Category: Security

PCWorld has a decent transcript from an interview with Microsoft’s Ben Fathi at the RSA Conference on computer security this week in San Francisco. The topic? Windows Vista security and Microsoft’s aims to have half or less then half the number of bugs that XP had in its first year of release. Seemingly, they’re still on track for it, despite the recent flurry of patches and bug reports.

I had another go at Vista today, this time on a new AMD-based Dell Inspiron with a half gig of ram – if you’re thinking of a laptop solution, do yourself a favour and get AT LEAST a gig of ram if not more. If not, I reckon security issues aren’t going to be your only concern.

Forget your passport, forget your age card, forget your drivers license – finger-printing is going to be all the rage, or so it seems, in the UK in an attempt to “reduce drunken disorder by fingerprinting drinkers in the town centre.”

The one question I have to ask… are they for real??

Full story via TJ McIntyre

Today is the day the passport office start issuing the new ePassports, (electronic biometric passports) after successful testing independantly in the Netherlands (to meet EU standards) and Viriginia in the US (to meet US standards). The deadline was October 26th but looks like they’re set to start rolling out from today, October 16th. (See older Department of Foreign Affairs press release here)

While the new biometric passport will look much the same as its predecessor, it will have a microchip embedded in it which contains the digitised facial image and personal details of the passport holder as they appear on the data page. The microchip can be read electronically at border controls. The Government has no plans, at this stage, to include a citizen’s finger prints. Ireland is internationally recognised as having one of the most advanced passport documents in the world. The proposed legislation will further augment the trust that the international community places in our passports.

As biometric passport reading facilities are progressively introduced at overseas airports, the new technology will strengthen border security and streamline the movement of passengers through airports.

The biometric passport incorporates a number of important security features designed to protect the identity of the bearer. A special code is used to write data to the microchip, the chip is protected by a secure electronic “key”, and an additional access code guards against electronic eavesdropping or “skimming” of information on the microchip.

The project was estimated to have cost around €8.8m for 2006.

If you’re a WordPress user, you might be interested in this….

Digital Fingerprints is the launch of a new plugin for WordPress aimed at tracking blog content theft. It won’t prevent people from copying and pasting material directly from your blog, but it will surely annoy those who republish others RSS feeds into their own blog for the sake of content.

The plugin injects a “digital fingerprint” manually into your posts which is seen only in your feeds, not in the post itself.

Maxpower.ca has the full post and all the details.

Busy day today, or maybe I’m in a good blogging mood.

Thinking back to last year or maybe a bit earlier, when I got a letter in the mail telling me there was a chance that my personal information had possibly fallen into someone elses hands. This letter of course had arrived from Time Warner (AOL being my former employer at the time, having spent some of my college life working for them in Waterford), informing myself and over a half million other current and former employees of what we could do if our data was stolen – at least informing us that it might have been stolen, never mind the additional protection.

In working for the company, whose main global operation lies in the US, you have to sign a few papers allowing your data to travel outside of the EU, in order to have your employee records processed, passwords and security IDs issued and all that.

So when the news breaks in the US that the data storage company accidentally misplaces 40 backup tapes with records of 600,000 employees you think… ah sure that’ll have nothing to do with me – until the letter arrives that is. So we were offered protection and ways to monitor credit reports and accounts. But the fact is, we were kindly told about it, even though it wasn’t then judged to be a major risk, and were offered ways to work around it.

Which brings up this afternoon’s post on the DRI blog entitled “Support a right to be warned if your personal information is exposed“.

The EU Commission is now proposing something similar to the Californian law, though more limited. The proposal applies to “electronic communications services” (such as telephone or internet services) and would require providers to “notify their customers of any breach of security leading to the loss, modification or destruction of, or unauthorised access to, personal customer data.”

While the initial process sounds limited in its capacity, I for one would bloody well want to know if someone got a hold of any personal data on record and have sent my email to the EU Commission and the Department of Communications.

I keep a strong interest in what my former employers are up to, whether on the European front or the American front but this news over the weekend has hit me a little for six.

Why, why, why would you release data to the public domain about your customer’s search patterns? Why would you scramble their screennames with ID numbers and why would you then try to cover your ass by removing the incriminating data a few hours later?

Seen as they actually pulled down the information, you can now download it all here (just shy of the 450mb mark).

WordPress.com hosted blog, Plenty Of Fish, has some great details on this too including an explanation from AOL’s Andrew Weinstein on what actually happened. Staggering in fairness!

Second Tuesday of the month and seemingly today’s Microsoft security update for Windows is the biggest one for a long time…. So why are they only getting around to it now?

Not exactly my own person documents, but this woman had her ‘My Documents’ folder held to ransom in an attack quickly becoming known as ‘Ransomware’. Hackers raided her computer in the UK and encrypted her My Documents folder in Windows containing coursework, photographs, personal letters and more.

From the BBC…

A message had appeared on her computer screen telling her she had contracted an unnamed virus.

It is thought the message was part of the scam and she inadvertently downloaded it.

The virus is known as Archiveus and victims are told to buy pharmaceutical drugs from an internet chemist thought to be based in Russia.

Buying drugs from an online pharmacy was going to give her access to the 30 character password she needed to decrypt her files.

You have been warned! Read on at the beeb…

Following an earlier post on how secure ones password is, I came across this interesting article. Whatever about fingerprinting, or retina scanning for user-logins, there’s something just damn interesting about biometrics and its advances when it comes to ultimate security. But what if your thoughts could be your password? The concept is based on using brain-wave signatures as “pass-thoughts” to allow access to secure devices.

Possible? Certainly something to think about for the future….

Over recent years I’ve gone from 5 letter passwords, to 6 and 8 letters, to a combination of letters and numbers to my current 12 character hybrid of letters and numbers. Yet no matter how big or strong you think your password is, or how you feel nobody could possibly guess the date of birth of your late great grandmother, or the nickname your best friend’s sister had in primary school – its always good to see how fast that password can be broken.

Password recovery speeds looks at timing for Brute Force attempts on your password… definitely interesting reading! Having studied various security attacks and methods of password protection and encryption, if you find it interesting, you’d do well to give it a read.

Cyber security is critical to protecting our nation’s infrastructure, in 5,000 words or less. I can see it coming up on the leaving cert papers in the future, never mind the fact that it’s already being tackled in colleges and ITs across the country. The US government, however, belive it and set about proving it as the Department of Homeland Security in the US have just completed ‘Cyber Storm’, a week-long excercise carried out in the basement of the Secret Service in DC.

“Cyber Storm reportedly not only tested against attacks by hackers, but also by bloggers – who deliberately spread misinformation in the exercise.” Interesting note about the bloggers. The news comes via BBC, but you’d wonder if the Irish government would ever think along the same lines? Considering that I think the future of terrorism lies beyond bombs – you wipe out the Internet and we’re all done for!

…and hope you’ve not caught the Nyxem virus which is supposed to hit today, February 3rd. Via BBC… Computer security firms are bracing themselves as the moment approaches when the Nyxem virus will strike. On 3 February the bug will start erasing Word documents, spreadsheets and other common files on infected PCs. Compromised machines will also be used as launch platforms to help the virus seek out fresh victims. Because the virus is known to be lurking on more than 300,000 PCs, this scanning could generate large amounts of net traffic as it activates.

Good thing I wasn’t working three big spreadsheets yesterday which wouldn’t be served well if they were lost to a virus. Actually, been years since I lost anything to a virus, can only remember one occasion – losing Aces Of The Pacific and X-Wing on the PC to some virus I picked up off a PC magazine cover disk…. they laughed it off, damn them! Been a while too since I reported on a virus threat, used to do it on a weekly basis during my final year in college (we had to maintain a security site, so of course I ran a blog 😉 )

Anyway, the infected machine count stands at around 300K and they reckon its more likely to affect home users (since security tends to be a little better in the office). And how do you get duped into it? By opening attachments that claim to have pornographic pictures or videos included. So are we guessing that most computers will belong to males? (Don’t take offence to that, or to generalisation 😉 ).

Dor those of you concerned…. DMP – Oracle files, DOC – Word document, MDB – Microsoft Access, MDE – Microsoft Access/Office, PDF – Adobe Acrobat, PPS – PowerPoint slideshow, PPT – PowerPoint, PSD – Photoshop,RAR – Compressed archive, XLS – Excel spreadsheet, ZIP – Compressed file are the filetypes that are affected. I’m done for if I get it! As would the whole of Waterford IT’s multimedia students…. hope you’re paying attention.

An old article this, but nonetheless important to read especially for those not up on securing their computers. I look after my computer setup at home with great care, I look after my computer in work, I look after a computer network for another company and am usually the port of call for friends and family (someone in your family is usually the port of call!)

Anyway, here’s the 10 Commandments of PC Security. And it goes a little somethin’ like this…

1. Remember thy antivirus software and keep it updated
2. Thou shalt not covet thy neighbor’s attachments.
3. Avoideth bogus file download
4. Smite spyware and pop-ups
5. Thou shalt foil spammers
6. Keep thy operating system patched
7. Maketh a rescue disk and keep it handy
8. Be not taken in by false claims
9. Honour thy firewall
10. Maketh backups and keep them holy

While reading that, if you can imagine a seven foot tall bearded man with a hint of rage in his eyes and a very, very loud voice shouting them back to you it might help get the point across. I’ve seen more people lose vital information, files, photos, accounts – you name it – because they either ignore computer security or are simply unaware of what to do. Time to start learning folks!

Google has told the US Government effectively to take a long walk off a short pier when it comes to handing over details on their search results. In the past year or two, MSN, Yahoo and AOL have all complied – not Google.

The Bush Administration has asked a federal judge to order the world’s most popular internet search engine to hand over the records of all Google searches for any one-week period, as well as other closely guarded data. Google of course are going to fight the move, but I’m curious as to how far the government will go. Is it a large step in terms of privacy protection for Google, or is there another Microsoft-sytle lawsuit in the offing?

The department wants the data in relation to an online pornography law, but Google says the move threatens trade secrets. Privacy groups also fear a precedent at a time when the government wants to use internet data to fight crime and terrorism.