By Rick Broida
January 10, 2010

SAN FRANCISCO - Good news! Having burned that system-repair disc, banished the crapware, bolstered your security, and imaged your hard drive, there’s only big step left in hassle-proofing your new PC.

You guessed it (probably from the headline): backups. Once again I’m going to lecture you on the computing equivalent of flossing your teeth. Bottom line: Do it now or regret it later.

Actually, I’m not going to lecture you at all, but rather steer you to a PC World feature I wrote last year: How to Prevent a Data Disaster. It has all the information you need about creating a diversified backup plan, which for my money is the only way to ensure total safety.

The one item that needs updating is the now-defunct DocSyncer, which made it possible to sync your local documents with your Google Docs account. Fortunately, a free tool called OffiSync can take its place.

Now go forth and enjoy that new PC! And let me know if you run into any other hassles that need solving.

January 2, 2009

When asked about what will happen in 2009, a rise in global epidemics was at the top of Kaspersky Lab’s prediction list.  Kaspersky Lab,  a leading developer of Internet threat management solutions that protect against all forms of malicious software, has seen that prediction to be true —  2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, Web attacks and botnets, SMS fraud and attacks on social networks.

With the start of 2010, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year’s greatest threats and newest attack vectors.

1.       A rise in attacks originating from file sharing networks.
This year, we will see a shift in the types of attacks on users, from attacks via Web sites and applications toward attacks originating from file sharing networks.

2.       An increase in mass malware epidemics via P2P networks.
In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.

3.       Continuous competition for traffic from cybercriminals.
The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.

4.       A decline in fake anti-virus programs.
The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.

5.       An interest in attacking Google Wave.
When it comes to attacks on Web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

6.       An increase in attacks on iPhone and Android mobile platforms.
The year 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

“Malware will continue to further its sophistication in 2010 with specific malware families requiring significant resources from anti-malware companies to adequately fight them,” said Roel Schouwenberg, senior malware researcher at Kaspersky Lab. “Third party program vulnerabilities will continue to be the target of choice by cybercriminals with Adobe continuing to be the main target. And finally I believe that with the introduction of real-time search, black hat SEO and social networks will become an even bigger focus of cybercriminals.”

By Gregg Keizer
Computerworld
December 19, 2009

Hackers redirected Twitter.com’s traffic to a rogue Web site for more than an hour Friday by accessing its DNS records using an account assigned to Twitter, the company that manages Twitter’s DNS (Domain Name System) servers said.

Twitter initially blamed the early-Friday hour-long blackout of its site on changes made to the company’s DNS records, which act like a telephone directory to match the twitter.com domain name with the IP addresses used by its servers.

“Twitter’s DNS records were temporarily compromised, but have now been fixed,” the company said on its service status page at 2:30 a.m. ET. “We are looking into the underlying cause and will update with more information soon.” The status page has not been revised with more information since then.

Twitter uses a New Hampshire firm, Dyn Inc., to manage its DNS records, which match Twitter’s domain name (twitter.com, and numerous others) with the IP addresses of its servers.

Today, Dyn denied that its infrastructure had been hacked. Early Friday, Tom Daly, Dyn’s chief technology officer, told the Washington Post it appeared someone changed Twitter’s DNS records to point visitors to a different IP address using the proper account credentials assigned to Twitter.

“Someone logged in who purported to be a legitimate user of their [DNS] platform account and started making changes,” Daly told the Post ’s Brian Krebs . “It was not a failing on our systems whatsoever.”

Kyle York, Dyn’s vice president of marketing, echoed that in an interview with Computerworld. “No unauthenticated e-mail address associated with the account accessed the [Twitter] account,” York maintained. “This was not an unauthorized breach of our system.”

When asked whether the Twitter account had been used by someone authorized to do so, or if those account credentials had been pilfered by hackers, York declined to answer directly. “You’ll have to read between the lines,” he said. However, he did point to a tweet on Dyn’s own Twitter feed as having the right explanation.

That tweet referenced a story on The Tech Herald , in which reporter Steve Ragan used the clues available, including Dyn’s public statements, to theorize that someone compromised a Twitter staffer’s e-mail account, presumably via malware that snuck onto the Twitter employee’s computer, or through a standard phishing-style identity theft attack.

Once in control of the e-mail account, the hackers then used it to request a password reset for Twitter’s account with Dyn, Ragan speculated. “The password reset process is completed, and at this point the person(s) posing as a Twitter staffer gets the reset password via e-mail,” Ragan wrote.

That approach makes the most sense, agreed Ray Dickenson, chief technology officer at security vendor Authentium. “That’s the most logical explanation,” said Dickenson. “If someone obtained administrator credentials for Twitter’s account with Dyn, or even if it was inside job, everything worked except the human element.”

Dickenson said Dyn’s claim that its servers had not been officially hacked is also likely true. “It’s very difficult to directly hack a top-tier DNS provider,” he said, noting that security at such firms is extremely tight. “You’ve got to believe that Twitter looked at the options, and made the right choice when it went with Dyn. Twitter’s a huge site, and a huge brand.”

Also in Dyn’s favor, said Dickenson, is the company’s contention that only Twitter’s DNS records were altered, a fact that York stressed. “The fact that virtually all of Twitter’s records were pointing to this defaced site, and that no other [Dyn] customers’ records had been altered, corroborates what Dyn’s saying.”

According to York, Twitter will post a more detailed explanation of the cause of the outage later Friday. “It will fully exonerate us, that’s one thing I can say,” York said.

Twitter has been on shaky security ground for some time. Last August, determined distributed denial-of-service attacks knocked it offline for several hours. Two months before that, a hack of a URL-shortening service redirected millions of Twitter users to an unintended destination.

By Sumner Lemon
IDG News Service
December 18, 2009

Microblogging site Twitter went offline for a while Friday after hackers calling themselves the Iranian Cyber Army apparently managed to change DNS records, redirecting traffic to another Web page.

Instead of the usual Twitter Web site design, visitors to the site instead saw a black screen with an image of a green flag and Arabic writing. The defaced site also included a message that said, “This site has been hacked by Iranian Cyber Army,” and an e-mail address.

Whether or not Iranian hackers are responsible for the attack wasn’t immediately clear. However, Twitter and other Internet sites have been used by Iranian opposition groups and protestors to share details of anti-government protests in that country.

Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which match the company’s domain name with the IP addresses of its servers.

“Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon,” Twitter said on its Twitter Status page.

Based on Twitter’s account of the attack, it’s possible that the company’s servers were never compromised. The actual attack may have instead targeted Dyn, the DNS service provider that manages Twitter’s DNS records, according to whois records.

While the outage left Twitter users cut off from the service for about an hour, the type of attack wasn’t serious, according to Dhillon Andrew Kannabhiran , founder and CEO of Hack In The Box, a Malaysian company that runs security conferences in Europe, the Middle East and Asia.

“Yawn, is my comment. It was a simple defacement. So what?” Kannabhiran said.

By Tony Bradley
December 15, 2009

The headlines recently have been dominated with news of online privacy. Facebook has implemented changes that affect the privacy of status updates, and Google made headlines for its apparent disregard for privacy.

The difference between how Facebook and Google have addressed privacy issues offers a stark contrast. While Facebook has quickly responded to criticism and backlash, and has implemented additional changes to try and accommodate concerns, Google CEO Eric Schmidt dismissed privacy concerns entirely.

Facebook has faced challenges with privacy and what sorts of controls it has in place to ensure that users can exert some control over who is able to view their status updates, photos, events, and other Facebook entries. The Canadian government pressed the issue and succeeded in pressuring Facebook into changing a handful of practices to address privacy concerns.

As Facebook implemented changes this week, which were previously announced and anticipated–a change of pace for Facebook changes, there was immediate backlash. Facebook is struggling to figure out how to capitalize on member status updates for real-time search to be more like Twitter, and it is going through some growing pains to establish the right mix of sharing and security.

Google is also faced with constant criticism and concern from privacy advocates. Google is the monolithic Big Brother of the Internet, crawling and indexing every last byte of data that exists and presenting it to the general public in a matter of milliseconds through its various search offerings.

The difference between Facebook and Google as it relates to privacy is that Facebook appears to listen to concerns and respond by implementing changes to try and address issues, while Google seems to be dismissive. The Google response is to just stress why you should trust it, or why you shouldn’t care about privacy.

In a CNBC interview, Google CEO Eric Schmidt explained his stance on online privacy “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines –including Google –do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”

The problem with that point of view is that it assumes you can only be concerned about privacy when you are doing something illegal or unethical. It doesn’t take into consideration the myriad ways that data can be inadvertently leaked or compromised by search engines like Google.

Just because executives and managers want information to be private, it doesn’t mean that they are trying to hide anything like shady accounting a’ la Enron, or illegal pyramid schemes a’ la Madoff. It simply means that some information is sensitive or confidential for a reason.

For businesses that rely on Google Docs or Gmail, there is a level of trust there that Google will respect the privacy of that data and protect it from unauthorized access. Comments like those made by Schmidt provide a reason to think twice about using Google for any sensitive or confidential communications.

As Google plants cookies on PC’s to expand the scope of personalized search, or becomes the focal point for Internet traffic with its public DNS, it is privy to a great deal of information which could be used to reach conclusions. It is important for Google to take privacy seriously.

Facebook and Google are facing many of the same challenges. Whether you like the changes introduced by Facebook or not, its hard not to appreciate its attempts to respond to concerns rather than taking the Google approach that unless you wear a tinfoil hat or have terrorist connections you have no right to be concerned about privacy.

By David Coursey
December 13, 2009

Facebook’s new privacy controls remain a work in progress a full 24 hours after release and months after they were announced. Responding to criticism over making its users’ Friends Lists public, Facebook is rolling out a new option that allows users to protect their Friends List from viewing or searching.

When Facebook began rolling out its new privacy platform, users began noticing that their Friends List had become public and could not be hidden. The list includes the identities of everyone the user has “Friended” and some users don’t want the information made public.

Businesses and their users should exercise special caution because of the relationships–both business and personal–that may be revealed through a user’s Friend list. These could be mined by competitors or in some cases used to develop competitive intelligence about a target company.

PC World, responding to reader concerns, has spent most of Thursday afternoon and into the evening talking to Facebook representatives, who released the following statement a short time ago:

“We have heard user concerns and we will soon enable people to hide their friend lists. Those who choose to hide their friend lists will not have their lists discoverable through search engines or viewable by other users,” the company said in a prepared statement.

Readers had expressed concern that making Friends Lists public could allow businesses or repressive governments to misuse the information. They felt–with reason–that Facebook’s new privacy controls made the information easier for third parties to misuse.

Here is Facebook’s response:

“More importantly, we believe that Facebook, as demonstrated during the Iran elections and events in multiple other countries since our inception, plays a critical role in allowing people to communicate, organize and stand up against oppressive regimes and there is real value of connecting and sharing, which is what we’re trying to facilitate.”

Thank you for the flag waving, though talking to Facebook, or at least the people Facebook wants me to talk to, I am impressed that they do care and want to get things right–and are willing to change in midstream if necessary.

Facebook told me that it would still be theoretically possible for an application the user had approved for access to the Friend List to misuse the information, and this could, theoretically again, include some sort of rogue app or malware.

Not as clear is what access Facebook’s new-found best friends, Google and Bing, might have to Friend Lists and what they might do with the information they receive. It is possible there is no risk here, but given Facebook’s history of privacy flaps, there is reason to be concerned, too.

My take: I am not 100% clear on what Facebook is doing to protect users’s Friend Lists. I know the information, in the wrong hands, could be very damaging to some users in both their personal and business lives. I believe Facebook has become sensitized to the issue and expect to see changes, perhaps beyond those announced late today.

The rollout of Facebook’s new privacy options has, at a technical level, gone less than smoothly, taking more time than expected. There have also been changes made during the rollout that have added to the confusion.

Facebook users would be wise to revisit their privacy options over the next few days and make the changes they consider appropriate. Even if you have already made changes, it is important to check the options available as things remain fluid.

While I am concerned that changes announced in July and rolled out in December are still not right, Facebook probably deserves credit for responding quickly to unforeseen problems.

November 19, 2009

D-Link DCS-6111
www.dlink-intl.com

D-Link International, one of the world’s biggest suppliers of network products, has unveiled its intelligent fixed dome-type Day & Night Internet Camera, DCS-6111 for SMEs and home use. Featuring a Wide Dynamic Range (WDR) VGA Progressive CMOS Sensor, the DCS-6111 is capable of achieving high resolution and more detailed images in high contrast conditions. Coupled with the Infrared (IR) LED for night vision illumination and Infrared-Cut Removable (ICR) Module for automatic adjustment between day and low light conditions, the DCS-6111 is optimized for 24-hour surveillance, even on a 3G mobile phone.

“With its compact size and light sensitivity features, the DSC-6111 is a flexible Internet camera monitoring system to install, said Desmond Toh, marketing director, D-Link International. “Its advanced light features like the Infrared (IR) LED and the Infrared-Cut Removable (ICR) Module eliminate over exposed background or foreground effects, which occur due to lights from differing angles. The quality of footage is not affected, and images captured are in the best quality possible.”

Powerful day & night image capture for 24/7 surveillance
Thanks to the Wide Dynamic Range (WDR) VGA Progressive CMOS Sensor, high resolution and clearer images and real-time videos in MPEG4 and Motion JPEG formats can be captured in high contrast light conditions, such as strong backlight. Working together with an auto-iris vari-focal lens that is equipped with Infrared (IR) LEDs, night vision image and video capture is possible which provides more flexibility of usage and enhances monitoring security. The built-in IR Cut Filter allows good picture quality images to be captured both in the day and in the night unlike other Day & Night cameras, giving it a truly 24/7 surveillance capability.

High resolution recording even in high contrast lighting environments
The Wide Dynamic Range (WDR) technology in the DCS-6111 is designed to perform under different lighting conditions so as to deliver exceptional picture quality. Even under back light circumstances, where the intensity of illumination can vary excessively, images produced are clear and high resolution. The DCS-6111 is recommended for use in extremely high contrast environments with intense sunlight or artificial light streaming in.

3G support for remote monitoring
With support for 3G mobile video viewing, the DCS-6111 enables users to view a live video monitoring feed from the camera on a compatible 3G mobile phone or PDA using just a Web browser, from anywhere in the world.

Featuring two-way audio support, the included D-ViewCam software allows up to 32 DCS-6111 and other D-Link cameras to be managed simultaneously to send automated email alerts or record videos to a hard drive based on a schedule or when motion is detected.

Wired PoE Access
For effective surveillance in and around a building, this camera comes with a built-in 802.3af complaint Power Over Ethernet (PoE) Module, which eases the installation process and also gives users the freedom to place the camera anywhere. In addition, the DCS-6111 also features a built-in Samba client for Network Attached Storage (NAS), which allows images and video captured on the DCS-6111 to be stored directly onto a compatible NAS, with no need for additional software.

By Tony Bradley
November 6, 2009

By Erik Larkin
November 5, 2009

By Daniel Ionescu
October 29, 2009

Twitter is warning users of a new phishing scam spreading through direct messages on the network, which redirect users to a fake log-in page to steal their passwords.

Through its Spam Watch account, Twitter warned: “We’ve seen a few phishing attempts today (Wednesday); if you’ve received a strange (direct message), and it takes you to a Twitter log-in page, don’t do it!”

The phishing direct messages take the form of: “hi. this you on here? http://blogger.djh****.com” (Part of the hyperlink removed for security). The site that this hyperlink redirects recipients to is designed to grab your Twitter username and password as soon as they are entered.

After one’s Twitter login credentials are entered into the phishing site, the page redirects to a fake “Twitter over capacity page,” with the famous Twitter Fail Whale. This is not a genuine Twitter page.

Security firm Sophos advises users that fell for the phishing scam to immediately change their Twitter passwords and also any other sites where the same log-in credentials are used.

Sophos say on their blog that “hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, and in the same way they are after compromised social networking accounts.”

As long as you do not click on the link from this direct message, you should be safe from the phishing attack. It is recommended that you delete any similar messages as soon as you receive them.