Don't Get Burned By 'Flame' Malware Attack

Flame (or Skywiper) is a massive, complex threat. Weighing in at 20 megabytes, and somewhere around 750,000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you be concerned and what can you do about it?

At a conference in November 2011 Regina Dugan, director of the United States Department of Defense DARPA network, explained, “On average, the malicious code, viruses, bots, worms and exploits that try to penetrate [our networks] rely on 125 lines of code.” Flame is comprised of more than 7,000 times that.

When a security vendor gets a hold of a malware sample, it generally takes a matter of hours--or even minutes--to reverse-engineer it, figure out what it does and how it does it, and develop a signature to detect the threat and protect systems against it. Fully deconstructing and analyzing Flame could take months, or even years.

Read more »

Is Siri Spying On You?

Charles Ripley , BrandPost

Using Siri is like having a know-it-all friend you can carry around in your pocket. But, you might need to be concerned with what this “friend” knows about you or how it might use that information behind your back.

The virtual personal assistant feature of Apple’s iPhone 4S enables you to interact conversationally with the smartphone. Just watch some of the recent commercials featuring Samuel L. Jackson, Zooey Deschanel, or John Malkovich for examples of the sort of banter Siri is capable of.

To facilitate and improve the functionality of Siri, though, Apple retains the queries for some undefined period of time. For some--like IBM which has banned the use of Siri--Apple’s handling of Siri data represents potential security and privacy concerns.

Read more »

Google Alerts Users 'Your Computer Appears To Be Infected'

Charles Ripley , BrandPost

Google launched a new awareness campaign to alert users whose PCs may be compromised with the “DNSChanger” malware. The DNS servers used by the malware will be shut down soon, and infected computers will no longer be able to communicate with the Web, so Google is doing its part to help users clean up and point their PCs to legitimate DNS servers.

In November of last year the United States FBI—in cooperation with Estonian law enforcement—tracked down and arrested the group behind the DNSChanger malware. With millions of infected systems around the world relying on the malicious DNSChanger DNS servers, the FBI chose to continue hosting them as legitimate DNS servers.

However, the FBI isn’t in the business of acting as an Internet Service Provider or DNS host, so as of July 9 the DNSChanger servers will be shut down. There are an estimated 500,000 systems still using those servers for DNS, and those PCs will no longer be able to reach the Web once the FBI pulls the plug.

Read more »

Microsoft Says Farewell to 'Aero' Interface

Microsoft announced that it is doing away with the “Aero” user interface that has been a trademark of Windows Vista and Windows 7. Windows 8 will instead move to embrace the new “Metro” user interface.

Windows 8 is developed from the ground up for a touchscreen experience. The Metro UI is familiar from the Windows Phone mobile operating system, and is particularly well-suited to touchscreen devices like array of Windows 8 tablets expected to debut later this year after the Windows 8 OS hits the street.

Microsoft introduced the Aero interface with the launch of Windows Vista in 2006. An exhaustive blog post from Microsoft explains, “These stylistic elements represented the design sensibilities of the time, reflecting the capabilities of the brand-new digital tools used to create and render them.”

Read more »

Why 'Do Not Track' Is a Double-Edged Sword

Twitter has finally caved to peer pressure and announced plans to jump on the “Do Not Track” bandwagon. While privacy advocates, and those creeped out by the thought of Twitter--or any other entity--monitoring online activity may breathe a sigh of relief, “Do Not Track” is far from perfect, and the tracking is not completely without value.

“Do Not Track” is actually implemented at the browser level, but it’s up to the sites and services doing the tracking--like Twitter--to recognize and honor the flag indicating that a user chooses not to be tracked. It’s one of the fatal flaws of “Do Not Track” as a privacy solution that unethical sites can simply ignore the flag and continue tracking your activity regardless of how your browser is configured.

Even when it works “Do Not Track” is not a very eloquent solution. It’s an opt-out approach that assumes up front that tracking is OK. It puts the burden on individuals to be aware that the tracking is occurring, understand where the controls are to enable “Do Not Track”, and make the effort to flip the switch to opt out of having their personal online activity monitored. It would make more sense to only track those who choose to opt-in to such a system.

Read more »

Pinterest Under Siege By Scammers

Charles Ripley , BrandPost

Have you joined the Pinterest revolution yet? Pinterest is the new hottest thing on the social networking scene. It’s so hot that it has drawn the attention of scammers and malware developers--offering fertile ground for finding unwary victims.

Pinterest is a virtual pinboard. It is essentially a means of categorizing and bookmarking visually. When in a traditional Web browser, you might bookmark a really cool classic car, or a recipe for a drink that sounds delicious, with Pinterest you “pin” thumbnail images of the things you like.

Pinterest is also a social network. You can search the various pins and pinboards across all of Pinterest, or follow other users’ pins like friends, family, or just people who seem to pin a lot of things you find interesting.

Read more »

Use the Facebook Privacy Controls You Have

Charles Ripley , BrandPost

One of the biggest issues people have with social networks is how or where their personal information is being shared. Updates to the Facebook privacy policy have some privacy advocates up in arms--perhaps for good reason. But, the irony is that many people who claim to be concerned about personal privacy don’t even use the controls at their disposal.

At the heart of the current debate are changes that Facebook has made in the interest of full disclosure ahead of its upcoming IPO. Some of the changes seem to suggest that Facebook could venture into a broader advertising network that extends beyond just Facebook. In that case, some information posted within Facebook could be shared outside of the social network on ads on third-party sites.

If you’ve ever used a tool like the Outlook Social Connector, though, you know that many people are inadvertently exposing a wide variety of personal information to the general public. The Outlook Social Connector links to Facebook and other social networks to integrate information about your contacts and display it in Outlook. Often, you are able to view status updates and personal information from people who aren’t even in your social network because their data is open to the public.

Read more »