Monday, August 27, 2012

Facebook friends' names spoofed as spam sender fields, gives links to infected sites, maybe dangerous stuff

Recently, I’ve received spam with names of Facebook friends spoofed into the sender field.

All of the emails give a link to a site, with may be something like “Kliewer customs” or something that looks more legitimate, like “downtown Denver News”.  Some of them give a site based on the name of a person plus a two letter number.  And some emails point to a Flickr album of a person.

I looked up one of the person’s names on Firefox and found sales links for old cars (OK) and, oddly, chemical and biological weapons.  Rather scary stuff. 

I presume that the sites linked in the emails (I even open them on a separate computer that I don’t use for critical stuff) are hacked or infected. 

It would be possible for someone to download child pornography accidentally this way, which could result in a legal liability. 

I don't know if there was a security breach at Facebook that allowed a script to be written to do this en masse. 

Friday, August 17, 2012

Be careful how you use "The Cloud" and keep making your own backups; a Wired writer's story

Security pundits have been discussing the massive hack on Wired writer Matt Honan’s digital world, starting with Twitter but mainly focused on his life in Apple’s meso-thunderstorm clouds.

It’s pretty clear that there is a risk in “overdoing it” in linking all of one’s devices and being able to automatically repopulate them from the Cloud.

Actually, the whole situation reminds me of the old mainframe work environment in the 80s and early 90s.  You had your own Roscoe libraries, but there were secured procedures to promote source to various test, QA, and production libraries and these were controlled by TSO. Once companies started using client servers or LANS, PC’s typically had their own local drives and then virtual network drivers, with shared data, “clouds” with respect to the organization.

A home user of a “cloud” service would logically want only certain portions (like logical “drives”) of his or her PC repopulated automatically.  I can certain understand the benefits of automatic synching.  For example, if you travel a lot and take a smaller airbook or netbook with you, all the data would be there with you on the plane – nice for cross-country or oceanic flights, especially if you frequent faraway places like China (and you’re editing a novel).  If your iPod gets synched, you can always play any of your music on a home stereo through the iPod dock on your receiver. 

A sensible security procedure would be for the Cloud service provider (Apple in this case) to require Google-style two-step verification before altering anything on your hard drive.

Honan discusses the holes in Apple’s procedure, requiring only credit-card-last-four, mobile phone number, a billing address, and an email address (and the last three are easy to get from most personal websites).  Certainly two-step ought to be there.

There’s one more hooker on the Cloud service Honan didn’t mention: you need OS Lion or later.  I have OS X 10.6.8 on my 2011 MacBook, which is already too “old”.  An upgrade would be a big project, and I’d have to check if it would affect my Sibelius (music composing) application.

I’ve been used to making and keeping physical floppies and now thumb drive backups of my stuff for decades.  I have more than one drive, and they are kept in various locations (at least one is kept in a safe deposit bank at a bank and updated every few months -- rather like PM visits to the dentist!).  It’s getting easier as thumb drives get “bigger” in storage.  I do use Carbonite on two machines, although, as these are Cloud backups, they would need more beefing (I would suggest that Carbonite implement a two-step system, too, as should other companies, like Mozy and Webroot, that offer backups). 

One would also recommend that users consider making optical media (CD) backups as well as thumb drives. I’ve never heard of data loss due to an electromagnetic pulse attack (EMP – which could conceivably be localized -- or maybe even a severe solar storm), but there is (as the popular song says) always “a first time”.

The Aug. 6 story on Wired (which has a follow-up on Aug. 13, where Honan explains how he rescued most of his data) is here

Thursday, August 16, 2012

Trend Micro Titanium 2012 upgrade takes a while to do, requires two restarts

Today, I installed Trend Micro Titanium 2012 on my travel Gateway Winodws 7 computer.

It had been prompting me when starting the 2010 protection.  I found when I accepted the invitation, that it launched Firefox (default), downloaded the element (although the script stopped once, maybe because Windows updates were also downloading). It then slowly executed (when the download element was invoked), and required two restarts, one after removing the old Titanium, and then after the actual install, which took quite  a long time.  The first time, when the box was closed, protection stopped and had to be started again in Windows 7 (along with Windows Defender).

Possibly the impending Windows 7 updates and downloads slowed this down further. 

Wednesday, August 15, 2012

Microsoft never sends updates as attachments (Webroot story)

Webroot is now sending out tweets advising customers of upcoming Microsoft security updates, and I indeed got one as I returned home from a trip last night. 
Microsoft also has warned customers that it never sends security updates as attachments.  In fact, I have not received emails advising of them; only simply the notification icon warning me that updates have been downloaded.  Updates will eventually install and force a restart if I don’t install them, so they can be disruptive, sometimes.  A typical update package takes about 15 minutes to install on a modern laptop.

Malicious software removal updates tend to take longer, as do “.NET” updates (necessitating by my use of Expression Web; I had about a month where an service pacl update to Expression Web had failed and the product would not load.) 

The Webroot story on Microsoft updates is here.

Tuesday, August 07, 2012

McAfee Site Advisor blocks a Blogger gadget; no other anti-virus program warns on it

Today, I experienced another surprise from McAfee Site Advisor as implemented into Google Chrome, in a W7 Professional environment. 

On my “disaster movies blog” (see my Profile), it suddenly blocked the status line with a warning, but this time it also blocked a gadget for “Galaxy”.  Only one blog was affected, because only that blog had that gadget.  I removed the gadget and the problem went away, and then on Firefox the Webutation score rose from 70 to 90.  I do have to reiterate that MyWOT and Webutation scores are very much a matter of subjective reputation and "nerd herd mentality". 

This time, neither Webroot, Trend Micro Titanium, Norton, nor Kaspersky warned me about the problem, but McAfee did.  (In the past, McAfee has not caught problems that other vendors identified, in my experience.)  It is a good idea, particularly if you have more than one machine, to use multiple vendors and compare what they catch. 

I have had to remove other Blogger gadgets before, in one case because of a Kaspersky warning, and once because Safari seemed to have trouble with one of them. 

Monday, August 06, 2012

Comfort Inns has some odd WiFi instructions. Disable encryption. Really?

Choice Hotels’ “Comfort Inns” has some oddball instructions for how to use the hotel “free” WiFi.  The instructions mention selecting or “enabling” your “Wireless Network Adapter” and then selection an SSID (session ID).

Then it says to turn off data encryption WEP and restart the machine.

In fact, I found that Windows 7 would find it normally as a connection, start it, and let you choose “Public” as a setting, normally.  I and did find it would take https (as with Electronic Frontier Foundation’s site).

But it sounds tacky suggest that hotel guests should turn off encryption.  But it actually isn’t necessary.
And what’s this about rebooting?

Thursday, August 02, 2012

Trend Micro Titanium takes a while to start protection on netbook

Here's a little anomaly I've noticed with Trend Micro Titanium on Gateway Windows 7 Starter Netbook. When you boot up, the Trend Micro red button says "starting your protection" for a long time, about two minutes, after Internet is available.  If you log off and log back on without shutting down and rebooting, you have to start Trend Micro Titanium manually.

Trend does intercept a number of events, especially those with "spy cookies."