Friday, December 28, 2007

Scammers target eBay names

Anti-scammer tips:

  • Use a different name on eBay than on your webmail. Scammers target an email name on gmail, hotmail, and similar online webmail apps.
  • If it sounds too good to be true, it's not true.

- Based on a blurb in the December 28th SANS emailed newsletter (not online yet). You can subscribe to get security "NewsBites" by email.

Software Patch Inspector

Secunia's Personal Software Inspector (PSI) is now in Release Candidate 1 (RC-1).

Of ZD Net's top 10 free security utilities you should be using, they say, "Number one is the Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine."
http://content.zdnet.com/2346-12691_22-95490-1.html

The latest update features an improved look plus easier use by novices, yet advanced options can be turned on.

You can even track the results of your patching. Run, don't walk, and get Secunia's PSI now!

Wednesday, October 24, 2007

Non-Microsoft security updates

Several security updates came out recently for products other than Microsoft ones, although a couple apply only if you are using Internet Explorer version 7. If you have the following software, make sure you get the patches:

  • Adobe Acrobat 8
  • Adobe Reader 8.1.1
  • Apple Quicktime 7.2
  • Mozilla Firefox 2.0.0.8

Saturday, October 20, 2007

Malicious emails contain fake Youtube link

US-CERT says that new variations of the Storm Worm have been appearing in email messages as fake YouTube video links.

The emails arrive with headers such as, "LOL, that is too cool..."

The email claims to be a video of you that has been discovered. The message contains a fake link to youtube.com. The link acually sends you to a malicious website that downloads and runs malware.

Thursday, September 27, 2007

Adobe Reader vulnerable

Adobe Reader has a serious vulnerability that could be exploited by a maliciously created PDF. The flaw could be exploited to take control of computers. So far, Adobe has no patch for it

Until this vulnerability is patched, do not open a PDF file you get unless it's from a trusted source and you were expecting the file.

If the source is trusted but the file unexpected, contact the sender before opening the PDF.

Friday, September 14, 2007

Identifying hoaxes and legends

The US-CERT site has some excellent Cyber Security tips. A recent one is "Identifying hoaxes and urban legends". The article is in clear English, not geek language, and covers:
  • Why hoaxes are a problem
  • Types of chain letters
  • Deciding if an email is a hoax (or legend)

Wednesday, August 29, 2007

You need more than Windows Update

If you use Microsoft Windows, you are likely familiar with Windows Update, the free service that installs security patches, bug patches, and some enhancements to Windows. But you really need much more.

You need to get updates for other Microsoft prograns, such as Microsoft Office. You can do that by installing "Microsoft Update ".

Next, download and install the Secunia Personal Software Inspector and check for outdated programs and ones needing updates. Though in beta, it works well and is an eye-opener.

Don't put it off -- prote t your computer now!

Tuesday, August 21, 2007

Outdated programs risky

Many programs these days need updates, not just your operating system (e.g. Windows). As an example, today's Windows Secrets points to the following common programs:
  • Adobe Reader
  • Macromedia Flash
  • Apple Quicktime
  • Sun Java
  • Mozilla FireFox

Most of these programs default to checking for updates. But if you ignore the update message or if it only checks once a month, you can be way behind in plugging security holes (a.k.a. "vulnerabilities").

What can you do about that? One very big help is the free Secunia Personal Software Inspector (PSI). You can try it online first and download if it serves as an eye opener for you -- it did for me.

For one thing, I discovered old versions of Sun Java on my system. Any "point" version needs to be updated to its most recent one. For example, the only currently secure versions of Sun Java JRE are version 5 update 12 and version 6 Update 2 (also known as 1.5.0_12 and 1.6.0_02)

Personal information security

I got some new ideas on improving security of my personal information from tips emailed to me at work. Use the tips below to better protect your personal information:
  • When printing checks, print only your first initial and last name. A check forger will not know what first name to use.
  • Do not list your phone number on a printed check. Write it in by hand, but only when required.
  • Do not sign your credit cards, despite the instruction on the card to do so. If your card gets stolen, a signature is a great find for a forger. Instead, use pen to write on the signature line, "Require Photo ID." It helps.
  • Photocopy both sides of your driver's license, all credit cards, etc. If any get lost or stolen, you have a fast memory jog, including the emergency numbers to call.
  • Fill in only the required parts of an online form. The more information you reveal, the greater the chance of its misuse.

Thursday, August 16, 2007

Health by Google?

Google has ambitious plans in expanding its easy-to-use applications to Google Health. One thing that concerns me is the potential for harvesting of personal medical data.

Google can't be 100% attack-proof, no matter how security-conscious they are. So I'd expect that eventually a hacker would break into at least some people's health information.

Also, you give a doctor access to your online profile (medical history, medicines, allergies, operations, symptoms, etc.). So do they get a one-time password entry or would you have to change your password after every such access (yuk!)?

Google now packs StarOffice

Google has announced that it will include Sun's StarOffice as a free download as part of Google Pack. Previously, a StarOffice download form Sun cost $70. Since Google let's you select exactly which apps you want as part of Google Pack, this is a no-brainer.

If you are an average home user, why pay for Microsoft Office when you buy a PC? Just download StarOffice as part of Google Pack.

I'll shortly be ordering a computer for a relative and stocking it with apps. Below are the programs I'll pick from Google Pack:
  • FireFox with Google Toolbar
  • Adobe Reader
  • StarOffice
  • Picasa
  • Google talk (this only because the relative is not a Gmail user).

Saturday, July 21, 2007

Battle of the mappers

Microsoft's "Local Live" map site includes some "Bird's Eye" views that are of high quality. Not all areas of even major cities are covered by the "Bird's Eye feature, though. Also, some of the images are of lower quality than those of Google Maps. Overall, I like Google Maps the best.

Both Microsoft and Google have a map view that shows roads plus satellite. Between the Google "hybrid" view and Microsoft's "aerial", I prefer Google's.

Quiz: Identity theft potential

National Public Radio's web site has a quiz that tells you what your chances are of becoming an identity theft victim. Dare to take it?

Wednesday, July 04, 2007

Microsoft Malware Protection Center

Microsoft offers a security portal page called "Microsoft Malware Protection Center". It lists and links to the top 10 most active malicious software families, most active family variants, most active email threats, and spyware/adware removed from PCs.

The site officially launches in "early July", but the links to threat information are already active.

Wednesday, June 13, 2007

Climate Savers Computing

AMD, Dell, the EPA, Google, Intel, Microsoft, the World Wildlife Federation and others have joined in a common goal to reduce power consumption by computers. The goal of the Climate Savers Computing Initiative is to reduce power consumption by 50% by 2010.

A specific target is a 90% efficiency for computer power supplies. This change alone would reduce greenhouse gas emissions by millions of tons per year and save over $5 million in energy costs.

Monday, May 07, 2007

Another PC protection layer

Even firewalls can let in exploit code from malicious (or hacked) web sites. That's where LinkScanner (and its paid subscription brother LinkScanner Pro) from Exploit Prevention Labs (XPL) comes in. LinkScanner checks the results of searches and shows icons that reflect the safety of the site. Hovering your mouse cursor over an icon adds details.

CNET and PC Magazine both have reviews of LinkScanner and the Pro version. As they both advise, it checks well for exploits, but rely on other software to plug the holes in detecting phishing sites. LinkScanner works with FireFox, Internet Explorer, and Opera.

A recent article in USA Today on web page exploit attacks describes some traps that hackers set on a broad range of web sites. LinkScanner appears to be one more layer you should have in your multi-layered defense of your computer.

Saturday, April 21, 2007

Scrybe: Sneak Peek

[video removed - was not working]

This looks like the coming of Semantic Web that Tim Berners-Lee talks about. It looks extremely useful.

[May 8, 2007 update]

Some reviewers seem to be treating Scrybe as a calendar. It's really more of a shareable organizer concept - calendar, to do, and notes, for example.

The YouTube video link was not working here or on the Scrybe site. So I have removed it and added a couple of links about Scrybe:

New email version from Mozilla

Thunderbird 2.0 email software is now available from Mozilla -- the folks who bring you the FireFox web browser. I have in the past used Outlook Express, Outlook, and Eudora email clients. But my current choice is Thunderbird.

My fast take on version 2.0:
  • Spiffied up icons (in general)
  • Weird looking sideways folder icons
  • Some nice new features
  • One big disadvantage: Mozilla still has not built in the needed ability to delete a message and return to the message list. The only action built into Thurderbird is to automatically display the nest message. This is a horrible program behavior for security reasons. What if the next message is malicious? What if it contains an invisible GIF web bug? You have no chance to just not open it -- Thunderbird will open that message anyway. As a result, some Thunderbird 2.0 users are reverting back to version 1.5 and using the "Unselect message" add-in.
  • Another downer: The "Unselect message" add-in (extension) that I used with version 1.5 does not work with version 2. I used this as a workaround for the terrible lack of that capability in Thunderbird (as mentioned above). Hopefully the author will revise the code so it's compatible with version 2.x.

Tuesday, April 17, 2007

Hope for image searches

Current image searches give only fair results, but researchers are working on the problem. Here's a couple of articles in MIT Technology Review:
  • Better, more accurate image search
  • Software learns to tag photos. The test used Flickr photos to assign up to 15 tags per photos. ALIPR (Automatic Linguistic Indexing of Pictures) uses statistical methods to analyze a photo one pixel at a time and determine what tags apply. While the software is still in development, it assigned at least one correct tag 98% of the time. Not perfect, but pretty cool. I drool in anticipation of an improved version.

Friday, April 13, 2007

Plot multiple point maps

I was going to gush over a make-your-own-map site, MultiPlottr I discovered recently. Then I noticed that Google has enhanced Google Maps to include "My Maps".

With both MultiPlottr and Google's My Maps, you can add several map points and assign text to the point for display in the normal Google pop-up balloon. But Google's My Maps appears to offer more and has the Google ease of use and cool minimalist interface we've come to expect from Google.

I tested MultiPlottr by plotting lots of places to eat around where I work. We may refer visitors to it in emails prior to visits. My recommendation -- try both and see what you like.

Update April 19:
While Google My Maps is great, it still cannot actually plot multiple exact addresses. You basically "swag it" by dragging the marker. Multiplottr, on the other hand, does let you add specific addresses, then plots them for you.

Update: April 21:
It's a different process than I anticipated. Google does let you locate an address, and then add it to a custom map in MyMaps. [There is still a 50 address limit per map, though.] Here's the process:
  1. Sign in to Google.
  2. If you have never created a map, click on the "My Maps" tab and create one. Then save that map.
  3. Search for an address or for business near that address (for example "restaurants near _____"). If you search for businesses or similar groups of addresses, each address listing in the search sidebar now has an "Add to My Maps" link. When you search for an individual address, the address marker balloon includes a "Save to My Maps" link.
  4. If you have more than one map, select the correct one via the drop-down box.
  5. Edit the marker balloon title and text. You can use the text tools to bold or color text and background. If you add a link in text for (including the http://), Google makes it a link.
  6. OK the results. Presto -- a new marker is plotted. You can plot up to 50 on one map.

Wednesday, April 11, 2007

Free Anti-Rootkit software

Rootkits are nasty buggers. Antivirus software doesn't detect them and they can be a bear to detect and destroy.

Now comes Anti-Rootkit Free from Grisoft, makers of AVG Antivirus Free Edition.

A test of the fast scan on a home computer took 10 minutes. The interface is attractive yet very simple to use.

Vista's here -- what next?

Paul Thurott's Windows SuperSite is an excellent source of information. He has started a page on Windows "Vienna" (a.k.a. Windows 7 or Windows Seven). If you're the curious type, surf away and enjoy.

Paul also mentions that Windows Vista SP1 will amount to a major release -- it will include a kernel update to the operating system (OS) and will coincide with the release of the Longhorn server OS.

Both Vienna and Office 14 (current codename) look like a 2009 release.

Paul is also a columnist for Windows IT Pro magazine.

Monday, April 02, 2007

Computer bloopers at the movies

If you are a computer geek or just plain irritated at movie script writers or directors that appear clueless about computers (or both, like me), you'll appreciate reading the "Usability in the Movies - Top 10 Bloopers" by usability expert Jakob Nielsen.

Wednesday, March 28, 2007

Internet Security Threat Report

Some key findings in Symantec's Internet Security Threat Report include:
  • The major malicious software thrust is stealing your money.
  • Over 5,200 Denial of Service (DoS) attacks per day.
  • The bad guys are attacking medium-risk vulnerabilities as a way to run more attacks.
  • Attackers are increasingly attacking multiple vulnerabilities at once, not just exploiting one vulnerability.

Some key links:

Microsoft leads patch pack

Symantec has issued its semi-annual report on Internet Security Threat Trends for the last half of 2006. One finding is that Microsoft offers patches for vulnerabilities faster than the other four vendors checked.

In decreasing order of fast response (1 = best, 5 = worst), they are:
  1. Microsoft
  2. Red Hat
  3. HP
  4. Apple
  5. Sun

Saturday, March 24, 2007

Google enhances maps

Google has quietly added some nice features to Google Maps. The latest additions I noticed are:
  • "Traffic" button. If Google has the data, you get a "mashup" that shows freeways and red, yellow, or green status for various freeway sections. The Traffic button is an on/off toggle, unlike the Maps, Satellite, and Hybrid buttons.
    Example: Sacramento, CA
  • Building shapes. At the closest two zoom views, the Maps view now shows buildings for some major cities. It looks like Google used the Satellite view to derive the building shapes.
    Example: Boston, MA

Sunday, March 18, 2007

User Agent String Utility gives IE7 access

Some web sites don't respond well to Internet Explorer 7. That's usually because they have hard-coded various browser versions into their web page code and have not updated it to add IE7 to the list.

So though many (most?) web sites have updated their code or never hard-coded the browser versions to start with, some present challenges. On the other hand, I have not run into any public web pages with this problem yet.

As a temporary workaround (until those sites fix their code), you can use Microsoft's special User Agent String Utility to let IE7 access sites that currently block it.

Saturday, March 17, 2007

Workers at computers face blood clots

A new Zealand study of office workers has found that people who work for hours while sitting down have a higher risk of blots clots from deep vein thrombosis (DVT) than airline passengers.

Many of us spend hours at a computer at work. Then a lot of us then work or "play" on a computer after getting home. This study, with results that we perhaps expected anyway, is a reminder that most of us need more exercise, especially of the legs and thighs, to help avoid DVT.

You can take simple steps to reduce your risk as well as feel more refreshed at work, though.
  • Get up and walk away from your computer at least once an hour. That helps exercise the leg and thigh muscles. It also helps your eyes, which focus at a very short range while you work at a computer.
  • While you sit at a computer, clench your butt, leg, and thigh muscles every now and then. That helps squeeze the blood along in your veins. It's low impact exercise and helps blood flow.
  • Lift your feet off the floor, straighten your legs if possible in your work area, then rotate your feet front and back and all around (... sorry if that caused you to flash on the Hokey-Pokey). This mini-massage stretches the muscles around your ankles and feet. Try it; you'll like it.
  • While you're at it, take a stretch break opportunity to clasp your hands behind your back and stretch your arm muscles too.
  • Expend your arms above your head and wiggle your fingers. Many of us have poor typing skills and tend to pound away at the keys in awkward hand positions and much harder than we should. Give your hands a massage and help reduce carpal tunnel injuries.

Friday, March 09, 2007

Java version tester

Java versions seem to come out faster than new bottles of flavored water. Keeping up can be hard.

Want to find out what the latest versions are and what you actually have? Go to Java Tester. Just click on the test link and read the results. Scroll down to see the version you have, but read the rest of the stuff too.

Tuesday, March 06, 2007

Comodo offers free security suite

Comodo offers several free security-related software products to protect your PC:

I use the ZoneAlarm Internet Security Suite. And free programs rarely rate as high as ones you pay for. But it appears that Comodo is a decent choice if you need to save cash.

Wednesday, February 07, 2007

Genius chemist forgotten

Doctor Percy Julian. Chemist. Brilliant. Determined. Forgotten. Black.

Black History Month is an appropriate time for networks to feature shows about significant contributions of Blacks, whether American or not. But I wish these didn't seem timed for Black History Month. How about just working on a good project and releasing it when ready? Let's not limit recognition of the significant contributions of African Americans and other Blacks to February, shall we? A great show about a great person is a welcomed change from most TV drivel (that, sadly, I watch).

That said, I missed a really good PBS piece on Dr. Percy the first time around. The Nova show site for "Forgotten Genius" refers to him as one of the greatest scientists of the 20th century. The site has very good sidebar pieces plus the ability to watch online. I picked up on this while doing a late read of Angela Gunn's Tech_Space blog at USA Today. I did manage to locate a reshowing of this excellent piece late at night on February 7th. Fascinating, yet it will pluck your heartstrings with the agony he went through.

Do it. Do it now. You'll be glad you did.

Adobe Reader 8 - get it

Adobe has released Adobe Reader 8.0. Adobe considers it a critical update to version 7 for security reasons.

Get Adobe Reader 8.0.

Caution – Adobe will install Yahoo! Toolbar by default unless you specifically deselect (disable) that. I do choose not install Yahoo! Toolbar or Google Toolbar. I use IE7 and avoid the extra "overhead" that the toolbars introduce, to say nothing about possible glitches or conflicts.

After you install it, select "Edit", then "Preferences" from the menu bar and check every single option. Many options are now located in different places from the prior versions. For example, you can choose to set the default display of a "document" to single page, continuous. I prefer that to the unnatural page "jump" that happens by default when you reach the bottom of a PDF's page.

Also, a toolbar button for copying text in a PDF is not present by default. Check out each option. Experiment. You can always change it back.

Tuesday, February 06, 2007

Safer Internet Day

Today, February 6, is Safer Internet Day, observed by over 40 countries. This year's focus is on mobile phones and child safety. The European Union (EU) has a special ins@fe site, which features a special worldwide blogathon for Safer Internet Day.

Among U.S. sites, the U.S. Department of Justice sponsors iSafe, with an iLearn section that aims at several groups: teachers, over-50, parents, students, and even law enforcement and prosecutors. The site also contains tips for parents and tips for students. A series of "Dig Deeper" articles seems sure to grow over time. It already includes downloadable PDF format files ranging in topic from Copyright basics to the Perils of Blogging (I'd better read that one).

Other resources:

Thursday, January 25, 2007

Weather + Google mashup

Weathermole is a great sample of what developers can do when they combine Google maps with other data. Such a merging is called a "mashup".

In this case, the developer merged NOAA weather data to Google maps data. The resulting mashup lets you specify a ZIP code or a major city, then provides forecast text and images below the U.S. map.

Get wired

Wired magazine has some great articles. You can now find the Wired technology news feed in the right column of this blog.

But if you, like me, also have a string interest in science in general, check out "What we don't know" at Wired. The list has 40 questions, from the humorous to some truly "big" ones.

Eudora email becomes Penelope

Qualcomm is going to cease development of its popular email client software, Eudora. Instead, it is giving its code to the Mozilla folks, who also produce Thunderbird.

At first I thought that Eudora would get merged into a slightly changed Thunderbird. But no. The aim by Mozilla, with the help of current Eudora staff, is for the new open-source email client program to maintain the "Eudora user experience". The name for this project is Penelope.

I have been using Eudora Pro, but decided to try out Thunderbird. Caution - the Thunderbird importers for Eudora's mailboxes, folders, messages, and address books are very "rough". I had to heavily edit the imported address book data, though the Eudora 7 messages and "Personalities" did import OK. Thunderbird is a different user experience, but mostly rewarding. I really appreciate the spell check as you type. But I was annoyed that there was no option to change the default message action upon delete -- it pops up the next unread message, which could be malicious. No thank you!

If you want to try Thunderbird, I recommend also installing the "Unselect message" add-on, which changes the default action to one that deletes an open message and then returns to the message list without opening the next unread one. That should have been the Thunderbird default anyway, just for security reasons.

Wednesday, January 24, 2007

Warning: Mailicious emails, web sites

A malicious bugger named Trojan.Peacomm is making the rounds. This nasty thing can hide its files and processes, making it quite hard to detect. It arrives:
  • As a file installed on your computer by other malware (malicious software) or
  • As a file you unwittingly download when visiting malicious URLs.
It is also currently arriving in email Spam, with the emails using subject lines related to specific events. A few example subject lines:

A killer at 11, he's free at 21 and kill again!
Naked teens attack home director.
230 dead as storm batters Europe.
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Saddam Hussein alive!
Venezuelan leader: "Let's the War beginning".
Fidel Castro dead.

Be paranoid -- people really are out to get you!

Get more information at Symantec Security Response ...

Sunday, January 07, 2007

Get Wired - Science, that is

You remember the film "Weird Science"? Well, PBS airs "Wired Science" tonight. It's from Wired magazine and one of three pilots for one possible series.

Watch, then you can even add your opinion as to whether PBS should make Wired Science a series.

Saturday, January 06, 2007

Wireless drivers a major vulnerability

Wireless drivers are under attack by hackers. So far the wireless products affected include ones from Apple, Intel, Broadcom, Cisco, Linksys, Dell, Netgear, D-link.

Tens of millions of desktop and notebook computers plus other wireless devices are vulnerable. If you use a wireless device, check the manufacturer's web site to see if they offer a driver update.

Reference: Wireless security starts with drivers

Manage passwords securely

Over 50 percent of people use the same password for nearly every site they visit and that requires one, says PC World about a Jupiter Research study. That's just asking for trouble.

On the other hand, it's not reasonable to expect people to remember a bazillion usernames and passwords. So what do you do? Some people store the sites and passwords in a file on their PC. Not good. If their PC is hacked, the file is available for the hacker to read, use, and distribute or sell to other hackers. A much better method is to use a secure password manager.

Secure password managers also store the site and password information, but they encrypt it. One such free program is Comodo iVault, which uses 256-bit encryption. Of course, you use a password to open the program. So you need to make that password an exceptionally strong one.

To make a strong password, use at least 8 characters and a mix of UPPER CASE letters, lower case letters, numbers, and symbols. If you want to beef up the strength some more, make the length at least 15 characters long. The, make it even stronger by making sure that no part of it forms a word. The more random the password, the better, though that also makes it harder to remember.

When creating a password, avoid obvious keyboard sequences of adjoining or alternating keys. Also, don't include any information associated with you or your family as part of the password (names, pets' names, birth dates, license plate number, etc.).

To make sure you have the right idea, test a sample strong password with CertainKey Cryptosystems's online password strength analyzer (at the bottom of that web page). Since all the keystrokes you send are "in the clear", use this just for testing and demo purposes, not to check your real password. Note that the randomness of the password (what CertainKey calls entropy) helps too. The online tools estimates how many days it would take to crack the sample password you enter. Microsoft also offers an online password strength checker.

2007 Security outlook

Mark Edwards, "Windows IT Pro" magazine, sees the following threats for 2007:
  • Vista exploits.
  • Exploits of RSS and Atom syndication feeds ... you know, feeds like this blog! Whoa, Baby!
  • Exploits of multimedia content, including MySpace and YouTube.
  • User education will still be a low priority for businesses.
  • Increasing identity theft, Spam, and malware.
  • Increasing malicious use of botnets.
The full article is in the latest Windows IT Pro "Security UPDATE" email newsletter. You can sign up for various email newsletters at Windows IT Pro.

Tuesday, January 02, 2007

You need more than automatic updates

Windows' "Automatic updates" only downloads "critical" updates. Windows Update and Microsoft Update, which has MS Office updates too, both have a ton of security patches plus added features you can download. The optional updates and hardware-related updates do not automatically download.

So periodically manually surf to the Update site (Windows Update or Microsoft Update) and check out the other two categories of updates -- "Software Updates [optional]" and "Hardware updates".

Update your PC clock for new DST

Here's an update listed as optional that I'd prefer to be mandatory -- update the system time to reflect the new dates for Daylight Savings Time (Microsoft Knowledgebase article 928388). In case you didn't recall, the U.S. and several other countries have decided to change the start and stop dates for DST.

Since your PC clock has the "old" rule, you really do need this update so that the system can change the time automatically when DST arrives and departs.