Virii & Malware | ***Dave Does the Blog

Gmail’s new self-destructing confidential emails are … not a good idea

It sounds simple — when crafting an email, you can make it “confidential” (only for the recipient) and/or self-destructing (expiring after a given period and not readable after that). Instead of a normal SMTP email message wafting off into the ether, an email is sent with a link to a secret page where the recipient, once they prove who they are, can see the message (but not copy it!) until it expires and is taken down.

Sounds clever, but it’s really not.

First off, the idea that nobody will be able to copy or otherwise save the email is just plain false. It sounds like copy-paste is disabled, but not screen capture. Heck, just use your phone to take a picture of it. Silliness.

Second, the validation process (proving you are the intended recipient of the confidential email) sounds a bit onerous — responding to a text message, logging in, etc.

Lastly, this sound like a fabulous way of generating malware infections. Miscreants can send someone a message with a faked sender (easy), the standard confidential Gmail link text (easy), and a link that takes you somewhere bad (easy). How will you know it’s a trap until you’ve sprung it?

Not all that confidential, inconvenient, and possibly dangerous. Hmmm. Yeah, as it stands, I won’t be using this feature, and won’t be recommending it to any one else.

Google is testing self-destructing emails in new Gmail – TechCrunch

View on Google+

Oracle is always Asking

Dear Oracle. I hope that Ask.com is paying you millions of dollars to flog their stupid browser bar and search service, because that's about how much customer goodwill you sacrifice every time I do a Java update and have to carefully uncheck the boxes to opt out of this crap.

Want to know why people don't update Java more frequently? For me, it's this.

View this post on Google+

Protecting yourself against the unprotectable

Most computer menaces can be fought by (a) proper use of technological protection (firewalls, anti-virus); and (b) good practices (not plugging into or connecting to or surfing to skanky-looking things at sketchy places).

This particular threat is a lot more insidious. Tech protection doesn't work; the exploit is in the firmware and behaves just like legitimate devices. USB is meant to work this way.

And good practices aren't much help, either, because USB is ubiquitous, and this could be a problem with anything — a thumb drive, a full-fledged USB storage device, a phone, a keyboard, a mouse, a charger, a charging station, a cable — pretty much anything that plugs into your USB port could be rigged to use this exploit.

So, ultimately, there's no defense, as things go now. Really. I mean, don't stop doing the things you do now (see (a) and (b)), but until someone comes up with a much more clever way of detecting things doing what they are supposed to be doing but for bad ends, there's not much to be done.

And, yes, this is something that could be used most obviously by hackers or other miscreants of various sorts. It's also clearly something that could be done by a government, a corporation, or anyone else. Sleep tight!

Reshared post from +Les Jenkins

Well, this is very concerning indeed.

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
Researchers devise stealthy attack that reprograms USB device firmware.

View this post on Google+

US surveillance as an "Advanced Persistent Threat"

That's not some zany computer security libertarian wonk working out of his basement. That comes from a senior Microsoft guy on their official company website.

Yup. APT status isn't just for China any more.

Reshared post from +Brandon Downey

In case you missed this, Microsoft has this post about protecting its users.

Here's the key quote:

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

That's right, Microsoft just called the US government the APT — a term generally thrown around to describe the actions of governments such as the PRC.

And it's true — if the US government is willing to tap the cables belonging to US companies to conduct broad surveillance of foreigners, there is really no difference.

Kudos to Microsoft for calling it like it is.

Embedded Link

Protecting customer data from government snooping – The Official Microsoft Blog – Site Home – TechNet Blogs
News and perspectives covering the top stories, events and activities from Microsoft. The content for this blog includes the official information and stories from all of Microsoft’s primary businesses.

View this post on Google+

In Brightest Flashlight, In Darkest Data Dump

Well, hector. I have this app on my phone.

Android app caught sharing ID data

View this post on Google+

Unblogged Bits (Mon. 11-Apr-11 2330)

Links (most recent first) that caught my eye, but did not warrant full-blown blog entries ….

Paul Ryan and Ayn Rand: A Love Affair Against the Common Good – One would think the conflict between Rand and Christianity would get as much play on the Right as the love affair between Rand and unfettered Capitalism. It’s telling which aspect of Rand makes the GOP go ga-ga.
Robert Reich (Why We Must Raise Taxes on the Rich) – “If the rich were taxed at the same rates they were half a century ago, they’d be paying in over $350 billion more this year alone, which translates into trillions over the next decade. That’s enough to accomplish everything the nation needs while also reducing future deficits” But … but … that would make them fractionally less rich!
Boehner abandons calls for an ‘adult’ moment – Why should he? He knows Obama will buckle and give him everything he asks for.
Free Samples – Ah — Grazing at Costco for lunch …
Trump Insists Obama’s Grandparents Planted His Birth Announcement To Obtain Welfare Benefits – Why the heck are people listening to this bozo?
ThinkProgress » Utah Republicans Cut Unemployment Insurance As ‘Motivation For People To Get Back To Work’ – Oooh, yeah, livin’ high on the hog at $290 a week. Dadgummed hobo parasites!
It Is Time For the AFA To Take Responsibility For Fischer’s Bigotry – Yeah, good luck there.
Joyner Falsely Claims “Bolshevik” Means “Minority” When It Actually Means “Majority” – Aside from being completely wrong, my point was correct!
Fischer Goes Too Far…Again: AFA Removes And Edits Post Demanding Immigrants “Convert To Christianity” – I’m not sure which is more amusing — that the AFA yanked the column, or that Fischer re-wrote it afterward.
Norton Disables Itself After One Year – Wow! If it’s a way to automatically get rid of Symantec software without reformatting your machine, it might even be worth it. (Side note: Way to go, Symantec, in driving still more people to Microsoft’s free AV solution.)
Why boys wear blue and girls wear pink – Fortunately (I think), Kay has never been a “pink” girl. Purple early on, more blacks and greens, in fact.
Idaho’s Republican Legislature Gives Their Own GOP $100,000 For Suing Them – Stay classy, Idaho GOP!
They shot a few hostages – SIGH
REPORT: U.S. Military Spending Has Almost Doubled Since 2001 – Now, granted, we’ve been fighting two wars during that period — but, damn, want to wonder why we’ve got such budget problems? There’s a huge part of the reason right there.
Chicken Fat: SUNDAY FUNNIES – MAD #8 – BAT BOY – For those who enjoyed the “Bat Boy & Rubin!” ep of Batman: Brave & the Bold — here’s the Mad Magazine parody that was the inspiration.
In Budget Battle, Boehner, GOP Prove House Isn’t Powerless After All – “Boehner shows it is only powerless when controlled by Democrats.”

Unblogged Bits (Thu. 7-Oct-10 2330)

Links (most recent first) that caught my eye, but did not warrant full-blown blog entries ….

Spread the Word — Hereditary Breast and Ovarian Cancer and Gene Patents – How the hell do you patent human genes?
Why Fred Phelps’s Free Speech Rights Should Matter to Us All – Another example why the calumny that the ACLU is a “liberal/radical/leftist” organization is profoundly untrue. And, as loathesome as I find Phelps and his Gang of Family Idiots, if they don’t have the right to speak, nobody does.
RWNJ’s Calling For Boycott Of Campbell’s For Making Halal-Certified Soup: Alan
Giving the individual mandate real-world meaning – I believe I made this observation in my screed yesterday.
The Original King of Irony Lives On – And yet, he seems to have made an amazing come-back in the GOP. what that says about the GOP I leave as an exercise for the reader.
Senator Jim DeMint and Morality – NYTimes.com – Amen, Brother Nicholas.
Random Book Blogging: Money, Greed and God – God is Ayn Rand. It’s now blindingly obvious to me. Or obviously blind. One or the other.
Missouri Tea Partiers Campaigning Against Proposition Mandating Humane Conditions At Puppy Mills – They’re even against puppies …
Newt Gingrich Believes Food Stamps Stimlulating The Economy Is “Liberal Math” – Dude, if even the Wall Street Journal accepts the math, give it a rest.
A Revolution In Mobile Cup Holder Technology – Dunno if I’d call it a “revolution,” but it’s pretty cool.
Stuxnet – I expect to see more things of this sort — regardless of the origins and targets of this particular instance — in the future.
Neo-Cons: Don’t Touch Defense Spending! : Dispatches from the Culture Wars – Not to sound like that old Air Force Bake Sale bumper sticker, but, given our domestic needs … do we REALLY need to spend at Cold War levels on defense? Really?
Technical Support Hell: Today I discovered an employee in my office sending Word docs via email by printing the document, scanning the pages, and emailing the scans. I don’t know where to start. – (Facepalm)
Lou Dobbs’ Little Meg Whitman Problem – “The Nation also editorialized today that this latest revelation only adds more fuel to the arguments that immigrants, legal and undocumented, are so thoroughly integrated into our economy that those politicians who seek to scapegoat and demonize their work are almost alway engaging in hypocrisy. The piece argues that we must legalize and regulate this work, instead of demonizing the workers our society is thoroughly dependent on.” But … but … but … without evil, lazy, Welfare-sponging, American-decaptitating, job-stealing, anchor-babying illegals to demonize, we’d have to find someone else to demonize!
So that’s why Koch funded a major evolution exhibit – “The fact that we could be knocked back to a stone age level of technology without going extinct is not a point in favor of welcoming global warming.” But think of the money-making opportunities! Especially if you cunning corner the shell and bead market ahead of time!
Gap Already Admitting That New Logo Sorta Sucks – I vote for “crappy design work with quick, if cheesy, recovery attempt.”

Unblogged Bits for Friday, 30 October 2009

Links (most recent first) that caught my eye, but did not warrant full-blown blog entries ….

If My Brain Ran Windows, This Would Be How My Task Manager Looks [Image Cache] – Yup, pretty much.
Put Together a Winter Car Emergency Kit [Winter Upgrades] – Some more very good advice, esp. for those of us who live in inclement climes.
7 Bad Writing Habits You Learned in School – I think the issue here is different types of writing, for different audiences and purposes. An academic paper in an English class perforce requires a different style, voice, feel than a short story, or even a blog entry. That can be a hard lesson to learn.
More South Carolina GOP sex shenanigans – “Don’t be nervous, don’t be frightened, don’t be scared! / Be prepared!”
What do you mean, “Where’s the present?”: Cheezburger Network
The FDIC Would Like You To Know That They’re Not Emailing You [Phishing] – Unless you are really, truly, honestly sure of the source, DON’T CLICK ON AN EMAILED LINK. If you are in any doubt, go to the firm/organization’s home page and try to find what you’re looking for there.
Copycat Company Sues Original Artist To Void Copyright Claims [Legal Battles] – As a side note, the original decor also more sophisticated than the knock-off. Regardless, an interesting case.
Book review: Memories of the Future – Just started reading it, and worth doing so for any Star Trek fan, whether of the “Kill Wesley” camp or not (Wheaton has a sardonic appreciation for that movement, based on his review of the early episode writing and his own tyro acting skills).
Obama pay czar increased salaries for Wall Street – Gosh — I wish I could have a 14% raise this year. Or any raise.
Curry an answer for curing cancer? – Curry! Yum!
Adobe pushes Flash and PDF for open government, misses irony – Ars Technica – I can almost see PDF — save that Adobe’s tools have made it such a customized monster with each new version. But Flash? “Here, let us show you the data … but you can’t have a copy of it, search for it, or in any fashion make use of it.” Bleah.
Lobbyists beware: judge rules metadata is public record – Ars Technica – If nothing else, it will encourage people to properly annotate (or scrub) their metadata. Which is, net, a good thing.
House, Senate get separate bills to kill net neutrality – Ars Technica – In John McCain and Marsha Blackburn’s topsy-turvy world, preventing carriers from discriminating between different content to be accessed by their customers is a “government takeover of the Internet” that somehow helps content companies “control what consumers see and don’t see.” In other news, War is Peace, and Freedom is Slavery.
Google and the Deadly Power of Data [Comment] – I can understand the sentiment, but it seems to me to be lamenting buggy whip salesmen and coal wagon manufacturers. The issue is not the destructiveness of Google’s power, but what new business and social opportunities arise from it.
Swine Flu Is Stressing ERs Everywhere – And We’re Not in Flu Season Yet. – Fortunately, I didn’t need to go to the hospital. But to add to the joy of all of this, seasonal flu vaccines are beginning to run out, due to shift of manufacture of the H1N1 vaccine.
The Semi-Triumphant Return of Captain Mal – Shiny!
Marriage Equlity “Will Lead to the Extermination of the Human Race” – Classic binary thinking and projection, i.e., either all marriages have to be different-gender or same-gender, and homosexuals are out to make all marriages same-gender. Which would be kind of a surprise to most gays I’ve talked with. Until someone says otherwise, I find it unlikely that more than 5-10% of marriages would be gay ones, which hardly seems likely to lead to any reduction in the population.
Scalia says he’d likely have dissented in Brown v. Board, would have voted to keep schools desegregated – “[T]his is the logical extension of the Republicans’ arguments against ‘activist judges’ making civil rights decisions in court. We’ve asked repeatedly whether Republicans against ‘activist judges’ also think that historic civil rights decisions affecting African-Americans were decided incorrectly too. We now have our answer. Yes.” – A misquotation. See comments.
Gmail account security tips – Words to live (or save your email) by.
Far-Right Activist Launches Nancy Pelosi And Harry Reid ‘Burn In Hell!’ Contest – “Do not judge so that you will not be judged. For in the way you judge, you will be judged; and by your standard of measure, it will be measured to you.” — Matt. 7:1-2

It’s not the phishing attempt, it’s the implication that I’m an idiot

I mean …

Subject: Account Review
From: service <update@support.com>

As part of our security measures, we regularly screen activity in the system.
We recently contacted you after noticing an issue on your account.
We requested information from you for the following reason:
We have observed activity in this account that is unusual or potentially high risk.

Case ID Number: PP-571-827-944

Please download the form attached to this email and open it in a web browser.
Once opened, you will be provided with steps to restore your account access.
We appreciate your understanding as we work to ensure account safety.
Sincerely,
PayPal Account Review Department

Sure, I’m just going to download and execute an innocuously-named HTML file based on a poorly formatted generic phishing email. Yeesh.

Hopefully, nobody else I know and love would do so … (If there are any friends or family reading this who don’t know why that would be a bad idea or what makes me contemptibly suspicious of this, please ask me.)

Unblogged Bits for Wednesday, 20 May 2009

Links (most recent first) that caught my eye, but did not warrant full-blown blog entries ….

Pawlenty: I’d Like A Second Senator But It’s Out Of My Hands: The Huffington Post News Team
Kindle Blog Dreaming
Me on Full-Body Scanners in Airports: schneier
Romulan ships in the latest Star Trek Online screens – I don’t know if I’m interested in playing, but there’s plenty of joy in looking at this stuff.
‘this is fun’ Is A More Secure Password Than ‘J4fS<2’ – This is fascinating — as well as fun. Too-difficult passwords are highly secure, but promote security leaks by literally forcing someone to write them down on a piece of paper (especially when you are on a system that expires passwords every 90 days or something). Some good advice here. Maybe I’ll pass it on to my company security folks.
Inhofe: Terrorists Already Incarcerated In The U.S. Were Just ‘Criminals’: Ali Frick
Durbin to Republicans: ‘You ought to have a little more respect’ for American corrections officers. – Riiiight … the gazillions of horrible, awful criminals the GOP loves to support being locked away haven’t at all trained corrections officers to handle, well, high security prisoners. Yeesh.
Gingrich: Only Republicans — Like Me — Are Allowed To Accuse The CIA Of Misleading Congress: Think Progress
Having Daughters Rather Than Sons Makes You More Liberal – Margie says this explains me. Though not, perhaps, Dick Cheney.
Prayer May Reshape Your Brain … And Your Reality – Interesting. I need to read the full series.
Dueling church marquees – It’s like the Internet, only all centered.
A man afraid to run away: Ars reviews inFamous – I’m hearing a lot of good buzz on this game (so to speak). If only I didn’t have other gaming addictions.
Cable: let us experiment with metered Internet – As Les says, “I’m perfectly willing to let them experiment with metered Internet so long as they’re willing to allow me to experiment with their competitors.”
Ann Coulter attacks faith of Notre Dame officials, but gets rattled when called on the carpet | Crooks and Liars – Ann Coulter is … reality-challenged. Or a doofus, take your pick.
FRC’s Lou Engle-Less “Call” – The Christian Right is now comparing itself to the Black population in the US in the 50s and 60s, in terms of being discrminated against? Yeesh. Get back to me when you’re required to sit in the back of the bus, or drink from separate water fountains, guys.
Ending Discrimination Against Gays Is Itself Discrimination – Actually, the Right is perfectly correct — this idea conflicts with DoMA (though, as a another law, it can supercede DoMA however it wishes). The answer, though, is really much simpler than that — we should repeal DoMA.
So, let me get this straight… – 1. It’s reasonable to want a plan. 2. Not all Gitmo inmates are proven terrorists (that’s part of the problem, people). 3. It’s goofy to equate “putting terrorists into US prisons” with “releasing terrorists in the United states.” 4. Reid really seriously needs to think through what he’s saying before he start frantically rambling about incoherently.
Man vs. Jury Duty – Well, now I want to know what the result was.
Go, Team, Go!: Jason Kuznicki
Darwinius masillae – Very cool fossil news — but keep the hyperbole down to a low simmer, folks. If nothing else, we know that what we can learn from such things sometimes changes over time, and the last thing we need is giving the creationists a field day if there’s some sort of reassessment of this find. “See? Evolution is wrong and a hoax! Even the scientists keep changing their minds!”

Life imitates Dilbert

After the recent discussion of Symantec software and problems therein, I found today’s entry on my Dilbert calendar particularly amusing.

I think I’ve had phone conversations with both sets of parents inspired by these sorts of messages …

Stalked by Symantec

About a year ago …

“Dave, I’d like you to meet Symantec Firewall. You were asking about security for laptops, and we have the licenses, along with our AV, to use this, so this is the package we in the Security group are using.”

“Nice to meet you, Symantec Firewall.”

“Nice to meet you, dear. I’m sure we’re going to be great friends …”

A few months ago …

“What — what is this?”

“Sorry, SF — it’s just not working out.”

“But — but — we were so happy!”

“Then you started arbitrarily and mysteriously blocking applications.”

“La-la-la-la-la –“

“And you ignored me when I complained and asked for help. And when I’d try to go into your client, you’d crash.

“La-la-la-la-la –“

“We can’t go on this way! It’s over! So I’m uninstalling you.”

“You can’t uninstall me!”

“Just watch me.”

“No, I mean you can’t uninstall me. I’ll make the uninstall process crash, too! You just watch! You’ll never be rid of me! Never!”

“Oh, yeah? There’s more than one way to skin a cat. Aaaand … ah, there you are, you and your startup services. What if I just pull a line out of the login script here … and here …”

“Daisy, Daisy, giiiveee meeeee yoooooooooo …”

“SF? SF? Did she finally get the message? Here, let me restart. SF? SF? No icon. No sign of the services. Whew. Looks like she finally gave up, went off, got a life. Oh, well. No hard feelings. It was fun while it lasted.”

Last week …

“Think’s he’s so smart … Such a big man, Mister Former IT Tech Guy. Been laying low, though. Not showing myself, letting him think he won. I’ll show him … First I’ll kill his rabbit. No, wait … maybe I’ll just … creep in from the shadows … not display any icon … not alert the Windows Firewall (the hussy) … and start blocking Internet applications … all of ’em! Well, all except that IE crap, they deserve each other … He’ll never see me coming! Yeah, that‘ll show him … nobody uninstalls Symantic Firewall and gets away with it …”

Today …

“Well, sir, let that be a lesson to you.”

“Wow. I had no idea … I thought she was gone. I never expected her to actually … stalk me.”

“We’ve seen it before with her type. It can be tough to pry ’em out of your life. Like a bad penny, they just keep showing up.”

“But a SWAT team? You really needed the sharp-shooters and a floor-by-floor clearing of the building?”

“It was either that or nuke her from orbit — it’s the only way to be sure.”

“Well, I’ve certainly learned something.”

“And what’s that?”

“Never touch Symantec/Norton products with a ten foot pole. Not unless you plan to live with ’em for the rest of your life.”

“Words to live by, sir. Words to live by.”

-fin-

Previous posts in the matter: 1 2 3

Potpourri on a Wednesday Night

THIS STUFF MAKES ME MAD AND/OR SAD Top Maryland cops ordered nonviolent peace activists’ names added to anti-terror, drug trafficking databases… – So a bunch of non-violent peace activists get entered…

THIS STUFF MAKES ME MAD AND/OR SAD

Top Maryland cops ordered nonviolent peace activists’ names added to anti-terror, drug trafficking databases… – So a bunch of non-violent peace activists get entered into national terrorist databases, just because. Nice. Remember — don’t just look at laws and legal tools based on what their purpose is, but how it can (and, thus, will) be abused.
Fundies wail over Hallmark’s line of same-sex couple cards… – Includes a nice link to Hallmark’s feedback site where you can actually send them a thank-you note.
Clickjacking: Web pages can see and hear you – Mutter mutter mutter ….
Past 15 months have resulted in a $2 trillion loss in retirement accounts … – Um … good thing my retirement is just far enough away to either see the economy finely recover, or to make my comic book collection invaluable for its fire-starting capabilities.
Lawmakers steamed over ritzy AIG retreat after bailout… – Crikey. Even if a retreat were a good idea (which it may well have been), you schedule it for the local Holiday Inn and no room service, I mean it, guys!
Data-mining sucks: official report – “What? We read all your private information and we still can’t definitively tell you’re a terrorist! Rats! Back to the drawing board!”
“We as Christians, We are Persecuted and Oppressed” – “… because they won’t let us preach as state officials in the name of Jesus! That’s violating our First Amendment rights!”
New religious reality TV show: “The Holy Hookup.” – Or you can watch something a lot more wholesome and uplifting, like “Fear Factor” or “The Bachelor.”
the stupid, it burns – Now announcing the Global War on Student Pencil Sharpeners. Which is great, unless you’re a student caught with one.

THIS STUFF MAKES ME THINK

Decluttering for Geeks – Just for other people to read. I mean, it’s not that that I need help decluttering. No, really, I can stop with the clutter any time I want. No, really. Hey, why is everyone laughing?
Ford Announces Family-Friendly Safety Features – Some very spiffy safety features (and teen-control key systems).
Do Toddlers Dream of Electronic Pets? – Very cool — but “real” pets have some features that robo-pets don’t, teaching kids about life processes (and its value), the need care for others, and how you can’t just turn off everything that bugs you at 3 a.m. (though you can boot it off the bed).
The Toll of Coal – Even the “clean” kind.
‘Intelligent’ computers put to the test – Not your father’s Eliza.
New in Labs: Stop sending mail you later regret – This is one of the most bizarre, yet intriguing, ideas to come out of Google Labs in some time. When you try to send an email late at night, it prompts you first with some math problems, to make sure you are thinking clearly (or soberly) enough to be sending an email you might otherwise regret.
Some folks substituting toys for candy on Halloween… – I’m okay with candy. Katherine has a ton of it, probably some from last Halloween, because it gets very slowly rationed out. The biggest problem with Halloween candy in our house is that we buy stuff to give away that we actually like. And there are always left-overs.

THIS STUFF MAKES ME HAPPY

Justice Delayed, But Justice Nonetheless – A federal judge orders that Gitmo detainees found not to be a threat can’t just be held indefinitely because the government isn’t sure what to do with them. Jeez, what concept.
APOD: 2008 October 5 – Earth at Night – Mary forwards a spiffy satallite image of the world at night. Purty.
Peugeot HYmotion3 Compressor concept is high tech,… – A high-efficiency, pretty-safe-looking motorcycle. Oooooooh …
2008 Ig Nobels honor best, weirdest scientific research – Brilliant!
Suburban mom’s duet with Sting – A very cool story.
Educators Say Art Education Improves Test Scores – But it’s not the 3 Rs! It must be cut for more NCLB test prep!
PHOTOS: Best Science Images of 2008 Announced – National Geographical glee!
Internet Mad Scientist Has Best Personal Library in the World… – Money can’t buy happiness? This would make me damned happy every time I walked into it.
Replicate Yourself in LEGO … for just $60K – Okay, this would make me happy, too.
Cool Stuff: WETA’s $6000 Steampunk Raygun | /Film – Um … as would this.

THIS STUFF SHOULD HAVE BEEN IN A POLITICAL POST

PANIC! – A remarkable number of conservatives think Tuesday’s debate was the death knell of the McCain candidacy.
ANALYSIS: What The Primaries Can Tell Us About The Last Month Of The General Election… – An interesting analysis of the primaries, and how the two candidates’ experience affected the campaign to date. Ironically, while the bitter-to-the-end Democratic struggle was thought to have harmed Obama, it may have strengthened him against last-man-standing-by-default McCain. After all, there’s no accusation they can toss at Obama that he didn’t already have to answer to Clinton.
This Is How to Write an Endorsement – The New Yorker does a thorough analysis, and writes some very complementary words about Obama.

A different firewall story

So the previous firewall note had to do with the office Internet gateway firewall. This one’s about my PC. I started running a firewall on my laptop about a year…

So the previous firewall note had to do with the office Internet gateway firewall. This one’s about my PC.

I started running a firewall on my laptop about a year ago. Between the office and home and various hotels and the like, my PC’s exposed more than I like to the Bad Guys. XP has a default firewall which operates at kindergarten level, better than a poke in the eye with a sharp stick but not quite robust enough for my paranoia. So I installed Comodo Personal Firewall. It’s done a good job for me since then, and I recommend it to anyone who wants a personal firewall.

I mentioned this to one of our Security guys at a meeting a few months back, and he mentioned that we actually license (and, upon request, recommend) Symantec Client Firewall, to go with our corporate Anti-Virus standard (as part of the Symantec Client Security package).

So I just got that done today. It seems a bit more fiddly than Comodo, though it does have the capability of recognizing different locations (and so allowing different rules). But I’ve found one thing that makes me seriously love it:

It can block the ads in Yahoo Instant Messenger.

Huzzah. That’s worth the inconvenience right there.

I’m sure I’ll find things about it to hate or at least be annoyed by, but that one feature is soooooo nice.

WiFi at LAX

Mirabile dictu, the UAL terminals (7, at least) at LAX now have Tmobile WiFi. I spotted the access point on top of the gate counter, and checked it out while…

Mirabile dictu, the UAL terminals (7, at least) at LAX now have Tmobile WiFi. I spotted the access point on top of the gate counter, and checked it out while waiting for my plane last night. Previously, WiFi was only available via leakage from the United Red Carpet room.

Booting up, I quickly spotted the Tmobile access point. I did hesitate a minute — recalling security warnings past and current, even tricksier hacks, But I went ahead with it via a VPN client, since the one on my laptop for company access includes Tmobile access. That made me feel quite a bit more secure, it worked like a champ, and the charges were automagically routed to the company rather than requiring a credit card of my own.

Wasn’t there long (fortunately), since I got on stand-by, but it was nice I could get on at all. Did some office work, a bit of writing, and then headed home.

If it’s free, it must be safe, right?

Heh. After citing this article a few weeks back, I was … amused at the airport when I looked up available WiFi connections and got … this. ATTWiFi is…

Heh. After citing this article a few weeks back, I was … amused at the airport when I looked up available WiFi connections and got … this. ATTWiFi is (probably) the official “AT&T formerly Cingular now AT&T again” pay WiFi spot. The others, though …

So … tempting … 🙂

See spamware popups, go to prison

Bizarro case from Connecticut. A substitute teacher, Julie Amero, has been convicted of four counts of “risking injury to a child” for a popup atttack on the classroom PC that…

Bizarro case from Connecticut. A substitute teacher, Julie Amero, has been convicted of four counts of “risking injury to a child” for a popup atttack on the classroom PC that had X-rated images streaming across the monitor. Despite plentiful evidence (some of it blocked on a technicality) that the machine was infected, that the district had minimal (and outdated) safeguards against such things, and the sub asked for help but got none, she’s potentially facing 40 years in prison.

Unbelievable. These two articles have all the gory, outrageous details.

Now, having said that (and trusting that there will be appeals of the conviction, regardless), and acknowledging that the school district (and its IT group) were incompetent and the prosecutor’s office vindictive and insane …

I just don’t completely buy Amero’s story.

She didn’t know how to turn off a computer? Or even a monitor? She knows how to e-mail her husband, or close a window, but not those things? I don’t believe it. I do believe that she had had drilled into her by permanent teachers to never touch their computers without instructions, and that she’d been told not to logoff the system that was in the class. But her level of incompetence, as described, is a bit beyond belief.
I will accept that she didn’t have a jacket to throw over the monitor, but, really — over the course of a minute or two, if not the hours that seem to be involved, she couldn’t have found anything other than (unsuccessfully) her body to block the monitor? A book? A piece of paper? A student’s sweater or backpack? She couldn’t turn around the monitor, or even turn it face down? Give me a break.

None of this warrants a conviction. I don’t believe she acted in an improper fashion to have those popups start streaming across her system. But some of the excuses actually given strain my credulity, and probably didn’t help her credibility before the jury that convicted her.

The free Wi-fi trap

I’m sure in a year or two this will be as obvious as “don’t hand your credit cards to strangers (except, y’know, at restaurants),” but for now, it’s good info….

I’m sure in a year or two this will be as obvious as “don’t hand your credit cards to strangers (except, y’know, at restaurants),” but for now, it’s good info.

The next time you’re at an airport looking for a wireless hot spot, and you see one called “Free Wi-Fi” or a similar name, beware — you may end up being victimized by the latest hot-spot scam hitting airports across the country.

You could end up being the target of a “man in the middle” attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.

[…] First, let’s take a look at how the attack works. You go to an airport or other hot spot and fire up your PC, hoping to find a free hot spot. You see one that calls itself “Free Wi-Fi” or a similar name. You connect. Bingo — you’ve been had!

The problem is that it’s not really a hot spot. Instead, it’s an ad hoc, peer-to-peer network, possibly set up as a trap by someone with a laptop nearby. You can use the Internet, because the attacker has set up his PC to let you browse the Internet via his connection. But because you’re using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.

In addition, because you’ve directly connected to the attack PC on a peer-to-peer basis, if you’ve set up your PC to allow file sharing, the attacker can have complete run of your PC, stealing files and data and planting malware on it.

The underlying theme is “Don’t connect to anything you’re not sure of, and make sure your autoconnecting is either turned off or tightly controlled.”

I do a fair amount of business travel, and have had multiple occasions to connect into WiFi access points at airports (and other locations). While I’ve tried to be careful, this article will have me being even moreso.

Possible end of an era

Because of virus/malware distribution problems from infected machines, the security folks at the office are going to put out a workstation policy (the “part of the Windows operating system” kind) to shut down port 25, used by SMTP. Not blocking SMTP at the gateway or something like that. No, making all workstations unable to send things out on port 25.

Which will, essentially, put paid to my using an e-mail client, e.g., Thunderbird. I’ll have to instead use a web-based client — more, a web-based client that stores crap.

Like, possibly, GMail. Which would irk me mightily, if I ended up not being able to use my own freaking domain to receive and send mail from. Bleah.

Irked.

Because we all feel safer when Microsoft takes over our security …

Okay, here’s one that will make you sleep better at night: how Micro$oft is continuing its drive to be the only real resource for anti-virus, anti-spyware, anti-blackhat security. Many of…

Okay, here’s one that will make you sleep better at night: how Micro$oft is continuing its drive to be the only real resource for anti-virus, anti-spyware, anti-blackhat security.

Many of you will look at the events I’ve described and shrug them off — a notification oversight here, a bit of sloppy Web site updating there, with an unfortunate kernel conundrum thrown in for good measure. But I, for one, am getting more and more uneasy about Microsoft leveraging its monopoly in operating systems to unfairly compete with antivirus, antispyware, antiscum, and firewall manufacturers.

It currently appears as if the US Department of Justice is going to roll over and play dead. At least, if there are any rumblings at DOJ, I certainly haven’t heard them. Whether the EU will take it lying down remains to be seen. There’s more than a little irony in the thought that the European Union may represent Americans’ best hope for consumer protection.

This much I know for sure: If you’re paying Microsoft to protect your computer, you’re part of the problem, not part of the solution.

I’ve never had a real problem with a lot of what Windows has bundled into the OS/NOS, only when it’s bundled as something inextricable and unbypassable. But M$ has proven time and again that they simply cannot be trusted as the gatekeepers for computer security, not so much because they’re scum-suckers, but because (a) they’re incompetent at it, and (b) a robust, diverse “ecology” of security services is far better able to deal with the real competition, the black hats.