April 28, 2006

New Way to Catch a Phish

It's the latest Phishing scheme and I wasn't going to blog about it, then changed my mind.

Earlier this month, San Francisco-based Cloudmark trapped an e-mailed phishing attack in its security filters that appeared to come from a small bank in a big city and directed recipients to verify their account information by dialing a certain phone number. The Cloudmark user who received the e-mail and alerted the company knew it was a phishing scam because he's not a customer of this bank.

It seems people are catching on to the email only approach (about time) and the bad guys are moving on to a new way to scam people.

And that's where VoIP comes in. By simply acquiring a VoIP account, associating it with a phone number and backing it up with an interactive voice-recognition system and free PBX software running on a cheap PC, phishers can build phone systems that appear as elaborate as those used by banks, O'Donnell says. "They're leveraging the same economies that make VoIP attractive for small businesses," he says.

Regardless of the method used by the phishers, let us say it yet again... DO NOT EVER EVER EVER GIVE OUT YOUR PERSONAL INFORMATION BECAUSE YOU RECEIVED AN EMAIL!

Are we very clear on this? If your bank has a problem they should contact you through the old fashioned channels of either US Mail or a direct telephone call to you. If you ever receive an email like this - go to your phone book, find your bank's phone number, and dial them direct. OR go to the bank in person! It's your money, and your account. Keep it safe.

If you have already given out this information because you didn't see this first, please contact your bank immediately - call them directly and not from a phone number you found in an email.

This has been a public service message from your friendly neighborhood geek.

You're Welcome!

Posted by: Teresa in WebTech at 05:35 AM | No Comments | Add Comment
Post contains 330 words, total size 2 kb.

April 21, 2006

A Patch for A Patch

Looks like Microsoft will be issuing a fix-up patch next week on Tuesday. So, if the original screwed up your computer... and you can still manage to get to Microsoft's site with IE. Hopefully this will fix the problem.

That will be 2 weeks after the original screw up... which means they aren't really busting their tails to get it out there. Most likely it's because this is not a "corporate" problem. The usual excuses apply - we're testing... yeah like they did the last time?

Since I'm not currently having difficulty after removing the HP drivers, I'm going to wait and see if the new patch causes any problems before I try to apply it.

I guess I don't sound suitably grateful to Microsoft. However, the comment about this problem not affecting too many people continues to annoy me and I'm really ticked off that I can't just dump them altogether. I would if I could. Guess I should program my own work software to run on a Unix type platform... if only I had time.

Posted by: Teresa in WebTech at 09:42 AM | Comments (1) | Add Comment
Post contains 182 words, total size 1 kb.

April 17, 2006

Security Update From Hell

Update I'm getting a ton of searches for "drop down arrow in ie gives hour glass" or words that effect. My fix involved removing the drivers for my Hewlett Packard Scanner - it could also apply to their printers and cameras. So, if you have HP peripherals - take the drivers off the system and see if that helps. Nvidia video card drivers may need to be upgraded too - although removing the HP drivers did the trick in my case.

Last night I applied the latest security patches from Microsoft. I guess their idea of making your computer secure is to break stuff. Oh I can browse alright. But it's those little things that are broken that make life just so very interesting.

First problem. I use Excel - a lot. Now when I go into excel and click on the little folder at the top - the shortcut for opening files... I get an hour glass... eventually I use task manager to close the program - which then tells me it's not responding. Same thing happens if I try to use the menu options too. So, does this mean it's a security feature for Excel if you simply can't open a file from within the program... Sheesh!

Next problem. Windows Explorer. The program provided by Windows so you can look at directories, find files, and even open files. Each directory has a + which shows there are files contained within. Click on the + and Explorer freezes up with an hour glass. Once again - Task manager is necessary to close it. In order to look at the directory you have to click on the name of the directory - don't click on the + ... for the life of me I can't figure out what they are trying to save me from - looking at what files are on my system?

Next problem. To do updates in Windows - you must use Internet Explorer. Up at the top where the url can be typed in... there is a drop down box that will hold previously typed in urls. If I click on the drop down arrow - instead of typing in the url... guess what happens... oh c'mon - guess... that's right it freezes up. I get the hour glass treatment and have to use Task Manager to close the program which is no longer responding. For that matter - this one is so bad - it actually froze my Task Manager too.

If it wasn't necessary for my work software - I would never use Windows again. As it is - I guess I'm lucky. This computer has lasted me almost 5 years. So, I'm looking for a replacement. The problem is - what is the best one to get... This one is a custom build by a guy who used to live near me. Now he's in Illinois and I'm in Massachusetts... not so easy anymore.

I've been lucky in working with Dell in past years to build a system to my specs. But I'm seeing some very ticked off people lately with bad customer service. I may end up calling CDW and seeing what I can get from them. I used to shop at their main facility in Illinois and I've always been happy with them.

My main problem is that I want what I want and not any extra garbage... and I want it to work. I don't game, I don't do television or movies, I don't even do music - just the occasional audio file. Extra crap seems to make a mess of the system and causes breakdowns and problems. I keep my systems nearly free of extras... so it's difficult to find a computer that I want to buy. (thus the special build last time I did a system).

Therefore - I guess I'll expect major headaches until I can get the system I want. I HATE this crap!

Posted by: Teresa in WebTech at 07:38 AM | No Comments | Add Comment
Post contains 662 words, total size 4 kb.

April 12, 2006

Government and Technology

Instapundit points to this article in Wired about a large scale computer failure last August.

A computer failure that hobbled border-screening systems at airports across the country last August occurred after Homeland Security officials deliberately held back a security patch that would have protected the sensitive computers from a virus then sweeping the internet, according to documents obtained by Wired News.

Sounds rather dire doesn't it. I mean they had the patch... why didn't they install it? One must read on further to determine the real hangup. The above is the opening paragraph of the article - we must read over to page 2 to find out the reason the patch was "deliberately held back".

Operating somewhat more slowly, it took CBP officials until Aug. 16 -- a full week after Microsoft released a patch for the hole -- to start pushing the fix to CBP's Windows 2000 computers. But because of the array of peripherals hanging off of the US-VISIT workstations -- fingerprint readers, digital cameras and passport scanners -- they held off longer on fixing those machines, for fear that the patch itself might cause a disruption.[emph mine --ed]

Most people don't realize the problems that can be caused by those lovely little patches that Microsoft issues on, what seems to be, a nearly weekly basis. How many times have we heard of Microsoft patches causing major headaches within companies? The company applies the patch and then suddenly - maybe they can't sent or receive email attachments - or some other screwy thing.

Most large companies have people who will test the patches on a separate system before applying them to any of the company computers. I would bet Homeland Security has this type of system in place, but I have no idea how well it operates. There are any number of factors from incompetent people working in IT to competent people who pack it in at 5pm and head home, to being overwhelmed by too many and varied systems to patch them quickly and effectively. The article gives us no clue on any of these points.

The authors of the Wired article see it this way with that perfect and microscopic hindsight that always serves reporters so very well...

Officials -- not unreasonably, say security experts -- wanted to test the patch before installing it. But as a consequence, hundreds of computers networked to sensitive law enforcement and intelligence databases were left with a known vulnerability -- a security hole rated "critical" by Microsoft because it allows attackers to take control of a machine remotely.

As you can see they are simply not consistent at all. First the delay in patching was reasonable - so the patch could be tested. Then the delay is a bad thing because the patch was "critical". But when was the last time you heard about a patch for something that wasn't' critical? This time, it just so happened that a worm was released before they could complete the testing and patching.

So I have to ask the reporters - what if they had installed the patch, without testing, and it broke something? What if the patch brought the system to a halt? Not to mention, what if it took several weeks to fix something that the patch broke? What would the tone of the article be if the patch had done what the worm did? Do you think they would be sympathetic in that case?

I don't.

But there is one thing that, while it doesn't surprise me, is a valid point raised by Glenn.

It's not entirely their fault, but rather an indication that (1) security systems probably shouldn't be running Windows; and (2) most big organizations can't move as fast as virus writers.

Yeah, running any type of secure system on Windows means there will be many more problems just because the OS draws in virus and worm writers. It's such an easy system to attack. Keeping Windows secure is a full time job. However, if you don't use Windows, the problem becomes even bigger.

First is what other system do you use? There are set rules for allowable secure systems that can be used in government. They are not allowed to use just anything they want.

Second, how are you going to find enough people with enough knowledge to work on it. Too many computer science degrees are handed out to people who never did any systems programming - or even any Assembler... they don't know how systems work!

Third, how much of an increase in cost for specialized programs to run on a different OS and training for people who must use the system. They don't have an unlimited budget.

The bottom line is when I think security I don't think DHS.

Posted by: Teresa in WebTech at 05:51 PM | No Comments | Add Comment
Post contains 796 words, total size 5 kb.

<< Page 1 of 1 >>
34kb generated in CPU 0.04, elapsed 0.0379 seconds.
67 queries taking 0.0165 seconds, 223 records returned.
Powered by Minx 1.1.6c-pink.