Tag: security

Read More

Why Are There So Many Failed Login Attempts Against My Blog?

This website is nothing special. I write about things that interest me, but with others in mind—particularly about topics journalism and technology. There is nothing of value to steal here. The site doesn’t generate enough traffic to warrant planting malware, and there is no advertising; I never intend there to be. This blog should be a low-value hacker target, particularly since I use unique passwords everywhere; compromise here won’t open my other accounts. I suppose a criminal could break in with the intention of dropping a payload, such as keylogger, on my one computer. But, honestly, I am a low-value target, too. I ain’t wealthy, nor do I work for a company with massive assets to steal. So, why, then are there so many failed login attempts by presumed hackers?

I pose the question to anyone with more security expertise than me. Your response could help other people, too. 

Read More

I’m Mad! Some Dude is using My Gmail to open Dating and Deal Site Accounts!

Question: “When is stupidity fraud?” I ask because someone is using my gmail address to sign up for a humungous number of newsletters and websites. At first, I presumed someone trolled me. But that no longer appears to be the case. This guy, presumably living in North Carolina, either uses my address randomly to hide his identity, or he mistypes one that is similar. Given many of the services are for an unidentified widower looking for love, I assume the latter.

Behind my question are real concerns about identity and privacy that do not just apply to me. The email address gives me the ability to change the passwords and even cancel accounts—both of which I have done, treating his misuse of my email address as identity theft and violations of my privacy; after years of careful cultivation that reduced spam, crap is on the rise as this misuse spreads my gmail identity across dating and discount sites and sex webcams. Who knows on what mailing lists it will appear next. But over the past 24 hours, the amount of spam offers, like being paid to take surveys, exploded. The email address may be permanently ruined for personal and professional purposes. 

Read More

The Rally Against FBIOS Begins

Microsoft will join Apple against the FBI and U.S. Justice Department, filing a friend-of-court—amicus brief—in a case going to court tomorrow. The government wants Apple to create a special version of iOS, referred to by critics as FBIOS, to break an iPhone 5c security features. The device manufacturer argues that compliance would set a precedent that would give law enforcement carte blanche with other mobile devices.

Brad Smith, Microsoft’s chief legal counsel, says the company “wholeheartedly supports Apple”—a statement the eradicates any potential confusion caused by cofounder Bill Gates. In an interview with Financial Times two days ago, Gates supported the government’s demands. I responded, calling his position a “catastrophic occurrence that demands current chief executive Satya Nadella’s official response. There needs to be clear policy about government backdoors and the position with respect to the San Bernardino shooting iPhone”. The company’s position is now unequivocally clear—presuming the legal filing fits with “wholeheartedly”.

Smith publicly disclosed Microsoft’s plans during testimony before the House Judiciary Committee today. 

Read More

Bill Gates’ Backdoor Policy

I see something disingenuous about Microsoft cofounder Bill Gates supporting the government’s demands that Apple selectively unlock an iPhone used by one of the San Bernardino, Calif. shooters. The former CEO turned philanthropist spoke to the Financial times in an interview posted today. The implications for Microsoft cannot be overstated, and the company’s current chief executive should state corporate policy.

Gates’ position aligns with the government’s: That this case is specific, and isolated, and that the demand would merely provide “access to information”. Here’s the thing: The interviewer asks Gates if he supports tech companies providing backdoors to their smartphones. The technologist deflects: “Nobody’s talking about a backdoor”. Media consultants teach publicly-facing officials to offer non-answers exactly like this one. The answer defines the narrative, not the interviewer’s question. 

Read More

I Don’t Trust Travelocity, Should You?

On June 29, 2015, I received email from Travelocity thanking me for creating an account. I did no such thing—or, wait, did I have an account already? Sure enough, I set up one in 2006, according to my archived emails. Why this notification now? I wrongly assumed the thank-you message was a mistake, or even a marketing ploy, to get me to sign into the account. But who remembers a password from 9 years ago? So I clicked the forgot password link and had a new one sent.

I wouldn’t understand until later that someone in Florida created a new account using my email address. But Travelocity never sent confirmation to verify that the email address was valid or belonged to the person who signed up for the service. As such, by resetting the password, I had access to someone else’s account, which, fortunately, contained no personal information (like credit card numbers). But I didn’t understand this circumstance until later, when, in a routine check of my online accounts. I discovered an itinerary for a hotel stay that had just passed. 

Read More

Microsoft’s Shadow Ecosystem

There are many measures of success, and some are less desirable than others. Windows is the standard by which cybercriminals measure their wares—eh, malware. Their devotion to Windows is testament to Microsoft’s success. The company should just accept the feint praise for what it is.

Microsoft claims that Windows is more widely attacked by malware than, say, Mac OS X because of volume; many, many more people use Windows PCs than Macs. The claim is great PR, because it kind of makes sense and is unprovable without Macs gaining lots more marketshare. But on closer examination, the claim is pure BS. Microsoft security experts know so, or they’re delusional.

Read More

You Phone Home, I Hang Up

Tonight, I removed Adobe’s Lightroom 1.3 from my computer. Maybe that makes me part of the so-called “tinfoil” hat crowd. I’m deeply concerned about Adobe collecting information, in apparently disguised fashion, from users of its products.

I don’t buy Adobe’s excuses. Creative Suite 3 isn’t freeware. People buying the software can pay as much as $1,800 (street price), depending on CS3 version. Adobe feels free to mine information from these customers, without even asking their permission? Shame on Adobe. I would remove Acrobat and Flash, if so many Websites didn’t use the software. I’m mad

Read More

Free Themes with a Hidden Cost

About 11 years ago, I registered aroostook.org, as it derives from the name of my home county, or “The County” as Mainers call it. I later let a good friend have the domain, which I long regretted.

It’s nothing to do with him; he’s a great friend. In retrospect, I could have put the domain to good use. Today, I looked over the WHOIS record, which indicates the domain record was created in 2002. Mmmm, 1996 is more like it. He must have let the domain expire at some point.