Posts tagged accounts
In 2007, the Sentinel Management Group (SMG) collapsed, leaving many customer segregated funds lost after they had been used as collateral. After a plethora of lawsuits and creditor claims, a decision earlier this month in the 7th Circuit Court placed the banking cartels ahead of customer claims for funds returned. Essentially, the Bank of New York Mellon (BNYM) sued to be first in line for return on stolen customer account monies – and won the right by the US court system.
In the mainstream media (MSM), the SMG collapse and subsequent ruling in favor of BNYM was touted as a difficulty “for customers to recoup money lost”.
SMG, a Chicago-based futures broker, had stolen more than $500 million in segregated customer funds to use as collateral on a loan to BNYM for in-house proprietary trading operations. Their books were audited by the National Futures Association (NFA), however the NFA admitted that they could not understand the convoluted mess they were provided by SMG to sign off on. And yet they did; and approved the audit.
BNYM sued SMG to re-coup any monies owed to them. However, these monies were customer segregated funds that SMG stole and re-hypothecated.
In federal court, John D. Tinder, US Circuit Court Judge ruled “that Sentinel failed to keep client funds properly segregated is not, on its own, sufficient to rule as a matter of law that Sentinel acted ‘with actual intent to hinder, delay, or defraud’ its customers.”
This means that once a banking customer deposits their money into an account with a bank, the funds become property of the bank. The customer, at the point of deposit, relinquishes all rights to that money regardless of any laws in place, legal assurances, claims or guarantees; and this extends from investments to private checking accounts.
Gmail accounts targeted by ‘state-sponsored attackers’ using Internet Explorer zero-day vulnerability0
(NAKED SECURITY) Both Google and Microsoft have put out alerts about an un-patched, zero-day hole in Internet Explorer that didn’t get fixed on Patch Tuesday and is actively being exploited in the wild.
Neither Google nor Microsoft referred to those state attackers in their respective security warnings. ZDNet attributed that particular detail to a source it said was “close to these investigations”.
This source confirmed to ZDNet that the attacks motivated Google to warn Gmail users last week about the attackers.
As ZDNet pointed out, Gmail users have been reporting on Twitter that they’ve been hit by the Gmail warning.
Google security engineer Andrew Lyons wrote in the company’s security blog that Google reported the vulnerability to Microsoft on May 30 and that the two companies have been working on the problem since.
He wrote on Tuesday:
Today Microsoft issued a Security Advisory describing a vulnerability in the Microsoft XML component. We discovered this vulnerability - which is leveraged via an uninitialized variable - being actively exploited in the wild for targeted attacks.
Lyons said that the attacks are spreading both from malicious web pages set up to snare Internet Explorer users and through Office documents.
Users running any flavor of supported Windows are vulnerable, from XP onwards up to and including Windows 7. All supported editions of Microsoft Office 2003 and Microsoft Office 2007 are also vulnerable.
The hole hasn’t been stitched up yet, but Microsoft is suggesting a workaround that will help prevent it from being exploited.
Microsoft’s security advisory recommends that IE and Office users immediately install a Fix it solution, downloadable with instructions from Microsoft Knowledge Base Article 2719615, until the company gets the final fix out.
The vulnerability crops up when Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 try to access an object in memory that hasn’t been initialized, which can corrupt memory such that an attacker could execute arbitrary code on a hijacked machine.
A victim would have to visit a maliciously crafted site using IE to suffer an attack. An attacker might lure users into visiting a booby-trapped site by enticing them to click on a link in an email or via messaging.
A successful attack grants the intruder the same user rights as the logged-on user. Therefore, a mitigating factor is to configure accounts with fewer rights, as opposed to operating with administrative user rights.
Microsoft noted that by default, IE on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration. That also mitigates the vulnerability.
As far as bolting down Gmail goes, Sophos’s Graham Cluley has a collection of tips on how to stop your Gmail account from getting hacked.
It’s definitely worth a read. Here’s a quick cheat-sheet; Graham gives you more detail on these items in his article:
- Set up two step verification
- Check if your Gmail messages are being forwarded without your permission
- Look where your Gmail account is being accessed from
- Choose a unique, hard-to-crack password
- Secure your computer
- Why are you using Gmail anyway?
OK, that last one’s not a tip, per se, but it’s food for thought if you are, in fact, important enough that a state would want to attack your Gmail account.
If you are, think twice about using a free web email provider for sensitive information. If you’re working for the government or the military, like Graham said, put all that sensitive information on secure systems instead.