Archive for the ‘Security and Privacy’ Category

Facebook – An admirable start but not nearly enough

Facebook Adds Two Privacy Tools – InformationWorld:

Both tools have to do with stopping unknown devices from logging in to a user’s Facebook account.

Definitely a first step, and an important one to be sure, especially since many hacks apparently were coming from mobile devices — but this is not nearly enough.

This does not even begin to address the privacy related issues brought on by changing the default from privacy by default to public by default which is why Facebook won over from MySpace in the first place.

My account will remain deactivated for the time being.

Advertisements

Facebook account deactivated today

Well, today is the day.

As much as I love Facebook, and enjoy the ability to keep in contact with family and friends easily, I have deactivated my account today in protest of their stance on privacy and the apparent lack of concern for their users by changing to the opposite stance on user privacy. It has been one step, after another over the last year or so. Desensitizing users to the changes they have made by doing it slowly.

Facebook sees dollar signs where we users are concerned. They have deluded themselves into thinking that with all the family and/friends connectios, and simplicity of keeping in contact with our Facebook friends, that we won’t be able to stop, that we are now hooked…”we have you now” in Darth Vader’s voice.

Is it true?

Not in my case at least. I let my friends and family know what I was doing. They support and understand. Will any of them do the same thing? I hope so…

We need to stand together to disallow Facebook a pass on the changes from supposed concern for users and user’s security and privacy to what it is today … where they are saying we don’t care about privacy by default. That we only see the connections we can make to other sites?!?! Facebook is saying proudly that they are the next MySpace … “now we control all these users and connections, and you as users have no privacy. Privacy is dead.”

Can we prove them wrong?

===

Edit: added some links to help make your decision:

With Facebook’s security and privacy standards under fire from all sides, suffice it to say that this is not a good time for one of the company’s investors to fall for a Facebook phishing scam. (Facebook phishing scam snares company board member – CNET – May 10, 2010 8:42 AM PDT )

Comparing Facebook’s latest product modifications to deadly natural disasters is probably a little bit inappropriate, but the psychological reaction doesn’t seem all that different. The social network modified its policies for handling user data once again as part of its F8 conference and release of the Open Graph API, and ever since it became clear that more information is being set as public by default and more is being shared with third parties, concerned Facebook users have been on jittery alert, perhaps prone to overreaction, concerned that something even bigger may be about to change. (Understanding Facebook’s privacy aftershocks – CNET May 6, 2010 3:51 PM PDT)

Criticism of Facebook (Wikipedia.com)

Four senators are adding their voices to criticism that Facebook Inc. doesn’t do enough to give its 400 million users easier ways to protect their privacy online. (Senators turn up the heat on Facebook privacy issues – SFGATE.com – April 28, 2010)

More links on my blog post, Bye, Bye, Facebook, Bye, Bye… AND ALL OVER THE WEB! Just do a search on facebook privacy issues on any search engine and read it and weep.

Mac OS X 10.4.11 Tiger Java Security Update Missing

What the heck is going on?

Is the Java Update that was put out last month for Windows and this past week for Leopard and Snow Leopard not a security issue for Tiger users, or did Apple decide to not bother making sure those who still are stuck using Tiger wouldn’t be safe??!??

This is one of two reasons why I hate that Apple does the Java updates for Mac OS X instead of letting Java do it like it does for Windows.

First reason is they are always late. Second reason, when Apple doesn’t want to update Java for Tiger, like they did for Panther, etc., they just stop updating it.

If it were left up to SUN Java to update it we would have gotten it when they released the Windows versions instead of getting this when you go to Apple site with Mac OS:

Apple and Java

Apple and Java

Or is Tiger (and earlier versions) the only OSes on the planet that don’t need this security update?! Tiger hasn’t had a security update for Java since June 2009: Java for Mac OS X 10.4, Release 9

Data breach at Heartland may be bigger than TJX’s

And you thought the TJX’s data breach was bad? Well…

Data breach at Heartland may be bigger than TJX’s

A data breach disclosed last week by Heartland Payment Systems Inc. may displace the one revealed by The TJX Companies Inc. in January 2007 as the largest compromise of payment card information to date.

Heartland, a Princeton, N.J.-based payment processor, said intruders broke into its systems sometime last year and planted malware that they used to steal credit and debit card data.

A Heartland spokesman said Thursday that the company still had no idea how many cards had been compromised. It wasn’t even sure how long the malware had been on its network, he noted. “All we know is that it was there for a period of time in the second half of 2008,” he said.

But given that Heartland processes more than 100 million card transactions per month, it’s conceivable that the number of compromised cards could be at least that high, said Gartner Inc. analyst Avivah Litan. In the TJX breach, 45.6 million card numbers were stolen over 18 months.

The latest news over at The Chronology of Data Breaches (PrivacyRights.org), shows on their last update for the TJX/January 17, 2007 entry, that the TJX data breach seem to have affected 100 Million accounts and they think it may have dated back as far as 2005!

The Heartland one may be worse than that since it processes at least 100 Million!?

Over time, what will they find out about the Heartland one?

Unbelievable.

Windows XP SP3 – time for an exorcism?

I am beginning to think that SP3 was Microsoft’s “killer” app for Windows XP so folks would get frustrated with XP and move to Vista … and at the same time, when they move to Vista, they wouldn’t have too high of expectations.

Looks to me like Microsoft has just proven that Apple definitely does it better! And Microsoft has no room to ever say a word about Linux, ever again!

Talk about a true dog of a Service Pack! Some folks may not be having problems, but some clients have been through h*ll this past week with their haunted XP SP3 systems after the September 2008 Windows Updates.

We had, obviously wrongly, thought we were out of the woods when we were able to get all the updates for the hardware and software in preparation for SP3 and then the SP3 update went very smoothly and worked well for about a month … until the September 2008 Windows Updates turned one client’s set of computers into possessed computers that would all of a sudden decide that their printers were no longer installed, or Outlook or Firefox or Quickbooks. Or just puke when Adobe Distiller tried to convert to PDF.

By last night they seemed to be working OK, but gawd knows what today will bring. I hope they are out of the woods, but there’s no way to be sure till they try to work with them today. I was beginning to think the computers needed an exorcist. And they still might. If so, I sure hope Microsoft made a safe reversal on SP3.

I can not believe they didn’t test these stupid updates better than this! We were so careful and waited at least a number of months before installing SP3 to make sure SP3 wasn’t creating problems after installation before we figured it was safe to install it.

I think like many, we just thought that once you finally were able to get the daggone thing installed Microsoft would do better than this on the updates. Knowing full well that many people depend on their computers for work!

I think this posting at blogcritics pretty much continues to sum up my feelings on it:

I’d like to extend a nice big F-U to Microsoft for releasing yet another product that’s screwing up my computer (pardon my French). Windows XP SP3 has been out for a few months and I haven’t heard about the world coming crashing down as a result, so I figured it might be safe to install. HA! I should have known the clowns in Redmond wouldn’t be able to get this right.

Well, Microsoft, you’ve managed to once again make people skiddish about installing security updates … Thanks for nothing Microsoft.

Malware Silent Alters Wireless router settings!

Brian Krebs at his Security Fix column at the Washington Post reported last week:

Malware Silently Alters Wireless Router Settings

A new Trojan horse masquerading as a video “codec” required to view content on certain Web sites tries to change key settings on the victim’s Internet router so that all of the victim’s Web traffic is routed through servers controlled by the attackers.

According to researchers contacted by Security Fix, recent versions of the ubiquitous “Zlob” Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list of default router username/password combinations. If successful, the malware alters the victim’s domain name system (DNS) records so that all future traffic passes through the attacker’s network first. DNS can be thought of as the Internet’s phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle.

Much more in the article!

We have always recommended changing your router’s default settings like username/password combination, as well as the standard wireless SSID and channel and applying the latest firmware patches for your router.

Also turn off UPNP (Universal Plug’N’Play) in the router. And use WPA security whenever possible for your wireless users to protect your network and keep nefarious users from spreading spam or other bad things through your wireless Internet connection.

And as one of the comments noted:

Besides a non-admin (limited user)* account and AV software, another effective defense against these types of malware is a blocking hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

They also have a related blog that covers a lot of these types of malware tricks using codecs.

http://msmvps.com/blogs/hostsnews/default.aspx

Thanks striker in this topic at Scot’s Newsletter Forums for the heads up on this one.

* Where possible (generally easier on Linux, Mac and Vista to run as a limited user than previous versions of Windows like WinXP, and earlier).

Unfortunately even printing can be a challenge in some versions of Windows (WinXP) depending upon the type of printer, if you are using a limited account.

However, if and when you can, either running as a limited user, or using a Linux LiveCD (LiveCD List) to surf the web would be a much safer way to surf the web in general, as well as making sure your router’s information has been updated as noted above regardless.

NOTE: If you adjust your settings on that LiveCD page, you can even find Linux LiveCDs for PPC Macs. I have tried and really like the Ubuntu LiveCD for the PPC Mac.

Next Mac OS X — 10.6 — at WWDC 2008? another big cat? end of PPC?

Well, it makes sense that 10.6 will be announced soon especially with Steve Jobs’ comments to the New York Times regarding major Mac OS X, but at WWDC 2008? Hard to say.

There is also the naming question brought up at Mac360 as well …some say the only big cat left is Lion. But even a cursory look at wikipedia’s big cat page would indicate that Lion isn’t the only one unless you go with strict ‘big cat’ names. A more expansive list also includes things like Cougar, Snow Leopard, Clouded Leopard and Cheetah (or Puma) (which Apple has been used already and broke the ice for the more expansive Big Cat naming for Mac OS X).

My guess would be Cougar. I would think that would be the most logical choice. Wait to use Lion till they move to an all Intel based Macs and maybe proved their dominance might be a better choice of timing to use “The King” Lion.

And if the RoughlyDrafted magazine/blog article was correct in 2007 about their thoughts on Unraveling the PPC Myth (linked in their Leopard and the History and Future of Mac OS X on PPC article noted above), then it’s not likely going to be with 10.6.

I tend to be leaning toward RoughlyDrafted being right on that score, at least after reading over the history of Apple again in those two articles.

Also, Ars Technica last year also didn’t give any real hope that ZFS would be in 10.5 — maybe have to wait for 10.6, but I don’t think so. Too soon. I think they will wait for the next one, 10.7? or whatever that will be called. Might as well wait to do ZFS when it goes to all Intel Macs makes more sense. Make the major change then.

So, I would say Cougar makes more sense at this time. No Lion King here yet…no MAJOR change to the underpinning….yet.

And really, if the truth be known about Cougars — the Cougars are nothing to sneeze at! And with this description: “This large, solitary cat has the greatest range of any wild terrestrial mammal in the Western Hemisphere,[3] extending from Yukon in Canada to the southern Andes of South America.”?? Doesn’t that sound like the desire of Apple with their next version of Mac OS X? To be the most broadly used Mac OS/computers?

Which also would indicate (to me) that they would not want to ditch PPC just yet either … like the RoughlyDrafted articles indicated.

I really think that Microsoft made that Mistake with Vista. And I really hope Apple will not make that same mistake. But who knows with the Entertainment Cartels whispering in their ears just like they did with Microsoft…

When the dust settles and if the Entertainment Cartels get their big Win (controlling when and where you can view content on every front from TV (HDTV, computers, etc.), and the Major OS makers have totally pissed off their real paying customers, we shall see what happens then. But I think we’ve already had about enough of that as evidenced by this ExtremeTech article entitled, “How the Hollywood Morons Can Beat the Pirates! (Thanks Adam for the link!!)

EDIT: Well, I guess I had a better opinion of Apple than I should have. Apparently, according to MacRumers, who was reporting on an article from Ars Technica, Apple has decided to turn PPC users away now after all. Oh, and it’s Snow Leopard, not Cougar. More like Nuclear Winter. Very unhappy Mac user here. What a crock!

Tag Cloud

%d bloggers like this: