With access to *any* computer that has synced with an iPhone, or a little time to recover the plain-text password, the entire phone’s contents can be read in as little as 20 minutes, according to Elcomsoft, a well-known supplier of password decryption software tools.

From their crackpassword.com blog:

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Devices supported:

1) iPhone 3G
2) iPhone 3GS
3) iPhone 4 (GSM and CDMA models)
4) iPod Touch (1st, 2th, 3rd and 4th generations)
5) iPad (1st generation only)

Note, this product is not available to the public

“ElcomSoft restricts the availability of the toolkit to select government entities such as law enforcement and forensic organizations and intelligence agencies.”

My comment: Acquire means reading and copying *everything* off the phone, including email passwords and website passwords. Physical access to the phone is required, this cannot be done remotely.

In a hypothetical intelligence/surveillance scenario a phone could be removed from a bag or pocket, taken to a back-room, acquired and returned within an hour, whilst the owner is kept occupied with drinks, food, chat, “eye-candy” or a direct physical diversion!

Has your email address or password been exposed in one of the many recent and ongoing website hacks?

Check it quickly and easily at ShouldIChangeMyPassword.com

ShouldIChangeMyPassword.com has been created to help the average person check if their password(s) may have been compromised and need to be changed.

This site uses a number of databases that have been released by hackers to the public. No passwords are stored in the ShouldIChangeMyPassword.com database.

My comment: This website is legitimate and safe. It’s purpose is to help the public. It is not a tool for collecting email addresses. You only enter your email address on the site. They look it up on a list of hundreds of thousands of compromised accounts. You do not enter your password.

If your account does show up you should change your password EVERYWHERE it has been used on the internet.

Cyber crooks out for LinkedIn members’ bank accounts

“crooks have inundated LinkedIn with emails crafted to trick members of the career-oriented social networking service into downloading software that loots bank accounts.”

Read the rest of story from the Associated Press.

Comments by Nick Braak:

The emails attempt to get you to login to LinkedIn to view or accept the invitation. In fact the links in the emails lead to websites that attempt to infect your computer with the Zeus banking Trojan, one of the most devious and serious security threats in circulation. The Zeus trojan attempts to capture logins and passwords to banking websites, ebay, paypal etc. and pass your credentials on to cybercriminals.

Legitimate LinkedIn invites are duplicated in the LinkedIn inbox. If in doubt go to the LinkedIn website directly, login there and if the emailed invite is not also in the inbox it is not genuine and should be deleted without opening.

Note: Only Windows computers are at risk for the Zeus Trojan.

Related articles

• Zeus Trojan secretly transferred $1 million from UK bank accounts (news.cnet.com)

Fake or rogue online pharmacies are big business online. Many are linked to cybercrime and cybercriminals and operate with little regard for the health of their customers and without accountability.

Many of these operations mention “Canada” or “Canadian” in the url or on the website, even when they are located in Europe or Asia. This subterfuge is an attempt to appear legitimate for the US market, where it is well known that medications are generally less expensive in Canada.

We were very pleased to see an official blog post from Google, reporting that Google are taking action by filing sweeping lawsuits with a promise of more to come.

Like many online services, we have struggled with this problem for years. It’s been an ongoing, escalating cat-and-mouse game—as we and others build new safeguards and guidelines, rogue online pharmacies always try new tactics to get around those protections and illegally sell drugs on the web. In recent years, we have noticed a marked increase in the number of rogue pharmacies, as well an increasing sophistication in their methods. This has meant that despite our best efforts—from extensive verification procedures, to automated keyword blocking, to changing our ads policies—a small percentage of pharma ads from these rogue companies is still appearing on Google.

Rogue pharmacies are bad for our users, for legitimate online pharmacies and for the entire e-commerce industry—so we are going to keep investing time and money to stop these kinds of harmful practices.

The full Google Blog Post is here

Related articles

• Top 3 Stories in Social Media and Tech This Morning (mashable.com)
• Taking rogue pharmacies to court (Michael Zwibelman/The Official Google Blog) (techmeme.com)
• Google Busts Out The Ultimate Spam Fighting Tool: The Lawsuit (techcrunch.com)

Well known virtual assistant outsourcing company AskSunday.com is the victim of a serious case of brandjacking.

The entire identity and website code of AskSunday.com has been copied and setup as another website with a similar sounding domain name, AskSundayllc.com, which has been online for a few weeks.

The operators of the fraudulent site are actively recruiting people from US based career sites, such as careerbuilder.com, and offering them jobs. Applicants who do respond to these solicitations are asked to provide identification and banking details in order to be paid by direct deposit.

Instead they will be used as “money mules” to receive the proceeds of fraudulent transfers from hacked and compromised US business bank accounts and ultimately to transfer the proceeds to criminals in Eastern Europe.

One of the potential victims lays out the story here

The copied website at AskSundayllc.com is hosted by a Russian webhost and is effectively out of immediate legal reach. Typically webhosts who provide facilities to criminal operations and fraudsters do not respond to requests to take down or disable rogue websites.

The phone number (646) 257-5840 is a Voice over IP (VOIP) number provided by Level 3 Communications and can be forwarded transparently anywhere in the world, even though it has a local New York City area code of 646.

In a follow-up blog I’ll provide more information on how to deal with and guard against internet brandjacking.

*We are in contact with management at AskSunday.com, though they are not a client of Highwick Associates.

WARNING: Do not do business with the scam company Shanghai FeWo Corporate Domains Limited aka china-dnsnet.org and china-dnsnet.org.cn.

Shanghai FeWo Corporate Domains Limited
Tel: 0086-21-37529318
Fax: 0086-21-37529316 0086-21-37529317
Address: Room 515-516, No.885 Green Ark Building, East Huancheng Road,Fengxian District, Shanghai, China

This company attempts to extort money from legitimate domain name owners by sending unsolicited emails containing lies and deception. The emails, an example of which is seen below, includes an outright lie that another company (which doesn’t exist) wants to register a laundry list of Asian domain names which match the dot com (or other mainstream domain name) owned by the addressee of the email.

Though crafted to look genuine and relevant only to the recipient, these emails are sent to thousands of domain owners simultaneously and are no more than a form of phishing. The email addresses are harvested from the domain name registration details, which are publicly accessible.

Be very clear on the fact that the sole purpose of these emails is to scare and mislead people into paying the slimy toads at Shanghai FeWo Corporate Domains Limited for domain registration fees.

Those who do engage in correspondence will be told that the domain names might just be cybersquatted by this other (non-existent) company, unless you pay up now. Otherwise there’s nothing that can be done. In case you were wondering, it’s all lies, a scam, and it’s intentional.

If you have received one of these emails do not reply. Do not pay any money to Shanghai FeWo Corporate Domains Limited, aka china-dnsnet.org or any other company, website or registrar who makes the same claims.

Somewhat ironically Shanghai FeWo Corporate Domains Limited has a motto which reads “Realistic Honesty Innovation Development” Pity they don’t live up to it.

If you have already been a victim of this extortion the China Internet Network Information Center (CNNIC) should be contacted and an official complaint lodged.

Note: Highwick Associates represents several clients who have received these extortion attempt emails and were very concerned about protecting their copyrights and brands. They were about to pay up, until they learned the truth about how this nasty little scam works.

Click on the image below to view a copy of their original email.