Malware Turns Twenty-Five
It’s been twenty-five years since the first computer virus (Brain A) hit the net, and what was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it. This is a great video on whats going on today with computer security.
Computer Viruses Evolve
New malware morphs into different shapes unattended by humans
Now this is quite a fascinating story, it seems the latest development is the accidental development of new super-malware strains created by viruses infecting executable files of worms. Worms are generally executable files and well, viruses infect executables – so you can imagine what happens.
Ten years ago, there was a clear-cut distinction between Trojans, viruses and worms. They all had their own features specific to one family of malware only. As more people connected to the internet, cyber-criminals started mixing ingredients to maximize impact. And here I’m thinking Trojans with worm capabilities or viruses with Trojan features, and so on. (more…)
No Recovery For You!
When consumers purchase personal computers, they should be given the means to restore/repair their operating system via an included LIVE CD/DVD, in NOT doing so by the OEM is just plain stupid. Bear in mind that as a Microsoft Windows licensee, meaning YOU, the thing with a Windows license is that you DO NOT OWN the software, you DO NOT OWN the product, that you are paying for and by receiving a license to use that software under the terms given, you must abide by them, whether you like it or not. That doesn’t sound to user friendly does it?
What you typically have included with you computer, is a recovery CD (best case), perhaps a recovery partition that just re-images your partition setting everything back to the way it was originally or nothing at all (worst case), none of these truly do fix anything. Normally the best way to accomplish this feat is to boot from a Linux LiveCD to recover your files. (more…)
Hollywood demands consumers
I just found this video from TED, presented by Clay Shirky and thought I would share it with you. Even though SOPA and PIPA has been shelved, the idea and motivation are not going away anytime soon. This video really lays out the war on sharing that underlies bills like SOPA (and its predecessors COICA, ACTA, and the DMCA). Some excerpts:
SOPA and PIPA…want to raise the cost of copyright compliance, to the point where people simply get out of the business of offering it as a capability to amateurs….
In order to fake the ability to sell uncopyable bits, the DMCA also made it legal to force you use systems that broke the copying function of your devices…they also made it illegal for you to try to re-set the copyability of that content. The DMCA marks the moment where the media industries gave up on distinguishing between legal and illegal copying, and simply tried to prevent copying through technical means….
PIPA and SOPA are round two. But where the DMCA was surgical – we want to go down into your computer, into your television set, your game machine, and prevent it from doing what they said it would do at the store – PIPA and SOPA are nuclear. They’re saying we want to go anywhere in the world and censor content. (more…)
SOPA’s True Purpose
Some prominent websites are offline today, because the US Senate is considering legislation that would certainly shut them down forever. The legislation is called the PROTECT IP Act (PIPA), and would place them in legal jeopardy if they linked to a site anywhere online that had any links to copyright infringement. This would unmake the Web, just as proposed in the Stop Online Piracy Act (SOPA). We don’t want that world. If you don’t want it either, visit AmericanCensorship.org for instructions on contacting your Senator. The Electronic Frontier Foundation has more information on this and other issues central to your freedom online.
If you have missed out on this evolving story, here is a link to get up to speed. (more…)
No Need for Nerds
Crafting legislation affecting the internet without consulting experts is like building a bridge without asking any engineers.
Remember fondly the days when we were all tickled pink by our elected officials’ struggle to understand how the internet works. Whether it was George W. Bush referring to “the internets” or Senator Ted Stevens describing said internets as “a series of tubes,” we would sit back and chortle at our well-meaning but horribly uninformed representatives, confident that the right people would eventually steer them back on course. Well I have news for members of Congress: Those days are over.
We get it. You think you can be cute and old-fashioned by openly admitting that you don’t know what a DNS server is. You relish the opportunity to put on a half-cocked smile and ask to skip over the techno-jargon, conveniently masking your ignorance by making yourselves seem better aligned with the average American joe or jane — the “non-nerds” among us. But to anyone of moderate intelligence that tuned in to the Congressional mark-up of SOPA, the legislation that seeks to fundamentally change how the internet works, you kind of just looked like a bunch of jack-asses. (more…)
Cybersecurity – Identity Ecosystem
Stop. Think. Connect. Cyber attacks permanetly damage your computer, and virtual predators can steal your personal information and use elements of your identity to commit fraud. The U.S. Department of Commerce will launch an office focused on promoting online trusted identity technologies, although much of the effort will be driven by private vendors, officials with President Barack Obama’s administration said.
Trusted ID technology is important because it can help improve consumer confidence in the Internet, said Gary Locke, secretary of the Commerce Department, during a speech at Stanford University in California. “The reality is that the Internet still faces something of a trust issue,” Locke said. “It will not reach its full potential until users and consumers feel more secure than they do today when they go online.” (more…)
Internet Censorship Ahoy!
You may have heard people talking/blogging/twittering about SOPA — the Stop Online Piracy Act. The recent SOPA-related boycott of GoDaddy was all over the news, with many people expressing their outrage over the possibilities of SOPA, but when I ask people about SOPA and its sister bill in the Senate, PIPA (Protect IP Act), many don’t really know what the bills propose, or what we stand to lose.
Obviously and it is no secret, that the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA) and other pro-copyright groups, lobby politicians and law enforcers for this and continue pushing very hard. It seems to me, that the industries distribution model is not working anymore, or perhaps the movies they are making are just crap? I have not been to the theater in six years, I find the cost to exorbitant in my opinion. (more…)
2012 Malware and Cybercrime Predictions
Now that 2012 is upon us, people always like to give predictions on what they think the year will turn out. I found this video recently and thought I would share it. Enjoy.
Windows Patch Tuesday – January 2012
For the swiss cheese of operating systems, Microsoft plans to start 2012 with a surprisingly large Patch Tuesday that covers seven security bulletins which collectively address eight separate vulnerabilities. Previous January releases have normally featured only one or two bulletins. The solitary critical bulletin in the batch fixes a remote code execution issue in Media Player. The remaining six “important” bulletins due next Tuesday handle the BEAST SSL issue, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.
In the patch are other various information disclosure bugs, escalation of privilege issues and an update to Microsoft’s SEHOP (Structured Exception Handler Overwrite Protection) technology to enhance the defence-in-depth capability that it can offers to legacy applications. The first six bulletins affect various versions of the Windows Operating System, from XP SP3 up to the newest versions Windows 7 and Windows 2008 R2. The seventh bulletin covers Microsoft Developer Tools.
The “important” rather than critical status for the Beast SSL issue is at least debatable. The BEAST attack affects web servers that support SSLv3/TLSv1 encryption. Microsoft has already published a workaround, which involves using the non-affected RC4 cipher in SSL installations. A patch was originally promised in December but delayed until this month due to problems uncovered during testing. “Despite all of the hype over ‘The Beast’, attacks have simply never materialised and the issue has retained its ‘important’ classification from Microsoft,” notes Paul Henry, a security and forensic analyst at Lumension. Adobe and Oracle have both timetabled quarterly updates, on 10 January and 17 January, respectively in what promises to be a busy month for patching
