All posts by 007admin

Panda Security

The Craigslist scams

craigslist

Craigslist is a website hosting classified ads for jobs, houses, cars… To give you an idea, there are around 10 million new Craigslist ads every month.

As sometimes happens with these kinds of pages, Craigslist has become a hunting ground for fraudsters trying to scam the people who read these ads.

In fact, there’s even an “Avoid scams & fraud” section on the website offering advice on how to improve security in transactions. 

avoid craigslist scams

How to recognize scams on Craigslist

  • If the reply sent by the person you have contacted comes from another country, be wary.
  • They often ask for payment via platforms such as Western Union or Money Gram or a check or money order as surety on the transaction.
  • The other party can’t meet you in person to make the transaction.
  • There is a ‘third-party’ who will make the transaction.

Example of fraud on Craigslist

  • Companies offering work but who ask for an advance payment from the employee.
  • Rental of apartments that don’t exist.
  • Sale of cars that ask for payment in advance without you having seen the vehicle.

Tips for avoiding fraud on Craigslist

  • Read the ad carefully.
  • Don’t buy or rent anything without having physically seen it.
  • Take payment in cash. PayPal is also a secure way of receiving payment. Don’t accept checks or money orders.
  • Don’t give any type of personal or financial information.
  • Be wary of incredible bargains. If you find a low-priced apartment in an up-market area, it’s probably a scam.
  • Have a good look at photos. Many scams include photos of things that look too good for the asking price.

We know that criminals are becoming increasingly devious in disguising their scams, so, with your Internet security in mind, please take great care when buying online.

Have you ever fallen victim to a similar scam?

The post The Craigslist scams appeared first on MediaCenter Panda Security.

Security

FBI to Open Up Malware Investigator Portal to External Researchers

SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. […]

AVG

What if smart devices could be hacked with just a voice?

Smartphones and wearable devices have introduced a brave new world in the way that humans and computers interact. While on the PC we used the keyboard and mouse, touch-based devices and wearables have removed the need for peripherals and we can now interact with them using nothing more than our hands or even our voices.

This has prompted the arrival of the voice activated “personal assistant”. Activated by nothing more than our voices, these promise to help us with some basic tasks in a hands-free way. Both Apple and Google added voice recognition technologies to their smart devices. Siri and Google Now are indeed personal assistants for our modern life.

Both Siri and Google Now can record our voice, translate it into text and execute commands on our device – from calling to texting to sending emails and many more.

However, these voice recognition technologies – that are so necessary on smart devices – are perhaps not as secure as we give them credit for. After all, they are not configured to our individual voices. Anyone can ask your Google Now to make a call or send a text message and it will dutifully oblige – even if it’s not your voice asking.

What if your device is vulnerable to voice commands from someone else? What if it could call a premium number, send a text message abroad, or write an email from your account without your knowledge. Over–the-air-attacks on voice recognition technologies are real, and they are not limited just to smartphones. Voice activation technologies are also coming to smart connected devices at home, like your smart TV.

As I demonstrate in this short video, the smart devices in my home do respond to my voice, however they also respond to ANY voice command, even one synthesized by another device in my home.

 

 

The convenience of being able to control the temperature of your home, unlock the front door and make purchases online all via voice command is an exciting and very real prospect. However, we need to make progress with the authentication of the voice source. For example, will children be able to access inappropriate content if devices can’t tell if it is a child speaking or a parent?

Being able to issue commands to my television might not be the most dangerous thing in the world but new smart devices, connected to the Internet of Things are being introduced every day. It may not be an issue to change the station on my television, but being able to issue commands to connected home security systems, smart home assistance, vehicles and connected work spaces is not far away.

Utilizing voice activation technology in the Internet of Things without authenticating the source of the voice is like leaving your computer without a password – everyone can use it and send commands.

 

 

There is no question that voice activation technology is exciting, but it also needs to be secure. That means, making sure that the commands are provided from a trusted source. Otherwise, even playing a voice from a speaker or an outside source can lead to unauthorized actions by a device that is simply designed to help.

 

An Emerging Threat

While we haven’t discovered any samples of malware taking advantage of this exploit in the wild yet, it is certainly an area for concern that device manufacturers and operating system developers should take into account when building for the future. As is so often the case with technology, convenience can come at a risk to privacy or security and it seems that voice activation is no different.