Sunday, December 28, 2008

Missouri, Illinois pass cyberbullying laws; several prosecutions already occur in MO, emphasize text messages

New cyherbullying laws have been passed in Missouri, and one in Illinois that takes effect Jan. 1, 2009. The Illinois law might apply to “third party” postings in a webstie and could conceivably raise Section 230 questions.

In Missouri, the law prohibits communications (including text messages, phone calls and web postings) that cause emotional distress, and has been criticized already as too vague. Already there have been a number of prosecutions. The term "emotional distress" can be subject to interpretation (like reputation, it's in the eye of the beholder) so users need to be careful.

There is a story by Joel Currier in the St. Louis Post Dispatch, “New cyber-bullying law being used in the St. Louis area,” here.

According to Wired Magazine's blog, seven people have already been charged in Missouri. The story by Kim Zetter is here. Most of the prosecutions involved text messages rather than profiles and blogs.

The laws were, of course, motivated by the case against Lori Drew, who was convicted of federal misdemeanors but not prosecuted under Missouri law.

Tuesday, December 23, 2008

Virginia state government warns on infected USB storage devices

The Commonwealth of Virginia issued a security advisor to state government agencies and subscriber home users today (Dec. 23, 2008) about the possibility that some USN (Universal Serial Bus) storage devices contained malware (as firmware). The advisory suggests that Windows users disable to autorun feature first and then scan the virtual drive with a virus scan before completing installation. Arlington County distributed this advisory to home subscribers today.

The web link is here.

One would wonder about other devices connected through USB's, like camcorders. But I haven't seen any reports of such.

Picture: Topographical map of VA, drawing by me in 4th Grade, around 1952.

Tuesday, December 16, 2008

Critical bug in Microsoft Internet Explorer reported (whats new?)

Computer World is reporting that all current versions of Internet Explorer (6, 7, and Beta 8) have a critical bug. They story by Gregg Keizer is here. Arlington Virginia's emergency warning network sent out this cyber alert this morning!

The Microsoft Security advisory 961051 is here. Microsoft characterizes the vulnerability as “an invalid pointer reference in the data binding function of Internet Explorer”. The concept of “bind” is similar to that on the mainframe familiar to DB2 users.

Some security experts recommend disabling “oledb32.dll” if one continues using IE, until there is another security fix this month.

A DLL (dynamic link library) is an executable file that permits programs to share code to execute common functions. There is a writeup on removing dll’s on the Spyware Remove database here. Wikipedia’s discussion is here.

A few applications require Internet Explorer and don’t run on other browsers. One example is Netflix’s movie viewer. Some companies offering work-from-home customer support jobs require the use of Internet Explorer specifically. These are all issues, as other browsers like Mozilla ought to be acceptable in these circumstances.

Yahoo! Tech has a more alarming story on Dec. 17 (by "Christopher Null"), with computer experts warning that a new wave of fraud is inevitable in Microsoft doesn't patch this problem quickly. Use any other browser, they say. It's probably not wise to use IE right now with any application requiring logon with password (like a banking site). Hopefully, Microsoft will have a patch in a few days, but this sounds like a difficult fix.

They don't use the word "Microslop" for no reason!

Update: Dec. 18, 2008

Microsoft pushed a fix to IE this morning. It took about one minute to install. It looks like it replaced a few DLL's. A restart was required. (Microsoft also pushed a fix to Real Player.)

Saturday, December 13, 2008

Geek Squad: some ad hoc impressions about home PC security

Yesterday’s meeting with a Geek Squad “double agent” resulted in some new perceptions about Internet safety for me.

One of the most interesting is that the best anti-virus companies seem to vary from year to year. According to the conversation, McAfee is no longer at the top of the heap. Maybe it was best five years ago. (It also launches too many unnecessary processes.) The recommendation now is for Spysweeper. (I could not get the home page to come up this morning.) But he also said no one should subscribe to automatic renewal, because the best package relative to the threat matrix changes from year to year.

He also said that MacIntosh (note the spelling, with Mc it is a different trademark and business!) is orders of magnitude more secure and more stable than any windows system. Whatever the controversy about anti-virus on the Mac, it is simply much less of a target. But I know there is disagreement about this in the literature, as with a recent posting here.

The Best Buy Geek Squad page for virus removal is here.

He also said that the AOL dialup program is dangerous in the modern Windows environment, because it opens unprotected ports that hackers can use. AOL has lost its position in the business compared to how it was in the early and mid 1990s, when it was the leading ISP and content provider. Those almost sound like the good old days now.

Friday, December 12, 2008

Facebook taunts help trigger bullying lawsuit against a Connecticut prep school

Taunts on Facebook and in text messages figure in to a lawsuit against a Connecticut girls’ high school, Miss Porter’s School. A girl, Tatum Bass, who was expelled in November claims she was bullied online and in person by other students for an unpopular plan for a prom. A typical story is by Vanessa de la Torre on the Hartford Courant, “Miss Porter’s School Sued over Expulsion,” link here. The story was also reported Dec. 12 on ABC “Good Morning America.”

Again, social networking site content is showing up in litigation.

Thursday, December 11, 2008

Homeland Security Secretary Chertoff speaks about cybersecurity strategy

Today Michael Chertoff, Secretary of Homeland Security, gave a brief lecture “Cyberspace and National Security” and the Armed Forces Communications and Electronics Association, link here. He was introduced by AFCEA president Kent Schnieder. Most of the audience consisted of uniformed military officers.

Chertoff opened with a mention of how Estonia’s Internet was brought down, and how the Russian invasion of Georgia was manipulated in cyberspace. He mentioned a possible breach that could have exposed 40 million financial account holders. The problem seemed to have to do with a problem involving domain name integrity deep within the Internet, but it could have caused further loss of confidence in financial institutions, already an issue with the financial crisis.

He said that national cybersecurity policy should stress three areas: (1) front lines of defense and firewalls; (2) anticipating the full range of possible threats (3) understanding the social environment, such as disgruntled employees and (by inference) asymmetry. He stressed the nature of a public-private partnership.

He posed, in answer to an audience question, the legal question as to whether an international cyberattack is an act of war, and said that is a good question for lawyers.

An audience member asked about a possible Russian attack on DOD, which apparently has not been made public.

Also, the Second Annual Online Safety Conference “Safe at Any Speed: Rules, Tools and Public Policies to Keep Kids Safe Online” was held at the Newseum recently and shown on C-span, link here. I’ll look more into this shortly.

Wednesday, December 10, 2008

More warnings today about embarassing or incriminating self-portrayal (or material by others) on the Net: it lasts forever

Here we go again. On both the Today Show and on ABCs “The View” today media commentators warned about the risks of posting racy photos on the web, or even of allowing others to take them (and then post them). College admissions officers (up to 38% now) and employers (and once in a while, prosecutors) are looking, whether it’s completely ethical or not. Besides photos, students should be wary of playing “Gossip Girl” and writing disparagingly about colleges or employers that they visit, according to reports.

“The View” took the position that teens simply don’t understand that what’s out there is “for life” because it’s digital, and their parents grew up in a generation that had never known “this problem.” The broadcasters warned that Myspace and Facebook privacy settings really don't prevent public distribution of unflattering materials. (in the “Young Adults” column) has an interesting story by Jackie Burrell, “Facebook, MySpace and Internet Perils: 5 Online Dangers That Have Nothing to Do With Internet Predators” link here. The prosecution scenario in Ohio is chilling, especially that the recipient of the photos could be prosecuted when the receipt could have been involuntary. Maybe that's just Ohio. But the article mentioned other legal scenarios, as well as colleges, grad schools and employers.

Reputation, I say, is in the eye of the beholder.

Saturday, December 06, 2008

Facebook email video attachments could be infected

There are numerous media reports about a virus spread by emails from Facebook users. Apparently the attachment prompts you to ugrade your Flash player first (which seems to be common with many legitimate videos), whereupon you get infected with the “Koobface” virus that makes your machine into a botnet zombie.

A typical story is by Brennon Slattery in PC World, “Facebook Virus Turns Your Computer into a Zombie,” Dec. 5, 2008, link here.

A typical report is McAfee’s from October 2008, here, but there are multiple versions of this worm.

Facebook says it has removed this problem.

Thursday, December 04, 2008

VA may tighten school bullying laws, including cyber issues

The DC Examiner, in a story by William C. Flook printed on p 20 today December 4 2008, reports in its “Virginia General Assembly” column that state representative David Englin (Democrat, Alexandria) wants to expand Virginia’s anti-bullying law to prohibit “intimidation” and “harassment” and particularly to protect students with disabilities.

Presumably the law would prohibit cyberbullying, even from home computers, and would prohibit bullying based on actual or perceived sexual orientation.

The Examiner story did not yet appear online.

The legislation may have been motivated in part by the Missouri Lori Drew case, in which state officials could not find that a law was broken, Ms Drew was convicted of federal misdemeanor charges, as reported earlier on this blog. Several other serious cases have occurred around the country, including one on Long Island, New York.

A website called “Bully Police” has an analysis of the current Virginia law here (original Virginia reference, based on the concept of "character education", is here), and also a column from Minnesota here. Here is another resource on cyberbullying that it gives.

Tuesday, December 02, 2008

Apple recommends multiple anti-virus packages

Today, Dec. 2, Apple posted a recommendation that its customers (using various versions of Mac OS) use more than one anti-virus protection package. Apple recommends Intego VirusBarrier X5, Symantec Norton Anti-Virus, and McAfee. The link (which has a survey interrupt) is here.

Information Week has a longer story by Thomas Claburn today, link here.

Claburn notes that Microsoft’s market share, at least with Linux thrown in, is not what it was, so it is not quite as attractive a “target”, relatively speaking, as it used to be. Furthermore most major Apple products (like iTunes) are available on Windows machines and more and more windows users find that they need them. Claburn seems to feel that the underlying BSD Unix foundation architecture for the Mac is less easily compromised. However, I know of cases (back to around 2001) where entrepreneurs running small ISP servers from Unix servers have been compromised and have had to rebuild their machines (to use their vernacular).

I'm not aware that "multiple packages" are recommended even for Windows, where they could interfere. Many people have both the Microsoft firewall and a regular (like Norton or McAfee) personal firewall.

I bought an iMac in February 2002, when it was new, and have not found it to be more stable than Windows as a whole. I've had trouble with Internet Explorer locking up and becoming unusable. I use it to watch DVD's right now. I may decide that I need a (much!) newer Mac if I get FinalCut.

Update: Dec. 3

Apple has reversed itself, with a Cnet blog entry "Apple deletes Mac antivirus suggestion," by Elinor Mills, link here.