UPS Stores and Banks Were Hacked
UPS Stores were hacked
UPS stores were hacked in a data breach recently, with stores in 24 states subject to the data breach between March 26 and August 11. “No fraud has yet been discovered, UPS said, but customer names, postal addresses, email addresses and payment card information were compromised. ”
Banks hit by Hackers
Several large banks, including JP Morgan Chase & Co., which lead to theft of data associated with accounts. The theft involved significant amounts of data which could potentially lead to serious financial fraud.
IMAP vs POP Mail
IMAP vs POP Mail: Your Choices for Accessing Emails
If you use computer-based email clients like Microsoft Outlook, or you have a web host that gives you email addresses, you may have heard these terms. Their use is pretty straightforward – you plug in the right info, and emails come to your email client for you to read. But just what IS IMAP and POP, and what is the difference? Which one should you choose? Read on for more info!
POP Mail
POP stands for “Post Office Protocol” and this works by downloading your emails, images, and attachments to your computer and Outlook. Once an email message is downloaded, it’s there on your computer, although you can have the server store copies online as well if you wish to access your mail from a webmail client, or another computer. The result here is that the messages will stay on the server and re-download to the new client.
IMAP Mail
IMAP means “Internet Message Access Protocol.” Where POP downloads the emails to your computer, IMAP effectively allows the client to view emails while they are on the server. This means that what you view from your client will be the same from different computers. If you move email messages or delete things, you are deleting them from the server itself. If you leave emails alone, there they stay.
Which Is Better?
The decision to use POP or IMAP depends heavily on your intended use for email. Do you plan on accessing your email from just one computer? Or you may have to access your email at times that you don’t have internet access? POP is the best choice here, since everything just downloads straight to Outlook, or your client of choice.
On the other hand, if you access your email from your phone, your tablet, your laptop, and your office computer, IMAP is almost certainly the way you’re going to want to go. Managing email on multiple devices can be overwhelming – you do not want to view and delete multiple copies of sent and received email. However, if you need to access things away from the internet you may not have access to all prior messages, images, and attachments if you’re using IMAP settings.
Where Does Web Mail Come In?
Web mail – be it your own host, or Gmail, Yahoo, or any other web mail client – is email that you access from an internet browser. You open Internet Explorer or your web browser of choice, go to the webpage, log in your credentials, and view your emails from there.
This email is essentially sitting on the server until you do something to it and is accessible only if you are on the internet. Additionally, many of these services give you optional POP or IMAP access. Plug the appropriate info (which the client’s website will generally provide) into your computer or phone’s email client, and you can use these web mail clients there as well.
Remember that in the case of POP mail, unless you make a point to leave things on the server, everything will empty from your web email’s mailbox onto your computer. In the case of IMAP? Whatever you do in your web mail will be reflected in Outlook or Windows Live Mail, and vice-versa.
More than a Billion Passwords Stolen by Russian Gang
Ready to change your passwords again?
If you didn’t bother changing your password when you heard about “Heartbleed” leaking out passwords, you might want to consider changing your online passwords today. In the largest known collection of stolen internet credentials, a Russian tech gang has reportedly acquired an estimated 1.2 billion username and password combinations, along with over 500 email addresses.
A security firm based out of Milwaukee, Wisconsin conducted an 18 month study of the security breach. It has not announced specific sites that were hit, citing non-disclosure agreements and concerns for websites that still may still be vulnerable. An independent security expert confirmed the claims as authentic.
The hackers used unsuspecting zombie computers with viruses to allow a single operator to control a large group of virus infected computers to test for SQL vulnerabilities on servers.
When vulnerability was discovered on a website or server, hackers then executed SQL injections to send malicious commands to the website. In this way they were able to collect databases full of user names and passwords. Small and large websites have been affected worldwide by this hack.
So far, the stolen data has only been sold in small quantities on the black market, and used to access social media to send out spam messages. Hold Security had originally offered to check security breaches for a fee of $120 but seem to be revising their efforts after some criticism.
So what’s a person to do when it seems like keeping data secret is a losing battle?
- Change your passwords, and make sure they are strong, secure passwords with capital letters, lower case letters, numbers, and special characters.
- Businesses should run a check with the webmaster to see if their websites are vulnerable to SQL attack.
- Don’t use the same username/password combination for all the sites you access, particularly important ones like banking.
- Don’t panic, and have a plan in place in case you are a victim of data theft.
For more information on keeping your data secure, visit our blog posts on Heartbleed, and Preventing your Email from Getting Hacked. Or you can contact us here at Appletree MediaWorks for more information.
Internet and Security Updates
Heartbleed Followup
Lest you think the Heartbleed concerns were merely a false alarm: 4.5 Million Patient records were stolen by hackers, presumably due to the exploit.
The hackers took advantage by finding a device that had not been patched, exploiting the bug in order to steal user credentials. They used this data later to login into the network of Community Health Systems and captured patient names, phone numbers and social security numbers.
If you are concerned that your information might be among what was stolen, our recommendation is to invest in an identity monitoring type program or to lock down your credit report so that credit cannot be opened in your name.
As we’ve said before… Update your passwords often. Keep them unique – do not use the same passwords for every online account you own. Make them challenging – include numbers, letters, different cases, and symbols if allowed. Use password management software to keep track of all this. And it is always a good idea to keep an eye on your credit report.
More Data Theft from Stores
Unrelated to Heartbleed, SuperValu, the Minnesota parent company of Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save, and Shoppers Food and Pharmacy, Albertsons, Jewel-Osco, announced that 180 stores in North Carolina, Maryland, Virginia, Illinois, Missouri, North Dakota, and Minnesota were affected. The stores are reporting they quickly fixed the security breach and it’s safe to use credit cards in their stores again.
There’s no sign yet of the data being sold on the black markets. Credit card data is said to be selling at $20-100 per card, often purchased in bulk as one-time use.
It’s always a good idea to keep track of credit card statements; credit cards carry theft protection, and if theft is detected they should be contacted quickly as possible. It’s also wise to prepare for data and identity theft in advance, with the assumption that it will eventually happen. Make a plan of action: Contact credit-reporting agencies, get a copy of your credit report, and in the case of identity theft, file an identity theft report.
