Links
• Store Info and a Map
• Listen to us Mondays at 8:30am

• General
• Internet
• Vista
• New Items
• Conficker
• Windows 7
• Bad Computer Work
• Security
  • Updates
• Viruses
• Reviews
• Office 2010

• August 2010
• July 2010
• June 2010
• April 2010
• March 2010
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009

• Login
• Podcasts
• RSS
• Comments RSS

Have you ever wondered how some scam artists gather information for an individual? It is usually the victim that gives the scam artist most of what they need. Last week I presumed that Facebook was secure, turns out that’s not true. So what is secure? That’s an excellent question. This is our working theory:
 

How easy would it be to compile a list of, say, 20 percent of Facebook’s user base, including their full name, unique user ID and URL of their Facebook page? Awfully easy, it turns out.

Computer security consultant Ron Bowes did exactly that, BBC News reports. He snagged a full 100 million users in his research, all through the power of searching for what is freely available online.

Bowes was quick to note that the file he compiled did not include email addresses, phone numbers or other restricted information, and that everything added to the file was publicly available and in keeping with each user’s privacy settings on Facebook. The file does not represent an attack on Facebook nor a compromising of its security measures: Bowes simply scraped up the information about individual accounts that anyone could have uncovered, and he crammed it into one gargantuan document.

The file is spreading across the Internet rapidly, and it will probably be used much in the way a spammer’s e-mail database is used: to target the unsuspecting with phony friend requests, to send en masse invitations to spam-filled groups, and to coerce them into clicking on phishing links and other malicious URLs.

Are you on the list? You can check by downloading a torrent of the file. Note: It’s nearly 3GB in size.

Meanwhile, it’s probably a good idea to re-check your Facebook privacy settings and make the appropriate changes if you don’t want your profile information public.

— Christopher Null is a technology writer for Yahoo! News.

Just because it happened in Australia doesn’t mean the virus doesn’t lurk where you next mouse click takes you.

IBM has been left with egg on its face after it distributed
virus-laden USB drives to attendees at Australia’s biggest computer
security conference.

Delegates of the AusCERT conference, held over the
past week at the Royal Pines Resort on the Gold Coast, were told about
the malware problem in a warning email this afternoon by IBM Australia
chief technologist Glenn Wightwick.

The incident is ironic because conference attendees
include the who’s who of the computer security world and IBM was there
to show off its security credentials.

“At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth,” Wightwick wrote.

“Unfortunately we have discovered that some of these USB keys contained
malware and we suspect that all USB keys may be affected.”

Wightwick said the virus spreads when the infected
USB device is inserted into a Windows computer but noted it should be
detected by the majority of current anti-virus products.

He instructed attendees not to use the USB drives and return it to IBM’s head office.

AusCERT attendee Tom Piotrowski, managing director of IT security
company Unixpac, said he was left “speechless” by the incident.

“Hundreds of IT security professionals make a pilgrimage to AusCERT each year,” he said.

I feel like I have been writing and talking about updating Adobe products for years. They are problematic in the fact that they do not typically uninstall their older versions, leaving the computer user to think they have done what they need to do. You must also uninstall all older versions of their programs. This is something we do at the store during an Optimization.

Sometimes, there’s a good reason that the “privacy policy” has been placed almost invisibly at the bottom of the page, and that when you click on the link, it presents you with a mountain of microscopic legal-like gobbledygook in a document 24-pages long.

The reason the policy is placed in a small, out-of-the-way location is simple: the site owners don’t really want you to realize that you’ve just agreed to allow any information they collect about you or your PC to be distributed across the Internet for the rest of your life.

But you’ll miss that because you won’t bother to read beyond the first paragraph anyway. And now, the 3 minutes you saved by not reading the privacy policy will be offset by years of hitting the delete key.

Most commercial web sites have a “privacy policy” but simply having one does not mean that all your personal data is to be kept private. It means only that they must disclose what they will do with your private information.

Here’s the start of a typical paragraph from a privacy policy:

“The information we collect is used to improve the content of our Web page, used to customize the content and/or layout of our page for each individual visitor, used to provide consumers with information or publications that they have requested from us (e.g. newsletters or whitepapers), used to notify consumers about updates to our Web site…”

But the same paragraph finishes like this:

“…used by us to contact consumers for marketing purposes.”

If you were to look at the Facebook.com privacy policy, for example, you would find that its over 3,700 words are produced in 6-point type and contains such disingenuous statements as: “We may occasionally use your name and email address to send you notifications regarding new services offered by Facebook that we think you may find valuable.”

“We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers and other users of Facebook, to supplement your profile.”

“In addition, third party developers who have created and operate Platform Applications (”Platform Developers”), may also have access to your personal information…”

Moreover, privacy policies can change and the website may not notify you of the change. Some ISPs, for example, are reputed to have begun selling information they collect on users’ online behavior. If their existing privacy policies prevent them from doing this, they merely change their policies. In many cases, it’s up to the user to keep up-to-date regarding policy changes. (Source: nytimes.com)

But what about sites having a TRUSTe or Habeas “certification”? In actuality, this does little to ensure true privacy protection. Instead, these certifications only measure compliance with a site’s stated privacy policy. Sites can maintain their certification even if their privacy policy changes.

Yes, reading a privacy policy may seem like a royal pain in the you-know-what, but reading carefully before you provide any type of personal information a good idea. If, as users, we don’t keep ourselves aware of such policies, we can only expect that greater liberties will be taken with our information, and we will have been informed only in the privacy policies that we didn’t bother to read.

For your own well-being do not expect virus writers to play nice. They will do anything they can think of to trick you into giving them what they want. From PC Magazine:

I have been saying for quite sometime to please update your Adobe Reader and uninstall all of the old versions. From Computer World here is why:

The Zeus botnet is now using an unpatched flaw in Adobe’s PDF document format to infect users with malicious code, security researchers said today.

The attacks come less than a week after other experts predicted that hackers would soon exploit the “/Launch” design flaw in PDF documents to install malware on unsuspecting users’ computers.

The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan Hubbard, CTO of San Diego, Calif.-based security company Websense. When users open the rogue PDF, they’re asked to save a PDF file called “Royal_Mail_Delivery_Notice.pdf.” That file, however, is actually a Windows executable that when it runs, hijacks the PC.

I have said this again and again. For most computers, right now Adobe Reader is the least secure software on your computer. Uninstall all old version of Reader and download the latest. Here is the latest alert just to emphasize my point.

National Cyber Alert System

              Technical Cyber Security Alert TA10-103C

Adobe Reader and Acrobat Vulnerabilities

   Original release date: April 13, 2010
   Last revised: –
   Source: US-CERT

Systems Affected

     * Adobe Reader 9.3.1 and earlier 9.x versions
     * Adobe Reader 8.2.1 and earlier versions
     * Adobe Acrobat 9.3.1 and earlier 9.x versions
     * Adobe Acrobat 8.2.1 and earlier versions

From: Information Week

Acceleration in the use of electronic medical
records may lead to an increase in personal health information theft,
according to a new study that shows there were more than 275,000 cases
of medical information theft in the U.S. last year.

Unlike stealing a driver’s license or a credit card, data gleaned from
personal health records provides a wealth of information that helps
criminals commit multiple crimes, according to Javelin Strategy &
Research, a Pleasanton, California-based market research firm.

Information such as social security numbers,
addresses, medical insurance numbers, past illnesses, and sometimes
credit card numbers, can help criminals commit several types of fraud.
These may include: making payments from stolen credit card numbers and
ordering and reselling medical equipment by using stolen medical
insurance numbers.

A key finding from the report is that fraud resulting from exposure of
health data has risen from 3% in 2008 to 7% in 2009, a 112% increase.

While I understand that Microsoft maintains a specific schedule for security updates, what I cannot begin to comprehend it this statement: “Releasing the update early……”

I say since it was a  publicly disclosed vulnerability how could they have released early? They released LATE. Perhaps a year or two years late. The arrogance of Microsoft never ceases to amaze me. So nice of them to take the time for a special release of an update for a problem that probably shouldn’t have existed to begin with. I, for one, will refuse to drink the Microsoft Kool-Aid.

I am aware that almost everyday we are inundated with the latest news of another security breach. What was shocking news just a few years ago, has now become common
place.

With that being said, do yourself a favor and do not overlook
these incidents. It could be your information next time.

This is from Information Week and concerns the rise in theft of electronic medical records. You do not have to give everyone who asks for it, your Social Security number.