Computers And Internet - Internet Security, Computers, Mobile Devices, Networks | Resources | Contact Us Hit With Consumer Protection Lawsuit

HARRISBURG – A Maryland-based computer training school that suddenly closed in mid-December, after taking nearly $2 million dollars in tuition payments from Pennsylvania students, is the subject of a lawsuit filed by the Attorney General’s Bureau of Consumer Protection.

Attorney General Tom Corbett said the suit was filed against, Inc., (ComputerTraining) which offered computer training and certification programs through four Pennsylvania companies operating at locations at Bensalem, King of Prussia, Lancaster and Pittsburgh. The school also operated in 14 other states.

“Pennsylvania students paid anywhere from $13,000 to $25,000 for various computer training programs, only to be left out in the cold when ComputerTraining suddenly locked its doors in December,” Corbett said. “These students were trying to improve their skills and build careers – only to be abandoned to face substantial loans or debts, incomplete training and a long list of unanswered questions about their educational futures.”

According to the lawsuit, the schools knew, or should have known, about mounting financial difficulties, the threat of closure and the strong likelihood that they would be unable to provide training services for students.

Corbett said that students were required to pay all, or nearly all, of their educational costs and fees up-front, before beginning their courses.

“Despite growing financial problems, ComputerTraining continued to enroll new students and collect advance payments from consumers without disclosing any potential problems,” Corbett said. “Additionally, the school continued to advertise classes and services on its website even after halting operations in December.”

According to the lawsuit, ComputerTraining also provided deceptive or misleading information about possible refunds.

“In a December email message announcing the closing, students were instructed to contact the Pennsylvania Department of Education in order to request refunds, even though the surety bonds that had been posted with the department would cover only a very small percentage of the outstanding tuition,” Corbett said. “Knowing that the surety bonds amounted to only pennies, compared to the thousands of dollars that students had paid, the instructions to contact the Department of Education about refunds were not only deceptive but also insulting to all the victims.”

Corbett said the lawsuit filed by the Attorney General’s Bureau of Consumer Protection seeks full restitution for all victims who suffered losses, along with fines and civil penalties of up to $1,000 for each violation of the Consumer Protection Law (up to $3,000 for each victim over the age of 60). The lawsuit also asks the court to prohibit the school from operating in Pennsylvania.

Corbett said the Attorney General’s Office has also filed a request for a special preliminary injunction against ComputerTraining – asking the court to freeze all bank accounts and financial assets; prohibit the sale, transfer or distribution of any other assets; safeguard all student records and personal information; and preserve all financial and business records.

Students who enrolled at ComputerTraining and paid tuition for classes that were not provided should file formal complaints with the Attorney General’s Bureau of Consumer Protection. Complaint forms can be obtained by calling the Attorney General’s Consumer Protection Hotline at 1-800-441-2555 or online at (Click on the “Complaints” button on the front page of the website and select “Consumer Complaint Form” from the menu).

Corbett also urged students to contact their bank to halt any automatic payments to the school. If they obtained student loans, they should contact their financing company to stop any additional transfer of funds to the school.

Additionally, students should contact the Pennsylvania Department of Education, Division of Private Licensed Schools, at 717-783-8228, for more information about possible assistance being provided to displaced students.

The consumer protection lawsuit was filed in Commonwealth Court by Senior Deputy Attorney General Henry Hart and Deputy Attorney General Michael C. Gerdes, of the Attorney General’s Bureau of Consumer Protection.

Court Bans Sale of Microsoft Word

A federal appeals court has ordered Microsoft to stop selling Word. In addition, Microsoft is to pay the Canadian company i4i Inc. $290 million for patent infringement.

Michel Vulpe i4i said it is “an important step in protecting the property rights of small inventors.”

Obama To Boost U.S. Broadband Access

Washington, DC — President Obama plans to award $2 billion in grants and loans over the next 75 days in an effort to expand America’s broadband Internet access, as well as, create tens of thousands of jobs.

“Broadband touches nearly every aspect of the U.S. economy, providing Americans with unprecedented opportunities in employment, education, health care, entrepreneurship, and civic participation,” the White House National Economic Council said in a report released to coincide with the announcement.

“These critical broadband investments will create tens of thousands of jobs and stimulate the economy in the near term,” the report said.

“The new broadband access will help underserved and often hard-hit communities overcome the distance and technology barrier by expanding connectivity between educational institutions, enabling remote medical consultations and attracting new businesses as well as the jobs that come with them.”

Alert: FaceBook Phishing Scam

Beware! There is a fraudulent email circulating claiming to be from FaceBook. If you receive an email like the following, do not click on any links:

From: “Facebook”
Subject: New login system
Date: Wed, 28 Oct 2009 12:52:40 -0600

Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
The Facebook Team
Update your Facebook account
This message was intended for
Facebook’s offices are located at 1601 S. California Ave., Palo Alto, CA 94304.

Report On Web Security: Danger!

The IBM X-Force 2009 Mid-Year Trend and Risk report finds growing security concerns related to surfing the web.

“The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity.”

“Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks,” Lamb said. “The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”

How To Choose An ISP

National Cyber Alert System
Understanding ISPs
ISPs offer services like email and internet access. Compare factors like security, services, and cost so that you find an ISP that supports all of your needs.

What is an ISP?
An ISP, or internet service provider, is a company that provides its customers access to the internet and other web services. In addition to maintaining a direct line to the internet, the company usually maintains web servers. By supplying necessary software, a password-protected user account, and a way to connect to the internet (e.g., modem, phone number), ISPs offer their customers the capability to browse the web and exchange email with other people. Some ISPs also offer additional services.

ISPs can vary in size—some are operated by one individual, while others are large corporations. They may also vary in scope—some only support users in a particular city, while others have regional or national capabilities.

What services do ISPs provide?
Almost all ISPs offer email and web browsing capabilities. They also offer varying degrees of user support, usually in the form of an email address or customer support hotline. Most ISPs also offer web hosting capabilities, allowing users to create and maintain personal web pages; and some may even offer the service of developing the pages for you. Many ISPs offer the option of high-speed access through DSL or cable modems, and some still offer dial-up connections.

As part of normal operation, most ISPs perform backups of email and web files. If the ability to recover email and web files is important to you, check with your ISP to see if they back up the data; it might not be advertised as a service. Additionally, some ISPs may implement firewalls to block some incoming traffic, although you should consider this a supplement to your own security precautions, not a replacement.

How do you choose an ISP?
There are thousands of ISPs, and it’s often difficult to decide which one best suits your needs. Some factors to consider include

security – Do you feel that the ISP is concerned about security? Does it use encryption and SSL (see Protecting Your Privacy for more information) to protect any information you submit (e.g., user name, password)?

privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information and how it is being handled and used?

services – Does your ISP offer the services you want? Do they meet your requirements? Is there adequate support for the services?

cost – Are the ISP’s costs affordable? Are they reasonable for the number of services you receive, as well as the level of those services? Are you sacrificing quality and security to get the lowest price?

reliability – Are the services your ISP provides reliable, or are they frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons? If the ISP knows that services will be unavailable for a particular reason, does it adequately communicate that information?

user support – Are there published methods for contacting customer support? Do you receive prompt and friendly service? Do their hours of availability accommodate your needs? Do the consultants have the appropriate level of knowledge?

speed – How fast is your ISP’s connection? Is it sufficient for accessing your email or navigating the internet?

recommendations – Have you heard or seen positive reviews about the ISP? Were they from trusted sources? Does the ISP serve your geographic area? If you’ve uncovered negative points, are they factors you are concerned about?

National Cyber Security Awareness Month

For the fifth year, the National Cyber Security Division (NCSD) is spearheading National Cyber Security Awareness Month, a comprehensive outreach campaign to empower all Americans and businesses to take steps to secure their part of cyberspace. Click here to get more information on steps you can take to contribute to cyber awareness activities.

Fraudulent Web Sites

We are aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims’ machines.

Reports, including a posting by Sophos, indicate that these messages
* Include keywords and names related to a current event (such as, the 9/11/2001 terrorist attack)
* Prompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code.

Please note that these characteristics may change at any time.

The United States Computer Emergency Readiness Team encourages users and administrators to take the following preventative measures to help mitigate the security risks:
* Install anti-virus software, and keep its virus signature file up to date
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks

Avoiding Social Engineering and Phishing Attacks

What is a social engineering attack?
To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?
* Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

* Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

* Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

* Don’t send sensitive information over the Internet before checking a web site’s security (see Protecting Your Privacy for more information).

* Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

* If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (

* Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?

* If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

* If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

* Consider reporting the attack to the police, and file a report with the Federal Trade Commission (

Microsoft Found Guilty of Patent Infringement

A Texas U.S. district court ruled in favor of i4i Ltd in a patent dispute against Microsoft. i4i was awarded more than $290 million in damages. Microsoft was issued an injunction preventing them from selling versions of Word.

The patent being ruled on relates to the use of XML (extensible markup language) in the 2003 and 2007 versions of Microsoft Word. The injunction takes effect in 60 days.

“These filings are not unusual in patent cases,” said Kevin Kutz, Microsoft spokesman. “We believe the evidence clearly demonstrates that we do not infringe and that the i4i patent is invalid.”

Microsoft filed a motion to stay the injunction.

RSS BugTraq

  • [SECURITY] [DSA 2100-1] New openssl packages fix double free
    Posted by Moritz Muehlenhoff on Aug 30------------------------------------------------------------------------ Debian Security Advisory DSA-2100-1 security () debian org Moritz Muehlenhoff August 30, 2010 ------------------------------------------------------------------------ Package : opens […]
  • Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)
    Posted by security curmudgeon on Aug 30: 1. OVERVIEW : : The QtWeb Browser application is vulnerable to Insecure DLL Hijacking : Vulnerability. Similar terms that describe this vulnerability have been : come up with Remote Binary Planting, and Insecure DLL : Loading/Injection/Hijacking/Preloading. : 3. VULNERABILITY DESCRIPTION : : The QtWeb Browser applicat […]
  • [ MDVSA-2010:165 ] libHX
    Posted by security on Aug 30 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:165 _______________________________________________________________________ Package : libHX Date : August 30, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1 _________________________ […]
  • {Lostmon - Groups} Safari for windows Invalid SGV text style Webkit.dll DoS
    Posted by Lostmon lords on Aug 30################################################### Safari for windows Invalid SGV text style Webkit.dll DoS Vendor Advisore: Vendor notify :Yes exploit available :YES ################################################### Safari browse […]
  • R7-0036: FCKEditor.NET File Upload Code Execution
    Posted by HD Moore on Aug 30R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector  in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulne […]