Voter Database Security Is A Myth

In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – questions the security reliability of voter databases.

Some of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends, all ultimately to go to the polls to exercise our constitutional right to vote. For millions among us, this is a final decision and a terminal point.

Not for me.

As an information security specialist and database security researcher, I wonder where my vote goes, in what database it’s maintained, and, of course, how secure it is.

Hard experience has taught me that right now, somewhere, a hacker is trying to penetrate the voter databases “just for fun,” “to prove something,” or if I really want to be paranoid, “because he’s part of a powerful, international organization that seeks to dictate our political process by determining elections.”

Paranoia? I wish. One only has to read the news… last year, the databases of major companies were hacked: LinkedIn, Visa, KT Mobile, Sony, Zappos, etc. Of course, that tally doesn’t include the organizations who don’t know they were hacked.

Want news on voter databases being hacked in the last few years? Take a look at the list below, the result of a two-minute Google search:

July 15, 2012: Florida Allowed to Access Citizen Database for Voter Purge

July 27, 2012: Obama Administration to Open Voter Database

March 26, 2012: GOP’s Voter Vault Database Hacked, Candidates’ Identity Altered

August 2011: No Personal Information Compromised After Voter Database Hacked

At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

As if selecting a candidate isn’t vexing enough, now, I have a bigger concern: “How can I be sure my vote ultimately goes to the candidate of my choice?” “Will my vote be manipulated in any way, whether by foreign or domestic entities?” “Will my voter information be used to make it easier to have my identity stolen? (Even the FBI says identity theft represents a more serious threat than drugs.)”

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

PC Tools Predicts New Breeds of Social Media Cyber Scams

PC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, is issuing this consumer alert advising the rollout of new social media sites and features, are leading to a fresh crop of online scams and threats.

PC Tools Top Three Social Network Threat Predictions

Email alerts for “tagged” photos where YOU might appear online.

Social networks are developing increased intelligence for facial recognition to assist with tagging photos. When you’re tagged in a photo or at a location in your photo album, you can often expect an email or notification letting you know where to view it online. Watch out!

Cybercriminals may be using this as a tactic to get you to click on malicious links asking for information – possibly even prompting you to click on a link leading to a fake login and password entry form posing as your social network.

Online robots or “bots” on social networking sites will be more sophisticated

We believe within the next few months that social media “bots” will become more advanced, effectively creating human-looking profiles and personalities. Cybercriminals rely on bots because they are the fastest and most cost-effective way to spread malware, spyware and scams through social network sites.

Through these bots, criminals can auto-create bogus personalities on social networks, which can in turn link to fake companies that sell phony products – all to trick users into buying merchandise that isn’t real or spreading news that doesn’t actually exist.

An increase in fake invites to join “new” or “exclusive” social networks or social groups

New social networks are popping up every day, some of which are “invite only” making them more appealing. Cybercriminals could use this appeal as a method to lure users into clicking on fake invites for exclusive networks. Upon clicking on these invites, users could be asked to provide personal details such as name, login, password or birthdates which should not be released.

“If you’re looking to join the hottest new social network, be careful where you click – your personal life may be at risk,” said Mike Chen, Product Marketing Manager at PC Tools. “Cybercriminals are taking advantage of the buzz surrounding these new social networks and features by tricking unsuspecting users to divulge personal information or download malware.”

Chen added that today’s malware looks legitimate, but what may seem like a harmless email or link can actually result in a person’s stolen identity or credit card data theft. And according to Pew Research, 46% of internet users agree that “most people can be trusted” – a prime reason why cybercriminals are so successful at duping consumers.

About PC Tools:

With offices located in Australia, Ireland, United States, United Kingdom and the Ukraine. PC Tools is a fast-growing brand with dedicated Research and Development teams that ensure PC Tools maintains a competitive edge. With registered customers in over 180 countries and millions of downloads to date, PC Tools’ products continue to win awards and gain recommendations from respected reviewers and independent testing labs around the world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ashampoo Database Hacked – What You Need To Know

I could spend all day, every day, reporting on nothing more than the latest cyber criminal targeted intrusions into enterprise IT systems.  Two reports from my today’s Tech Net News column illustrate that we are barely scratching the surface of this significant, continuous, and rapidly expanding problem:

European Space Agency website and FTP servers hacked

Dramatic increase in cyber attacks on critical infrastructure

If you’re an everyday reader here, then you may recall that I regularly recommend that you take advantage of the German software developer Ashampoo’s, occasionally offered free application multipacks.

The downside (for some) is, you must register and provide an email address. Additional benefits can be gained by registering as an  Ashampoo member, which includes creating a password.

Unfortunately, Ashampoo has become a victim of a cyber criminal targeted intrusion aimed at their customer database. According to the company:

“Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected … it is not stored on our system.”

If you have taken advantage of Ashampoo’s offers, then it’s important that you exercise extreme caution with any future emails sent by the company and, any unsolicited email sent by any company, for that matter.

As well, if you have registered as an Ashampoo member, it’s important that you change your account password. Additionally, if you have used the same password elsewhere (you’d be surprised how often this occurs), it’s imperative that you change these passwords immediately.

My thanks to my buddy John B. (a great Scot!), for bringing this unfortunate incident to my attention this morning.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Conseal Security Takes Portable Device Security To Another Level With Conseal USB

“This tape will self-destruct in five seconds!” – Mission Impossible.

Growing up in the 1960’s, I though that was just the coolest phrase – and the underlying technology, of course. As a way of keeping confidential  information out of the hands of the bad guys, what could be better than that? BOOOM!

Today, safeguarding confidential information is far more complex – and there are many more “bad guys”. Information, in a very real sense, is currency – and the need to protect it is every bit as real as if it were hard currency.

Unfortunately, protecting critical data in an age of extreme data portability (USB sticks, portable Hard Drives, memory cards …. ) against theft, or loss, is exasperated by the very nature of portable technology.

How hard is it to lose a USB key through theft or misadventure – easy (personally, I’ve lost two over the years).

How hard is it to lose a portable Hard Drive through theft or misadventure – easy.

How hard is it to lose a memory card through theft or misadventure – easy.

How hard is it recover any one of the storages devices mentioned? Hard. Hard. Hard.

While it’s true, that both password and encryption applications, offer some protection against unauthorized access should a portable storage device vanish, neither provides absolute protection. Both password cracking, and decrypting applications (and the computing resources necessary), are readily available to those with less than honorable intentions.

What’s needed then, is a technology that not only offers password protection and file encryption, but the ability to remotely destroy data on a non-recoverable device – if it becomes necessary.

I suspect that the Ministry of Defense in the UK, would have been delighted with this type of technology had it been available when, in 2008,  fifty eight Ministry of Defense unencrypted drives – which contained details of troop movements, locations, and travel accommodation, were “lost”.

Certainly, portable media device theft, or loss, is not restricted to organizations; it can just as easily happen at an individual level. For example, in the U.K., in 2008, – 9,000 USB drives were found by dry cleaners in various articles of clothing. It’s safe to say, that data loss and data leakages related to lost or stolen computer portable devices, are now commonplace.

Luckily, Conseal Security has just released a security safety system  that not only includes strong AES encryption, it allows protected devices to be remotely self-destructed, if they are lost or stolen. Moreover, as part of the package the ability to lock devices to specific networks, domains or specific computers, is included. A bonus feature includes a capacity to review all access attempts on a device.

Application setup, including creating an account which provides access to all of the programs features, is straightforward.

The initial account password will be emailed to you. The temporary account password in the screen capture shown below, has been changed.

Once logged in, you can proceed to manage the portable device attached to your machine.

In the following screen shot, you’ll notice I have logged in and entered a name for the attached device.

The USB drive I used for this test was quite small (512 MB), so the encryption and registration took less than two minutes.

As per the message box, no files were accessible on Drive F: (the original drive designation) – instead the files were on Drive G: (the newly concealed drive).

Following encryption of the drive’s contents you will have a number of options to choose from, including –

Access Control

You can set up rules to control where and when this device can be unlocked.

Alerting

You can set up alerts to email you when this device is used.

Self Destruct

You can securely delete the contents of this device if it has been lost or stolen. It will become a blank disk.

Unlocking the portable device is an uncomplicated process – as shown in the following screen captures.

A taskbar popup will notify you on successful completion of the “unlock” process, as illustrated in this screen capture.

Fast facts:

Remote self destruct – If your Consealed device is lost or stolen, you can remotely destroy the data it contains. Press a button on a website and the contents of your device will be securely wiped when next inserted.

Who’s accessed your data? – View a log of who attempts to unlocks your Consealed device, including who they are and what computer they used. The log shows all access attempts and contains sufficient information for law enforcement officials to uniquely identify the computer used.

Define who can access your data – Specify the computers or network domains which can unlock your Consealed device. Also specify what times of the day it can be unlocked. Rules can be changed even when the device is out of your hands.

Safe from password guessing attempts – Even fairly complex passwords can be guessed on average within 16 minutes. Conseal’s “Dual Locks” system completely secures your protected data against password guessing attempts. Consealed devices can only be unlocked with permission from a central server.

Warnings of attempted break-ins – Receive email warnings when someone tries to unlock your Consealed device, directly and uniquely identifying the user, where they are, and what computer they used.

Strong encryption – Your data is stored using super-strength 256-bit AES encryption (approved by governments to protect ‘Top Secret’ information).

Takeaway: A very impressive and elegant solution to a potentially disastrous occurrence at a cost that’s appropriate.

Conseal USB Licenses:

Home User – 1 year’s protection. Non-commercial use only. Up to 5 devices £19.95.

Corporate User – 10 devices £140 (for 1 year). 100 devices £99/month. 1000 devices £830/month. 10,000 devices £5950/month.

Conseal Security offers a full no-quibble 14 day money-back guarantee from date of purchase.

System requirements: Windows XP and above.

Devices: You can Conseal literally any USB storage device. This includes memory sticks, USB pen drives, external hard disks, SD / MMC / xD / CompactFlash cards. It also includes all Firewire, eSATA and USB3 devices. Conseal is completely device and manufacturer independent.

Further details, and a 15 day Trial download are available at the developer’s site – Conseal Security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Use Free Prey To Track Your Lost Or Stolen Laptop Or Cell Phone

Recent statistics indicate that more than 10,000 Laptops are lost, or stolen, each week at U.S. airports alone. Broken down, this same set of statistics indicate that a Laptop is stolen, not lost but stolen, every 53 seconds!

If you are a Laptop owner, you should consider what can you do now, to increase the probability that should your Laptop be lost or stolen, you can increase the chances that it will be returned to you.

One solution is offered by Prey, an Open Source application, that can enhance recovery chances. Stolen Laptop recovery is always a hit and miss proposition, but without an application such as Prey on board, the chances of recovery, at least statistically, are virtually nil.

What is Prey?

Prey is a small applet for your Laptop or Android Cell Phone, which, when activated by a remote signal, either from the Internet, or through an SMS message, will provide you with the device’s location, hardware and network status, and optionally – trigger specific actions on the device.

According to the developer – “Prey helps you track and find your Laptop or Phone if it ever gets out of sight. You can quickly find out what the thief looks like, what he’s doing on your device and actually where he’s hiding by using GPS or WiFi geopositioning. It’s payback time.”

There have been substantial changes and improvements to Prey, since I last reviewed it here on January 28, 2010.

Installation is very simple, as the following screen captures indicate. BTW, Prey can protect your desktop/s, as well.

Fast facts:

100% geolocation aware – Prey uses either the device’s GPS or the nearest WiFi hotspots to triangulate and grab a fix on its location. It’s shockingly accurate.

Wifi autoconnect – If enabled, Prey will attempt to hook onto to the nearest open WiFi hotspot when no Internet connection is found.

Light as a feather – Prey has very few dependencies and doesn’t even leave a memory footprint until activated. We care as much as you do.

Know your enemy – Take a picture of the thief with your laptop’s webcam so you know what he looks like and where he’s hiding. Powerful evidence.

Watch their movements – Grab a screenshot of the active session — if you’re lucky you may catch the guy logged into his email or Facebook account!

Keep your data safe – Hide your Outlook or Thunderbird data and optionally remove your stored passwords, so no one will be able to look into your stuff.

No unauthorized access – Fully lock down your PC, making it unusable unless a specific password is entered. The guy won’t be able to do a thing!

Scan your hardware – Get a complete list of your PC’s CPU, motherboard, RAM, and BIOS information. Works great when used with Active Mode.

Prey can check its current version and automagically fetch and update itself, so you don’t need to manually reinstall each time.

You monitor your devices on Prey’s web Control Panel, where you can watch new reports arrive and manage specific settings, such as changing the frequency for reports and actions.

You can add up to three devices for free, and can optionally upgrade to a Pro Account in case you wish to bypass this limit.

Full auto updater.

System requirements: XP, Vista, Win 7, Mac OS, Ubuntu Linux, Linux – all other distributions, (64 bit where appropriate), Android.

There is no guarantee that even with Prey on board that a stolen, or lost device, will be recovered – but, it seems sensible to make every effort to increase that likelihood.

Download at: The Prey Project

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Laptop Computer Stolen from Hospital Room – Irreplaceable Photos GONE

Just a few days ago, here in Toronto, as reported in the Toronto Star,   a despicable crime was committed (not the first such crime of this type, this year), when a Laptop computer was stolen from a hospital room.

The story, more or less in chronological order, went something like this:

• Laptop stolen from hospital…
• Hospital theft suspect may be involved…
• Laptop theft suspect captured …
• Owner hopes for recovery of photos from stolen laptop – “A woman whose stolen laptop was recovered without its photos of her dead daughter will likely get them back, computer experts say.”

Kudos to the Toronto Police Service, who recovered the Laptop within a few days – only to find that the irreplaceable photos had been erased.

As well as newspaper coverage, this sad story received massive play on Toronto’s seven television stations. It was evident that the victim was extremely distraught over the loss of her dead daughter’s photographs.

While I had great sympathy for the Laptop owner, at the same time I was mystified that:

• No recovery software was installed on this machine; despite the fact that Laptops are at high risk for thief.

Recent survey results from the Ponemon Institute, indicates that more than 10,000 laptops are lost, or stolen, each week at U.S. airports alone, coupled with statistics which show that a laptop is stolen, not lost but stolen, every 53 seconds.

Free recovery applications are widely available on the Internet – see Download Prey – A Free Recovery Solution to a Lost or Stolen Laptop, here.

• The irreplaceable photos of the victim’s dead daughter were not backed up to another medium.

USB flash drives cost virtually nothing – prices range from less than $8 (2 GB), to under $30 (16 GB). That’s a lot of photo storage per dollar. A simple Windows Explorer right click menu command “Copy to folder”, would have copied the photos to a USB stick in seconds.

Worse however, was the realization that the Laptop Hard Drive was not backed up. This, despite the fact that that there are some very substantial free backup applications available for download on the Internet – see Free Paragon Backup and Recovery – Incremental Backup Included, here.

Finally, while I’m unsure as to the cost of recovery this woman faced, the newspaper story did mention a cost of $80 to $150, for a simple recovery operation such as this.

This expense could easily have been avoided if the victim had been aware, that free software is readily available on the Internet to effect photo recovery – see Recover Picture Files On Your Digital Camera Card, on regular guest writer Rick Robinette’s site What’s On My PC.

The recovery application Rick reviewed, Recuva, is capable of recovering photos from virtually any media – including Hard Drives.

I’m not trying to be a big “meanie” here but, it seems to me, that this woman was the architect of her own misfortune. A little pre-planning, particularly with a high risk item like a Laptop, could have saved her considerable distress. But, like too many computer users, her interest stopped with the on/off switch.

As is usual with mainstream media, the Toronto Star failed to grasp the significance of this event, and use it as a teaching tool so that other computer users could learn from the mistakes evident in this occurrence.

Perhaps, I expect too much.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Think You’re Immune From Online Fraud? Maybe Not!

Guest writer Dave Brooks, a vastly experienced computer Tech from New Hampshire, who is an expert at online safety, shares this chilling story on why even exercising proper security measures won’t guarantee your online financial safety.

Bill is constantly trying to pound security into his reader’s heads, and with good reason, but unfortunately, no matter how careful you are, there are things that are beyond your control when buying stuff online.

Case in point: at Bill’s request I’m going to relay a recent unnerving personal experience, if only to show that even the most security conscious are still at risk.

I’m very online safety/security conscious and I buy online only from reputable, well known stores. My online bank account password looks like an alien language, my ATM pin is 8 digits long (compared to 4 or so many people use), and I monitor my account closely.

Even so my ATM card number was recently used, in the middle of the night, in Georgia, while I was sound asleep in New Hampshire. Luckily Bank of America has decent monitoring, and I have a ton of alerts set up to email me when certain things happen with my account.

I woke up in the morning to find an alert that my card was used while I was asleep, and an email from Bank of America that they had detected suspicious activity on my account, had frozen the transaction, and placed a lock on my account to prevent further activity.

The charge was for the amount of $1.22; it’s apparently common practice by those that use stolen card numbers to make a small charge such as this to confirm that the number is good before using it to make larger purchases.

Thanks in part to my diligent monitoring, and Bank of America’s account monitoring system, the thieves were never able to get to step two and spend my hard earned cash on god knows what.

A call to the number provided in the alert email I got from the bank (after confirming it was in fact their number by matching it up on the Bank of America website; phishing emails are pretty convincing nowadays!), confirmed the illegal activity. Bank of America cancelled my ATM card, and cancelled the charge, and a trip to my local bank branch netted me a new ATM card.

My number was likely stolen from a hacked online database of a company that I had made an online purchase from in the past, but there’s no way to confirm this – it could have just as easily been a dishonest employee from a local store where I used my card.

I have since opened a second account with an ATM card, and use only that account for online purchases, (I had been contemplating doing this for a year or more or more, but never did),

I keep a balance of about 5 bucks in it, and when I want to buy something online, I transfer the purchase amount from my main account to the “internet” account to cover it. At least that way, my main account is less exposed, and if it happens again I’ll be able to determine if it was the “internet” or “local purchase” that led to the compromise.

Bottom line here is, even though you think you’re safe, if you purchase stuff online, your bank or credit card info is out there for the taking. The best you can do is keep a close eye on your accounts for suspicious activity, and try to minimize possible damage that might be done if your card number is stolen.

Guest Writer: This is a guest post by Dave Brooks a professional computer technician from New Hampshire, USA. Dave has become a regular guest writer, who’s articles are always a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Prey – A Free Recovery Solution to a Lost or Stolen Laptop

I’ve been planning for some time on writing an update on lost or stolen Laptops, the costs involved, and the consequences that often follow.

Following last night’s news story on “Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen”, on my local (Toronto) CBC News – now seems like the perfect time. So, let me mount my soapbox for just a moment.

What I found particularly offensive in this news story:

The Laptops were stolen December 3, 2009, and yet it took until January 27, 2010 to notify the affected parties. This, despite the fact, that stolen information of this type can be used to obtain false passports and fake credit cards, or for re-mortgaging a victim’s home.

As is often the case in this type of situation, the data on the Laptops was not encrypted.

Officials involved in this debacle were quoted as saying “but the computers were password-protected”. Officials, who obviously have no understanding, that readily available and legal, free software, can be downloaded from the Internet that can break, or reset passwords, in minutes.

This type of occurrence begs the question: is this just a “one off” or, is this type of occurrence a continuing problem?

If we are to be guided by recent survey results from the Ponemon Institute, which indicate that more than 10,000 laptops are lost, or stolen, each week at U.S. airports alone, coupled with statistics which indicate that a laptop is stolen, not lost but stolen, every 53 seconds,  it would be hard to dismiss this as an isolated occurrence.

Reportedly, 65% of lost or stolen laptops are not reclaimed, despite the fact that half the laptops contain confidential corporate information, which, in most cases, is not encrypted.

One would assume, that encrypting sensitive data on enterprise or government laptops, or portable media, would be SOP. Instead, it seems that when we read news stories about a lost or stolen laptop, the pattern seems to be as follows; – “200,000 (insert your own number here), bank account numbers, Social Security Numbers, names, addresses and dates of birth were on an unencrypted laptop stolen/lost earlier this week”.

There are substantial hard costs incurred in the loss or thief of a Laptop, and again, statistics available from the Ponemon Institute “Cost of a Lost Laptop”, indicate that these hard costs can approach $50,000 per occurrence, for enterprise.

It’s not only business or government that should be concerned with the loss, or theft, of a Laptops – it’s every bit as likely to happen to individual Laptop owners.

If you are a Laptop owner, you should consider what can you do now, to increase the probability that should your laptop be lost or stolen, you can increase the chances that it will be returned to you.

One solution is offered by Prey, an open source application, that can enhance recovery chances. Stolen laptop recovery is always a hit and miss proposition, but without an application such as Prey on board, the chances of recovery, at least statistically, are virtually nil.

According to the developer:

Prey helps you locate your missing laptop by sending timed reports with a bunch of information of its whereabouts. This includes the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and – in case your laptop has an integrated webcam – a picture of the thief.

Prey uses a remote activation system which means the program sits silently in your computer until you actually want it to run. If so, it gathers all the information and sends it to your Prey web control panel or directly to your mailbox. The thief will never know his movements are being watched.

There is no guarantee that even with Prey on board that a stolen, or lost Laptop, will be recovered – but it seems sensible to make every effort to increase that likelihood. Prey, may be just the solution you’ve been looking for.

Fast facts:

Wifi autoconnect – Prey checks if there’s an active internet connection to send the information.

Geo-location aware – Prey uses wifi hotspots to locate devices geographically. This not only includes lat/lng coordinates, but also an altitude indicator.

Lightweight – Prey is written in bash which means it has virtually no dependencies, only what it different modules need to work. This also means Prey is portable and should run in just about any computer.

Modular architecture – You can add, remove and configure the different parts of Prey as you wish. Prey is composed by modules, each one performing a specific task.

Powerful report system – Get the list of current running programs, the recently modified files, active connections, running uptime, take a screenshot of the running desktop or even a picture of the guy who’s using the computer.

Messaging/alert system – You can alert the thief  he’s being chased at by sending messages which will appear on screen. You can also trigger alarms to make the message clear not only to him but also to whomever is nearby.

Module auto-installer – You don’t have to reinstall Prey to keep up with the latest and greatest modules. We keep a repository from where Prey will fetch what it needs to get the job done.

System requirements: Windows 2000, XP & Vista, Mac OS, Ubuntu Linux, Linux – other distributions.

Download at: The Prey Project

For a review and download links to free encryption software please read “Lose Your USB Stick and You Lose it All – Encrypt Now with Free Software!” on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Dangers on the Internet – A Lighter Look

This guest article, which began as a comment from JR Bombadila, is a  finely crafted satirical parody on the effects of the constant bombardment of bad news on Internet users, and was originally posted earlier this year.

It may well leave you questioning the “fear factor” as a motivating influence in securing Internet linked computers against the “bad guys”.

I must admit, I enjoyed reading this comment enormously, and I promise you, you are in for an unusual reading adventure in which the writer takes the “malware fear game”, to its logical conclusion.

Read on ……..

I must thank Bill Mullins for illuminating the dangers of the Internet. I only became meaningfully aware of them when I switched from dial-up to high-speed on my “new” computer.

Though I cannot brag I slew the Jabberwock, the Bandersnatch of Paranoia is dead, and the flaming eyes shall wiffle towards me no more, nor shall I heed its burble.

The first rays of light had cracked through my utter and blissful ignorance of the multitudinous dangers all about me only a few months ago when a real, living flesh and blood person told me that his identity had been stolen. A world shattering realization: the virtual world is real, it had struck my world.

The orcs have at last found the gateway into our world. They have arrived. Over the last seven months, I have gradually emerged from that dark cave into the light of full blown paranoia. Here follows the story of my enlightenment. May you be similarly blessed.

Pars Prima

So there I was, the very brain child of Ignorance herself when I first entered the high speed world and deftly flew through the virtual ether world fleeter than feather-footed Hermes.

Ten years late arrived and freshly equipped with technology already outdated, I had finally pulled the trigger and entered the world of high-speed. But that is my modus operandi: wait until it’s cheap and outdated.

On that day and in my self-gratulatory mood for finally keeping up with the times, though still barely able to see the tail end of the pack, my mind was mostly at peace, somewhat confident that I had taken the sure steps to secure my identity, having paid homage to the credit gods, Equifax, Experian and Transunion.

I was lazily, blissfully surfing in ether-paradise but a few minutes when lightening struck: I felt the awakening that haunts me still. It was the Verizon god come to rescue me from my slumber. It spoke: “you are in great peril, soon to be hacked, an unmourned corpse for birds and dogs.”

With uncustomary, docile alacrity, I cried a quick thanks be to the Verizon god and immediately downloaded the savior, Verizon’s own virus-Trojan-malware-adware-root whatcha-call it security suite, and dutifully gave the appropriate tithes to pay for this great god’s protection, a pittance for its saving my virtual identity.

After the hour-or-so-long download, I sighed in relief that I and my virtual I were safe. Or so it seemed. For, deny it as I tried, I couldn’t not notice that my matrix-link that had been quick as mercury had become slow as lead, now running at half speed of my old machine. Thus, entered paranoia: as if economic, politic and moral collapses were not enough to stagger the frame of this Atlas.

After a few googles, I learned that my computer was probably attacked within the first ten minutes of being linked in; not only that but it was infected every ten or so minutes thereafter. I was a virtual leper or worse: unprotected, my very immune system could be compromised. I performed all the rites that the Verizon god had instructed. Thanks be to Verizon, safe. Right? My link’s protected, isn’t it? Enter Worry bird.

My link-up was still slow, slow even when not linked in: my just reward for not keeping up with the Jones. I would crawl long penance before I received again my wings. “Blessed be the virtual gods,” I might have cried out, but no. That wisdom comes only after suffering in long self-inflicted, self-pitying crawling. Thus it began, and there I was in the middle of a dark wood, unable to get out, truly unable to move, shameful to tell:

No time to further investigate and ameliorate the crisis, I cling to the unreasonable hope that nothing is really wrong. Back up my files and despair that the back ups too were food for vultures. Come back later when I have time. Come back later. Come back later. And all the while sleepless nights and a nagging conscience that I have let down the virtual gods and not only them: I have consigned my children to a life of poverty, a father reckless of his own identity. And all the while I was building up courage to face the hundred eyed, hundred armed monster and all the time I put it off and put it off with fingers crossed.

I could not dispel that nagging thought: my identity had been stolen by every pencil-necked criminal in the vast virtual world of geeks gone bad. Tum-tum, I meanwhile rested, unthinkingly worse than Hamlet, and did nothing: a wretched coward.

Days passed, weeks, months, even a new year. Then at last having imbibed enough courage, inspirited, I turned to face the manxome foe. It was a foe like none dreamed of. Oh horror, horror, horror! Unutterable. ALL the virtual wizards of all the virtual world asked: “Are you paranoid yet?” And all shouted at me with one accord: “Not paranoid enough!” And so it goes. Even Gandalf was terrified. From whom should I have courage? But, good fortune, the spirits had not quite worn off, my bravery had not yet left.

Pars Secunda

The unvirtual truth was that my computer began to almost freeze and crash and my backups were not that good. I could procrastinate no longer.

Aware enough to be afraid and yet ignorant enough to still have hope, I learned that the Verizon god is only one, and a weak one at that (and costly), in a pantheon of gods besieged by a much greater army of demons.

I proceeded to acquire and install all the best recommended virus immunizations, adware assassins, spy-killers, fire-walls, adamantine-walls, every best known defense I could find.

Then came the full revelation. It turns out that my problem all along was that I did not have sufficient memory to run my anti-viral arsenal. In my slovenly insobriety I had ignorantly assumed that my computer actually had enough memory to work the minimal tasks I put it to. But no, if one wants to defend his castle, he must pay the guards, and clearly I did not have sufficient resources to feed these eating machines.

As consequence, I only ran a half dozen or more different Trojan assassins. The rest would have to wait until I could purchase the resources necessary to feed my army. However, the real revelation from the great wizards, who are remarkably like the Oz variety, is that even though I detected not a single nasty on my machine, that is only a sure sign that there is something really nasty and deep down rooting into the very core of my virtual being.

One must run at least ten to twenty different of these mercenary-Trojan-assassins in order to rest not assured, but at least relatively more at ease. And there’s the additional problem that the one program I hastily downloaded in order to determine what kind of RAM I need to feed my troops could itself be a Trojan horse. Apparently WOT is not fool proof.

Moreover, I made a-grievous-nother mistake: I began to think. How can I be sure I am safe? I was now also informed and know that the majority of sites that advertise as security services are actually nothing but pirate outfits; that there are more bad guys than good guys; that the bad guys can pose as good guys and vote themselves good guys on WOT; that perhaps maybe WOT and FireFox and even Avast are the most brilliant spies of all, the inner circle of assassins that secretly direct the whole apparent warfare in Matrix.

In short, who is to guard the guards? Thus, goes my dizzying intellect, my German mind having spent too long a time in uffish thought, in this matter far superior to the mind of a Sicilian “when death is on the line” though doomed to the same fate.

But there’s no need to recount the whole whirling dervish of my thoughts. Suffice it to say, it is just the sort of stuff, when it gets in a head of mine takes a life of its own, an uber-monster, the very stuff of the Krell monster. And like monsters dreamt up on forbidden planets, it is unconquerable.

The conclusion was obvious: I can only trust myself. But what hope for a digital ignoramus and neophyte like myself to outmine the millions who have long ago already figured out a way to undermine any infantile attempt of mine. I must rule it out altogether, consign myself to defeat, await my pending doom.

Pars Tertia

But the noggin didn’t rest there. Unsatisfied, we have found a solution. At first, I thought it might suffice simply to unlink myself. Shut down all possible credit and bank account hijackings and unplug. However, I know better. They are too smart and that is trusting in futile hope.

The Ethernet gods will be avenged, and besides I already had witnessed the invasion. The orcs have arrived, the virtual world did strike the real world. And the only way I might be unscathed is to trust in the gods, but I’ve already disconnected from them; so, that too is futile hope.

The only solution is through more uffish thought: how to deliver the snicker-snack? That is the question. I cannot use my internet or computer savy since I have none, so I must use my real calculator, Jeeves’ like, and come up with a brilliant ‘fix’ that only Jeeves could. What would Jeeves do?

I thought. I could completely remove myself from the virtual world: shut down my bank account altogether, destroy all credit cards, wipe out my virtual self, in a sense commit virtual hara-kiri to avoid my own real destruction. It would work. For a time. Then all my other better-founded conspiracy theories rushed back into my head at once, and I knew it was but a short-lived solution.

The real solution is a preemptive strike. The bad guy pencil-necks want to steal my identity. It was not enough to lose my identity, destroy it, change it, become a new virtual me, even utterly obliterate or make meaningless the virtual me. I had to make it impotent, harmless, a virtual eunuch, and somehow render the theft of my virtual me harmless (at least to me), also an excellent revenge on my would be other me’s. But how to do it?

I decided we would completely unplug, pull out, leave not only the virtual world but all worlds possibly affected by the virtual world. We would follow the example of Lot (though my daughters will not). My children shall be raised after the customs of those in the world of Mad Max. If you want to contact me, you cannot: we have no virtual address, or real for that matter and it would be foolish of me to tell.

Let Jabber gurgle all he wants. The Bandersnatch is slain! And I can chortle away.

In all seriousness, thanks for all your help, Bill.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Prey – A Free Stolen Laptop Recovery Solution

You’ll never lose your Laptop computer, and you take particular care to ensure it won’t be stolen, right? Of course you do. But does loss, or theft, of laptops happen? You bet.

Recent survey results from the Ponemon Institute, indicate that more than 10,000 laptops are lost, or stolen, each week at U.S. airports. Are you as surprised as I am?

Not surprised? Well, how about this astonishing statistic from the same survey: 65% of those lost or stolen laptops are not reclaimed, despite the fact that half the laptops contain confidential corporate information.

One can only hope that the data on these laptops was encrypted, although it seems when we read news stories about a lost or stolen laptop, the pattern seems to be as follows; – 200,000 (insert your own number here), bank account numbers, Social Security Numbers, names, addresses and dates of birth were on an unencrypted laptop stolen/lost earlier this week.

Other available statistics indicate that a laptop is stolen, not lost but stolen, every 53 seconds and 97% of stolen laptop computers are never recovered.

So what can you do to increase the probability that should your laptop be lost or stolen, you can increase the chances that it will be returned to you?

One solution is offered by Prey, an open source application, that can enhance recovery chances significantly.

According to the developer:

Prey helps you locate your missing laptop by sending timed reports with a bunch of information of its whereabouts. This includes the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and – in case your laptop has an integrated webcam – a picture of the thief.

Prey uses a remote activation system which means the program sits silently in your computer until you actually want it to run. If so, it gathers all the information and sends it to your Prey web control panel or directly to your mailbox. The thief will never know his movements are being watched.

Stolen laptop recovery is always a hit and miss proposition, but without an application such as Prey on board the chances of recovery, at least statistically, are virtually nil.

There is no guarantee that even with Prey on board that a stolen, or lost laptop, will be recovered – but it seems sensible to make every effort to increase that likelihood. Prey, may be just the solution you’ve been looking for.

Fast facts:

Wifi autoconnect – Prey checks if there’s an active internet connection to send the information.

Geo-location aware – Prey uses wifi hotspots to locate devices geographically. This not only includes lat/lng coordinates, but also an altitude indicator.

Lightweight – Prey is written in bash which means it has virtually no dependencies, only what it different modules need to work. This also means Prey is portable and should run in just about any computer.

Modular architecture – You can add, remove and configure the different parts of Prey as you wish. Prey is composed by modules, each one performing a specific task.

Powerful report system – Get the list of current running programs, the recently modified files, active connections, running uptime, take a screenshot of the running desktop or even a picture of the guy who’s using the computer.

Messaging/alert system – You can alert the thief  he’s being chased at by sending messages which will appear on screen. You can also trigger alarms to make the message clear not only to him but also to whomever is nearby.

Module auto-installer – You don’t have to reinstall Prey to keep up with the latest and greatest modules. We keep a repository from where Prey will fetch what it needs to get the job done.

System requirements: Windows 2000, XP & Vista, Mac OS, Ubuntu Linux, Linux -other distributions

Download at: The Prey Project

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.