Saturday, March 31, 2012
Somini Sengupta is covering the “rumor” of a major attack on the Internet’s Domain Name System that was to happen today, Saturday March 31, 2012, as in a lead story in the Business Day section of the New York Times, latest link here.
In August 2008, I covered the stories of a major weakness in the DNS system on my “ID theft” blog; this resulted in emergency meetings at Microsoft and various operating system patches in July 2008.
Attackers were supposedly going to direct traffic at certain sites (with zombie computers) in such a way as to serious challenge DNS servers around the world, but there is no evidence so far that this has really happened.
Tuesday, March 27, 2012
Today, I got an supposed automatic “friend request” email from Facebook, and the link to me to “Facylook.com” and invited me to log in (I was already logged on – tipoff – look at the real domain name on the notification line). So here’s another spam scheme to get you to give away your Facebook passwords and other personal info (and probably turn your Facebook account into a spam bot).
Webroot tweeted a warning about malicious Chrome extensions being offered on the official Chrome store, and these are also used to hijack Facebook accounts and turn them into sources of spam (with a very good chance of getting your Facebook account canceled, and “you” are probably responsible). The story is here.
Monday, March 19, 2012
Today, on a Toshiba notebook laptop, after a major Windows 7 “.Net” update, which took forever, I noticed I was getting an error in “csc.exe” when trying to log off. The “exe” is usually supposed to be a C# compiler (which makes sense for the .Net update), but I found a link explaining other malicious things it could be, here.
The error disappeared after one more cold boot cycle.
The error disappeared after one more cold boot cycle.
Tuesday, March 13, 2012
WOT has new service; "Reputation.com" gives "interesting" results from a search on Mozilla; needs explanation
WOT apparently has a service called “Stop the Hacker” that can tell you if your site is blacklisted. Here’s the basic link. I’m not sure yet how valuable this service is, but it showed up on a MyWOT report.
"Reputation cleanup" mentioned on Anderson Cooper’s show yesterday (unfavorably). I couldn't find a site by that name, but I did check "reputation.com", the best known of such sites. It has an excellent score from WOT (report).
If I go to Mozilla (a new release) and then to Google and search for “reputation.com”, I get a link to “idifpro.com” which gets a red circle (poor reputation) from MyWOT, but a couple items down is the real “reputation.com” which gets the green circle and perfect score (above).
Can someone explain this?
Tuesday, March 06, 2012
Last week, I entered a preliminary 2011 tax return into HR Block's site. I forgot which browser I had used on my main computer. I had thought it was I.E.
Today, I had to update it. I went in to IE, and I was immediately directed to Facebook. True, I'm usually logged in to Facebook on IE only. I don't want my taxes and personal finance accessible from Facebook (or Blogger, or Google Products, or anything else) so I disabled it, and then it appeared that my HR Block data had been wiped out.
I tried using Google Chrome (which, note, I recently had to re-install), and the stored tax data (for many years) came back, with no intervention from Facebook (because I'm not normally logged on to it through Chrome).
But this shouldn't happen.
Monday, March 05, 2012
Today, Google passed along (to its own account users at sign-on) a link for consumers as to how to spot a fake review site, from Wikihow, link here.
The issue here is sites that offer comparisons, with numerical ratings, of various products or services in a particular category. But in most cases the reviewers have not actually handled or used the products and have been compensated to list them.
There’s some technical language here about tracking codes. You could probably have suppressed them in your browser, given all the improvements for DNT.
Saturday, March 03, 2012
Today, Google Chrome “vanished” on me, from a Windows 7 Dell XPS (converted from Vista) where I do most of my work. I had been in Internet Explorer looking at a PDF pointed to by an Electronic Frontier Foundation article mentioned in a tweet. The PDF somehow disappeared, and so did Chrome. The Chrome “New Tab” panel disappeared to the lower right, and would not come back. I have had some intermitted issues in Windows 7 with the touchpad generating unwanted commands, ever since conversion from Vista.
The only way I could get Chrome back was to restart the machine, uninstall, fill out the questionnaire, and re-download. Then to use the browser, Google forced me to sign on to my Google account (it did not reverify with 2-step, since apparently the computer is still trusted and had just finished a 30-day cycle), and then it forced me to use the Chrome password. It had told me I would not need the application-specific password again, but I did need it. Fortunately, I had saved it anyway. Then it “re-sycnhed”. Apparently the application-specific step is another layer of security from hackers.
I don’t think this incident happened from malware; I think it’s something in Windows 7 when converted from Vista. It did not even generate a report to send to Microsoft, which normally happens when an application crashes.
My experience with the 2-step “trusted computer” concept is that it runs about 32 days, not just 30.
One other thing. I just got a Motorola Droid phone from Verizon, as my contract recycled. I’ll have to get it completely synched up (with Google, Facebook, and Twitter, and banking sites) before I go on another trip. When I’m home, I don’t really need to use these; I don’t keep up with people on the run with texts (like I see so many people do on dance floors). I don’t know how 21-year-olds can type on these little touchpad-qwerty’s so fast in the dark accurately; I can’t. But being able to use all of a device’s features properly is itself a security precaution, because it makes it easier to keep up with everything, particularly "on the road". One of the best defenses against identity theft is to be able to check things frequently from any device; people who check their accounts frequently have fewer problems. Before travel, to remote areas, check your cell provider for coverage in the areas you will transit.
By the way, Chrome is consistently the fastest browser in my own experience. I thought it was the simplest. But not today.