Would You Have Spotted the Fraud? — Krebs on Security

Card skimmers, in some respects, are rather impressive devices.  Designed to be invisible, they can be installed by criminals on ATMs, gas pumps, or essentially anything else with a card slot.  The principle is easy…your card gets scanned when you insert it into the machine and generally a camera will be located nearby to record your PIN when you type it in.  With this information, a criminal is able to simply reproduce your card for his or her own use.

As far as I know I’ve never actually seen one.  Just be safe and be observant…if a machine doesn’t look quite right then go somewhere else.

Source: Would You Have Spotted the Fraud? — Krebs on Security.

Sponsored search results lead to malware

A short story:

A few days ago I recommended a software product to a friend of mine.  I provided the web address to the product but later that day when he went to download it my friend couldn’t remember the exact URL.  Being a pretty smart guy, he went to a search engine and punched in what he thought I told him to search for.

The end result was the ended up downloading a $50 program that didn’t do any more than the free program I recommended.  He’s lucky though.  At least the program did what the site said it would do.

Just because a site hits high in the search results or shows up in the “sponsored links” doesn’t mean that it links to a quality product.  Placing a website in one of these key positions is related only to paying a few dollars to the search engine companies.

Be careful what you download and listen to that little voice when it tells you that “you may not want to click on that.”

Source: Sponsored search results lead to malware

An Explanation…

A keysigning party? What?

Well here’s a brief explanation. Encryption is a process, in basic terms, where data of some kind is scrambled beyond recognition to keep prying eyes from reading the information. Data can also be “signed” which doesn’t obscure the information but will provide indication in the event that the information is been tampered with.

For either of these processes, keys are required. Much like those you have in your pocket, encryption keys will allow or prevent access to information. In public key cryptography, each key is split into two parts. The secret part is kept by the owner and is not shared but the public part is shared with everyone else. This system allows a variety of functions.

Someone possessing your public key can encrypt files to you or verify your signature on a file you signed. With your secret key you can decrypt files encrypted with your public key or digitally sign files.

The last part of this process is “trust.” You must have some way of determining that a particular key belongs to a particular person. Just because it has their name and email address identified in the key does not mean that the key actually belongs to them. If your good and reputable friend brings you a key, and tells you it’s his key, you can most likely trust that it is his. What happens when you exchange information with someone you don’t know?

The trust model helps to sort through some of this. When you sign your friend’s key, you’re saying that you’re sure that the key you signed actually belongs to the friend identified on the key. If your friend knows that you will not sign a key without verifying the owner then he could identify your signature as trusted. This means that he would place a higher level of trust on any keys signed by you even if they are held by someone that he’s never met before.

As time goes on this process begins to form a “web of trust” where keys can be identified as trusted as a result of the verification signatures attached to the key. Keysigning parties basically allow an environment where people share identification to prove their identity and then digital signatures are exchanged to increase the trust placed on their keys.

This is a really quick and dirty description of a rather complex process and I’ve made some very general statements in regard to trust. Hopefully I have at least raised your interest and desire in wanting to find out more information about the process.