Have you ever used a hand saw? They bend easily, it's tough getting that initial 'bite' and a real good work out just to get through one 2x6. If this was my primary tool back in the day, I think I would have opted for the teepee. ;)
But then there is this marvelous thing invented called a powersaw. With it - I can saw *anything*! and it's fun sawing thru anything. They're really easy to use, fun, loud and help me feel really productive - what could be better?!?
Keeping all of my fingers comes to mind. Why is it every woodshop teacher I've ever met has lost at least a part of a finger? Powersaws are great, but caution is necessary.
JUST like internet 2.0! (I'm sure most of you just decided I'm either whacked, far geekier than you thought - or both!)
One of the cool features about the newer websites - they remember who you are. So it's really easy to get in and find that map, or mashup of maps. The downside and the reason for caution is how they remember you - it's through cookies. Cookies are little collections of data kept per website, many times one website will give you more than one cookie. They are generally necessary, and can help make websites much easier to use. THE downside is when someone else gets ahold of them. As long as that session is alive, if someone else (say Mack the Hack) get's your cookie, they can login as you, and then change your password.
check out some of the details here
» Even SSL Gmail can get sidejacked Zero Day ZDNet.com
Thursday, January 31, 2008
Wednesday, January 30, 2008
N.Y. legislation targets Internet predators - Security- msnbc.com
Yea!!! Some good news!
"ALBANY, N.Y. - New York sex offenders would be required to reveal their online aliases to the state under legislation that aims to protect users of MySpace, FaceBook and other Web hangouts from Internet predators.
The identities would then be shared with social-networking sites, according to the bill written by Attorney General Andrew Cuomo's office."
N.Y. legislation targets Internet predators - Security- msnbc.com
"ALBANY, N.Y. - New York sex offenders would be required to reveal their online aliases to the state under legislation that aims to protect users of MySpace, FaceBook and other Web hangouts from Internet predators.
The identities would then be shared with social-networking sites, according to the bill written by Attorney General Andrew Cuomo's office."
N.Y. legislation targets Internet predators - Security- msnbc.com
Big Brother making a comeback in 08!!
Take a look at this story - this can't be good!
Skype Trojan wiretap plan leaks onto the net The Register
if the Germans do as this story implies and creates a trojan (virus) for the police to use on our computers ... then who are they really getting in bed with to create it?
Skype Trojan wiretap plan leaks onto the net The Register
if the Germans do as this story implies and creates a trojan (virus) for the police to use on our computers ... then who are they really getting in bed with to create it?
problems don't always have immediate fixes
My 'fun' car is in the shop again. It's a 93 VW Corrado with 184,000 miles on it and just about as many memories. She's always been a very fun car to drive - light weight with enough horsepower to keep temptation to speed always present. :) Unfortunately, as I said - she's in the shop 'unable to perform' - can't start. :( My mechanic here in town has always been good, but this time I think my car has become the project they're doing between cars they intend on fixing. not good.
Remember that concept I posted about a few months ago called 'zero day'? it's where there is a flaw in a program you may be using is discovered AND there is no available fix.
» Mozilla ups unpatched Firefox flaw to ‘high severity’; Preps fix Zero Day ZDNet.com
The BIG bummer with this news is - I like Firefox! it's faster than Internet Explorer (IE) and highly customizable. The fact that it's a minority player in the market and it's not as embedded into the operating system as IE both make it imminently less attractive to hackers as a good attack point. But here we are with a big stinkin hole. bummer
It's a little encouraging that the non-custom version of the browser sounds safe, but the hole that is there is big. Stealing sessions is like if you were to log onto your bank account, then hand your laptop over to a random person. That person could now change your password, mailing address - everthing and most websites have NO way of knowing it's not you. bummer!
Remember that concept I posted about a few months ago called 'zero day'? it's where there is a flaw in a program you may be using is discovered AND there is no available fix.
» Mozilla ups unpatched Firefox flaw to ‘high severity’; Preps fix Zero Day ZDNet.com
The BIG bummer with this news is - I like Firefox! it's faster than Internet Explorer (IE) and highly customizable. The fact that it's a minority player in the market and it's not as embedded into the operating system as IE both make it imminently less attractive to hackers as a good attack point. But here we are with a big stinkin hole. bummer
It's a little encouraging that the non-custom version of the browser sounds safe, but the hole that is there is big. Stealing sessions is like if you were to log onto your bank account, then hand your laptop over to a random person. That person could now change your password, mailing address - everthing and most websites have NO way of knowing it's not you. bummer!
Thursday, January 24, 2008
Opinion: At the airport, an ID theft takes flight
trash can diving, while well dressed and at an airport. hmph! I suppose that's something you don't see every day! 20 points! (I'll give 50 points to the first person who spies someone with a portable shredder in an airport)
Actually after the initial scene description the author does a nice fly by describing a number of different data security concerns
Opinion: At the airport, an ID theft takes flight
Actually after the initial scene description the author does a nice fly by describing a number of different data security concerns
Opinion: At the airport, an ID theft takes flight
Wednesday, January 23, 2008
too good to be true
I get emails from my mom on a regular basis informing me that a long lost relative in Nigeria has left us a BUH-zillion dollars. All we have to do is send him $20,000. OR I need to send my name and business card to help out the someone ... etc Sometimes, it's something new and I don't know if it's true or not.
I laugh - then head over to Snopes
in a nutshell - if it sounds too good to be true, it is! Bill Gates will NOT give you $1 for every email, People you know will NOT leave you a buh-zillion dollars and FBI does not trace your keystokes.
BUT if you visit my advertisers I'll thank you! ;)
Here's a really useful site if you're curious about big websites and engineered phishing attacks
SiteTruth Phishing Report
I laugh - then head over to Snopes
in a nutshell - if it sounds too good to be true, it is! Bill Gates will NOT give you $1 for every email, People you know will NOT leave you a buh-zillion dollars and FBI does not trace your keystokes.
BUT if you visit my advertisers I'll thank you! ;)
Here's a really useful site if you're curious about big websites and engineered phishing attacks
SiteTruth Phishing Report
Malware, it's everyware
ya know - one of these mornings, I've GOT to find some good news to write about! :) All these reports of hacks, cracks, malwares and thefts ... it's starting to wear on me!
malware - I think of it like a shortening of the two words malicious and software. it's there to do damage to you, your finances and anything the badguys can harvest from your server.
Check out this article though from Dark Reading -
"The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year," said PandaLabs, Panda Security's research arm, in a report issued yesterday. "Over the last year, PandaLabs has received an average of more than 3,000 new strains of malware every day. This represents a malware epidemic which -- although silent, with little media coverage and no widespread alerts -- is nevertheless dangerous."
The results indicate that signature-based defenses for malware are no longer effective, the research firm said. Some 72 percent of networks with more than 100 workstations -- and 23 percent of home users -- are currently infected with malware, despite having operative antivirus or other signature-based tools in place, PandaLabs said.
Experts at AV-Test, an independent testing organization, also reported skyrocketing incidence of malware yesterday. After a detailed count, the organization said it identified nearly 5.5 million different malware files in 2007 -- more than five times as many as in 2006.
malware - I think of it like a shortening of the two words malicious and software. it's there to do damage to you, your finances and anything the badguys can harvest from your server.
Check out this article though from Dark Reading -
"The number of new strains of malware that appeared in 2007 increased tenfold with respect to the previous year," said PandaLabs, Panda Security's research arm, in a report issued yesterday. "Over the last year, PandaLabs has received an average of more than 3,000 new strains of malware every day. This represents a malware epidemic which -- although silent, with little media coverage and no widespread alerts -- is nevertheless dangerous."
The results indicate that signature-based defenses for malware are no longer effective, the research firm said. Some 72 percent of networks with more than 100 workstations -- and 23 percent of home users -- are currently infected with malware, despite having operative antivirus or other signature-based tools in place, PandaLabs said.
Experts at AV-Test, an independent testing organization, also reported skyrocketing incidence of malware yesterday. After a detailed count, the organization said it identified nearly 5.5 million different malware files in 2007 -- more than five times as many as in 2006.
the numbers aren't good ... unless you're a badguy
Since I'm around the internet for my day job on a regular basis, I have to think about security on a daily basis. My computers are secured, and sometimes my work computers are made SO secure I can't even use them! ;)
but
In a survey released today by McAfee and NCSA it was found that while 98 percent of computer users agree that having up-to-date security software is important, a significant portion of those same survey respondents are guilty of having home PC's with security software that is incomplete or dangerously out of date.
PC Wakeup Calls Needed
Here are some of the survey highlights:
Here are some of the survey highlights:
Ninety-two percent of Americans think that their anti-virus software is up to date, however only 51 percent actually have currently updated their anti-virus software within the past week.
Seventy-three percent of PC users in the U.S. think they have a firewall installed and enabled, yet 64 percent actually do.
About 70 percent of PC users think they have anti-spyware software, but only 55 percent have it installed.
Over a quarter of PC users say they have anti-phishing software, compared to the 12 percent that actually do.
New levels of wierdness
So far in this blog I've written about many forms of attacks and defenses against forms of identity theft. Largely based on topics or items that are found in the non-internet world you and I live and work in every day. Wallets, passwords etc.
But here is a article where it describes a minor disturbance to someones life (answering the door in pajamas) but gives the sense that a WHOLE LOT more was happening with this guys name and physical address than he knows about!
I haven't created a virtual life yet - but I'll let you know more about it when I do!
Here's what I found from the Second Life website
"Second Life is a 3-D virtual world entirely created by its Residents. Since opening to the public in 2003, it has grown explosively and today is inhabited by millions of Residents from around the globe.
From the moment you enter the World you'll discover a vast digital continent, teeming with people, entertainment, experiences and opportunity. Once you've explored a bit, perhaps you'll find a perfect parcel of land to build your house or business.
You'll also be surrounded by the Creations of your fellow Residents. Because Residents retain the rights to their digital creations, they can buy, sell and trade with other Residents.
The Marketplace currently supports millions of US dollars in monthly transactions. This commerce is handled with the in-world unit-of-trade, the Linden dollar, which can be converted to US dollars at several thriving online Linden Dollar exchanges. "
From the moment you enter the World you'll discover a vast digital continent, teeming with people, entertainment, experiences and opportunity. Once you've explored a bit, perhaps you'll find a perfect parcel of land to build your house or business.
You'll also be surrounded by the Creations of your fellow Residents. Because Residents retain the rights to their digital creations, they can buy, sell and trade with other Residents.
The Marketplace currently supports millions of US dollars in monthly transactions. This commerce is handled with the in-world unit-of-trade, the Linden dollar, which can be converted to US dollars at several thriving online Linden Dollar exchanges. "
hmmm, this reminds me of that post I did last year (MMM, I love hunny) from the honeypot where gangs in China were using stolen user id's and passwords along with online gaming to make real world dollars.
getting creepier ...
Tuesday, January 15, 2008
Kicking the weeds
I like the way they give computer maladies ‘cute’ names. It makes finding them seem more like an Easter egg hunt than eradicating weeds from the garden! “Hey Auntie, I found a couple of Fishing Flu’s by the driveway, and a big SaltyAB over in the ivy!”
Silent Banker was just discovered this week and it hits on a few of my favorite things to NOT allow – streaming out user name, passwords to a bank account. Not only is this account and the money in it at risk – the users non-public information (SSN, Address etc) will be available to the fraudster also.
The article from computerworld has some good tips – but for peace of mind it’s nice knowing nothing is sent out from my computer without notifying me!
Silent Banker was just discovered this week and it hits on a few of my favorite things to NOT allow – streaming out user name, passwords to a bank account. Not only is this account and the money in it at risk – the users non-public information (SSN, Address etc) will be available to the fraudster also.The article from computerworld has some good tips – but for peace of mind it’s nice knowing nothing is sent out from my computer without notifying me!
Friday, January 11, 2008
Kids and the Internet
My kids are spending more time than ever before online. For school, they have assignments on MySkillsTutor.com. For fun, they like visiting Webkinz.com. Webkinz is a fun community site – the kids get to learn some skills around buying and selling of goods, they also get to have a ‘safe’ community to interact with other friends online.
But is it really safe?
Before even looking at the security policy of the site, I’m more concerned about the computing environment the child is using. Did you know that the PC you can buy now for about $2000 now is more powerful than the one the government used to crack the German codes in WWII?? (and this power is in the hands of 6 year olds left by themselves??)
I think of computer and internet safety like most parents think about child proofing a room. If we make the environment itself as safe as possible, then the child won’t find himself in trouble, or hurt! For comparison purposes on child proofing a room I found tips from kidsHealth.org, then I created a list related to the internet.
Make Your Home Environment as penalty free as possible
Just like you moved your good wine bottles out of those nice looking wine racks when your kids were crawling, it’s time to move certain websites out of reach. One way to do this is via a firewall filter.
Firewalls keep computers safe by blocking inbound attacks. They can also keep kids safe by blocking inappropriate websites. Websites generally have descriptive words on them so even previously uncategorized sites can be blocked.
One thing to remember, in the very BEST case the child online will only be as safe as you are. If you aren’t sure about your own security and are relying on ‘years of wisdom’ to help you weed out the good from the not – chances are your systems aren’t very safe to begin with. (for your own list of what to do, see Tips from Mom re-interpreted for the cyberage)
Teach them
As I always tell my kids “knowledge is a weapon”. They need to know good internet habits just like any other good habits. Passwords need to be hard to guess, more than one word, and at least one or two numbers in it. It’s a good idea to never reuse the same password on different websites. Also, passwords should never be shared - only with Mommy and Daddy.
Somehow, someway – someday someone might send them an email, or an IM they don’t know. They don’t need to be afraid, just realize this person is a stranger. It may be a kid just wanting to play, or it may be an adult pretending to be a kid. (and THAT wouldn’t be fun at all)
Give them their own login
The separate login gives you the ability to limit what your child can or can’t do while using the computer. If you didn’t then while surfing if a popup saying “Hi!! do you want a free smiley face library??” click OK – is actually asking you for permission to install whatever they want on your computer. What’s that old saying about the devil on the doorstep?? Something like he can’t come in unless you invite him. Many attacks are similar, people just aren’t aware of when they’re inviting him in!
After creating a separate login for each person in the household, as the Administrator you need to password protect your login so privileges don’t get mysteriously turned back! :)
Keep the computer in a common area
Computers and the internet are amazing. It’s truly astounding to be able to find the answer to anything in seconds! As a research tool, it’s without peer.
But as cameras and phones are attached, that friendly little chime in the office suddenly seems like something you don’t want behind closed doors.
Use Software Monitors and Reports
Some Internet Service Providers offer free reports regarding your web traffic and emails. While I trust my kids, I think it’s a good idea to get these ‘report cards’ every week. They provide simple summaries of where your child has gone, how often etc.
If you know where to look – computers provide an abundance of information to play CSI with! In the past, when cleaning up a friends computer of spyware, I noticed that her daughters account had several cookies from Russia on it. They were from the ads served up on a variety of more adult sites than what her mom thought she should be seeing.
Surf with them!
This one is my favorite tip – not that you need an excuse to spend more time with your son or daughter, but as you see where they like to go and what they like to do – you can share some of the wisdom you’ve learned on what looks good, and trustworthy – and what does not.
Sharon and Kevin
Let’s walk through an example. In Sharon’s household she has a 5 year old son, Kevin, and she uses the computer to keep the books for her husbands business and email. They have one login they all share, and it has a high speed connection via Comcast. They bought the computer for Christmas 06 and it came with 2 or 3 firewalls. She thinks they’re using Norton and the one that came with the operating system from Microsoft.
There are a few warning flags here that jump out at me.
1. By sharing one login, they all have rights to install whatever they want on that computer.
--> Sharon should create logins for herself, her husband and for Kevin. Kevin’s rights should be restricted so he can’t inadvertently install software. (nor can anyone else when he’s logged in!)
Example child account
2. The computer may be already compromised. Multiple software firewalls/ anti-virus programs cannot work with each other. The ones not being used should be removed. If it’s compromised with a key stroke capture program – everything Sharon types, or Kevin types may be streamed out
--> Sharon should evaluate Firewall/ Anti-virus / anti-spyware options – pick one, remove the others and allow the one good one to update automatically. Then do a full system scan to start off!
3. The firewall should be on and preventing access to inappropriate sites. In today’s software offerings there is a variety of options – here is a picture of one as an example:
Some of the filters work from lists so that if you block all ‘gambling’ websites – it knows how to identify webpages that appear to be gambling sites and block them. These filters aren’t perfect! But they normally err on the conservative side, blocking more than needed.
4. things not mentioned I’d be curious about – backup strategies on their data, how do they manage their passwords, how do they manage their private data in email, do they use any web enabled phones? Other devices?
But what about Webkinz.com?? is it Safe?
So assuming the environment is safe, the password isn’t shared and the computer is out in a public area …
* I looked at the website and read their privacy policy it sounded ok
* they ask for parental consent before allowing a limited ‘chat’ in their Plus module – standard * kinz chat is with prefabricated sentences
* they do not share information
* surveying google results on my query ‘Webkinz child safety concerns’ nothing bad came back
so… it looks to be OK!
update: I was sitting with my kids today as they fed their animals, and put them to bed. I noticed the http:// in the upper left hand corner was not secured. hmm, I may have to look into this more if anyone is interested!
But is it really safe?
Before even looking at the security policy of the site, I’m more concerned about the computing environment the child is using. Did you know that the PC you can buy now for about $2000 now is more powerful than the one the government used to crack the German codes in WWII?? (and this power is in the hands of 6 year olds left by themselves??)
I think of computer and internet safety like most parents think about child proofing a room. If we make the environment itself as safe as possible, then the child won’t find himself in trouble, or hurt! For comparison purposes on child proofing a room I found tips from kidsHealth.org, then I created a list related to the internet.
Make Your Home Environment as penalty free as possible
Just like you moved your good wine bottles out of those nice looking wine racks when your kids were crawling, it’s time to move certain websites out of reach. One way to do this is via a firewall filter.
Firewalls keep computers safe by blocking inbound attacks. They can also keep kids safe by blocking inappropriate websites. Websites generally have descriptive words on them so even previously uncategorized sites can be blocked.
One thing to remember, in the very BEST case the child online will only be as safe as you are. If you aren’t sure about your own security and are relying on ‘years of wisdom’ to help you weed out the good from the not – chances are your systems aren’t very safe to begin with. (for your own list of what to do, see Tips from Mom re-interpreted for the cyberage)
Teach them
As I always tell my kids “knowledge is a weapon”. They need to know good internet habits just like any other good habits. Passwords need to be hard to guess, more than one word, and at least one or two numbers in it. It’s a good idea to never reuse the same password on different websites. Also, passwords should never be shared - only with Mommy and Daddy.
Somehow, someway – someday someone might send them an email, or an IM they don’t know. They don’t need to be afraid, just realize this person is a stranger. It may be a kid just wanting to play, or it may be an adult pretending to be a kid. (and THAT wouldn’t be fun at all)
Give them their own login
The separate login gives you the ability to limit what your child can or can’t do while using the computer. If you didn’t then while surfing if a popup saying “Hi!! do you want a free smiley face library??” click OK – is actually asking you for permission to install whatever they want on your computer. What’s that old saying about the devil on the doorstep?? Something like he can’t come in unless you invite him. Many attacks are similar, people just aren’t aware of when they’re inviting him in!
After creating a separate login for each person in the household, as the Administrator you need to password protect your login so privileges don’t get mysteriously turned back! :)
Keep the computer in a common area
Computers and the internet are amazing. It’s truly astounding to be able to find the answer to anything in seconds! As a research tool, it’s without peer.
But as cameras and phones are attached, that friendly little chime in the office suddenly seems like something you don’t want behind closed doors.
Use Software Monitors and Reports
Some Internet Service Providers offer free reports regarding your web traffic and emails. While I trust my kids, I think it’s a good idea to get these ‘report cards’ every week. They provide simple summaries of where your child has gone, how often etc.
If you know where to look – computers provide an abundance of information to play CSI with! In the past, when cleaning up a friends computer of spyware, I noticed that her daughters account had several cookies from Russia on it. They were from the ads served up on a variety of more adult sites than what her mom thought she should be seeing.
Surf with them!
This one is my favorite tip – not that you need an excuse to spend more time with your son or daughter, but as you see where they like to go and what they like to do – you can share some of the wisdom you’ve learned on what looks good, and trustworthy – and what does not.
Sharon and Kevin
Let’s walk through an example. In Sharon’s household she has a 5 year old son, Kevin, and she uses the computer to keep the books for her husbands business and email. They have one login they all share, and it has a high speed connection via Comcast. They bought the computer for Christmas 06 and it came with 2 or 3 firewalls. She thinks they’re using Norton and the one that came with the operating system from Microsoft.
There are a few warning flags here that jump out at me.
1. By sharing one login, they all have rights to install whatever they want on that computer.
--> Sharon should create logins for herself, her husband and for Kevin. Kevin’s rights should be restricted so he can’t inadvertently install software. (nor can anyone else when he’s logged in!)
Example child account
2. The computer may be already compromised. Multiple software firewalls/ anti-virus programs cannot work with each other. The ones not being used should be removed. If it’s compromised with a key stroke capture program – everything Sharon types, or Kevin types may be streamed out
--> Sharon should evaluate Firewall/ Anti-virus / anti-spyware options – pick one, remove the others and allow the one good one to update automatically. Then do a full system scan to start off!
3. The firewall should be on and preventing access to inappropriate sites. In today’s software offerings there is a variety of options – here is a picture of one as an example:
Some of the filters work from lists so that if you block all ‘gambling’ websites – it knows how to identify webpages that appear to be gambling sites and block them. These filters aren’t perfect! But they normally err on the conservative side, blocking more than needed.
4. things not mentioned I’d be curious about – backup strategies on their data, how do they manage their passwords, how do they manage their private data in email, do they use any web enabled phones? Other devices?
But what about Webkinz.com?? is it Safe?
So assuming the environment is safe, the password isn’t shared and the computer is out in a public area …
* I looked at the website and read their privacy policy it sounded ok
* they ask for parental consent before allowing a limited ‘chat’ in their Plus module – standard * kinz chat is with prefabricated sentences
* they do not share information
* surveying google results on my query ‘Webkinz child safety concerns’ nothing bad came back
so… it looks to be OK!
update: I was sitting with my kids today as they fed their animals, and put them to bed. I noticed the http:// in the upper left hand corner was not secured. hmm, I may have to look into this more if anyone is interested!
update 2 on webkinz! I'm see a LOT of people looking for more info on this website - this looks like a good resource - http://www.surfnetkids.com/safety/webkinz/
Monday, January 7, 2008
Don't kick Wasp nests
Jeremy Clarkson is the host of a popular TV car show in Britain - Topgear. Somehow he didn’t really think the loss of 25 million child benefit records was a big deal. From his understanding of the banking system, he didn’t think people could take money out - strangely he only thought someone could put money in with the account number in hand. So being the prankster he is, he published his own account number.
Jeremy was very wrong.
"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account," he said.
"The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.
"I was wrong and I have been punished for my mistake."
As mom always says ‘prevention is the best cure’. :)
Jeremy was very wrong.
"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account," he said.
"The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.
"I was wrong and I have been punished for my mistake."
As mom always says ‘prevention is the best cure’. :)
Friday, January 4, 2008
Risks with Social Networking sites
The other night my wife received an invite to join Facebook from a good friend. Having two pre-teen kids, I thought it was a good idea for us to join to learn more about it before they were asking about it.
Also it seemed to me the more info you give up, (what you like, where you work, who your friends are) the more info the harvesting fraudster might get for possible use in a scam. Apparently I’m not the only one who thinks so! Here’s something from the BBC on the topic – Cyber thieves target social sites
Here’s another post - Phishing Social Networking Sites where the author actually interviews a phisher!
One of the comments from his article that sounds like a good actionable item -
The second is that the password is used in more than one place 50% of the time - we already knew that but it’s interesting to hear it from a phisher’s perspective on how that’s actually useful to help monetize the attack.
There is no new lesson learned here, just another reminder to be wary of what you say about yourself and to follow the tips from Mom!
One final thought on Facebook - they have a program called "Beacon" that created a little uproar in the online community about a month ago. This 'feature' would automatically tell your online friends what you've purchased from other websites.
1-11 Update! - this just in - someone has published a 'poisoned page' on myspace - if a user clicks on it, it will download a serious of attacks. ouch!
1-15 Update! getting a secret crush from facebook is one you don't want!
Subscribe to:
Comments (Atom)
Posts
