Saturday, November 30, 2013

Webroot now rates website safety on Firefox search engine results

I’ve noticed that Webroot Secure Anywhere has been rating sites that I search in Firefox, listing “Category, Confidence and Score”.  Sometimes there is more than one Category.  My own “doaskdotell.com” gets a Green but is misclassified as “real estate”; it should be “personal sites and blogging”.  (There is an obscure article about real estate prices on the site.)  The MyWOT (Web of Trust) score appears behind the domain on Firefox. 
  
For some reason, Webroot has downgraded as orange (and interrupts with warnings) some sites that sound legitimate.  One of these sites is “fwd.us” which is Mark Zuckerberg’s organization to support immigration reform, and another is “Kid Focused” which has information about raising children, including Internet safety (previous post yesterday). 
   

It’s possible that merely having an email sign-up list lowers a score with site-rating accompanies.  Maybe so does accepting ads. 

Friday, November 29, 2013

"The family computer" concept seems alive and well

Recommendations for parents on kid safety.  “Washington Family” Magazine (given out free at churches) for Nov. 2013 has an article on p. 38 by Mary Jo Rapini, “Monitoring your child’s behavior online”, which recommends just that, including having the “family computer” concept, in a public area of the house.  Maybe this is only for tweens.  Older kids will have a lot of homework online, and talented kids (prodigies in music, programming) may have legitimate reasons to spend more time in their own computing efforts. 
  
Yet, parents really do need to monitor what is going on, or there can be real consequences, as we know from a lot of news stories.
   
Rapini has an earlier article from Aug. 29, 2012, “Kid Focused” which says “’Monitoring you kids doesn’t mean ‘spying’”, link here


I couldn’t find the Family article on its own site, but Rapini has it on her own site, curiously in ready-to-print mode in PDF, here

Saturday, November 23, 2013

Spike Lee case shows how causing another person to be targeted wrongfully can lead to liability

Here’s another thing to ponder when on social media, or blogging.  Spike Lee was sued by an elderly couple in Florida when he incorrectly tweeted their home address as belonging to that of the social pariah George Zimmerman.  Hollywood Reporter has a story here

There was a $10000 settlement, and the couple repeatedly wants to break the “release of all claims” which CNN’s “Legal Guys” says won’t happen.

But anyone who causes someone else to be targeted by criminal activity with a social media post can be held liable.  It’s a disturbing concept. 

I personally stay away from “personal outrage” at these kinds of cases.  

NSA infects computer networks deliberately with malware to perform surveillance, according to Dutch newspaper


A Dutch newspaper is reporting that the US NSA has deliberately infected 50,000 computer networks with malware in order to perform survelliance.  Most of the targets are overseas, but some could include organizations, small businesses or individuals in the US.  The NSA can turn on the “sleeper” malware at will.
   
There would be some question as to how much of a threat it could be.  An individual who works mostly on a laptop or modern tablet or even when mobile is likely to turn off the device often.  The malware typically has no symptoms and is carefully hidden from most anti-virus software.  However, random non-repeatable problems might be attributed to such malware.
    
The link for the report is here.  

Thursday, November 21, 2013

Law enforcement, intelligence paying more attention to spam

I have learned, in some private discussions lately, that law enforcement and intelligence is more concerned than it used to be about the possibility that “steganographic” instructions for crime or possibly terror attacks could be embedded in spam, as in emails, blogs, or particularly unmonitored comments.  Law enforcement has, of course, in recent years looked at social media for evidences of crime;  in a few cases it has been overzealous in interpreting hyperbole as “threats” as in a recent case in Texas (July 3, 2013). 
  
I continue to receive a large volume of bank-related spam, and "Nigerian scams" that get through AOL.  Banks usually say, when the emails are sent to "abuse", that they've seen the emails before. 
 
Again, there are some specifics that I can't get into, but in general I'm surprised about the scams and counterfeit goods that people fall for, even people who don't live paycheck-to-paycheck.  The urge to want something for nothing ("it's free") seems too strong for some people. 

Monday, November 18, 2013

AOL makes members enter captcha to send email today

Today, an odd thing happened on my AOL mail account.  I was replying to an email from China about its wanting to use a duplicate of my domain name as a subdomain for an entirely different company (I talked about this on the Trademark blog Nov. 1) when I suddenly was forced to log on to a site to enter a captcha.  I first thought it came from the site in China and noticed that it came from AOL only when I sent an email to myself.  I did do the Turing test, and it worked, and wasn't repeated.  It seemed odd to do the test for someone signed on to AOL. It has never done this before.

AOL is not that good at filtering out a lot of spam, and I still get a lot of spam purporting to be from AOL itself. 

Friday, November 15, 2013

CryptoLocker virus tries to sell the user's own data back

The latest scourge being discussed widely is the CryptoLocker virus (or CryptoLock) usually spread by phishing and email attachments, which demands that the victim pay up to get his encrypted data back.  The criminals are selling the person’s own data back.  There is a “groundhog day” scheme or three or more days to pay up, and after that the ransom goes up.  There is some talk of “two-sided” encryption.  The Extreme Tech article by Graham Templeton is here. 

To add "insult to injury", "victims" have to pay by Bitcon on MoneyPak. Many people will not have accounts in these currencies and will not know hot to pay.  I've never had a reason to use "hidden" digital currencies to hide them from surveillance. 
   
CERT, the Computer Emergency Response Team, reported on the problem by email today, with a lot of extra links with tips.  CERT says that network shares and even cloud data can be affected.  .


Thursday, November 14, 2013

Germany will try keeping local Internet traffic from being routed through servers out-of-country as a security measure

Here’s a new technique overseas for Internet safety:  keeping web accesses and email traffic to and from web addresses within the country from being routed outside the country.  Germany proposes trying this now, to protect the privacy of its own consumers from possible criminals overseas but moreover from possible NSA snooping (or snooping by British secret service, which may be even more aggressive), according to a Washington Post story by Michael Birnbaum on Nov. 1, 2013, link here
    
The story reports that the encryption and various routing mechanisms of Google and Yahoo! (especially through North Carolina and northern Virginia servers) has been “cracked” by the NSA.  Drive out along the Loudoun Parkway and see it going on.

Tuesday, November 12, 2013

Smaller sites have become more vulnerable to hackers because of DIY techniques

A blog posting by Dancho Danchev on the Webroot threat blog, Nov. 1, warns amateur webmasters that even their “small” sites with few users can become targets of cybercriminals and hackers in the “new world order” of DIY (do-it-yourself hacking tools), despite the widespread reports of hacks of banks and government agencies.  He also discusses a mysterious “Google dorks” concept. It sounds like a kind of trolling. 
    
The post is here.
  
Google recommends that webmasters routinely maintain industry-standard email addresses at their sites to see if anyone (like “Stop badware”) has reported the webmaster’s site to be infected.  Some of these usernames would be “info”, “webmaster”, “postmaster”, “abuse”, and the like.  The most important web page explaining all of this is here

One possible problem is that some web hosting services might not automatically provide these email addresses; the website owner may have to set them up.
   
Shared web hosting security does matter.   One problem common some years ago on Unix servers was leaving the “Site” command open to hackers. 


Wednesday, November 06, 2013

Facebook will strengthen protections of teens against cyberbullying

Facebook will strengthen anti-bullying protections, by making it easier for teens who feel cyberbullied to contact adults on their frends’ lists and to notify the company, according to a Washington Post story November 6 by Cecilia Kang, link here

Facebook calls the new facility a Bullying Prevention Hub, and also uses security capabilities already provided by Instagram. 
 . 
The Post includes a 15-minute video “On Background” by host Nia-Malika Henderson,   Justin Patchin comments on a slight decrease in cyberbullying reports since 2011. Dr. Gwenn O’Keefe talks about how it is difficult to walk away from online bullying because there is always a copy of it, and people can continue it when they are home, so it never “goes away” or gets forgotten.  72% of teens and adults 14-24 say that digital abuse is a big problem.
  
It is curious that schools have looked the other way on bullying when in the adult workplace it’s so easy to bring suit over “hostile workplace” conditions.
   

I do have a concern that cyberbullying will lead to further calls to weaken Section 230.  

Sunday, November 03, 2013

The first big Internet virus dates all the way back to 1988, and it could self-replicate

One of the first Internet malware entities ever (that is, viruses) was developed in 1988 by a grad student named Robert Morris, as explained in on The Switch blog by Timothy Lee today, “How a grad student trying to build the first botnet brought the Internet to its knees”, link here. 
  
In those days, I had an ATT 6300 computer running MS-DOS only, and would soon get an AST Research machine.  WordPerfect and Q&A were more popular than  Word.  Not that many people went online from home, but Compuserv was becoming available at work.
     
Morris’s virus could spread from one Unix machine to another without much user intervention.  In the 1990’s. most viruses were spread by floppies or by clicking on executables in emails.  The whole idea of an automatically self-replicating piece of malware would come back big time around 2001, just before 9/11, with resulting DDOS attacks.  My own ISP, at the time “virtualnetspeace”, run by a coworker using shared rack space, would have to fight off a DDOS attack in July of that year before getting out of hosting.  I do remember those days.  The real gurus in those days know how to fend off deliberate packet attacks. They called it "attacking your machine".