Monthly Archives: July 2010

GoogleSharing Firefox Add-on – Stop Google’s Invasion of Your Privacy!

The campaign to convince people that the lack of personal privacy is of little concern to the average person, persists. Some pundits continue to enhance their careers by assuring us (at least those of us who will listen), that privacy, particularly Internet privacy, is dead and, we don’t care.

Consider these quotes from speakers at the Supernova conference, held this week in Philadelphia:

Jeff Jarvis, a blogger and media-industry pundit -

“I think we talk so much about privacy, privacy, privacy that we risk getting to the benefits of publicness (sic), that the Internet makes possible.”

Microsoft researcher, Danah Boyd -

“We have no definition of privacy.”

The only comment I’ll make regarding these two statements is – great sound bites, but BS nevertheless.

The most ludicrous statement I’ve heard regarding Internet privacy, comes from Google’s CEO Eric Schmidt -

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

This, from a person who’s company’s very existence is predicated on the   virtually raping of the public’s privacy, for commercial gain. I’m not a conspiracy theorist in any sense, but I do believe that the very structure of Google constitutes an attack on a basic human right – the right to be “left alone”.

Schmidt may be a “whiz bang” when it comes to search engines, but I suggest that he’s a dud when it comes to the psychology of human beings. The truth is, the realities of the world we now live in continue to emphasize; despite the fact you have may have done nothing wrong – you have everything to worry about.

Noted security guru Bruce Schneier, put it in relevant context when he said:

“Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance. If we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness.

We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable”.

The majority of my friends are extremely concerned with the inroads that governments, social websites, commercial enterprises, and most particularly Google, have made into their private lives. They’re obviously not unusual if one considers this:

Disk wipe utilities, disk cleaning utilities, and file shredding utilities, are among the most popular free downloads on the Internet.

Most web Browsers offer a private browsing mode.

Encryption software is often advertised as a way to protect private, personal, or sensitive files.

Anonymizer applications, such as Hotspot Shield, are advertised as a way to protect a user’s online identity.

While there are multiple uses for the software applications, or application options, described above, a primary use of such software is to ensure a certain level of privacy. Of course, if you’ve done nothing wrong you don’t need to use these applications, right?   :)

Rather than using an anonymizer application, which in some cases can impact performance, there is another alternative, if you use Firefox as your Internet Browser – GoogleSharing.

GoogleSharing is a Firefox add-on developed by noted security expert Moxie Marlinspike, with one purpose in mind – preventing Google from tracking and retaining, user information.

The following graphics illustrate how this works.

Outbound search request:

image

Inbound search results:

image

Fast facts:

GoogleSharing is a custom proxy service.

Does not affect your non-Google traffic which it leaves completely untouched, un-redirected.

Combines search requests from many different users together, such that Google is not capable of telling what is coming from whom.

Each search request is assigned a unique identity.

Prevents Google from collecting information about you from services which don’t require a login.

Stops Google from tracking the user by IP address, Cookie, or any other identifying HTTP headers.

The system is completely transparent to the user. No special websites, no change to your work flow.

If you have any issues with Google retaining your user information, you should consider this add-on. Please be aware, I have not tested this add-on, and this post is for information purposes only.

For more information, visit: GoogleSharing

Download the add-on at: Mozilla

Additional resources related to privacy:

Electronic Privacy Information Center

Center for Democracy and Technology

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under Anonymous Surfing, Browser add-ons, downloads, Firefox Add-ons, Freeware, Privacy, Software, Windows Tips and Tools

Tech Thoughts Daily Net News – July 31, 2010

Windows Starter Kit: Image editors – Just as there’s more to productivity than Microsoft Office, there’s more to image editing than Photoshop. More, and free, too.

Avast Free Antivirus 5.0.594 – Avast Free 5, an A-list freeware antivirus app, provides the same steadfast protection of well-known, pricier antivirus programs. Avast is remarkable for both its effectiveness and arguably providing the most complete free antivirus on the market.

Movie files run in QuickTime Player trigger malware download – Specifically crafted .mov files trigger the download of malware masquerading as a codec update and an installation file for another player when run in the latest (7.6.6) version of QuickTime Player, TrendLabs reports.

Tech Thoughts Daily Tech News 2

Researcher Reveals Major SSL and Browser Flaws – A security researcher has found a slew of fundamental problems with the way that modern browsers are designed and built, leading to serious questions about the security of these applications and the way that they handle SSL sessions.

Students finally wake up to Facebook privacy issues – College students do care about Facebook privacy, it turns out, and their use of the service’s privacy settings has skyrocketed between 2009 and 2010, according to two researchers.

Retr0Bright restores computer plastic to like-new condition – Although James Wages’ vintage Apple Macintosh SE/30 computer system worked, the external plastic had turned a dingy shade of yellow. Using a homemade solution of household chemicals, nicknamed “Retr0Bright,” Wages was able to restore the plastic on the computer, keyboard, and mouse to like-new condition.

Hacker Demos Remote Attacks Against ATMs – Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

Microsoft rushes fix for Windows shortcut hole – Attackers exploiting a hole involving how Windows handles shortcut, or .lnk, files prompt Microsoft to rush out an emergency patch, well before its next scheduled Patch Tuesday.

Company News:

Apple improves App Store security – Following the recent hacking of its App Store, Apple instituted a new security measure that should prevent hijackers of accounts from purchasing anything from the store.

Internet Explorer 9 Beta to Arrive in September – Microsoft today disclosed that version nine of its Internet Explorer Web browser will have a beta release in September.

Report: RIM unveiling 9.7 inch Blackpad in November – Apparently, RIM is gearing up to unveil a tablet sometime in November and guess what? It actually will be called the Blackpad.

Off Topic (Sort of):

Lifehacker: A Primer for Taking Advantage of Your Computer Warranty When You Actually Need It – Reader Shin-GO’s laptop recently went on the fritz, so he put together this helpful primer for taking advantage of your hardware warranty when worst comes to worst.

Did Dell tech support display woman’s naked pics? – A woman calls Dell tech support to ask for help in locating pictures of herself on her computer. The pictures end up on a newly created Web site. She accuses the support representative of creating the site.

Congress May Double Penalties For Pot Brownies – A bill has just reached the floor of the Senate that would double penalties for any edible products combined with medical marijuana in California and the 13 other states that provide compassionate relief for patients. The worst part is that the bill was written and sponsored by Dianne Feinstein, a Democratic senator from California!

Say What? The Week’s Top Five IT Quotes – Privacy concerns over Google and the CIA; HP’s enterprise slate; why online gaming might help your career and more.

Today’s Quote:

“Charm is the quality in others that makes us more satisfied with ourselves.”

-    Henri-Frédéric Amiel

Today’s Free Downloads:

Giveaway of the Day – BookRoom 1.0 – BookRoom is a realistic, beautiful, downloadable desktop environment that allows you to read eBooks on Windows system. Take advantage of a growing number of e-Books while enjoying the convenience and features of BookRoom. The program is available for $29.90, but it will be free for our visitors as a time-limited offer.

Fast Image Resizer – This tool lets you quickly resize your photo’s for publishing on the Web, archiving or distributing. Can use dual and quad core processors to speed up conversion. Copies Exif image information from source. Customizable resize algorithm quality and JPEG quality.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off

Filed under Internet Security Alerts, Tech Net News

Part Of The Tech Savvy Generation? How Tech Savvy Are You Really?

You’re part of a computer literate and technically competent generation – you know, the “tech savvy generation” we hear so much about.

So, when it comes to wandering through the risky Internet neighborhood that’s arguably full of predators, you tend not to worry.

You’re convinced, that since you’re a member of this tech savvy generation, when you surf the Internet, you can handle the dangers and pitfalls that wait for the typical unsuspecting user, (the user who’s not part of your tech savvy generation).

This unsophisticated non-tech savvy group are much more likely than you, to be pounced on by the multitude of scam artists, schemers and cyber crooks lurking in the shadows, just waiting for victims. Right?

It’s entirely possible of course, that you are computer literate, and technically competent. On the other hand, simply because you are a member of that generation who have grown up with computers, does not make you tech savvy. I hate to burst your bubble, but the concept of a “tech savvy generation” is a myth.

I understand why you may have bought into this myth. People love myths. It seems that we will buy into any myth provided it agrees with, or reinforces, our already held misconceptions.

Myths of course, get their status precisely because they do reinforce our beliefs, properly held or not. This myth (masterfully propagated by the media), continues to pose serious security risks for those who believe it.

Since I’m involved in Internet and system security, I have many opportunities to deal with the “tech savvy generation”, and overall, I find them no more competent than average/typical computer users.

Unfortunately, I find that not only does the tech savvy generation not know “what they don’t know”, they don’t want to hear about it because developing knowledge is hard, and it requires time and effort. Better to just hang on to the myth.

I’ll admit, that anecdotal evidence, while interesting, does not always tell the tale. On the other hand, gather enough anecdotal evidence and one may have enough data to propose a theory, that can withstand probing and prodding.

As a tech/geek/writer, I am in touch with loads of other techs/geeks/writers from around the world, on a fairly consistent basis. One undisputed reality that we all agree on is, the lack of knowledge exhibited by typical computer users, and that members of the tech savvy generation, are no more than typical computer users.

So, if you’re a member of the so called tech savvy generation, you need to consider these realities:

Cyber criminals count on your believing the myth. It makes their job just that much easier.

There’s a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. You really are, just an average computer user.

Common sense tips:

Stop believing the myth.

Start being proactive when it comes to your computer and connected device’s security; part of that is making sure you have adequate software based protection to reduce the chances you will fall victim to cyber crime.

Recommended reading: Principles of Security: Keeping it Simple – by guest writer Mark Schneider, and – An Anti-malware Test – Common Sense Wins.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

22 Comments

Filed under Bill's Rants, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Personal Perspective, Software, Windows Tips and Tools

Tech Thoughts Daily Net News – July 30, 2010

Turn Your PC Into an Entertainment Center – You can use your Windows 7 or Vista PC to watch and record programs–just add a TV tuner. Also, create a music playlist.

Geek 101: LCD and Plasma Basics – HDTV and computer monitor technology can be confusing to the uninitiated. We clear the air with this primer.

Sleazy Marketers Game Google’s Sponsored Ads – Sponsored links at the top of Google search results last week promised to take you to the official sites of big brands, but instead led to pages designed to extract your personal data.

Tech Thoughts Daily Tech News 2

Facebook member data put on BitTorrent site – The names of 100 million Facebook members, along with the URLs of personal profile pages have been published on a BitTorrent site by campaigners making a point about online privacy. Details relating to 20 per cent of the site’s members appear on the list, having been ‘scraped’ from Facebook by a Canadian online security consultant.

Companies can’t handle the cloud computing truth; You’re not ready – Despite all the chatter about cloud computing, most companies aren’t even close to being ready for it.

Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia – ‘Big Boss’ operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks

Critical system flaws a ‘ticking time bomb’ – While computer users fret about online identity theft and corporate executives worry about digital espionage, security issues in critical infrastructure affecting every single person present even more cause for alarm, an expert said at the Black Hat conference here on Wednesday.

Google in clear over Wi-Fi data collection – The UK’s Information Commissioner has effectively cleared Google of any wrongdoing over its Street View Wi-Fi data collection.

Top Hacks and Security Breaches of 2010 (So Far) – This has been a busy year for hackers and for computer forensic specialists. From the Pirate Bay hack to the iPad 3G e-mail address exposure, here are some highlights.

Report: Google leads Bing, Yahoo!, and Twitter in malware distribution – Barracuda Labs found that Google (unwittingly, of course) passes out more malware than Bing, Yahoo, and Twitter combined — about twice as much as all three put together.

Company News:

Sophos: Get your free Data Security Toolkit! – It’s packed with great tools to help you explain the threats to your data and give practical advice on how to keep it secure, including: Top tips for protecting your sensitive data – Presentations on how data is lost and stolen – Video on data security – Example data security policy. (registration required)

Desktops and Notebooks: Toshiba Debuts Back-to-School Laptops – Toshiba has introduced three new Satellite laptops for the early birds already gearing up for school.

Western Digital WDTV Live Plus - The Western Digital WDTV Live Plus plays Netflix video, Pandora music, and a wide variety of video files in full 1080p on your HDTV with no fuss, but streaming from network-connected PCs can be fussy.

25 Facts You Should Know About Symantec – Symantec is a go-to name in the world of IT security and is also well recognized for its storage solutions. This technology titan has spent the better part of 30 years building and acquiring its way into becoming the dominant force that it is today. But how well do you know Symantec?

Off Topic (Sort of):

Lifehacker: Off-Color Cars Offer Effective Theft Prevention – Want to reduce your chances of a thief making away with your ride? You could install a serious security system, but just as effective might be a car purchased with a pink, gold, or beige/brown paint job, according to a four-year study.

20 Secrets Your Waiter Won’t Tell You – What would two dozen servers from across the country tell you if they could get away with it? Well, for starters, when to go out, what not to order, what really happens behind the kitchen’s swinging doors, and what they think of you and your tips.

Congress ponders privacy of your underwear, immortal soul – Senators compare the Internet to the world’s creepiest mall, one where someone follows you into bookstores and ladies’ lingerie shops, recording all of your purchases. Also, you may unwittingly lose your soul.

Tips to avoid ATM fraud at home and abroad – Never assume you’re safe. Follow these tips before you cash out.

Today’s Quote:

“Be who you are and say what you feel, because those who mind don’t matter and those who matter don’t mind.”

-   Dr. Seuss

Today’s Free Downloads:

Fluxee – If you’re a download junkie, keeping all your new files organized can be a challenge. My downloads folder is filled with all kinds of different files, and however often I clean it, it’s an inevitably recurring mess. Fluxee is designed to handle this exact problem. It continuously scans a folder, and based on a set of user-defined rules, moves files to a more appropriate location.

Google Voice – The Google Voice extension for Google Chrome adds a button to the toolbar, which displays the number of unread messages in your Google Voice inbox. It also gives you quick access to your most recent messages with transcripts, lets you initiate calls and send free text messages by just typing any number or contact name, and makes phone numbers on websites callable via Google Voice by just clicking on them.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Internet Security Alerts, Tech Net News

BitDefender Warns Of iPhone Jailbreaking Malware Attack

image iPhone “jailbreaking” – the user taking all-inclusive command of the device, which includes running non-approved Apple applications, is apparently not without risk.

Security researchers at BitDefender, the well known security application developer, have just uncovered a malware scheme, aimed at iPhone jailbreakers, that according to BitDefender “deploys a keylogger ……. which allows the malware creators to intercept the victim’s visited sites, usernames, passwords, and bank accounts information – such as pin number, bank account numbers, passwords, etc.”

Delivery of the Trojan, identified by BitDefender as Trojan.Generic.3010833, begins with the user’s positive response to an email which offers software designed to unlock an iPhone, as the following graphic illustrates.

image

Graphic courtesy of BitDefender.

The body of the email reads as follows:

Our software is compatible with all firmwares (including the latest version) and will unlock 3G, 3GS, & 2G iPhone models within just a few minutes.

You can download the iPhone unlocking software from here: http://www.unlock……………. /iphone3gs-3g.exe

Clicking on the link triggers an executable file download to the potential victim’s computer. Running the downloaded executable (and who’s not going to at this point), triggers the installation of a Trojan which according to BitDefender “attempts to change the preferred DNS server address for several possible internet connections on the user’s computer to 188.210……………..”

The following graphic illustrates BitDefender’s security application’s response to Trojan.Generic.3010833.

image

Graphic courtesy of BitDefender.

Regular readers here are very familiar with the following cautions, but they bear repeating.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

BTW, BitDefender offers a host of highly regarded free security applications which you can checkout here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, email scams, Free Anti-malware Software, Freeware, Internet Security Alerts, Software, Spyware - Adware Protection, trojans, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Butterfly Botnet Kit Author Arrested Thanks To Panda Security and Defence Intelligence

If you’re a regular reader here, then you’re probably familiar with the outrage computer users express when commenting on cyber crime, and cyber criminals.

image Comments range from simple outrage, to implementing the death penalty (no, I’m not kidding), for those convicted of cyber crime. I must admit; in my darker moments, I sometimes feel the tools used by the Inquisition might be too good for this scum.

The more polite comments though, run along these lines:

Where are the cops when we need them?

Why doesn’t an International task force exist to deal with this issue?

Why are the “big name” technology companies sitting back and watching the Internet being destroyed by criminals.

The good news is; to some extent, this is type of policing is beginning to happen.

In March of this year, we explained how Panda Security had played a major role in taking down Mariposa, a Spanish botnet, which according to a report we obtained at that time, was considered to be, “one of the world’s biggest networks of virus-infected computers, responsible for compromising 13 Million unique IP addresses and 50 percent of Fortune 1000 companies around the world”.

Panda Security’s continuing efforts in fighting cyber crime, at this level, has paid off once again. As part of a joint effort which included Panda, Canada’s Defence Intelligence, and the FBI, the mastermind behind the Butterfly Botnet kit, has been arrested in Maribor, Slovenia.

The Butterfly Botnet kit, which was sold online for $650 – $2,000 USD, is responsible for almost 10,000 unique pieces of malicious software, and over 700 botnets. Hundreds of financial institutions and government departments, as well as millions of private corporations and individuals worldwide, have fallen victim to this scumbag’s software.

This cyber criminal takedown is good news for Internet consumers; most particular, the level of cooperation exhibited between the various factions involved in the take down.

I’m cautiously optimistic, that a joint effort like this, may be the beginning of a more concentrated effort to root out those who threaten the viability of the Internet.

Juan Santana, CEO, Panda Security seemed to indicate we may see more of these collaborative efforts when he stated recently “we strongly believe that the fight against Internet crime requires an international collaborative effort from the computer security industry, and public institutions.” We say, “Yes!”

A word of caution: What’s really needed here, is a redoubling of these efforts; the formation of additional strategic alliances; and a systematic strategy designed to finish off these parasites.

About Defence Intelligence:

Defence Intelligence is a privately held information security firm specializing in compromise protection. Based in Ottawa, Canada, the founders of Defence Intelligence are globally recognized industry experts. They have headed information security for Fortune 50 companies, consulted with hundreds of private enterprises and government agencies, and have assisted in the capture and prosecution of international computer criminals.

For more information, go here.

About Panda Security:

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the World.

This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers, and home users, the most effective protection against Internet threats with minimum impact on system performance.

Panda Security has 56 offices throughout the globe, with US headquarters in Florida, and European headquarters in Spain.

For more information, go here.

Note: You can read our article on the highly recommended free Panda Cloud Antivirus, here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Cloud Computing Applications, cybercrime, Freeware, Interconnectivity, Internet Security Alerts, Panda Security, Software, Tech Net News, Windows Tips and Tools

Cloud Computing: Easy Target for Cyber Criminals?

Guest writer Paul E. Lubic, Jr., has some definite ideas on the US government’s decision to employ Google’s cloud based computing model. Paul explains why, in his view, this risky venture will play into the hands of cyber criminals.

Here’s Paul’s report:

clip_image002The use of cloud computing by organizations to rent office productivity applications such as word processing, databases, spreadsheets, and presentations is less expensive than the current method of purchasing application packages/licenses.

However, any money saved by renting cloud-based applications rather than purchasing applications for use on local servers will, in my opinion, be lost and more, because of a much higher probability of having the data stored in the cloud hacked and stolen.

This opinion is based on the fact that the documents stored in the cloud are, for all intents and purposes, stored in one virtual location that is a big fat target for cyber criminals.

Consider that with the current method of using office productivity tools to create and store an organization’s documents, they’re stored on various servers owned by the organization.

Depending on the size of the organization, these documents will be spread across many different servers and storage devices, possibly on a common network. The advantage in protecting the data is that a cyber criminal will have a more difficult time gaining access to the many locations than if there were only one location to attack.

Here’s the really scary part. The US Government has recently awarded Google a security clearance for their cloud computing applications; indicating that they are clearing the way to begin using cloud computing, states a recent Los Angeles Times article: Google, Good enough for government work.

This is the same government that this past year was the victim of advanced persistent threat attacks that resulted in the loss of extremely sensitive national security-related data across numerous agencies.

Since cloud computing-based applications are also vulnerable to advanced persistent threat attacks…it seems to me we’ve just made the cyber criminals’ job a lot easier because once the crooks have gained access to one agency’s cloud-based applications, a huge advantage in itself, they’re smart enough to be able to access those of other agencies as well. Yep, one big fat target; the bad guys are salivating on their tee shirts as we speak.

Advanced Persistent Threat: Targeting an organization’s specific individuals who have elevated access in order to gain long-term, clandestine entry to applications and data.

If you’re wondering why the US Government would allow this to happen in the first place…I can hear the bureaucrats [defined: an official who works by fixed routine without exercising intelligent judgment] saying “We changed to cloud computing because it saved us lots of money. We didn’t know it was unsafe.” ‘Nuff said…they’re gonna to do it.

Let Paul know your opinion on this issue by commenting on this article; we all learn from each other when our views and opinions are shared.

Guest writer Paul E. Lubic, Jr. is a long time IT professional who has held the positions of programmer, IT Security Manager and Chief Information Officer.  His interests lie in the IT security area, but he writes on all categories of technology.

Paul is a mature and seasoned writer, with a rare ability to break down complex issues into an easy to understand format. Check him out at his Blog – Paul’s Home Computing.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Cloud Computing Applications, cybercrime, Google, Guest Writers