Religious sites are more dangerous than porn sites for getting malware.

We all have that one friend/relative/client who seems to get infected with some form of virus or malware every week and those of us who take on the task of cleaning up their PCs every time they do always tell the same joke: This wouldn’t happen if you’d stop visiting all those porn sites.

But it turns out that it’s actually religious sites that are the real malware threat. At least according to a report from the folks at Symantec:

The average number of threats found on religious sites was 115 mostly fake antivirus software. By contrast, pornographic sites had less than a quarter, at around 25 threats per site. Of course, the number of pornographic sites is vastly greater than religious sites.

According to Greg Day, Symantec’s security CTO for Europe, the Middle East and Africa, while trojans may seem more serious, “if you have installed fake AV you may think you are protected, when in reality you are open to all sorts of attacks.”

This does make a certain bit of sense when you think about it. A lot of religious websites are set up and maintained by church people with varying degrees of computer skills whereas most successful porn sites are run by people who know what they’re doing and how to secure their platforms. No one thinks the asshats who put malware out on the net are going to bother with some piddly-ass church site so there’s less concern about updating software or locking down server access even if the person running it has a clue how to do those things. From the hacker’s point of view, however, every PC infected is one more PC in the botnet that can send out spam/DDoS attacks/whatever. A lot of attempted hacks are automated with scripts these days so if it’s trivial to hack a site and install your malware it’s worth doing so even if it only nets you a handful of PCs. Not like the hackers themselves even have to think about it.

Which is why you should always wear a condom when you go to religious websites. You know, just to be safe.

If you’re using Symantec’s pcAnywhere you should probably stop

It’s interesting that it’s such an old theft, but still a concern. Fortunately, there are plenty of alternatives to choose from. #seb #computing #security #anonymous #hackers

Embedded Link

Symantec: Anonymous stole source code, users should disable pcAnywhere
Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool.

Although Symantec says the theft actually occurred in 2006, the issue did not come to light until this month when hackers related to Anonymous said they had the source code and would release it publicly. Users of the Norton products in question are not at any increased risk of attack because of the age of the source code an…

Google+: View post on Google+

This whole story shows that the TSA is at least partially run by idiots

But then we've known all along that the TSA reserves the right for its agents to make arbitrary decisions on a whim when they feel like it so I suppose it shouldn't be a big surprise.

Don't question the decision making process, citizen! This is for your own protection! If we decide something is bad you should just accept that we know what we're doing and hand it over! You do want to fly today, don't you?? What is it you're trying to hide in those nail clippers anyway?? #seb #security #TSA #stupidity

Embedded Link

The TSA Cupcake Lady Speaks: I'm Truly Sick Of Talking About Cupcakes
While the "TSA Cupcake Lady" is sick of talking about cupcakes, she's also determined that the dessert in question not be woefully misrepresented by descriptions of it being "packed in icing." To that end, she was kind of enough to write in and explain her side of the story, in response to the TSA's recent blog reaction to the cake kerfuffle.

For those unfamiliar with the bakery brouhaha, here's a quick recap: Rebecca carried two cupcakes on jars with her on her way to Las Vegas, she tried b…

Cory Doctorow on the coming lockdown war

It's hard to say how much of what he describes will come to pass, but it's clear that we're headed in that direction as evidenced by the copyright wars. This is something that anyone who cares about what they can and can't do with the computers and devices they own should be paying attention to. #seb #computing #security #copyright #politics

Embedded Link

Lockdown: The coming war on general-purpose computing
Lockdown

The coming war on general-purpose computing

By Cory Doctorow – Share this article

Tweet

This article is based on a keynote speech to the Chaos Computer Congress in Berlin, Dec. 2011.

General-purpose computers are astounding. They're so astounding that our society still struggles to come to grips with them, what they're for, how to accommodate them, and how to cope with them. This brings us back to something you might be sick of reading about: copyright.

But bear with me, becau…

Hackers are combining different malware into Frankensteinien new monstrosities

Make sure your anti-virus programs are up to date and all your system patches have been applied. #seb #computing #security

Embedded Link

Part virus, part botnet, spreading fast: Ramnit moves past Facebook passwords
The latest variant of Ramnit, the Windows malware responsible for the recent theft of at least 45,000 Facebook logins, is the latest example of how malware writers and cyber-criminals take "off-the-shelf" hacks and bolt them together to teach old viruses new tricks. Facebook passwords aren't the only thing that the Ramnit virus can grab—thanks to the integration of some of the code from the Zeus botnet trojan, Ramnit can now be customized with modules for all manners of remote-controlled mayh…

One should be careful when playing with fire

… lest one get burned. #seb #computing #security #hackers

Embedded Link

Top German cop uses spyware on daughter, gets hacked in retaliation
Trojans—they're not just for hackers anymore. German police, for instance, love them; a scandal erupted in Parliament last year after federal investigators were found to be using custom spyware that could potentially record far more information than allowed by law. The story made headlines, but it lacked a certain sense of the bizarre.

Fortunately for connoisseurs of the weird, Der Spiegel revealed a stranger story in its magazine yesterday. According to the report, a top German security off…

A small security reminder: Beware of suspicious links!

Even if they come from friends and family on Facebook and other social sites. And always use different passwords on every site!

Worm steals 45,000 Facebook login credentials, infects victims’ friends

A worm previously used to commit financial fraud is now stealing Facebook login credentials, compromising at least 45,000 Facebook accounts with the goals of transmitting malicious links to victims’ friends and gaining remote access to corporate networks.

The security company Seculert has been tracking the progress of Ramnit, a worm first discovered in April 2010, and described by Microsoft as “multi-component malware that infects Windows executable files, Microsoft Office files and HTML fil…

If you have an affected HP printer you’re going to want to apply this firmware update.

If you have an affected HP printer you’re going to want to apply this firmware update.

Sounds like it won’t be too long before we start seeing this exploit show up in the wild. I wonder if anti-virus programs could be made to detect the malicious documents? #google+ #computing #security #HP

Printer malware: print a malicious document, expose your whole LAN

One of the most mind-blowing presentations at this year’s Chaos Communications Congress (28C3) was Ang Cui’s Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers. Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to …

Beware cold calls from people claiming to be from Microsoft about problems with your computer.

I got a fun phone call this evening. The number was blocked and my initial reaction was to not answer it, but my boss is in town and the phones at work don’t always show up properly on my phone’s caller ID so I went against my better judgement and answered it. The man on the other end of the line had a very thick Indian accent and sounded like he was working in a call center. He claimed to be an official Microsoft Technical Support technician and that they had been alerted to problems with my PC that could result in “very bad” crashes that could result in “total loss of all data.”

Naturally I was very concerned about this newly discovered risk and he helpfully offered to show me where on my computer I could see for myself the dozens of error messages they had been receiving through a “web server” (you could almost hear the double quotes in the way he said it). He had me sit down in front of my PC (I was already there) and gave me step-by-step instructions on how to launch the Event Viewer in Windows. Therein he directed me to the Custom Views and Administrative Events log where there were, indeed, dozens and dozens of error messages and warnings including some that were critical! Oh my!

These generic error messages spell my DOOOOOM!

This is why, he explained as though I were a five-year-old, that my computer was at risk and that I had hit the limit which triggered their contacting me. Not to fear, they could assist in fixing the problem! He asked if I had Internet Explorer, I said I do, so he instructed me to go to a webpage where I should download a product called Ammyy Admin 3 (it’s free!) which would allow them to assist me directly.

It was at this point that I informed him that I was a computer technician myself and that I knew there wasn’t anything wrong with my computer and that they weren’t receiving notifications through a “web server” of problems I might be having and… that’s when he hung up on me.

Now it appears that the Ammyy Admin 3 software is a legitimate product used by a number of folks that asshole scammers have latched onto for this cold calling scam because it’s free and allows them to take control of your PC once it’s installed. There’s even a forum thread on their site about this scam. Not to mention that if you Google the URL you were given you find that immediately after the link to the Ammyy software homepage are links to people reporting on this scam. Word has it that if you go along with the scam they’ll show you some more generic error messages in the Event Viewer logs and tell you it’s because your system is infected with a virus and then they’ll take you to a website where they’ll try to get you to buy an anti-virus software package that probably doesn’t do jack shit. The details vary as does the software — this account from another support professional back in 2005 said they used a remote desktop package called Teamviewer — but the scam is the same. Show you some scary looking logs and convince you to buy their bullshit software.

Here’s the thing, at any given point in time the Event Viewer is almost always going to be chock full of error messages. That’s just the nature of the Windows beast. If you’re familiar with the Event Viewer then it’s not too difficult to figure out that most of these aren’t anything to be concerned about, but for the average Jane or Joe it can look pretty alarming. Folks have said that once they take control of your PC they’ll also do stupid things like list the files in your Temp or Prefetch folder and then tell you that those files are the result of spyware or a virus. Again, if you’re not that familiar with how Windows works it could look pretty scary. One red flag that you’re being bullshitted is the fact that they have you download a free third-party Remote Desktop tool. Windows already has a Remote Desktop tool built in along with a Remote Assistance tool which Microsoft would probably make use of if it was really Microsoft. Which it isn’t because Microsoft would never call you for something like this.

As near as I can tell, the scammers aren’t using the opportunity of having full access to your computer to steal your personal information (e.g. documents, credit card numbers, bank passwords, etc.) but I didn’t dig into too many of the websites that are talking about this so I can’t say for sure that they aren’t. Needless to say, once you’ve given them access to your machine you should probably consider it comprised badly enough to back up your data, erase your hard drive, and reinstall everything from scratch. Hopefully you’ll have read this first and will recognize these assholes when they come calling.

Own an iPhone or iPad? It’s been tracking everywhere you go for the past year.

Pic of output from iPhone Tracker app.

A sample of the output. The bigger the dot the more times you've been recorded as being there.

Here’s something you probably didn’t know about your iPhone/iPad: It appears to be keeping a record of everyplace you’ve ever been both the device itself and on your computer if you use iTunes to back up your phone. The folks over at AresTechnica.com have the details:

Researchers Alasdair Allan and Pete Warden revealed their findings on Wednesday ahead of their presentation at the Where 2.0 conference taking place in San Francisco. The two discovered that the iPhone or 3G iPad—anything with 3G data access, so no iPod touch—are logging location data to a file called consolidated.db with latitude and longitude coodinates and a timestamp. The data collection appears to be associated with the launch of iOS 4 last June, meaning that many users (us at Ars included) have nearly a year’s worth of stalking data collected.

In order to drive the point home, the two developed an open source application called iPhone Tracker that lets anyone with access to your computer see where you’ve been.

Now some of you might be thinking this isn’t anything new as these products have long had GPS features that will tell you where you are and they often notify you that they’re doing so when you use them. Yeah, but this is slightly different. This tracking isn’t being done using the GPS, but by triangulating your position relative to cell phone towers:

Users don’t get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there’s no explicit consent every time it happens, and there’s no way to block the logging. (Nitpickers will point out that you do give your consent to iTunes when you download and install iOS 4, but this is not treated the same way as the consent given to the iPhone every time an app wants to use GPS.) So, whether or not you’re using GPS, if you’re using your iPhone as a cell phone, you are being tracked and logged constantly without your knowledge.

The only way to avoid this tracking is to turn off the cellphone part of the device. Now the problem here isn’t so much that your devices are tracking your every move, but that you’re not being told about it. The good news is that, as near as the researchers can determine, this data is not being sent back to Apple or any other third party. The bad news is that it’s not at all difficult to get access to which means that if you lose your phone or your computer is compromised then anyone with the iPhone Tracker app can call up everywhere you’ve ever been with it. You can bet your ass that law enforcement absolutely loves this “feature” so if you’ve ever been anywhere you don’t want someone to know about, well, hope you didn’t have an iPhone with you.

Of course, this only really matters if you give a shit about people knowing your comings and goings. Something which more and more people seem to have stopped worrying about. In fact, the folks at Gawker are reporting that this discovery has spawned a hot new trend:

When it comes to technology today, there is barely any distance between outrageous privacy violation and cool new feature. When news broke yesterday that Apple has been secretly spying on iPhone users, many people immediately broadcasted the illicit data to everyone.

[…] Holy crap, Apple has been secretly logging our every move for months? Let’s… broadcast it to everyone on the internet! Many techies are now showing off their iSpy maps: “I find myself fascinated staring at this automatically generated record of where I’ve been,” wrote tech blogger Alexis Madrigal. Tumblr and Twitter arefull of them. “I don’t get out of West LA enough,” user aboycommemoi observed.

For its part, Apple hasn’t said shit about this discovery, but there is some indication that this may not have been an intentional breach of user trust. More likely it’s a bug or an oversight in the program. The folks at Gizmodo explain:

As Gruber’s been informed, consolidated.db—the tin-foil-hat-inducing log in question—is a cache for location data. (As Pete Warden and Alasdair Allan’s FAQ about their project implies.) What’s supposed to happen with the cache is that the “historical data should be getting culled but isn’t”—because of said bug or oversight. In Gruber’s words:

I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.

So how freaked out should you be? If you don’t own an iPhone or iPad then this isn’t really an issue for you. If you do then it depends on how much you give a shit if someone could potentially get hold of that data. The chances that you’ll be hacked and have it stolen for some nefarious, but unknown purpose is probably minimal. However that data is something that could potentially be used against you by law enforcement if they should happen to have reason to acquire it.

Given the recent hoopla here in Michigan where the State Police have been accused of extracting data from cell phones during routine traffic stops, that may be something to consider. (Note, the MSP put out a response to the ACLU’s assertions saying that they do not collect cell phone data during routine traffic stops and only do so with a court issued warrant.) And while you may say that you’ve nothing to hide from the police, it’s not like there aren’t cases where circumstantial and coincidental evidence got an innocent person convicted.

Just the same, forewarned is forearmed and it’s better to know what is being collected about you — intentionally or not — than not know.