Archive for the 'Computer Security' Category

Cell Phone Privacy Doesn’t Exist – Get Used To It

Thursday, August 26th, 2010

Wireless TowerHere at Chad’s News, we’ve previously written about the lack of internet privacy and wireless security. Now we can extend that realm to include cell phones, especially ones that use GSM. At last month’s DEF CON convention, security researcher Chris Paget demonstrated a home-brewed cell phone tower setup that was able to easily intercept calls from members of the audience. The total cost of the hardware was about $1500.

This type of equipment, known as an IMSI catcher, has been available to law enforcement for years, but at the cost of hundreds of thousands of dollars.

Link: http://www.wired.com/…
(via engadget)

Windows Security Vulnerability

Thursday, July 22nd, 2010

Computer SecurityThere’s a new security vulnerability in Windows, where your machine can be taken over by simply viewing a shortcut icon. So be very careful about untrusted USB drives, shared files, and anything you’re asked to download (files with “.lnk” and “.pif” extensions are highly suspect). Microsoft has a temporary workaround which changes all the icon images to be identical, but this may be a cure that’s worse than the problem.

Link: http://www.computerworld.com/…
(via Kim Komando)

The Security Risk Posed By a Photocopier

Tuesday, July 6th, 2010

Computer SecurityMany photocopiers use hard drives to store scanned images of the originals. And many people don’t think about wiping that hard drive before selling, trading, or ending the lease on the copier. Which leaves a gold mine of personal and intellectual property information for those who do think about these things.

Link: http://arstechnica.com/…

LifeLock Doesn’t Work As Well As Advertised

Friday, July 2nd, 2010

SecurityWe’ve all heard the advertisements for LifeLock, where CEO Todd Davis freely gives out his Social Security number because he’s so confident that LifeLock’s service will protect him. Kudos to whoever came up with the idea for such an innovative marketing campaign, but the reality is that Davis’ identity has been successfully stolen 13 times since the ads began airing.

Link: http://www.wired.com/…
(via Kim Komando)

Adobe Releases Flash Security Updates

Tuesday, June 15th, 2010

Computer SecurityAdobe has released Flash Player 10.1, which includes critical security updates. Adobe products are well known for their susceptibility to malicious hackers, in part because of their ubiquity. Note that you’ll need to install two copies of Flash Player, one for Internet Explorer and one for all other browsers. No, seriously.

Link #1: http://get.adobe.com/…

Link #2: http://news.bbc.co.uk/…
(via Kim Komando)

Hacking For Profit

Friday, May 7th, 2010

Computer SecurityIt’s normal to think of hackers as highly-talented individuals working from a basement in some foreign country. The reality, as indicated in the linked article, can be much different. Innovative Marketing Ukraine was a business—with a human resources department, holiday parties, and call center—that created malicious programs for use by hackers. The majority of the software was scareware, where it infects your computer, disables your anti-virus software, makes it almost impossible to use the internet or run programs, tells you that you have a virus, and offers to remove the virus for a fee. But it gets worse. For the people who actually pay, there’s a good chance that someone will sell the credit card information.

Thanks to Josh for this topic.

Link: http://www.reuters.com/…

The Loss of Anonymity in the Information Age

Saturday, April 3rd, 2010

AnonymousEvery so often a business or government entity will attempt to release “anonymized” data only to find that the anonymization process fails miserably (AOL, Netflix). The problem is not so much with the actual data itself, but is in how it can be combined with other data sources to identify specific individuals. A researcher has shown that 87 percent of Americans can be uniquely identified with just their ZIP code, birthdate, and gender.

Link: http://arstechnica.com/…

Hacking the Unhackable Chip

Tuesday, March 30th, 2010

Computer SecuritySecurity researcher Christopher Tarnovsky has managed to hack Infineon’s SLE66 CL PE chip, which the company had claimed was unhackable. Despite this, we shouldn’t be overly concerned. Tarnovsky used acid to reveal the chip’s circuitry, and he also required an electron microscope—not something that your average person has sitting around the house. Once he reverse-engineered the chip’s logic, he modified the circuitry to bypass its (formidable) defenses. Tarnovsky then used tiny probes to view the chip’s internal data signals, allowing him to read its stored memory. This just goes to show that unlimited physical access can break almost any security scheme.

Link #1: http://www.darkreading.com/…

Link #2: http://localtechwire.com/…

The Benefits of Internet Proxies

Monday, March 22nd, 2010

InternetIn Internet-speak, a proxy is a server that takes your request, sends it to a destination server as if it were coming from the proxy itself, and then sends the response back to you. It acts as a proxy in much the same way that you can use a lawyer as an intermediary or designate someone else to cast your vote at a stockholder meeting. Internet proxies can be used for a variety of purposes, one of which is anonymous browsing.

An anonymous proxy keeps no permanent record of which users have connected to which websites. And since the page request comes from the proxy itself, there is no easy way to track who is actually making the request. (In reality the use of multiple, chained proxies is recommended.) This anonymity is quite beneficial for whistle blowers and victims of political oppression, as well as the privacy- and security-conscious. But it also works for organized crime, terrorists, and other criminals.

Another popular use of proxies (not necessarily anonymous ones) is to circumvent corporate/government filters. The destination website may be blocked, but the proxy server is not—thus allowing the user to view prohibited websites.

Here are additional resources:

Thanks to Josh for this topic and the links.

Scrubbing Personal Info From Game Consoles

Monday, February 15th, 2010

GamingSo you have a game console that you don’t need anymore. Thinking about selling it on eBay, donating it to charity, or perhaps giving it to a friend? The linked article explains how to remove personal information that may be stored on the console’s hard drive.

Link: http://arstechnica.com/…

Internet Explorer Security Update

Friday, January 22nd, 2010

Computer SecurityToday Microsoft released an emergency out-of-cycle patch for Internet Explorer. The vulnerability exists in IE6 and above, but so far it’s only been seen in the wild for IE6.

Link: http://arstechnica.com/…

Those Pesky Passwords

Thursday, January 21st, 2010

Computer SecurityI did not realize that the Pidgin instant messaging client stores your saved passwords in plain text. The linked article discusses that and more.

Link: http://lifehacker.com/…