“The industry-accepted standard for confirming someone is who they say they are and that they control a domain is that ‘the CA takes reasonable measures to verify,’ which is very ambiguous at best and meaningless at worst,” wrote world-renowned security expert Kurt Seifried in an article on SSL security keys published in the May 2010 issue of Linux Magazine.
Two university researchers discovered at a recent security conference that security companies often deal with governments that can compel certificate authorities to produce SSL security keys for them, which Betanews reported last week. Those keys can then be used to sign certificates as any other Web site, enabling a law enforcement authority — hypothetically speaking, of course — to spoof virtually any other site.

World-renowned security expert Kurt Seifried, author of numerous books on Linux system administration, network security, and cryptography, contacted Betanews on Wednesday. In the May 2010 issue of Linux Magazine, Seifried reports on his own discovery, which goes one very critical step further: You don’t need to be a government, he found, to compel a certificate authority (CA) to issue an SSL certificate for a major Web mail service of your choice. You just need a valid credit card.

“Brief summary: One way to get certificates for domains you don’t own: 1) Find a free Web mail provider. 2) Register an account such as ssladmin. 3) Go to RapidSSL.com and buy a certificate. When given the choice of what email address to use, simply select ssladmin. 4) Go through certificate registration process (this takes about 20 minutes). 5) You will now have a secure Web certificate for that Web mail provider,” Seifried told Betanews Wednesday afternoon.

In need of a good reason not to click on links found in spam or phishing emails?

A currently ongoing Facebook phishing campaign is not only attempting to phish fresh Facebook accounting data, but is also serving client-side exploits through a copycat web malware exploitation kit known as the Phoenix Exploit Kit.

More details on the campaign:

Subject: photos of sex with my new girlfriend

Message: i remember you asked me for photos of sex with my new girlfriend. Take the url: upload.malware.tld/vb073fl/

Upon clicking on the link, the user is redirected to the phishing page auth.facebook.com.malware.tld/vb073fl/LoginFacebook.php where a tiny iFrame attempts to exploit the following — naturally outdated — client-side vulnerabilities part of the kit’s default setup:

(Fedex.com) Unauthorized use of FedEx® Business Names, Service Marks and Logos

FedEx has been alerted to the unauthorized use of its business names, service marks and logos by persons or companies fraudulently representing themselves as FedEx or as representatives of FedEx.

Millions of fraudulent e-mails are deployed daily. They claim to come from a wide variety of sources, and some claim to be from FedEx or representing FedEx. Fraudulent e-mail messages, often referred to as “phishing” or brand “spoofing,” are becoming increasingly common. These types of e-mails often use corporate logos, colors and legal disclaimers to make it appear as though they are real. They are sent in an attempt to trick people into sending money and providing personal information such as usernames, passwords and/or credit card details, and for the purpose of committing theft, identity theft and/or other crimes.

Recognizing Phishing Scam E-mails
Recognizing phishing scam e-mails is key to protecting yourself against such theft and other crimes. Indicators that an e-mail might be fraudulent include:

* Unexpected requests for money in return for delivery of a package or other item, personal and/or financial information, such as your Social Security number, bank account number, or other identification.
* Links to misspelled or slightly altered Web-site addresses. For example, variations on the correct Web-site address fedex.com, such as fedx.com or fed-ex.com.
* Alarming messages and requests for immediate action, such as “Your account will be suspended within 24 hours if you don’t respond” or claims that you’ve won the lottery or a prize.
* Spelling and grammatical errors and excessive use of exclamation points (!).

FedEx does not request, via unsolicited mail or e-mail, payment or personal information in return for goods in transit or in FedEx custody. If you have received a fraudulent e-mail that claims to be from FedEx, you can report it by forwarding it to abuse@fedex.com.

If you have any questions or concerns about services provided by FedEx, please review our services at FedEx Services or contact FedEx Customer Service.

The Internet is an important channel connecting FedEx to its customers. While there is no foolproof method to prevent the unauthorized use of the FedEx name, we continuously watch for such activity in order to help safeguard our customers’ interests.

Original Story

Check http://www.cytalk.com/cytalk_how_it_works.php for our video tutorials

Nigeria’s anti-corruption police is working with top computer software companies to halt thousands of fraudulent emails in a crackdown on internet crime in Africa’s most populous country, an agency spokesman said.