Tag Archive: security


They sell them

Here’s a sample listing on eBay.

Mac Trojan Alert

No more security from obscurity. Now that the Mac OS X platform has become more prevalent, malware has followed.  In the last two weeks, two new trojan horse threats to security.  The first presents itself as a PDF file, “which displays a Chinese-language document on the screen in an attempt to hide its background activity.”

The second is a bit more clever, it presents itself as a flash installer.  If a user tries to install the software, it deactivates security software on the user’s machine.

Apple has updated its anti-malware tools, so the threat is low, but the threats are increasing in number and sophistication.

Security Hole in Apple Batteries

A security hole in the firmware of Apple Mac batteries may well allow for malware to be installed on vulnerable systems… even after a complete reformatting of the hard disk and reinstall of the system.

I wouldn’t be too worried about this, as there is no evidence of this hole being exploited yet, and I would hope a fix would come along shortly, but…

(via Boing Boing)

In San Francisco, defense attorneys are using the ubiquitous video cameras to support their clients’ cases.

They have also become a tool exploited by defense lawyers who often seek footage from the cameras to exonerate falsely accused clients. The footage is not monitored in real time, but can be reviewed upon request by attorneys, police and prosecutors.

Nearly one-third of 109 requests for footage made last year came from defense attorneys, according to data supplied by The City in response to a public records request by The San Francisco Examiner.

Criminal defendants have been cleared or had charges reduced when footage proved their alibis or disproved police or witnesses’ accounts of incidents.

Interesting use of technology; particularly one designed to assist the other side of the bar.

There’s a market in Israel for “Kosher” cell phones, which purposefully lack features like text messaging, etc., among the haredi / ultra-Orthodox communities.  (See, e.g., this for details)

However, the IDF and others are trying to ensure that these phones can receive emergency messages.  They want to be sure that these messages, and only these messages get through.

(Oh, and it doesn’t mention whether or not these Kosher phones turn themselves off or refuse phone calls on the Sabbath.  I’d be interested to know that.)

Malicious software on Facebook is an increasing problem.  (I’ve written about them here and here).  Recently, Facebook has come up with two different and complementary security measures to fight back against these viruses, worms, malware, and other scams.

First, Facebook has teamed up with Web of Trust to try to identify “risky” links.  By warning users of potentially malicious sites and applications, Facebook hopes to reduce the amount of malicious software running on its system.

Secondly, Facebook has implemented a text message login approval as an opt-in security measure.  If a user tries to login to Facebook from a new computer or device, the system sends a code via SMS to the user to verify the new computer or device. This should reduce the amount of unauthorized users accessing Facebook and legitimate users’ data and slow the propagating of viruses.

Password Security

Recently, there has been a fair amount of discussion on password security.  The question of what makes a good password, etc.  (See, this post, and this discussion thereof),

But it’s largely missing the point of the biggest problem in password protection.

Namely, the big problem is having too many logins.  To be secure, you want to have a different password for each site you log into.  That way if their server is compromised, like how Gawker was, hackers won’t get your password to every system.

One suggestion is to use pass phrases instead of passwords.  Real words in a phrase are more difficult to guess than a single word alone.  (Simply: increased length → increased security).  Also a phrase is easier to remember than a series of random letters, number, and characters.  Amazon has implemented a system, PayPhrase, to take advantage of this fact.  (See, this MIT Technology Review article on PayPhrase)

Even if the passwords are phrases that can be remembered, it is extremely difficult to remember a bunch of different phrases and which phrase goes with which site.  Ultimately, you end up with the same problem as before.

“Tricks” like incrementing a number at the end of a secure password are just as susceptible.  Firstly, you have to remember which number goes to which site.  Secondly, a hacker that gets access to one of the passwords has a template to go after your other passwords.

The best solution I found was to use a password system like 1Password or KeePass.  I use 1Password and it creates and stores different, strong passwords for each login.  Lifehacker has an excellent explanation of why this system is the best of the available options.

Facebook Virus Alert

It appears that my report of recent Facebook viruses is only part of an increasing trend.

The new Facebook viruses use Facebook applications to spread themselves, and spread using a victim’s friend list.  In addition to the photo tagging pretense I identified, these attacks use the pretense of surveys and “liking” a video or image.

As always, the best defense against these attacks is vigilance.

Dropbox

The hottest cloud computing application right now is DropboxDropbox stores your selected files “in the cloud,” or (more accurately) on its servers.  More than that, Dropbox can be used to sync files across computers.  It comes with 2 GB of free storage and there are upgrades available.  It’s a pretty useful tool.

I use it with 1Password to sync my password database across devices and to back up some important files.  Lifehacker has published a number of articles including how to Use Dropbox for More Than Just File Syncing and How to Use Dropbox as a Killer Collaborative Work Tool.

(Oh, and if you use my referral link, you and I will both get an additional 250 MB of storage free)

Its increased popularity has increased its scrutiny, and there have been security problems discovered.  Agile, the makers of 1Password, have posted their opinions here.

Dropbox has 25 million users so far, and GigaOM predicts that it’s just the start.

New Facebook Virus

There appears to be a new Facebook virus out there.

I’ve received e-mails from Facebook claiming that I have been tagged in a photo album.  The albums have been titled “Who Views Your Profile” and “Profile Stalkers”.  The links are to install a Facebook app, which presumably propagates itself by sending similar messages.

Some quick searching shows that it may be a new version of the “Koobface” virus that first sprouted in December 2008.  Don’t click on the links, don’t install the Facebook app, and don’t download any files from it.

%d bloggers like this: