CompuBlab

If it's computer related, we'll blab about it!

Author: Peter Lee Page 6 of 7

Hacked Twitter Account Announces (falsely) that Obama is Assassinated

By

On July 4, 2011

In Off Topic, Translated Tech News

I just wanted to get this out to all of our readers in case you noticed this today. Reuters is reporting that this morning, the twitter account of the Fox News Politics team was hacked/compromised/broken into, and that the perpetrators were sending false “tweets” out such as:

“#ObamaDead, it’s a sad 4th of July. RT to support the late president’s family, and RIP. The shooter will be found”.

If you saw such messages…know that they are false.

There is much to be said about protecting one’s account passwords, but I find it sad that such a message would be sent by those who gained access to the account. While I know that there are laws that can imprison persons threatening the life of the President, I don’t believe there are laws in place that can imprison those who falsely announce the President’s death. However, I have the sneaking suspicion that the government attorneys might just find a way to argue that declaring his death is somehow akin to threatening the President…which would mean that those responsible just might have something to worry about.

In any event, it is my personal opinion that these hackers have no sense of style. You mean to tell me that they break into the Fox News Political team’s twitter account and THAT’s the best they can do?

Ah well…

Happy 4th of July!

By

On July 4, 2011

In Off Topic

Happy 4th of July! Thank a vet! Say a prayer! Read the Constitution! Most of all, teach your children! Have a great and safe day!

Patient Records Online – A Really BAD Idea

By

On June 28, 2011

In Privacy

Today I read in the British publication The Telegraph that a London hospital is making plans to move patient records “into the cloud” (which is to say, they wish to make the patient’s records available online). You can click here to see the Telegraph Article

Folks, this is as BAD an idea as I have seen since it was proposed that presidential elections in the United States should use online voting!

Why is this a bad idea? I can spell it out for you in one word: Security (as in “the lack of”).

If you have followed the news at all this year, the number of so-called “secure” systems whose data have been compromised is astounding:

And the list just keeps going on and on…

Folks, I’m going to give it to you straight. I am a computer scientist who holds both a Bachelors and a Master’s Degree in computer science and has over thirty years in the profession…and I will tell you that in the final analysis, your data online IS NOT SECURE!

Encryption, the scrambling of data that so many online databases tout as protecting your data, can be broken (and has been broken time and time again). Multiple method user identification (like the RSA Secure ID device) has been broken as well (see above). SSL certificates, the things that let you log into a website “securely” for things like online banking or making purchases, have been “forged” in the past. Passwords most certainly are not secure (so many can be simply “guessed” with just a little information about the account holder), and this is before we even BEGIN to factor in:

  • Unscrupulous employees of the companies that are supposed to be protecting your data (a.k.a. “inside jobs”)
  • Social Engineering – a con method of getting someone to reveal key information about their account so that a hacker can compromise their data
  • Human error where data is exposed to the public by programmer or administrative error rather than by being “hacked”

Given the list above (and this is just some of the more largely publicized break-ins), I don’t think you need to take my word for it. Read those articles and do some searching for yourself online. If your data online was that secure, then why are there so many break-ins being experienced by these so-called “secure” computer systems?

Now bringing it back to patient records online, Tony Lucas, the founder of Flexiant, the company that is putting all of this together, is either misinformed or just plain lying. Again I direct you to the list of compromised systems above. There are techniques that can help secure your data against amateurs trying to gain access to it, but in the face of determined system crackers, the evidence is overwhelmingly against him that your information is actually secure.

Most distressing to me is that Mr. Lucas is making noise about this information being available via mobile phones…a technology that to date has still not demonstrated that it can be safe from malware.

When it comes to the computer security techniques employed today, I like to use the analogy of someone who wants to steal your car. Do you lock your car doors? I know I do. Do I think that it 100% protects my car from theft? Of course not! If someone really wants my car…there are ways to get it. Same thing with car alarms. Do you think that just because you put an alarm system on your car that no one is capable of stealing it? For me, the answer is “of course not.”

The goal of many protection systems on a vehicle (such as locking the doors or installing an alarm system) is to prevent the mischievous kid, the amateur, or the opportunist from stealing your car. I think most people are aware of the fact that if a professional car thief wants your car, they ARE going to get it.

And so it is with computer security.

We use encryption, secure IDs, SSL certificates and passwords to protect our data against the amateurs, the opportunists, etc. If a “professional” wants to steal our data…their odds of getting it are pretty good.

With the state of security being what it is, do YOU feel good about having YOUR medical records placed online? The potential for abuse is enormous, and the protection that these companies are offering up for your data is by no means air-tight.

Please keep all of this in mind the next time someone offers to put your medical records online, or to have voting for the next President of the United States handled online.

Warrantless GPS Tracking

By

On June 28, 2011

In Legal, Privacy

Is it legal for law enforcement officers to track your location via GPS without a court order? By agreeing to hear the case of Antoine Jones, a man from Washington who was convicted on drug-related charges in 2008, that is precisely the question that the US Supreme Court has will most likely have to answer.

You see, a lot of the case against Antoine Jones traces back to GPS tracking information that was obtained by placing a GPS tracker on Jone’s vehicle. Jone’s lawyer is claiming “foul” in that he asserts that attaching a GPS tracker to a suspect’s vehicle is much like tapping a suspect’s phone…and phone taps require a warrant from a judge. This is a perfect case of technology progressing beyond what the framers of the US Constitution ever imagined.

As you may know, the Fourth Amendment protects individuals against unlawful search and seizure. One instance of this protection is seen in  “phone taps” or “wire taps,” which require a warrant from a judge before they may be performed. A judge’s job is to ensure that law enforcement officers are requesting the phone tap because they have a reasonable suspicion of wrong doing…and not for any other reason (well, the REAL definition of this is a bit more specific, but I am generalizing here for the sake of brevity).

Well, Jone’s lawyer is asserting that GPS information tracking should be held in the same regard as phone conversations. Namely, that such information is private, and that only by the granting of a judge’s warrant should such tracking be allowed under the Fourth Amendment.

How the court rules on this issue is likely to impact all of us. At stake is personal privacy versus the ability of Law Enforcement Officials  to be able to gather evidence against suspects.

My personal take (which is to say, my opinion only):

I personally believe that GPS tracking SHOULD require a judge’s warrant. I don’t believe that anyone should be allowed to “track” anyone else without their knowledge unless a judge has been convinced that there is probable cause of wrong doing. To me, the “secret” tracking of someone via a GPS tracker is akin to “stalking” a person…an action for which there are laws already in place for the public’s protection.

I should also point out that while this is my opinion, I also think that there is a problem with our legal system regarding the improper gathering of evidence. For example, if an officer gathers evidence in a manner where the authenticity of the evidence is not in question, but the legality of the evidence IS in question, then I think that the evidence should stand (that is, I think it should be able to be used against the defendant). An example would be where an office discovers a dead body in a suspect’s closet moments before a search warrant arrives. There is no disputing that there is a dead body on the suspect’s closet. Unless there is some question of somehow the body being planted in the closet, I think the evidence should stand and that the officer should receive appropriate consequences for his or her actions.

Again, just my two cents…

So keep an eye on this issue in the news. I certainly will be watching it.

References:

Been Busy!

By

On June 27, 2011

In Off Topic

Greetings all!

Sorry there has been a slight delay in posting here. Personal life has gotten just a tad busy.

This past weekend I participated in “Field Day,” a single day in the US where all amateur radio operators go out into the field and operate on portable power for 24-hrs. It is a chance for amateur radio operators to practice their emergency communications skills in a fun way. I made some new friends and enjoyed helping out.

Anyway, back to the compu-stuff…

I have been watching the technical news over the last few weeks, and when I started this blog I expected to be talking about computers and related technology. However, now I find that dominating the news seems to be two recurring themes:

  1. Mobile Devices
  2. Security Breeches/Hacking

Sadly, part of the news dominating the Mobile Devices topic is lawsuit after lawsuit of one mobile technologies company to another. This is evidence of our horribly broken patent system in the United States, and is also an indicator as to why mobile technology prices in the United States are so much higher than they have to be. In the end, I think the only ones that are winning in this battle are the lawyers…but that’s for another post (or several).

Security breeches have been on the rise, and two world-wide hacking groups (anonymous and LulzSec…you can think of them as two teams in the game) have been garnering a lot of press.

I’ll have something to say about these topics in the very near future.

Thanks for tuning in..more to come shortly…

Non-Admin Logins

By

On June 22, 2011

In Computer Security

If you’ve read the news at all lately, you are no doubt aware that computing hackers and “malware” (software that does malicious things to your computer or your data) is very much on the rise. As such, I thought I would comment on a computer setup technique that is very simple to implement, yet stops a large number of malicious software programs before they even get started.

This technique involves setting up a “non-administrator” login account. This technique is especially important to users of Microsoft’s Windows XP operating system…but it applies to ANY operating system.

Whenever you access a modern operating system (such as Windows, Max OS, Linux, etc.), you typically have to “log in” to the system using a user name and password. While some operating systems can make it look like you are bypassing this step (such as some configurations of Windows XP), the fact is that you really are NOT bypassing the log in phase. What is occurring is that the operating system is logging you in “automatically” to a specific “default” login account.

Login accounts serve many purposes, one of which is to be able to assign permissions to the user of that account. Permissions are used to limit what actions a given user is capable of performing. For example, you would NOT want just any old user of your computer to be able to format the main hard disk, causing you to lose all of the data on that drive. Some people might format the disk maliciously…others might do it accidentally. To prevent this, only highly trusted users have their login accounts granted the permission to perform such a potentially dangerous action.

The thing that is important to note here is that some operating systems (Windows XP was one of them) used to set up your log in account for you during installation…and always set up the account as an Administrator (an administrator account is one that typically is allowed to do ANYTHING on the system). When it comes to malware…running in an Administrator account is a death sentence!

You see, malicious software typically needs to install itself somehow onto your computer in such a way that it will be activated each and every time your computer is turned on. To do this, it needs access to parts of the system that non-administrator logins usually are not allowed to access. Since malware first runs under the account that is logged in at the time if first arrives on your computer, if you are logged in as an administrator, the malware has no trouble at all installing itself into the deep recesses of your computer. However, if after you set your computer up you were to create a “non-administrator” login account…and if you always used THAT account for your every day activities, then malware would have a MUCH harder time trying to install itself into the operating system.

Now, there are some really “hard-core” malware programs out there that can take advantage of flaws in your operating system or other related software and install themselves even from a non-administrator login account. However, by using this one setup technique, you eliminate a LARGE precentage of the malware floating around on the internet from being able to trouble you.

Since each operating system has its own method for setting up login accounts, I can’t give you a step-by-step description on how to do that. You will need to read the manual (always a measure of last resort!) or else get assistance from a computer savvy friend or family member that you trust.

If you already have a non-administrator account that you use on your computer for every day tasks, then good for you! If not, make it a goal this week to set up (or have set up on your behalf) a non-administrator account and then USE THAT ACCOUNT for your day-to-day activities. The headache you avoid may just be your own!

Social Networking and Birthdates

By

On June 20, 2011

In Computer Security

We all have heard about the dangers of identity theft. There have even been some clever commercials about it on the television. But when the “bad guys” get a hold of enough information to impersonate you to the point where they can establish credit in your name, you are in for a world of hurt. The amount of time and effort that you must spend to clean things up, not to mention the damage to your reputation and the pain of clearing your credit rating, can be enough to give you a major migraine headache.

But did you know that those who are listing their birthdates on social networking sites (or any other site for that matter) are taking a risk with their identity?

The information that an identity thief needs to steal your identity is:

  1. Your name
  2. Your Birthdate
  3. Your Social Security Number

The name is pretty much a given. It can be taken from lots of places. The social security number is something most of us by now have heard that we need to protect with great vigor. But what about your birthdate?

Well, beyond the fact that it is one of the three pieces of information that an identity thief needs to steal your identity, it was reported two years ago that it is possible to “guess” your social security number with a surprisingly high degree of accuracy given only your birthdate, the state of your birth, and publicly available data.

Research at Carnagie Mellon University in 2009 ( Click here for SSN Prediction Article) showed that by using your name, birthdate, state of birth, and publicly available data, they could predict the first 5 digits of your social security number with 60% accuracy in only two tries! And with less than 1,000 attempts, 8.5 percent of people’s complete social security number could be accurately guessed.

Of course you may be saying, “so if it takes 1,000 attempts to get my SSN correct, what have I to worry about?” Well, it turns out plenty. You see, the “bad guys” can create programs to query credit card systems to apply for a credit card. They can try different combinations of name, social security number, etc. over and over again until they get the right one. Thus, needing only 1,000 tries is not that big of a deal to them.

Now also keep in mind that this research was performed TWO YEARS AGO! I have no doubt that statistical methods, as well as the data contained in online public databases has only increased the accuracy of such predictions.

Now consider the millions of people who use social networking tools such as facebook who proudly post personal information such as their home state, their birthdate, etc., and you begin to see the potential for abuse of this information. An additional problem with birthdates is that there are so manly public databases that contain this information that the persistent “bad guy” could probably find your birthdate without much trouble. But why would you want to make it easy for them?

With regards to social networking sites, there are a growing number of people who now give false birthdates so as not to divulge that information so publicly. However, whether or not you want to make it easy on the “bad guys” by posting it on your facebook profile is up to you. The purpose of this post is to simply make you aware of the potential danger, however slight you may feel that it is, so that you can make an informed decision.

Until next time…think before you post!

 

Bill to Legalize Online Poker

By

On June 20, 2011

In Legal

With an economy crumbling, wars and rumors of wars all around us, terrorism running rampant, and troops in harm’s way on foreign soil, where do some of our elected officials get the time to propose bills to legalize online gambling? But that’s just where Rep Joe Barton (Texas) has been spending some of his time (Click here for full article).

How sad that with the nearly limitless possibilities of good that could be accomplished by applying technology to modern day problems, some of our elected congressmen are more worried about how technology gets applied to gambling than to how it gets applied to educating the many people in this country who cannot read. Even though I oppose gambling on many grounds, I do subscribe to the idea that people need to be allowed to make choices for themselves. But even so, there needs to be a sense of priority here…and I truly cannot fathom how Mr. Barton can justify spending his time in such a pursuit with the myriad of critical issues before our current congress.

Technology introduces a number of “gray areas” and “new interpretations” into our legal system whose laws were never designed to take into account some of what technology provides us today. Posts in this category will be designed to help inform you as to what some of those issues are so that you can have more information to help you make your own decisions.

I’ll post more on this subject at a later time…l

Happy Father’s Day!

By

On June 19, 2011

In Off Topic

A big “Happy Father’s Day” to all those Dad’s out there!

IBM Turns 100

By

On June 18, 2011

In Translated Tech News

If you think about it for just a moment or two, you’ll realize the difficulty in a technology company staying relevant for 100 years given the rate and diversity of technological advancement during that time. Well, IBM has done just that.

Of course, IBM is a totally different company today than when they started out 100 years ago as the Computing-Tabulating-Recording Company in 1911. It wasn’t until 1924 that it changed its name to IBM (which computer folks used to refer too as “itty bitty machines”).

So here is a salute to IBM for managing a feat of epic proportions in this day of constant technological change.

 

Click here for PC Magazine’s write-up with more details on 100 years of IBM.

Page 6 of 7

← Previous

Next →

Categories

Posts Archives

Consumer Protection

Education

Hardware

News - General

News - Legal

News - Tech

Reference

Software

Access

Sponsors

Powered by WordPress & Theme by Anders Norén