Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

September Home & Home Office Roundup

Created: 04 Oct 2006 07:00:00 GMT • Updated: 23 Jan 2014 18:56:19 GMT
Marc Fossi's picture
0 0 Votes
Login to vote

It’s that time of year when the kids goback to school and the leaves start changing colors. In some parts ofthe world (like where I live) the air starts to get cool and the sky isgray in anticipation of snow and freezing temperatures. The thought ofthis approaching cold front might be enough to send some people to seekout an alternate reality online.

One of these online alternate reality worlds, Second Life,reported a data breach in September. Apparently, one of their databasescontaining customer information was breached. The attackers managed toget users’ names and addresses, as well as encrypted credit cardnumbers. While the unencrypted data may not be too much to worry about,users should still make sure to change their passwords. Hopefully, thecredit card numbers were encrypted using a strong algorithm.

Maybe you’ve already been playing around in one of the variousonline worlds, but you feel that you need a faster Internet connectionto fully enjoy the experience. If you decided to take advantage ofAT&T’s online DSL store to upgrade your connection, you might haveseen some interesting email messages in September.

A server containing personal data belonging to customers of the AT&T online DSL store was also breachedin September. The attackers used this information to send elaboratephishing messages to the store’s customers. They used the individualcustomers’ names, addresses, legitimate invoice numbers, and the lastfour digits of their credit card numbers in the messages. Naturally,since they only had the last four digits of the credit card numbers,they needed to find a way to get the rest. What easier way than to sendpeople messages saying that there was a problem processing theirpayment to the online store? Naturally, the messages directed thecustomers to update their payment information by following a link to aspoofed site that was under the phishers’ control. While these messagesmight be more convincing than standard phishing messages, it just goesto show that you should always be suspicious of any unsolicited emailthat asks you to follow a link to enter any personal information.

So, please try to get outside and enjoy the fall weather with theturning leaves, football games, and the crisp, clean air. Justremember—you wouldn’t give up all your personal details and credit cardnumbers because someone came knocking on your door and asked for them,would you? Of course not. Well then, you shouldn’t be doing thatonline, either.