Mr Straw, who as Home Secretary once launched a National Hi-Tech Crime Unit to crack down on computer hackers, has himself become the victim of Nigerian internet fraudsters.

The culprits had gained access to a Hotmail account that Mr Straw used to reply to questions from voters in his Blackburn constituency, by the simple expedient of sending a phishing email claiming that the email account would be suspended unless a reply was sent.

Perhaps unwisely, somebody in Mr Straw’s office fell for it and sent a reply last Thursday.

http://technology.timesonline.co.uk/tol/news/tech_and_web/article5800934.ece

For many people their mobile device is now becoming the centre of their universe.  Mobile e-mail, Facebook and twitter allowing them to keep their friends updated with their every movements.

One new aspect to our mobile addiction we expect to see emerging shortly is based around Near Field Communication. Near Field Communication or NFC, is short-range high frequency wireless communication technology, which enables the exchange of data between devices over about a 10-centimeter (around 4 inches) distance.

This proximity technology has many possible uses, payment being the obvious one. Wave your phone at the bar tender, type in a PIN and your drinks bill appears on your next mobile statement.  Once you’ve had your fill of beer you can head off home on the train using your phone to connect to the ticketing system. Airlines are also looking at this technology.

This is exciting stuff but what if someone steals or clones your phone? Some attacks have already been found in this technology. Like most security issues keeping yourself safe for the most part comes down to good old common sense. Not using 1234 as your PIN, making sure you have a password on the device! It’s amazing how many people don’t on their Blackberry or iPhone.  At Vigilante Bespoke we can erase your phone remotely if lost, removing the worry out of the situation.

This technology is just around the corner with trials already running worldwide. Make sure you don’t get caught out and apply some simple security measures to your mobile devices.

For more information on Near Field Communication the Wikipedia entry is useful http://en.wikipedia.org/wiki/Near_Field_Communication

The recent publicity about Kanye West’s e-mail account being hacked made me think about how one account can lead to so many more. A quick scan through anyone’s Gmail account is likely to show various welcome e-mails from other accounts such as twitter and facebook.

These accounts are linked to an e-mail account for alerts or password reset functions. Sometimes the welcome e-mails will show the full credentials that the user signed up with, sometimes just the username. Most websites will have a password reset functions that sends an e-mail to the users e-mail account so a hacker could quite easy perform this operation once the first account is hacked.

So you can see if someone has an account they generally use for signing up to other websites, one hack will definitely lead to more compromise.

What can you do? This is a tricky one. Until more websites ask for security information during reset functions and stop sending credentials in e-mails this will always be a problem. The real advice is to make sure you protect your e-mail as much as possible and use good quality passwords that can’t easily be guessed. Avoid any computer that isn’t your own, particularly Internet cafes and public computers which are likely to harbour key logging software. The use of third factor authenticaiton such as token is also highly recommended where available.

Kanye West says someone has taken control of his Twitter. Not to mention his Gmail and MySpace accounts.

The rap star says that someone is using all three services to spread false reports, including one that claimed he was open to launching a new career as a bisexual porn star.

“Now somebody has been hacking into my MySpace and somebody’s actually hacked into my personal Gmail account and has been emailing people from it,” West wrote in a posting on his blog. “Hey world, I no longer have a Gmail!”

http://www.theregister.co.uk/2009/01/26/kanye_west_hacked/

Being an ethical hacker for 10+ years usually raised a few eyebrows when answering the ‘what do you do for a living’ question. People have a genuine interest in what’s seen as a secretive and bizarre cyber world. During these conversations it seems most computer literate people are now fully aware of Anti-Virus and Firewalls and the need for security software but are completely unaware of some of the latest and most sophisticated nasties.

Local attacks as I’ll categorise these nasties are vulnerabilities within software packages such as Microsoft Office, Adobe PDF reader and Flash player. We first saw these being used to target specific individuals in powerful and influential positions but are now being used for widespread use.

Simply by opening a hackers Word or PDF document for example you could give them full access to your beloved laptop. This principle also stands if you browse a website with an exploit written into the code. I have some great examples of these nasties downloaded from the Internet or created with a hacking/exploit toolkit which is readily available on the web called Metasploit. Anti-virus software will generally not touch these files and often gets disabled when they execute their payload.

No single software package can protect against these issue now matter what the vendors would have you believe.

Just be aware next time you open document from an unknown source or browse an erhhh non-corporate Internet site you might leave yourself open for attack.