security

Critical Security Update for Internet Explorer

I grateful for the Firefox browser. And I’m thankful not to have to use Internet Explorer (except for Web page testing).

But I know the majority of the world still uses IE. So here’s my PSA for you folks:

This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6 Service Pack 1, Internet Explorer 6 on Windows clients, Internet Explorer 7, and Internet Explorer 8 on Windows clients. For Internet Explorer 6 on Windows servers, this update is rated Important. And for Internet Explorer 8 on Windows servers, this update is rated Moderate.

Source: Microsoft Security Bulletin MS10-018

HT: Small Business Computing

Smart Meter: A New Spy?

PGE Smart Meter

Portland General Electric let us know we’ll be getting one of these before too long.

I was looking forward to it. I think I still am (because it sure seems like our monthly electric bills are high). But this article greatly dampens my forward look, so to speak:

Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off.

The attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them. Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc. The firm was hired by three utilities to study their smart meters’ resistance to attack.

[…]

Unlike traditional electric meters that merely record power use — and then must be read in person once a month by a meter reader — smart meters measure consumption in real time. By being networked to computers in electric utilities, the new meters can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.

But the very interactivity that makes smart meters so attractive also makes them vulnerable to hackers, because each meter essentially is a computer connected to a vast network.

[…]

But many security researchers say the technology is being deployed without enough security probing.

If hackers can get that far, what’s to keep them from hacking into my computers even when they’re off-line? (You know, entering my machines through the power plug instead of the phone jack.)

And what’s to keep governments from conspiring with manufacturers (or secret agents at manufacturing plants) to put “bugs” in electrical devices? The idea of my toaster or my bedside clock or my phone answering machine eavesdropping and tattling on me is not a pleasant thought. Maybe it’s time to come up with a not-so-new lifestyle mantra: Go Amish!

OK, so now I’ve given the kooks more material. Sorry. 🙄

Well, you can read the full article here: New ‘smart’ meters for electrical utilities have security holes

Three Facebook Settings

Got Facebook? Have you adjusted your user privacy settings since December?

Whether you have or not, this may be a good article for you to read.

In December, Facebook made a series of bold and controversial changes regarding the nature of its users’ privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only – no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

[…]

Considering that Facebook itself is no longer looking out for you, it’s time to be proactive about things and look out for yourself instead. Taking a few minutes to run through all the available privacy settings and educating yourself on what they mean could mean the world of difference to you at some later point…That is, unless you agree with Facebook in thinking that the world is becoming more open and therefore you should too.

Source: The 3 Facebook Settings Every User Should Check Now

How Privacy Vanishes Online

Balance Them!

Privacy
Social Media

OK, I know. I’m spitting in the cyber wind again.

But I refuse to accept the premise that privacy no longer matters.

Or even that privacy is more public than it used to be.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

[…]

In social networks, people can increase their defenses against identification by adopting tight privacy controls on information in personal profiles. Yet an individual’s actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet.

You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.

[…]

His advice: “When you’re doing stuff online, you should behave as if you’re doing it in public — because increasingly, it is.”

Source: New York Times

You really should read the parts I left out.

Don’t Use Your Debit Card There

unless you want fewer consumer protections -- #creditcards --

It’s too easy to use my debit card as I would my credit card, so this is a good reminder warning:

Sometimes reaching for your wallet is like a multiple choice test: How do you really want to pay?

While credit cards and debit cards may look almost identical, not all plastic is the same.

“It’s important that consumers understand the difference between a debit card and a credit card,” says John Breyault, director of the Fraud Center for the National Consumers League, a Washington, D.C.-based advocacy group. “There’s a difference in how the transactions are processed and the protections offered to consumers when they use them.”

While debit cards and credit cards each have advantages, each is also better suited to certain situations. And since a debit card is a direct line to your bank account, there are places where it can be wise to avoid handing it over — if for no other reason than complete peace of mind.

Here are the “ten” places the article goes on to expand on:

  1. Online
  2. Big-Ticket Items
  3. Deposit Required
  4. Restaurants
  5. You’re a New Customer
  6. Buy Now, Take Delivery Later
  7. Recurring Payments
  8. Future Travel
  9. Gas Stations and Hotels
  10. Checkouts or ATMs That Look “Off”

Source: Personal Finance News from Yahoo! Finance

Blog Attack

Somebody (from Saudi Arabia, apparently) attacked this blog this morning.

First, someone succeeded in breaching my login. Once in there, he changed my login password as well as the email associated with my account. That was at 11:29.

Then he launched four SQL Injection Attacks at 11:31, 11:33, 11:34, and 11:43. Thankfully, those were detected and blocked by my firewall, which also identified the attacker’s IP as 94.97.85.10.

Thankfully, I tried to log in shortly thereafter.

When I couldn’t do so because my password wasn’t valid, my cranial alarm bells went from dormant to frenzied in a NanoSomethingOrOther.

I went straight to my SQL database, changed the email address on my account back to what it should be, then changed the password. I was done with that by 11:53.

I’ve been unable to detect any other damage done to this blog. But this person could have changed posts, comments, and pictures. So I’m warning you: there may be bad content somewhere here.

If you come across evidence of such tampering, please let me know right away.

Thanks.

And may God bless the attacker. Amen.

Facebook, Google, Carbonite?

Do you store personal data there?

Well, I saw the link to this over at Drudge:

The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself.

“The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats,” Yoran said. “The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

Source: More than 75,000 computer systems hacked in one of largest cyber attacks, security firm says

This story reinforces my disinclination to trust online personal data storage. So I don’t use it. Not even the free gigs provided by my ISP. Not even the space on the two servers I use to run my various sites.

Call me paranoid. Call me safe(r). 😉

Above all, love God!