7/6/2010

FOR IMMEDIATE RELEASE

Subject :
San Ramon Valley Fire Protection District Releases First-of-its-kind Public iPhone Application

SAN RAMON, CA – Today the San Ramon Valley Fire Protection District (CA) is proud to announce the arrival of its much anticipated iPhone application in the Apple App Store. The FireDepartment.org iPhone application is the first of its kind and defines a new category of iPhone functionality. By providing a virtual window into the District’s 9-1-1 dispatch center, iPhone users now have real-time access to emergency activity occurring in the community. The application also provides the District with a powerful new avenue to communicate with its mobile population during a disaster. Don’t live in the San Ramon Valley? You’ll still find listening to the live actions of our dispatchers, firefighters and paramedics informative and interesting.

Application users are able to view active incidents – including the current response status of dispatched units (enroute, onscene, etc.) and instantly pinpoint incident locations on an interactive map. Think that fire engine or ambulance that just passed might be heading to your house? Is there an accident up ahead causing this traffic tie-up? Just tap the application to quickly retrieve real-time information. A log of recent incidents and a photo gallery of significant events can also be easily accessed.

The FireDepartment.org application also allows residents and other interested parties to choose to be notified of incidents by category as they are dispatched. Users can even listen in on live emergency radio traffic via the modern version of the traditional fire scanner – their iPhone, iPad or iPod touch device. The District also uses the application to communicate with its more than 700 Community Emergency Response Team (CERT) members and to share information during disasters with all its citizens.

“Using the iPhone and iPad for field-based command and control operations holds great promise for emergency service providers,” said Richard Price, Fire Chief for the San Ramon Valley Fire Protection District. “This consumer version of our development effort demonstrates the game-changing nature of these revolutionary handheld devices.”

Pricing & Availability

The application is currently available to anyone free of charge. Visit www.firedepartment.org/iphone for additional information including a demonstration video. To try the application for yourself, simply search “fire department” at the Apple App Store or visit the link below to install the application on a compatible device.

http://itunes.apple.com/us/app/fire-department/id376052787?mt=8

The iPhone application was designed by District personnel after successfully implementing similar capabilities on the District’s Webby-nominated website, FireDepartment.org. The District partnered with students at the College of Informatics at Northern Kentucky University (NKU) for iPhone engineering and programming services. By working with the District, students received valuable intern experience in addressing real world business needs.
The San Ramon Valley Fire Protection District provides all-risk fire, rescue and emergency medical services to the communities of Alamo, Blackhawk, the Town of Danville, Diablo, the City of San Ramon, the southern area of Morgan Territory and the Tassajara Valley, in Northern California (Contra Costa County). The District’s service area encompasses approximately 155 square miles and serves a population of 167,500.
Apple, iPhone, iPad and iPod touch are trademarks of Apple.

Additional Press Contact

Lucas Hirst, Project Management/Design
San Ramon Valley Fire Protection District
lhirst@srvfire.ca.gov
(925) 838-6600

As you can see by the photo the CHP (California Highway Patrol) has made the transition to LED lightbars that are low profile and highly visible. Watch for them on the highways in California and in most states as the new warning technology is released.

PS: Do not take photos while driving it’s dangerous…

See the Internet Storm Center for Internet Updates

I just happened upon a CBS News video that gave me pause for thought.  This once posted back in April however

I missed it until now.

http://www.cbsnews.com/video/watch/?id=6412572n

The video talks about the fact that "modern" digital copy machines, those sold after 2002, contain a hard drive.  These hard drives store the images copied.  These machines are traded in for new models and then refurbed and resold. However, the hard drives more than likely are not getting scrubbed to remove the content. One of the copy machines in the video not only contained content on the hard drive but also still had documents left on the copy bed.

This brings up some interesting discussions.  What is on your copymachine hard drive?  When it is sent in for repair what information may be gleaned from a quick glance at the drive?  Is your copy machine another potential target to aid in identity theft?
Food for thought.  Should there be processes and procedures in place for the disposal of these devices? Do you know what other devices in your organization contain a hard drive or other storage device?  Is there a process for cleaning before disposal? What does your company do if anything to ensure that no confidential data is leaked by disposal of old equipment?

Deb Hale Long Lines, LLC

http://dougmccune.com/blog/2010/06/05/if-san-francisco-crime-was-elevation/

http://www.sfgate.com/cgi-bin/blogs/techchron/detail?blogid=19&entry_id=65711

dougmccune.com

Click here for the full article

Posted: Sunday, March 21 2010 at 06:00 pm CT by Bob Sullivan

Most people think they’ll never fall for a scam. In fact, that frame of mind is precisely what con artists look for. Those who believe that they know better are often the last to raise their defenses when criminals are nearby. Yes, Virginia, people lose money online. A lot of it. They wire cash to London, they can’t help investigating the one-in-a-million chance they really are related to a dead prince from Africa, and they sometimes even travel to Nigeria to find out. Just in case.

Many of the scams you read about are sensational, such as the silly "hit man" scam created by real amateurs (recipients get an e-mail that says send me all your money or I’ll kill you). And you’ve also seen lists that offer oddly skewed results, such as the recent FBI announcement that scammers pretending to be FBI agents are now the most prevalent Internet crime. You’d figure those numbers are a bit exaggerated because victims of FBI scams are a bit more likely to report those scams to the agency.

Fantastic stories like these only serve to convince many consumers to let their guard down even more, helping to increase the pool of marks for the professional scammers.

I know, because I hear from victims all the time. My inbox is littered with people whose notes say,"I know I should have known better, but …." And with that, they beg me for help restoring their ravaged bank accounts. In fact, every single victim I’ve ever interviewed says they had an inkling that something was wrong from the outset, but they ignored that feeling. That’s why the single most important factor in avoiding fraud is this: Learn to trust the feeling in the pit of your stomach.

Usually, I can’t help restore those bank accounts. But I can help you, if your turn hasn’t come up yet. And even if you are convinced you’d never fall for any online con, someone in your circle of friends or family is vulnerable. Please forward this story to him or her.

Because I hear from so many victims all year long, I know what people really fall for. Here are the top 5 ways cyberthieves separate people from their money, based on my 12 years of writing about Net cons.

1.) Online dating scams

Anyone out there never done anything dumb for love? If you are raising your hand, congratulations. You may now relinquish your credentials as a human being. The rest of you should read on.

Love-based cons are the easiest to perpetrate. Why? Because love always involves a leap of faith — trusting something you can’t see or touch. Just like Internet scams. For years, criminals have made haunts out of dating services and lonely-hearts chat rooms. Broken-hearted folks are rarely in their right minds, so they make easy targets.

I once knew the FBI agent in charge of investigating cyber-love scams. He put it this way: Men could learn a lot from con artist lovers. They send flowers and candy constantly while wooing a mark (purchased with stolen credit cards, of course). Gifts really do put women in an agreeable state of mind, he assured me.

Some cons spend months grooming their marks, waiting until after several "I love yous" before asking for $800 to be wired to the passport office in London to help clear up a paperwork mess so he can come to America for a visit.

Yes, it all sounds ridiculous. It’s not. It’s so profitable that criminals actually pay monthly fees on some dating services. Generally, the more you pay for a service the fewer criminals you’ll see, and free Craigslist personal ads tend to be a cesspool. But I’ve heard from victims who never joined a dating service but were still conned into fake love from perfectly innocent-sounding places like Facebook groups or chat rooms devoted to hobbies like stitching or horses. It all starts with a simple e-mail, perhaps enhanced by a little Facebook research (“Hey, you love the New York Islanders and the Beatles, too! Wow”)

Since I’ve written about this scam many times, I’ve even heard from concerned family members who beg me to talk the deluded lover down off the cliff when he or she is about to send a bunch of money to a scammer. Usually, I fail. Love is blind; it’s also really, really stubborn.

In the latest flavor of the scam, when a deluded lover actually wises up and confronts the criminal, he or she admits to the crime but then adds this twist: "Yes, at first it was just a con, but while we were talking I’ve really fallen in love with you."

For a whole lot more on this insidious, more-common-than-you’d-believe crime, visit romancescams.org. The group, founded by former victims, has been fighting back for nearly 10 years. They post blacklisted photos there, e-mail addresses and typical opening lines from scammers , and lots of additional helpful scam-fighting tools. If you fall in love and have any doubts, visit the site.

2.) Fake or "rogue" anti-virus software

We’ve all seen the pop-ups: "Your computer is infected! Get help now!"

If you’ve ever clicked through such an ad (really, a hijacking), you know that the price for freedom is $20 or $30 a month. At first, the ads were clunky and the threats idle. But now, many pop-ups are perfect replicas of windows you would see from Windows or an antivirus product. Some sites actually employ so-called ransomware, which disables your PC until you pay up or disinfect it with a strong antivirus product. That’s why consumers forked over hundreds of millions of dollars to fake antivirus distributors in 2009, according to the Federal Trade Commission.

Your best bet? Make a plan now. This is the one scam that just about anyone can fall for. The best protection of all is to back up your important files, so the day your computer is hacked, your digital life won’t be on the line. It’s also important to have a fire extinguisher nearby. A second PC or laptop is often your best help when disaster strikes. Many viruses disable Internet access, so you’ll need a second computer to research your infection and download disinfectant software. Have a flash drive nearby, too, so you can move the inoculation from one computer to the other.

Meanwhile, if you aren’t paying for antivirus software, at least employ one of the popular free products like AVG or Windows Defender

3.) Facebook impersonation

Facebook is no longer a Web site — it’s a full-fledged platform, rapidly approaching the scale of the Internet itself. Many young users spend more time on Facebook than on e-mail, and actually use Facebook as their e-mail service. That means scammers are now crawling all over the service, since they always go where the people go. There are hundreds of Facebook scams, such as phishing e-mails, Trojan horse infections, misleading advertisements and so on.

But the crime you should most worry about is Facebook impersonation. A criminal who hacks into your Facebook account can learn a staggering amount of information about you. Worse yet, he or she can gain trusted access to friends and family. We’ve seen plenty of stories that showFacebook friends can easily be tricked into sending money in response to believable pleas for help.

For this reason, it’s time to upgrade your Facebook password. Treat it like an online banking site, because it’s not a stretch to say that a criminal who hacks your Facebook account is only one small step away from stealing your money (“Hello, First National Bank, I’ve lost my password. But my high school mascot is the Owl and my mother’s maiden name is Smith. Oh, and my first girlfriend’s name was Mary. Can you reset the password now?”)

4.) Becoming a bot

You may not know it, but your computer might be a criminal. Botnets — armies of hijacked home computers that send out spam or commit other crimes — remain the biggest headache for security professionals. The various botnets ebb and flow in size, but at any given time, tens of millions of computers on the Web are under the influence of a criminal. No one thinks it’s their PC, of course, but look at the odds. If one estimate claiming 100 million infections is accurate, then about one out of every 20 computers in the world is infected. In other words, someone in your extended family is aiding and abetting a spammer.

How can this be? Victims typically don’t notice the criminal activity. Cyberthieves can easily use your machine without leaving a trace or slowing down your PC performance. They do not deposit e-mails in your sent items folder. Instead of sending 1 million e-mails from your machine, they send one e-mail every hour from 1 million infected machines.

Any honest antivirus company will tell you that there is so much new malicious software created every day that the good guys simply can’t keep up. The Web is jammed full of e-mails and Web sites that can turn your home computer into a bot. Your PC could very easily be safe today but at risk tomorrow. That’s why it’s so important to keep your computer’s security tools up to date. But you shouldn’t assume that this will keep you 100 percent safe. Avoid the Web’s seedier side, and don’t let the kids download illegal music or games, a main source of infections. And always keep on the lookout for strange programs, files or surprising hiccups from your machine.

5) The fakosphere

The Web is now littered with fake blogs, fake ads, fake acai berry products, fake work-at-home jobs and fake Web sites saying how great all these things are. You’ll even see ads for such products on all major media Web sites, as they’ve become the Web’s answer to late-night infomercials.

The FTC recently issued an opinion clarifying that fake testimonials on Web sites are a violation of federal law, and some of the over-the-top ads have disappeared. But the fakosphere is far from dead.

I know it’s tempting to obey one rule that will make your tummy flat, make your bank account fat or make your cancer disappear. But you can’t believe everything you read online. Never purchase a product without searching Google using this search term: "(Product name) scam" and "(Product Name) complaint." Then, spend three minutes familiarizing yourself with the reputation of the item you are about to buy and the price you are about to pay. One or two complaints might say one thing, but 500 complaints should certainly scream at you that you should put that credit card back in your wallet.

Here are a few other top scam lists worth checking:

* Top 12 scams at BillShrink
* The Times (UK) top scam list
* FBI top scams list

http://www.usatoday.com/tech/columnist/kimkomando/2010-01-28-online-crooks_N.htm?csp=usat.me

Criminals are getting smarter and smarter. So, these days, it isn’t enough to just run security software on your computer. You need to keep up with the criminals’ latest tricks. Here are six threats to your security and tips for protecting yourself.

Flash drives

Flash or thumb drives provide an easy way to infect machines with malware. It’s no surprise that criminals are using them, particularly to target companies.

TECH TIPS: Ask Kim

Criminals use a flash drive with a company’s logo. They load it with malware and drop it in the company’s parking lot. An unsuspecting employee picks up the drive and connects it to his or her computer. What happens next is the scary part. Criminals gain access to the company’s network — and trade secrets.

Never use a flash drive that you find. If you find one at your company, alert the IT department. It can find the rightful owner or destroy the drive.

Facebook ‘friends’

Everyone seems to be on Facebook. It can be exciting to find new Facebook contacts. But pay close attention to who you grant access to your profile.

If you use your account for business, it can be a gold mine for competitors. You may unknowingly post information about projects that would benefit competitors. Even your contact list says a lot. It can give hints about an upcoming merger or partnership. It can also give criminals inroads at other companies.

That’s not the only danger. Information you post can be used for targeted phishing attacks. A criminal can post a link to a malicious site. It could be a phishing site or a site that installs malware.

Limit what others see and be careful about your posts. You may also prevent others from posting to your wall. Above all, be vigilant.

Clickjacking

Clicking on malicious links is known as clickjacking. It can happen anywhere online. Most notably, it threatens Facebook and Twitter users. A victim is lured to a malicious page. The victim’s profile page is opened behind the malicious page. The victim has no idea any of this is happening.

In the case of Facebook, clicking on the malicious page causes the victim to sign in to Facebook. The victim could then perform actions that compromise the Facebook account. Or, victims might be tricked into turning on webcams and microphones. They might even delete their Facebook accounts.

There is no certain way to protect against clickjacking. Your best bet is to watch for suspicious links or sites. Be alert.

Smart phone apps

Smart phone apps are hot. Criminals are looking to them to get your information. Apple checks apps before offering them to users. But other app stores may be less thorough.

For example, one developer recently offered banking apps for Android phones. The developer had no ties to the banks. The apps may have been password-stealing tools.

Although it’s less likely, apps could also infect a phone with malware. Even seemingly legitimate apps pose risks. They may collect location information or access information stored on the phone.

Watch out for unknown developers when installing apps. Read the developer’s privacy statement to understand what is collected and how it’s used. And understand the app store’s approval process. Read reviews.

If it is a third-party app, contact the service to which it connects. Make sure the developer is an approved partner. If in doubt, skip the app.

E-mail messages

E-mail has long been a popular method of attack. And e-mail attacks are improving. Obviously, beware of attachments. If you’re not expecting an attachment, call the sender. Verify that it is legitimate.

Watch out for links in e-mail messages as well. These can take you to attack sites. Links to videos are particularly popular. You may be prompted to download something to display the video. You can bet it’s a Trojan.

Remember that e-cards can lead you to malicious sites. So can e-mail messages telling you to check out pictures of yourself. These malicious sites often use drive-by downloads, targeting holes in Windows. Keeping Windows updated will generally protect you from malicious downloads.

Criminals are also targeting their attacks. Malicious messages may be personalized with information about you.

Remember that it is surprisingly easy to find someone’s e-mail address. Business addresses may be gleaned from company websites or directories. Marketing companies sell targeted lists. And, you can find personal e-mail addresses via Intelius.

A spam filter should stop most of these messages. But never underestimate the importance of vigilance.

Porn dialers

Porn dialers are making a comeback on cellphones. The dialers are Trojans posing as videos, software or utilities.

They affect phones that run Java. Many are found on porn sites. Once installed, they send premium text messages or call premium numbers without your knowledge. You’re hit with a whopping bill. The criminals behind the Trojans share in the proceeds.

Be careful about downloading software. Don’t download anything from unknown or untrusted sources. You could also receive links to premium numbers via text message. Be careful when texting or calling numbers sent to your phone.

Now that you are aware of the dangers, one thing should be clear. When it’s all said and done, the responsibility of not falling for these scams is on your shoulders. Keep your guard up.

Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at gnstech@gannett.com.

Original Article: http://news.bbc.co.uk/2/hi/technology/8459898.stm

Many diallers lurk on sites hawking pornography

As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks.

Security companies have noticed a rise in trojans known as diallers that used to be popular during the days of dial-up net access.

On a smartphone the diallers are being used to call premium rate lines leaving victims with a big bill.

Experts say the diallers are proving popular as a quick way for criminals to cash in.

Diallers were widely used during the days of dial-up net access when most people connected via modem.

Many diallers lurked on porn sites and, once they snared a victim, disconnected their modem and then placed a long distance call. Many victims were left with huge phone bills.

The economics of international calls meant that some of the cash spent on the call would be shared with the criminals. Some diallers were very sneaky in that they muted the speaker on a modem so victims could not spot when the overseas call was being placed.

Now, the security wing of software firm CA has said it is seeing a rise in diallers for smartphones. This time, instead of calling international numbers, the diallers call premium rate lines and land victims with the bill.

Writing on the CA security blog, Akhil Menon said it was seeing a “an increasing trend of trojan diallers”. Mr Menon profiled one such virus, called Swapi.B, which sends premium SMS messages.

“The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent,” wrote Mr Menon.

Many diallers, including Swapi.B, are contracted from porn sites which disguise themselves as software, video clips or helper programs.

Mikko Hypponen, head of research at F-Secure which makes security software for mobiles, said it had seen a “handful” of diallers in recent months.

They were popular, he said, because they get round one of the big problems facing anyone wanting to make money out of Windows viruses.

“PC malware can’t just directly steal money from your machine; it has to jump through hoops like keylogging your credit card number or sending spam,” he said.

“However, mobile malware can just instantly steal from you by making premium-rate calls or messages,” said Mr Hypponen.

Some creators of diallers were also working to ensure that it was hard to shut down the premium rate service they had set up to cash in.

Mr Hypponen said some diallers sent messages or rang many different numbers, including legitimate ones.

“The trojan can place calls to, say, 100 different premium-rate numbers, only one of which is his own number,” said Mr Hypponen.

“How would you fight this? Shut down all the numbers, including the innocent ones?”

“Plenty of government agencies are dipping their toes into the Twitter waters these days, but when we found the Denton Police Department’s Twitter page this afternoon, we knew we’d found something truly special.”

To See the rest of the story here – Click Here

http://www.eeye.com/html/conficker/index.html

Conficker Worm Overview

Introduction

The Conficker worm is a very formidable threat to modern-day networks. The worm uses multiple methods to infect remote systems, and utilizes a very advanced P2P architecture in order to communicate with other infected systems. Furthermore, it has shown signs of an advanced update mechanism that would allow infected systems to rapidly received updates in order to evade detection or to be used in some malicious manner.

Below is a visualization of the propagation and communication mechanisms currently seen within Conficker infections.

As depicted above, Conficker is a very powerful threat utilizing a blend of exploits and functionality issues within the Microsoft Windows Operating System, while also utilizing human propagation means via thumb-drive sharing. The worm has been identified on millions of workstations, servers, and laptops throughout the world.

Suggested Actions

Administrators are strongly urged to utilize the Free Conficker / MS08-067 Detection Utility available for download here:

http://www.eeye.com/html/downloads/other/ConfickerScanner.html

This utility allows network administrators to rapidly assess their networks in order to find hosts that are infected by Conficker, or are missing the most critical patch necessary to blocking Conficker network propagation attacks.

Free Protection Utility

Users are also urged to use a powerful host-based protection suite with anti-virus, such as eEye’s Blink Personal or Professional. In addition to the detection of the Conficker worm, eEye Digital Security’s Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink’s multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host. Free trials are available for Blink Professional here, and a free version of Blink is available for personal use here.

Maintain Microsoft Updates

Users and administrators are strongly urged to maintain all of the latest patches from Microsoft and all other software vendors with applications on endpoint systems. This can be easily maintained by using eEye’s Retina Network Security Scanner to identify all vulnerabilities on a network. Windows users can also enjoy the benefits of this vulnerability assessment by using eEye Digital Security’s Blink Endpoint Protection Platform to perform a vulnerability assessment of the host system on which it is installed.

References The HoneyNet Project:
http://www.honeynet.org/papers/conficker/
Felix Leder and Tillmann Werner Analysis:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker
Microsoft Advisory – 967940
http://www.microsoft.com/technet/security/advisory/967940.mspx
Microsoft Malware Protection Center:
http://tinyurl.com/absz6f
Microsoft Security Bulletin MS08-067:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
SANS – Internet Storm Center:
http://isc.sans.org/diary.html?storyid=5860
Shadowserver Foundation:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212

To start a bit about my background and why you might want to think about this advice as well rounded and tested before just believing that I know what I am talking about.

I have been heavily involved in IT for my company for many years now to include network administration and IT infrastructure on top of normal day to day duties. The funny part of all this is I had to learn how to be a tech guy pretty much overnight when we decided it was time to connect all of our employees.

So how do you become a tech IT wizard overnight, well you don’t and on top of that you cannot even expect to be able to grasp all the information you will need. Here is how I did it, I simply concentrated on what I knew how to do, supplemented that with items I knew I could learn quickly and then joined forces with an expert for the items I had no idea how to do. It makes much better business sense to sub out for services you might never really need to do again. Another incredible resource for internet security knowledge is: Security Now! located at www.GRC.com

you will find a ton of very in depth information there that will help you to better understand what is going on in the world of internet security. I can listen to one podcast a week and stay up to date on all security issues in the hour I drive into work. Like everything these days it all comes down to time and making the best use of it, and I ma sure all small business owners reading this can relate.

So in the end I have seen just about all the user issues I can stand and I have worked on everything from my own machines to company machines to servers. With all this I have made allot of mistakes and thus learned allot of lessons, so hopefully this multi-part series will help you to better understand what needs to be done to try to prevent both identity theft on the net and also how to deal with some of the hardware and software problems we are exposed to daily.

The Series will somewhat follow the below topics but might not be presented in the order below:

• Identity Theft
• Preventing Identity Theft
• Email – Spam and Nightmares!
• Viruses and Spyware! – What should I do?
• How do I stay secure on the internet?
• What is a good backup solution?

As I write the above articles I am sure I will be revising and adding to this short list of topics, but if you have specifics you want to hear more about please let me know by commenting or via email…

Honda’s new GPS warns drivers when they’re about to leave their car in places where it is likely to be stolen, broken into or otherwise vandalized. The new technology, available from today if you live in Japan, links to local police stations and provides crime ratings by location, and if area is particularly dangerous it issues an alert. No indication of when or if this’ll come to the US. Originally posted at: InventorSpot

Well as you can imagine this system brings to the surface a huge potential for argument of what and where “High Crime” neighborhoods are and what constitutes a “high Crime” neighborhood but as technology moves forward it seems we will be seeing much more integration with this type of technology to add to our arsenal of items to help keep us safer in today’s world.