This page contains a Flash digital edition of a book.
@InfosecurityMag Slack Space


Supermodel Seduces Mac Users Well, this certainly seems like a good way to spread malware among male Mac users (probably not such a good way to catch the ladies, though).


Cybercriminals are using a topless photo of Russian supermodel Irina Shayk to spread the OSX/Imuler-B malware, counting on the fact that men will click through and be infected (that is, their machine will be infected) by malware, explained Graham Cluley at Sophos. If the seductive photo of Irina temps you to disregard all the things you’ve learned about information security, you will be rewarded with a trojan on your Mac (I thought trojans were good for stopping viruses?!). The trojan then does a quick change and turns into a genuine jpeg of Irina, deleting itself in the process. All you see on your machine is the image of the supermodel.


While you oogle the photo, the OX/


Imuler-B malware is opening a backdoor to your computer and uploading intimate details of your life – perhaps including your penchant for downloading nude photos – to a remote web server.


The key to this attack, according to Cluley, is that the Mac OS X by default does not display fi le extensions, so you would not be able to see that the fi le is an application rather than a jpeg. Cluley therefore recommends that Mac users enable the show fi lename extensions option. Perhaps another way, not mentioned by


Cluley, is to refrain from downloading nude pictures of supermodels, or anyone else for that matter. Or is that just wishful thinking?


Is That My X-ray on Facebook?


It seems that medical personnel are increasingly using Facebook and other social media to reveal medical information about patients. Among them are a nurse in California posting a patient’s picture and chart and making comments about her sexual


health; ER staff posting X-rays of a patient dying from knife wounds; or a physician treating a patient via Twitter. Apparently, the California nurse did not consider his actions a violation of the HIPAA privacy rule. He said it was “only Facebook” and that the picture and comments were funny, according to a report in Becker’s Hospital Review. He was of course wrong, on both counts.


In an earlier case, two nurses in Wisconsin


were fi red for posting cellphone photos of X-rays taken of a patient who had trouble dislodging an ‘adult’ toy. Because the photos were taken down before the authorities were notifi ed, they had no evidence of a HIPAA violation.


So next time you are trolling Facebook, keep your eye out. You might fi nd that X-ray of your tummy tuck might be the hottest thing on the internet.


remailing service employed by human rights activists to prevent their communications from being traced. The FBI’s server seizure, with warrant and all, was part of an effort to fi nd a person who emailed a bomb threat to the University of Pittsburgh. “The FBI is using a sledgehammer approach, shutting down service to hundreds of users due to the actions of one anonymous person”, charged Devin Theriot- Orr, a spokesman for the progressive group Riseup Networks, which uses the server. “This is particularly misguided because there is unlikely to be any information on the server regarding the source of the threatening emails.”


The Mixmaster service does not record logs of connections or details of who sent messages. “There is therefore no legitimate purpose for the FBI to seize this server because they will not be able to obtain any information about the sender. This is plainly extra-judicial punishment and an attack on free speech and anonymity on the internet and serves as a chilling effect on other providers of anonymous remailers”, he said. The FBI had no comment. What a pity.


Slacky “Likes” this


FBI Wants to be Your Sledgehammer


The FBI used a ‘sledgehammer’ in an investigation of a bomb threat suspect by ripping out an entire server, thereby disabling hundreds of email accounts, email lists, and websites. The server, operated by European Counter Network (ECN) and located in a New York facility, is used by ECN’s Mixmaster, a


Death, Taxes and Hell, Oh My! While our American counterparts are recovering from tax season, some people are sad it’s over – those who use fraud to collect bogus refunds for dead people. One example involves Micah Lashawn Alexander, a young woman in Florida who harvested social security numbers of dead people from a genealogy website. She used the numbers to fi le fraudulent tax returns to obtain preloaded debit cards with “refunds”, related a report by the Tampa Bay Times.


Apparently the IRS is too busy to prosecute fraudsters. The agency left the arrest and prosecution of Alexander up to local authorities, who promptly slapped her on the wrist with a fi ve-month jail sentence. As for Alexander, she is out of jail and undeterred. Regarding her initial discovery, it appears an ex-boyfriend tipped off the police about her scam. Hell hath no fury…


www.infosecurity-magazine.com /// 47


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52