Friday, August 28, 2009

McAfee offers "Security Insights" to parents

This morning, as my automatic Friday morning McAfee scan started, I also got a pseudo-popup offering Internet safety tips for parents. It started Internet Explorer, and gave the typical advice of monitoring your child’s online activity, the way you would monitor a teen’s learning to drive a car.

Curiously, the scan stalled in the “rootkits” area while this IE link displayed, and then scan took off normally.

I couldn’t find that exact link to give visitors, but here is a similar link, “the Security Insights” newsletter ("Moms fight cybercrime with education"), here. The statistic on the report are interesting: 63% of teens hide what they do, over 50% give out personal information, and about 20% have engaged in some bullying.

Wednesday, August 26, 2009

Be careful when surfing "celebrity sites"

CNN has a story “Most dangerous celebs to search online”. They include Jessica Biel and George Brad Pitt. Even relatively new young celebrities have a lot of such sites.

A lot of celebrities have unauthorized fan sites that may spawn malware, according to analysts at McAfee, a major anti-virus company. If you’re a less popular or flashy celebrity, you probably won’t encounter these sorts of unauthorized imitations. I don’t have any (pun!).

Much safer is to go to sites developed my major media outlets, like CWTV.

However, I haven’t gotten any unusual warnings from Spysweeper from any celebrity sites, authorized or not.

The CNN story is here.

Tuesday, August 18, 2009

Microsoft makes many security fixes; ActiveX is still seen as a "liability"

Brian Krebs, in his Security Fix blog for the Washington Post, discussed a big Microsoft patch on Tuesday, Aug. 11, in this entry.

Krebs provides a lucid explanation of why ActiveX has been a consistent Achilles Heel for Microsoft Internet Explorer, any version. It gives “access” to other parts of the Windows operating system, for hackers to control your machine (possible for DOS zombie purposes) and Microsoft tends to share some “templates” with other vendors.

On my Windows Vista update history I see ten updates since Aug. 11, including two that greeted me today when I started following up on Krebs’s blog. But the 19 updates in his story may apply to XP also.

It appears that the new Windows 7 is somehow steering clear of these problems.

Krebs notes that ActiveX vulnerabilities may be avoided by using other browsers, like Mozilla, Chrome and Opera.

Sunday, August 16, 2009

Twitter, IM's and texts are tools for neighborhood watch groups

Blogs and especially Tweets are becoming important tools for neighborhood watch groups, according an AP story by Meghan Barr, printed on p 13 of the Sunday Aug. 16 DC Examiner.

The lists have to be kept private, however; otherwise they might cause homeowners to become targets.

Tweets have described atypical behavior for a neighborhood, and some people are likely to say that the tweets would tend to be motivated by stereotypes or profiles. But Tweets could provide some corroborative evidence for law enforcement, and one wonders if they could be admissible in court.

The MSNBC link for its copy of the story is here.

Friday, August 14, 2009

Man impersonates white supremacist on Facebook, gets prosecuted

On Thursday Aug. 13, CNN provided a story about an African-American man who created a fake Facebook account to impersonate a white supremacist, and then transmit threats. Dyron L Hart, of Poplarville, MS, plead guilty to communicating threats by interstate commerce. He could get a $250000 fine and five years in prison. The story is here.

Prosecutions of this nature have gradually increased since the late 1990s, when people would recklessly transmit threats in emails, IM’s or on message boards, without awareness of the grave legal consequences.

Thursday, August 06, 2009

Twitter, and perhaps Facebook, are disrupted by DOS attack today

Multiple media sources report a denial of service attack on Twitter and possibly Facebook during the morning of Thursday Aug. 5.

Even Ashton Kutcher couldn't keep up his usual pace of tweets.

Twitter is reported back up with some slowness, and Facebook is investigating.

At 5:20 PM EDT today I could not get to respond. Curiously, Internet Explorer 8 on my Vista machine hung and had to be restarted. Facebook responded, although a bit slowly.

The AP story on MSNBC is here.

Later, even Live Journal was reported to have been disrupted.

A story today (8/7) on CNN reported "Pro-Georgia blogger 'George' target of Twitter attack", as if the entire DOS attack were motivated by a desire to target one blogger overseas relative to the Russian-Georgian conflict that started in 2008. The link is here. It's hard to believe that such an attack would be motivated this way.

Last month, the South Korean government and several US government agencies had outages due to a DOS attack. This new incident suggests that governments (or their "agents") might target companies that host dissent; the obvious question is whether Iran might do this in view of the controversy over its recent "election" and all the protests. Likewise, one wonders about Myanmar (or Burma).

Denial of service attacks were widely discussed in major media in early 2001, well before 9/11.

Tuesday, August 04, 2009

Smart Internet energy grid, spurred by green initiatives, could pose grave security risks to utilities and consumers

Thomas Friedman, author of “The World Is Flat”, has proposed a “smart energy grid” using the Internet to adjust electricity loads and reward consumers for smart, green behavior in pricing. Oprah and others have supported him quite publicly.
But the idea of connecting the utility system, however carefully, to the public Internet could run into serious security concerns, as the stakes from any conceivable hack get greater, even as robust security layers are added by utilities and developed by vendors like Microsoft, IBM, EDS, and others.

Brian Krebs has an important article in the July 28 Washington Post on the issue, “’Smart Grid’ Raises Security Concerns”, link here.

I recall, when still living in Minneapolis, back in 2002, various doomsday articles on how easily hackers could attack utilities, but by and large they were unfounded, as the utility grid has been almost closed off from public access. However, the federal government found out that some of its systems were not so immune with the DOS attacks last month. Similar comments were made after the August 2003 Northeast power failure, but that was related to internal software and hardware problems in the grid (as a wrong direction loop in Ohio), not to malfeasance. But in the future we could become much more vulnerable.