Wednesday, December 28, 2011

Kaspersky renewal through Best Buy hits a glitch (for me, today)

Today, on a small travel Toshiba computer with Windows 7 Starter and Kaspersky Security, the product would not renew and activate despite my paying the credit card renewal (about $40 a year) twice.  The red “Fix it now” button kept leading me to a Best Buy application which would not close. Finally, I took it to a Best Buy store and the Geek Squad found a hidden link to give the user the opportunity to paste in a new product code.  I don’t know why the web application didn’t do this automatically.

Also, early on Dec. 29, one Picasa image (on my Dec. 28 posting of my Issues Blog) came back as a blank area with an arrow.  The problem went away when I deleted the html code linking to the picture and re-uploaded it. A quick search shows that sometimes Kaspersky and Webroot (it happened on two machines) reject the scripting around Blogger images as possibly malware, a "false positive".  In my case, so far, it has happened only with the first image uploaded under Google Chrome (when Firefox was having trouble connecting to Blogger); all subsequent images worked (so far), and the first one worked when re-uploaded.  

Tuesday, December 27, 2011

Installed Webroot Secure Anywhere today

Today, I did install Webroot Secure Anywhere (v8.0.1.44).  It downloaded an executable in the usual way from Firefox (save an exe file, get permission from Windows 7) and installed fast.  It ran a scan for rootkits and malware that took about 8 minutes, no problems.
 
The McAfee Security Scan Plus says that the Webroot Internet Security Essentials is turned off.  But that should be normal, if Secure Anywhere is running.  I don’t know why the free McAfee product doesn’t recognize the new Webroot.  Windows 7, however, is not warning me about a need to turn on security (it will).
 
After the install, I also got some javascript object errors that went away when I closed all browsers and closed Microsoft Word.  The computer seemed slower than usual when restarting any object (even Windows Explorer) until using it at least once. 
 
The install gave me two different produce registration codes.  It flashed one, and then gave me a different code (in the last few characters) to save on the clipboard and in my own records. 
 
I’m not sure if Webroot is running its own Firewall on top of Windows 7 Firewall.  It is allowing all “normal” browser Internet traffic.  I tried Weather Channel, Twitter, Facebook, Blogger, major news (MSN).

Update: Dec. 29

I do see the Firewall in the control panel now. It looks as though the earlier problem of overblocking is fixed.  Webroot also provides a "locked desktop" Windows "notification icon" (at the bottom) whenever you use https or go to sleep.  That may prevent others from logging on to your machine, in person or even remotely (a problem recently discussed elsewhere).

Also, McAfee Security Scan Plus now returns a green status and recognizes all Webroot components. 

Saturday, December 24, 2011

Heavy social networking users targets of webcam-related schemes (the Mijangos case)


The January 2012 print issue of GQ,  on p. 90, has a detailed story (by David Kushner and Jason Madara) of the “sextortion” computer hacking by a disabled California man Luis Mijangos, which involved controlling webcams of users laptops after getting them to download infected videos from emails with senders spoofed to look like social networking (often Facebook) friends.   The story is not available online yet. 

The O.C. Weekly (yes The OC, or Orange County) had a detailed story of the arrest in September here.  

The Huffington Post had a story on his six year sentencing in September. 
 
Generally, this sort of scam is much more dangerous to people who are “heavy” users of social media , especially those who use their webcams a lot and share a lot of videos and photos.  It’s a bit of a paradox. Some employers even think that large friends’ lists are a sign of social success, but it’s very much a two-way street as far as I’m concerned. 


Wednesday, December 21, 2011

Chinese hackers target US Chamber of Commerce


The Wall Street Journal is reporting today, in a story by Siobhan Gorman, that hackers from China have breached the systems of the U.S. Chamber of Commerce, with the story (paywall) link here. Attackers gained access to information on three million members.

The story is front page news on today’s WSJ in print. 

It’s a bit ironic, because the US Chamber of Commerce has attracted controversy for its support of the Stop Online Piracy Bill (SOPA) before the House in Congress, a bill which Internet free speech advocates can cause many contingent problems.

Saturday, December 17, 2011

Webroot and Kaspersky find problems with popups on many corporate media news sites

Just a note of followup.  I still get warnings from Webroot on a number of ads that lead in to newspaper stories on major papers like The Washington Post and USA Today.  Usually, the warnings are yellow, one or two have been red.  These are the advertisements that have an insertion, “skip this ad” or “continue reading”. 
 
The problem noted Monday with a New York Times web page discussing the nexus between blogging and journalism has been resolved. Kaspersky no longer warns of a rogue Facebook application trying to load, and no survey comes up.  
 
Here’s another oddity:  Now, when I boot up my XPS laptop under Windows 7, Windows asks me to start Webroot and Webroot always updates before it will let me start it, delaying the start of my ability to work about two or three minutes.  My version is 7.0.12.22. 
 
A site called “TopTenReviews” has a discussion of problems at the New York Times (link), but the facts appear to relate to the 2009 attack.  The problem I encountered this week did not involve fake anti-virus software (a common scareware scam); it was instead a fake Facebook survey, probably related to phishing for personal information.  As of right now, only Kaspersky has reported it. 

Even trusted sites of big companies and government agencies (trustworthty?) seem to get hacked.And unfortunately you have to use more than one anti-virus vendor to catch everything.

Tuesday, December 13, 2011

Georgia hospital disrupted by computer virus

A medical center in Georgia (Lawrenceville and Duluth) has been infected with a computer virus since last week, causing it to ask ambulance companies to send new patients elsewhere.  Webroot tweeted the Atlanta Constitution story yesterday here.  The virus has the odd name of an “I.T. service interruption virus” and is said not to have any effect on patient records. 

There is no explanation yet as to the source of the infection or hack. 

The link is here.

Monday, December 12, 2011

Kaspersky warns me about a Facebook Trojan when I visit a NYTime debate page in XP; one "fake survey" pops up


Today, when accessing a New York Times opinion page debating blogger journalism, from Google Chrome, my Windows 7 computer  (Dell XPS) hiccoughed for a few seconds and froze, then released the page.  This sometimes happens once in a day after a restart. It seems as though the system needs to start one more service to run a script.  

I wrote a post and linked to it OK on my “BillBoushka” blog today, and Firefox under Webroot/Sophos accepted the linked NYTimes page OK, no warnings.  (Usually it's Webroot that catches these first; today it was Kaspersky instead, even though Webroot did a full update this morning.)

But on another XP machine with Kaspersky under Google Chrome, I got a warning about a possible spyware script, which is unusual.  The Kaspersky report showed something like “facebook/com/dialogue/oauth with an application number of 9869919170.  I double checked and this has no connection at all to my own Facebook account, and in fact I wasn’t logged on to Facebook in any browser through which I accessed this page. 

I tried the XP Kaspersky experiment several times. Just once, a pop-up appeared for a “On Question Site Survey” at the bottom.  I forget what it was trying to survey or sell (short term memory?)   I simply closed the survey and everything was normal.  I suspect that the survey would have asked for personal information or cell phone numbers for spam. 

I don’t know if this is a legitimate hack or not – it’s on a New York Times page if it is.  I don’t know how it got in, and so far only Kaspersky finds it.  

There have been problems with fake surveys being embedded in Facebook apps for phishing purposes; maybe some of them are being picked up by major news sites and not being caught by security. 
I consistently find that different vendors find different threats that other miss.   That doesn’t bode well for PC home security for the average user depending on one vendor. 

Webroot major update; my Firewall false blocks still not fixed

Adventures in (a) Webroot?  Adventures in a Perambulator? 

Saturday morning, my Windows 7 Dell XPS froze when I tried to go to AOL just as W7 was telling me that Webroot wasn’t working.  I rebooted and got past that.  This morning, Webroot took about 45 minutes of my time with major updates and one restart.  Even after the restart is still did about 10 more minutes of updating before I could do anything. 

I thought that the false Firewall blockage was fixed.  I turned the filter back on. As long as I stayed in Google Chrome I was fine. But when I went to Firefox it started blocking all traffic again. So back to allowing all traffic, and a red status. Understand, Windows Firewall is still on (as is Wndows Defender), and it seems to block what it should.

Update: Dec. 21

Please note the comments. I should be ready for Webroot Personal Security "Secure Anywhere" right after Christmas.  (Sorry for my typo in the last comment -- it happens on laptops.)  

Wednesday, December 07, 2011

Security experts continue to show concern about PDF vulnerabilities, from "unnecessary" features from Adobe

Today, Sophos Security (associated with Webroot) sent a downloadable white paper on PDF security. The way it was delivered makes it hard to give an effective URL, but Neil Rubenking of PC Mag  gives a pretty cogent view (from April 2010) about how Adobe “lost its way” by adding so many features to PDF, that make them a security hazard. 

I get updates from Adobe constantly, but there seems to be some scuttlebutt that keeping up is difficult, and that the wide range of capabilities of PDF documents are unnecessary for most users, causing needless risk.

The PDF format does have one great advantage for book-like documents: they view and print (and paginate and font-interpret) exactly the same on any device. So they’re very popular, for example, for transmitting program notes that accompany music .mpg files when composers sell them online.  

There are a lot of suggestions to use Google Docs to view PDF files on the web, and to install the gPDF plugin, particularly for Firefox. 

The link for the story is here.

The view of PDF makes it sound as risky to view on the Web as used to be thought the case with Word documents (instead of HTML).  But today, it's not so clear that HTML has to be safe either. 

I have noticed that Webroot will sometimes give me warnings about Microsoft Word macros on a few of my own local documents from earlier times.

I have used PDF for my new eBook on my “Do Ask Do Tell” site, and for three other documents explaining my plans.  I created these from Word.  I guess I should reassess this since some visitors may not like opening PDF documents.  


Tuesday, December 06, 2011

Facebook security fix actually allowed private pictures to be visible for a while

George Mathis has a story on a Facebook bug fixed today that for a while allowed pictures marked as private to be accessed by others in public anyway. Someone proved the point by posting one of Mark Zuckerberg’s “Private” pictures.

The bug had occurred as Facebook pushed a facility to allow reporting multiple instances of inappropriate content simultaneously.
 
The story from the Atlanta Constitution blogs is here.

Thursday, December 01, 2011

Hidden app tracks or logs user's activities on many smartphones ("Carrier IQ")

The Huffington Post has as story about research by Trevor Eckhart over a hidden app on many smartphones, called the “HTC IQ Agent” which logs many details about the user’s activities and could provide a security threat for hacking of various private activities (like logons to financial sites) later. It’s also called “Carrier IQ”.  The link is here.

Could this risk be similar to that of keyloggers on PC's?

Trevor supplied a YouTube video: 




Pete Williams at NBC explained Carrier IQ's response to a class action suit. This facility is only for quality control.


Wednesday, November 30, 2011

"Forward Secrecy" will enhance https


Parker Higgins at Electronic Frontier Foundation has an important discussion of a new security enhancement to “https” or encrypted sign-on, and that’s called “Forward Secrecy”.  The link is here. Apparently, Google is introducing it with its accounts (to augment remote 2-step verification).    With Forward Secrecy, some information needed to decrypt messages in the future is “ephemeral” and is never stored.  It’s a kind of “reverse pay-if-forward”. 

Monday, November 28, 2011

More on web sites "yellow-rated" by Webroot

Since I have (somewhat consistently, recently) gotten yellow warnings from a number of sites from Webroot that McAfee and MyWOT accept, I looked up a review on PCMag, from 2011, here. The sites particularly include movie reviews, retail, and some foreign blogs.

The reviewer talks about McAfee and Norton flashing red-colored (blacklisted) pages that Webroot missed.  I haven’t experienced this; on a few rare occasions, I’ve seen red pages from all, including MyWOT.  Google and Bing (as well as Yahoo! safe search) seem less likely to include these sites these days from search results. 

The yellow page is supposed to indicate suspicious behaviors sometimes associated with malware distribution or keylogging or other infectious behaviors, on sites that have not been "blacklisted".  Webroot does not seem to say exactly what behaviors are suspicious; is it what we call “unsafe code”?  One could wonder how the passage of SOPA might affect the way site-security ratings work (and the other way around).

It would be helpful if all site rating services could distinguish between hazards of computer infection (upon visitation or use) compared to a reputation for other bad business practices (such as was the case with Righthaven and MyWOT). 

In some cases, I don’t give a link to a Webroot-yellow site; for example, I may be able to find a Facebook page for the company and use that instead.