time of this report, but variations of the scam which link to working websites are bound to exist, so be wary! The website may have been taken down or disabled by the hosts, but quite often these websites are hosted on the personal computer of the phishers, so may only be online at certain times.
The REAL URL of the spoof website looks nothing like the actual HSBC URL. Dear Customer,
Your online security is our number one priority. We work hard to help you stay safe when banking online. We are committed to protecting you, with the latest technology to keep your details secure, and dedicated teams to monitor online activity and intercept any suspicious transactions.
Our technical service department has recently updated our online banking software, and due to software upgrade we kindly ask you to follow the reference given below to ascertain your membership security guarantee measures. Failure to affirm your membership details will suspend you from accessing your online banking.
http://hsbc.co.uk/1/2/personal/pib- home/login/confirm
At HSBC, we use industry standard security technology and practices, focusing on three key areas privacy, technology and identification to safeguard your account from any unauthorised access. The administration asks you to accept our apologies for the inconvience caused and expresses gratitude for cooperation. If you have any queries about this please call our Online Helpdesk on 08000 43 69 31.