News and other tidbits that Chad Cloman finds interesting enough to share
This Lifehacker poll provides a nice list of free Windows firewalls and their relative popularity. I used ZoneAlarm for a while but gave up on it because it didn’t allow me to unblock specific incoming ports. (Or at least, I couldn’t figure out how to unblock them.)
Link: http://lifehacker.com/…
Allowing firewire controllers to have direct memory access (DMA) may have seemed like a good idea at the time (e.g., faster transfer speeds), but who would’ve thought that it could be used to circumvent Windows password protection? Once again, this goes to show that lack of physical security means no security.
Link: http://www.theage.com.au/…
(via Engadget)
This is one of the more bizarre examples of computer viruses that I’ve heard. The virus, actually a Trojan Horse, comes in digital photo frames that were manufactured in China. When the photo frame is connected to a computer, the Trojan Horse is downloaded from the frame to the computer. Nasty.
Link: http://www.sfgate.com/…
(via Engadget)
This tip from Kim Komando tells how to easily log in to a password-protected Windows computer. Just goes to show the importance of physical security.
Link: http://komando.com/…
Why go to all that work stealing passwords and financial/personal information when you can have someone else do it for you?
Link: http://it.slashdot.org/…
Let’s see… a long flight, a bored computer hacker. Yup, it’s going to happen.
Link: http://www.wired.com/…
(via Engadget)
About 1800 Maxtor hard drives were found to have two trojan horses pre-installed. The manufacturer managed to recall most of the drives, but some are in the hands of customers.
Link: http://www.computerworld.com/…
(via Kim Komando)
Another example of why you never give out personal information unless you’re the one who initiated contact.
Thanks to Jane for this topic.
Link: http://www.fbi.gov/…
Security analysts have known about a vulnerability in Adobe Reader for a few weeks, but now there’s an “in the wild” virus that uses it. The virus installs a rootkit that steals sensitive data. Adobe has an fix, so it’s probably a good idea to update Reader and Acrobat to the latest versions. And be careful about opening PDF files from untrusted sources.
Link: http://www.computerworld.com/…
(via Kim Komando)
It has been known for some time that the advent of quantum computers will completely destroy our existing public key encryption system, which depends on the difficulty of factoring a very large number. The appropriate quantum factoring algorithm already exists—we simply need to develop a functioning quantum computer on which to run it. Two research groups have moved the technology forward by creating very small proof-of-concept quantum computers that perform a modified version of the factoring algorithm. Their quantum computers are not scalable but do demonstrate that some of the core technology is working.
For those interested, the technical writeups are available here and here.
The main lesson from this is that you cannot encrypt data with today’s technology and expect it to be safe for more than a few decades at most (who knows—it could be years instead of decades). Also, I wonder if cryptologists are looking for something other than factoring to replace the one-way algorithm essential to public key encryption.
Link #1: http://it.slashdot.org/…
Link #2: http://arstechnica.com/…
Tor is a peer-to-peer anonymizer. It allows users to anonymously surf the web by routing the request through a pool of computers. This pool is created from users who donate processing time and bandwidth of their computers by setting them up as Tor servers. Anyone can set up a Tor server—it’s fairly easy to do.
Sounds good, right? The only problem is that Tor traffic goes through other peoples’ computers, and they can see whatever is being sent over the internet. Encrypted traffic, of course, is unreadable, but apparently web users send a non-trivial amount of sensitive, unencrypted information. In the linked article, the security expert was able to find login information for email accounts. Not a huge deal, but still worth noting.
Tech-savvy readers will immediately respond that this is not just a problem with Tor and that the whole internet is built this way. The difference, however, is that -anyone- can set up a Tor server without leaving their chair. With the internet at large, most routing is done through ISPs, hosting companies, and educational/government institutions. And while the danger still exists, it is not as severe as that posed by Tor. Simply put, though, it’s not a good idea to ever send sensitive information over an unencrypted internet connection.
Also, if you ever think of setting up a Tor server, be aware that illegal activities performed over the network may be traced back to your computer.
Link: http://arstechnica.com/…
UPDATE: The security expert in the above link was arrested and questioned. Just another example of killing the messenger.
I can think of quite a few reasons why a person with malicious intent might want to hack the readers for the new, RFID-enabled passports.
Link: http://it.slashdot.org/…
