http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html
I thought it was a minimal but visually arresting article - enough information to make sure you don't stumble into the dark areas of the web - or at least know what to look for.
By seeding all sorts of sites (blogs/trackbacks/comments) with their infernal site links they try to fool search engines into listing their URL at the top, or at least at the middle of the search results. Unwary users will no doubt not bother to CHECK the URL before clicking it, and what happens next should not be surprising: a whole lot of popups for installing malware/rootkits/password stealers, and of course, the maddening ads.
Here's my suggestion:
When you search for anything, first make sure you check the URL to see if it's a nonsensical mix of meaningless words. If yes then stay away.
You could also try searching your favorite sites first (such as GPSPassion/Poi-Factory for GPS stuff; ExpertsExchange for technical questions; dpreview for camera questions etc). You get the idea.
Be safe!
Wednesday, November 28, 2007
Saturday, November 24, 2007
Why Deja Vu May Not be a Good Thing
...in the case of Britain's worst security breach ever -- the loss of 2 CDs containing details of nearly every child in the UK and the bank details of every family.
Somehow it seems astoundingly asinine that a junior-level official would be first permitted charge of this information and then scapegoated when something went wrong. Well, not much of a new thing there, but the really sad part is that a report had warned the govt of improper protocols and the implications of not following proper rules just a few months ago.
You can read about the shamefulness of it here: http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/11/25/ncustoms425.xml
Why am I not surprised that most of the core recommendations are completely based on common sense, and that they are not that difficult to follow? I myself have repeated myself a few times on this blog concerning the same security steps to be taken to protect sensitive information.
How does one combat such breaches? How does one prevent occurrences of such mishaps? Unless those that are involved learn a very harsh lesson it's going to be difficult to expect much by the way of data protection. The other thing is for the masses to wake up to what is essentially the pillaging of the bits and bytes that constitute their lives, and do something about it. Quickly. Very quickly.
You can refer to my previous posts for my thoughts on this disturbingly frequent issue.
Be safe!
Somehow it seems astoundingly asinine that a junior-level official would be first permitted charge of this information and then scapegoated when something went wrong. Well, not much of a new thing there, but the really sad part is that a report had warned the govt of improper protocols and the implications of not following proper rules just a few months ago.
You can read about the shamefulness of it here: http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/11/25/ncustoms425.xml
Why am I not surprised that most of the core recommendations are completely based on common sense, and that they are not that difficult to follow? I myself have repeated myself a few times on this blog concerning the same security steps to be taken to protect sensitive information.
How does one combat such breaches? How does one prevent occurrences of such mishaps? Unless those that are involved learn a very harsh lesson it's going to be difficult to expect much by the way of data protection. The other thing is for the masses to wake up to what is essentially the pillaging of the bits and bytes that constitute their lives, and do something about it. Quickly. Very quickly.
You can refer to my previous posts for my thoughts on this disturbingly frequent issue.
Be safe!
Saturday, November 17, 2007
Two Articles to Read on Data Breach
http://www.wane.com/Global/story.asp?S=7370654&nav=menu32_2_11
and then
http://ap.google.com/article/ALeqM5gqGfy6HNMsTyAGUesRe43dQCGsDgD8SV20PO2
And you'll get an idea of how much money is at stake for institutions and companies that deal in (and store) personal data, especially sensitive data.
Be safe!
and then
http://ap.google.com/article/ALeqM5gqGfy6HNMsTyAGUesRe43dQCGsDgD8SV20PO2
And you'll get an idea of how much money is at stake for institutions and companies that deal in (and store) personal data, especially sensitive data.
Be safe!
Monday, November 12, 2007
TOR!
In a somewhat scary 4-page article ( http://www.theage.com.au/news/security/the-hack-of-the-year/2007/11/12/1194766589522.html) the author describes how easy, VERY EASY, it is to monitor sensitive, so-called anonymous electronic conversations that were previously thought to be on secure ground - traveling over the "TOR" network.
The use of TOR(http://www.torproject.org), an open source project, helps mask the origins of a user that wants to surf or send/receive data anonymously. However, the most obvious vulnerability of this software, that the endpoint (exit node) of the traffic can be monitored and plaintext, unencrypted data can be easily captured - was/is not very well understood by users.
The only solution is to use SSL (HTTPS) or end-end authentication and encryption (use GPG etc).
Who uses TOR? Lots of people: (apparently) the intelligence community, human rights activists in nations with a less-than-impressive human rights credentials, embassy employees, those that hold sensitive jobs, and, of course, people that want to see (ahem!) objectionable content while hiding behind mangled ones and zeroes.
Further, more than half the people that use it have is misconfigured, which can lead to some undesirable results. In any case, the point is that any software is only as good as its end-user understanding of it.
It's not the fault of the software that users/promoters allegedly overestimated its value (esp in terms of anonymity) - as the article says.I looked at TOR out of curiosity back in 2004/5, and found it incredibly slow, so I lost interest. But I do remember thinking this could be a pretty interesting tool for those that want the claws of the Web away from their private data.
Be safe!
Subscribe to:
Posts (Atom)
