Chad's News

He tracked down the scammer and called his (the scammer’s) mother.

http://wuvt.blogspot.com/…
(via The Consumerist)

Many successful hackers rely on social engineering. Here’s an example that reminds me of the movie Sneakers.

http://www.darkreading.com/…
(via Digg)

It’s pretty bad when top Microsoft engineers can’t remove malware from a Windows computer. My favorite part of the article, though, is where a Microsoft vice president says “This really opened our eyes to what goes on in the real world.”

http://australianit.news.com.au/…
(via digg)

Back when I was in the Air Force, the only approved method of wiping data from a hard drive was to disassemble it and break the platters with a hammer. But if you do as this couple did, and give your computer up to be recycled, I’d suggest at least making a boot disk and reformatting the drive. A better level of security, however, can be found by using Eraser. For certain private information, I go that extra step and use encryption. And for the über-paranoid, there’s whole-disk encryption. (Windows Vista is supposed to have built-in disk encryption, but I wouldn’t trust it to not have a back door.)

http://news.yahoo.com/…
(via The Consumerist and Slashdot)

There is a new security threat, this time in specially-crafted Microsoft Word documents. If you have Office 2002/2003/XP or Word 2002/2003, be careful about opening untrusted Word documents that you receive via the internet. The good news is that it isn’t a virus, i.e., it doesn’t progagate itself. The bad news is that infected Word documents allow the author to take control of your system.

http://www.tgdaily.com/…

Keystroke logging has become more of a concern in recent years, as more and more spyware programs install a software-based logger and send the results back to the creator—who then takes advantage of the password, bank account, and credit card information that may have been captured. In addition, there’s the problem with loggers installed on public computers (never enter sensitive information on a public computer—you’ve been warned).

With all this emphasis on software, however, it’s easy to forget about the hardware-based loggers. ThinkGeek has one for sale, at a mere $99. Simply unplug the keyboard, attach the Key Katcher, and plug it back in. Remove it later and you can browse up to 130,000 keystrokes. Very useful for checking up on a potentially-cheating significant other, or monitoring a child’s internet use. Or, for the creative, posing as cleaning staff and installing them on a bank’s computers. (The bank in question now super-glues keyboard cables to the computer, although there are other, less-expensive solutions.)

The gist of it all is that physical security is just as important as firewalls, anti-virus/spyware software, and network/internet security. Did you know, for example, that it’s quite easy to reset Windows passwords provided you have physical access to the computer? (Via the Linux disk or the login.scr trick.) And you can usually access the files themselves just by moving the hard drive to another machine that already has Windows installed—which is why really sensitive files should be encrypted.

It’s a dangerous world out there, in the land of computers, but knowing the potential risks is the first line of defense. I’m sure I haven’t covered them all, so feel free to leave comments with any additional information.

This one’s a bit technical, but it goes something like this: A company designed a web site such that if you (1) disable javascript, (2) disable cookies, and (3) visit every link on the site… then you will delete all content on the site.

Unfortunately for the site owners, the Google web crawler meets all three of the criteria. And the site content was deleted.

http://www.thedailywtf.com/…

If you bought one of the CDs associated with the Sony rootkit fiasco, then you are eligible to take part in the settlement.

http://www.eff.org/…

http://arstechnica.com/…

A short read about the origin of computer viruses, on the 20th anniversary of the first one.

http://news.bbc.co.uk/…

There’s a new security vulnerability for Windows XP in the way it processes *.wmf image files. Your computer can be compromised merely by viewing the image on a web site or email. Currently there are no patches, and anti-virus utilities don’t detect it (yet). The exploit is “in the wild,” and hard to protect against—unless you use the workaround.

http://blogs.washingtonpost.com/…

There is a bug in the Norton anti-virus program that will allow a specially-crafted RAR file to gain control of your computer while the file is being scanned for viruses. If you have your system set up to automatically scan incoming email attachments (and who doesn’t), you could lose control of your system without even opening the message. Fortunately there is no known virus in the wild that exploits this vulnerability, and there are workarounds. But it’s definitely time to run LiveUpdate.

http://www.newscientist.com/…

http://securityresponse.symantec.com/…

Paramount is suing Russell Lee for more than $100,000, alleging that he obtained an illegal copy of a movie and subsequently uploaded it to a filesharing network. In defense, Mr. Lee claims the real perpetrator hijacked his (then unsecured) wireless network. The evidence is weak, and while Mr. Lee will probably be exonerated he will still have to pay legal costs and deal with the stress of a court case. This just underscores why wireless security is so important.

If you have a wifi network, here are the basic things you should do to secure it:

• Change the router’s default admin password.
• Change the SSID and disable SSID broadcast.
• Enable WPA2 security. If your wireless router does not support WPA2, then get a router that does. WEP security is easily cracked, and WPA, although better, is still vulnerable.
• Use MAC filtering.

These steps will not keep out a determined expert hacker, but the goal is to make it difficult enough that he/she will hijack someone else’s network.