Tuesday, July 31, 2012

McAfee Site Advisor blocs Blogger banner (until permission granted to show it again)

I encountered a glitch yesterday with the Blogger status line that appears on the top of any blog (it has the Share, Next Blog, and Abuse buttons).  In Chrome, it disappeared (leaving a blank space), and in Firefox, McAfee warned me that it was being blocked.  When I checked OK, allow it, the banner came back in all browsers. (Safari is still the fastest, even in a pc windows environment.) This happens once on each Windows machine that has McAfee Site Advisor.

I guess this is a “false positive” from McAfee.

Chrome recently added the capacity to use McAfee Site Advisor to block sites.  
Bottom picture: I just wanted to show the Melbourne site, somewhere!

Monday, July 30, 2012

Ubisoft digital rights management system and plugin found to have a rootkit

DMW is reporting serious issues with Ubisoft’s digital rights management system, apparently in conjunction with some gaming platforms, as worked on by Google engineer Tavis Ormandy.   The security risks, to machine hijacking, occurs with the use of the Uplay browser plugin. The story link is here.  
I would expect that major security vendors, including cloud-based services like Webroot, will be flagging the plugin.
Ubisoft reported has issued a patch to Uplay to deactivate the rootkit, story on geek.com here

Friday, July 27, 2012

Hardening of personal computers against environmental events is an Internet safety issue

I saw a commercial billboard in a Metro station recently for some HP notebooks apparently used by the military (as the picture showed a soldier).

The ad suggests that these notebooks (or netbooks) are hardened heavily against environmental risks, which would be expected for combat. 

Commercially, field workers (such as insurance claims adjusters, utility installers, home security specialists) often carry hardened laptop computers. 

The good question would be whether such hardening ought to be sold to ordinary consumers.  Could they protect, for example, against electromagnetic assaults?  Is this practical?

Part of the security of our information infrastructure does involve the ability of computing units to withstand extraordinary events.  So, indirectly, I see it as a genuine “internet safety” issue.

Another tip could be to consider making some data backups on optical rather than magnetic media. 

Saturday, July 21, 2012

Hackers often drop out, become legitimate security employees when they marry or have kids

Here’s an area where Internet safety and “social capital” come together. Check out the recent Information Week article by Matthew J. Schwartz: “One Secret that Stops Hackers: Girlfriends”, link here
Does this have to be heterosexual?  You don’t hear much about gay hackers – except for Bradley Manning, and the lesbian character Lizbeth in the “Dragon Tattoo” movies (and almost in “Prometheus”).

People almost never enter hacking after age 25, even age 20.

And they are likely to drop out, or actually convert to constructive employment (like penetration testing, or even legitimate social media apps) once they have girlfriends, or particularly get married or have children.  As George Gilder and George Will have both written, “women tame men.”  (But not gay men.)

Webroot had tweeted this story earlier this week. 

Saturday, July 14, 2012

ABC Nightline explains the "stranded traveler" scam

ABC Nightline did a report on the “stranded traveler” scam last night. This typically starts when the scammer hacks an email address of the target, and emails contacts of the person claiming he is stranded or in jail overseas.  It’s hard to believe that people fall for this.

Often, the person is then locked out of his email and contacts. 

The occurrence of this scam is one reason why Google offers the “two-step verification” process.  

Friday, July 13, 2012

More experiences with Webroot Secure Anywhere

On Wednesday, as I was looking at some links from imdb's page (certainly reputable from a safety standpoint) for the recent "Spider-Man" movie, Windows 7 Professional warned me that Webroot Secure Anywhere wanted to execute an unusual script "from the hard drive".  This had never happened before. I allowed it.  Nothing changed.  I rebooted and scanned (22 minutes) and everything was clean.  I thought Webroot had been trying to block something through the Firewall (that had gotten past Windows firewall).  I didn't find any quarantined cookies or viruses. on their extensive reports.

Webroot does offer an execution log and a report of process counts that is constantly updating (you could make a YouTube video of it).  I was amazed at how much it shows on the "advanced" log file.

It does not slow down the computer, but during the week-long cable outage (after the East Coast derecho), when I had to use my iPad hotspot (with data transfer limits) I did notice the gigabyte accumulating rather quickly. I don' know whether Webroot could add to data transfer usage.

Sunday, July 08, 2012

"Social survey" popups from major corporate media sites

Saturday morning, I browsed ABC’s site for its 20-20 program and got not only the usual one pop-up, but a second pop-up ad asking me to take a survey.

Surveys elicit suspicion. Remember the “social surveys” that come up with misspelled Facebook domains that result in spam to your cell phone (“guessology”) that you may wind up paying for.

I can’t be sure that this came from ABC.  Maybe it was piggybacked onto another ad.

The Washington Times, a “conservative” newspaper, also serves popup ads with rather cheesy looking (extremist) content (some of them invite you to watch endless videos promising some kinds of life-transforming financial tip), but none of them have ever done any harm as far as I can tell.

Friday, July 06, 2012

DNS Changer Malware: FBI "coronary bypass" ends Monday, thousands of pc's could lose Internet access

On Monday, July 9, a temporary bridge to allow people infected with “Operation Ghost Click” and “Rove Digital” (DNS Changer Malware) to continue resolving Internet addresses in an ordinary manner, will expire.  

About 70000 computers in the United States, perhaps 300000 worldwide, will cease being able to access the Internet.

I site called DCWG purports to be able to check your machine without downloading any software and fix it.

 The site is here

CNN has a news story here about the matter.

I tried my main laptop and it was “green”, OK (US link). 

Wednesday, July 04, 2012

A little glitch today in 2-step verification

I ran into a little glitch with my cell phone and the Google 2-step verification tonight when signing on with a supplementary netbook.  The Motorola Droid cell phone shows all the texts and verification codes under any one Google phone number, and I entered the wrong one.  It did give me another chance.  The correct text was displayed last, without a date (meaning today) but with the correct EDT.

It would be easier if the Droid would show the most recent text last, but it didn't do that. Don't know why.

I still have the 8-digit backup codes, printed, "hidden away" (as in Josh Groban's song).  I was afraid I might have to use them when the 30 days on my main machine expired.  I haven't tried or installed the self-generation (Google Authenticator) application available on all newer phones (to generate codes even when cell service isn't available).  And cell phone service Saturday was hardly working, following the Derecho storm. But I did get SMS texts from Google OK.  I didn't run into the "sequence" problem until today. 

Monday, July 02, 2012

A note on Webutation scores

Here’s a little tip that I noticed in Webutation blog or website ratings on Firefox.  When a blog has a lower score, view the report and let it recalculate.  I had two blogs with a score of 70 recalculate and get 100’s.
My “issues” blog gets a score of 80 because of a low MyWOT score in some areas, including a 41 on Child Safety.  Yet, that particular blog discusses mostly public policy and never gets into areas considered inappropriate for children. On the other hand, the LGBT blog and movies blog were rated OK for children on MyWOT and these are much “riskier”.

It does seem that carrying advertising at all can lower a score. 

With respect to MyWOT and Webutation (and I see them only on Firefox, not on Internet Explorer , Chrome or Safari), I see individual scores for each blog.