Wednesday, September 29, 2010

Should website safety ratings take into account litigiousness?

A blogger site dealing with the Righthaven mass copyright litigation has informed visitors about a Firefox plugin that will block access to newspaper websites known to be participating in the litigation. The instructions are here.

What strikes me is that WOT (also a Firefox plugin) could develop the ability to warn users about sites known to be litigious. Then bloggers could be increasingly careful about any “copying” of material from these sites (or, in cases of sites known to sue frivolously for libel, when writing about the entities).

Friday, September 24, 2010

McAfee loads new Security Center; questions about routers, ISP provisioning, and work-from-home

McAfee yesterday replaced its Security Center on one of my machines, and it has a “new look”. There appears to be an improved Spyware detection module (like Spysweeper) but the most important feature appears to be the “My Home Network “ feature, which appears to monitor the home Router (Netgear for me) as well as the PC. It appears that it is intended for a home where the same McAfee product is installed on all machines. Because vendors (BestBuy) recommend or pre-install different vendors (Webroot/Sophos/Spysweeper, and Kaspersky), I would have to make a decision on this. McAfee also offers a new Parental Controls module (for COPA-like filtering) and PC Optimization.  The Security Center also loads much faster from the tray icon.

Also, because of a possible employment matter, I might have to look in to having Comcast let me provision my router so that one has to sign in to the Router as well as the computer (Comcast does not seem to allow this now). That would add more security.

Some employers for work-at-home jobs (like Alpine, Live Ops, etc) would require dedicated PC’s for work, separately. It could be that the way Network routing is set up with Comcast and other vendors (provisioned at the ISP, not at home) could present a security issue for some employers in some work-at-home situations. I’m not sure how Verizon FIOS works. This all bears investigation.

The first time the new Security Center updated the dat file, it kept sayingit could not connect to the Internet (when the connection was working) until the computer was rebooted, the Security Center re-opened, and two cycles of "checking for updates" were done; then it worked.

Wednesday, September 22, 2010

Malware dropper "spills" other spam-generators on testbed PC

Eric Brandt has an important warning on the Webroot blog, “Epic malware dropper makes no attempt to hide”. The discussion is about yogetheadshot.php.exe (VT),, which “spills” other malware on your PC, making it a node for sending out pornographic spam, potentially a legal risk for the computer owner. It also involves exploiting the Windows System Backup Dumper (winbudump.exe).  Webroot announced this story on Twitter this morning.

There is a wordpress blog entry (July 11) that tracks this back to an Adobe Acrobat vulnerability, link here.  But this vulnerability is supposed to have been patched.

I got a bizarre email to “undisclosed recipients” today on gmail trying to have a “relationship”. This was some of the strangest spam I’ve seen. No links, just an email address. No html. The AOL spam filter didn’t catch it. But the nature of the “relationship” was not something mature adults (gay or straight) would want.

Tuesday, September 21, 2010

MSN reports on Twitter "onmouseover" hack, since fixed

Today, MSN reported (with a YouTube video by Sophos/Webroot) of an attack on Twitter, whereby a user, if passing a mouse over a url, would find it hacked and sent to a spammer’s porn site. It’s been fixed now. The MSN story (“Twitter counters onmouserover security flaw”) is by By Athima Chansanchai with link here.

The writer says she escaped the problem by going right to Tweetdeck before going onto normal Twitter.

Monday, September 20, 2010

Webroot offers upgrade, but says call tech support

I got an Alert from Webroot today that it had a new version to download (for Webroot Antivirus with Spysweeper). When I went to answer it and download, it said that it detected that I save photos and videos online (which I indeed do, in Google Picasa), and that I should call the tech support to be talked through the installation.

I did not go through with it, as I do not have time to stop and wait to reach tech support on the phone for a complicated procedure on Vista. I’ve never seen an anti-virus package do this before.

I do see a new product “Webroot Internal Security Complete” (link)and it mentions file and photo sharing, but this may be for a P2P environment. It does appear to offer an improvement over Windows Firewall for outgoing wireless communications where there could be concern over wardriving. Maybe that’s what is offered. But it will take time to track down and install, it appears, if you’re an existing customer.

Thursday, September 09, 2010

New mass-mailing email work attacks today

Sophos reports a mass-mailing email worm affecting many companies and government agencies, filling employee inboxes with spam to today Sept. 9. It sends an unsolicited email that purports to link to a PDF but actually runs a VB executable. The Sophos blog article on the problem is this.  The worm reportedly spoofs an email address from an infected computer as the sender.

Most antivirus companies have updated dd files by now, and online protection (including Sophos or Webroot) will block access to that URL.

Diane Sawyer gives the story from ABC World News Tonight (the email virus did hit ABC) here.

Back in September 2001 (two weeks after 9/11), my own workplace was hit by a "virus attack" and for a few hours I was afraid that I could have infected my home computer.

Sunday, September 05, 2010

Password security is getting a new look: sometimes less is more

Randall Stross has an interesting piece on p 3 of Business Day of the Sunday New York Times, “A strong password isn’t the strongest security”, link here.

Indeed, the requirements to have so much randomness in passwords (as with companies that run password crackers, as did mine back in 2001) does lead people to write them down and save them, undermining security.

In fact, password security becomes irrelevant once a machine is infected with “real” spyware or keyloggers.

At the other end of the security spectrum, Stross points out that even weak passwords can’t easily be guessed in just a few tries. However, most companies (and indeed, particularly, most school campuses) do not lock people out for a long time after a few unsuccessful logon attempts because enemies (or students with bad grades) could disrupt legitimate use of peoples’ accounts.

A good compromise on password strength policy is to allow shorter, weaker passwords but only those that occur at a lower that statistically significant level.

Wednesday, September 01, 2010

Australian site recommends second opinions on virus scans, firewalls; keep experimenting

As Australian site Arnet has an interesting article by Lincoln Spector dealing with how a “protected PC” gets infected, here.

Spector recommends “second opinions” from second anti-virus vendors (although some cause conflicts – I find that McAfee and Kaspersky don’t interfere on an XP machine). He also recommends not depending on Windows Firewall, which has been criticized for the ability to monitor outgoing packets in a wireless environment (possibly even if your home has a wireless router if you think there is any practical risk of wardriving).

He even recommends not using the same vendor for anti-virus and firewall, as the recommendations for the “best buy” of each keep changing every few months.