Tag: security

Leica by Joe WilcoxJan 23, 20219:32 pm

Don’t Be Typosquatted

In early September 2014, I bought my wife the Singer Heavy Duty 4432 Sewing Machine from Amazon for $99.99. Annie had hoped to make some of her own clothes—something she had long aspired to do. Perhaps if we lived in a larger apartment, she would have achieved her dream; setting up and using the Singer—portable as the thing is—required more space than we could spare.

Fast-forward to late-December 2020. Annie saw a post on Nextdoor from someone looking to buy a sewing machine. Budget: $100. Seeing as the 4432 had never been used, other than to make sure it operated, Amazon’s current price was $209.99, and the manufacturer’s $289.99, $100 would be a deal. Annie responded, and the woman, who we’ll call Grace, agreed to buy the Singer, which would come with extra sewing doodads.

Web by Joe WilcoxJul 24, 20185:17 pm

Locked and Loaded for Your Browsing Pleasure

Late yesterday, this site underwent a minor, but significant, alteration. An account executive for my webhost sent email reminding about something already known: That today, Google would start aggressively designating sites secure or not secure, depending on whether they used https or http, respectively. The former is encrypted, and presumably safer to engage.

For many months, I had strongly considered moving to another host—not for dissatisfaction but to get more benefits while spending as much, or even a little less. But, as I have learned from painful past experience, migrating WordPress installations can go badly. Why take the risk, when everything works just fine? The account executive and I chatted about a pay-yearly discount (my preferred arrangement) to stay put and also purchase of a SSL certificate for encrypting the site. We reached an agreement.

Web by Joe WilcoxAug 6, 20175:09 pm

Why Are There So Many Failed Login Attempts Against My Blog?

This website is nothing special. I write about things that interest me, but with others in mind—particularly about topics journalism and technology. There is nothing of value to steal here. The site doesn’t generate enough traffic to warrant planting malware, and there is no advertising; I never intend there to be. This blog should be a low-value hacker target, particularly since I use unique passwords everywhere; compromise here won’t open my other accounts. I suppose a criminal could break in with the intention of dropping a payload, such as keylogger, on my one computer. But, honestly, I am a low-value target, too. I ain’t wealthy, nor do I work for a company with massive assets to steal. So, why, then are there so many failed login attempts by presumed hackers?

I pose the question to anyone with more security expertise than me. Your response could help other people, too.

Society by Joe WilcoxSep 26, 20168:32 am

I’m Mad! Some Dude is using My Gmail to open Dating and Deal Site Accounts!

Question: “When is stupidity fraud?” I ask because someone is using my gmail address to sign up for a humungous number of newsletters and websites. At first, I presumed someone trolled me. But that no longer appears to be the case. This guy, presumably living in North Carolina, either uses my address randomly to hide his identity, or he mistypes one that is similar. Given many of the services are for an unidentified widower looking for love, I assume the latter.

Behind my question are real concerns about identity and privacy that do not just apply to me. The email address gives me the ability to change the passwords and even cancel accounts—both of which I have done, treating his misuse of my email address as identity theft and violations of my privacy; after years of careful cultivation that reduced spam, crap is on the rise as this misuse spreads my gmail identity across dating and discount sites and sex webcams. Who knows on what mailing lists it will appear next. But over the past 24 hours, the amount of spam offers, like being paid to take surveys, exploded. The email address may be permanently ruined for personal and professional purposes.

Apple by Joe WilcoxFeb 25, 20165:48 pm

The Rally Against FBIOS Begins

Microsoft will join Apple against the FBI and U.S. Justice Department, filing a friend-of-court—amicus brief—in a case going to court tomorrow. The government wants Apple to create a special version of iOS, referred to by critics as FBIOS, to break an iPhone 5c security features. The device manufacturer argues that compliance would set a precedent that would give law enforcement carte blanche with other mobile devices.

Brad Smith, Microsoft’s chief legal counsel, says the company “wholeheartedly supports Apple”—a statement the eradicates any potential confusion caused by cofounder Bill Gates. In an interview with Financial Times two days ago, Gates supported the government’s demands. I responded, calling his position a “catastrophic occurrence that demands current chief executive Satya Nadella’s official response. There needs to be clear policy about government backdoors and the position with respect to the San Bernardino shooting iPhone”. The company’s position is now unequivocally clear—presuming the legal filing fits with “wholeheartedly”.

Smith publicly disclosed Microsoft’s plans during testimony before the House Judiciary Committee today.

Apple by Joe WilcoxFeb 24, 201612:21 am

Bill Gates’ Backdoor Policy

I see something disingenuous about Microsoft cofounder Bill Gates supporting the government’s demands that Apple selectively unlock an iPhone used by one of the San Bernardino, Calif. shooters. The former CEO turned philanthropist spoke to the Financial times in an interview posted today. The implications for Microsoft cannot be overstated, and the company’s current chief executive should state corporate policy.

Gates’ position aligns with the government’s: That this case is specific, and isolated, and that the demand would merely provide “access to information”. Here’s the thing: The interviewer asks Gates if he supports tech companies providing backdoors to their smartphones. The technologist deflects: “Nobody’s talking about a backdoor”. Media consultants teach publicly-facing officials to offer non-answers exactly like this one. The answer defines the narrative, not the interviewer’s question.

Web by Joe WilcoxAug 15, 20154:20 pm

I Don’t Trust Travelocity, Should You?

On June 29, 2015, I received email from Travelocity thanking me for creating an account. I did no such thing—or, wait, did I have an account already? Sure enough, I set up one in 2006, according to my archived emails. Why this notification now? I wrongly assumed the thank-you message was a mistake, or even a marketing ploy, to get me to sign into the account. But who remembers a password from 9 years ago? So I clicked the forgot password link and had a new one sent.

I wouldn’t understand until later that someone in Florida created a new account using my email address. But Travelocity never sent confirmation to verify that the email address was valid or belonged to the person who signed up for the service. As such, by resetting the password, I had access to someone else’s account, which, fortunately, contained no personal information (like credit card numbers). But I didn’t understand this circumstance until later, when, in a routine check of my online accounts. I discovered an itinerary for a hotel stay that had just passed.

Web by Joe WilcoxFeb 15, 20144:31 pm

Kickstarter Hacked, Damnit!

In June I opened a Kickstarter account intending to crowdfund a book. I chose Indiegogo instead, and now regret considering the other. As you can see from the screen capture of the email I received […]

Web by Joe WilcoxFeb 14, 20143:21 pm

Now This is Security

I called GoDaddy today and got a welcome surprise. There’s a new policy for phone requests. If 2-factor security is enabled, the caller must give the six-digit code sent by text message to access the […]

Tech by Joe WilcoxFeb 1, 201411:28 am

@N is for Nagging Security Questions

Ars Technica’s security primer on the @N highjacking is a must-read. Excellent reporting, Lee Hutchinson.

But there are two things that bug me about the whole affair, and one really nags, and I haven’t seen it mentioned in the dozen different stories I took time to read.

Microsoft by Joe WilcoxAug 5, 20096:04 pm

Shop My Local Costco for Security Software—Not Much Else

How good is Windows’ security? Costco either doesn’t think much of it or perhaps wants customers to think more about it. Yesterday, while shopping at my local Costco, I was surprised to see that security was the biggest software category stocked. I mean really big.

Microsoft by Joe WilcoxJun 29, 20091:59 pm

Microsoft’s Shadow Ecosystem

There are many measures of success, and some are less desirable than others. Windows is the standard by which cybercriminals measure their wares—eh, malware. Their devotion to Windows is testament to Microsoft’s success. The company should just accept the feint praise for what it is.

Microsoft claims that Windows is more widely attacked by malware than, say, Mac OS X because of volume; many, many more people use Windows PCs than Macs. The claim is great PR, because it kind of makes sense and is unprovable without Macs gaining lots more marketshare. But on closer examination, the claim is pure BS. Microsoft security experts know so, or they’re delusional.