Anonymous E-Cards
Filed under: Articles and Essays, Computer Security, Science & Technology
It seems that (rather predictably) hackers are exploiting valentines day to send out fake anonymous e-cards with suitably “romantic” subjects to get people to click on the link in the email to open the card.
Instead of course, they’re clicking on a link to install some piece of spyware or a virus.
Remember on this day renowned for receiving anonymous expressions of romance, treat any email the same as you would any other day - don’t click that link - you don’t know what it’s going to do.
Also, as a responsible computer user, you shouldn’t be encouraging people to open anonymous emails by sending e-cards on valentines.
Google Desktop 3 - time to worry
Google have today released version 3 of their excellent search tool - and it contains a feature that I am worried about, both personally, and as an employee of a large IT company.
Now the feature that has me worried is this one
Search Across Computers makes the following files searchable from your other computers:
* Web history (from Internet Explorer, Firefox, Netscape, and Mozilla)
* Microsoft Word documents
* Microsoft Excel spreadsheets
* Microsoft PowerPoint presentations
* PDF files and Text files in My Documents
So a copy of my documents is going to be stored somewhere I can access from anywhere I can log onto Desktop search - so that’ll be some big server at Google then.
Now stop and think for a second - how many Word documents do you have that are personal letters, maybe letters you’ve written to your bank, your solicitor/lawyer/attorney, your MP. Would you want Google having access to your web history - every page on every website you’ve visited? Would you want the spreadsheet you do your personal finances on stored on Googles servers?
Thought Not.
Note that although you can tell Google Desktop not to put files on the central server, it seems to be “all or nothing” - you can’t share files selectively - you want to share some of your files, you have to share them all.
Now add into that the prospect of staff at your company indexing your servers with this tool - think of all the “confidential” reports that could be accidentally sent to Google.
Realise this - you could be fired for distributing company confidential information without even realising it. Company’s should make a rule now about Google Desktop - up till now it’s been a harmless (and far better alternative) to the general searches in Windows. Now it could be sharing your secrets with Google.
This is (in my opinion) a “very bad idea”. Yes, the search tool was good in V1 and 2, but this version goes too far, and sacrifices privacy for the sake of convenience. I won’t be installing Version 3 - so I cannot confirm that the default for sharing my files is “don’t”
Yes, Google has a privacy policy in place, and yes
Google treats the contents of your indexed files as personal information
However can you see the value to a hacker of all that personal information stored over at Google - I can see some unscrupulous characters hitting that server farm fairly hard for the information contained in it.
Better make sure your password is really good, and if your employer has any sense they’ll ban this thing from their network, and block the traffic at the firewall.
URL: http://www.google.com/desktop/
More Sony Woes
Filed under: Computer Security, In The News, Science & Technology
It looks like the Sony Rootkit saga is going to run for a while yet - while legal action in the US is going to drag this on - Microsoft have deemed that the Sony Rootkit meets the definition of “malicious software that windows should be protected against” and it also meets their definition of “Spyware”
It’s not often I get to write - “Good on you Microsoft”
Sony are aparently now (finally) recalling the affected CD’s from shops (although there is, as yet, no definitive list of titles) and offering to replace disks. This is a PR disaster for Sony, and no doubt about it - even in countries where they haven’t released the rootkit, I for one will count it as another reason not to buy Sony in the future.
Link: http://news.bbc.co.uk/1/hi/technology/4434852.stm
Link: http://www.usatoday.com/money/industries/technology/2005-11-14-sony-cds_x.htm
Thanks to James for the latter link
No Surprise Here
Filed under: Computer Security, Entertainment, In The News, Music, Science & Technology
Since the recently revelations about the Sony “Rootkit” - it really comes as no surprise that virus writers are now using the protection that the rootkit offers them and are now planting Trojans on PC’s where the rootkit is installed.
Of course, it’s also no surprise that preparations are afoot to sue Sony over this error in judgement… and no surprise that folks who bought legal product from a company they trusted are now joining voices to recommend that others boycott Sony products over their handling of this fiasco.
I for one will not be buying any “copy protected” CD’s from Sony now - it’s one thing to protect your copyright - by making it a nuiscence to be able to listen to the music I’ve paid for anywhere - but to actually open people’s PCs to possible virus/spyware infection as a result is going waaaay to far.
Musical Hacking
It seems Sony’s latest efforts to thwart the digital pirates involve installing hidden software which intercepts various Windows system calls, cloaks itself to prevent detection and can totally disable a Windows PC when it is removed.
Analysts are already referring to this as a “rootkit” as the damage it can do when it’s removed can result in a PC needing to be rebuilt from scratch.
Not the brightest idea…
Update
Which leads me onto the next piece of security advice - disable autorun - it’s a major hole in Windows that allows any CD to install anything without prompting you. Microsofts “Powertoys” (specifically “TweakUI”) allows you to do this without any mucking about in the registry. For other versions of Windows than XP, I’d suggest a Google search.
Update (another one)
It appears that Sony are releasing a patch which deals with the “hidden” aspect of this rootkit (which at least will prevent other spyware from using it to cloak) but it doesn’t deal with the problem that to play a music CD requires a special driver to deal with their security.
http://www.theregister.co.uk/2005/11/03/sony_rootkit_drm/
This story has now moved into the mainstream media - http://news.bbc.co.uk/2/hi/technology/4400148.stm
It’s notable however that the company that developed this DRM software states that he should have contacted Sony for removal instructions rather than removing it manually - however when Mark found it there was nothing identified during the early stages of the investigation into what this rootkit was, and where it had come from which stated it was from Sony in the first place.
Get Safe OnLine
The UK Government (along with a fairly long list of big names) has produced a new on-line guide to being safe online - with advice about virus, spyware, phishing, spam, firewalls as well as sections on backups and and WiFi
More important (especially for newcomers to computers, and those of you reading this who know people who will be getting their first PC in the run up to Christmas) is the 10 minute checklist covering everything for a Windows PC, plus sections on Wireless networks, firewalls etc.
It’s been well written in plain English, and although that page is aimed at the beginner, there’s plenty for experienced computer users too, as well as sections on protecting your family and even a section for small businesses too.
This is a must read website for anyone who uses any kind of computer on the internet.
Spyware Article
A nice “in English” article about Spyware from those folks over at “Wired”
http://wired-vig.wired.com/news/privacy/0,1848,68275,00.html?tw=rss.TOP
It includes the usual advice - athough I think telling people to be wary of all shareware and freeware is going a little far - by no means is all shareware carrying spyware!
Recent Movies
