Saturday, November 30, 2013
Webroot now rates website safety on Firefox search engine results
I’ve noticed that Webroot Secure Anywhere has been rating
sites that I search in Firefox, listing “Category, Confidence and Score”. Sometimes there is more than one
Category. My own “doaskdotell.com” gets
a Green but is misclassified as “real estate”; it should be “personal sites and
blogging”. (There is an obscure article about real estate prices on the site.) The MyWOT (Web of Trust)
score appears behind the domain on Firefox.
For some reason, Webroot has downgraded as orange (and
interrupts with warnings) some sites that sound legitimate. One of these sites is “fwd.us” which is Mark
Zuckerberg’s organization to support immigration reform, and another is “Kid
Focused” which has information about raising children, including Internet
safety (previous post yesterday).
It’s possible that merely having an email sign-up list
lowers a score with site-rating accompanies.
Maybe so does accepting ads.
Friday, November 29, 2013
"The family computer" concept seems alive and well
Recommendations for parents on kid safety. “Washington Family” Magazine (given out free
at churches) for Nov. 2013 has an article on p. 38 by Mary Jo Rapini, “Monitoring
your child’s behavior online”, which recommends just that, including having the
“family computer” concept, in a public area of the house. Maybe this is only for tweens. Older kids will have a lot of homework
online, and talented kids (prodigies in music, programming) may have legitimate
reasons to spend more time in their own computing efforts.
Yet, parents really do need to monitor what is going on, or
there can be real consequences, as we know from a lot of news stories.
Rapini has an earlier article from Aug. 29, 2012, “Kid Focused” which says “’Monitoring you kids doesn’t mean ‘spying’”, link here.
I couldn’t find the Family article on its own site, but
Rapini has it on her own site, curiously in ready-to-print mode in PDF, here.
Saturday, November 23, 2013
Spike Lee case shows how causing another person to be targeted wrongfully can lead to liability
Here’s another thing to ponder when on social media, or
blogging. Spike Lee was sued by an
elderly couple in Florida when he incorrectly tweeted their home address as
belonging to that of the social pariah George Zimmerman. Hollywood Reporter has a story here.
There was a $10000 settlement, and the couple repeatedly
wants to break the “release of all claims” which CNN’s “Legal Guys” says won’t happen.
But anyone who causes someone else to be targeted by
criminal activity with a social media post can be held liable. It’s a disturbing concept.
I personally stay away from “personal outrage” at these
kinds of cases.
NSA infects computer networks deliberately with malware to perform surveillance, according to Dutch newspaper
A Dutch newspaper is reporting that the US NSA has
deliberately infected 50,000 computer networks with malware in order to perform
survelliance. Most of the targets are
overseas, but some could include organizations, small businesses or individuals
in the US. The NSA can turn on the “sleeper”
malware at will.
There would be some question as to how much of a threat it
could be. An individual who works mostly
on a laptop or modern tablet or even when mobile is likely to turn off the
device often. The malware typically has
no symptoms and is carefully hidden from most anti-virus software. However, random non-repeatable problems might
be attributed to such malware.
The link for the report is here.
Thursday, November 21, 2013
Law enforcement, intelligence paying more attention to spam
I have learned, in some private discussions lately, that law
enforcement and intelligence is more concerned than it used to be about the
possibility that “steganographic” instructions for crime or possibly terror
attacks could be embedded in spam, as in emails, blogs, or particularly
unmonitored comments. Law enforcement
has, of course, in recent years looked at social media for evidences of
crime; in a few cases it has been overzealous
in interpreting hyperbole as “threats” as in a recent case in Texas (July 3,
2013).
I continue to receive a large volume of bank-related spam, and "Nigerian scams" that get through AOL. Banks usually say, when the emails are sent to "abuse", that they've seen the emails before.
Again, there are some specifics that I can't get into, but in general I'm surprised about the scams and counterfeit goods that people fall for, even people who don't live paycheck-to-paycheck. The urge to want something for nothing ("it's free") seems too strong for some people.
Monday, November 18, 2013
AOL makes members enter captcha to send email today
Today, an odd thing happened on my AOL mail account. I was replying to an email from China about its wanting to use a duplicate of my domain name as a subdomain for an entirely different company (I talked about this on the Trademark blog Nov. 1) when I suddenly was forced to log on to a site to enter a captcha. I first thought it came from the site in China and noticed that it came from AOL only when I sent an email to myself. I did do the Turing test, and it worked, and wasn't repeated. It seemed odd to do the test for someone signed on to AOL. It has never done this before.
AOL is not that good at filtering out a lot of spam, and I still get a lot of spam purporting to be from AOL itself.
AOL is not that good at filtering out a lot of spam, and I still get a lot of spam purporting to be from AOL itself.
Friday, November 15, 2013
CryptoLocker virus tries to sell the user's own data back
The latest scourge being discussed widely is the
CryptoLocker virus (or CryptoLock) usually spread by phishing and email
attachments, which demands that the victim pay up to get his encrypted data
back. The criminals are selling the
person’s own data back. There is a “groundhog
day” scheme or three or more days to pay up, and after that the ransom goes
up. There is some talk of “two-sided”
encryption. The Extreme Tech article by
Graham Templeton is here.
To add "insult to injury", "victims" have to pay by Bitcon on MoneyPak. Many people will not have accounts in these currencies and will not know hot to pay. I've never had a reason to use "hidden" digital currencies to hide them from surveillance.
To add "insult to injury", "victims" have to pay by Bitcon on MoneyPak. Many people will not have accounts in these currencies and will not know hot to pay. I've never had a reason to use "hidden" digital currencies to hide them from surveillance.
CERT, the Computer Emergency Response Team, reported on the problem
by email today, with a lot of extra links with tips. CERT says that network shares and even cloud data can be affected. .
Thursday, November 14, 2013
Germany will try keeping local Internet traffic from being routed through servers out-of-country as a security measure
Here’s a new technique overseas for Internet safety: keeping web accesses and email traffic to and
from web addresses within the country from being routed outside the
country. Germany proposes trying this
now, to protect the privacy of its own consumers from possible criminals
overseas but moreover from possible NSA snooping (or snooping by British secret
service, which may be even more aggressive), according to a Washington Post
story by Michael Birnbaum on Nov. 1, 2013, link here.
Tuesday, November 12, 2013
Smaller sites have become more vulnerable to hackers because of DIY techniques
A blog posting by Dancho Danchev on the Webroot threat blog,
Nov. 1, warns amateur webmasters that even their “small” sites with few users
can become targets of cybercriminals and hackers in the “new world order” of
DIY (do-it-yourself hacking tools), despite the widespread reports of hacks of
banks and government agencies. He also
discusses a mysterious “Google dorks” concept. It sounds like a kind of trolling.
The post is here.
Google recommends that webmasters routinely maintain
industry-standard email addresses at their sites to see if anyone (like “Stop
badware”) has reported the webmaster’s site to be infected. Some of these usernames would be “info”, “webmaster”,
“postmaster”, “abuse”, and the like. The
most important web page explaining all of this is here.
One possible problem is that some web hosting services might
not automatically provide these email addresses; the website owner may have to
set them up.
Shared web hosting security does matter. One problem common some years ago on Unix
servers was leaving the “Site” command open to hackers.
Wednesday, November 06, 2013
Facebook will strengthen protections of teens against cyberbullying
Facebook will strengthen anti-bullying protections, by
making it easier for teens who feel cyberbullied to contact adults on their
frends’ lists and to notify the company, according to a Washington Post story
November 6 by Cecilia Kang, link here.
Facebook calls the new facility a Bullying Prevention Hub,
and also uses security capabilities already provided by Instagram.
.
The Post includes a 15-minute video “On Background” by host
Nia-Malika Henderson, Justin Patchin comments on a slight decrease
in cyberbullying reports since 2011. Dr. Gwenn O’Keefe talks about how it is
difficult to walk away from online bullying because there is always a copy of
it, and people can continue it when they are home, so it never “goes away” or
gets forgotten. 72% of teens and adults
14-24 say that digital abuse is a big problem.
It is curious that schools have looked the other way on
bullying when in the adult workplace it’s so easy to bring suit over “hostile
workplace” conditions.
I do have a concern that cyberbullying will lead to further
calls to weaken Section 230.
Sunday, November 03, 2013
The first big Internet virus dates all the way back to 1988, and it could self-replicate
One of the first Internet malware entities ever (that is,
viruses) was developed in 1988 by a grad student named Robert Morris, as
explained in on The Switch blog by Timothy Lee today, “How a grad student trying
to build the first botnet brought the Internet to its knees”, link here.
In those days, I had an ATT 6300 computer running MS-DOS
only, and would soon get an AST Research machine. WordPerfect and Q&A were more popular
than Word. Not that many people went online from home,
but Compuserv was becoming available at work.
Morris’s virus could spread from one Unix machine to another
without much user intervention. In the
1990’s. most viruses were spread by floppies or by clicking on executables in
emails. The whole idea of an automatically
self-replicating piece of malware would come back big time around 2001, just
before 9/11, with resulting DDOS attacks.
My own ISP, at the time “virtualnetspeace”, run by a coworker using
shared rack space, would have to fight off a DDOS attack in July of that year
before getting out of hosting. I do
remember those days. The real gurus in
those days know how to fend off deliberate packet attacks. They called it "attacking your machine".
Subscribe to:
Posts (Atom)