Latest News and Blog Updates

‘Heartbleed’ Bug Bypasses Web Encryption

Posted by admin In Online Security 0 comment

A major new vulnerability called Heartbleed could let attackers gain access to users’ passwords and fool people into using bogus versions of Web sites. Some already say they’ve found Yahoo passwords as a result.

The problem, disclosed on 8th April, is in open-source software called OpenSSL that’s widely used to encrypt Web communications. Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.

Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who’s used them to change passwords too, because they could have been intercepted. That’s a big problem as more and more of people’s lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.

Yahoo said just after noon PT that it fixed the primary vulnerability on its main sites: “As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”

OpenSSL is one implementation of the encryption technology variously called SSL (Secure Sockets Layer) or TLS (Transport Layer Security). It’s what keeps prying eyes out of communications between a Web browser and Web server, but it’s also used in other online services such as email and instant messaging, Codenomicon said. The bug afflicts version 1.0.1 and 1.0.2-beta releases of OpenSSL, server software that ships with many versions of Linux and is used in popular Web servers, according to the OpenSSL project’s advisory on Monday night. OpenSSL has released version 1.0.1g to fix the bug, but many Web site operators will have to scramble to update the software. In addition, they’ll have to revoke security certificates that now might be compromised.

Developer and cryptography consultant Filippo Valsorda published a tool that lets people check websites for Heartbleed vulnerability. That tool showed Google, Microsoft, Twitter, Facebook, Dropbox, and several other major Web sites to be unaffected — but not Yahoo. Valsorda’s test uses Heartbleed to detect the words “yellow submarine” in a Web server’s memory after an interaction using those words.

Should I Change My Password?

Some security experts are saying that it would be prudent to do so although there is a degree of confusion as to when and if this needs to be done.

Many of the large technology firms including Facebook and Google have patched the vulnerability. Confusingly though Google spokeswoman Dorothy Chou specifically said: “Google users do not need to change their passwords.” A source at the firm told the BBC that it patched the vulnerability ahead of the exploit being made public and did not believe that it had been widely used by hackers.

Some point out that there will be plenty of smaller sites that haven’t yet dealt with the issue and with these a password reset could do more harm than good, revealing both old and new passwords to any would-be attacker. But now the bug is widely known even smaller sites will issue patches soon so most people should probably start thinking about resetting their passwords.

“Some time over the next 48 hours would seem like sensible timing,” the University of Surrey’s computer scientist Prof Alan Woodward told the BBC. Mikko Hypponen of security firm F-Secure issued similar advice: “Take care of the passwords that are very important to you. Maybe change them now, maybe change them in a week. And if you are worried about your credit cards, check your credit card bills very closely.”

See full articles at:

http://www.cnet.com/uk/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

http://www.bbc.co.uk/news/technology-26969629

Test websites for Heartbleed vulnerability at:

http://filippo.io/Heartbleed/

Football Kit Man Sentenced for Making Fake One Direction Shirts

Posted by admin In Counterfeit Clothing and Merchandise 0 comment

A football kit man ran a lucrative sideline flogging thousands of fake One Direction hoodies and T-shirts online.

Gary Simpson churned out the bogus boy band gear from the clubhouse at Moorside Rangers, using the equipment intended for printing names and numbers on strips.

Simpson, 55, had no licence to use the pop stars’ branding, the Manchester Evening News reports but fans snapped up £16.99 items bearing crude copies of logos belonging to the teen idols as well as Justin Bieber, JLS, The Wanted, Olly Murs and Westlife.

Simpson was spared jail after admitting eleven trademark offences over two years.

The court heard he was a ‘decent’ man who turned to counterfeiting as his legitimate workwear business faltered, with debts piling up.

He was caught red-handed after a representative of the firm which owns JLS’ copyright made a test purchase from Simpson’s eBay page, and found the hoodie he received was counterfeit and poor quality.

Salford trading standards started an investigation, leading to a raid in February on his home in Walkden, Salford and his warehouse in nearby Worsley.

During the search, Simpson admitted he printed the fakes at the football club’s ground in Swinton.

Nicholas Courtney, prosecuting, said: “He would find the relevant logos on the internet, download them, and send them to cutting machine at the football club.

“The counterfeit goods part of the business had been extremely busy – £15,000 in the three months prior to Christmas.

“It seems clear, on any basis, the defendant was doing a substantial trade, with profit measured in the tens of thousands.”

Neil Usher, defending, said: “At the time, he had no idea how serious his activities were. He foolishly assumed because others were selling them on eBay there was nothing wrong with it.”

Sentencing him to a 16-month jail sentence, suspended for two years, and 100 hours community work, Judge Lesley Newton said she took into account Simpson’s ‘significant contribution’ to the football club, cooperation with the investigation, and ‘genuine remorse’.

She added if he were jailed, his creditors would go unpaid and his family would ‘suffer severely’.

http://www.mirror.co.uk/news/uk-news/gary-simpson-one-direction-justin-3301315#ixzz2yGuRPtRM

Don’t be Caught by Phishing Scams

Posted by admin In Fraud 0 comment

Please be warned that no matter how convincing, requests from websites posing as banks, government departments, utilities, etc which request bank details such as account names or numbers should never be answered, and NEVER NEVER divulge password or PIN numbers unless you want to see your account emptied overnight. Phishers have got very clever at posing as legitimate, because they happily steal the logos and identifying characteristics of genuine companies.

Another Successful Week of Raids by the Surelock Team

Posted by admin In Counterfeit Clothing and Merchandise 0 comment

A tremendous week’s work. Simultaneous raids with Manchester and Tower Hamlets TS, multi agency raids at Charles House, Southall, raids with Suffolk TS and Brent & Harrow TS and over £1 million worth or our clients’ counterfeits seized. Great work by Surelock’s dedicated team, well done everyone and thanks to the respective authorities.

Woman from Arnold Found Guilty of Five Trade Mark Offences

Posted by admin In Counterfeit Clothing and Merchandise 0 comment

An Arnold woman has received a six-month supervision order for selling counterfeit clothing via the social media site Facebook at Nottingham Magistrates Court this Wednesday (8 January).

Laura Franks, 32, of Kingswell Avenue, Arnold, pleaded guilty to six offences against the Trade Marks Act 1994 and was also ordered to pay £600 towards prosecution costs plus a £60 victim surcharge.

A Nottinghamshire County Council trading standards investigation found a Facebook account set up by Ms Franks which advertised a variety of counterfeit branded clothing such as Tiffany jewellery Stone Island and Ralph Lauren, with messages offering to deliver the goods.

Her home was raided last year by trading standards and police officers where order books and a small amount of fake clothing were found.

A mobile phone was also seized with dozens of photos of counterfeit items and messages on items for sale and prices.

Councillor Glynn Gilfoyle, Chairman of Nottinghamshire County Council’s Community Safety Committee, said: “There is a popular belief that counterfeiting is a victim-less crime which is far from the truth.

“Counterfeit goods affect local retailers of genuine goods who cannot compete and there is a significant loss to the clothing industry and tax revenue which would have been raised for vital public services such as the NHS and care for the elderly.”

United Kingdom Defamation Act Now in Force

Posted by admin In Defamation Act 2013, freedom of expression, New Legislation, public interest, user-generated content, websites 0 comment

The Defamation Act 2013, in force since 1 January 2014, reforms the law of defamation in the UK. The Act aims to balance the right to freedom of expression and people’s ability to protect their reputation. It introduces a new serious harm threshold, which is meant to discourage trivial claims that harm freedom of speech. The Defamation Act provides protection for those who are publishing material on a matter of public interest where they reasonably believe that publication is in the public interest.

If individuals think an online statement is defamatory, they can first try to resolve the dispute directly with the person who has posted the statement. This offers better protection for the operators of websites hosting user-generated content.

The Defamation Act was given Royal Assent on 25 April 2013 and entered into force on 1 January 2014.

“Online Onslaught” – Press Release from ACG

Posted by admin In Counterfeit Clothing and Merchandise 0 comment

Friday 13th proved to be especially bad luck for those selling counterfeit goods on Facebook.

Figures released today show more than 600 traders offering in excess of 1300 listings which are being removed in what is hoped to be the first of many such exercises aimed at disrupting and dismantling counterfeiting activity on the Facebook platform.

The Anti-Counterfeiting Group (ACG) and 17 of its members have been monitoring the platform and collecting evidence against individuals and groups.

The fakes being targeted range from branded cosmetics and electrical goods to clothing and footwear.

Having identified the offending pages they then initiated a takedown operation through Facebook’s own reporting tool, removing illegal content and supporting Trading Standards across the UK in targeted enforcement actions on traders.

ACG Director General Chrissie Florczyk said “Facebook is being used by hundreds of counterfeiters to sell a whole range of products to consumers. This activity severely impacts on our members and through our coordination role we are committed to supporting any activity that reduces this threat. All of the data collected will be passed to law enforcement agencies, so the message to anybody considering selling fakes on Facebook is beware!”

Handley Brustad Lead officer for Intellectual Property, Trading Standards Institute commented “We wholeheartedly support this initiative. These actions can only benefit consumers, by preventing them from being misled”.

“The City of London Police fully supports the work of the Anti-Counterfeiting Group (ACG) to help protect rights holders in the branded goods sector. As we move into 2014, both our Police Intellectual Property Crime Unit (PIPCU) and the National Fraud Intelligence Bureau (NFIB) will continue to work closely with the ACG as well as social media platforms to protect consumers and businesses from intellectual property theft.”

The Anti-Counterfeiting Group (ACG) is a not for profit trade association which represents rights holders in the branded goods sectors (see our website www.a-cg.org for more information). It is a unique forum for stakeholders in the anti-counterfeiting field to collaborate and support each other – from brand owners through specialist service providers to the law enforcement agencies which are responsible for enforcing the criminal provisions of the Trade Marks Act 1994.

For further information on this press release, please contact Chrissie Florczyk on 01494 449165.

Royal Mail Email Scam Alert

Posted by admin In Fraud 0 comment

It is believed that fraudsters are exploiting the increase in Royal Mail deliveries during the Christmas period to upload malware on to computers of unsuspecting victims.

A scam email is currently being sent to victims fraudulently claiming to be from Royal Mail. The email states that Royal Mail is holding an item for the customer. The subject header is ‘Mail – Lost/Missing Package’ and reads:

“Royal Mail have detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation or if the package requires formal entry). The RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released”.

The email then asks the recipient to open up an attachment to complete a document. It is believed that the attachment contains a zip file with a malicious virus.

Royal Mail is aware of the scam and is taking action to protect customers from these fraudsters. Royal Mail state that they will never:

Send an email asking for credit card numbers or other personal or confidential information
Ask customers to enter information on a page that isn’t part of the Royal Mail website
Include attachments unless the email was solicited by a customer e.g. the customer has contacted Royal mail with an enquiry or has signed up for updates from Royal Mail.

Royal Mail and the National Fraud Intelligence Bureau (NFIB) advise customers NOT to open the attachment if they receive this email and to report the scam email to Action Fraud by calling the 0300 123 2040 or via the web reporting template at www.actionfraud.police.uk

Advice regarding the scam can also be found on the Royal Mail website at: http://www.royalmail.com/personal/help-and-support/I-think-Ive-had-an-email-from-a-company-pretending-to-be-royal-mail

PIPCU Suspends 90 Websites Selling Counterfeit Goods

Posted by admin In Counterfeit Clothing and Merchandise 0 comment

The Police Intellectual Property Crime Unit (PIPCU) has worked with Europol and US authorities to help suspend hundreds of websites that were selling counterfeit merchandise online to unsuspecting consumers.

The 690 domain names disrupted worldwide are part of project ‘In Our Sites – Transatlantic 3’, coordinated by Europol for the participating EU Member States and the Homeland Security Investigations-led National Intellectual Property Rights Coordination Center (IPR Center) in Washington D.C. for the US.

PIPCU, representing the UK for Europol, suspended 90 websites, with Europol Member States, Belgium, Denmark, France, Hungary, Romania and Spain suspending a further 303. The US ICE IPR Center accounted 297 domain name seizures in the US.

Superintendent Bob Wishart, from PIPCU said: “PIPCU is proud to be a part of this cross-party worldwide operation, which is committed to combating online intellectual property crime.

“The 90 websites we have suspended sends a clear warning out to anyone else who thinks they can sell counterfeit goods on the internet with little fear of ever being stopped.”

During the weeks leading up to the end of the year, the market is flooded with counterfeit products being sold at stores, on street corners, and online, not only ripping the consumer off and providing shoddy products, but also putting their personal financial information at risk. The most popular counterfeit products seized each year include headphones, sports jerseys, personal care products, shoes, toys, luxury goods, cell phones and electronic accessories.

During the last few weeks Europol and the IPR Center received leads from trademark holders regarding the infringing websites. Those leads were disseminated to HSI offices in Denver, Dallas, El Paso, Houston and Salt Lake City as well as PIPCU at City of London Police, the Belgium Economic Inspection, Belgium Customs, Denmark Police, Hungarian Customs, French Gendarmerie, French Customs, Romanian Police, Spanish Guardia Civil and Hong Kong Customs and Excise Department.

The domain names seized are now in the custody of the governments involved in these operations. Visitors typing those domain names into their Web browsers will now find a banner that notifies them of the seizure and educates them about the federal crime of willful copyright infringement.

Project ‘In Our Sites’ is a sustained law enforcement initiative that began more than three years ago to protect consumers by targeting the sale of counterfeit merchandise on the Internet.

http://www.cityoflondon.police.uk/CityPolice/Media/News/domainsuspended.htm

The Twelve Online Frauds of Christmas

Posted by admin In Fraud 0 comment

The City of London Police wants everyone to enjoy the festive season and for it to be a happy time of year, which is why it has launched its “Not Everyone is as Nice as You” campaign.

See more at:

http://www.cityoflondon.police.uk/NR/rdonlyres/CF489B93-6643-481F-914D-032E4AFF349B/0/FINALSETOFPOSTERS1911.pdf

← Previous 1 … 43 44 45 … 50 Next →

Blog

Cookies