. .

security

The TSA Finds a Nut

August 10, 2011 11:35:08.000

Is a smidgen of common sense finally arriving at the TSA? One can only hope:

The changes won’t come quickly, as I note in my op-ed in today’s Wall Street Journal. At four select airports beginning this fall, “trusted travelers” — elite-level members of American and Delta Airlines’ frequent flier programs — will be able this fall to skip some of the sillier security protocols. The airlines know who they are, the thinking goes, and they travel constantly. So the chances that one of them is carrying a bomb are vanishingly small. Some travelers may keep their shoes on; others may not have to remove their laptops from their cases. If it goes well, the pilot project will expand beyond Atlanta, Detroit, Miami and Dallas-Fort Worth, and include more airlines.

The thing to watch here is whether some well meaning fools derail this nascent common sense move by calling it "unfair".

Technorati Tags:

posted by James Robertson

 Share Tweet This

security

Twitter Whoops

September 21, 2010 10:06:40.276

Oops:

The hack, which affects only Twitter.com and not third-party clients, works by putting a piece of JavaScript code ('onmouseover') into a URL in a tweet. This causes a pop-up message to emerge when someone hovers a cursor over that link. The loophole appears to work in both the redesigned Twitter web interface that was launched on Wednesday and the previous version

The problem has been dealt with, according to Twitter - but boy, that's an embarrassing launch "oops" for them.

Technorati Tags: ,

posted by James Robertson

 Share Tweet This

security

Malware: More Than an Annoyance

August 21, 2010 15:37:22.628

Usually, we just think of malware being an annoyance - costing us time, or perhaps money. Seems it can be much, much worse:

Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware. An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais. Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.

That's a whole lot more serious than a spam spewing PC bot. Wow. Just... wow.

Technorati Tags:

posted by James Robertson

 Share Tweet This

security

Nasty Security Bug in Windows

August 1, 2010 14:19:41.871

Microsoft is rushing out a patch for a really nasty bug - one that targets link files and desktop shortcuts. It can be triggered via documents, file browsing, and apparently, web browsing. So: Microsoft is rushing out a patch:

The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks.

I could feel smug on my mac, but I think I'm with Steve Gibson on this one - he said on the last "Security Now" podcast that Mac OS and Linux likely have equally bad flaws lying around, it's just that the installed base isn't big enough to warrant a search by the bad actors. Security by obscurity, I guess :)

posted by James Robertson

 Share Tweet This

security

Cory Doctorow Gets Phished

June 19, 2010 13:54:02.187

This is useful advice about security:

Phishing isn’t (just) about finding a person who is technically naive. It’s about attacking the seemingly impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived crack in the wall.

To be honest, I'm surprised that Doctorow got tripped up by the "Is this you" Twitter/Facebook thing though - that's a pretty well known attack. On the other hand, we all click on stuff without thinking too deeply about it, and url shorteners are a very useful attack vector.

posted by James Robertson

 Share Tweet This

security

Virus Protection that Works

April 21, 2010 16:24:15.396

I'm guessing that McAfee needed to do a bit more testing on their latest virus scan update:

McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access.

Apparently, it thinks svchost.exe is bad, and blows it away. Oops. On a positive note, a machine that endlessly reboots is pretty safe from viruses :)

Update: This is about as bad as it could get - since affected machines won't boot up with network support, they have to be fixed by hand (i.e., no automated fix from McAfee is possible):

Amrit Williams, CTO of security management system company Big Fix, told USA Today that there's no way to automate the process of fixing affected computers. Every machine will need to be repaired individually, he said, noting the process could take days or weeks.

Technorati Tags: ,

posted by James Robertson

 Share Tweet This

security

Oh, the Irony

March 13, 2010 11:01:14.441

I'm not even sure I know what to say about malware that comes with copyright protection:

The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what's found in Microsoft Windows. The newest version with bare-bones capabilities starts at $4,000 and additional features can fetch as much as $10,000. The new feature is designed to prevent what Microsoft refers to as "casual copying" by ensuring that only one computer can run a licensed version of the program. After it is installed, users must obtain a key that's good for just that one machine.

Just when I think things can't get weirder, I run across stuff like this.

Technorati Tags:

posted by James Robertson

 Share Tweet This

security

The Rootkit that keeps going, and going...

March 10, 2010 6:32:45.903

Looks like Energizer needs to spiff up their internal procedures:

If you've bought the Energizer DUO USB battery charger, you might want to uninstall the software immediately. Why? Because it comes pre-loaded with a backdoor that can let someone remotely access your computer.

This is the scariest kind of security problem, because you tend to default to trusting software that comes from a reputable vendor.

posted by James Robertson

 Share Tweet This

security

What Privacy?

February 23, 2010 20:20:58.733

Before I read the book Daemon, I really didn't think about my phone and privacy all that much:

At any given moment, it - and therefore your carrier - knows within a few feet exactly where you're standing. It knows when you're stationary or walking - and the direction you're heading. It knows who you stood next to on the transit bus, that you walked through Washington Square today when a political rally took place.

Mind you, Daemon is fiction - but many things could be done with the reams of location/activity data the typical smartphone has access to, and not all of them are good...

Technorati Tags: ,

posted by James Robertson

 Share Tweet This

security

Chuck Norris is in your Router

February 22, 2010 8:45:06.333

When I first saw the slashdot posting, I expected to find some ill informed political argument about Linux - but no, it's actually a botnet plague using Chuck Norris' name. Just when I think computer security stories can't get stranger...

Technorati Tags: ,

posted by James Robertson

 Share Tweet This

(11 total)