more security and privacy stuff

Accipiter

See last comment for latest malware

Carnegie-Mellon Report

Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
http://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdf

Accipiter

Internet privacy tools too confusing for most users
http://www.scmagazineus.com/internet-privacy-tools-too-confusing-for-most-users/article/215869/

catch22

Howdy Accipiter,

Thank you for the articles. I recall using with a pc in 1997, a malware program that had the servers located in Germany.....the name escapes me memory cells. I recall sending a few dollars to support the free program. AH-HA, incoming brain cell alert...the program was SPYBOT.

Anyway, on a related note....computer cookies, tracking programs and related.
We currently use McAfee and the Malware program Chip mentioned in another post...MBAM. The pc, of course; always has too much Adware stuff and periodically finds a Trojan of some form.

I do find a curious situation, in when first using Google on a given day, that it displays the weather for NYC; and when searching whatever, will place search results that always contain store locations and related for Manhattan. No sure what that is all about; but it is okay with me if "it" thinks I live in Manhattan; knowing that Google is able to build an excellent profile on users based upon search requests.

As for computers, today I am a user; versus the "older" days when I was a fixer. I still attempt to keep somewhat atune to changes, but not so much as the wayback days.

Although trained and working with electro/mechanical devices and sometimes computer driven and the work having provided a decent wage; I never developed the overwhelming passion for early exposure to programming and ic chips. I will say that the early (1967) exposure to the new wave of electronics allowed for insight that made money for this house via investments in stocks.

This link is for the earliest "pc" which I had to program and repair. This is a front panel only image and I am sure there is more to found for Computer Automation and the LS-2 series. Five front panel registers of 16 bits each with which to hand load each bit for a given start up program, followed by the operating system being loaded via an ASR-33 teleprinter using a paper tape feeder. The base system was magnetic core type memory that totalled 16K, with a maximum of 32K with an additonal board. A real rocket ship !

http://www.google.com/imgres?q=computer+automation+lsi+2&hl=en&gbv=2&biw=1237&bih=748&tbm=isch&tbnid=PFmQw0Q2qH9B0M:&imgrefurl=http://www.simulogics.com/museum.htm&docid=sVX5nnQMIQQcwM&imgurl=http://www.simulogics.com/museum/CAlsi11_1.JPG&w=576&h=436&ei=qN-1Tru3Gsmq2QXz0bHNDw&zoom=1&iact=hc&vpx=440&vpy=278&dur=190&hovh=195&hovw=258&tx=151&ty=104&sig=105754999995524835912&page=1&tbnh=130&tbnw=162&start=0&ndsp=26&ved=1t:429,r:8,s:0

Take care and thanks for jogging the memory cells.

Catch

Investor

Reply to @catch22: "Spybot Search & Destroy" is a good software. But I would rather call it anti-malware software rather than malware. Malware is bad. Anti-malware is good.

BTW, MalwareBytes is a better anti-malware software these days.

Accipiter

Ramnit Worm Goes After Facebook Credentials
http://www.pcworld.com/businesscenter/article/247337/ramnit_worm_goes_after_facebook_credentials.html

A pervasive worm has expanded its reach to now steal login and password details for Facebook users,....

catch22

Howdy Accipiter,

Thank you for the update. Although this house (probably the last one in MI) does not use Facebook; it is easy to understand attacks at such a site with its gigantic user base.
I will pass along this info/link to the 5 million folks I know who are users of Facebook.

Take care of you and yours,
Catch

Accipiter

Reply to @catch22:

No facebook here either. Still living in the day of these computer games - Adventure and Zork

Maurice

Reply to @Accipiter: Would those games be the text based versions, before graphics became popular? LOL. Well maybe you are too young for that.

I watched a couple videos today with Alan Dershowitz being interviewed. For those who don't know him, Dershowitz is a very high profile lawyer and Harvard U professor. Among other things, he spoke to the erosion of privacy. He said it is not the fault of the Internet, but the lack of thinking about privacy by the younger generations. He sited his children and grandchildren as examples. By not thinking about privacy and putting all personal information on the Internet, the freedom of privacy is diminished for all.

I think what he was getting at is that many of these problems are a result of our culture, not the lack of laws or in case of this discussion, the lack of or complexity of security tools.

Accipiter

Reply to @Maurice:

The grand old days when every computer manufacturer had a different pinout on their serial cables and you had to resolder the cable to work with different printers or to communicate between two computer, the floppy disks came in 3 or 4 different sizes and different densities. When every computer manufacturer had different way of locating characters on the screen and making things bold. The one good thing that ibm and microsoft did was dominate and if you wanted to play the game you had to follow the defacto standards. And mozilla and tcp/ip and 10baseT helped the rest of the way going forward.
But I didn't have the pleasure of using paper tapes or or toggle switches to code, just the hollerith puch cards.

Anna

Reply to @Accipiter: "But I didn't have the pleasure of using paper tapes or or toggle switches to code...."

Ah, you are deprived indeed. Don't tell me - no pdp-8; no LSI; no PET; surely a bit of wire-wrapping your own.

The good old days, indeed. In a way crawling through the ceilings throwing lines, making those cables (I never had enough), trying to get one thingy-ma-jig to talk to another thingy-ma-dig, what fun!!!

You know once things got easy, I quit having fun and had to actually work. Growing up was not in the plan.

Old_Joe

Reply to @Anna: We real (hardware) techs were wire-wrapping before you software guys were born. I still have a couple of those tools!

Accipiter

Reply to @Anna:

The good thing about the good old days - IE v6 thru v8 didn't exist

Once they invented the pager and cell phone - things went south

Old_Joe

Reply to @Accipiter: They insisted that I carry a pager but I always "forgot" to change the battery, so they got mad and punished me by giving it to someone else "who will appreciate it".

Hee..hee..hee...

Maurice

Reply to @Accipiter: Yes punch cards. I used those in college for my BASIC course. It was amazing how long it took for me to get a program compiled and running correctly. I had to bring the stack of cards to a stack card operator. Then maybe some 20 minutes later, I got a printout on white and green lined paper, telling me where my errors were on each line of code (card). But I was lucky according to my sibling. He told me that in the "old days", the process took longer and you didn't see the printout until the next day.

So I guess you did play Adventure on a text based program. I tried that, but I got tired of being caught in loops of the same response to my pathetic answers. I quickly gave up.

It was 1978 and we got our first email system. It was connected from our regional office to the corporate HQ's in Kentucky, so we could only send and receive messages to and from one location. There was one terminal for some 10 people to use. When a misguided employee tried to use it to send a personal message to Kentucky, we found out that all messages were monitored. We all received a stern warning not to misuse the message system.

Five years later at a very different company, our department was on 1 large PDP-11. Five of us were using our company's own version of CALC which ran on the mini-computer. The IS manager who ran the data center would come tearing up, ranting that we were bringing down the entire mini-computer. Hey it wasn't any fun either typing a character and waiting 1 minute for an echo on the terminal. We got PC's, called Rainbows, about a year later and we could use LOTUS 1-2-3. The IS manager was the happiest guy on the planet. Each PC arrived in 8 different boxes. One need to install the motherboard, daughterboard, memory, etc. I got the IS manager to do it for me.

A couple of years earlier another PDP-11 had an application called Phone. Essentially it was a text messaging application. Imagine I was text messaging over 30 years ago.

MaxBialystock

I do use FB quite a bit. My internet safety and privacy tools---used very often for cleaning and maintenance purposes, include:
-AVG Free edition.
-Malwarebytes (free)
-Spyware Blaster (free)
-SUPERAntispyware (free)
-CCleaner (free)

All of these tools offer a paid/premium version. The only difference is that I must update MANUALLY. It's been a helluva long time since I was infected with much of anything. I run them to start the day or at the end of the day. Interesting to look at the "reports" generated. All kinds of stuff works in the background, planting itself. I suppose I mean to say that some bad stuff DOES get in, but these tools remove it before any harm is done.

When signing up for an email address or in order to create a User Name to sign-into any websites, what I provide is all fictional. I have a "dedicated" email box to use in order to receive "confirmation" messages from all those places.

Even Jiffy Lube, JEEZ: who needs their junk mail? They screw up every time I go in there, anyway. They know me as John Jones from 123 Anywhere Street in Goldenrod, FL. 32733. At least the town and the zip match.

Accipiter

Most Users In the Dark About Google's New Privacy Policy
http://www.pcmag.com/article2/0,2817,2400868,00.asp

How to Opt Out of Google's New Privacy Policy (Sort Of)
http://www.pcmag.com/article2/0,2817,2400662,00.asp

Google To Ramp Up Online Tracking
http://www.npr.org/2012/02/28/147553722/google-to-ramp-up-online-tracking?ps=rs

Users Can Control What Google Knows About Them
http://www.npr.org/2012/02/29/147617359/users-can-control-what-google-knows-about-them?ps=rs

Google And Privacy: Is It Time To Give Up?
http://www.npr.org/2012/02/29/147643243/google-wins-hes-giving-up-on-privacy?ps=cprs

How To Adjust Your Privacy Settings, Before Google's Big Shift
http://www.npr.org/blogs/alltechconsidered/2012/02/29/147596859/how-to-adjust-your-privacy-settings-before-googles-big-shift?ps=cprs

http://www.npr.org/2012/02/24/147356632/weaving-around-web-privacy-controls

http://www.npr.org/2012/02/22/147189154/how-companies-are-defining-your-worth-online

Maurice

I agree with Accipter that internet privacy tools are too complex. I don't have time to read all the links, never mind understand who requires what to OPT-OUT. Nor do I have time to OPT-OUT of every company or organization that wishes to market my personal information. I don't know who they are all are, and I'm sure I'd be shocked at the number of them, if that could be quantified at a point in time.

The only solution that would guarantee our privacy is a specific contract that we agree to with entities for us to OPT-IN. In other words, OPT-OUT would not be the default for your and my personal information. And it should not be allowed to be buried in the fine print of any legal mumbo jumbo. It should be a specific form related only to OPT-IN. If the terms and conditions of a company change, that should require a new form to be agreed to. To put it in the simplest terms, it is my information and if you want it to exploit, you must get me to agree to that.

That would probably require me being compensated. Not unlike royalties for music. So if someone misuses my personal information, then they be on the hook for $150,000 per infringement. Hey if it is good enough for RIAA, it is good enough for me.

http://www.wired.com/threatlevel/2010/06/limewire-owes-billion/

Investor

Reply to @Maurice: Mo, I agree with you opt-in should be the default. In fact, that is the law in those big government high regulation European countries.

icyone

One aspect of opt-in/opt-out that I have never been sure about. Suppose I agree to let company A to collect certain data because they have a strict privacy policy & excellent reputation for integrity. Time passes, and A is acquired by B, which is quite different. What happens now to A's (valuable) data banks? Suppose B says "We have a different policy", what then? What control do you have then if you don't like B? It has always seemed to me that out into the future none of these promises mean anything anyway. The best solution is to keep as much to yourself as possible, and be as opaque as possible when you can't.

Maurice

Never write when you can speak; never speak when you can nod; never nod when you can wink.

Accipiter

Cross_browser_worm_spreads_via_Facebook_security_experts_warn

http://www.computerworld.com/s/article/9227351/Cross_browser_worm_spreads_via_Facebook_security_experts_warn?taxonomyId=17

MaxBialystock

Reply to @Accipiter:
"Since it doesn't have any executable files, no antivirus program is designed to look for it." What kind of spooge-licking scumbag sits around, deliberately creating this crap? And when a Facebook user clicks on an ad, the spoof program gives some sort of credit for the click to the malware host..... Sounds to me like I'm living in some combination of Orwell's "1984" and an evil, science-fiction Alice-in-Wonderland-on LSD-world..............But that Facebook user's FIRST mistake is to click on ANY ad in Facebook. All that stuff hits me as just bothersome noise, anyway. ..... I'm glad I have (and USE) three OTHER security sweepers, besides my AVG antivirus program.

MaxBialystock

Privacy tools too confusing for most users? (Above.) Why am I not surprised? If there are legal requirements to be covered, the scumbags do it in a way that makes using such "tools" NEVER obvious, clean and easy. It's all very deliberate. Parasites.

Maurice

Speaking of legal requirements, the Brits have gotten ahead of the curve in protecting the privacy of users. And it is going so well....NOT. Even the government websites are not in compliance.

http://www.bbc.com/news/technology-18194235

Anna

So a few minutes ago when I tried to access this website I got a black page with red writing that said: Server hacked by Tigerm@te, Bangladeshi hacker.... I tried several times. It went away after just a few minutes.

Investor

Reply to @Anna: Please specify 'this' website? Did you mean MFO or any one of the sites posted in this thread?

Anna

Reply to @Investor:

Yep, here, MFO. If you want to see a mirror of it, you can find it at the link right now. I imagine the link mirror will disappear now that it is fixed.

http://zone-h.org/mirror/id/17707640

Investor

Reply to @Anna: It looks OK to me now. I mostly directly jump to the forum via bookmark and visit home page when updated for monthly commentary or to link over to Amazon.

MaxBialystock

Same here. Worthless evil morons. Exhibit A.

catch22

Saw it too; about the same time as Anna and Max.
One of several related stories from Sept. 2011.

http://news.softpedia.com/news/700-000-InMotion-Websites-Hacked-by-TiGER-M-TE-223607.shtml

Maurice

Me too. During that time I also had an intrusion alert in my Norton's history. Norton's blocked the access. The software classified the severity as medium. Have to add that I get at least one of those a day anyway.

TheShadow

Also saw the hacked screen this morning. My favorite button showed the MFO site with the hackers id. Deleted the favorite and resaved it.

David_Snowball

Hi, guys. Sorry about the delayed response - chip and I were both out of town on business for the past four or five days, and so were a bit less vigilant. Her guess is that our site was not hacked but that our server (that is, the folks who host us) probably was. David

Old_Joe

⇒This is kind of interesting, too. "the virus may have been active for as long as five to eight years" (!!)

And yet ⇒ more on this.

Accipiter

Apple goes public with iOS security features
http://www.scmagazine.com/apple-goes-public-with-ios-security-features/article/243935/

Small banking Trojan poses major risk Size doesn't matter, after all
http://www.theregister.co.uk/2012/06/04/small_banking_trojan/

Understanding cyberspace is key to defending against digital attacks
http://www.washingtonpost.com/investigations/understanding-cyberspace-is-key-to-defending-against-digital-attacks/2012/06/02/gJQAsIr19U_story.html

Old_Joe

Here's an interesting article on the "Flame" worm:

⇒ Flame virus used world-class cryptographic attack

Accipiter

wordpress blog exploits

http://vrt-blog.snort.org/2012/06/compromised-wordpress-blogs-phishers.html

http://blog.trendmicro.com/compromised-wordpress-sites-drive-users-to-blackhole-exploit-kit

catch22

Accipiter,

Thank you.

Take care,
Catch

Accipiter

Op-Ed: It's Time To Fix Our Broken Password System

http://www.npr.org/2012/09/17/161290236/op-ed-its-time-to-fix-our-broken-password-system

the-password-fallacy-why-our-security-system-is-broken-and-how-to-fix-it

http://www.theatlantic.com/technology/print/2012/09/the-password-fallacy-why-our-security-system-is-broken-and-how-to-fix-it/262155/

on a low-bandwidth connection it is pretty much impossible to read the Atlantic's pages and a few other sites. I used adblock plus to block twitter.com, facebook.com, and scorecardresearch.com and was actually able to read the article.

catch22

Hi Accipiter,

Your thoughts about this; of which, I have been following this story for several days.
MS claims to have an IE fix in place tomorrow.........Friday, Sept 21.

MS IE, zero day cootie

We do run Java on home pc's, per some company needs.

Thank you,
Catch

Accipiter

Reply to @catch22:

Personally, I would keep java (as opposed to javascript) turned off, when it is not needed and only enable it for certain websites that i needed it for when i needed it.

as for the zero-day (maybe these articles will give you more insights)

http://arstechnica.com/security/2012/09/google-hackers-carry-on/
http://www.informationweek.com/security/attacks/google-aurora-attackers-still-on-loose-s/240006930
http://news.cnet.com/8301-1009_3-57508807-83/experts-googles-aurora-hackers-still-at-it-years-later/

my switch to firefox many years ago and not using IE at home is how i deal with IE problems.

MaxBialystock

Just downloaded Adblock Plus for Firefox. I hope it's not so complicated that it becomes a project unto itself.

MaxBialystock

Thanks.

Howdy, Stranger!

Categories

Poll

In this Discussion

Support MFO

Donate through PayPal

Shop at Amazon!