Saturday, April 30, 2011

Webroot and Firefox flag "geoiplookup" on image license pages on Wikipedia; a false alarm?


Recently, in Firefox 4 only (not in earlier versions and not in Chrome or in Internet Explorer), I have been getting warnings from Webroot on links to this site  “Geoiplookup.wikimedia.org” embedded in some pages giving license information for images.  It seems to have to do with locating countries associated with images and for fundraising and appears to be harmless to the average user.  Maybe on a mobile device overseas it could matter.
 
Here is a reference from Wikipedia. 

Here is a mention in “adblock”, link;  here’s a similar explanation at “gossamer threads” link.



Tuesday, April 26, 2011

More rogue "anti-virus" worms make their rounds; how to look at your Application Folder

Brenden Vaughn and Andrew Brandt have a useful entry on the Webroot threat blog (developed by the company’s “Advanced Malware Removal” team), about how to inspect your Applications Folder for illegitimate executables, which generally should not exist on an XP, Vista or W7 machine. Legitimate applications put their stuff inside more folders.


The authors also discuss a new “total security” fake anti-virus rogue software, which may incorporate the name of the host’s operating system as part of its application name when it installs. A related fake rogue is “Antivirus IS”, which pretends to have a convincing-looking “trademark”.   I dount USPTO has heard of it.  (That’s an idea: if you see a product advertised and are suspicious, look it up at the Patent Office datatbase uspto.gov; legitimate companies will register trademarks or patents on their products.)

The link for the story is here

Visitors get a bonus today: photos from a trove of my parents' photos from the 1930s; I'm trying to get a few of them put up quickly on several blogs.  Not much to do with Internet security, except that one of them kept rotating once when imported; I had to rotate back and rotate forward; probably has something to do with my digital camera.

Friday, April 22, 2011

Is it a crime to poach on an unsecured wireless network?

Here’s another discussion of whether it’s illegal to point your laptop to an open Internet WiFi connection without password requirement, on Wired, by Ryan Sigel, link here

Remember the Michigan man prosecuted in 2006 for sitting outside a coffee shop, using the wireless, and never buying anyting?

But the Computer Fraud and Abuse Act of 1986, USC 1030, (Cornell website url text ) might be construed as making this a prosecutable crime.  Theoretically, the way the iPhone operates might be in violation of the Act.

In the mid 1980’s, as I recall from my job in Dallas at the time (Chilton), states and the federal government (as did Texas in 1985) were concentrating on mainframe computer crime.

In practice,  wireless network owners (including at home) should require passwords to prevent possible criminal abuse by others up to a few hundred yards away.  MiFi devices usually require passwords or long pin codes (assigned to individual devices) for use. 

Wednesday, April 20, 2011

"Webutation" plugin and site combines several website site safety reports

Firefox has another plugin, “Webutation” (link), which calls itself “Open Website Reputation against fraud & malware”.  You can look up any website.  It will list several items, including MyWOT, Website antivirus (I’m not sure which vendor), Child safety, and Safe browsing. Some sites will give an overall rating of “pending”, especially if no one has written a review. Some will display “100” in Firefox toolbar with a “pending” when looked up. 

Tuesday, April 19, 2011

FBI intervention to stop CoreFlood botnet raises downstream concerns

The Tech Herald has an article explaining how the FBI, with minimal court supervision, shut down the CoreFlood botnet. It’s true that it was malicious, but by routing transactions through its servers so it could put some processes “to sleep”, the FBI has instantiated a monitoring technology that could be used against other problematic software (like Wikileaks) or might compromise legitimate web traffic of small businesses without their knowledge.  The story by Steve Ragan is here

The New Haven, CT office of the FBI in fact has a press release explaining how it did this, here

Sunday, April 17, 2011

Security flaw in Dropbox, maybe popular with small businesses, reported

Some small businesses or even home users may use a product called Dropbox to access their private files from any computer they own.  Christopher White has an article at NeoWin about a major security hole that could expose all of someone’s private memos to anyone on the Internet, with the story “Major dropbox security flaw discovered”, link here. The most practical recommendation might seem like overkill to most home users – encrypt everything on your computers “anyway”.  But the fix is not as simple as changing a password. 

Monday, April 04, 2011

Twitter users: Beware of "Profile Spy"

Sophos security (and Webroot) are warning Twitter users not to allow the “Profile Spy” application to have access to your account.  If you do (after receiving a tweet inviting you to), it will spread virally to all or your followers, probably ticking them off.  You should revoke access to the application and change your Twitter PW immediately.

The application purported to tell you who had looked at your Twitter profile. Not legit.

The Sophos link is here

Twitter itself gives you the ability to limit who can see your tweets to a closed list (as does Facebook; so does Blogger, although using the privacy feature would seem to defeat the purpose of blogging on a public platform with instant search engine classification).

I haven’t found that the automatic https parameter works. If I want https on Twitter, I still have to key it. 

Friday, April 01, 2011

VIPRE apparently detects false "keylogger" on some laptops with Microsoft Live Application

There is a bizarre story  on Networkworld that Samsung has issued some laptops with keylogger software installed, perhaps “inadvertently”.  However Samsung has issued a statement that a security program called VIPRE can be fooled by Microsoft Live Application into detecting a false positive for a keylogger during the VIPRE security scan. Samsung’s statement is here.

It reminds me of another question: how does Webroot decide what is a “spy cookie” (it considers doubleclick to be one) versus a regular cookie?