March 27, 2006

Why You Should Care

A couple of days ago I blogged here about a guy who was charged with stealing a wifi signal to get to the internet. In the comments Tammi said...

I gotta tell you - my WiFi? Wide Open. I have no issue if someone wants to "sneak a peak" ...

Now like people who go out and never lock their doors or those who leave their keys in the car because it's easier than remembering where you put them, having wide open wifi does put you at risk. What kind of risk? Among other things...

Well, who is browsing the internet using your wide open wifi? You have no idea. What about the person who has a compromised computer and has a spambot installed? Oh joy, oh bliss - they hook up to your wifi and start sending out spam galore from your location... your ISP can shut you down - immediately. It could be they get a complaint or they could shut you down because you've exceeded a certain email volume. (many ISP's have volume alarms now for just this reason)

Then there is the local hacker - using your connection to break and enter into other computers illegally. Possibly stealing information. Guess where the IP address leads them? Oh yeah, right to you. Now you've got cops or private investigators trying to build a case against you in a data theft incident...

Or how about your local kiddie porn scumbag? This person (yes, I believe there are women out there dealing in this garbage too) can use your connection to download that vile crap - leaving a nice little trail back to you! Now there's a nice thought - you can get yourself raided in the middle of the night by cops... whereupon you can be hauled off to jail and spend the next 10 years of your life clearing your name (which no one will ever believe anyhow because you'll end up on the front page of the newspaper - and we all know newspapers always print the truth... right?)

just stay out of my system.

Um.... Why? You've left the door open - invited them in. If they have the ability they can certainly check out your system if they want to and it would be difficult to stop them - especially if you don't have a good working knowledge of computers.

Now granted - the chances of this happening in the Illinois cornfields is pretty small. But - it does exist. Just like leaving your doors unlocked opens you to a burglary, even in the safest neighborhoods... leaving your wifi open gives others an anonymous opportunity to do bad things in your name. Then YOU are the one stuck with all the hassle of trying to clear yourself and get your reputation back. (Think Identity Theft here...)

People who live in a city have a far greater chance of having something like this happen because of population density. Yes, I am emphasizing this because it's something city dwellers really need to remember! "Just leave my system alone" is a dangerous form of wishful thinking... the type that puts everyone into your mindset and simply ignores the fact that there are others out there with different agendas. Unfortunately we simply don't take security threats to computers as being a threat to ourselves and our way of life. It may be that someone just wants to get online and check their email. Unfortunately, it's the ones who want to do the bad crap that should make you think twice before dismissing safety precautions.

Or just think about it this way - how much time and MONEY do you want to devote to cleaning things up when someone DOES walk all over you?

Posted by: Teresa in WebTech at 11:04 AM | Comments (4) | Add Comment
Post contains 629 words, total size 4 kb.

March 25, 2006

Stealing Wi-Fi

I came across this story today and found a couple of things amusing...

Illinois Man Fined For Piggybacking On Wi-Fi

First let's look at what he did - which is not the amusing part...

David M. Kauchak, 32, pleaded guilty this week in Winnebago County to remotely accessing someone else's computer system without permission, the Rockford Register Star newspaper reported. A Winnebago County judge fined Kauchak $250 and sentenced him to one year of court supervision.

One of the biggest problems with Wifi is securing the connection so others don't steal your bandwidth. Most people don't know or don't bother with even the low level protections that would keep unwanted people off of their systems. Things such as encryption or only allowing certain MAC addresses to use the router... not to mention putting in proper logons and good passwords to the router itself.

Oh yeah, people who are wifi savvy and want to take the trouble can certainly get around these things, but most of those out and about, hunting for a free signal are looking for one that requires no extra work - in other words an open connection. So, a little extra diligence would go nearly all the way toward keeping unwanted people off your system.

The article is not specific about what the officer observed before approaching the vehicle. After all - Mr. Kauchak could certainly have been browsing on something like a Verizon Wireless card which would not be illegal. I wish the story had been more specific.

Sadly this poor man has a spot in the county legal history books...

Kauchak has the dubious distinction of being the first person to face the charge in Winnebago County, and prosecutors say they're taking the crime seriously.

Which is one amusing little side note (for me not for him). The other is this...

A police officer arrested Kauchak in January after spotting him sitting in a parked car with a computer. A chat with the suspect led to the arrest, Wartowski said.

You will notice that the word "led" is a link. When I first read the story I thought this might be a link to yet another article about the arrest, so I clicked it... turns out it's one of those cute little "definition links" and it leads to a page that defines the term LED or Light Emitting Diode...

OOPs. I think their automatic check for linkable terms kinda backfired. Which is pretty funny because I've always hated that feature in online news articles.

Posted by: Teresa in WebTech at 12:59 PM | Comments (2) | Add Comment
Post contains 421 words, total size 3 kb.

March 14, 2006

Automatic... Easy But Not Always Good

Oops. Looks like McAfee released an antivirus update that has wreaked havoc with regular files on any PC where it was installed.

MARCH 13, 2006 (COMPUTERWORLD) - A faulty antivirus update from McAfee Inc. that mistakenly identified hundreds of programs as a Windows virus has resulted in some companies accidentally deleting significant amounts of data from affected computers.

The McAfee update (DAT 4715) released on Friday was designed to protect computers against the W95/CTX virus. But because of a programming error, the update also incorrectly identified renamed and quarantined hundreds of legitimate executables including popular ones such as excel.exe, lsetup.exe, uninstall.exe, shutdown.exe and reg.exe.

Ouch - that hurts just reading it. What a nightmare all the way around. It's the dilemma that haunts anyone who has to take care of a large number of computers.

For companies that had configured their McAfee antivirus program to automatically delete bad files, the error resulted in the loss of hundreds, and in some cases even thousands, of files on systems in which the update had been installed, said Johannes Ullrich, chief technology officer at the SANS Internet Storm Center (ISC) in Bethesda, Md.

I guess you could say there is some good news - the problem was noticed quickly.

McAfee released a new patch (DAT 4716) updating the earlier one, five hours later.

The question is - what is the best way to set up Antivirus Software to get the max protection? If you had to manage the care and feeding of several hundred to several thousand workstations - doing things automatically is the only way it's possible. So, you set up for auto download, and have it automatically get rid of the bad stuff.

If you think about "dumb user tricks" this makes perfect sense. After all - you can't trust people to stay away from clearly bad emails with virus or trojan attachments. Therefore, AV software is a must. And you can't trust users to actually do this stuff themselves. (most of them want nothing to do with it because it scares them - others are incompetent - and there are security issues too). So, you have to rely on tools such as AV software and then hope it works.

Of course we have learned from Microsoft over the years that system patches can and do screw up systems. So, the fact that this sort of problem hasn't bitten the AV field is somewhat amazing.

Therefore we have a couple of lessons to be learned from this. First - if you have any option at all - make sure you don't do any discarding of files until you've used your system after a scan. Second - large companies are SOL when this stuff happens. There's no really decent way around it.

One hopes the industry will evolve and become more stable (we're already light years ahead of the early days), but I think we really won't see an improvement until there is the ability to lock down core system requirements and applications so they can't be touched unless there are very special circumstances. When we have a basic set up of operating system and app executables requiring special log in to change the settings - and everything else operating with only user privilege - much of the damage that can now be done to a system will come to a halt. I'm not holding my breath on that one.

Posted by: Teresa in WebTech at 07:49 AM | Comments (1) | Add Comment
Post contains 574 words, total size 4 kb.

March 03, 2006

RIM Settles

Well, I first got the news from the WSJ - but it was subscription only so I thought I'd wait for someone else to put the word out.

Computerworld has the latest.

MARCH 03, 2006 (COMPUTERWORLD) - Research In Motion Ltd. (RIM) announced late today that it has agreed to pay $612.5 million to NTP Inc. to settle the long-running legal fight between the two companies.

You can go read the rest, but that's all you really need to know. Except I find it amusing that they didn't get the earlier agreement together enough to settle - it would have saved them about $150 million. Then again I don't know why the deal fell through.

Now all you Blackberry users can rest easy - they aren't going to take your toys away from you!

Posted by: Teresa in WebTech at 01:07 PM | No Comments | Add Comment
Post contains 136 words, total size 1 kb.

March 02, 2006

Patch Your Macs

So you use a Mac and you're feeling pretty smug about being safe from all the crap that Windows users have to put up with... Well, if you want to continue on with that smug feeling, please go patch your Mac OS X.

Apple patches serious Mac OS flaws

Apple Computer on Wednesday released a security update for Mac OS X that fixes 20 vulnerabilities, including a high-profile Web browser and Mail flaw disclosed last week.

There is more info about these vulnerabilities over at the Zdnet article. But the bottom line here is - go patch your system using either the Software Update feature in Mac OS X or from Apple Downloads.

Posted by: Teresa in WebTech at 05:37 AM | No Comments | Add Comment
Post contains 116 words, total size 1 kb.

<< Page 1 of 1 >>
40kb generated in CPU 0.02, elapsed 0.0288 seconds.
69 queries taking 0.0122 seconds, 231 records returned.
Powered by Minx 1.1.6c-pink.