Friday, October 30, 2009

Vipre Enterprises publishes Malware Countermeasures Guide

Sunbelt Software and VIPRE Enterprise has sent users links to a white paper “Modern Malware: Threats and Countermeasures”, by Greg Shields. The company site is (URL) here and the link to the 15-page white paper download (from the WebBuyers Guide) is at a dynamic link sent to AOL members (email address was included in the link, so I can't give it here.) Some of the malware types are porn dialers, backdoors, exploits, keyloggers (which may be legitimate in a workplace environment to monitor employees), remote control devices, rootkits, Trojans and Trojan downloaders, worms and viruses.

This is a pretty good overview, particularly for the small business owner as well as high-end home user, mostly of Windows based systems.

Thursday, October 29, 2009

Wireless at home or in hotels can be very loose; Blackberries can turn into spy microphones

The first topic I’ve covered before here. Wireless. If you use a free wireless service in a hotel, for example, it’s easy for a “spy” to record all of your web visits and key strokes on a laptop nearby. An NBC producer went to a home in Houston TX to show the homeowner the sites he had just surfed. Presumably subscription services (Verizon, etc) are more secure, as are sites that require a password (and https protocol). You can make your personal computer more secure by giving it an administrator’s password (and requiring passwords for all users, in XP, Vista or 7) even if you are normally the only one with access to it, too.

Some observers write that a laptop or PC equipped with wireless can be compromised even when Internet access is through cable, unless the wireless card is disabled.

NBC has also reported a story by Washington Post security writer Brian Krebs, about Department of Homeland Security (DHS) warning about a PhoneSnoop application that can be placed onto a Blackberry (not the president’s) to turn it into a microphone, as if the unsuspecting victim were wearing a wire (with no tape or stickers). A jealous spouse, for example, could use it to spy. The Post article is titled “DHS: PhoneSnoop app bugs BlackBerrys” with link here and refers to this CERT warning (link).

Update: Nov. 2, 2009

Switched has a story by Terrence O'Brien "Just How Risky Are Public Wi-Fi Hotspots?". The story was offered to AOL users today.

Tuesday, October 27, 2009

Phishing attacks impersonate US Attorney General

Arlington County VA today sent out a cyber alert from the Internet Crime Intelligence Center (or “Intelligence Note”), that spammers were impersonating US Attorney General Eric Holder in attempts to garner personal information with phishing attacks. The link for the alert is here.

Government agencies do not send out unsolicited emails. The FBI has a tip line on its website and does have procedures for taking and returning phone calls for tips that appear to be important or credible. Visitors might enjoy reading about the FBI Citizens’ Academies, web URL link here.

Saturday, October 17, 2009

Watch for random power surges; replace surge protectors periodically

Last night, as I was working on my laptop, plugged in (fortunately, through a surge protector), I heard a loud pop and the lights went out. About half the lights came back on in about two minutes. It was weird, because two of the circuit breakers wouldn’t reset. I called an electrician’s hot line. But this morning, I found that they would reset; except that one master switch for the computer room causes the breaker to flip if used. If I turn on the various switches manually, I can come back up.

I didn’t hear any lightning in this 40 degree Noreaster (threatening October snow), but I suspect there was lightning around anyway – there was is if moist air is lifting, even in snow. The computers and cable TV all work; just one electrical switch does not. I suppose I can wait until Monday so as not to pay emergency rates to an electrician.

I have found cautionary tales on the Web, about replacing surge protectors, which is a bit like replacing smoke detectors. Here's a good domestic canterbury tale, even mentioning a wife. In rare cases, old surge protectors have caused house or apartment fires. Here’s one tale about how a computer went toast to a random residential power spike despite a power strip.

It seems that all power companies have spikes, because there are too many points of potential failure. Newer areas with more work underground may be less susceptible. In downtown Minneapolis, I had almost no power problems. In Arlington VA, in a residential area, there are frequent very short outages. Older cities and older systems have more problem, especially in forested areas with above ground utilities. Utilities are under the same pressure as everybody else to trim costs, and I sometimes wonder about their p.m.

Friday, October 16, 2009

Webroot Spysweeper gives warnings about i.nuseek on blogs, apparently for some non-working gadgets

Yesterday, on my movies blog, I got a warning from Webroot Spysweeper about “”. It happened only in Google Chrome, not in Firefox or Internet Explorer. I did notice that one of the gadgets at the bottom of the blog had an expired domain, so I replaced the gadget (“5 top boxoffice hits” or something to that effect) with another gadget. I haven’t seen the warning from Spysweeper since.

I checked this on a machine with McAfee site advisor, and see that is rated green. I find “rumors” about taking over expired domains, so maybe the circumstantial evidence makes sense. For example, bloggers should watch their “3rd party” gadgets and make sure they continue working properly. Again, Spysweeper seems to be much more proactive in warning users about potential problems with an embedded site or script that McAfee.

A typical discussion of i.nuseek appears here.

Interested visitors should look up the WHOIS for on

Wednesday, October 07, 2009

Phishing attack compromises passwords; all users should consider whether to change theirs today

Ben Parr has an “alert” story in Mashable (The Social Media Guide) “20,000+ Gmail, Yahoo, AOL Accounts Compromised”. Apparently over 20000 passwords from a number of these services were stolen with a phishing scam and then posted. Anyone who has answered a phishing email should consider changing all of his or her passwords promptly, and used strong passwords, and apparently different pw’s for each account. The link is here. The story surfaced on CNN this afternoon (Oct. 7).

A strong password uses both upper and lower case letters, numbers, and special characters, and does not make sense to a random person, and has no obvious connection to the person’s life.

Corporate servers commonly force employees to change pw’s at least once a month, and to use strong pw’s. Users who answered phishing emails at work might jeopardize their employers' security,

Thursday, October 01, 2009

Sensitive touchpad can bring up unwanted or dangerous websites

I’ve noticed a tendency on my 2009 Dell XPS laptop (running Windows Vista Home) for the touchpad to launch a URL without being actually pressed once in a while. I don’t see anything obvious on the Control Panel to suppress this. It seems to be a hardware engineering issue regarding sensitivity to touch, pressure, electric contact, and time.

It may happen if the touchpad lies right over a link too long (accidentally) even though the pad is not pressed.

I did not have this issue on a 2006 Dell Inspiron with Windows XP Pro, and I have never encountered the problem with a mouse.

Harmful results might occur. For example, the visitor might see an unwanted ad, or even accidentally link to pornography or to some content which it is illegal to possess.

Another possibility is that in Vista, on some machines with some configurations, once in a while complicated advertising programs could cause an ad to be displayed as if clicked when was not; this would be a security flaw. I'll watch to see if other problems like this are reported in security bulletins and lists of fixes.

Touchpad sensitivity might be related to biological factors, such as skin conductance, salinity, and the like: factors measured on a polygraph or even by electrocardiographic leads.

If others have noticed this with some laptop models and has suggestions, please comment.