October, 28, 2011: A report by Dell SecureWorks researchers disputes the connection between the recently discovered Duqu trojan horse program and the Stuxnet program used to disrupt Iranian nuclear facilities last year. This connection is thought to exist in the opinion of researchers at the security firm Symantec. However, whereas Stuxnet was aimed at specific industrial control equipment, Duqu is aimed at the manufacturers of industrial control equipment with the apparent aim of gathering information that can be later crafted for specific attacks. As I blogged on October 20, the linkage between Duqu and Stuxnet seems strange since the Stuxnet was probably developed by American and/or Israeli researchers and there would not be an purpose in targeting manufacturers to gain additional information. Whoever developed Stuxnet owned the actual industrial control equipment they were targeting (in this case used by Iranian nuclear centrifuges) and extensively tested the program in what must be a sizable laboratory. In other words, if the American and Israeli researchers wanted to target some additional piece of equipment, then they would just requisition it from their governments. There is no reason for them to steal information from manufacturers. At least it seems that way to me. So what we are left with is Duqu in the wild, collecting data for purposes unknown and persons unknown. What is scary, though, is that they seem to have a purpose and maybe it was just inspired by Stuxnet. But to what end? Perhaps blackmail. A better answer would be that is just the Chinese intelligence and military hackers gathering information to be used in a future conflict. Well maybe that isn't the better answer.

Another researcher has demonstrated a method to wirelessly hacking a Medtronic insulin pump. Such pumps use tiny radio transmitters that allow the device functions to be modified by the patient or medical personnel and have a range of approximately 300 feet. The researcher developed software that allows for a lethal command to be issued wirelessly to the device. Medtronic is apparently working on a fix but is also informing doctors and patients of the risks. This is a classic case of implementing technology without regards to security issues.
-- Eric Rasmussen

October, 26, 2011: Windows XP is ten years old this month having been introduced in October, 2001. According to the analytics website Netmarketshare.com, Windows XP still holds a 47.3% market share for operating systems, compared to 30.3% for Windows 7 and only 8.5% for Windows Vista. Microsoft stopped mainstream support in April 2009, but has been updating it for security fixes under extended support. However, extended support ends in April, 2014. Obviously, the success and stability of Windows XP is a problem for Microsoft. They really want to force users to switch to Windows 7 and the forthcoming Windows 8 operating systems, but without alienating customers. While businesses will stay with Windows 7 local or virtualized, Microsoft doesn't want to give the home user any excuse to switch to the Apple platform.

Guess what? You can't actually play Mario Kart on Facebook. There is a Facebook scam circulating and if you click on the "Play Now" button you will wish you hadn't. As always, don't click on Facebook messages regardless from whom they are from.
-- Eric Rasmussen

October, 25, 2011: The world of technology patent infringement is about to take a turn for the worse. Apple, (of course), has been granted a patent for the "slide to unlock" feature that is incorporated into every smartphone, iPhone and Android. This feature may also be incorporated into the new Windows 8 operating system for tablets. Apple applied for the patent years ago before the original iPhone was even released. It is already being estimated that every Android-based smartphone is in violation of this patent. In another article I read, it is estimated that there will be 1 billion smartphone users by 2013. Now assuming that Android represents 50% of those phones, and Apple can sue for patent infringement compensation at $10 per phone, I make that to be a cool $5 billion pre-tax windfall. Now of course, Apple could ask for more such as a sales ban on all Android devices infringing their patent. Where is all of this going? Maybe Steve Jobs' hatred for Android will bear fruit yet.

As if Android users such as me don't have enough to worry about with the possible home invasion of Apple investigators wanting to seize our patent infringing device, now the cybercriminals have thought up a new way of infecting your phone. The new method is to trojanize the update of a legitimate and previously installed app. The thinking is that a user will be paying less attention to an update and will just quickly agree to the permission queries without further thought. The malware has a cool name: DroidKungFu Android Trojan. With a name like that its Chinese origin is obvious but the threat is world-wide to the extent any it gets into the official Android Market. The point is that the threats to Android are increasing even if the cybercriminals do not yet have a beachhead in North America. You don't think those Chinese programmers are working for Apple do you? No, no one would ever think that.
-- Eric Rasmussen

October, 24, 2011: Everyone who reads this Blog regularly knows how I am waiting for the robot apocalypse. So if you are onboard with me on this paranoia then you need to check out an article on TechNewsWorld with the headline "FoamBot Builds Baby Bots for Any Occasion" (you will find it listed under 10-24-2011 on the Blackhawk Tech News page). Basically, researchers at the University of Pennsylvania have developed a "mothership" robot about the size of a shoebox that launches four modules. These modules can then be put into a variety of configurations such as squares or snakes (that can crawl through three-inch pipes). The modules also accept attachments such as wheels, grippers, infrared sensors and cameras. While the mothership is currently controlled by humans including the configuration process, researchers stated that automating the process is possible and "there seems to be no limitation to doing so". Oh great, we need to get right on this. After the mothership configures the modular shape, it sprays urethane foam around the modules to hold them together. You need to watch the video when the module "creature" comes to life and starts moving. All it needs is some artificial intelligence, some weapons, wheels to move really fast and a grudge against humans..... you will never sleep soundly again.
-- Eric Rasmussen

October, 21, 2011: A team of researchers from Georgia Tech has rigged an iPhone4 to sense vibration from keyboard strikes from a nearby computer keyboard. The hack utilizes the accelerometer in the iPhone4 to decode the vibrations from keyboard activity. According to the researchers, accuracy of 80% can be achieved. Apparently, the addition of a gyroscope to the iPhone4 compared to the lack thereof in the iPhone3 made the technique possible. Luckily for now this hack only exists in the laboratories but I'm sure now that it is public it will only be a short time before hackers perfect it. You have to admit that this is a cool hack worthy of Mission Impossible. Note to the paranoid: keep your iPhone well away from your computer.

The hacktivist group Anonymous is engaged in an activity that hopefully all of us can support. In the last few days, Anonymous has claimed they have taken 40 websites offline for sharing child pornography and exposing the usernames of over 1,500 alleged pedophiles that had been using the sites. According to Anonymous, the hosting server run by Freedom Hosting is home to a "darknet" website known as "Lolita City" as well as other child pornography websites. A "darknet" website is so-named because it is not indexed or accessible by internet search engines and exists for the use of its members to share material, in this case child pornography. Anonymous is currently engaged in repeated attacks to crash the Freedom Hosting servers until they remove the child pornography from their sponsored websites. I would hope that law enforcement agencies will pay attention to this effort by Anonymous and try to connect usernames with real people and get these scumbags in jail. Definitely a win for Anonymous. "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us."
-- Eric Rasmussen

October, 20, 2011: The security firm Symantec has disclosed that they have identified a new malicious program, named Duqu, that is used to gather information on industrial control systems. According to Symantec, Duqu is based on the Stuxnet program which was used to infect and interfere with control systems used in the Iranian nuclear facilities with considerable success. The originator of Stuxnet has not been identified but its complexity has suggested a state sponsorship, probably Israel or the United States. The purpose of Duqu seems to be to only gather information, not to damage equipment or industrial processes. The information it collects and transmits back to command and control servers could then be used for a highly targeted attack on a power or water utility, a chemical plant or a refinery. There are a couple of disturbing features to this story. First, the target of Stuxnet was very specific; Iran and its nuclear facilities. Duqu on the other hand, seems to be spreading worldwide, which doesn't make a lot of sense if the originator of Duqu is the same as Stuxnet, which security professionals suggest has to be the case. The second feature is that this is a very dangerous program. Stuxnet is considered the most complex and sophisticated piece of malware ever developed. Wherever this is going, it will not be good.
-- Eric Rasmussen

October, 16, 2011: The malicious trojan horse SpyEye unfortunately continues to be in the news. SpyEye is a logon credential stealing program that is primarily used by the cybercriminals wanting to hack into your banking and investment accounts. It is the successor to and competitor of the trojan horse Zeus which apparently is no longer being updated. A criminal can buy the SpyEye kit which comes along with a graphical interface to set up associated servers and configuration files needed to attack online banking websites. There are also rumors that depending on the price you pay for the SpyEye kit, you can also receive help desk support! Owning the SpyEye kit only gets you so far. The real effort it seems to me is infecting computers in order to install the trojan. The techniques for accomplishing this vary but infected legitimate websites seem to me to offer the best volume of traffic. When the user surfs to an infected website they are probed by a hidden javascript program that looks for unpatched and known vulnerabilities particularly in Windows, Adobe Reader and Adobe Flash but there are others. Depending on what the probe finds, the SpyEye installer runs taking advantage of the discovered vulnerability. Once installed, it is difficult for retail security products to discover and in any case has defensive mechanisms including deleting its own installation files to hide its presence. Microsoft is adding SpyEye to its Malicious Software Removal Tool but that will only help a user who is already infected and only until the SpyEye developers update their program to work around it. All in all, SpyEye is very dangerous and is being used successfully by criminals to make millions of dollars. SpyEye will not be going away, so prevention is the key. Always keep Windows, Adobe products and Java run-time environment fully patched and up-to-date. Of course, there is another solution. People ask me all of the time whether I bank online. I don't.
-- Eric Rasmussen

October, 12, 2011: Sony was on the receiving end of the hackers again as they admitted that 93,000 user accounts of their Entertainment Network had been accessed over the last few days. It is unclear what the hackers were trying to accomplish other than to embarrass Sony again. Frankly, who cares? What is important, though, is the manner of the attack. In this case the hackers were not actually hacking but simply using usernames and passwords from a non-Sony stolen database they controlled to sign-on to the Sony network. The source of that database is not known, but the hackers found 93,000 accounts that used the same Sony usernames and passwords as in the stolen database. Every computer user needs to pay attention to this story. Do not reuse usernames and passwords among online applications. The ramifications are obvious.

Now an update on my blog from Monday. As you will recall, the German-based Chaos Computer Club was accusing the German government of using a trojan horse program to possibly spy on German private citizens. A spokesperson for the Federal German government denied it but now at least five regional German government units have admitted using the program for about two years in criminal investigations, all apparently within the law. What is really interesting about this story is the manner in which a Chaos Computer Club member obtained the trojan program. Apparently, the trojan was loaded on a criminal suspect's laptop without their knowledge as the they went through customs at the Munich airport and his defense attorney subsequently turned it over to a CCC member. Someone must have suspected something was not right. Isn't that cool? Think about that the next time your laptop is out of your sight at the airport or maybe in your hotel room or how about the baggage claim at a Disney World resort?
-- Eric Rasmussen

October, 10, 2011: The well known Germany-based Chaos Computer Club ("CCC") has accused law enforcement agencies in Germany of using a trojan horse program to spy on computer users. I always love the names of these programs, this one being R2D2 after a line of code in the program. According to the CCC, the R2D2 trojan horse can eavesdrop on Skype calls, Yahoo and MSN chat sessions and also has a keylogger to record browser activity. The program also has the ability to take screenshots at specified intervals which is similar to retail internet monitoring programs. Some added features include the ability to receive remote commands probably for updating purposes or to download additional software and the ability to activate webcams and microphones. While computer eavesdropping by law enforcement agencies is permissible in Germany under tightly enforced laws, the CCC believes the R2D2 trojan goes far beyond what is allowed and is possibly in violation of the German constitution. A spokesperson for the German Interior Ministry denies that the trojan horse was implemented by the government. This statement seems highly unlikely considering it is well known that the German government was interested in a more robust computer surveillance tool that was determined to be unconstitutional in 2008. Actually, it seems to me that the best answer is that the German government is responsible for the program because the alternative answer is pretty scary, as in a criminal organization or a foreign hacking group. In any case, the program itself has flaws according to the CCC including the use unencrypted command and control communications. As you can imagine, this is a big story in Germany where any kind of surveillance of private citizens is a very touchy subject. The take away, in general though, is that surveillance of private citizens anywhere in the world is easily implemented and only a functioning legal and law enforcement system can keep it within acceptable boundaries. For the real paranoid among you, it only goes to show that big brother is recording everything you do on a computer and is saving it in a galactic size data storage facility to use as needed. You really need to get off the grid; stop reading this blog, pull the plug on your computer, throw your cell phone in a nearby body of water and quick join an Amish community or head to Paraguay. Hasta la vists, baby!
-- Eric Rasmussen

October, 08, 2011: Houston, we have a problem.... it has been reported that the operating systems for the Predator and Reaper drones controlled out of the Creech Air Force base in Nevada are infected with a keylogger trojan horse. The virus was first detected about two weeks ago and the keylogger has been capturing data transmitted to the drones from the controller workstations for both classified and unclassified missions. So far, there have not been any missions compromised but no one knows what data could have been transmitted out of Creech via the internet. It is believed the virus was introduced by a USB flash drive but that has not been definitely determined. According to officials, attempts to remove the virus failed as it just reinstalled itself, requiring hard drives to be reformatted. This entire event is strange for a number of reasons. Though the Air Force will not comment on the report, the details are so specific that it is clearly a real situation. But Creech base insiders have nonetheless been in contact with the media in what seems to me is clearly a breach of security. After much publicized problems with computers infected at the Pentagon through the use of USB flash drives, it seems incredible that they are used on drone workstations, which control extremely expensive hardware not to mention that those drones are flying around with missile payloads. Finally, one must wonder what type of operating system is being used on a drone workstation that would allow any unauthorized changes to its system. Please tell me it isn't Windows XP.
-- Eric Rasmussen

October, 06, 2011: The security firm Symantec has been reporting a large increase in malicious email targeting small businesses, not-for-profit organizations and small governmental units which can result in dangerous trojan horse programs that steal banking usernames and passwords being installed on user's computers. The form of the email in many cases is a fake notification of a failed ACH wire transfer that asks the recipient to click on a PDF attachment for more details. Of course, by clicking the user immediately infects their computer. Symantec has not specified the form of the trojan but it is believed to be the Zeus trojan which has been discussed in this Blog many times. The malicious payload in the email is of a polymorphic nature that is it is constantly changing its appearance in order to evade security software. The attack has demonstrated success already with the Oncology Services of North Carolina victimized for $120,000 apparently via a breach at their accounting firm and $120,000 from the City of Oakdale, California. It is believed there have been many other victims which do not want to be publicly identified.
-- Eric Rasmussen

October, 04, 2011: Seriously, the patent litigation in the technology sector is getting totally out of hand. A Chicago-based company, Innovatio IP Ventures, set up earlier in 2011, has started filing lawsuits in the United States against hotels, restaurants and retail stores accusing them of infringing its Wi-Fi patents. This company is what is known as a patent troll. The patents were acquired from Broadcom earlier this year. Apparently, the patents Innovatio holds concerns the concept of offering public Wi-Fi via a hotspot router. How this possibly can be a patentable idea is simply beyond me. Do you see where this going? Since the lawsuits are directed against users, it is possible to conclude that residential users with unencrypted Wi-Fi being broadcast from their home router could be sued (I am not making this up). In the meantime, Cisco and Motorola are countersuing Innovatio seeking to dismiss the patents. This country is ultimately going to spend all of its technology resources in these ridiculous patent lawsuits while the Chinese just innovate right past us.

So, while we spend our time focused on patent litigation, the Chinese are continually mounting massive cyber espionage attacks against the US government and American companies. Today, US Rep, Mike Rogers, chairman of the House Permanent Select Committee on Intelligence stated, "China's economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand they put a stop to this piracy". Of course, a representative for the Chinese embassy in Washington denied the allegations. That was predictable.
-- Eric Rasmussen

October, 03, 2011: According to an article in the Boston Globe, the Attorney General of Massachusetts, Martha Coakley, has reported that 1 in 3 Massachusetts residents had their personal information compromised in the period beginning in 2010 and ending this August. This translates into 2.1 million of the state's 6.6 million residents and is the result of 1,166 data theft incidents reported to the state. Such statistics may be more available in Massachusetts than some other states because it has a tough data breach reporting law that can impose heavy fines for non-compliance. This data obviously does not include any estimate of personal information exposed by the individual computer user as a result of installing malware on their local computer. The report does state that the exposed personal information does not necessarily mean it was exploited. Also, it is estimated that only about a quarter of the breaches were due to hacking and the remainder due to procedural errors, lost laptops, lost paper documents and other non-hacking issues. I don't think it is safe to extrapolate any numbers from this report to a national basis, but it is clear that the exposure of personal information via government and private databases is reaching alarming levels and everyone should be on their guard for any indicators of identity theft and phishing email attacks.

The cybercriminals are exploiting the interest in the iPhone5 official announcement tomorrow by sending malicious product announcement emails that will infect your computer if you click on included links. Interestingly, the malware only attacks Windows computers not Macs. In any case, never open these types of what I term "current event" emails whether they are related to such topics as technology, breaking news, celebrities, sports or whatever. You should always use a recognized news source rather than "current event" email regardless from whom it is from.
-- Eric Rasmussen

October, 01, 2011: IoT. Learn this. It is the "Internet of Things". According to Rob van Kranenburg, a member of the European Commission's IoT expert group, "A typical city of the future in a full IoT situation could be a matrix-like place with smart cameras everywhere, detectors and non-invasive neurosensors scanning your brain for over-activity in every street". Well, at that point we might as well go all the way and have invasive neurosensors. Yes, "experts" are really working on this technology. The big breakthrough will be when the world gets off of IPv4 internet addressing and moves to IPv6 addressing which allows for 340 trillion trillion trillion addresses (no kidding, really). So, what are the "things" in IoT? Well, they will be vehicles, (this is happening already such as the Toyota Friend project), household appliances, sensors everywhere, articles of clothing, farm animals, pets and the millions of devices associated with our infrastructure such as traffic lights, electric and water utility systems, transportation systems, pretty much everything. Think I am exaggerating? There is a technology company named Living PlanIT that is developing an operating system for cities called "Urban OS" (operating system). The idea is based on a gigantic network of sensors in a typical city located in buildings, on the streets, embedded in utility devices and machines and all networked together. According to Steve Lewis, the head of Living PlanIT, "If you are using an anatomy analogy, the city has a network like the nervous system, talking to a whole bunch of sensors gathering data and causing actions. We distribute that nervous system into the parts of the body - the buildings, the streets and other things. Having one platform managing the entire urban landscape of a city means significant cost savings, implementation consistency, quality and manageability". Interestingly, the Urban OS will feature the ability of application-plugins, just like your smartphone for customized situations and solutions in the urban landscape. The Urban OS was unveiled recently at the Machine-2-Machine conference in Rotterdam. I wonder whether there were any people attending?
-- Eric Rasmussen

September, 26, 2011: The "Script Kiddies" hacker group accessed the USA Today Twitter account on Sunday and posted a series of their own messages. This hacker group is thought to also be responsible for the recent hack of the NBC News Twitter account, the Fox News Politics Twitter account and the Pfizer Corporation Facebook page. As I have blogged previously concerning the NBC News Twitter hack, the method of attack is a phishing email that when the attachment is opened installs a keylogger on the victim's computer that provides the username and password credentials. The bottom line on these attacks is that it is the user who is allowing it to happen by opening email attachments that have been specifically sent to them, that is the phishing attack.

As it turns out, one or more of the LulzSec/Anonymous members made a big mistake in their hack into the Sony Entertainment systems earlier in the year. It has now become known that a least one hacker and possibly more were using HideMyAss.com, a UK-based web proxy service provider. HideMyAss provides both free web proxy services and VPN services for fees. Many people like to surf the web through a proxy service due to the anonymity it provides. VPN services step that process up by providing encryption for the VPN tunnel traffic. In any case, the hackers believed that HideMyAss.com either did not keep internet traffic logs and/or they would not respect the request of law enforcement agencies to produce such records. Well, they were wrong and Cody Kretsinger from Phoenix, Arizona, an alleged Anonymous/LulzSec member, sure wishes he would have come up with another web proxy solution. This is also a warning to all want-to-be hacker supporters that the use of web proxy services will not necessarily protect you. Find some other hobby and leave the hacking to professionals.
-- Eric Rasmussen

September, 25, 2011: About a week ago, we had the "Bot army assembled, awaiting orders" headline which referred to a new or at least enlarged botnet of Windows-based systems. Now, we sure don't want to leave out the Mac user community from the next great cycberwar. So the latest headline is "Another OS X Trojan paves way for Mac zombie army". The latest malicious software aimed at the Mac OS X operating system was discovered by F-Secure, the Finnish security firm. The attack starts as an email with an attachment or an email link either of which opens a Chinese-language PDF file that displays a document but which also installs a trojan horse. The trojan horse does not seem to have any other purpose at the moment than to set up a communication link with a command and control server thus adding the infected Mac to a new botnet. It is unknown at the present time who the cybercriminals are or what ultimate purpose they have for the botnet. Perhaps it is the beginning of the great Windows versus Mac war where competing satellite-controlled botnets attempt to take over the internet, possibly even using their own missile firing networked drones to take out the enemy command and control servers, shutting down enemy power grids and releasing biological weapons to get rid of the unnecessary humans. Ok, so I have an overactive imagination.

Talking about the evil empire, (Apple for you people just returning to Planet Earth), the Apple Apps Store pulled an app named Phone Story after four days because of depictions of child abuse and objectionable content, The Phone Story app depicted the manufacturing process of an iPhone, starting in the mines in the Congo, through waste dumps in Pakistan and then on to Taiwan where iPhones are assembled at the Foxconn factory where working conditions are so stressful employees routinely jump to their deaths off of building roofs. I am assuming that the manufacturing of a smartphone involves a lot of human misery that we all would prefer not to know about so it was really good that Apple pulled the Phone Story from the Apps Store to protect us from such objectionable content. If you really want the app though, it is still available on the internet.


-- Eric Rasmussen

September, 22, 2011: In a strange turn of the tables, the security firm Trend Micro has detected a malware assault on primarily Russia, Kazakhstan, and Vietnam but also other countries. The command and control servers associated with the attack are located in the United States and the United Kingdom. The trojan horse in the malware is spread by both Adobe and RAR screensaver files. It is not known who is behind the attacks but the purpose seems to be to download documents. The location of the command and control servers doesn't necessarily provide a lot of information because Eastern European cybercriminals routinely have servers they control in western countries. This could just be some type of feud between rival gangs.

As long we are on the subject of cybercriminals, a Russian hacker known as "Soldier" apparently made over $3 million in a SpyEye and Zeus assault on U.S. individuals and companies in the first half of 2011. The SpyEye and Zeus trojan horses are used to steal banking and investment company username and passwords. It is reported that "Soldier" had one or two accomplices based in California and also money mules (who actually withdraw transferred funds out in cash). So just in case you don't think any of the banking malware we have been talking about is really out there on the internet, this story should give you pause. The interesting thing about this story is that this is only the exploit of ONE hacker. How many more of these guys are out there?
-- Eric Rasmussen

September, 19, 2011: Computer gamers have solved an AIDS-related molecular mystery that has eluded researchers for over a decade. Having failed finally to solve the problem with the protein-folding program Rosetta, University of Washington researchers decided to adapt the problem to a computer game called Foldit where players can manipulate virtual molecular structures that look like multi-colored Tinkertoy sets. The virtual molecules in the game behave just like real molecules as Foldit is based on real life chemistry. In a stunning result, the gamers were able to solve the decade-old problem in 10 days. A University of Washington researcher stated, "Although much attention has recently been given to the potential of crowdsourcing and game playing, this is the first instance we are aware of in which online gamers solved a longstanding scientific problem".

Hackers obtained control of around 450 websites over the weekend hosted by the popular Go Daddy site hosting company. According to a Go Daddy spokesman, the problem appears to relate to phishing attacks on the customers themselves wherein they were tricked into revealing usernames and passwords to their Go Daddy accounts. The infected websites were then used to direct users to other malicious websites. Go Daddy has already removed the injected malicious code from the websites but this is another lesson in being aware not to respond to emails requesting username and password information.
-- Eric Rasmussen

September, 15, 2011: The headline reads "Bot army being assembled, awaiting orders" at ComputerWorld.com. I see visions of endless robots on a distant planet getting ready for inter-galactic war. But no, it's just another botnet, made up potentially of millions of personal computers here on planet Earth. The botnet is being assembled through infected email attachments, with the global attacks coming in waves. The first wave was in August and used fake email notices from FedEx and UPS. There have been several additional waves since then. It is not clear to security researchers to what purpose such a large botnet will be used for. Typically botnets are used by the cybercriminals to send out spam, to launch malware attacks and for denial of service attacks. The problem for the cybercriminals is turning their efforts into money. Spamming does not pay well, denial of service attacks do generate botnet rental income but not necessarily that frequently and scareware attacks require a credit card payment ability which has been interrupted recently by international law enforcement agencies. However, attacks to steal banking credentials can be a lot more profitable so maybe the botnet will be used to spread the SpyEye trojan horse after it has been modified and perfected. That is a scary thought.
-- Eric Rasmussen

September, 14, 2011: There is a malicious trojan horse so scary that you will never want to turn your computer on. It is called Mebromi and has spotted "in the wild" in China. It is a rootkit that works by flashing the BIOS of the computer. The BIOS, software stored in a read-only memory chip on the motherboard, is responsible for the initial booting process including identifying and initializing hardware and loads and starts a boot loader program. The Mebromi trojan horse, by flashing the BIOS ROM chip, installs itself in the initial stages of the entire boot process. Security software only removes malicious software from the master boot record (sometimes) and the hard drive partitions but never the BIOS. So, what that means is that if you have Mebromi on your computer, the only way to get rid of it is to flash the BIOS plus you need to remove its flashing program from wherever it is hiding on the hard drive. Mebromi at this point only works against Award BIOS which is owned by the BIOS company Phoenix now. There have been reports in the past of malicious software that functions like Mebromi but no reports of actual attacks have been reported as far as I know. This is a very troublesome development and hopefully like Asian bird flu will remain in Asia.

One of the security techniques banks are now using to secure customer accounts is making available a two factor authentication where the first factor is the normal username password combination and the second factor is a pass key sent as a text message to the user during the log on process that is only valid for a short period of time. Well now the cybercriminals in eastern Europe are hard at work on developing a response to two factor protection. Their attack first infects the computer with the SpyEye banking trojan horse program. The next step is to trick any users with Android pones to install an app to allegedly work with the bank's online services but in reality is the trojan known as Spitmo that will intercept the text messages with the pass key sent to the user. To be sure, to get the whole process to work, the criminals first need to get SpyEye on your computer; then you need an Android phone; and then you need to be gullible enough to install the rogue app, which is a lot of nodes for possible failure. Nevertheless, you have to admit that the cybercriminals are clever and certainly persistent. My solution to this whole mess is to do my banking in person in the branch. I guess that reveals a bit about my age.
-- Eric Rasmussen

September, 13, 2011: This weekend hackers broke into the NBC News Twitter account and posted bogus tweets about a terrorist attack. So, whose account did they break into? It was the account of Ryan Osborn, the NBC New's director of social media. According to Osborn, he received an email the week before suggesting he get off of Twitter immediately because of the approaching Hurricane Irene. He responded to the email (first mistake) asking "who is this?" and received the reply of "I'm the girl next door" with a file attachment. You guessed it. Ryan then made his second mistake and opened the email attachment which presented him with the image of a Christmas tree. Unfortunately for Ryan, when he opened the email attachment he also allowed a trojan horse to be installed on his computer that contained a keylogger. Obviously it followed that the hackers soon had his username and password to Twitter (and who knows what else) and used them to post the bogus tweets. Ryan's third mistake was not running any security sweeps on his computer in the intervening week. Ryan's fourth mistake is obviously not taking computer security seriously or even understanding that there really is such a thing as a social engineering attack particularly a directed phishing attack. Too bad Ryan doesn't read this blog or he would have been better informed.
-- Eric Rasmussen

September, 11, 2011: There was a recent ruling by a National Labor Relations Board judge concerning Facebook comments of employees. The case involved five employees of the National Hispanics of Buffalo, a non-profit organization, that were fired for comments on their Facebook pages concerning their employer. Judge Arthur Amchan ruled that such comments, made outside of work hours, was a protected activity and an employer could not use such comments as a cause for dismissal. The organization was ordered to reinstate the five employees. The bottom line on the ruling is that an employee can write anything they want in Facebook outside of work hours regardless of any "Acceptable Use Policy" the employee may have signed. But the operative words here are Facebook, not necessarily other social networking sites, and after hours, so "Acceptable Use" policies still can apply during employee work hours.

I blogged about the TDL-4 botnet (also known as TDSS) back on July 2. The botnet continues in the news thanks to the internet security investigator Brian Krebs. This dangerous botnet, controlled by a criminal organization in Russia has infected millions of computers via the master boot record insuring it boots before the Windows operating system. The botnet is used for spamming, denial of service attacks, and spyware attacks. Some of the new information available is worthy of further attention. TDSS is so sophisticated that it can remove approximately 20 malicious programs that might otherwise infect a computer it is trying to control. One of the new features of TDSS is that an infected computer can be rented out as a proxy gateway to be used for anonymous surfing activities, all without the knowledge of the computer owner. For $160 per week, you can rent out 100 TDSS infected computers that will anonymize all of the internet activity driven through them. The coolest thing is that the cybercriminals now have a Firefox add-on to facilitate toggling between proxies within the browser. Interestingly, Krebs reports that the botnet rental can be paid with a credit card, indicating that some level credit card processing for the criminals is operational again.
-- Eric Rasmussen

September, 08, 2011: Twitter announced that they now have 100 million active users, half of which tweet on a daily basis. The total number of tweets per day is now averaging 230 million, which means that the 50 million users that are tweeting daily, average 5 tweets per day. In addition, in the near future Twitter will be supporting up to 17 languages. What I found interesting is that the growth in Twitter users is up 82% since the beginning of the year implying a beginning of the year user base of approximately 54 million. That is a staggering growth rate. Overall, the average monthly tweets is running in now in the 5 to 6 billion area. Yes, you read that correctly, 6 billion tweets. At this rate in 5 or 6 years Twitter will have 2 billion users and all that people will be doing is tweeting and reading tweets. Luckily there will still be several billion people not on Twitter all day that can dedicate themselves to agriculture so that the Twitter users will not starve. Seriously, if even a minority of the global workforce is reading tweets or tweeting all day, economic productivity has got to take a hit just like it has with Facebook. Perhaps we will get to a Fahrenheit 451 scenario where instead of banning books, governments will ban the personal use of the internet to force people to work. Then there will be the non-conformity group which will have secret internet wireless nodes as they try to keep the social networks running. Could be a good novel or a screenplay.
-- Eric Rasmussen

September, 05, 2011: Over the weekend Turkish hackers were able to penetrate the systems of two domain services management companies and then changed DNS records for apparently up to 200 companies including significant ones such as The Daily Telegraph, Vodafone, The Register, and Acer which resulted in valid web traffic being redirected to third-party websites. To the extent that users submitted usernames and passwords in the mistaken belief they were on a legitimate website, then that data may have been stolen. However, it would appear that the hacker exploit was just for fun as some of the affected sites showed a message from the Turkish hacker group Turk Guvenligi. Whether it was for fun or not, the exploit seriously affected many websites for hours, taking many of them offline until the DNS records could be fixed. It is not clear whether the Turkish authorities are interested in investigating this type of activity. The takeaway from this event for the small business running a website on their own or third-party servers, is that they are vulnerable to disruption if the domain services company is hacked allowing access to your account. Regardless of the use of safe internet practices as a small business, it doesn't help if the domain name administrator is hacked. While large companies can bring swift and heavy pressure to fix malicious DNS record changes, a small business might not get the same type of response potentially leaving access to your website down for hours and maybe days.
-- Eric Rasmussen

September, 03, 2011: Zynga, the maker of the very popular Facebook games Farmville and Mafia Wars, will be releasing a much more ambitious game in the near future named Adventure World. This will be more of an "Indiana Jones" type game, with a complex virtual world, 35 maps, puzzles to solve, enemies to be defeated and good stuff to find. According to Zynga, the game will be 40% larger than Farmville.

The saga of the missing iPhone5 prototype is worthy of a NCIS episode. Last week an Apple employee, in possession of an iPhone5 prototype for in-the-field testing, left it in a San Francisco Mexican restaurant named Cava 22. Naturally, someone walked off with it. Using the GPS electronics in the phone, Apple was able to trace the phone to a two-floor home in Bernal Heights. Initially, the San Francisco police denied that a police report had been filed concerning the theft. Now the tale gets stranger. The home owner, Sergio Calderon, says he was visited by six people claiming they were from the San Francisco Police Department. Mr. Calderon apparently has admitted that he was at the Cava 22 restaurant the night the iPhone5 was stolen. The investigators conducted a search of Mr. Calderon's home with his permission but without a search warrant but failed to locate the iPhone5. While at first denying there was such a search, the San Francisco Police Department now admits there was a search but their detectives remained outside the home while the Apple investigators went inside. The problem here is that the Apple investigators may have been impersonating police officers with the acquiescence of the San Francisco Police Department. There were several other people present in the home when it was searched. As of this time the whereabouts of the iPhone5 is unknown. What is even stranger is that this whole episode is a repeat of the iPhone4 incident where the prototype was also lost in a bar and subsequently sold to the tech online firm Gizmodo for $5,000. In that case Gizmodo and its involved employee escaped criminal charges but two men who found and sold the iPhone4 were charged with misdemeanors. Frankly, I don't know what to make of this whole story. It seems very clear though that Apple needs to review their internal policy for selecting field testers for their products..
-- Eric Rasmussen

September, 01, 2011: Symantec, the global security company, best known for their Norton Internet Security products, released their 2011 State of Security report. Somehow this report is seen to be positive, but it is all in the statistics. Only 70% of the businesses surveyed were subjected to cyber attacks in the last 12 months compared to 75% for the previous period. Well, that is sure a dramatic improvement. Likewise the number of businesses reporting losses from cyber attacks decreased to 92% versus 100% in the prior period. Ok, well that news is certainly good also. Finally, the growth in cyber attacks is slowing to an estimated 21% for the last twelve months compared to 26% for the prior period. But cyber attacks are still growing at 21% annually! Frankly, I am not sure I would describe this as "businesses are getting better at tackling cyber threats" as one website reported. Rather, the statistics are so close and given that they are based on surveys and also that many companies are reluctant to discuss successful cyber attacks against them, I think it is fair to conclude that the cyber attacks against businesses are continuing at a frightening pace with obvious success. My takeaway from this report is that the situation is bad and has not improved over the last year and that small businesses, not-for-profits and municipal entities need to be concerned and on guard against attacks. The cybercriminals are going to attack those organizations because they typically do not have dedicated IT staff, hardware firewall appliances and network monitoring for unusual activity. The first way to stop these attacks is to eliminate accessing personal email at work, accessing social networking sites not related to work and educating users on the danger of "spear phishing" email attacks that appear to be business related. Also, it is essential that the small organization conduct online banking only from a dedicated computer that is never taken online for any other purpose. Just as with the home user, the small organization has to realize that internet safety is 90% prevention.
-- Eric Rasmussen

August, 31, 2011: As I have previously blogged about, the "scareware" business for cybercriminals is on the rocks because the ability to process credit card payments from their victim's has been interrupted by international law enforcement agencies. I think that some of their energy has been redirected to traditional email attacks. The end result of the attack will not be a "scareware" attack but rather the hidden trojan horse that allows remote hackers to take control of a victim's computer. An example of these email attacks is fake email from Western Union suggesting that there is a money order waiting for you at a bank or branch. All you have to do as the victim is open the email attachment. The compromised computer does not directly generate revenue for the criminals but can be used in a botnet and potentially rented out for attacks by other criminals. Also, the hidden control can allow the criminals the ability to infect the computer at a later date when the credit card processing problem is resolved, as some in the security business believe will happen.
-- Eric Rasmussen

August, 30, 2011: As if you didn't have enough to worry about, with computer malware, identity theft, bird flu, earthquakes on the east coast and global warning, now there is secret camera surveillance. I am not talking about those clunky cameras in the bank branches. No, what we are talking about here is cameras so small they can be disguised as a screw head, or in a pen or pencil, built into pencil holders or other desktop items, concealed in fake smoke detectors or in ceiling vents. These cameras can record to attached SD memory cards or even connect wirelessly to a base station. Surprisingly, these devices are not expensive nor are they only available to security organizations. In fact, the cameras can cost less than $100 and are freely available. I'm sure there is going to be many illegal/invasion of privacy uses for this technology and it will generate plenty of embarrassing headlines. If you're a real paranoid person, then start checking out every object around you, but based on the photos I have seen you will have to be extraordinarily lucky to spot one of these cameras.

There is a new Facebook email scam making the rounds. The email suggests that it is a Facebook notification alerting you that you have lost a message and by clicking on a link you can recover such message. The goal of the scam is to drive internet traffic to certain websites, to install malicious software and possibly to steal usernames and passwords. The rule for this type of email and been repeated many times in this Blog, which is do not click on email links.
-- Eric Rasmussen

August, 29, 2011: The Pew Research Center has issued a new report on the use of social networking sites by Americans. The most recent survey in May 2011 showed that 65% of internet using American adults used a social networking site such as Facebook, MySpace, LinkedIn and other sites. Another way of looking at the data is that 50% of all American adults use social networking sites. What is absolutely incredible is that in 2005 those levels were only 8% of adult internet users and 5% of all American adults. On a typical day, 43% of internet user adults use social networking sites, up from 13% in 2008. Not surprisingly, email and search engine use are still the largest activities at 61% and 59%, respectively, by American internet using adults. Among internet users, 69% of women and 60% of men use social networking sites in 2011. I actually find that a little surprising that the male users are really not that far below female users. The real power users of social networking sites though are the 18-29 year-old age group where use is 83% for men and women, and 89% for women only. Other interesting data in the report is that use of social networking sites by adult Americans is roughly independent of income, of race and of geographic location (urban, suburban and rural). If you want to understand why Facebook (the company) is thought to be valued in the billions of dollars just consider the advertising potential to such a huge slice of the American adult population. The corporate rivalry between Google and Facebook is easily explained when you consider this report. Over the last six years the advertising lock that Google once had on the internet has been significantly eroded to the favor of Facebook. Again, this report was an analysis of American adult use only. Obviously, the global picture may be different.
-- Eric Rasmussen

August, 27, 2011: A hacker known as Thehacker12 breached a server belonging to Allianceforbiz.com, a trade show management company, and walked off with an Excel spreadsheet with 20,000 email addresses, associated passwords, names and organizations and then published it on the internet. As these things go today, a 20,000 item stolen email listing is not a big deal except in this case it included mostly U.S. government organizations including the State Department, the Small Business Administration, the FAA, HUD, the EPA and apparently also the military. So what are government employees thinking about that they would share their email addresses and passwords with a non-governmental trade show organization? Obviously, the data security in these organizations will be far below governmental levels (or so we hope). A hacker can make a lot of progress attacking these peripheral organizations in the hope of picking up useable information for a primary attack. Remember that one of the key security weaknesses is the reuse by people of their personal passwords. It would seem here that Thehacker12 was just showing he could do it and was not interested in further penetration into these organizations which is why the list was published publically. The really big problem here is that the Chinese military hackers have the same or better skills than Thehacker12 and you can be assured that they are not making their exploits public.

-- Eric Rasmussen

August, 25, 2011: I have blogged about the Zeus trojan horse software that is used by cybercriminals to steal online banking credentials several times. There have now been a couple of recent developments. Just to review, according to Computerworld, "the Zeus software has been a significant issue for banks... it is capable of intercepting login credentials in real-time on an infected computer and carry out immediate transactions....Zeus is also frequently undetected by antivirus software". The Zeus developer has apparently "retired" and the developer of the competitor trojan horse Spyeye has merged some of the software code together. One of the improvements according to security professionals is more built-in protection for the associated command and control server connections.
Another group of hackers have taken the Zeus software and added it to older malicious software called the Ramnit worm in order to attack two-factor authentication and transaction signing systems. The security firm Trusteer estimates that tens of thousands of computers used for online banking are currently infected with the Zeused-up Ramnit.
The bottom line on all of this is that the cybercriminals are working hard to not only get the malicious banking software on your computer but also to defeat security features set up by the financial institutions. If you are going to do online banking, it is essential to follow safe internet security practices to begin with. Please visit the Internet Security page of the Blackhawk website for a somewhat long discussion of how to keep your computer safe. Remember, if you think that anti-virus software is going to protect you, then you have already lost.
-- Eric Rasmussen

August, 24, 2011: In case you missed it, Steve Jobs resigned today as CEO of Apple apparently because his medical condition was preventing his ability to carry out his job functions. While a lot of people don't like Apple's way of doing business, there is no denying the ability of Jobs to combine creativity, vision and marketing in his career. It is probably too early to fully understand the vision of Jobs since we are still in the beginnings of the smartphone mobility revolution and to a lesser extent in the tablet revolution. I think that ten or twenty years from now we will look back and be amazed about the effect Steve Jobs had on our lives whether we use Apple products or not.

Google admitted guilt and will pay a $500 million fine related to allowing Canadian pharmacies to illegally advertise prescription drugs to U.S. consumers on their search engine. What is incredible about this drama is that Google recognized the legal issue as far back as 2003 and even stopped other foreign countries from similar advertising but allowed the Canadian advertising to continue. If I were a large shareholder I would be looking for blood in their legal department and their outside legal firms that just cost the company a half-billion dollars due to stupidity.

I will not get into the details of the recent shutdown of cellphone service in San Francisco by the Bay Area Rapid Transit (BART) authority at four stations to head-off planned demonstrations related to a fatal police shooting. But the whole event drew the attention of the hacker group Anonymous who reacted against the concept of blocking cellphone service and limiting personal freedoms. In a dispute with the spokesman of BART, Anonymous decided to make a point by publishing semi-nude photos of the gentleman on the internet today. I guess they don't like this guy. The key takeaway here is to be aware that any and all information about you on the internet is available to determined hackers. In this age of social websites, the information may be on the online profile of a friend or even on that friend's computer. So if a friend is taking compromising photos of you at the weekend beer party, grab their smartphone or camera and throw it into the nearest toilet. You may lose a friend, but your privacy will be protected!
-- Eric Rasmussen

August, 23, 2011: Since the light of the first dawn, Americans have always been the largest buyers of personal computers. That record came to an end in the second quarter of 2011 as China surpassed the U.S. in both personal computer shipments and sales. The trend also seems to indicate that China will now hold onto that number one position for the foreseeable future. In the second quarter Chinese shipments of personal computers increased 14.3% to 18.5 million units while the U.S. decreased 4.8% to 17.7 million units for the same period.

Facebook is making some privacy setting changes that helps users understand who can see what they post and also block unwanted photos. Elinor Mills at CNET has written an article about these changes and goes into some considerable depth which is beyond what I want to cover myself. The article is linked on our Tech News page. I think any Facebook user that has privacy concerns should read this article.
-- Eric Rasmussen

August, 22, 2011: IBM researchers have unveiled an experimental chip that will attempt to mimic the neuron-based functioning of the human brain. The name of this chip is too cool to be true: SyNAPSE which is short for Systems of Neuromorphic Adaptive Plastic Scalable Electronic. This is a step forward in attempting to artificially develop processes that the brain performs with its 100 billion neurons and 1 trillion connections or synapses. As an IBM scientist involved in the research says, "We see an increasing need for computers to be adaptable, to develop functionality today's computers can't. Today's computers can carry out fast calculations. They're left-brain computers, and ill-suited for right-brain computation, like recognizing danger, the faces of friends and so on, that our brains do so effortlessly". So after we develop this for a decade or so and wire all of these chips together, then the robots will be able to recognize the humans upon sight, be able to anticipate danger from our weapons, understand our fears and irrationalities and defeat us with their global command and control system. Thanks a lot IBM.

Yale University has notified 43,000 faculty, staff, students and alumni that their names and social security numbers have been publically available on the internet for the last 10 months. Apparently, the data was stored on an FTP server that somehow became searchable through Google. The server has been closed down and Google has confirmed that the data is no longer available. It is not clear if the FTP server was accessed by unknown persons or if there have been any reports of compromised personal information. But I would bet that with the ease with which hackers employ network tools to examine internet-facing servers (such as FTP servers) the data has long since been accessed and copied. A Yale FTP server would have been a tempting high profile target and certainly attracted hackers who must have fallen out of their chairs when they recognized the data included social security numbers and was unencrypted.
-- Eric Rasmussen

August, 21, 2011: I blogged back in June about the legal dangers of using a public BitTorrent tracker. I have also been warning customers about the risk of downloading infected torrents when using public Bit Torrent trackers. Now the security firm Trend Micro is warning that according to their research the Koobface worm is now spreading through infected torrents. Koobface is a trojan horse that establishes a peer-to-peer botnet and can cause browser redirection, and pay-per-installation of malware on the targeted computer. The infected computer then can act as the host for the next attack, explaining the "worm" nature of the program. Koobface was very prominent on Facebook in 2010 and 2009 but has receded as a current threat. Once again we recommend that you torrent only if you can get yourself invited into a private tracker.

There is a new risk in the security news concerning those cellphone charging kiosks in airports and other public places referred to as juicejacking. It seems that by using a USB power and data cable (which is what we all use and come with the cellphones) attached to the kiosk, all of the data on your cell phone could be downloaded (as in emails, text messages, address book, compromising photos and so on) as it is recharging. While this attack has been demonstrated by security professionals, there is no record of any actual attacks yet. Of course, now that the vulnerability has been made public it will not be long before the criminals put it into practice, or governments, such as China. If I had any important data on my cellphone I sure would not be recharging it in the Shanghai Airport. You also could purchase a power-only USB cable and directly block data access to your cellphone.
-- Eric Rasmussen

August, 17, 2011: There is an email attack circulating that computers users should be on alert for. The malicious email is a traffic ticket notification from New York City claiming you have a speeding ticket. The email directs you to an attachment to print the ticket which causes a trojan horse to be downloaded on your computer. Of course, if you haven't been driving in New York City it should be fairly obvious this is a scam but, in any case, do not let your curiosity get the better of you.

On August 15 I blogged about the website vulnerabilities related to using osCommerce web tools and the identification of over 8 million websites infected as a result according to security experts. The cybercriminals identify websites with security vulnerabilities by using botnets, thousands and sometimes millions of computers controlled secretly, and using Google search with specific search query terms. The search process is controlled so as not to raise red flags at Google. These search queries are referred to as Google "dorks". The automated process in essentially a reconnaissance to identify websites which can then be ranked and attacked in an organized process. So if you think that your little commercial website will fall under the radar of the criminals in Eastern Europe be aware that is an incorrect conclusion.
-- Eric Rasmussen

August, 16, 2011: Today's Blackhawk Blog is going to be a bit different. Instead of me summarizing, condensing and highlighting important or at least interesting topics dealing with technology, I am going to assign homework instead. Did I just hear a collective groan from you? The reason for the homework is that there are three very interesting articles that it would be better for you to read in their entirety rather than have me blog about. The links to all three articles can be found on the Tech News page at www.blackhawkcs.com. The first article you need to read is "How To Remove Yourself from People Search Websites" at ZDNet on 8/15/11. After you get into the article you will understand its complexities do not permit an easy summarization. Everyone concerned about the amount of personal data available about you on the internet should read this. The second article, which is really a slideshow article, is "When Facebook Gets Creepy" at PC Magazine also on 8/15/2011. As the name implies, you heavy Facebook users may be interested in this. Lastly, keeping to the theme of privacy, there is an article at eWeek today, "Internet Users Unknowingly Risk Identity Theft: Report" which discusses important privacy issues. Tomorrow, there will be a 10 question quiz posted on Facebook to test your knowledge from the articles. Just kidding.
-- Eric Rasmussen

August, 15, 2011: The security firm Armorize reports that 8 million legitimate web pages, mostly published by small businesses, have been infected over the last few months in an exploit that received accolades for inventiveness at the recent Black Hat hacker convention in Las Vegas. The exploit involves vulnerabilities in websites using osCommerce, a free customer interaction tool. Specifically, the exploit involves security holes in the osCommerce application that allows the hacker to inject malicious code into the website file structure on the hosting web server. When a visitor accesses the website they are attacked by a drive-by download that installs software that redirects the computer to a server for further malicious downloads. If a Google or Microsoft detects malicious code on a website, a small business runs the risk of having their website blocked or blacklisted for potential danger. This in turn requires a request for a review of the website after it is cleaned-up but it is a time consuming and slow process. This is a serious problem for small businesses using osCommerce and anyone accessing such websites. The malicious software installed on visitor computers is difficult for standard security programs to recognize. The criminal gang behind the exploit is said to be based in the Ukraine. If your company is using osCommerce then you should seek the advice of your web developer immediately.
-- Eric Rasmussen

August, 14, 2011: The Krebs on Security website discusses many aspects of the internet crime underworld. It is fascinating to learn that there are Russian websites where you can purchase stolen credit card information including card number, bank issuer, cardholder name and mailing address, expiration date, security code, phone number, and sometimes the date of birth and mother's maiden name. You cannot purchase stolen credit card information with a credit card, but rather with "virtual currencies" such as WebMoney and LibertyReserve. You can search for credit cards by type and location to facilitate your use of the stolen data. What is so interesting is that the value of a stolen credit card is less than $5.00 even when the website adds fees for specified conditions. This clearly suggests that there are so many stolen credit cards for sale that the market has pushed the pricing down to a low level. This may be bad for the criminals but is really not good for world-wide consumers who have had their card data stolen and don't even know it and the cards haven't even been used yet fraudulently because there are so many of them for sale. Definitely not good.
-- Eric Rasmussen

August, 13, 2011: Google+ now has 16 games including Angry Birds which is where I have been instead of blogging. I actually prefer mouse control over the touch screen of my Droid smartphone so we will see how long it takes me to tie my personal record of three stars on all layers.

A few weeks ago I blogged about the fake Apple store in China that had been spotted by some tourists in the city of Kunming. Well now Chinese authorities in the same city have identified 22 additional stores using Apple's logo. Apple has already filed a trademark infringement complaint in China but the problem must be a lot worse than it appears because so far all of the fake stores have been in just one city. It does appear that the stores are selling real Apple products which demonstrates the strength of the retail demand in China.

The IBM 5150 personal computer was 30 years old yesterday. I remember when we brought the first two into the office in 1981, and put them to work on Lotus spreadsheets. Of course, our spreadsheet ambitions were immediately limited by the miniscule amount of memory installed and so began the unending upgrade and replacement process. Now my Droid smartphone has more processing power and storage by far than the original PC's.
-- Eric Rasmussen

August, 11, 2011: It's a tough job being a cybercriminal or so you would think. It seems that the Russian developer of the dangerous rootkit TDL decided to add to his income by selling copies of his software to other criminal groups. One of those groups decided some tinkering was in order and modified the TDL rootkit into a rootkit known as ZeroAccess. But the creators of ZeroAccess went one step further and developed a tool to remove the TDL rootkit if it was found on a victim's computer. The second cybercriminal group now sells ZeroAccess with the TDL removal tool, proving that it is very hard to trust another crook.

Apple was awarded a preliminary injunction in Germany which blocks the sale of the Samsung Galaxy tablet in all EU countries except the Netherlands. The basic point is that Apple alleges the Samsung Galaxy tablet is in violation of a patent it owns. The problem for all tablet manufacturers is that Apple's patent is based on very generic drawings. Apple chose the Samsung Galaxy tablet because it is the best selling tablet in Europe after the iPad. But based on the preliminary injunction against Samsung, some analysts are suggesting that every tablet is in violation of Apple's patent regardless of the manufacturer or operating system. Wow........that could be really big. While the result is sure to be appealed, the possible consequences are scary. The Apple conquest of Planet Earth continues.
-- Eric Rasmussen

August, 10, 2011: I'm sure a lot of Facebook users were nervous today when it became more widely known that Anonymous had posted a video in July stating that they were planning to "kill" Facebook on November 5. It would be bad enough to be cut-off from Facebook if you were raptured but there might be other things to do in Heaven other than the internet. But what if the hacktivist group could really bring Facebook to its knees? What would we do all day long? Well, I wouldn't worry too much at this point because that video may not have originated with Anonymous (it's a fake) or at the least does not reflect a consensus of its leadership. In addition, Facebook employs some fairly well qualified people and it will not be all that easy to disrupt or to penetrate its systems. The best way to get to Facebook is to continue hacking other websites and gather user names, email addresses and passwords because these passwords in many cases have been reused by the users for their Facebook accounts. Perhaps a multi-prong attack from inside and outside would overwhelm security staff and permit some temporary level of disruption.
-- Eric Rasmussen

August, 09, 2011: Citigroup's Japanese credit card unit was hacked and they admitted to the loss of 92,000 customer accounts including names, addresses, phone numbers, and birthdates but not pin numbers and card security codes. Nevertheless, this is an additional embarrassment for Citigroup which was hacked in June and lost data on 360,000 accounts. I am really having a hard time understanding why credit card databases are not more secure considering the interest they must have for criminals.

There has been a definite drop-off in the amount of "scareware" (otherwise referred to as fake antivirus and fake utilities) infecting computers in the last six weeks. This has been commented on by security industry professionals and is also evident even with our local business. There seems to be two reasons behind this reduction. First, there has been some movement in the international financial community to stop the foreign banks from processing the victim's credit card payments. The banks in question are based in Eastern Europe which is no surprise. The second reason has to do with the arrest of Pavel Vrublevsky, co-founder of the Russian online payment company ChronoPay, by Russian police in the end of June. His organization is thought to have been heavily involved in the fake anti-virus software/scareware business. It is not clear why Vrublevsky was arrested by a law enforcement organization on the payroll of the Russian Mafia. It may be that Vrublevsky was playing outside of the box, or perhaps wasn't remitting sufficient profits to the big bosses. It may be he was just an independent criminal that the Russian Mafia decided was just a little too successful. Whatever the reason, I think scareware will need to resolve how to process credit card payments from victims before it reemerges.
-- Eric Rasmussen

August, 07, 2011: The hacktivist group Anonymous announced Saturday that they had hacked 70 law enforcement websites in the southern and central United States in response to recent arrests of their supporters in the Unites States and the United Kingdom. In addition to shutting down websites, mostly of sheriff departments, and cleaning off of website data, Anonymous says they stole 10 gigabytes of data. The claims of Anonymous cannot be verified at this point.

I just blogged about on August 5 a home-made drone presented at the DEF CON hacker convention in Las Vegas. Now also in the news is a new experimental spherical drone created by the Japanese Advanced Defense Technology Centre. The sphere, about 16 inches in diameter, can fly down narrow alleys, can hover, take off vertically and even bounce along the ground. The sphere is powered by a propeller protected by the spherical enclosure. It is capable of carrying surveillance devices. A researcher stated that in the future, "it could be used as a formidable pursuit vehicle that can travel above traffic or spy on a target through a window". I suppose the next development will be to put weapons on it to chase humans who are rebelling against our robot masters. Well, we are a ways away from that point, but the pace of technology in the labs is just staggering.
-- Eric Rasmussen

August, 05, 2011: Yesterday I blogged a bit about the weaknesses in Siemens industrial control computers exposed in a presentation at the Black Hat hacker convention in Las Vegas, a regular annual event for about 15 years and a recruiting ground for security firms and government agencies of hackers who want to work for the good side of the Force. As such, hackers present all types of findings, software weaknesses, proposed hacking exploits and associated technology most of which is not "in the wild", that is already on the loose on the internet. One of the presentations was just unbelievable and warrants a few comments. A hacker group has built a home-built aerial surveillance drone that can be used to hack cellular and Wi-Fi networks. The drone is constructed basically out of styrofoam, is 76 inches long and 27 inches tall, can fly up to 22,000 feet, weighs a total of 14 pounds and only takes an operator about 30 minutes to learn how to fly. Its electronic eavesdropping payload includes a small computer running software capable of detecting and hacking into cellular, Wi-Fi, RFID and Bluetooth communications with assistance from a larger ground station computer to which it connected through a secure VPN channel. The cost to build the drone was only $62,000. This is the type of technology used by the military and costing tens of millions of dollars per drone and involving huge ground-based support. While no one is suggesting that the hacker drone has military-level capabilities, it is nevertheless a remarkable and very scary effort. Can you imagine one of these drones in the hands of a criminal organization, a true black hat hacker group or even a hacktivist group such as Anonymous? It is only a matter of time.
-- Eric Rasmussen

August, 04, 2011: Some Starbucks coffee shops in New York City have been blocking power outlets in their customer seating area to discourage all day long squatters with their laptops. Apparently, some people are guilty of sitting all day in Starbucks and using the free internet and enjoying comfortable furniture and using space that other customers could use, you know, to drink coffee. By blocking off electrical outlets Starbucks is hoping to at least limit the squatters to the charge on their laptop batteries.

On a much more serious note, a security researcher has presented to a preview audience at the Black Hat hacker convention in Las Vegas his findings on the security weaknesses of Siemens S7 computers that "are used to control engines, machines and turbines in tens of thousands of industrial facilities". These Siemens computers are the same type targeted by the Stuxnet worm that damaged centrifuges used in the Iranian nuclear development program and thought to have been originated in Israel and/or the United States. It seems that there are many more vulnerabilities in the devices and the researcher has been working with Siemens to patch them. But the problem is that many devices deployed in the field would have to be rebooted to have their software upgraded and this is no simple or inexpensive task for companies such as electric utilities. The very scary conclusion of some analysts is that these findings are already known to the bad guys, whoever they may be. In other words, we could be about to experience a "Die Hard" like movie in reality at any time as the bad guys shutdown the power grid or disrupt industrial operations, coupled with a short sale ahead of time in the futures market in order to financially benefit from the market reaction. Not good.
-- Eric Rasmussen

August, 03, 2011: The security firm McAfee has uncovered evidence of an extensive hacking campaign over the last five years against the governments of the United States, Canada, South Korea and 12 US defense contractors and other targets. McAfee came across the information while analyzing a command and control server used by hackers at previous break-ins at US defense contractors. The server that McAfee was able to seize control of had activity logs detailing the hacking campaign. There was apparently a huge amount of data stolen from a preliminary count of 72 organizations. The nature of the data stolen and its destination are not known at this point. What is clear is that the initial attacks were "spear-phishing" emails aimed at specific people within the organizations who in many cases clicked on infected links or opened infected email attachments. After getting onto an organization's computer in this manner, the attackers were then able to install further software for monitoring, collection of usernames and passwords, network probing and data extraction. This is a very important and worrying matter. The identity of the attackers is unknown at this point though McAfee suspects China though other analysts are not so sure.
-- Eric Rasmussen

August, 02, 2011: The saga of Jake Davis, the suspected member of the hacktivist group Lulz Security, is getting more interesting by the day. To begin with Jake Davis lives on the island of Yell, in the British Shetland Islands, very remote and with poor internet connectivity. After his arrest was announced, the internet came alive with the rumor that Davis wasn't the Lulz Security user "Topiary" and that he had been set-up by persons unknown and that the real "Topiary" lives in Sweden. That rumor seemed to dissipate when British police announced that they had seized Davis's laptop and that it had over 750,000 accounts with usernames and passwords on it together with material about Lulz Security and other incriminating data. So Davis was carted off to the mainland, spent a couple of days in jail and is now out on bail on the mainland wearing a security bracelet and with court orders for a curfew and an internet prohibition. Did you see pictures of Jake Davis? He is a very young looking 18-year old. He is frankly just not what I expected. I guess I have seen too many movies but I was thinking more along the lines of a Mission Impossible operative type, maybe sick of government work and now using his skills to embarrass the bullies, the greedy and those abusers of human rights all over the world. Jake Davis definitely does not fit that bill at all. What is curious, though I am not a hacker, is that any individual would be a hacker in a remote location with probably only one internet connection to the mainland that could be easily monitored regardless of how many proxy servers he used in his connection stream. What's more, when the police are closing in, Yell does not present very many places to hide, really none at all on an island with only about 1,000 inhabitants. I would think that a major metropolitan area would be a better place to conduct your hacker activities from. And lastly, given the aforementioned risks, I would think any hacker would be extremely careful about the data maintained on their computers, at a minimum encrypting it with an unbreakable cipher so that you could laugh in the face of the police when they burst through your door. Maybe I should be a hacker after all.
-- Eric Rasmussen

July, 31, 2011: The Czech-based security company, Avast Software, has released a study of malicious rootkits on Windows computers. The study is based on a survey of 600,000 computers and thus should be considered fairly robust. While Windows XP computers represent 58 percent of the total Windows installations, Avast found that 74 percent of rootkit infections were on XP computers. There are a number of reasons for this disparity. First, as the oldest operating system in the survey (except for 3 Windows 98 computers in Mongolia), Windows XP has been analyzed for weaknesses for the longest period of time by cybercriminals. Second, Windows 7, representing 31 percent of Windows installations is the best protected system particularly the 64-bit version. Lastly, a great number of XP computers are still not patched with Service Pack 3 and thus are not receiving Windows updates. As we have previously blogged, if you are using Windows XP it is absolutely essential that it be up-to-date with Service Pack 3 installed.
-- Eric Rasmussen

July, 30, 2011: The rise of robotics in the workplace was strongly highlighted by an announcement this week by the Taiwan-based Foxconn. Foxconn, the world's largest technology manufacturer, employs 1.2 million people of which 1 million are based on the Chinese mainland. Currently, it uses 10,000 robots in its manufacturing processes but that number is expected to increase to 1 million in three years. The robots will be used for spraying, welding and assembling, tasks which are currently performed by workers. The increased use of robots is to help Foxconn deal with demand for its products and rising labor requirements and labor costs. The bottom line is that robotics have an increasing capability of replacing humans in manufacturing processes. While this is not necessarily some new information, the scope of the future use of robotics at the world's largest technology manufacturer should really draw attention to this trend. If Asian manufacturing workers are being replaced by robots, then what chance do much higher cost workers in America have?

Sometimes you really have to wonder about people. A man wanted in New York for beating and harassing an ex-girlfriend taunted police on Facebook after seeing his wanted picture by posting "Catch me if you can, I'm in Brooklyn". So, the police armed with that information quickly tracked the man to an apartment in Brooklyn and arrested him. The police stated. "He told us via Facebook to come and get him and we did". Enough said.
-- Eric Rasmussen

July, 28, 2011: The South Korean social networking website Cyworld and its associated web portal Nate which offers email have been hacked. The hackers, suspected to be based in China, stole names, phone numbers, email addresses and other user account details. But what makes this hack really newsworthy is that the number of users affected is 34 million, which basically represents the entire country of South Korea which only has a population of 49 million. So after you subtract the very young and the elderly, the hack is the whole country!!! How efficient is that?

Looks like the British police got the wrong man in a raid in the Shetland Islands Wednesday. They thought they were apprehending the Lulz Security hacker known as Topiary but instead ended up with a 19 year-old Scotsman set up on the web to be mistaken for him. The real Topiary is believed to be a 23 year-old Swede.
-- Eric Rasmussen

July, 27, 2011: There is an article in CNN Money today titled "The cyber Mafia has already hacked you" and it is well worth reading. I think it is consistent with what I have been telling customers for a few years now about the cyber crime threat from Eastern Europe and Russia in particular. While a good blog is not supposed to quote large sections of other articles or blogs, at least let me present a couple of comments from the article. "It's not like the Mafia, it is a Mafia running these operations". "The Russian Mafia are the most prolific cybercriminals in the world". You will find the article on our Tech News page indexed for July 27. If you want to have nightmares about your computer being hacked, then read this article.
-- Eric Rasmussen

July, 26, 2011: The security firm Trusteer has reported that the dangerous SpyEye trojan horse, that specializes in stealing online banking usernames and passwords, has been evolving in order to outsmart the efforts of financial institutions to defeat it. SpyEye has now developed the capability to interact with a given financial website more like a real person would in terms of pages viewed, speed of responses, or in other words in a normal pattern. Financial institutions have developed software to watch for telltale signs when a user interacts with their online account in an abnormal way particularly when a transaction is initiated faster than an average person could do it. Interestingly, SpyEye is not just targeting the United States and Western Europe but also Eastern Europe, Saudi Arabia, Bahrain, Oman, Japan, Hong Kong and Peru. In other words, online banking crime is truly a global problem and it isn't going away. Trusteer noted that the number of SpyEye command and control servers for its botnet have increased from 20 in May to 46 today. This is very serious indeed.


I am one of those lucky people to have a Google+ account. Recently, Google+ has reached the 20 million user level, not bad for just a couple of weeks. Today was a particularly big day as another noted social networking and computer user has joined the ranks of the large beta testing group, namely Paris Hilton.
-- Eric Rasmussen

July, 24, 2011: Facebook scammers wasted no time in putting up messages with a link to a supposed video of Amy Winehouse getting high on crack a few hours before she died. This scam leads to the inevitable survey scam which we blogged about, in general, yesterday. The only way to end these types of scams which prey on the tragedies of others is simply not to click to begin with. If you receive any of these type of this messages, then contact the sender and ask that they take it out of their newsfeed in order to stop the further circulation from that user's profile.

The internet is a totally weird place, which I am sure is not a surprise to just about any of the human inhabitants of this planet. Are you aware that the impending collision of Earth with the planet Nibiru is not only a belief shared by many people but is actively discussed on 2 million websites (an estimate made by a scientist at the NASA Ames Research Center)? Did you see that number? 2 million websites. In case you're wondering, a certain "contactee", Nancy Lieder, first proposed this forthcoming cataclysmic event in 1995 after aliens in the Zeta Reticuli star system put an implant in her brain. No, I'm not kidding. Read the full article on today's Tech News page. Anyway, a somewhat similar idea concerning a Planet X was proposed by the late writer Zecharia Sitchin based on his translation of ancient Sumerian writings. This is a big discussion topic on the internet. I'm sure the aliens on Zeta Reticuli are having a good laugh at our expense about all of this since instead of wandering around earth putting interplanetary communication implants in people's brains what they were really doing was swapping human brains for mouse brains, very dumb mouse brains. And yes, they told me this because I am in their Google+ friends circle.
-- Eric Rasmussen

July, 23, 2011: The Facebook scammers wasted no time in capitalizing on the tragedy in Norway. In the scam, a Facebook message asks you to click on a link to view a video of the bomb blast in Oslo. If you oblige by clicking, you are taken to a page that requests you take a survey to prove you are over 18 years of age which can then lead to a further IQ test if you supply a mobile phone number. Of course, if you are this far into the scam, don't expect great results from any IQ questions. There is also another Facebook scam circulating that suggests by installing an application you can discover those people stalking your Facebook profile. In this case the rogue application will ask for permission to access your Facebook profile. The end result of the scam is to use the infected account to spread more scam messages and drive users to an online survey that the scammers get paid for. One of the things that frankly confuse me is who ultimately pays the scammers for the completed surveys and what is the real value of the surveys. What kind of cross section of society do these types of users represent and how applicable would their views be as typical consumers? I wonder if the real people being scammed are the those actually paying the scammers? Just a thought.

-- Eric Rasmussen

July, 22, 2011: Google announced a few days ago that they will display a warning above the search results if they detect your computer is infected with malware. Specifically, if the communication from your computer to Google is via certain proxy servers that have been identified with malware operations then Google can conclude your computer is infected. We see a lot of computers that are communicating via proxy servers without the knowledge of the user for various criminal purposes. Google can detect a few of these proxy servers when you use Google search and can then alert you. However, this is a very specific set of risks and the absence of a notification from Google does not mean your computer is not infected!! There has also been a further issue raised today that cybercriminals will soon figure out how to display a fake Google notification so that when you click on it you will infect your computer. This is just talk at the moment so we will have to see how this develops "in the wild".
-- Eric Rasmussen

July, 21, 2011: Everyone has heard of fake Rolex watches and other merchandise made in China and then sold around the world to consumers. Now China has gone a step further with fake Apple stores (which are located in China). It seems the stores sell both real and fake Apple products and are so sophisticated that neither customers nor even some employees realize that it is a fake store. I wonder what Apple and its army of lawyers are going to do about that. Maybe they could sue the whole country and win in world court and get trillions in damages? If I were in the Chinese Politburo I would be cautious about the wrath of Apple and Steve Jobs.

The small Dutch company Sparked has developed a wireless health sensor that is attached to a cow's ear which provides a farmer critical health data on an animal. The data feed can provide early warning on disease or pregnancy. This is an interesting story for a couple of reasons First, I think the world will need a bandwidth upgrade if we put wireless internet sensors on all of the world's pigs, cows, cattle and horses. Secondly, if the technology will work on cows then how about humans? All kinds of critical health data could be streamed to the nearest server for continual health analysis. That type of health care expenditure would finally bankrupt our country. Also, when the robots seize control of society in the future, they can use the data to eliminate the non-healthy humans before having to use critical resources on us. I know, that's a big jump from sensors in the ears of cows but who would have envisioned even that twenty years ago?
-- Eric Rasmussen

July, 19, 2011: FBI agents executed raids in New York, New Jersey, Florida and California today and arrested 16 people accused of carrying out "computer crimes that damaged or breached protected systems" and charged them with conspiracy and intentional damage to a protected computer. These individuals appear to be volunteers to the hacking group Anonymous and helped in their denial of service attacks earlier in the year against PayPal servers. PayPal, at the time, had removed the ability to forward funds to the controversial WikiLeaks website which caused them to feel the wrath of Anonymous in a denial of service attack that disrupted their online operations. Anonymous utilized the efforts of volunteers to participate in the attacks and coordinated them through Twitter messages. I doubt that these people arrested today are core Anonymous members.
-- Eric Rasmussen

July, 18, 2011: Lulz Security is back in the news hacking into servers of News International, a subsidiary of Rupert Murdoch's beleaguered News Corp. On one server Lulz posted a fake story that Murdoch had died while on a server of the daily tabloid The Sun they put a redirect in place to the fake article. If Lulz is truly back then their retirement didn't last long or it could just be a splinter group as opposed to the original group which is still being sought by the FBI and European law enforcement agencies.

The other high profile hacktivist group, Anonymous, announced that they will be forming their own social networking site. Apparently, this is in response to some of their suspected members getting the boot off of Google+. The new social network will be called AnonPlus. It will be free from censorship, rules, controls devised by the military-industrial complex and parental oversight.
-- Eric Rasmussen

July, 17, 2011: There is a fearsome patent battle raging concerning the Android operating system as implemented by the major Android smartphone manufacturers HTC, Samsung and Motorola. Last week, the International Trade Commission ruled that the Korean HTC was found to have violated two patents held Apple. Both patents relate to critical processes on the HTC Android smartphone. If HTC cannot find a technology workaround and Apple does not want to license the patents, then HTC in the worst case will not be able to import the affected products into the United States. Of course, HTC may be able to settle with Apple and pay a royalty going forward but Apple may be more interested in killing off a major Android competitor to its iPhone.

A third-party seller last Friday on Sears.com incorrectly posted a price of $69 for iPad2's that normally sell for $745. Alert buyers were all over that and numerous sales occurred though Sears is not saying how many. But when Sears discovered the error they notified all of the buyers that the sale would not be honored. Naturally, that has left some irritated consumers who are now wandering the streets acting like angry crazed zombies. So if you see such a person at least don't pull out your iPad2 in front of them to check on nearest medical or law enforcement facilities. Their reaction to say the least may be unpredictable.
-- Eric Rasmussen

July, 15, 2011: Deputy Defense Secretary William Lynn disclosed that in March 24,000 files related to an undisclosed weapons system were copied from a defense contractor's databases. While no specific country was mentioned, he did say that a "foreign intelligence service" was involved. The breach was significant enough that the weapon system may have to be redesigned. Sounds like another cyberattack with Chinese fingerprints on it to me.

There is an increasing problem of legitimate website programming being modified by cybercriminals with the purpose of installing malicious software when a user visits the website. Some of the malicious software being installed includes the very dangerous Zeus trojan that is capable of stealing banking and investment logon information. The manner in which the websites are being infected is not clear though weak FTP passwords, infected servers and SQL injection techniques are the most probable. I recently had a commercial customer whose website was hacked due to a weak password that succumbed to a dictionary attack. The best solution to this problem, though not airtight, is to use Firefox as your browser with the NoScript add-on enabled. This add-on allows you to disable scripts that run when you view a webpage. The controls allow you to turn off scripting for a website, individual web pages or individual scripts. It has not been an add-on we typically install for customers because either it requires a bit of a learning curve or people just don't understand it at all. Instead, we have been recommending using Firefox with the Web-of-Trust add-on and staying only on "green" rated websites. However, you can still be attacked from such a site if it is infected after being rated "green". Because of the increasing likelihood of this occurring, we are going to revisit recommending NoScript and will blog more about it in the coming weeks.
-- Eric Rasmussen

July, 14, 2011: The former prime minister of the United Kingdom, Gordon Brown, has accused the British newspapers of using malware to gain access to the computers of government officials and celebrities. Mr. Brown's comments were made in the House of Commons earlier this week amid discussion of the "News of the World" cell phone hacking scandal. I read his comments and he did not offer any specifics. This would be an interesting application of malware where a specific person is targeted with a "spear phishing" attack generally via email. In this case, instead of attempting to steal information for identity theft or online banking information which is the purpose of the cybercriminals, the newspaper investigators may have been using similar techniques to retrieve personal and "newsworthy" information from the documents and emails of individuals. Of course, the normal person should not be of any interest to investigators but it is still an interesting trend.

The security company Avast Software is reporting that 60% of users are using an out-of-date version of Adobe Reader, software used to read PDF files. The latest version is 10.1. Because of the wide use of Adobe Reader, its vulnerabilities have been targeted by cybercriminals though Adobe has continuously updated the software. It is very important to use only the latest version of Adobe Reader or you are exposing your computer at home or the office to a wide variety of malware threats.
-- Eric Rasmussen

July, 13, 2011: Tomorrow, as I am sure you are aware, is Bastille Day, the most important French holiday of the year. It celebrates the storming of the Bastille in Paris in 1789. Apparently, there was some shortage of wine and cheese and the people rioted. It seems like people riot in France continually so I'm not sure what the big deal is, but cybercriminals are using the event to infect computers via email attacks. The email suggests you open an attachment to see Bastille Day activities which then installs a trojan on the computer. However, according to an article at the Naked Security Blog of Sophos.com, the cybercriminals made the minor mistake of targeting the French population but using an email written in English. Obviously, they need to have some additional staff meetings and discuss quality control. These shortcomings are always the natural result when your organization is very successful but grows a little too fast.

The scams on Facebook are getting weirder. One of the latest wants you to click on a link to view a video of a spider under somebody's skin. By clicking on the link, you end up taking a survey but never get to see the video. Somehow the scammer gets paid on a per survey basis. The whole thing seems rather ridiculous but it appears that Facebook users are clicking on this type of stuff.
-- Eric Rasmussen

July, 11, 2011: From a computer security viewpoint we are doomed. The Department of Homeland Security conducted a test earlier this year by leaving USB thumb drives and CD's in government building and private contractor parking lots. The point of the test was to determine the security risk associated with the gullibility (or rather stupidity) of employees. The results of the test have not been officially published (because they are too embarrassing no doubt) but have been leaked to Bloomberg News. Before you read any farther, you should sit down and possibly tranquilize yourself if you are prone to fits of anger, uncontrollable laughing or other severe emotional states (like running through the streets shouting you're a zombie from Newark). The Department of Homeland Security determined that 60% of the people that picked up the item inserted it into their computer and that if the USB device or CD was emblazoned with an official logo, the employees installed 90% of them. Obviously, the security risk implications of this are staggering. You would think that government employees would be more computer security aware than the rest of us. As a security analyst commented, "There's no device known to mankind that will prevent people from being idiots".

There is an email circulating the internet that purports to be from the Internal Revenue Service according to researchers at Kaspersky Labs. The subject line is either "Federal Tax payment rejected", "Your IRS payment rejected" or something similar. The email attempts to trick the user into downloading an attached PDF file that in reality installs the dangerous Zeus trojan on your computer. This program, as I have previously blogged about, targets a user's online banking information. Never click on links in emails!!!
-- Eric Rasmussen

July, 10, 2011: The music and movie industries reached an agreement earlier this month with the major U.S. internet service providers (ISP's) on how to reduce illegal pirating of copyrighted material. The agreement between corporations does not create any enforceable laws; rather it is aimed at better implementation and application of laws already existing. The burden of identifying copyright violators will remain with the music and movie investigators. But having identified an IP address and the corresponding ISP of that violator, the ISP will be notified and a "six strike" policy will go into effect. A copyright alert communication from the ISP will be delivered to the violator by email. It will be delivered as violations keep occurring until the fifth or sixth violation when the ISP will take certain action such as slowing internet speeds, redirection to a page until the user contacts the ISP or other measures. Each ISP can implement their six strike violation procedure as they see fit. There is no intention of the ISP's to terminate an internet connection related to this agreement. Also, the ISP's will not provide name and address information of copyright violators to the music and movie industry without a court subpoena, which is the same policy in force today. Overall, this agreement basically unifies procedures that were already more or less in place depending on the ISP. I do think though that it is a bit more formal and will probably lead to more copyright violation email notifications to users but to what extent remains unclear. As has been pointed out this week, one important point needs to be considered. If you have a small business or work out of your home and you have either employees or family members engaging in copyright violation activities, you should consider the risk that your ISP may slow down or interrupt your internet connection with resulting negative impact on your business.
-- Eric Rasmussen

July, 08, 2011: Yahoo email customers have or will be receiving a pop-up message asking them to agree to new terms and conditions for the service. In this case the fine print is very important. The new terms and conditions allow Yahoo to scan incoming and outgoing emails from individuals and businesses without prior approval or warning. The reason for this change......a concession to advertisers. By scanning a customer's email, Yahoo can identify subjects, sports, interests and consumer products and services a customer is interested in. The user will then see advertisements based keywords in their email depending on the websites they visit. A statement from Yahoo said, "Users who choose to accept the new terms will allow Yahoo's computer systems to identify words, links, people and subjects from their email, so that we can deliver exciting new product features". It seems to me that this is no different than the Post Office opening all of my mail to determine my interests, logging the data, and then resealing my mail and delivering it to me, followed by all kinds of junk mail on subjects I appear to be interested in. This is such a blatant violation of privacy by Yahoo that I am a bit speechless. But the worse is that Yahoo's actions are only a reflection of the overall total lack of respect for an individual's privacy by all too many internet companies as they chase the next dollar of advertising revenue.
-- Eric Rasmussen

July, 07, 2011: Cookie files are stored by the internet browser on your computer in order to identify you to websites for log on and directed advertising purposes and to track your visits to other websites. These JavaScript cookies are fairly small at 4 KB and are well-known and easy to remove. However, "local shared objects", better known as Flash Cookies are an entirely different matter. If you believe what some tech writers think, Flash Cookies originated because advertisers were not happy with the ease with which a user could delete JavaScript cookies from their computer. Flash Cookies are much larger at 100 KB, are not well-known or understood by users and are not associated with the browser you are using. Unlike JavaScript cookies which tend to have a limited life, Flash Cookies have unlimited life. Let me summarize from various articles the key features of Flash Cookies: 1. They can store 25 times more data than JavaScript cookies; 2. Internet browsers are not aware that a Flash Cookie has been stored on the user's computer; 3. Flash Cookies can store personal and technical data; 4. Flash Cookies can be programmed to send stored information to a third-party server; 5. Flash applications on a website do not need to be visible for a Flash Cookie to end up on your computer; 6. There is no way to really know how the Flash Cookies are being used; 7. It is estimated that one-half of the 100 most visited websites use Flash Cookies; 8. There is a real lack of emphasis by Adobe on educating users about Flash Cookies; 9. Windows operating system software will not help you delete Flash Cookies. So what to do? You do not want or need Flash Cookies on your computer. The whole concept that they help you have a better internet experience when you connect to certain websites is total rubbish. There are three basic ways to manage Flash Cookies; 1. Use the utility CCleaner after every browsing session making sure that under the Application tab that Adobe Flash Player is checked; 2. Use the Firefox Extension "Better Privacy" and set its options to delete Flash Cookies when you close the browser or 3. Use Adobe's online Adobe Flash Player Settings Manager. Strangely, these settings are not local to your computer and I am sure that 99% of the Blackhawk Blog readers have never heard of the Adobe Flash Player Settings Manager. I use CCleaner from Piriform on every computer we work on, residential and commercial. Because I am a cautious user, I also use Better Privacy with my Firefox browser.


-- Eric Rasmussen

July, 06, 2011: A current scam in Facebook involves a message purporting to offer the user a free $25 Apple iTunes gift card. When you click on the link you are then presented with the suggestion to "share" the message with your friends. In that way the infected message spreads quickly through the Facebook community. Continuing with the scam ultimately ends you in a survey form and the potential to expose you to downloading malicious programs. And no, you never receive your free gift card.

The criminals wasted no time in crafting an email attack that appears to be a much sought after invite to Google+, the new competitor to Facebook. The invite appears quite authentic, but clicking on it only ends you in an online pharmacy site trying to sell you Viagra and other such wonderful things. These types of attacks are basic but terribly effective if you are prone to clicking without thinking.
-- Eric Rasmussen

July, 04, 2011: Twitter announced that they have reached a level of 200 million tweets a day. This compares to 65 million in 2010 and 2 million in 2009. I am not sure whether those prior year amounts are highs or averages but the result is really the same; Twitter is on a roll. Keep in mind that Twitter only launched in 2006. Where is all of this going? In two years at this rate there will be 1 billion tweets a day or 360 billion tweets a year. The entire planet will only have time to tweet, retweet and read tweets. There will not even be time for Facebook at this rate much less growing crops, making things, doing research to make planet ending nano robots, having revolutions or reading the Blackhawk Blog.

The hacker group Anonymous has a school for hackers with classes underway. Apparently some of the hacker skills being taught include setting up a Zeus botnet, keystroke logging for stealing usernames and passwords and other such useful tasks. Well, at least somebody is taking some initiative in getting the youths of the world educated. The first class graduates in about a month.
-- Eric Rasmussen

July, 03, 2011: There is a new Facebook scam being reported by users. The scam starts with a message from "Facebook Security" that informs the user that their account has been deactivated and that attempts to contact the user via email have failed. After the user is hooked on the fear that their Facebook world is about to end, there comes the request for personal information including name, email address, email password and other data. This is a classic phishing scam and anyone that receives it should contact the real Facebook Security group.

Michael Krigsman, a writer on the ZDNet.com website, has analyzed the Dropbox terms of service agreement. Based on that analysis, it is possible that such terms would allow Dropbox to scan a user's documents for information for account administrative purposes. Such information scans could possibly be used for directed advertising purposes though to be fair this is unclear. For the business customer, Krigsman says, "Dropbox offers a great service and useful free accounts, which is an attractive combination. Unfortunately, the terms of service do not offer adequate protections against sensitive data. For this reason, I suggest you discontinue use of the product for applications where privacy and confidentiality are mission critical". However, for non-sensitive personal data Krigsman concludes that Dropbox makes a lot of sense.
-- Eric Rasmussen

July, 02, 2011: There is a great disturbance in the force........and it is called TDL-4, a new botnet that has enslaved 4.5 million computers worldwide and is called "the most sophisticated threat today" by Kaspersky Labs. According to TechNewsWorld, "its creators are attempting to create an indestructible herd of zombified machines". TDL-4 is a rootkit type of malicious software that infects the master boot record of the computer and in doing so inserts itself before the operating system is booted. Basically from that point, the rootkit can control the booting process by inserting its own files into Windows. It is very difficult to remove and in most cases will require a reformatting and reinstallation of the operating system. TDL-4 actually removes other malware on the target computer so as to keep the computer resources firmly under its control. From a command and control perspective, TDL-4 uses sophisticated encryption techniques and decentralized servers to ensure the botmasters do not lose control of the botnet. This is of particular importance in light of the FBI's recent takedown of the Coreflood botnet servers located in the United States. The creators/controllers of TDL-4 pay other criminals on a per-install basis for adding computers to the botnet. The botnet will be used to infect other computers with malware and scareware, for spamming and for denial of service attacks. So if your computer gives you an electric shock when you attempt to shut it off, you will know that you are dealing with azombified computer. I would probably recommend throwing the main circuit breaker and taking an axe to it. Hopefully the pieces will not crawl back together and reassemble themselves....but that day is coming.
-- Eric Rasmussen

July, 01, 2011: Researchers at the Technische Universitat Munich in Germany have created a sensory skin for robots. The robotic skin incorporates small circuit boards containing infrared, temperature and accelerometer sensors. The sensor input is processed by a central processing unit. The article I read said, "this allows the robot to feel a light touch, a breeze and warmth from the sun" and "this robot skin, coupled with gripping hands, camera eyes and infrared scanners, will allow robots to become more human-like". This all sounds pretty creepy to me. What's wrong with an R2D2 type of robot buddy? Why are we trying to make robots look like humans? There must be something I'm missing.

Facebook is the 10th most hated company in America according to Business Insider which used consumer satisfaction data to come up with rankings. Scoring even lower than Facebook were Comcast in 4th and Time Warner Cable in 3rd. Perhaps there will be enough dissatisfaction with Facebook that it will give a boost to the new Google+ ("Plus"). The consumer issues with Facebook concern privacy issues; sudden and confusing updates; malicious apps; and infected spam messages.
-- Eric Rasmussen

June, 30, 2011: The British hacker community has come up with a more useful activity than what we have been seeing lately from Lulz Security and others. The so-called Patriot hackers attacked Jihadist websites and have at least temporarily interfered with al Qaeda's ability to communicate via the web. The Patriot hackers used denial-of-service and other attack techniques on the Jihadist websites. Britannia Rules the Waves!!!!!

Google has rolled-out for testing their newest social networking application, Google+, ("Plus"), in another attempt to take on Facebook. Google's earlier attempts with Google Buzz and Google Wave were failures. I am not going to go into the details because there are articles all over the web about it, (see some of them on the Blackhawk Tech News page). Some key features are better security (more of a promise of); grouping friends into "circles"; video chat group ability and linking areas of interest into the Google world, called "sparks". Google has been working on Plus for a year or more and it is now being tested on an invitation basis. It remains to be seen if Plus can generate enough interest in the 700 million Facebook user group for users to make the switch. It seems to me that Facebook has enormous momentum and Plus only offers more or less similar capabilities. It may be true that security conscious users will see Plus as a more safer place than Facebook, but this is only a small minority of users. Despite all of the bad publicity Facebook has received on privacy and security issues, I really do not think that most users really care about this stuff. However, what may happen is that users may utilize Plus in addition to Facebook. This may be the best outcome that Google can hope for.
-- Eric Rasmussen

June, 26, 2011: After causing mayhem on the internet for 50 days, the hacker group Lulz Security is disbanding according to a statement issued by them on the PirateBay website. Lulz, apparently made up of 6 hackers, have been on a rampage attacking websites of the CIA, porn sites, the Arizona police, AOL, AT&T, a British law enforcement agency, an FBI affiliate and numerous others. They have clearly demonstrated the security weaknesses of many high profile websites and caused significant embarrassment. However, Lulz has not appeared to have caused or even had intended to cause any financial harm to anyone. The arrest last week of an associate in the United Kingdom, attacks on them by hacker vigilante groups and the pursuit by law enforcement agencies in the USA and European Union are probably the root causes for their disbanding decision. Hacking is great fun until you are caught and have to spend 10 years in prison. So, as the forces of the dreaded League of Extraordinary Evil close in, the hacker activist group Lulz Security, which we have blogged about for weeks, bids us adieu. For now.

According to a global survey by G Data Survey, based on 16,000 users worldwide of which 5,500 were in the USA, users are "clueless" about the threat from malware. Of the USA users, 40% believed that it was more dangerous to go to adult websites versus other types, while in reality it is the interest group, hobbyist, news and non-adult websites where the real danger is. This is a point that we make with every Blackhawk customer. The survey also found that most users do not understand the threat of spyware that can run hidden on a computer stealing information or using the computer for botnet activities. Again, this is a point that we make repeatedly; that "scareware" has a redeeming feature which is that it is in your face and the user can see the infection. Spyware, on the other hand, does just that, it spies on you. From our point of view the survey confirms what we see day-in and day-out; that users need to be educated about the huge and invasive threat of malware on the internet.
-- Eric Rasmussen

June, 24, 2011: I am asked frequently why law enforcement agencies are not catching the cybercriminals and putting them behind bars. My standard answer is that most of the cybercriminals operate out of Eastern Europe where they have paid off the politicians and local law enforcement agencies for protection. I think that last point is particularly true if the cybercriminals are part of a major crime syndicate. But sometimes there is good news on law enforcement efforts. On June 22, the F.B.I. working with law enforcement agencies in 12 countries made some progress against the cybercriminals. In two separate operations, 2 individuals were arrested in Latvia and charged with linking malicious programs with online advertising and then in the Ukraine where a major "scareware" operation has been disrupted. The first operation was minor in the sense that the two accused individuals only made an estimated $2 million. The operation leading to the seizure of computer equipment and the questioning of 16 individuals in the Ukraine is more serious because the financial gain of the group is estimated to be $72 million and the fact that they were using the Conficker botnet, or at least a part of it. Scareware is a fake anti-virus program that is installed on a user's computers via infected email attachments, email links, Facebook message links, free music and videos and poisoned websites. The fake software starts a scan and attempts to "scare" the user into purchasing a software product to remove supposed malicious software running on their computer. Of course, it is all a scam, but once a computer is infected with "scareware" it can be difficult to uninstall it and users sometimes get desperate and pay the $50 to $70 cost by credit card in hopes of regaining control over their computer. That never happens and their money is gone and the credit card number is in the hands of Eastern European criminals. It is suspected that the Ukraine operation infected 1 million computers which would equate to a $72 per computer profit. The Conficker worm installed malicious software on 3 to 12 million computers worldwide at the end of 2008 which was capable of instructing a computer to take certain actions from a controlling "botmaster". This is the first actual use of the Conficker botnet software that has been made public as far as I know. Overall though, these law enforcement efforts should be applauded even if it is only a small victory.

-- Eric Rasmussen

June, 22, 2011: The security firm Sophos has issued an alert about a malicious email purporting to be from McDonalds. The email attempts to trick the user into printing an "invitation" to a free breakfast at worldwide McDonalds locations. However, upon printing the invitation, a trojan horse is installed on the user's computer. Being a big McDonalds breakfast fan, I would have been tempted to click and print my invitation with dire results. As always, be on your guard and delete suspicious emails.

Apple has filed a patent application for software that will disable an iPhone camera functionality when used in a concert venue. It seems that concert-goers have been illegally recording too many live performances on their iPhones and then uploading them to Youtube. Well this outrageous behavior just has to be stopped. So Apple is simply going to send a signal to your iPhone to turn off the camera, at least the video functionality. I guess it is such a good idea Apple wants to have a patent so they can license it to other smartphone makers. Now Apple has not said they are actually going to implement this capability, but they have applied for a patent. Where there's smoke there's fire.
-- Eric Rasmussen

June, 21, 2011: The hacker group Lulz Security is all over the news. Yesterday, Lulz and the hacker group Anonymous announced they were uniting their efforts in a campaign directed at government agencies, banks and other high-profile targets. According to them, "Top priority is to steal and leak any classified government information, including email spools and documentation". The Lulz statement went on that "If they try to censor our progress, we will obliterate the censor with cannon fire anointed with lizard blood". Well, I'm OK with that. In the United Kingdom, there is a report that the Metropolitan Police have arrested a 19-year-old man on suspicion of involvement in network intrusions and denial of service attacks against a number of international businesses and intelligence agencies. A significant amount of computer related material was seized at the time of the arrest. The police were working in co-operation with the F.B.I. There is a suggestion that the man arrested is a member of Lulz Security. Also, in the U.K. this morning, there is a rumor that Lulz has hacked the U.K. government's census database for 2011 and obtained information on 25 million households. Authorities are investigating this claim at this time. In other news, "gray-hat" hackers are attempting to uncover the identities of Lulz members and pass such information to the F.B.I. The gray-hat hackers involved are "The Jester" and the hacker group Web Ninjas. I'm sure you are asking yourself what a grey-hat hacker is. Well, this is a type of hacker that may use illegal means to hack but doesn't do it for personal gain or malicious intentions. So, as you have probably deduced then, a grey-hat hacker is in between white-hat and black-hat hackers. I think the outlaw Josey Wales would be considered a gray-hat hacker. I just had to throw in some movie trivia. Anyway, all of this amounts to a great deal of public focus on computer and network security and the problems associated with it. As someone said recently, there is a lot of low hanging fruit to be had in terms of vulnerable networks and computer systems for these hackers. Gradually, the security community will step up their efforts to remove these vulnerabilities and catch up to the hackers. Putting a few of these guys in prison will also take some of the fun out of it for them, for sure.
-- Eric Rasmussen

June, 20, 2011: The Internet Corporation for Assigned Names and Numbers (ICANN) has voted to allow domain name suffixes to end in almost any word or language. Currently there are 22 major domain suffixes, such as .com, .net, .org and around 250 country suffixes such as .us, .uk, and .de. Beginning in January 2011, ICANN will take applications for the new suffixes which will require an exhaustive application form and a minimum $185,000 filing fee. The rigorous process of awarding new suffixes is meant to insure that current copyright holders receive the right to their applicable domain suffix. In other words, an individual will not be able to obtain the .google or .nyc or .pepsi domain suffixes regardless of their application. However, suffixes such as .sport or .music should be wildly sought after with much higher competitive filing fees. This change to internet domain suffixes has been anticipated and I have blogged about it once already. It is a significant change to the internet as we know it today and will lead to a great number of new domains over time. It is true, though, that there is some truth to the notion that users do not pay a lot of attention to domain suffixes today and rather rely on search engine results and favorite/bookmark lists to navigate the world wide web. In any case, internet users should be aware of the forthcoming change and I will blog about it periodically as a reminder.

Google and the British Library will be making available online over 250,000 texts dating from 1700 to about 1870. The cost of digitizing will be paid by Google and the texts will be available on both the Google and British Library websites. This is for me what the internet should be about and it is great to see the effort Google is making. They have similar partnerships will about 40 libraries around the world.
-- Eric Rasmussen

June, 19, 2011: Sega, the Japanese video game developer, has confirmed that customer data on their Sega Pass database has been stolen in a hacking attack. Sega estimates that personal data relating to approximately 1.29 million customers has been stolen. This data includes email addresses and dates of birth. However, it appears that credit card information was not affected. Lulz Security has denied any involvement. Japan certainly has its data security problems.

-- Eric Rasmussen

June, 18, 2011: Virgin Media, a United Kingdom internet service provider, has notified about 1,500 customers that their computers have been infected with the SpyEye trojan horse. The purpose of SpyEye is to steal usernames and passwords to banking and investment accounts. Virgin Media was notified by law enforcement officials after the IP addresses of the users were identified in a criminal botnet investigation. SpyEye is the once competitor and now apparently the merged successor to the Zeus trojan horse program. Virgin Media has approximately 4 million customers. It is highly likely that other U.K. internet service providers were also notified but elected not to make a public statement. This is very serious criminal software and should reemphasize the need to employ safe internet habits.

There was rioting in the streets of Vancouver last night after the Vancouver Canuck hockey team lost to the Boston Bruins. There was a fair amount of damage including torched vehicles and looted stores. It's easy to get a little out of control after many beers when your favorite hockey team loses. The only problem going out into the streets these days is the omnipresence of cell phone cameras. Concerned citizens created a "riot criminal list" on Tumblr to post photos and video for use by law enforcement. A similar page was created in Facebook. Personally, in this electronic age, I never go out rioting without my trusty Darth Vader mask. I suppose now that I have admitted that I will need to think up a new disguise. Great.

-- Eric Rasmussen

June, 16, 2011: A recent survey by the Pew Research Center found that 47 percent of the adult U.S. population was using social networking websites. This level is up from 26 percent in 2008. The main social networking sites were Facebook, MySpace, LinkedIn and Twitter. Not surprisingly, Facebook was the dominate application that people were using.

The fake telephone support call from "Windows" or "Microsoft Tech Support" scam is continuing and everyone should be on their guard against it. The cold caller purporting to be from Microsoft will offer to do a free security check and tricks users into allowing remote access to their computers after which malicious software is downloaded. Also, the caller tricks users into purchasing fake software or services. Accordingly to Microsoft who has conducted a survey, 16 percent of computers in the U.S., Canada, Ireland and the U.K. had received such a scam telephone call. Of those, a staggering 79 percent had suffered a financial loss, averaging ranging from $82 to an unbelievable $1,560 loss reported in Canada. I had blogged about this in January noting that these telephone calls are originating from India which probably explains why the target countries up to this point are all English-speaking. However, it will be just a matter of time before other languages and countries are added to the scam.
-- Eric Rasmussen

June, 15, 2011: The hacker group Lulz Security has opened up a telephone hotline with a 614 area code for people to call to suggest potential hacking targets. In recent days Lulz Security has targeted several gaming websites and even the U.S. Senate. The group used Twitter to provide information about the telephone hotline. Lulz Security is what is known as a "hacktivist" group; that is hackers who are activists. Their motivation appears to be to act against organizations they perceive as not acting in the best interests of consumers or citizens. In addition, they appear to like to target organizations, such as gaming websites, for publicity and the enjoyment of it. One thing is for certain, Lulz Security is very publically raising the awareness of internet security problems and that is not a bad thing. So if you want a website disrupted belonging to someone or an organization you believe is a member of the League of Extraordinary Evil, then give Lulz Security a call and get it on the list.
-- Eric Rasmussen

June, 12, 2011: There have been two major lawsuits filed against BitTorrent users in recent months. Both lawsuits were filed by the U.S. Copyright Group, based in Washington D.C. on behalf of movie studio producers. The first lawsuit filed in February was against 23,000 BitTorrent users for the alleged illegal downloading of the film "Expendables. The second lawsuit filed was filed against 25,000 users for the film "The Hurt Locker". The users were in all probability using a public BitTorrent tracker and had their IP addresses identified by undercover investigators posing as other BitTorrent users. The lawsuits allow the U.S. Copyright Group to ask the court for subpoenas of the ISP's (internet service providers) associated with the IP addresses for information identifying the specific customers. The next step is that the individual is served court documents. Obviously fighting this lawsuit in Washington D.C. court is going to be an expensive proposition so most individuals will settle the lawsuit for what is reported to be in the $1,500 to $2,500 range. Compared to the cost of just renting the movie at Redbox, torrenting and getting caught seems like a poor economic decision. There is no reason to use a public BitTorrent tracker without using a proxy server at the same time. The problem with all of this is two-fold; the risk of downloading a torrent infected with malicious software and the risk of being attacked from a little known proxy server. Both of these problems can be resolved but it takes good information and relationships. Certainly a user should be able to find a safe proxy server, but the real solution is to use a private BitTorrent tracker. A private tracker membership is on an invitation basis only and is designed to keep out investigators, lawyers and law enforcement. They work very well and the torrent downloads are safe. But private trackers are as secretive as Area 51 so good luck getting invited into one.
-- Eric Rasmussen

June, 10, 2011: A 20 year-old California man employed as a Apple computer technican by a local service company has been accused of installing software on customer MacBooks that allowed him to take photos of women when they were undressing or showering. I am sure you're thinking about how many people take a laptop that is powered on into the bathroom and then undress or shower in front of the webcam. Normally I think the answer is not that many. But this enterprising 20 year-old got around that problem by sending a screen message to the MacBooks suggesting that the "internal sensor" on the computer needed to be fixed and the best way to do that was to place it near hot steam to "clean" the sensor. What better way to "clean" your "internal sensor" than to take your MacBook into the bathroom with you when you're going to have a hot shower. So how successful was this ploy? According to police, they recovered thousands of images taken from dozens of victims from the accused man's home. If this is representative of the computer knowledge and gullibility of Mac users then the cyber criminals are going to have an easy time of it.
-- Eric Rasmussen

June, 09, 2011: The social/business networking website LinkedIn is being used by cybercriminals to find potential victims who are then targeted by malicious email according to the security firm Trusteer. The LinkedIn user who is targeted receives a carefully crafted email, usually an invitation to connect with someone, and upon clicking on the link is directed to a malicious website in Russia. The users are then infected by a drive-by download that installs the Zeus 2 trojan on the computer. This variant transmits stolen data initially to a server in China. The cybercriminals study the LinkedIn site for corporate and employee information prior to launching an email attack against a specific user. In that way the chances are increased that the user will click without suspecting a malicious attack.

Citigroup announced today that in May hackers had broken into the Citigroup Web portal and gained access to 200,000 customer credit card accounts, or approximately 1% of the Citigroup credit card customers. They story is only now coming out following a report by the Financial Times. The information compromised included account numbers, customer names and contact information such as email addresses. Citigroup stated that sensitive data such as social security numbers, security codes, card expiration dates and account holder birthdates was not compromised because that data is stored elsewhere. Citigroup has or will be contacting the affected customers.
-- Eric Rasmussen

June, 07, 2011: Tomorrow, June 8th, is World IPv6 Day. I am sure you are wondering what that is. Is it another one of these rapture things or what? Is it the end of the world? Actually it is a test of the forthcoming change in the manner in which addresses are used on the internet. Without getting too technical, the internet today (and since inception) uses an addressing method known as IPv4 (for version 4). This provided up to 4 billion or so internet addresses that 20 years ago seemed more than the planet would ever need. But the growth in internet connected devices, particularly smartphones in the last two years, will result in an exhaustion of IPv4 addresses by the middle of 2012. There has been a solution in the works for years called IPv6, which will allow for 340 undecillion internet addresses, (a really big number that will last until the Sun goes supernova). However, the two addressing methods are not compatible and require translation and cross-mapping procedures. The purpose of the IPv6 is to allow significant companies and institutions to test their IPv6 systems. There should be no effect for the normal user, though it is possible that certain websites may be unreachable tomorrow. The conversion from IPv4 to IPv6 will have ramifications for the small business and residential user eventually and require the replacement or firmware upgrading of existing routers. This is still in the future but I will blog more about over time.
-- Eric Rasmussen

June, 06, 2011: French television and radio programs have been prohibited from referring to their Twitter and Facebook websites on the air. Apparently referring to these and other social networking websites by name breaks a 1992 law forbidding such covert advertising. French, as well as broadcasters in many countries, make extensive use of Facebook and Twitter to interact with their audiences. It is not clear how French broadcasters will direct viewers and listeners to their websites without being able to mention them by name. While the law has obviously been on the books for a long time, well before the internet as we know it today, the application of the law now is seen as part of the French government's desire to get more control over the internet. The French are just weird.

The hacker group Lulz Security has attacked the website of Infraguard, a private sector security firm that is affiliated with the F.B.I. Lulz was able to steal some 180 email addresses and passwords and then published them on the web. Apparently the attack was in response to U.S. efforts to classify hacking as an act of war. These hackers may have a lot of skill and can make Sony look like the fools they are, but I am not sure it makes a lot of sense to tweak the nose of the F.B.I.
-- Eric Rasmussen

June, 05, 2011: Security researchers at the University of California and the University of Washington have demonstrated how to turn off a car engine, disable brakes, lock passengers in the car and more by plugging a laptop into a car's diagnostic computer system. While this does not seem too surprising, a potential security issue has been raised as new vehicles have advanced built-in wi-fi and DSRC capabilities. DSRC, Dedicated Short Range Communications, is a new 5.9 GHZ signal mandated by the FCC for vehicle to vehicle communications that will be integrated into some new vehicles in the next few years. While initially meant for safety communications, it is feared that the DSRC may provide a hacker an access point into the main computer system of a vehicle. While the auto companies are aware of the issue and plan to heavily encrypt DSRC signals, the potential threat is out there. I suppose you could use a horse and buggy as long as your horse does not have an implanted GPS chip which the hackers could use to send electrical signals to the horse causing it to gallop madly through the streets. Maybe we should all join the Amish community and forget all of this electrical and electronic stuff. Seriously.

The Blackhawk Computer Services website is adding pages for daily tech and product review news. These pages will provide safe links to other websites. We will provide a few interesting links a day to make your time on the web more efficient.
-- Eric Rasmussen

June, 04, 2011: Google announced a few days ago that they had uncovered an illegal monitoring of the activity in hundreds of Gmail accounts. The accounts in question included senior U.S. government officials, Chinese political activists, officials in several Asian countries and members of the media. Their Gmail passwords had been compromised by a carefully crafted phishing attack. A phishing attack is where the email recipient is tricked into revealing their password or other personal information by responding to an information request they believe is from a trusted source. This is the second case of an organized attack on Gmail, the first occurring in early 2010 which targeted Chinese political activists. According to Google, the source of the attack and monitoring is in Jinan, China, which is where the Chinese equivalent of our National Security agency is based. The attack is currently being investigated by the F.B.I. and the Department of Homeland Security. The government of China denies any involvement.

The report of the attack on Gmail accounts with the suspicion of Chinese involvement follows the major attack on the Lockheed Martin network at the end of May. The defense contractor recognized the attack immediately and was able to prevent the intrusion and the loss of any data. Once again Chinese involvement is suspected though to be fair other suspects also include Russia and non-governmental hacking groups.

Sony has been attacked again. This time the hacker group Lulz Security announced they broke into Sonypictures.com and accessed the personal information of 1 million users including email addresses and other personal information. It is not clear why the hacker community has such a grudge with Sony but the embarrassment for the company at this point is huge. Maybe Sony would be better off just cutting off the internet to their company altogether.
-- Eric Rasmussen

June, 01, 2011: The security firm Sophos spotted a new Facebook scam yesterday. The scam attempts to get the Facebook user to click on a link to see a video of the disgraced former head of the International Monetary Fund, Srauss-Kahn, and the hotel maid who has brought rape charges against him. Today the scam was changed to see a X-rated video of the celebrities Rihanna and Hayden Panettiere. In both cases if the user clicked on the link to view the video they were asked to install the latest Adobe Flash Player which turns out to be a fake antivirus program. As we have said numerous times on this Blog, just don't click!!
-- Eric Rasmussen

May, 30, 2011: The PBS website was hacked and a story was posted claiming the deceased rapper was alive and living in New Zealand. The group apparently responsible, "The Lulz Boat", did not appear to like a recent PBS Frontline television documentary dealing with WikiLeaks. Why they chose the subject they did is somewhat baffling as is their name. The hacker group also publicaly exposed two thousand login ID's and associated passwords. While "The Lulz Boat" appears to operate the same as the more infamous hacker group Anonymous, the two groups are apparently not connected.

-- Eric Rasmussen

May, 29, 2011: The security writer Brian Krebs (at Krebs on Security) has discovered a link between the notorious Russian payment processor ChronoPay and the recent Mac computer scareware attacks. ChronoPay is also thought to be a major player in Windows computer scareware attacks. Scareware is so-named because it installs a malicious program that runs a fake scurity scan on your computer and then attempts to scare you into purchasing software to remove the supposed infections it finds. Obviously as many of my customers have found out, the purchase gets you nothing but you are out the payment and the criminals in Eastern Europe have your credit card information. The fact that ChronoPay is involved in the Mac attacks is in no way surprising.


Facebook users need to be aware of the risk of receiving a wall post or news feed message from a friend that includes a links related to surveys, must-see videos, celebrity or breaking news photos and similar scam type items. The problem is that your friends account may be compromised by the criminals/scammers. A click on the link can take you to poisoned websites or photos, or directly install malicious trojan horse software on your computer. It is absolutely essential to delete these messages and contact your friend and find out if they are aware they are sending these messages. Facebook accounts are usually compromised because of weak passwords such as names or phrases. Always use a letter and number scrambled password and never use the same password for Facebook and any other accounts such as email and bank accounts.
-- Eric Rasmussen

May, 26, 2011: Apple finally acknowledged the existence of the "scareware" Mac Defender that infects computers with a fake antivirus program and attempts to scare users into purchasing a paid version to remove supposedly malicious programs. Other versions of the program are known as Mac Security or Mac Protector. In typical Apple fashion, their first reaction last week was to deny the existence of Mac Defender and to not remove it from customer computers. That sure made a lot of sense to me. However, now Apple has stated they are working on an operating system fix and have also issued guidelines for the malware removal. Apple really needs to get their act together because today it was reported that there is a new version of Mac Defender called Mac Guard infecting computers which does not require an administrative password to install itself on a Mac. This version installs itself in the Applications folder without any required password and then deletes its installation package to cover its tracks. Just as I have been suggesting in previous blogs, it was only a matter of time before the cyber criminals started to target the Apple segment of the market.

I have also been saying for some time to avoid using the Hotmail email service from Microsoft. There has been any number of security problems with Hotmail. Now Microsoft has patched a bug in Hotmail that allowed attackers to steal email and contact lists from unsuspecting users. If a user simply opened an infected email, the malicious software was installed. The user did not have to click on anything or take any other action for this to occur. Let's be clear about this statement; just opening the email was enough to infect the computer. There was no need to click on a link or to open an attachment. If you use Hotmail it is time to switch to Gmail, Google's email service which is much more secure.
-- Eric Rasmussen

May, 24, 2011: There was an article in the BBC technology news today about robot research at the University of Queensland in Australia. The purpose of the research is to allow robots to develop their own language. The robots in the program are wheeled and use cameras, sonar and laser-range finders to move about and explore their world and microphones and speakers to "talk to other robots. When the robots reach a place that does not have a name, they create one, such as "kuzo", "jaro" and "fexo". The robots apparently made up their own words since human language was hard to understand due to its wide informational content. What is really cute is the way that they then share this information with other robots. The robots also play games like "go to a place" which they have named. A scientist involved stated that the robot words "enable the robots to refer to places they haven't been or even places that they imagine beyond the edges of their explored world". Yes, you read that correctly, a scientist talking about how robots imagine things. While it was certainly an exaggeration, all of this technology is a bit disturbing. Just wait until the robots have words for us humans and "imagine" their world without us.

The French security firm Vupen recently released a video demonstrating a successful hack of Google's Chrome browser with its "sandbox" technology. Vupen used what has been described as a very sophisticated attack from a "poisoned" web page to infect a computer. This attack works on both Windows 32 and 64 bit systems. Vupen would not publically disclose any of the technical details of the exploit.

-- Eric Rasmussen

May, 22, 2011: The MAC Defender trojan horse program targeting Apple computers has been getting some press this week. MAC Defender is installed when the user clicks on an infected link in search engine results. While the situation is not even close to that of Windows computers in terms of the number of infections, the fact that cyber criminals are attacking Apple systems is ominous.

Microsoft admitted this week that based on a recent analysis 1 out of every 14 programs downloaded on Windows computers is malware. This is a significant statement in that it is not scaremongering by a security software company but Microsoft itself.

A recent internet traffic analysis by Sandvine showed that Netflix is the biggest source of internet traffic in the United States. Netflix accounted for 29.7% of downstream traffic at peak times and 22% of average traffic over a 24 hour period. The continuing increase in real-time video and audio traffic on the internet and the strain it is putting on the internet service provider infrastructure is a major reason behind their push for a tiered pricing structure. Obviously another reason is that internet based entertainment is at the expense of television entertainment for companies such as Comcast, Time Warner and AT&T. All of this impacts how the ISP's deal with traffic congestion and particular services. The related issue is who should pay for internet infrastructure improvements. This is the so-called "Net Neutrality" debate that is playing out in both the Unites States and Europe. There are a lot of complex issues involved and numerous players including governments, ISPs, special-interest groups and lobbyists.
-- Eric Rasmussen

May, 20, 2011: According to Harold Camping, the founder of Family Radio network, The Rapture is going to occur tomorrow, Saturday, May 21, at 6:00pm local time. Apparently, The Rapture will proceed around the planet by time zone as opposed to all at once so that the line of those raptured doesn't get too long. Now from a technology perspective, I would suggest establishing any Skype connections early; don't wait until 5:55pm because the internet is sure to be jammed and last minute connections will be hard to make. Of course, by the time North America wakes up The Rapture will already be occurring in Asia so expect poor internet response times because Twitter and Facebook will be busy to say the least. According to Camping and his followers, expect only about 3% of the global population to be raptured so electric and water utilities should continue to function normally. Just to be safe though, remember to fully charge your laptop and cell phone tonight. In general, I would probably delay any computer related purchases tomorrow because if you're raptured you will not need it and if you aren't, according to Camping, then you and the rest of us are going to be destroyed on October 21. If you feel like you want to make that laptop or tablet purchase before the stores are looted in a frenzy of rioting sure to follow at some point, then remember not to purchase the extended warranty.
-- Eric Rasmussen

May, 18, 2011: The file sharing service Limewire is going to pay $105 million to settle copyright infringement claims by major recording companies. The damages claimed were finally set at $1.4 billion though earlier estimates were as high as $50 billion. This represents an important victory for the Recording Industry Association of America (RIAA), otherwise known as the League of Extraordinary Evil.

In case you thought that the robots would still need us to achieve three stars on Rovio's Angry Birds levels, be prepared for some disappointment. The Finnish company OptoFidelity has built a robot that can get three stars on every level. Of course, we could still try to get a higher score bveyond three stars on a given level, but it sounds like a hopeless task. Just another reason the robots will not need us around.

A security researcher recently demonstrated how to hack into a police cruiser. He identified the IP address of an on-board device and then hacked the FTP and telnet ports to gain access to the police car's on-board video and digital video recorder. Not only was it possible to see the video in real-time, it was also possible to tamper with the stored video.
-- Eric Rasmussen

May, 07, 2011: The technology reporter Ed Bott, in an article on the ZDNet.com website, suggests that, "according to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform". Now, it is important to realize Ed Bott is certainly not keen on Macs to start with. Nevertheless, it makes sense that the cybercriminals will begin targeting Macs as their market share increases and more businesses are switching to them. According to the article, there are also dedicated kits in the works to attack iPads and Linux computers. I think it is too early to see where this is all going, but forewarned is forearmed.

In the ongoing Sony saga over the hacking of their PlayStation and Sony Online Entertainment networks that have exposed over 100 million users names, email addresses, credit card data and other personal information, the identity of those hackers is not clear. Sony has accused the secretive hacker group known as Anonymous in a letter in response to U.S. Congressional inquiries. Anonymous has stated on their blog that, "Let's be clear, we are legion, but it wasn't us. You are incompetent Sony". It may be true that Anonymous is being set up for the exploit by another group. One thing is for sure, when Anonymous finds them, look out.
-- Eric Rasmussen

May, 05, 2011: It was reported today that CNET and its parent company CBS are being sued by certain elements of the entertainment industry for being a download site for "hundreds of millions" of Limewire downloads, the P2P software, over the last decade. While P2P software is not illegal in and of itself, the suit against CNET alleges they should be held liable for inducing and/or encouraging the use of Limewire for copyright infringement. You can read the full story at arstechnica.com.

At an event in San Francisco today, Intel made an important announcement today concerning semi-conductor technology. In the near future Intel will be producing processor chips with "tri-gate" transistors. This technology breakthrough owes it success to extending the transistor into the third dimension, (upwards), compared to two dimensional or planar transistors in general use today. These new tri-gate transistors will provide a jump in performance and power efficiency for new processors which will find immediate application in smartphones and tablets. This could be a real game changing innovation which will only become clearer over time.

LastPass, the online password manager, claims it will be "the last password you will have to remember". Well that was true until today when the company announced there was an unexplained intrusion into their systems and the loss of some customer information. The facts seem a little murky as reported by PCWorld.com. But LastPass is nevertheless forcing its users to change their master passwords. While the concept of password management is a good one, I simply do not trust the providers of these services to protect their own networks and associated resources. By using a password manager you essentially put all of your eggs in one basket and then hope the password manager is not hacked. I do not use one of these services despite my dozens of online accounts and now you can understand why.
-- Eric Rasmussen

May, 04, 2011: Sony continues to be under legal pressure over its network breach that exposed information on over 100 million users of its PlayStation Network and Sony Online Entertainment system. A U.S. Congressional committee has requested in writing detailed information about the network security breach and lawyers in Canada have filed a $1 billion class action lawsuit against Sony.

Aaron's, the large furniture and consumer electronics and appliance rental and lease company based in Atlanta, have been sued by a man and wife from Wyoming on the basis of an invasion of privacy. It seems that the couple was using a rental webcam-equipped laptop computer from Aaron's and their rental payment was not current. In the dispute with the local store they were shown a photo of the man using the computer that had been taken from the webcam controlled by remote software installed on it by Aaron's. Apparently the store was trying to use the photo as some sort of pressure tactic. Regardless of the dispute, I think it is interesting the surveillance being done remotely and the use of the webcam unbeknownst to the users. From now on, any time I look at my own laptop's webcam now, (like right now), I am going to feel slightly ill at ease not knowing who is watching. Looks like I will need to make some type of camera cover to fit over it.

There is an interesting article by John Roach at MSNBC.com concerning advances recently in nanotechnology. American researchers have been able to control several "microbots" at once by means of an electrical signal and have them assemble themselves into structures. Roach writes, "The assembly breakthrough could eventually lead to applications such as sending swarms of robots into the body to build tissues, such as a new wall for a damaged capillary". Well, I really like the mental image of "swarms" of robots entering my body and doing whatever they feel like after their "control" center is taken over by Skynet. I guess we're going to need John Connor a bit sooner than expected.
-- Eric Rasmussen

May, 03, 2011: Sony announced today that a further 25 million user accounts associated with its Sony Online Entertainment Service had been accessed by hackers. The service is now offline. The database in question was from 2007 and out-of-date but still had user names, email addresses, credit card and other billing related information. While Sony maintains that the database or at least the credit card data was encrypted, it is still another embarrassing disclosure for the company. Users of the Sony Online Entertainment system should probably replace any still valid credit cards used for the service as a precaution and should be on their guard for "phishing" emails if they are still using an email address from 2007.

Julian Assange, founder of WikiLeaks, currently in the United Kingdom and fighting extradition to Sweden on sexual assault charges, gave an interview with Russia Today and claims Facebook is being used by the United States government and its law enforcement agencies to spy on American citizens. Assange maintains it is not a matter of obtaining subpoenas through the courts, but rather there exists an in-place "interface" to access whatever data the government wants on a Facebook user. Obviously, Facebook is denying that such an interface exists. Assange did not apparently provide any proof of his assertion but the conspiracy theory people out there are really going to enjoy this. Frankly, I think it is all a plot by the Illuminati and the New World Order to hypnotize us through Facebook apps in order for us to go out at night and do the bidding of the lizard people from Alpha Centauri. How cool would that be!!!
-- Eric Rasmussen

May, 02, 2011: The cyber criminals wasted no time after the President announced the death of Osama Bin Laden in setting up poisoned websites with purported "news" content or images. For example, websites were promoting the latest video of the operation even though no such video has been released by the government (which appears unlikely since the operation took place in the night). These poisoned websites either attack the user directly or ask the user to click on a link, for example to download the latest VLC player in order to play the "video". There have also been Facebook scams reported today. These included "limited-time" offers from Subway for a free sub to celebrate the death of Bin Laden or a similar one supposedly from Southwest Airlines offering free airline tickets.

The security firm Intego has reported that a fake anti-virus "scareware" program is now circulating among Apple users. The name of the malicious program is "Mac Defender" and works similarly to the Windows operating system "scareware" programs. As the Apple user base continues to grow, the cyber criminals are taking note and migrating Windows software to the Apple platform. This trend will continue.

AT&T put monthly broadband data caps into effect today joining Comcast and other smaller internet service providers. The data cap is set at 150 GB for DSL subscribers and 250 GB for UVerse subscribers. If a user exceeds this level for a given month they will be billed a surcharge. The point of broadband data caps is to charge not only the out-of-control downloaders/torrenters, but also the heavy Netflix users streaming movie directly over the internet. If you are one one of these types of users, you should carefully review your next AT&T internet bill.

-- Eric Rasmussen

April, 30, 2011: On the April 23rd Blackhawk Blog, I discussed poisoned websites which could appear high up the search engine results through "search engine optimization" or SEO techniques. But these SEO techniques are increasingly being used in image searches not just for websites. Clicking on a poisoned image can lead to a variety of malicious software being installed on your computer particularly "scareware", fake anti-virus software that tries to scare you into purchasing it to "disinfect" your computer. Part of the problem with searching for websites versus images is that people are apparently more likely to click on images without looking at the URL (the website address). The criminals are taking advantage of this by loading poisoned websites with current event images like the Royal Wedding cake or the President's birth certificate. Natural disasters are also good subjects for poisoned images. As we have repeatedly stressed, try to stay on established news sites for news oriented images. But even I was trapped by recently by clicking on a picture of a castle in Eastern Europe that I was interested in. It was an unrated website by the Web of Trust (gray O with a question mark) but I clicked too fast without examining the URL and was immediately attacked by "scareware" which then cost me several hours to disinfect. I should have known better considering I blog about this all the time.
-- Eric Rasmussen

April, 29, 2011: Just like Y2K, the worst predictions for the internet's ability to handle the Royal Wedding did not come to pass. While official numbers are not yet available, the event should easily surpass the presidential inauguration in 2009 as the biggest internet event ever. The only problem worthy of note was some delays experienced by the BBC website which was unable to cope under the heavy load. During the wedding, Twitter was reporting up to 300 tweets per second and Facebook was reporting 74 status updates per second.

Sony is maintaining that the PlayStation network customer credit card data, lost to cyber thieves over a week ago in one of the largest online data breaches ever, was encrypted. But according to a report at technewsworld.com, the criminals are offering credit card lists from the theft for sale for as much as $100,000. It would appear that the encryption of the credit card data was not strong enough to stop these determined professionals. Apparently, the criminals are also stating that they have the 3 digit security code for the cards also.
-- Eric Rasmussen

April, 28, 2011: The Netherlands company TomTom, maker of portable GPS navigation systems, seemed to be a little short on corporate revenue recently and decided to sell user device based traffic data to governments to assist in traffic management. But according to a report in PC Magazine, the Dutch police used the purchased data to set up speed traps on roads were traffic was moving quickly. It seems that the "fastest route possible" data relayed to motorists could be translated by the police into "most likely location to find speeders". Frankly, how long do you think it will be before we are tracked everywhere with our smartphones, our smart cars, our smart tablets, our smart implants and so on. All of this data can then be integrated with facial recognition software as we move from one camera to another. We're not there yet, but every day we creep closer to that reality.

As if we didn't have enough to worry about with the Royal Wedding, like what unique gift to get the happy couple, how to greet the Queen, and remembering to turn off our smartphones during the ceremony, now it seems we have to worry about the ability of the internet to handle the traffic load as the event takes place. According to a report in CNN today, "Will the Royal Wedding break the Internet?", no one knows for sure what is going to happen but major disruptions are possible as millions of users start tweeting, Facebook messaging and watch live coverage at once. I'm going to contribute to the confusion by turning on all 14 of my computers to live coverage and wait for internet Armageddon. There must be a bit of the anarchist in me.

-- Eric Rasmussen

April, 27, 2011: The Sony PlayStation network data breach is turning out to be a lot worse than the original news reports indicated. Now Sony is saying that its 77 million user database was hacked into and that critical customer data may have accessed including name, address, country, email address, date of birth and PlayStation login names and passwords. In addition, credit card information used to purchase games, films and music may also have been stolen. Clearly any user who used a credit card to make a PlayStation network product should immediately replace that card. This is a really big deal and has to be a major embarrassment for Sony. The PlayStation network remains down and Sony has not said when service will be restored.

The Federal Bureau of Investigation has issued a fraud alert to small and medium-sized businesses warning of cyber criminal attacks attempting to steal banking account usernames and passwords and then use the information to transfer money to overseas accounts. This particular alert points to the initial destination of the wire transfers as being in China, specifically the Agricultural Bank of China, the Industrial and Commercial Bank of China and the Bank of China. The cyber criminals used email "phishing"attacks whereby users were tricked into clicking on links that installed malicious software which was then used to capture data from online banking sessions. The FBI suggests companies have lost $11 million in these attacks. The size of the wire transfers in these cases has been large with many transfers in the $900,000 area. It is not known at this time whether the stolen funds remain in China or have subsequently been transferred elsewhere. In addition, the criminals behind the scam remain unknown.
-- Eric Rasmussen

April, 26, 2011: The Royal Wedding is in the tech news again today. CNN reported that a military guard assigned to Buckingham Palace has been relieved of duties for making derogatory remarks about Kate Middleton and ethnic groups on his Facebook page. Such comments did not sit too well with the Queen or the soldier's superiors. Also, Google reported that nearly 23% of its recent search requests were related to the Royal Wedding. That is an astounding number when you consider the global reach of Google. We want to caution users again to be extremely careful on using search engines to find breaking news, photos and video. The cyber criminals are hard at work creating poisoned websites to trap the unwary who are clicking without thinking. We recommend you use only established news websites for Royal Wedding coverage. There is also the official Royal Wedding website at www.officialroyalwedding2011.org.

Sony has confirmed that a hacking attack was responsible for taking down the global PlayStation network. The network is still down as Sony programmers attempt to harden the security of the network. The outage affects not only gamers but also the delivery of video content on the network. At this point, no group has taken responsibility for the hacking attack.

There is an article at Securitynewsdaily.com that in turn reports on an article in the Des Moines Register on computer fraud that stung three Iowa banks for several million dollars. The fraud details have some typical features but also some that are very surprising. The fraud victims were wealthly bank customers that were specifically targeted, that is they were researched beforehand. The malicious software was installed on the customer computer via the email attachments in "phishing" email that the users installed by clicking on. The malicious software included keyloggers to retrieve usernames and passwords. The interesting point is that the attacks were able to retrieve social security numbers and telephone numbers either from the victims directly or bank records. This information was used to contact telephone companies and establish call forwarding to the criminals disposable cell phones. Obviously this step was needed to intercept verification calls from bank officials for when transfers of money took place. This gets us to another surprising feature of the fraud which instead of the usual small transfers out of the victims accounts over time in an attempt to escape notice, this fraud involved $500,000 wire transfers to accounts set up in Hong Kong. There was no comment on whether the authorities were close to arresting anyone or whether they even had any suspects for the crime.
-- Eric Rasmussen

April, 25, 2011: A report by IDG News Service says that Seattle police are investigating a criminal gang for breaking into the wireless networks of area companies over a period of years and stealing credit card and other financial data. The criminals were using a vehicle equipped with a range-boosting antenna to identify wireless networks they could break into. Specifically, they were looking for WEP (Wired Equivalent Privacy) secured networks because it is easy even for a novice hacker to retrieve the WEP security key and then unencrypt the wireless traffic. After identifying a target, the criminals supposedly parked nearby and then began downloading wireless network traffic of an office or facility. The vehicle, which has been seized, was equipped with heavily tinted windows to hide activity inside of the vehicle. Credit card and other data could then be extracted from the download back at the home base. There is absolutely nothing rocket science about this. The answer to this type of problem is two-fold. First, any commercial, governmental of not-for-profit firm handling confidential financial information must use WPA2 encryption for their wireless network. WPA2 (Wi-Fi Protected Access II) is an incredibly safer security protocol than WEP. In reality, the same is true for individual home use. The only reason WEP is still in use is due to old routers and laziness on the part of users. The second answer to this type of problem is simply not to use wireless in the workplace. Whenever possible, we always recommend that wired connections be substituted for wireless connections for security reasons.
-- Eric Rasmussen

April, 24, 2011: There was a cautionary story published by the Associated Press today. In March, a homeowner in Buffalo woke up to his door being forced open and several law enforcement officers with drawn guns rushing in. It seems they had a warrant to arrest the man for illegally downloading child pornography. The man protested his innocence and only further investigation over the following days proved his story to be the truth. What had transpired was that the homeowner was using a wireless router with an unencrypted signal for his internet connection. Another man in a nearby apartment building used that unencrypted signal to access the internet and download the illegal files. The law enforcement agencies identified the IP address of the router and traced it back to the homeowner through the ISP (internet service provider) records. They had the right router but the wrong user!! Eventually the actual downloader was arrested but this story shows the risk in using unencrypted wireless at home or work. You can never know who is using your unencrypted signal for free and what they are doing with it. You should always encrypt your wireless signal with WPA or WPA2. In addition, you need to password protect the router itself from unauthorized access. Every router comes with a default password which is widely published. To protect the router's settings from being changed, you should always set a new and strong router password.

-- Eric Rasmussen

April, 23, 2011: Internet users need to be on their guard as we go through the Easter weekend. Cybercriminals will be sending out email alerting you about weekend sales or purporting to be offering coupons on Easter candy or other consumer products. The links in these emails, if clicked on, will take you to malicious websites or directly infect your computer with spyware.

The upcoming wedding of Prince William in the United Kingdom will produce a flood of poisoned websites. There is a general belief that the search results near the top of the page or on page one of the popular search engines must be safe by default. This could hardly be further from the truth. There is a technique known as poisoned "search engine optimization" or poisoned SEO for short. This technique uses a number of methods to advance a malicious website to the top of the search engine results. In reality, it employs some of the same methods employed by legitimate websites. The actual methods are complicated including loading metadata, cross-linking and so on. The point is that users need to be aware of the risk in any internet search for web, images, video and other content. The upcoming royal wedding will produce a flood of poisoned websites with photos and video. People will be simply searching on Google, Bing, Yahoo or other search engines for the latest images and information and will click without thinking on links that will take them to poisoned websites where they will be immediately infected with "scareware" or other types of spyware. Using the excellent Finland-based browser add-on the Web of Trust will generally keep you out of trouble if you stay on the "green" websites. But the Web of Trust is based on a system of collecting data from around the world on websites and brand new websites dealing with breaking news or a current event such as the royal wedding will probably be unrated {gray circle with a question mark). The take away from this is to only use well-known news websites for staying up on current events. Using search engines for getting breaking news and then clicking without thinking is a very dangerous approach. Nevertheless, I can assure the reader that I will be receiving many calls about infected computers post royal wedding.
-- Eric Rasmussen

April, 21, 2011: Earlier this week the Oak Ridge National Laboratory had a security breach that caused network administrators to shutdown email and internet access. The Oak Ridge National Laboratory employs around 4,800 people and is the Department of Energy's largest research facility. The security breach was caused by 57 employees clicking on an email link that they believed came from the human resources department at the Laboratory. Apparently, this message was sent to around 500 employees. This is what is termed a "spear phishing" attack where the recipients of the email message are identified beforehand and then are sent an email that is consistent with their occupation, company position or function. The recipient of the email message believes it is legitimate without further thought and then clicks on a link that installs malicious software on their computer. This type of attack has a higher success rate than your typical joke or cute story with a malicious attachment or link. Security professionals are warning that criminals are not just targeting large organizations; they are also reaching down to small companies, local government offices and not-for-profit entities. The highest success rate will be where an employee listing is available with email addresses or where the organization's email address form is easily determined such as first initial, last name @ whatever.com. It is a good practice to educate all employees in the nature of "spear phishing" attacks and safe email practices.
-- Eric Rasmussen

April, 20, 2011: Yahoo just announced that they are extending their retention policy for users online search logs to 18 months. Yahoo had previously reduced the retention period to 6 months but is now lengthening it back to the same level as Google. This reflects the greater push by these search engines and other large internet sites to highly personalize information displayed to users. Obviously in order to personalize the presentation of advertising or specific products/services, it is necessary to analyze the users past surfing history for applicable information. While on one hand this can be seen as moderately beneficial, the flip side is rather disturbing. A search engine company has a great deal of information about you if you are a heavy computer user and sophisticated software can create an in-depth profile from that. The other problem is the security of this information from the risk of data breaches. Now I am not particularly concerned about data security at Google or Yahoo, but the risk increases for smaller companies.

Facebook users should be aware of emails purporting to be from Facebook alerting you that spam is being sent out of your account and that as a security measure your password has been changed. When you click on a link to get more information a malicious program is installed on your computer. The precautions you need to take are obvious.
-- Eric Rasmussen

April, 19, 2011: The security firm McAfee commissioned a study by the Center for Strategic and International Studies (CSIS) concerning cyber attacks on critical infrastructure companies. The report out today is based on a survey of 200 security executives at oil, gas, electric, water and sewage companies in 14 countries. I'm not sure the findings are all that surprising but the trend is still worrying. One in four of the companies reported that they had been the target of extortion through cyber attacks with the highest rates reported in India and Mexico. Basically this means that companies were on the receiving end of attacks that infiltrated their infrastructure systems and then received a communication to pay up or we're (the bad guys) are shutting you down. Just like the last Die Hard movie. About 70% of the survey participants reported that their companies "frequently" found malicious software designed to sabotage their systems in 2010. What was really disturbing in the findings was that 30% of the companies did not think they were prepared for a cyber attack. Now before you totally panic remember that this report covered 14 countries not just the United States where hopefully we are better prepared. Another strange statistic in the report was that about 50% of the companies reported that they found the infrastructure worm/virus Stuxnet on their system. As we have reported in several previous blogs, the Stuxnet program was developed to attack the Iranian nuclear infrastructure process by taking control of Siemen's industrial control equipment. While it has never been proven, the creators of Stuxnet were probably Israel and/or the United States. It has been reported that Stuxnet spread via USB flash drives. How Stuxnet ended up on 50% of critical infrastructure companies around the world certainly is worrisome.
-- Eric Rasmussen

April, 18, 2011: Securitynewsdaily.com is reporting that cybercriminals have set up a fake Epsilon website purporting to provide information to users worried about the massive security breach at the email marketing firm Epsilon several days ago. The website has a link to download the "Epsilon Secure Connect Tool" which supposedly will provide the user with information about whether their personal information was stolen in the Epsilon data breach. However, if you click on this link a malicious trojan horse program is installed on your computer (the purpose of which is not clear). It does not necessarily follow that this website is related to the original cybercriminals that breached Epsilon, but could be another enterprising group just taking advantage of the insecurity created in the minds of millions of users affected by the situation. I think the best you can do in this case is not to open any links of attachments in email from Epsilon or any of the firms they represented which have directly emailed users alerting them of the data breach. Because Epsilon has so many large corporate email marketing relationships, many users have received multiple emails. You can be sure the cybercriminals will be coming after you with clever phishing attacks, so be on your guard.
-- Eric Rasmussen

April, 16, 2011: The U.S. Attorney's office yesterday indicted 11 individuals associated with the online gambling websites PokerStars, Full Tilt Poker and Absolute Poker with illegal gambling, bank fraud and money laundering. The U.S. government considers internet gambling to be illegal under the Unlawful Internet Gambling Enforcement Act of 2006. Three of the indicted individuals were arrested and the other eight were out of the country. If convicted they could be sentenced for up to 20 years in prison. The U.S. Attorney's office is also seeking $3 billion in damages.

-- Eric Rasmussen

April, 15, 2011: A Greek programmer, Yiannis Kakavas, has created a software tool called "Creepy" which is exactly that. Creepy takes geo-location data a user leaves on the internet from Twitter, Flickr and Foursquare and plots them with date and time stamps on a map. The geo-location feature is similar to what you would see on Google maps if you were searching for a type of business. In addition, the software comes with a search tool that allows the use of real names if you do not know someone's application username. The software creator stated, "I was trying to make a point. I'm trying to raise awareness among users of social networking platforms that they actually do share a lot of information and this can potentially be used by people with malicious intentions". Using Creepy you can determine the habits or patterns of a person's movements such as what time that they visit Starbucks every day. What a great tool for stalkers!! Or if you are into governmental big brother conspiracy theories, you can readily understand that if the everyday computer user can download and use this type of software, then the government must really have cool stuff!! Read more about this in an article by Bob Sullivan at MSNBC. The take away from Creepy is for computer and mobile device users to be aware of geo-location features in the applications they are using and turn them off when not required.
-- Eric Rasmussen

April, 14, 2011: The FBI have shutdown a major botnet responsible for infecting 2 million computers worldwide, the majority of which are in the United States. The botnet, known as Coreflood, had been operating for a decade and was responsible for stealing millions of dollars in bank account and credit card fraud. Coreflood stole usernames, passwords, financial data and other financial information from infected computers. The FBI seized 5 command and control servers in the United States and 29 domain names used by Coreflood. There has also been a civil complaint filed by the U.S. District Court involved accusing 13 individuals of "wire fraud, bank fraud and illegal interception of electronic communication". The nationalities of the individuals were not identified though it would appear that these criminals are in Eastern Europe. Some of the botnet's victims included a real estate company in Michigan that lost $115,000; a South Carolina law firm that lost $78,000 and a Tennessee defense contractor that lost $241,000. One security expert stated that Coreflood might have made over $100 million during its operation. Based on the information on the seized command and control servers, the FBI will attempt to contact the owners of the infected computers.

Customers ask me all the time about what is the purpose of malware. The operation of the Coreflood botnet should make that perfectly clear.
-- Eric Rasmussen

April, 13, 2011: Senators John McCain and John Kerry have introduced a bi-partisan internet privacy bill. The focus of the bill is to protect consumers from organizations that collect information online about them and then subsequently share it with other organizations. The bill provides that users easily opt out of data collection concerning names, addresses, email addresses and credit card numbers. More personal information such as religious affiliation, sexual identity and health could only be collected with an explicit opt-in agreement of the user. The bill provides for fines in the case of violations which would be regulated by the Federal Trade Commission. Private lawsuits are strictly prohibited by the bill. The bill does not have a "Do Not Track" feature which was earlier recommended by the Federal Trade Commission and a number of consumer advocacy groups. Such a feature would have to be built into the user's browser. Because of the lack of a "Do Not Track" feature a number of these groups criticized the bill. While some people believe that the last thing we need is more governmental regulation, it is my opinion that self-governance of the internet is hopeless and that the consumer will never be protected from the collection and misuse of personal information without regulation.

Researchers at IBM and the Institute of Bioengineering and Nanotechnology in Singapore announced that they created nanostructures that could detect and destroy antibiotic-resistant bacteria and other deadly infections. Further applications could be in consumer products like deodorant, soap, hand sanitizers, table wipes and preservatives. These nanostructures are biodegradable and are constructed to prevent the development of resistance by bacteria. Ok, well, so we are going to inject ourselves with nano devices that can detect and destroy things and have built-in defensive mechanisms. I'm all for technology believe me, but this sounds like the plot of zombie disaster scenario in the making. I sure hope they test this stuff in a secure lab first.
-- Eric Rasmussen

April, 12, 2011: In another data storage fiasco, the State of Texas announced today that 3.5 million residents had personal information exposed on unencrypted public servers over the first five months of 2010. The agencies involved were the state teacher retirement system, workforce commission and the employee retirement system. The data included names, addresses and wait for it....social security numbers. However, the state is assuring people the data has not been misused. Why am I having a hard time believing that statement?
In a little bit of good news, the people behind the Koobface social networking malicious worm that played havoc last year with Facebook users have apparently moved on to other attack vectors outside of Facebook. Either the high profile press they were getting may have put some heat on them or as has been suggested, Facebook security has been doing a decent job of blocking their attacks. Sounds like the bad guys made a cost/benefit decision and decided to move elsewhere for a time. Good riddance!!
However, before you start wildly clicking on all of those messages on your Facebook wall, be aware of a flood of rogue apps and other types of attacks making their way around Facebook. These attacks include messages about "Dad catches daughter making a sexy webcam video"; the Olive Garden Restaurant and "Twilight Breaking Dawn" friends' photo album scams and the Social Tagging Worldwide cross-scripting attack.

In a recent survey by Eclipse, a UK internet service provider, it found that over one-half of British business believed Koobface (an anagram for Facebook) was a social networking site and 75% said they did not believe they could recognize a rogue link before clicking on it. Well, now I understand what happened to the British Empire!!
-- Eric Rasmussen

April, 10, 2011: In the last few days the data breach at Epsilon is getting Congressional attention with the company receiving a request for additional information about the magnitude of the breach and how it is impacting customers. There is apparently some possibility of a Congressional hearing over this matter.

Last week the Rapid Information Bulletin Board System website of the United States Postal Service was infected with injected code that redirected users of the website to ultimately a malicious website that infected their computers with various trojan horse programs. The attack used the Blackhole Exploit Kit that was developed in Russia according to researchers. However, this type of kit is available for purchase in the criminal underworld and the nationality of the perpetrators has not been mentioned in the news sources. The USPS was forced to take down their infected ribbs.usps.gov website for a time after the exploit was discovered.
-- Eric Rasmussen

April, 09, 2011: There has been a story in the news this week highlighting just how vulnerable technology infrastructure can be. In many parts of the world scavenging for copper is an important way of generating extra income for food and other necessities. This has been a problem plaguing Russia for years. Late in March, in the country of Georgia, an elderly woman was scavenging for copper when she found an underground cable that then was sliced through. The only problem was that it was the fiber-optic cable supplying 90% of the internet bandwidth to the neighboring country of Armenia. Large parts of Georgia and Azerbaijan were also affected. While the cable break was soon identified and repaired, it is a bit frightening how dependent parts of the world can be on a few physical connections. Given that copper scavengers have been known to use tractors to pull cable out of the ground, I guess the damage could have been a lot worse. As for the elderly woman, she could face up to three years in prison if convicted. Not good.

-- Eric Rasmussen

April, 08, 2011: Somewhat lost in the noise surrounding the Epsilon data breach, about a week ago Kroger, the supermarket company, also had their servers breached and lost customer names and email address information. On the Epsilon front, Chase customers with compromised email addresses are already receiving email "phishing" attacks as the criminals seek to trick users into revealing account and password data.
Since we are in income tax season, computer users should be aware of fake emails from the Internal Revenue Service suggesting there is something wrong with your tax return and requesting additional information. In an example of this explained over at "Krebs on Security", the email recipient is asked to fill out a PDF form and fax it back to a number that supposedly is an IRS office. Obviously the information you supply is then used for identity theft purposes.
-- Eric Rasmussen

April, 06, 2011: The security company Symantec issued their annual Internet Security Threat Report for 2010 on April 5. It is a very ugly report on the state of the internet. Symantec identified over 286 million new threats in 2010 with an overall increase in sophistication. Those threats were based on approximately 6,200 new vulnerabilities and were used in 3 billion attacks. Symantec's statistics for the report were based on 240,000 collection points in 200 countries as well as their installed customer base of 133 million systems. The attack vectors included website attacks targeting browser plug-ins, Java, and Adobe's Reader and Flash applications; Facebook and Twitter; and less towards browser and operating system vulnerabilities. With regards to Facebook specifically, Symantec estimates that about 17 percent of links posted on Facebook were links to malicious software.
It's hard not to read this report and be depressed about the risks facing the uninformed internet user. The number of threats and attacks show why it is unrealistic to expect any antivirus software to make you bulletproof as you wildly surf the internet, clicking your mouse here, there and everywhere. Prevention of attacks to begin with by being an informed and knowledgeable user is 90 percent of the battle.
-- Eric Rasmussen

April, 05, 2011: Last Friday the email marketing firm Epsilon, based in Dallas, Texas, stated that its computer systems had been breached and that customer names and email addresses of some of its accounts had been stolen. Epsilon handles the email/marketing campaigns for 2,500 companies including JP Morgan Chase, Citigroup, Best Buy, Walgreens, Target, Capital One, Brookstone, Barclays Bank, LL Bean, The College Board, US Bank, Ritz-Carlton Rewards, Marriott Rewards, Staples, Kroger and Disney Destinations. The extent of the data breach remains unclear. Epsilon is a subsidiary of Alliance Data, a publicly traded corporation also based in Texas. The immediate effect of the data breach is that Epsilon's corporate customers are contacting their own customers involved in the data breach and alerting them as to what has occurred. Many individuals are therefore receiving multiple emails if they have a relationship with more than one of the affected companies.
Longer-term, individuals can expect to receive "phishing" email purporting to be from companies they have a relationship with involved in the data breach at Epsilon. A "phishing" email will appear to be legitimate but will request personal information to "update its records" or other similar requests. Many times a "phishing" email will contain one or more links to malicious websites. The critical information the criminals want is passwords to accounts, credit card data, bank account numbers and passwords and social security numbers. Because the "phishing" email will be received from a company an individual recognizes and has received legitimate email in the past, their mental defenses are typically lowered and they are more likely to supply the requested information. In addition to targeted "phishing" attacks, individuals can expect to receive more spam once the stolen email lists are circulated and resold in the dark underworld of the internet.

The take away from all of this is that you need to be extremely cautious about all email and never supply personal information in response to an email inquiry.
-- Eric Rasmussen

April, 04, 2011: The Blackhawk Blog is back after a very busy six weeks of work and a little vacation. The breaking news on the computer security front is the Lizamoon attack which has infected at least 500,000 legitimate websites and possibly many more. The attack is named after the domain that originally hosted the malware. The attack uses a SQL injection technique to add a line of code to legitimate websites that redirects the user to a malicious when the legitimate website loads. At the malicious website the user is presented a warning message that their computer is infected and that they should download an antivirus product, "Windows Stability Center", which is obviously fake and of course pay for it via credit card. The relative good news is that international security professionals have moved quickly to block the Asian-based target domains so that a user is now only presented with with an unreachable webpage message. Nevertheless, the scope of the attack is staggering and highlights the risk of surfing to any website. These type of malicious attacks will make the internet unworkable until website programming/coding and security issues are addressed. By the way, relying on your anti-virus software to block the "Windows Security Center" malware only worked in about one-third of the available products according to an article at eWeek.
-- Eric Rasmussen

February, 21, 2011: At a recent panel discussion at Fordham University on cybercrime, Adam Palmer, a security expert at Symantec, set forth some interesting statistics. According to Palmer, 73 percent of the servers in the United States have been hit with some type of cyber-crime attack. Also, in 2009, there were 7 million identity thefts at the hands of the cyber-criminals. While many organizations produce similar identity theft statistics, they seem to be in the same general area. From what I have been able to determine, this level for 2009 is consistent with prior years and om an uptrend. The panel noted some success of law enforcement against cyber-criminals in 2010, such as the shutdown of the Mariposa botnet in Spain and the arrest of the Russian controller of the Mega-D botnet. Before you get all excited about success against the Eastern European criminals in the Mega-D case, the Russian national was arrested in Las Vegas. Hello, what were you thinking about? First I rob you and then take a vacation in your country. Overall though, I don't think there has been much law enforcement success by the United States or the European Union against the cyber-criminals based in Russia and Ukraine. But if I were one of those guys, I would probably not choose to take my two week vacation in the United States unless I wanted to see the inside of a Federal prison. Just a thought.
-- Eric Rasmussen

February, 20, 2011: This week Microsoft will be releasing Service Pack 1 for the Windows 7 operating system. The Service Pack will be available though the normal Windows Update process. The storage requirements for the 32-bit version are approximately 750 megabytes while the 64-bit version is closrer to 1000 megabytes. While we are not anticipating any problems,we do recommend that you backup any essential files before starting the Service Pack installation.

-- Eric Rasmussen

February, 14, 2011: It should be obvious that the criminals will use Valentine's Day related poisoned websites, photos and email to conduct cyberattacks. Today I want to point out a new type of attack that is directed at the mobile/smartphone user. This attack originates in Russia and infects your smartphone after you download cute animal Valentine pictures to use as email attachments in your Valentine writing frenzy. The problem is that you also infect your smartphone with a trojan horse that starts sending premium SMS text messages to a telephone number in Russia without your knowledge. You rack up a big cellphone bill and the criminals benefit, somewhat spoiling your Valentine's Day though you do not find out until you receive your next bill. While the chances of being attacked are probably fairly low at this point, I'm sure we will see more such attacks in the future.
-- Eric Rasmussen

February, 10, 2011: The security firm McAfee reported today that hackers based in China stole information from oil and gas companies in the United States, Greece, Taiwan and Kazakhstan beginning in November 2009. The names of the companies were not disclosed. The information stolen pertained to operations, oil field bidding and financing. It is fairly obvious that this hacking was at the direction of the Chinese military and/or government. I wish the Chinese would hack into Area 51 and tell us whether there are really alien spacecraft in those big hangars we can all see on Google Earth.
The hacker attacks on the NASDAQ OMX systems over the past year were not directed at the trading system but rather the Director's Desk system that is used by companies for board of director meetings according to security experts. As such, this system would necessarily contain confidential information about corporate activities that was not in the public domain. Armed with such insider information, a hacker could then devise a market trading strategy to take advantage of it. Whether this actually occurred and the nature of information stolen by the hackers remains unclear. These attacks do highlight the increasing sophistication of the criminal hackers beyond fake antivirus security hijacking and spamming.
-- Eric Rasmussen

February, 09, 2011: European researchers are working on a project that would allow robots to store and share data they discover about the world. The database and communication system called RoboEarth "will allow robots to come into service more quickly, armed with a growing library of knowledge about their human masters" according to an article in the BBC Tech News. The purpose it seems is to allow robots to have a networked storage capability where tasks, objects and information on human hosts can be kept so that individal robots do not need to "recreate the wheel". Am I the only person that finds this slightly disturbing? Isn't this harmless first step the way that the Terminator Series Skynet computer system began? Ok, well maybe I'm overreacting a bit but wait until the robots conclude their human carbon-based life form masters are stupid and irrational. Then you will not be laughing.
In other news, two Italians working in the media industry created an automated computer program to "scrape" personal information about users out of Facebook and then used it to populate a dating website called Lovely Faces. The Facebook users photos were then run through a facial recognition program to create a basic description of the user such as "sly", "smug" or "easy going". Out of approximately 1 million Facebook users accessed in this way, there was sufficent data for about 250,000 profiles. These profiles had real names associated with it since the data came from Facebook. Obviously all of this was done without the permission of the indivivuals or Facebook. The purpose of the project was apparently to point out how much information is available on people through social networking sites. In any case, the Lovely Faces website is down apparently after legal action by Facebook. Once again this should help us focus on the issue of personal information available on the internet and privacy.
-- Eric Rasmussen

February, 08, 2011: At ZDNet.com Zack Whittaker has written the "January 2011: The Definitive Facebook Lockdown Guide". It seems to be one of the better written guides for protecting your personal data on Facebook and is also up-to-date. If you are a frequent Facebook user you may want to check it out. While we think that Facebook users should be proactive in establishing the necessary settings for their account, we stand by our general guidance that you should never put information on a social networking site that you are not prepared for the entire world to see. This reflects our somewhat negative view of the effectiveness of computer security and the ability of social networking sites (and a lot of other types of sites) to protect your personal information. If you have been reading the Blackhawk Blog, you know there have been some large website hacking incidents lately with millions of accounts involved. In addition, Facebook has had their problems with apps accessing user personal data. So don't bad mouth the boss in what you think is a private conversation because it may turn out otherwise. Oh, and for the Russian readers, definitely don't bad mouth Prime Minister Putin on your Facebook page. Just a thought.
Hackers are selling malicious Facebook application kits for $25 according to Websense Security Labs. The kit provides you with templates for malicious activities including gathering personal information, sending spam and other wonderful stuff. Now before you run out and spend the $25 please remember that these activities are sure to be illegal in the United States and I really don't think you could make much money at it to justify the risks and your legal defense fees. The only people who will make money are the real criminals receiving the $25. It's kind of like the tomato slicer you see on television that slices and dices and is only $19.95; the truth is never as good as the advertisement.

-- Eric Rasmussen

February, 06, 2011: At the end of January the dating website Plenty of Fish was compromised in the latest hacking exploit. According to the reports, the usernames, real names, addresses, telephone numbers, passwords and PayPal accounts of 28 million users were downloaded by the hackers. The specific details are very unclear with a story involving an Argentinian hacker, Russians criminals, death threats, extortion, and basically everything but alien abduction. Just google on the story if you need some entertainment. Lately it seems like the hackers are having great success.
-- Eric Rasmussen

February, 02, 2011: The Department of Immigration and Customs Enforcement has an interesting program underway called "Operation in Our Sites". The purpose of the program is to seize websites that are being used to run illegal businesses, host copyright infringing content and in at least some cases only provide links to such content. The seizures are signed off by a Federal judge in advance but the site owners receive no prior notification. There certainly seems to be some lack of due process in the seizures. Apparently Senator Ron Wyden (D-OR) thinks so too because he has asked for clarification from the director of Immigration and Customs Enforcement. I'm having a hard time understanding the crime if I have a list of links on my website to other websites that are actually hosting illegal content. Is this like aiding and abetting a criminal activity? Seems kind of scary to me. You can read more about it at arstechnia.com.

-- Eric Rasmussen

February, 01, 2011: The Carberp trojan horse is a good example of the very sophisticated nature of today's malware. Discovered in October of last year, the purpose of Carberp is to steal information off of an infected computer, with an apparent emphasis on banking usernames and passwords. The malware disguises itself inside of the Windows operating system and does not require administrative rights to install itself according to a report at eWeek. What is so awesome about this type of malware is that it has its own anti-malware removal tools to clean off other malicious software that might interfere with its operation. Carberp listens in on web traffic and can intercept banking traffic or block legitimate anti-malware updates. The first two versions according to eWeek were targeted at users of Netherlands and United States banks while the most recent version is targeted at Russian users. Once this type of malware is on your computer you are in trouble. The secret to this is to not get infected to begin with.

-- Eric Rasmussen

January, 31, 2011: Microsoft issued a "critical" warning about a newly discovered flaw in the Windows operating system. The flaw affects every Windows computer with its Internet Explorer browser, or around 900 million users worldwide. Well, I'm glad it was just a small number, nothing too major. The flaw allows a malicious script to run during an Internet Explorer session that can hijack a computer. It appears that this flaw has not been exploited in the "wild", but it is serious enough for Microsoft to go public with the information. The flaw apparently affects all users of Internet Explorer regardless of the version.
The Stuxnet virus, which was introduced into some of Iran's nuclear development industrial control systems last year, is in the news again. According to a foreign intelligence report obtained by the Associated Press, there is a risk of a Chernobyl type of disaster when the Bushehr nuclear plant becomes fully operational. This conclusion is disputed by Russian authorities but of course those are the same people that caused Chernobyl in the first place.
-- Eric Rasmussen

January, 30, 2011: There is a recent article at eWeek that discusses so-called Advanced Persistent Threats, a type of cybercrime attack named by the security firm Mandiant. This attack is aimed more at people than systems and is targeted at government, defense, financial, research and marketing organizations. By using targeted attacks on particular employees in these organizations, the cyber criminals seek to gain a persistent access that they can leverage further. The initial attacks are typical "spear phishing" exploits, involving email with but not limited to poisoned word, excel, PDF and ZIP files. These poisoned files we can assume will appear to be of a legitimate business nature probably from another a department or related operation. Remember here, the criminals have done some homework on who they are attacking. Once the target's computer is infected, further command and control is maintained via social networking sites including Facebook and Google Chat. The internal computer security programs are not then alerted because the network traffic to those sites would appear as totally normal. We're only talking about cyber criminals here; just imagine the sophistication of real espionage attacks on our government, defense and corporate organizations by China. While the nature of this activity does not have direct relevance to the small and medium business owner here in Ohio, it is still worth pointing out how important it is to train employees to be cognizant of targeted attacks via email.
-- Eric Rasmussen

January, 28, 2011: In my December 11th blog I discussed the cyber war surrounding WikiLeaks. While the government was trying to locate and shutdown the WikiLeaks servers, other groups were conducting denial of service attacks on organizations that had removed support for WikiLeaks funding such as PayPal, MasterCard and Visa. The denial of service attacks were apparently mainly being organized by the hacker/activist group "Anonymous" as a response to the attack on WikiLeaks and "internet freedom". What was interesting about the denial of service attacks was the ability for the non-hacker community to join the fight on a manual or automated basis with downloaded software and organized at least in the beginning via Twitter-based communications. However, I failed to mention that conducting or facilitating a cyber attack of this kind is a Federal offense punishable with up to ten years in prison. Oops, sorry about that. Today the FBI executed more than 40 search warrants in the United States as part of an international investigation into the members of "Anonymous". Some arrests have already been made in the Netherlands and the United Kingdom. At this point it is totally unclear what this means to all of the people who joined ranks with "Anonymous" in this country and participated in the denial of service attacks. Besides seeking good legal advice, you might want to look up those long lost relatives in Bulgaria and go there on an extended exile, I mean vacation. Before you rush out the door, don't forget to wipe those hard drives.
-- Eric Rasmussen

January, 26, 2011: The Conficker worm was launched into the internet in late 2008 and for several months received a substantial amount of news coverage. Conficker was designed to create a botnet, a collection of computers that can receive instructions from its controller, (known as a bot herder), for use in sending spam, denial of service attacks and other illegal activities. A computer in a botnet will operate secretly so that the owner does not suspect its activities and turn off the power. A "white hat" group was put together to combat Conficker, the Conficker Working Group. This group was successful in analyzing the threat and devising ways to prevent Conficker from communicating with its bot herder/creator. Interesting, it is estimated that Conficker still infects 4 million to 13 million computers worldwide. According to an article at CNET.com, the Conficker creator may have been scared off by the publicity and did not try to overcome the Conficker Working Group reaction. It also may be that the Conficker creator is waiting for a later date to activate the botnet. The primary targets for the original attack were Windows computers with unpatched operating systems, particularly those with pirated software that cannot use the Windows update feature. As such Conficker has not been a major concern for our customer base which generally has fully updated Windows on their computers. But it will sure be interesting if Conficker ever comes to life. It kind of reminds me of the movie "The Thing".
-- Eric Rasmussen

January, 25, 2011: According to eWeek.com, in December the security at an email marketing firm used by Honda USA was breached and 2.2 million Honda customer records were stolen. The data stolen included customer names, email addresses and VIN numbers. Armed with this information an average criminal can create a lookalike Honda email template, send out "notices" to customers, maybe suggesting the VIN number referenced vehicle is subject to a recall, and asking the customer to click on a link to get further information. When the customer clicks then the malicious program can be downloaded. It's a very good attack method because the email recipient would not expect the bad guys to have their vehicle's VIN number and their mental defenses will be lowered. Expect more situations like this in the future.
-- Eric Rasmussen

January, 23, 2011: According to an article at eWeek.com, the security firm Sophos and Facebook are arguing about the extent of malicious attacks on users of the social networking site. Based on what I think is a small survey of approximately 1,300 people, 40 percent had received malware via social networking sites in December. I am assuming because it was not stated that the vast majority of these attacks were on Facebook and Twitter. Facebook is acknowledging attacks but is disputing their effectiveness. Our customer base reports attacks all of the time on Facebook. Many of these attacks are succeeding based just on the fake antivirus security hijacks which we see daily when a customer computer needs to be cleaned up. What is very disturbing to consider is the number of attacks that succeed where the malicious program is true spyware, the activities of which are hidden from the user.
There are a couple of interesting statements in the eWeek article by Graham Cluley, senior technology consultant at Sophos. He stated, "This isn't just a problem for home users. Many people check their social networking accounts from the workplace, making the sites a potential vector for attacks against business." From our experience this point is right on target as we have had a number of customer business computers infected by either clicking on links in Facebook messages or opening email attachments that are not work related. As for Facebook, Cluley went on, "I see two possibilities, either Facebook simply doesn't get security and privacy or it just doesn't care. I really hope it's the former." Well, I think it's the latter, because it's all about money.

-- Eric Rasmussen

January, 22, 2011: The UK company Lush Cosmetics has reported a security breach of their UK online store as reported by the BBC and ZNET. While the details are not clear, customer credit card information was stolen and customers have already reported fraudulent transactions on their accounts. Lush Cosmetics is a large company with over 600 locations worldwide and should have extensive web server security in place. The takeaway from this report is to use PayPal whenever possible in lieu of providing credit card information for online purchases.
In another disturbing report, the U.S. based website Trapster, which provides information to its users to avoid speed traps and road hazards, advised its 10 million users that their emails and passwords may now be in the hands of hackers. Yes, you read that correctly, 10 million. Trapster users should obviously change the passwords on their Trapster account but more importantly on any other accounts where the same email account and password combination is used. Remember, keep all passwords unique by website and do not reuse them.
-- Eric Rasmussen

January, 21, 2011: In December the gossip website Gawker.com and some related websites were hacked and approximately 1.5 million usernames, passwords, email addresses and other information was stolen by Gnosis, a small hacker group. Gnosis's motives are unclear, they are apparently not a criminal group, but they subsequently published the data in a torrent on Pirate Bay, the Swedish website involved in copyright violation litigation. Well, now according to a report in PCWorld today, Twitter is having to change passwords on accounts that were distributing links unknowingly from fake antivirus scam sites in the Ukraine. It appears that the criminals took the Gawker data published by Gnosis and then used the data to hack into the same user accounts in Twitter. The key to the hack was that a great many users had the same password for both Gawker and Twitter. As a related point I have also read that the most common password in the stolen Gawker data was, wait for it....., password.
Using the same password across accounts is obviously a bad practice. Last year the criminals found plenty of opportunities when they figured out that a lot of Facebook users use the same password on their online bank accounts. Because of the ease with which Facebook passwords can be hacked by a dictionary attack, we have been strongly advising customers to have unique passwords for their online bank accounts. But the Gawker/Twitter episode shows how important it is to have unique passwords across all of your accounts.
-- Eric Rasmussen

January, 20, 2011: Do you charge your smartphone from a computer by a USB cable? I do several times a day. An article at CNET by Elinor Mills explains how this could become a serious security problem. Researchers at George Mason University have modified the USB driver on the computer to allow the smartphone keyboard and mouse functionality. This in turns allows an infected computer to infect a smartphone that is charging its battery by a USB cable. Then if the infected smartphone is attached to a second computer, it is capable of downstreaming the malicious program to that computer. Just great. This attack works on Windows, Macs and Linux computers, all of which suffer from the flaw that a USB device does not require authentication. At the moment this is only a research project but the criminals will not be far behind. So if you are sitting in the airport working on your laptop and "Boris" asks if he can charge his smartphone off your laptop so he can call his sick mother back home, tell him it is a corporate computer and all of the USB ports are disabled or alternatively, fake nausea and run to the restroom.
-- Eric Rasmussen

January, 16, 2011: In today's world, security for home wireless networks is based on WPA, or the Wi-Fi Protected Access security protocol. WPA replaced the WEP protocol, or Wired Equivalent Privacy, some number of years ago and has itself been replaced by WPA2. While we still see a great number of WEP-based wireless systems, the majority today are WPA/WPA2-based. The importance of this is that WEP encryption can be broken by an experienced hacker within minutes. WPA encryption on the other hand has been considered to be essentially unbreakable except by government-level intelligence organizations. Now however, Thomas Roth, a German-based security expert, has announced that he has been able to break WPA encryption in six minutes using a special piece of software that he was running on Amazon's cloud-based computers which he rented at only 28 cents per minute. To break WPA encryption requires huge computer processing resources that most hackers cannot afford, but now with cloud-based computing resources for rent to anyone, the hackers can essentially outsource the processing burden for a fraction of the cost of owning the computer equipment outright. Mr. Roth's software uses a brute force attack method and can generate 1 million passwords every three seconds. Thus in six minutes he can generate 120 million passwords. While this is pretty scary I think that WPA/WPA2 is still very secure if you use at least 10 random digit passwords that include numbers and letters though including symbols makes it stronger yet. It won't be long before there is an Android-based app to break WPA encryption using cloud-based resources. So anyone with a smartphone can be a potential hacker. The takeaway from this is to review your WPA/WPA2 encryption keys and make sure they are what computer security experts term "strong".
-- Eric Rasmussen

January, 15, 2011: I have blogged a bit about fake antivirus products which will show you screens purporting to be antivirus/malware scans with all kinds of malicious programs found on your computer. These programs then want you to purchase their "product" for usually $50 by credit card in order to download it and clean off the malicious programs. The only problem is that you get nothing for your $50 and your credit card number is now in criminal hands in Bulgaria or other Eastern Europe locations. These fake antivirus products can be quite sophisticated including running in safe mode, disabling services, preventing use of the browser to download legitimate software and having duplicate copies of the program installed in different locations on the hard drive.
Now the criminals have a new set of fake software products to trap the unwary. These products are more in the utility category such as fake disk defragmenters, disk utility tools, and license management tools. They can also offer a fake all-in-one product with antivirus and utilities. These products will also provide screens with fake information about the status of a hard disk or other computer hardware or operating system services and then attempt to sell you corrective software. Once again you will actually receive nothing for your money and your credit card number will be in criminal hands. Some of the names in use for these fake software products are HDD Plus, HDD Diagnostic, HDDoctor, System Defragmenter, and Ultra Defragger. The precautions you should take in these circumstances are obvious.
-- Eric Rasmussen

January, 12, 2011: The French company Withings has a Wi-Fi connected bathroom scale that can send weight data to your smartphone where it can be stored and charted. Apparently you can then also automatically send this information to your weightwatchers support group on Twitter. What if I hacked into your bathroom scale and gradually started increasing your weight and you become suicidal and violent? You know, these things happen in our country.
-- Eric Rasmussen

January, 09, 2011: According to a new report by Panda Security, more than one-third of all malicious software was created and distributed by cybercriminals in 2010. The bad guys are sure busy. Certainly our business indicates that the attacks on computer users are increasing. The attack methods continue to be forwarded email attachments, poisoned links in Facebook messages, poisoned websites, and free music/videos. Some other attack methods we see are poisoned links in Craigslist, and free online games. The trends seem to indicate that poisoned links in Facebook will be the biggest problem for users in 2011 as the number of users continue to increase.
-- Eric Rasmussen

January, 06, 2011: The Consumer Electronics Show is this week in Las Vegas. A couple of items caught my attention. One of the keynote speakers predicted that the number of internet sensors would grow from 4 billion today to 60 billion by the end of the decade. Many of these internet sensors, essentially internet connections, will be used in household appliances. Companies such as LG demonstrated a washer, dryer and refrigerator with internet connectivity. Can you imagine if a Stuxnet type trojan horse got into your refrigerator's operating system via the internet and turned off your temperature control or changed your dryer settings to overheat the dry cycle in use and shrink your clothes? The future decade is sure going to be interesting.
-- Eric Rasmussen

January, 05, 2011: Just before Christmas cybercriminals operating through a server in Belarus in Eastern Europe sent out a holiday greeting card via email purporting to be from the White House to government, military and law enforcement agencies. The greeting card contained two links both of which if clicked upon installed a Zeus trojan horse variant onto the user's computer. Dozens of users clicked on the links and the cybercriminals obtained access to thousands of "sensistive" documents though according to reports none of the information was "classified". It is interesting that the Zeus trojan was developed to steal bank and investment account passwords but was adapted for this attack to download documents. If government and law enforcement employees can be tricked so easily into clicking on poisoned links, then its obvious everyone else is in trouble too.
-- Eric Rasmussen

January, 02, 2011: The new year is starting off on the wrong foot for some Microsoft Hotmail users as it seems the software giant has misplaced some amount of customer email that dates back to November. At last count the complaints on the Microsoft forum were 476 pages. We are not a fan of Hotmail for several reasons including security so instead of complaining, switch to Gmail, Google's email service.
Facebook surpassed Google as the most visited website in 2010. Facebook accounted for 8.9% of all U.S. website visits while Google was second with 7.2%. Also, it is estimated that the time U.S. users spent on each website is now about equal. This is the real battle for online advertising and continued growth in Facebook is creating a problem for Google. Stay tuned because this will be an important story in 2011.
-- Eric Rasmussen

January, 01, 2011: The cyber criminals are now employing call centers in India to cold call people while claiming to be support staff from Microsoft. Assuming you are a computer user and take the hook, the caller directs you to look in the Windows event viewer via the control panel on the computer for possible errors. Since most Windows event viewers will show some type of error, the caller will characterize the error as a malicious file infection which most users will accept at face value. With the user convinced their computer is infected, the caller then attempts to sell to you software to be downloaded which will either not work (because your computer wasn't infected to begin with) or infect your computer for real. In addition, the criminals will have your money and your credit card number. The precautions you need to take are obvious.
-- Eric Rasmussen

December, 28, 2010: The Russian Prime Minister Vladimir Putin signed an order calling for the Russian government to begin to switch to the open-source Linux operating system in 2012 from proprietary systems, mainly Microsoft Windows. The motive behind the initiative is to remove themselves from the clutches of Microsoft, to save money in licensing fees and to encourage more Russian software development.

The Stuxnet trojan horse which was in the news a couple of months ago when it attacked computerized industrial control processes in the Iranian nuclear program may reappear with new targets in 2011 and beyond according to security experts. These targets could include the power grid, electronic voting systems and video conferencing systems. Of course, the creators of Stuxnet, still not identified but possibly the U.S. or Israeli governments, would be targeting countries such as Iran and North Korea. What would be really scary is if those governments or terrorist groups reverse engineer Stuxnet and use it against us or Western Europe. It would be like a "Die Hard" movie except for real. I would like to think that out intelligence and computer security infrastructure would be prepared for this type of threat but based on the Wikileaks computer security disaster I think we should conclude that we are going to have a big problem. I wonder if Bruce Willis will be available.

-- Eric Rasmussen

December, 12, 2010: Spam email on average for 2010 accounted for 89% of all email sent on the internet according to a report by the security firm Symantec. Of that amount, 88% is sent by botnets with the largest generator being the Rustock botnet. This botnet has approximately 1 million computers under its control. In order to trap the victim into infecting their computer, the spammers are using a variety of techniques, most of which we have discussed already on the Blackhawk Blog. Examples are the typical pharmaceutical ads, news messages related to current events such as the FIFA World Cup or the Michael Jackson funeral, the disaster in Haiti and so on. The point is to trick the user into CLICKING on a link. The ultimate aim of the criminal exploit is identity theft, acquisition of online banking and investment account passwords, corporate logon passwords, fake anti-virus hijacks, and adding the computer to the botnet. Direct spam should be easy to spot because the sender will be some strange email address but forwarded email with infected attachments is the more pervasive threat because it will be sent from someone the recipient knows, such as relatives, coworkers and friends. We see these infected emails get by the email scanners of every security software package available to consumers. This is quite different than direct spam which can be fairly well controlled by spam blocking software. So how many spam emails is it estimated that the Rustock botnet sends out daily? The answer is 44 billion, yes, forty-four billion emails. And that is just one botnet, though apparently the largest. No wonder the internet is such a mess.
-- Eric Rasmussen

December, 11, 2010: I have been recently overwhelmed with work and the Blackhawk Blog has had to take a back seat. But now work is a bit more under control and I will try to stay on a daily blog schedule.

The Wikileaks disclosure of government documents has resulted in a cyber war. On one side there are cyber forces attacking the Wikileak websites and server locations in an attempt to stop or slow down the release of further documents. On the other side are the cyber forces attacking websites of companies that have been seen as supportive of the government attempts to silence Wikileaks. Examples of these are Paypal and Mastercard that are blocking attempts of people to donate money to Wikileaks using their services. This has resulted in "denial of service" attacks on their websites by supporters of Wikileaks. What is the most interesting is how the supporters of Wikileaks are using "opt-in" botnet technology to accomplish their purpose. There is a group of hackers known as Anonymous, who have developed and or sponsored a piece of software known as the Low Orbit Ion Cannon or LOIC. This very cool sounding software has nothing to do with repelling alien starship attacks. Rather it is downloaded by a normal computer user for manually configuring denial of service attacks on websites. The targets have been provided via Twitter messages though Twitter has been working to close down such accounts. If the user just wants to dedicate their machine to the cause without manually configuring it, there is an automated mode known as Hive Mind. This is exactly the same as a botnet used by the criminals except the user has "opted-in" to the botnet to allow their computer to be used, hopefully for the intended purpose. I am not sure I would recommend it on your family computer but if you have an extra PC handy, then Commander, load up and fire the Low Orbit Ion Cannon!!
-- Eric Rasmussen

November, 28, 2010: Next spring Acer, the manufacturer of laptops and netbooks, will be entering the tablet market with 7 and 10.1 inch products which will be capable of running either the Android or Windows 7 operating systems. According to a report in eWeek, the tablets will be immediately 3G capable. Moreover, the larger tablet, designed with casual gamers in mind, will have a HDMI port allowing users to connect to a HDTV. These products might provide Apple's iPad some serious competition.

The recent announcement of the engagement of Prince William to Kate Middleton displayed how closely the Eastern European cyber criminals follow the news. Within hours of the announcement, there were already so-called "poisoned" websites put up with pictures of Kate Middleton that when clicked-on downloaded a malicious file onto the user's computer. This is similar to the fake aid to Haiti websites that sprouted up after the Haiti earthquake although a number of them were in the United Kingdom and were subsequently taken down by the authorities. Nevertheless, we had one customer attacked from such a website. The takeaway is to be very cautious when surfing for breaking news events; stick with known news sources.
-- Eric Rasmussen

November, 25, 2010: Panda Security recently reported that 20 million new strains of malware had already been created in 2010. This is equal to the total amount of malware estimated to have been created in 2009. So for 2010, this means about 63,000 pieces of malware are being created daily. Of the current malware "in the wild", Panda estimates that 34% was created in 2010. Obviously, the bad guys are really busy and the magnitude of these numbers makes clear the extent of the assault on everyday computer users.
Also in the news, the security firm BitDefender suggested that 20% of Facebook users had infected news feeds. The detection of this malware source was based on the analysis of 14,000 Facebook accounts. The majority of the news feed malware related to apps from independent developers downloaded by Facebook users. This highlights once again how important it is to stay away from apps unless the user does considerable due diligence before downloading them.
During the holiday shopping season, the FBI and other organizations are reminding computer users to be extremely careful about email, Facebook message and website scams offering free iPads, free gift cards and bogus auctions and classified ads. It is our strong recommendation to delete all such messages and to not proceed to a website from a message link or from search engine results. The takeaway is simply: JUST DON'T CLICK!!!
-- Eric Rasmussen

November, 22, 2010: The U.S. Government has charged a Malaysian native living in New York with various illegal cybercrime activities including breaking into the computer network of the Federal Reserve of Cleveland and also sensitive systems at a Department of Defense contractor. When the individual was arrested, he also had a laptop computer containing over 400.000 credit card, debit card and bank account numbers. According to the article by a NBC News investigative reporter, one former senior U.S. intelligence official stated, "If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do". Ok, well, so we're in real trouble.

-- Eric Rasmussen

November, 21, 2010: Google announced last week that the new Chrome operating system netbooks will not be available by Christmas. Google is not saying why there is a delay and neither are its manufacturing partners. It may have to do with tweaking the product to fit into a netbook market competing against the new tablet products, first introduced by Apple with the iPad. The Samsung Galaxy Tab tablet is based on the Google's Android operating system for smartphones and is expected to be a major player in the tablet market in 2011. So Google may have to rethink how it's Android and Chrome systems and related products are all going to fit together and be a serious competitor to Apple.
Adobe has released the Adobe Reader X for viewing PDF files and it hopefully addresses security vulnerabilities present in earlier releases of Adobe Reader. The new version uses so-called sandbox technology which essentially keeps the file to be read in a secure zone in case it has malware attachments. We recommend that all customers update to this version as soon as possible.
-- Eric Rasmussen

November, 17, 2010: There is a new article in eWeek.com today titled "Inside the Botnet Business: Getting Rich Quick off Security Threats" that provides some insights into the shadow world of criminal botnet activity. A botnet is a collection of infected computers controlled from a central source without the knowledge of the computer owners. The botnet can be used for various purposes including distributing malware, distributing spam, and denial of service attacks. The "bot herder" can use his botnet directly for these activities or rent it out to other criminal organizations. Most botnets are controlled from Eastern Europe. According to the aforementioned article, some bot herders prefer to just sell identity information acquired off of the infected computers as opposed to higher profile fake anti-virus security attacks or financial fraud with a program such as the Zeus trojan horse. This would be in addition to the value gained by adding an infected computer to the botnet. By just selling identity information the bot herder keeps a lower profile and seeks to escape detection and notice of law enforcement and security companies. There is apparently an established market for identity data though the article provided no insight into who these buyers might be. The importance of this for computer users is to understand the risk of maintaining personal information on a computer including health care and legal correspondence, resumes, and college financial correspondence to name just a few that come to mind. Obviously, the risk if the computer in question is a business computer is much greater. This only highlights what we have been telling customers repeatedly: do not surf the internet, open personal email or use Facebook or Twitter on a business computer.
-- Eric Rasmussen

November, 15, 2010: In a much anticipated news conference n San Francisco today, Facebook announced that it will be introducing a product that essentially aims to bring together instant messaging, SMS texting, Facebook messaging and email into one messaging system. This new system is called Facebook Messages. It is not fully an email replacement because certain traditional email functionality such as subject lines, carbon copies, and blind carbon copies will not be available. In order for all this to work, a Facebook user will need to obtain a new @FB.com or @Facebook.com username (which one is unclear at this time). This new system will obviously integrate right into your smartphone. This concept may take some time to catch on but it has a revolutionary flare to it. When you couple Facebook Messages with the soon to be released Chrome operating system netbooks, the death knell of the Microsoft Windows and email era may finally be at hand.
-- Eric Rasmussen

November, 14, 2010: According to the researchers at Websense, the year 2010 has seen an increase of 111% in malicious websites over the year 2009. Interestingly, 80% of the websites that have been compromised by malcious software are legitimate websites. Another problem becoming more prevalent is search engines producing high ranking results for infected websites. This is experienced especially when searching on current events such as the Haiti earthquake, World Cup soccer, election news and celebrity news. These elevated search engine results are apparently manipulated by using botnets to wildly inflate the number of hits to an infected website. One clear take away from this report is the need for users to have a reputable set of news sites they access to stay up on current events as opposed to searching on an event. Infecting your computer because you are desperate to get the most current information on a celebrity drug bust just doesn't seem like a good idea to me.

-- Eric Rasmussen

November, 09, 2010: The first copyright infringement lawsuit brought against an individual by the RIAA (Recording Industry Assoication of America) has now resulted in a third verdict. The defendant, Jammie Thomas-Rasset, Native American and other of four from Minnesota, was accused of downloading and sharing 24 recordings through a Kazaa (P2P file sharing) account. The first verdict in 2007 awarded the RIAA $222,000 in statutory damages. A retrial in 2009 awarded the RIAA $1,920,000 in statutory damages which was later reduced to $54,000. The RIAA would not accept that and a third jury this month awarded the RIAA $1,500,000 or $62,500 per recording. I guess faced with aggressive lawyers that will get a huge percentage of awarded damages, it would be better to stay out of the sharing music activities on the internet. Of course, if you are sharing it with malicious software from Eastern Europe backed-up with brutal enforcers, then well thats ok.
-- Eric Rasmussen

November, 07, 2010: In the world of malicious software you usually hear about "honeypots" as criminal websites featuring free music and videos to ensnare the unwary internet surfer. But according to an article in eWeek, the criminals also create sophisticated honeypots to ensnare researchers of security firms attempting to learn more about some particular malicious program. The criminals, based predominately in Eastern Europe, go to considerable lengths to protect themselves against these intrusions by security firms. Their defensive software will capture the security firm intrusion and then send back false information to the researcher. The criminals also have to protect themselves against the piracy of their own software by other criminals. In some cases they use regular anti-piracy techniques such as requiring the use of a USB security stick to run the software. In other cases, the criminals will allow their software to be copied but then sell upgrades and support to other criminals. If researchers are not careful when exploring a "botnet", they find themselves at the receiving end of a "denial of service" attack where tens of thousands of controlled computers bombard the internet connection of the researcher forcing them offline.
In our continuing coverage of the Zeus trojan horse program, which steals banking or investment account usernames and passwords allowing the criminals to transfer money out of the internet user's account, I wanted provide information about another "exploit kit" that is used to trick the user. The exploit is aimed at individuals using the Electronic Federal Tax Payment System (EFTPS) and involves a malicious email that is supposedly from the Federal Government saying the electronic tax payment was not received and asking the recipient to click on a link to sign on to their bank account to verify transfer instructions. Once again this proves that if you believe you have a problem like this, use the telephone first; don't click on links!!
-- Eric Rasmussen

November, 05, 2010: Last month the United Nations reported that by the end of 2010 the number of internet users will surpass 2 billion for the first time. By the end of the year 71% of the population of developed countries will be online compared to 21% for developing countries. The number of internet users has doubled in the past five years. Mobile phone users are far greater with an estimated 5.3 billion users or about 90% of the global population. Of these it is estimated that 3.8 billion users are in developing countries. These numbers make it clear that we are in a historic technology global revolution.
A report out this week suggests that Netflix, the streaming video service, accounts for 20% of internet traffic in the United States during the peak time of 8:00pm to 10:00pm. This number is increasing and there are some concerns about the effect it will have on internet capacity in the country, particularly at the peak time period. A spokesman for the company that provides the Netflix content delivery, Akamai, says not to worry because there is a lot of capacity to absorb increased usage. At this point Netflix has approximately 15,000 online members.

-- Eric Rasmussen

November, 04, 2010: The internet is organized into a hierarchy of domain name and numerical addresses that is managed by the Internet Corporation for Assigned Names and Numbers (ICANN). The domain name structure currently has 20 generic top-level domains and around 248 country code top-level domains. You are familiar with the most common generic top-level domains such as .com, .net, .org and .edu which you see when you do any amount of internet surfing. If you surf foreign sites you may have noticed country code domain names such as .uk (United Kingdom), .ca (Canada), and .ie (Ireland) to name just a few. Since earlier this year, there are some country codes in non-Latin scripts and instead are in Arabic, Chinese, Russian, and Thai. With that as a bit of background, you should be aware that there is another development soon to occur in the top-level domain space name structure. This month ICANN will publish application guidelines for creating new top-level domains. This process will be open to everyone. For example, Canon has announced that they will be applying to create the .canon top-level domain name. ICANN plans to limit the number of new top-level domains to 1,000 per year. But before you rush off to fill out the application for the .coolguy or .cutegirl domain name be aware that the application fee is $185,000.

-- Eric Rasmussen

November, 02, 2010: The first netbooks with the Chrome OS (operating system) developed by Google will start shipping in December. Hewlett Packard and Acer will be the first manufacturers to launch these netbooks, also called smartbooks. The Chrome OS, based on Linux, will not be able to be purchased separately and will only be available with the hardware purchase. The Chrome OS uses a minimalist approach and will provide a browser plus media player as its only application. The targeted users for the Chrome OS to begin with will be essentially internet (web and email) users. If you need spreadsheets and a word processor, then you will need to use Google Apps (which work fine). There will be a Chrome OS Web Store which will offer additional apps though this may take time to develop. It is also possible that Google may sell their own smartbook brand, but this is not clear yet. This is an important development and should be watched closely because a new competitor to Microsoft and Apple operating systems is about to emerge. Of course, these three (and others) are already battling in the smartphone market but now the stakes are higher.

The Firesheep add-on for Firefox that I blogged about a couple of days ago remains in the news. Firesheep allows a user in an unencrypted wi-fi (wireless) environment access to a nearby user's account/profile in Facebook, Twitter and other unsecured applications. It is essentially "hacking for dummies". Through yesterday, the add-on has been downloaded 650,000 times, which is huge. In the interim, some amount of debate is occurring as to the legality of using Firesheep for its intended purpose. I have read views from both sides and it has the potential to end up in the courts. We will have to wait and see.
-- Eric Rasmussen

October, 31, 2010: The anonymous Russian programmer responsible for creating the Zeus trojan horse program that has been used to steal over $100 million from U.S. companies, individuals and government entities, says he is going to retire. This Russian hacker doesn't actually steal the money himself, but rather sells the software to criminal organizations. Nevertheless, security experts believe he has still made millions of dollars. It could be good news for computer users everywhere if this hacker, let's call him "Ivan", takes his hard earned bank account and heads for the beach or wherever Russians go to get away from it all. The more probable bad news is that this "retirement" is a ruse and Ivan just needs to drop out of sight for awhile due to all of the international law enforcement attention his Zeus program has recently received. Apparently, Ivan has "retired" previously only to go "underground" and reappear with more powerful software. Ivan says he has turned the Zeus programs over to a competitor, the author of Spy Eye, another malicious trojan horse program. Well, we can only hope that Ivan finds a pretty girl on the Copacabana beach who persuades him to hang up his hacker keyboard for good. But I would not bet money on it.
-- Eric Rasmussen

October, 28, 2010: There was an interesting article today on the Deutsche Welle news website about cyber crime groups in Russia. Deutsche Welle is equivalent to the BBC but in Germany. Being closer to Eastern Europe than we are here in the United States, European news organizations can provide you a lot of insight into cyber crime. To quote the article, "Russia is considered a haven for cyber crime. The country's hackers are among the most professional in the world. Their tools are computers and the internet, which they skillfully use to spy, manipulate and rob bank accounts, attack websites or spam e-mails". It is estimated that there are about 20,000 of these hackers, mostly between 20 and 30 years of age and well educated in technical universities. They work in groups and an average hacker according to the article can make over $1 million a year (before bribes, protection payments and personal security costs). Within Russia they are mostly centered in Moscow and St. Petersburg where the necessary internet infrastructure is located. It is estimated that the annual revenue from cyber crime in Russia is over a billion dollars. So how hard do these hackers work? The article provides some insights. "The hackers spend at least 10 hours a day at the computer. They rarely take a weekend off. Should an attack require it, they will stay awake for days at a time. And even if they're not working on a deal, they still have to be online and check the latest anti-virus programs to see how they can be outsmarted." Well, at least they have to work hard for the big bucks.
-- Eric Rasmussen

October, 26, 2010: The Federal judge for the Southern District of New York today issued an injunction against Lime Group, the parent of the company which developed the file-sharing software LimeWire. This injunction has brought LimeWire effecttively to the end of its life. The plaintiff in the case is the Recording Industry Association of America. While there is nothing anyone can do with regards to all of the LimeWire software "in the wild", the Lime Group cannot distribute any new software or make changes or patches to existing software. The plaintiff will now seek damages against the Lime Group and its founder, Mark Groton, that may exceed $1 billion. That is real money. Our view on this is "no big deal" because we have never seen a computer that uses LimeWire that is not infected with serious spyware. Why is that? Because at least fifty percent of all "free" music is infected. For years we have been preaching not to use LimeWire, FrostWire, Bearshare, AresLite etc... Buy your music; it's cheaper than paying to have your computer cleaned-up.

A twenty-seven old man was arrested today in Armenia and has been charged with running one of the world's largest botnets, named the Bredolab botnet. Leading the investigation was the Dutch National Crime Squad's High Tech Crime Team and other Dutch authorities. They seized control of 143 malicious servers tied to the botnet. The botnet typically used email trojan horse carrying attacks centered on fake notices of Western Union money transfers, fake UPS delivery notices and fake requests for Facebook password changes. The botnet may have been as large as 30 million infected computers and was rented out at times to other criminal organizations. Looks to me like this guy did not pay off the right people in Armenia or perhaps other cyber criminals wanted him out of the way. Either way, I'm sure glad not to be spending time in an Armenian jail.
-- Eric Rasmussen

October, 25, 2010: The Firefox browser has a new extension (also known as an add-on) available but everyone is not pleased. The new extension called Firesheep allows a user to capture data from other users on the same unencryted Wi-Fi network. Specifically, if the applications the other user is on do not require the Secure Sockets Layer (SSL) communication protocol, and Facebook and Twitter DO NOT, the Firesheep user can infiltrate the legitimate user account and essentially have access to all personal information and impersonate the user even without the password. This is all done with a couple of mouse clicks. While packet sniffing type tools have long been available to the determined hacker, this Firefox extension makes hacking into Facebook, Twitter and other unsecured applications child's play. Now to state again, you and the hacker both must be using the same unencrypted network, such as is available at coffee shops, college campuses and other public Wi-Fi locations. An SSL session can be verified if the web address starts with "https" as opposed to "http" for an unsecured session. Credit card transactions on the web use SSL exclusively along with other applications such as Google Gmail. Why don't Facebook and Twitter use SSL if it so much safer? The answer seems to be it slows response times and it is a bit more expensive to implement. The developer of the extension, Seattle-based software developer Eric Butler, has said publicaly that his intention in releasing the extension is to raise awareness of this huge security issue and put pressure on companies like Facebook and Twitter to change to a more secure communications process. Well, I am sure he made executives at those companies fairly unhappy today. The takeaway for our customers and friends is this; using public Wi-Fi is a dangerous business and, as we have stated earlier, do not put any information out into your Facebook, Twitter, MySpace etc... profiles that you are not prepared to share with the entire world. Also, if you want to feel like a real hacker in the movies, then download Firesheep and head off to Starbucks. Good hunting!!
-- Eric Rasmussen

October, 23, 2010: Here is a bit of a shocker. A Panda Security executive said, "We would even say that today, the Windows operating system is more secure than Mac, simply because Microsoft has been working proactively on security for years". According to Panda, Mac operating system vulnerabilities have increased by over five times in less than a year. There are apparently around 175 vulnerabilites in the operating system and Macs can also be affected by 170,000 macro viruses for Windows as well as 5,000 specifically targeting Macs. Obviously, this is a trend that will continue as the criminals turn their attention to the Mac world. Macs have historically not been seriously targeted by malware because of their small market share (10% more or less) compared to Windows but times are changing.

Well it was just a matter of time until the world had to face the "Son of Zeus", the latest variant in the Zeus trojan horse. The problem is this varient is virtually undetectable by conventional antivirus programs according to Trend Micro. It all has to do with the way the malicious payload is compressed in its carrier such as an email attachment. Since conventional "forces" cannot deal with this threat, maybe it's time for the nuclear option.
-- Eric Rasmussen

October, 22, 2010: All of my customers hear about the Web of Trust when I return their computer but I thought I would take some blog time and provide some additional information about the application. The Web of Trust, which is an application and a service, is provided by WOT Services, Ltd., based in Helsinki, Finland. For some reason I thought that the company was a not-for-profit but after reading up on its recent news releases I understand now that it is a for profit commercial company. The WOT is a "reputation rating service" for internet sites that collects its information from "trusted" sources that are based on a network of individual users around the world and other commerical sources. WOT is also referred to as a "community-based safe surfing tool". It uses a five step rating of a website, with a color coding of (highest to lowest) dark green, light green, yellow, orange and red (and yes, there is a version with shading for those color blind individuals). Within the overall rating, there are categories for trustworthiness, vendor reliability, privacy and child safety. The WOT works with Windows, Linux and Mac operating systems and with a variety of browsers. We install it as an add-on in Firefox as our preferred solution. The colored "O" rating appears at the end of the search results when using Google, Yahoo or Bing search engines and also in the address line. Almost 30 million websites are now rated. In addition, online/e-commerce businesses can purchase a WOT Trusted Seal that can be displayed on their website if they have one of the two highest overall ratings. This is similar to belonging to the Better Business Bureau (which Blackhawk Computer does). This is the "commercial" side of the WOT business as opposed to the community service side. In any case, the WOT is an essential tool today that everyone needs to use when surfing the internet. There is no better way to know about a website BEFORE you go there and potentially expose yourself to a "drive by" malicious attack.
-- Eric Rasmussen

October, 20, 2010: We are a big user of AVG Anti Virus and have been for years. I thought I would provide a bit of background on the company since I am frequently asked about AVG by customers. These comments are based on an interview with the CEO of AVG Technologies by Lance Whitney of CNET. You can read the full interview at their website. AVG Technologies, formerly named Grisoft, is privately owned and headquartered in the Czech Republic. Formed in 1991, the current CEO, J.R. Smith, is an American and has been running the company since 2007. They have 110 million customers, the majority of which are using the free version of the software. AVG has paid versions of both the consumer product as well as commercial security products. Although not mentioned in the interview, the company is considering a public stock offering on the Warsaw Stock Exchange before the end of the year. AVG takes in 1.5 billion pieces of information daily from their customers and other sources for threat analysis. Smith commented on the recent arrests related to the Zeus trojan horse attacks, "I think it helps. But there is so much out there. It's complete lawlessness. It's pretty hard to control. It's just a drop in the bucket. I think a lot more needs to be done". Also, he stated that the detection rates for the free and paid versions were exactly the same, the real difference in the versions relates to other functionality such as the built-in firewall. Check out the entire interview but my takeaway is that "It's complete lawlessness" on the internet.
A quick reminder to look at our Web of Lake County page and all of its links. We are working on it as much as time permits. We only list a website if the organization has offices in Lake County. This is meant to address common concerns of people who are interested in keeping business in the local community. Please email us with any questions or comments.
-- Eric Rasmussen

October, 19, 2010: It seems that even the computer security companies are not safe these days. Last Sunday, Kaspersky's Kasperskyusa.com website was attacked and for several hours users attempting to download consumer software were directed to a fake and malicious website. That website produced a pop-up window with the typical fake virus/spyware scan and an offer to install an antivirus program to clean it up. The bad guys certainly have a sense of humor.
Facebook is in trouble with Congress over the recent security breaches that allowed widespread access to users profile and personal information.US Representatives Edward Markey (D-MA) and Joe Barton (R-TX) have written a letter to the company asking for further information. I wonder if we are going to see Congressional hearings on this?
-- Eric Rasmussen

October, 18, 2010: Well, the bad news on the computer security front continues unabated. In news most concerning our customer base, the Wall Street Journal reported today in front page news that some of the most popular apps on Facebook have been transmitting identifying information of users to dozens of advertising and Internet tracking companies. The information included personal names, friends names and other personal information such as age, occupation, residence and photos. What is very disturbing is that this occurred even if a user had their profile set to the strictest Facebook security settings. Some of the apps involved include, (hang onto your seat), Farmville, and also Texas HoldEm Poker, FrontierVille, Gift Creator, Quiz Creator, Colorful Butterflies and Best Friends Gifts. I will leave it up to the reader who may be a Facebook user to research this report more fully, but our advice is and has been that you should be prepared to share any personal information you put out on Facebook, including names of friends, with the entire world regardless of your security settings. My son Alex has been making this point clearly with customers and interested people for several years.
As a follow-up to our note about the Zeus trojan horse attacks on the LinkedIn social and business network, it seems that the criminals are not just going after bank account information but also investment accounts. Recent targets have been investment accounts with Charles Schwab. To quote the ComputerWorld article, "After sneaking onto a PC via an exploit, the Zeus bot watches for, then silently captures log-in credentials for a large number of online banks, as well as usernames and passwords for Schwab accounts. The attack code also injects a bogus form that asks victms to provide additional information the thieves can later use to confirm that they are the legitimate owners of the Schwab investment account. On that form are fields asking for the user's mother's maiden name, driver license number and employer." It seems that the criminals will go into an investment account and sell securities to raise cash that then can be transferred out. Now the good news is that maybe their market timing strategies will be superior to those used by the monkey managing your money.
If you are not depressed enough by the foregoing, Reuters reported today that "All network security equipment, the strongest of which is used by the financial industry, is exposed to a new kind of online attack" according to the Finnish data security vendor Stonesoft. The attack method is called advanced evasion techniques (AET's) which attack a network in several layers becoming invisible in the process. These security firms sure have cool names for this stuff. There is nothing our customers can do about this other than to be aware and closely review all transactions in their monthly bank and investment statements for propriety. Alternatively, you can put all of your money under the mattress and throw your computer away which may not be a bad idea.
-- Eric Rasmussen

October, 16, 2010: The Obama Administration is examining components of new internet regulations coming into effect in Australia at the end of the year dealing with online safety and the role of internet service providers. The Australian plan is to require the internet service providers to restrict or block internet access to customers where there is some type of predefined internet activity with a malicious signature or other characteristics. While this approach is considered too radical the United States, the idea of some expanded role for the domestic internet providers has supporters in government and industry. This role could include notification to customers, free software and/or expanded support for cleaning up computers.
I think that the real focus here is on reducing the number of home, small business and even government computers that belong to botnets. A botnet is a collection or network of computers that are secretly controlled by criminals or hackers that are used for distributing spam email, distributing malicious software and for denial of service attacks on web sites and internet infrastructure. A botnet can consist of thousands to millions of computers controlled by a "bot herder" and running software that was installed via infected email attachments, infected web links or infected web pages to name the most common. The bot herder may be part of a criminal organization or may be "independent" and rent the botnet out to the criminals for certain purposes or time frames. The crime organizations are invariably of eastern European origin but the bot herders may be geographically more dispersed. We see some amount of computers infected with botnet software which is generally difficult to cleanly remove and is best addressed by reinstalling the operating system. This step requires us to backup a computer first, so that photos, documents and music are not lost. How an internet service provider help desk in India is going to help a home computer user remove this type of malicious software without losing files baffles me.
-- Alex Rasmussen

October, 15, 2010: LinkedIn, the professional/business oriented socal networking site, was recently the target of a determined malicious email assault that was attempting to get the Zeus trojan horse program installed on business computers. The aim of the email was to trick the user into clicking on a link with a fictitious social contact request. Once installed, the Zeus program attempts to steal online banking username and password information. This is the same activity that the FBI and UK police were trying to shutdown with arrests earlier in the month (see my prior post). I am sure we will continue to see the Zeus program in the news.
-- Alex Rasmussen

October, 13, 2010: The autoblogger is finished! The HTML for this file is now being automatically generated from a Python script that holds all of the blog info. The script will automatically archive the blogs, too, and those will go to this page.
If you are interested in this software, please check out the cluster webpage soon and look in the software section!
-- Alex Rasmussen

October, 12, 2010: It was "patch" Tuesday for Microsoft today. They released patches for 49 vulnerabilities in Windows, Internet Explorer and other software. This was the largest number of patches issued on one day by Microsoft. In addition, 23 of the patches were for vulnerabilities rated at the most severe level. All users should insure that they have installed all of the applicable patches. Facebook is rolling out the ability to request a one-time password that would be used to sign-on from a public computer (such as in a library) or any other computer that may be considered high-risk. It works by sending a mobile phone text to a specified address and then receiving back a one-time password that expires in 20 minutes. This is meant to address the high vulnerability of public computers that may be infected with keylogging programs or other password/data stealing programs. This capability is going to rolled out gradually and will be available to all users in the coming weeks.
-- Eric Rasmussen

October, 07, 2010: Continuing the discussion of Microsoft from the day before, in mid-September Microsoft announced that Windows XP will not support the forthcoming Internet Explorer 9 (IE9) browser. Specifically, XP does not support the Direct2D API (application programming interface) that is required for IE 9 to work. Frankly, despite how upset people are over this, (and they are still upset about XP support coming to an end), I do not look on this as a big deal because everyone should be using Mozilla's Firefox as their default browser to begin with.
There is the mother of all browser battles about to occur, as IE9 will be challenged by Firefox 4 and Google's Chrome 7. These new browsers will all use hardware acceleration to speed up response time/frame refresh rates. Basically, that means that some of the browser processing will be off-loaded onto the computer's graphic processing unit (GPU). All of these browsers are currently in "beta" testing. Certainly the look and feel of the internet is going to take a step forward once these browsers are released. Firefox 4 and Chrome 7 will both support Windows XP. While we are predisposed to go with Firefox because of its custom configuration ability through a vast number of extensions, we will keep an open mind on Chrome 7 and will discuss browser comparison more in future blogs.
-- Eric Rasmussen

October, 06, 2010: Back in July, Microsoft announced they were ending update/patch support for Windows XP with Service Pack 2. In other words, in order to receive ongoing critical security updates and patches to your XP operating system you need to have Service Pack 3 installed. This is an important matter because security vulnerabilities discovered in XP with only Service Pack 2 at the end of the update service will be an inviting target for distributors of malware and spyware. As a matter of course, we always insure that any XP operating system computer we work on has been updated to Service Pack 3. If you are unsure of which Service Pack you have installed, go to Start/Control Panel/System and the Service Pack information will be displayed on the "General" tab. Microsoft also announced at the same time that support for Windows XP will end entirely in April, 2014. While this may upset people, I think it is far enough in the future that when the day arrives only a fraction of the current XP computers will be still be operating. It is interesting to note that on a global basis still around 60% of personal computers are currently using Windows XP, with Windows 7 around 17% and Windows Vista at 13%.
-- Eric Rasmussen

October, 05, 2010: On September 30, the FBI and the U.S. Attorney's office in southern New York charged 37 people with being part of an international crime ring that was stealing funds from bank accounts of users infiltrated with the Zeus trojan horse program. Apparently, the criminals had stole millions of dollars. Arrests were also made the same day in the United Kingdom related to the same investigation. Not surprisingly, the people charged were of eastern European origin. It was also reported that several arrests were made in the Ukraine (these guys must have forgot to pay their monthly protection payments). Most of those operating in the U.S. were so-called "mules"; individuals who setup bank accounts into which they transferred funds out of the compromised user accounts and then withdrew the funds for transfer back to the crime organization. Infected email attachments are one of the preferred attack methods for this software. Just don't open them!
-- Eric Rasmussen

October, 04, 2010: The Stuxnet worm attack on Iran is a really cool story. Apparently, this program is aimed at Siemens industrial automation software used by Iran in its nuclear facilities. It is totally unclear who is behind the attacks. Certain biblical references in the computer code seem to implicate Israel but that could be a red herring. Obviously, the U.S. government is another likely suspect. According to some conspiracy theorists, (you need a graduate degree to be one of these guys), it could be extraterrestrial aliens who are to blame. I'm not sure what to believe but my vote is for the aliens. Stay tuned for more news on this story.
-- Eric Rasmussen