GREENSBORO - As UNCG employees started their work week, an ominous e-mail awaited them in their inboxes first thing Monday morning: Your identity is at risk.

All faculty, staff and students received a warning about a security breach on a computer containing personal information used in processing UNCG's monthly payroll.

Everyone paid by UNCG - from a work-study student working in a cafeteria job all the way up to Chancellor Linda Brady - could be affected. The university requires all employees to have direct deposit for their paychecks, and material on the infected computer included names, Social Security numbers, direct-deposit routing and bank account information.

"This is a very, very serious matter, and the university is taking all the necessary steps to assure the security of our employees' personal and business information," said Reade Taylor, UNCG vice chancellor for business affairs.

"We believe the risk to actual data is low, but we can't take chances. We are notifying people about the situation, whether there is a risk or not."

More than 2,500 people work in faculty or staff jobs at UNCG. Hundreds more students are also on the university payroll in various jobs.

Posted by Justin Payton in Adware, Spyware and Trojans at 17:46

Cybercrime is likely to move into the social networking world, taking advantage of sites such as Facebook and MySpace, says cyber-security guru Peter Gutmann.

"I would assume internet crime will migrate to social networking sites in the future," says Gutmann, who also develops encryption toolkits and researches the usability of security software.

Social networking sites are incredibly powerful virus platforms in that they allow developers to write specific applications for them, which spread in a viral manner.

If these applications were not on a site such as Facebook, they would be considered incredibly fast-spreading viruses, he says.

To date, developers have written social networking applications only experimentally, but Gutmann thinks these platforms will be targeted more heavily in the future. "For some unfathomable reason the bad guys haven't exploited [social networking sites] yet, and I don't know why -- it is so easy," he says.

Finding stolen credit card numbers, phone numbers and other personal information is a matter of 10 seconds of searching Google, he says. "It is frighteningly easy to find information -- it is not rocket science," he says.

Another thing about these sites is that personal information, posted by users, will be there for ever.

"People put out heaps of personal information, not thinking about how it can be used against them," says Gutmann.

To some extent, cyber crooks are already using social networking sites to launch so called spear-fishing attacks, says Gutmann. By getting names, addresses and other information from, for example, job placement agencies, cyber criminals can send targeted phishing letters from your bank, and basically "leapfrog and attack from one site to another", he says.

Posted by Justin Payton in Adware, Spyware and Trojans at 12:09