malware

“Computer Maintenance Department” called me again from India

Dave Farquhar scams, security , , , , , , ,

So, “Peggy” from “Computer Maintenance Department” called me again last night. This time I decided to mess with him a bit more. This is the second time.

(No, “Peggy” wasn’t his real name, nor did he identify himself as “Peggy,” but that’s the name I’ll use, thanks to that old Discover commercial.)

Read more

Livingsocial got breached. Change your password, of course

Dave Farquhar security , , , ,

Livingsocial got breached. You need to change your password, if you have a Livingsocial account.

There are two questions worth asking: How do you protect yourself, and how does this happen?

Read more

“They were bored and wished they had a job.”

Dave Farquhar security , , , , , , ,

I was catching up on security podcasts this week, and a brief statement in one of them really grabbed me. The panel was talking about people who steal online gaming accounts, I think. The exact content isn’t terribly important–what’s very important is what this person found in the forums where the people who perform this nefarious activity hang out. What she found was that there was one common sentiment that almost everyone there expressed, frequently.

They were bored, and they wished they had a job.

There was about a 30-second exchange after that, but I don’t think it’s enough. Read more

The ACLU has a point about smartphone security

Dave Farquhar Android, security , , , , , , , , , ,

The ACLU complained to the FTC that carriers aren’t patching vulnerable Android phones. They have a point.

Phones are profitable, and the carriers are trying to have it both ways. Read more

The AMI BIOS breach of 2013

Dave Farquhar security , , , , ,

A security professional’s nightmare happened to AMI this week. Tons of confidential data, including the source code for the UEFI BIOS for Intel Ivy Bridge-based systems and an AMI-owned private key for digital signatures, turned up on a wide-open FTP server for all comers to download anonymously. This AMI BIOS breach has numerous implications.

The implications are nearly limitless. To a malware author, this is like finding a hollowed-out book at a garage sale stuffed with $100 bills with a 25-cent price sticker on the front. If you’re a budding security professional, count on being asked in job interviews why you need to protect confidential information. The next time you get that question, here’s a story you can cite.

Read more

The ethics of writing nefarious security instructions

Dave Farquhar security , , , , , , ,

This week I posted a link to a video showing how to crack a WPS-enabled wifi network, and this week, Ars Technica wrote a firsthand account of cracking a password list. I’m sure this raises questions of ethics in some people’s minds. To be honest, spreading this kind of information makes me a little uncomfortable too, but I also think it’s necessary.

Read more

Bitdefender 60-second virus scan: a review

Dave Farquhar security , , , , , ,

I mentioned Bitdefender 60-second virus scan the other day, but didn’t give it a proper review. It’s time I remedy that.

It’s a small 160K stub that downloads a few more megabytes worth of stuff after you run it. Unlike most other free antivirus apps, this one is intended to be secondary–a marketing tool to show you what your primary antivirus isn’t catching that Bitdefender would, I suppose. But I think it’s useful as a second line of defense, and recommend using it as such.

Read more

The men (boys) who spy on women through webcams

Dave Farquhar security , , , , , , , , , , , , ,

Ars Technica made a bit of a splash this week with this provocative headline. This is real.

The article gives the usual advice, like not opening e-mail from strangers, not clicking attachments from strangers, and not visiting dodgy websites. That’s all good advice, as is staying off torrent and other file sharing sites, but even all that is not enough.
Read more

Avast 8 is out and already well-regarded

Dave Farquhar security , , , , ,
Avast 8 is out, and the initial reviews are positive.

If you use Avast, either as your primary or as your secondary AV, updating it is a good idea. One critical improvement is that virus database updates happen more frequently now. There’s no such thing as too frequently when it comes to database updates.

The LCMS won’t be able to work out its differences in the dark

Dave Farquhar Christianity , , , , , , , , ,

I wish I had a nickel for every time I heard a journalism professor say, “Don’t ever do something you wouldn’t want to see on the front page of the New York Times.”

It’s worse today. In the 1990s, the news cycle was hours long. Today, with three major cable news channels and the Internet, the news cycle is minutes long, and marching toward real-time.

That’s the problem with Dr. Matthew Harrison’s hope, reported in the Post-Dispatch, to handle the LCMS’s Sandy Hook Vigil controversy “[Internally,] well out of the public spotlight.”
Read more