Posted by Angela | 2 Comments
Microsoft Security Updates: July 28, 2009
Microsoft will be releasing two out-of-band security updates today for potential threats. Because Microsoft is releasing these two bulletins outside their monthly patch cycle, we can assume that the security issues at hand are quite severe.
The notification that Microsoft posted on Friday says the two bulletins released today will give solutions for issues within Microsoft Visual Studio product line and Internet Explorer. The bulletin for the Microsoft Visual Studio product line will address an issue that has negatively affected some kinds of applications. The Internet Explorer update will address issues deep in Internet Explorer that are independent of the Visual Studio issues. Internet Explorer’s issues have been classified as ”Critical,” and solutions will provide extra protection against the security problems found in Visual Studio. Microsoft is being very limited on details until the announcement is made later today. When you keep your system up to date (in the area of security) you will avoid attacks related to these threats.
The bulletins are set to be released on the Microsoft Security Bulletin Summary today at 12:00 noon, Central Time [Update below]. There will also be two sessions for questioning Microsoft by users later today at 3:00 P.M., CT, and 6:00 P.M., CT. Both are available online if you register.
Update [July 28, 2009, 12:30 P.M., CT]: The Microsoft security bulletins MS09-034 and MS09-035 have been released to address problems within Internet Explorer and Visual Studio Active Template Library (ATL).
Read More
Posted by Jeremy Scott | 2 Comments
The TSA Would Like To See You Naked
Do you remember the security X-ray screeners in the movie Total Recall, where the passengers filed through a corridor and on the outside… security personnel could see their skeletons as they passed through?
Those are now a reality… sort of.
Ten US Airports are getting the machines, with a total of 30 screeners planned across the country by the end of 2008.
The controversy, of course, is that in addition to any guns or other contraband, these machines also apparently show off the passenger’s naked body. The ACLU thinks that’s unacceptable:
“People have no idea how graphic the images are,” Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, told AFP.
Okay, is there anything the ACLU finds acceptable? Isn’t it their mission to abhor and challenge pretty much everything?
But seriously, they have a point here. How many of you, by show of hands, want the TSA screeners to see you naked? Yeah, that’s what I thought.
Oh, but they won’t know who you are:
While it allows the security screeners — looking at the images in a separate room — to clearly see the passenger’s sexual organs as well as other details of their bodies, the passenger’s face is blurred, TSA said in a statement on its website.
Right. Because they can’t see my face as I’m walking into the machine. Somehow I don’t see the fact that the faces are blurred making Americans feel better about being so exposed.
The images are also not stored in any way, but are erased once the passenger is cleared through the checkpoint. So that’s good, at least.
Look, not to be graphic or anything, but I really don’t care if the TSA wants to see me naked. I’m all for doing whatever it takes to help make the skies safer. And I’m no Adonis–it’s their loss, really, if they have to put me in one of these things.
But millions of Americans are going to cry foul.
Thankfully, the TSA is saying that travelers have some options:
Lara Uselding, a TSA spokeswoman, added that passengers are not obliged to accept the new machines. “The passengers can choose between the body imaging and the pat-down,” she told AFP.
Sweet. So if I don’t want strangers to see me naked I can choose to let strangers put their hands all over me. Excellent choice. I believe that’s what’s called a Catch-22.
Anyway, now that the TSA is blogging, you can head over there and leave them some feedback on this new development.
Read MorePosted by Jeremy Scott | 5 Comments
LifeLock’s ID Protection Tip of the Day: Do...
Surely you’ve heard the radio ad for LifeLock sometime over the past few years. It’s the one where the guy sounds all serious and says, “I’m Todd Davis, the CEO of LifeLock, and what I’m about to say is true. My Social Security Number is…” and then he goes on to give you his real SSN.
I’ve always thought it was a pretty slick marketing gimmick… and simply assumed that it was likely a fake number anyway. Even if you’re pretty confident in your company’s services, identity theft isn’t something you want to go messing around with. I generally assume that identity thieves are sort of a lot like computer hackers–they probably have some pretty good ideas and technical know-how. And you wouldn’t go daring hackers to infiltrate your website, would you?
Well apparently the number quoted in the radio spot is Davis’ real Social Security Number. And apparently it’s inspired at least 87 identity thieves to attempt stealing Todd’s ID. And at least one guy succeeded, convincing a payday loan company to send him $500 after using Davis’ SSN.
Oh, there’s also this part, from the article:
“Attorney David Paris said he found records of other people applying for or receiving driver’s licenses at least 20 times using Davis’ Social Security number…”
Hmmm. Okay, let’s take a poll. Raise your hand if you are really, really surprised to learn that giving out one’s Social to millions of people could lead to your identity being stolen.
You don’t see armored car services challenging the public to test their security prowess by robbing them. You don’t see the CEO of DuPont–which makes Kevlar–daring Americans to test his product’s effectiveness by randomly shooting him on the street. You don’t see Honda commercials that say “We’ve got the highest crash-safety rating in our class, and we invite you to test that by ramming your Accord into the next tree you see.”
Sometimes there’s a really thin line between killer marketing ideas and abject stupidity. And it’s up to me to point out when that line has been crossed.
There is now a class-action lawsuit against LifeLock… of course. Seems that some customers feel they were mislead as to the company’s ability to actually provide identity protection. Hmmm, where would they get that idea?
I almost feel bad for the guy. But then I remember that he gave out his Social Security Number to millions of people and I don’t feel quite as sorry for him.
Read MorePosted by Jeremy Scott | 2 Comments
Why Do I Keep Receiving Non-Delivery Receipts for ...
Have you been getting a bit more spam lately? Yeah, we all have.
There’s a new kind of unwanted email that we’re all seeing a bit more of lately, called an NDR. NDR stands for Non-Delivery Receipt. It’s that error message you get telling you that a previous message you sent was unable to deliver. Only lately, many people been getting NDRs for messages they never actually sent.
So the email says something like “The message you sent to Steve could not be delivered because….” But you don’t know any Steve, and you never sent a message to Steve. So why are you getting this error?
Easy. It’s spoofing. We covered spoofing back in January, letting you know that messages you may receive that appear to come from yourself are just some hacker’s attempt to “spoof” your email address. Apparently, with a little ingenuity, you can make an email appear to come from whichever email address you wish.
It’s become a favorite tactic of spammers, because most Average Joe’s are more inclined to click on something or reply to an email if it’s coming from a sender they trust. So spammers started spoofing real emails to try and entice you to let your guard down. Having your email spoofed doesn’t in any way mean your computer or your server has been invaded or compromised by hackers. It just means someone (or some automated program) either guessed at your email address or scraped it off a website someplace where it was published.
So the new issue is that some of these messages the spammers are sending are going to email accounts that don’t exist–or at least don’t exist any longer. And that causes the email server to spit out an NDR back to the sender. And since the sender spoofed your email, you’re the one getting the NDR.
Postini–our preferred email filtering service–is actively pursuing a fix to this problem so that your inbox isn’t overflowing with NDRs. And we know that many of you currently have inboxes that are filled with NDRS because several of you have called us to ask what’s going on.
Rest easy. The fix is coming soon. Until then, you can just ignore the NDR–assuming it’s for a message you didn’t initially send.
Every time email and email filtering gets more sophisticated, the spammers respond by creating a new wrinkle in their tactics, resulting in a new kind of headache for you. Spam isn’t going away, folks. In fact, it’s only going to grow more prominent and more advanced. Thankfully, you’ve got us to help keep you informed–and hopefully you have a powerful professional spam filter like Postini, who are on the cutting edge of the technology used to fight the spammers.
If you’d like to learn more about Postini, you can do so here on our website.
We know the NDRs are annoying you–we’re getting them too. But it’s a temporary thing that will be sorted out soon enough. If you have specific questions, or if you think your NDR problem is not the same as what we’re describing here, feel free to shoot us an email or call our office and we’ll be happy to take a look.
Read MorePosted by Jeremy Scott | 5 Comments
Network Solutions: Sneaky Jerks Hold Domains Hosta...
While GoDaddy and Register.com have grown huge customer bases by offering cheap domain names, Network Solutions has steadfastly held to their more expensive pricing structure. Now they found a way to keep you from buying from the cheaper guys, and a host of technology experts are crying “Foul.”
Whenever you go to Network Solutions to search for domain names–to see if the name you want is available–the company now registers that name for themselves, immediately. Then, let’s say you decide later to buy the domain you searched, only from one of the cheaper places. You go there and search the name, only to be told that Network Solutions now owns it. Nice. We tested this, by the way, with several ridiculous domains we’d never want to own anyway….we typed them in the search box at Network Solutions, and were told the domains were available. Then when we went to GoDaddy to buy them, we were told Network Solutions owned them.
Jerks.
Sure, Network Solutions will still let you buy it…for the premium price…and only from them.
It all hinges on a little protection clause that was built in to protect the big domain registrar companies from fraudulent purchases. There is a five-day window before the registrar company has to pay for registered domain names. That allows them to make sure you’re not using a stolen credit card before getting burned on the charges.
But now Network Solutions wants to use that five-day waiting period to beat down the average user, and hold your preferred domain name hostage. The company is, of course, claiming that they are looking out for you:
To thwart the efforts of these sneaky individuals, Network Solutions reserves unregistered domains for up to four days from the date they are searched on our Web site. This customer protection feature provides our customers the opportunity to register names at a later date without fear that the name will be registered by the “Front Runners.” If the domain you searched is available and one that you really want, we suggest that you register it immediately to ensure that you will not lose the name.
They’re saying that there are sneaky jerks out there who want to snatch up your domain before you have a chance, and that they are only registering your searched domain themselves to protect you from these sneaky jerks. It’s the old “I’m stealing from you to keep someone else from stealing from you” argument that, to my knowledge, has never been proven logical. By registering names as soon as they are searched, Network Solutions is engaging in the very act they say they’re protecting you against. Sheesh. It’s circular logic on acid!
So to sum up, Network Solutions will steal your domain in the name of protecting you, and then will offer to sell it to you at a rate three times what you’d pay elsewhere. Make no mistake: there are definitely some sneaky jerks out there waiting to steal your domain name, and you can call them Network Solutions. Shady stuff. If you want to search for available domain names, go to a reputable registrar, or just give us a call and we’ll search it for you.
Read More