davidrickard.net

Random stuff, randomly updated.

Archive for the ‘Security’ Category

Tiny, but powerful

Saturday, May 2nd, 2009

As you can see from the widget on the right, I’m using Twitter these days to spout all sorts of random nonsense. Twitter is a wonderful thing, and I’ve found it useful, and quite entertaining.

Thing is, I see something of a major flaw with it, and it extends outside of Twitter. Due to the fact ‘tweets’ have to be 140 characters long, if you want to post a URL (link) to something, people will often shorten them using one of the many services such as TinyUrl, Tr.im, Bit.ly, or Is.gd. The end result being that your original URL, turns from this:

http://news.bbc.co.uk/1/hi/technology/8026736.stm

to this:

http://bit.ly/8kx1o

We now have a considerably shorter URL to post, which saves a lot of space in the tweet.

My problem with it, is that the URL could link to anything! In this instance, it does link to the article above. But it could go anywhere! Any how else would I know until I click it.

TinyURL thought of that particular problem and introduced a preview feature, so the URL http://preview.tinyurl.com/cakpdn actually takes you to a TinyURL page which tells you where the link goes to. You can turn on a cookie to always make it go there, then you choose to click through if you trust the domain. But not all the providers do that. Bit.ly don’t seem to and besides, it relies on the person posting the link using the preview URL, or the person visiting the link having the cookie enabled, both of which rarely happen.

We also end up with URL blindness, and people will just click on them regardless, and end up at a plethora of sites. Most of the links I see go past in my Twitter feed are shortened somehow, and without the context of the tweet are mostly meaningless. How long before they are accepted entirely, and start appearing in Phishing emails and the like? We could end up with shortened URLs firing people off to all sorts of sites.

There have been suggestions by some for the domains hosting the content to provide their own URLs. Personally, I think this is by far the best method, as it means you can instantly see which domain the link goes to and know with a better level of certainty that you’re going to end up where you expect to. Trouble is, it relies on the domain owners implementing something themselves, which they might be reluctant to do, seeing services like twitter as a flash in the pan (I don’t think it is).

A short-term solution might be for the short-URL providers to send short URLs to a landing page, so you can see where the link goes, and if it is malicious or not what it said, flag it as such (although they could be open to abuse as well).

It’s a tricky subject really. Just click carefully!

Posted in Computers, Intarweb, Links, Rant, Security | 1 Comment »

There’s good and bad to doing this

Tuesday, February 24th, 2009

BBC NEWS | Technology | Online child abuse images warning.

How’s this for a double-edged sword. I agree with it in terms of blocking access to these ‘child abuse’ images. Nobody needs access to things like that.

Then again, what next? The IWF could start adding other ‘bad’ websites that are covered by UK law. Then they start adding other things deemed ‘inappropriate’ and before long, they’re blocking stuff left and right. Suddenly the internet (at least in the UK) has lost its impartiality and free speech. Meanwhile, those who want access to the bad stuff they blocked in the first place have found ways around it, and aren’t affected anyway.

I don’t think it’ll be long before we see a totally regulated, tiered internet. Suddenly all the value of the internet is gone.

Maybe the better option is a concerted international effort to stamp out the people producing these bad images in the first place. There’s been a lot of progress on that front, but many of these people are off hiding in countries that either have no laws against it, or don’t care, so there’s nothing that can be done.

Eventually these sick people get brought to justice – and as usual the people who had no involvement suffer in some way.

Posted in Computers, Intarweb, Links, Security | Comments Off

NEWSFLASH: It’s a SCAM!

Saturday, January 17th, 2009

Postman loses £130,000 savings to Nigerian internet scam after being duped by a friend he met on MySpace | Mail Online.

Leamington man loses $150,000 in Nigerian scam.

How are people STILL falling for these scams? There’s plenty of publicity about it, in print and on the TV, yet people still fall prey to them. I suppose it’s simple greed kicking in and overriding the truth. It’s like compulsive gambling – keep going, and eventually there’ll be a payout.

I suppose anybody reading this (all two of you) already know better than to go sending some random stranger all your money, all your friend’s money, and any other cash you can scrape together. It’s just amazing that to get so far in debt, these people actually end up doing ALL the things you shouldn’t do online.

Amazing, and quite sad for these people.

Oh, sorry about one of the links being the Daily Wail.

Posted in Computers, Intarweb, Links, Rant, Security | 1 Comment »

BBC NEWS | Technology | Card details stolen in web hack

Tuesday, June 10th, 2008

I had my credit AND debit cards cloned recently. The bank caught the credit card being cloned. They were tying to phone me all day, and automagically suspended the account. The debit card – I noticed that when I was about £800 down on my current account. That was eventually refunded.

Now I know how it happened.

At the time, I had my suspicions about where it could’ve been, but I put it down to possibly untrustworthy staff stealing information off their systems. Apparently not. It was probably hacked, sold, and then used elsewhere.

BBC NEWS | Technology | Card details stolen in web hack

Damnit all.

Posted in Computers, Links, Rant, Security | Comments Off

How to not get spyware

Thursday, August 2nd, 2007

This is really simple – anybody can do it, and it’s pretty reliable.

  1. Don’t browse porn sites.
  2. Don’t run executables from unknown sites (usually porn sites).

You’ll find most spyware (and to a less extent, viruses) people end up with on their computers, come from porn sites. The ‘average user’ doesn’t tend to go browsing download sites and downloading massive amounts of files, such as shareware utilities and the like, so the common ‘attack vector’ (to use a security term) is through the web browser. I don’t think you could even blame any particular browsers, as these installers are usually executables that have to be downloaded and run.

So how can you spot them? Well, you’ll often find sites advertising free porn, or in some cases, porn you can pay for via your phoneline. To get to the porn, they’ll make you download a small program (a dialler) to run. This will usually install itself and allow access to something, but at the same time go and download a load of other junk and install it in the background. Before long, the PC is riddled with rubbish, and you’re barely able to use it.

So there you go! Simple stuff really!

Posted in Computers, General, Security | Comments Off

Potentially Unwanted?

Friday, June 16th, 2006

I like new, shiny, wonderful things. The nice folks at Sophos released their latest version of their main antivirus software called, unsurprisingly, Sophos Antivirus!

Sophos Antivirus 6 forms part of a suite of applications now called Sophos Endpoint Security. It includes the Sophos Antivirus software (SAV), as well as a firewall and back-end management software called Enterprise Console, and an update mechanism called Enterprise Library.

SAV has always had excellent virus detection built in. Sophos have developed on this by now including spyware detection and removal, or what they call ‘Potentially Unwanted Applications’ (PUAs). The new moniker for such uninvited malware came due to some litigation by some companies who objected to their software being classed as Spyware. Sophos have played it safe by giving it a somewhat ambiguous name. A wise move perhaps, although it does dilute the meaning of the feature somewhat.

Even so, I recently upgraded an existing installation of Sophos to the newer versions. SAV 6 luckily will upgrade happily from existing SAV 5.5 installs, so it’s an evolutionary process, rather than revolutionary. Having just pushed around SAV 5.x I didn’t relish in having to do it all again for version 6.

I enabled the new PUA support, and did a full scan. I tried it on my PC at work first and found a couple of things; a registry editor tool (a 3rd party freeware tool, part of the BartPE disk), and SuperScan 4. Both are counted as being ‘potentially unwated’ as they can be used to perform malicious tasks. SAV 6 allows you to enter exceptions, so I could pull these apps back out of Quarantine and add them to the ‘allowed’ list, so SAV won’t catch them in future. A nice feature!

This evening I switched on my home PC, and it too upgraded. It found a virus hiding in the system restore folder – quite how they get in there I don’t know – and SuperScan 4. It carried on scanning and then said it found Hotbar! I was shocked and a little surprised, to say the least! On closer inspection, I found it had located it in an installer file for eMule! I was most impressed. Not only can it find running, and installed malware, but also locate it hiding in files ready to be installed! I had experienced a similar response from another installer whilst trying to purposely infect a PC with spyware.

So far, I’m quite impressed. Hopefully it’ll carry on impressing me. Only time will tell, but first impressions are good.

Posted in Computers, Security | Comments Off

Key to my Hard Drive

Saturday, June 10th, 2006

Here’s something I’d honestly not considered. An interesting read on Engadget (I found it on Digg) about some people planting trojans on thumb drives and leaving them around. People plug them in, it runs, sucks data off the PC, et voila, free information for the hacker!

It’s not something I’d considered mainly because I’ve never actually ‘found’ a thumb drive laying about. I’ve had them given to me after they’ve been handed in to lost property (they really were lost) but I think in future I’ll be watching where I plug stuff in. It’s easy to get blasé about such things when you have all the antivrus and patches you think you could ever need. Even people like me who “should know better” get caught out now and then!

Posted in Computers, Security | Comments Off

So long 98

Friday, June 9th, 2006

It appears Microsoft are going to pull the plug on Windows 98 support earlier than originally anticipated. I’m somehow not surprised; sureless MS has been holding back a group of developers to sit around and fix code in ’98, developers who could be doing much more useful work elsewhere (such as in Vista!).

Personally, I think it’s about time. Windows 98 is old and clunky. I haven’t used it properly in ages. I daresay there’s going to be a lot of people out there still using it in some capacity. Most of those using it will probably be doing so for ‘legacy’ reasons. There’s going to be a significant number of businesses with legacy applications burbling along which do some arcane task and nobody has yet gotten it to run on XP, or they haven’t seen the point if it’s due to be phased out anyway.

There’s going to be a group of home users in the same position – they apply the ‘aint broke, don’t fix’ mentality to it, which is perfectly valid. Many people will be happily plodding along doing their odd bit of web surfing and emailing. There’s a workaround solution for those people; use a different browser. As long as they are firewalled and running up-to-date anti-virus software, they should in theory be OK. True, if something does still sneak onto the system it could compromise it, but then again that usually applies regardless of how recent your patches are.

Of course, ultimately the best option is to just upgrade completely. It’s always nice to have new toys anyway!

Posted in Computers, Security | Comments Off

Hoax?

Sunday, September 18th, 2005

I was shown this today. Apparently it’s circulating in an email:

if meltdown@hotmail.com adds you to your MSN Contacts, DO NOT add it because it’s a virus. Tell everyone on your contacts because if somebody on your list accepts it then you get the virus too(copy and paste this into a new message because some people do not read forwards!)Don’t just forward it

I’ve found reference to it via Google here, but otherwise nothing special so far. It looks 99% likely to be a hoax though.

It amazes me how people see these things, and blindly send them on. I see quite a few things like this, and Sophos publish the latest hoaxes on their site here. I think by far the most worrying thing about it, is that when I tell people it’s a hoax, it’s either ignored, or treated with the same level of contempt as if I had just insulted their entire family.

People’s attitudes to such things are slowly changing. Some people don’t forward anything like this. I don’t tend to forward any sort of chain mail or other rubbish, unless I’m certain its of some worth, or the recipient will get something out of it. Otherwise I’m just wasting my time, their time, and the bandwidth inbetween.

Of course, the last thing I want to see is the entire internet community reaching for their tinfoil hats every time they read their mail, but by the same token I think people could try using some reasoning with these things. What a lot of people don’t realise is that these sort of ‘social engineering’ viruses are spreading because people are genuinely scared of what a virus can do. It’s good to be worried, but still apply some common sense to it.

Lets look at the message again. The message asks you not to add a certain user. Fair enough. It then says to send it to ‘everyone on your contacts list’. So this message gets sent to ten friends, which gets sent to ten friends (10×10) which gets sent to ten friends (10x10x10). Before long, it’s turned into a few billion emails, its wasting bandwidth and people’s time, and its having exactly the same affect as a virus that crashes a PC or steals information. And all with just two badly written sentences.

No flashy code or Windows vulnerability required. Just one paranoid user.

Posted in Intarweb, Security | Comments Off