October 2009 Newsletter
A little late but better late than never!
Important security patches available for Firefox
Mozilla has ended support for version 2 of the Firefox browser, so if you haven't upgraded already, it's time to get version 3.5.3 (or 3.0.14, if the 3.5 release isn't compatible with your system).
Now that browsers are the principal entry point for malware, ensuring that you have the latest release is more important than ever.
Pigeon protocol offers faster data delivery
An unorthodox race in South Africa has revealed that it is faster to transmit 4GB of data via carrier pigeon than it is to send it over the country's main ADSL services.
An IT company in Durban decided to hold a competition to test a theory once discussed over a watercooler. Would it be faster to use a carrier pigeon to send data than to use the country's biggest web firm, Telkom? Bad news for Telkom - yes, it is.
In the race held yesterday between Howick and Hillcrest, a pigeon named Winston managed to transport a 4GB memory stick 60 miles in just two hours, the same amount of time it took the firm's web connection to transmit just four percent of the data. Of course Telkom said that slow speeds at its customer end have nothing to do with it.
Overall though, estimates suggest that it would have taken days to send the data, which would have given Winston the winged rat loads of time to, er, decorate many statues of military heroes before finally turning up to claim his victory bread crust.
Like Telkom we can't be sure what is wrong with the firm's web connection, but old school methods of delivery have long been favoured by those in the know.
Some people still use the old practice of moving files between machines on floppy disks, remember them? And way back in the 1970s, Dr. Warren Jackson said, "Never underestimate the bandwidth of a station wagon full of tapes." Nothing has changed, actually.
Winston the pigeon already has over 3,000 friends on Facebook. We don't imagine that anyone at Telkom is one of them.
More tricks to evade keyloggers on public PCs
Courtesy of Windows Secrets
 |
By Scott Dunn
No method can make you completely safe when using a public computer, so you must balance convenience with the level of risk that's acceptable to you.
|
The Clipboard's no safer than the keyboard
The revised Vesik method involves typing nonsense characters into a password input box when using a public PC and then rearranging some of the letters to form your actual password with the mouse. If the PC contains a hardware keylogger or is infected with a software keylogger, rearranging a password in this way will usually suffice to obscure your credentials. Most hackers will concentrate on the 99% of users who type in their passwords at Internet cafés in the usual way.
One proposal sent in by many, many, many readers was a variation on a single theme. Namely, keep your sign-in information on a USB flash drive or memory stick, then copy and paste the info into the appropriate fields when you're required to use a public PC or other unsecured computer.
Unfortunately, many keyloggers capture any information you place into the Windows Clipboard. I tested the copy-and-paste technique using the All In One Keylogger from RelyTec. (For more info, see the vendor's site .) The program easily captured the sign-in IDs and passwords entered, whether I used the standard menu options (Edit, Copy and Edit, Paste) or the keyboard shortcuts Ctrl+C and Ctrl+V.
In my tests, the All In One Keylogger wasn't able to capture the information when I performed a copy-paste operation using a context (right-click) menu. But that's not much to rest one's hopes on. Other keyloggers do succeed at capturing data copied via context-menu options.
Note that many password-manager products require you to copy and paste your passwords from their database to an input box. (See Review of password managers.) Any product using the Clipboard in this manner is vulnerable to a keylogger that captures data from the Clipboard.
Other strategies for blocking keyloggers
Readers suggested various ways of carrying one's passwords on a flash drive. Jeff H. asked, for example:
- "What about surfing from suspect PCs using only Firefox Portable running off a USB drive, with all your passwords stored in the browser?"
If you store passwords in a portable version of Firefox, make sure you set a "master password" first. This encrypts your passwords so they're not readable on the USB device for any malware to scan.
To establish a master password in Firefox, pull down the Tools menu, click Options, select the Security tab, and turn on Use a master password. After doing this, you must enter your master password once per browser session.
Another reader, Val Ingraham, proposed signing in using a tool such as the portable version of Siber Systems' free RoboForm password manager, available on the company's download page .
Both of these approaches were able to evade the keylogger I tested them with and would likely confound other keyloggers as well.
However, any method that permits automatic sign-in from a flash drive poses a risk of physical security. A flash drive is easy to lose. When you misplace one, you could be handing over your passwords to whoever finds the device — if you don't enable a master password.
Can freeware provide the privacy you need?
Several readers like products that are specifically designed to defeat keyloggers. Simon Bleasdale recommends Neo's SafeKeys 2008, available for free on the Alpin Software site . The program promises the same functionality as the Windows On-Screen Keyboard (OSK) utility described in the original tip — but without OSK's security risks.
(OSK sends keystrokes in a way that keyloggers can see and record. To use OSK if you need it for entering something other than a password, open the software by clicking Start, All Programs, Accessories, Accessibility, On-Screen Keyboard.)
Neo's SafeKeys 2008 displays a small window with a simulated keyboard on which you can type your sign-in, password, and other information — just as with OSK. But unlike the Microsoft utility, Neo's SafeKeys 2008 doesn't transmit information in a way that can be picked up by keyloggers. Nor does the program use the Clipboard. Instead, you type your info in the SafeKeys 2008 window and then drag the data to the appropriate text box in your browser.
Neo's SafeKeys 2008 successfully evaded the All In One Keylogger product in my tests. Other options help you foil keyloggers that regularly take screen captures to record your PC activities. According to the Alpin Software site, however, the utility's drag-and-drop methods don't work with all products — including the Opera browser.
No product will ever be able to guarantee your safety from snoops when you use a public computer. Fortunately, the techniques and products described here and in the previous article can reduce your risk substantially.
You're the only person, however, who can decide what constitutes an acceptable risk level for your data. That may mean never signing in to Web sites using PCs at Internet cafés — or wherever you're not sure adequate security precautions have been taken.
Online Too Long
(Submitted by Petr Hrasky)
1. Tech Support calls "YOU" for help.
2. Someone at work tells you a joke and you say "LOL" out loud.
3. You find yourself trying to cock your head 90 degrees when you smile.
4. You have called out someone's screen name while making love to your significant other.
5. You keep begging your friends to get an account so "we can hang out".
6. Three words: Carpal Tunnel Syndrome.
7. If you are male and see a female in the "Real" world that you wish to meet, your first thought is to IM her.
8. If you are female and you see a male in the "Real" world that you wish to meet, your first thought is that you wish he'd IM you.
9. You don't understand the humor in the above mentioned #7 and #8 since the "real" world is at your fingertips.
10. You have to get a 2nd phone line just so you can call Pizza Hut.
11. When you have sex, you no longer are concerned about sexually transmitted diseases.
12. You walk into a room, and, finding that it has more than 23 people, you inform management that there is an error.
13. When looking at signs, you wonder why they are always "yelling" at you.
14. You go up to people you are attracted to "in real life" and ask them for their GIF.
15. Although you don't know what they look like, you become insanely jealous of people hitting on your cyber-love.
16. You don't even know what your cyber-love looks like.
17. When at work, your boss constantly reminds you that the word i should be capitalized.
18. You watch TV with the closed captioning turned on.
19. Your spouse now complains of you moving your fingers in your sleep instead of talking.
20. Your kids are eating cereal morning, noon, and night.
21. When someone says, "What did you say?" you reply, "Scroll up!"
22. You find yourself sneaking away to the computer in the middle of the night when your spouse is asleep.
23. You turn down the lights & close the blinds so people won't know you're on-line again.
24. You know more about your AOL friends' daily routines than you do your own spouse's.
25. You find yourself lying to others about your time on-line & when they complain that your phone was busy you claim it was off the hook.
26. You have an identity crisis if someone is using a screen name close to your own.
27. You would rather tell people that your bloodshot eyes are from partying too much than the truth (online all night).
28. You change your screen names so much that you have to look at your own profile to see who you are.
29. You go into labor and you stop to type a special E-mail to let everyone know you're going to be away and how you're feeling.
30. You marry your cyberboyfriend/girlfriend and you both sit at your own computers & chat to each other every night from across the room.
31. You type messages to people while you are on the phone with them at the same time.
32. You understand the humor in all of these jokes because you have committed them yourself!
33. Your dog leaves you.
34. You are doing things more and more that you swore you would never do when you first got online.
35. You sign on & immediately get 10 IMs from people who have you on their buddy list.
36. You have a map on the wall w/ LOTS of red thumbtacks to mark where people are you have met.
37. You look at an annoying person off-line & wish you had your ignore button handy.
38. You bring a bag lunch & a cooler to the computer.
39. Your significant other kisses your neck while you're chatting and you think, "Uh oh, cyber sex perv".
40. You go thru "withdrawal" if you are away from the computer for more than a few hours.
41. Your buddy list has over 100 people on it.
42. You understand what BIF ISO BIM means. (I wonder how many will get this one...If so, you've been hanging out in *strange* places).
43. You wake up in the morning and the first thing you do is get online before you have your first cup of coffee.
44. You have to inject no-doze into your butt to keep it awake.
45. You have your computer set so it goes directly into AOL's welcome screen.
46. You wait 6 hours online for a certain "special" person to come home from work.
47. You don't know where the time has gone.
48. You end sentences with 3 (or more) periods while writing letters by hand.
49. Your relationship online has gone farther than any real one you have had.
50. You get up at 2 am to go to the bathroom but turn on the computer instead.
51. You don't even notice anymore when someone has a typo.
52. You enter a room & 23 people greet you w/ {{hugs}} or **kisses**.
53. You stop typing whole words and use things like ppl, dunno and lemme.
54. Your voicemail/answering machine message is "BRB, leave your s/n & I will TTYL".
55. You type faster than you think.
56. You got your psychiatrist addicted to AOL too & are now undergoing therapy in private rooms instead of at his office.
57. You want to be buried with your computer when it dies or vice versa.
58. You actually enjoy the fact that you are addicted.
59. You can actually read & follow all the names of the cast that scrolls up your TV screen at the end of a movie
60. People say, "If it weren't for your super reflexes in your eyes and fingers, you would have been classified as a vegetable!"
61. You dream in "text".
62. Being called a Newbie is a "MAJOR" insult.
63. There is absolutely no interesting chat in any room & you're really bored.
64. You don't want to leave in case you miss something.
65. You double click your TV remote.
66. You can now type over 70 wpm.
67. You think about starting a 12-step recovery group for AOL junkies.
68. You are on the phone a minute & need to do something else & say "BRB" r "BBL".
69. You check your E-mail and forget you have real mail (a.k.a. snail mail).
70. You go into withdrawals during dinner.
71. You spend at least 30 minutes making sure you say goodbye to everyone in a room.
72. You stop speaking in full sentences.
73. You have gone into an unstaffed Tech Support room & ended up "giving" tech support to other AOLers.
74. You have to be pried from your computer by the "Jaws of Life".
75. Your last sexual experience was really just a "textual" experience.
76. You know what a "snert" is.
77. You set your kitchen on fire while cooking dinner because you wanted to "check your mail" & while there you "just wanted to see who was nline".
78. You meet people from AOL in public & you have no idea what their real name is, so you call them by their screen name.
79. You've even gotten on an airplane just to meet some folks face-to-face.
80. When seeing someone you wish to meet, your second thought is wishing they'd be on AOL so you don't have to meet them in person.
81. You have a vanity car tag with your screen name on it.
82. You no longer type with proper capitalization, punctuation, or complete sentences.
83. You have met over 100 AOLers.
84. When meeting a stranger, you ask for their profile. If they have a profile you ask them for an age/sex/location check.
85. You understand the humor in all of this.
86. You keep telling yourself to Get a Life.
87. When someone online says BRB, gotta go pee, you ask them to go for you, and think they can.
The pros and cons of switching to Windows 7
 By Woody Leonhard
Courtesy of Windows Secrets
If you're still sitting on the fence about upgrading to Windows 7 — after all, it's been widely available for all of a few hours now — I'd like to regale you with my top eight reasons to jump in with both feet.
I'll also tell you three possible reasons for keeping the new OS on the shelf — for a while, at least.
After you wade through the Win7 marketing hype, you'll find a solid core of real improvements in the new release. There are many aspects of Windows 7 that cry out for adopting it and just a few that suggest sticking with Vista or XP.
• 8. Windows 7 is easier on the eyes
No doubt you're way beyond the stage where fancy wallpaper and cute icons curl your toes, but any way you look at it, Windows 7's a stunner. From wallpaper that changes itself to the tightly controlled group of icons in the area near the clock, Win7 puts the things you need most where you need them. The OS also moves the flotsam out of the way.
Since there's no Sidebar in Windows 7 — good riddance, I say — Win7's gadgets move to the high-rent district of the desktop, where you can move, resize, and snap them together neatly.
• 7. The Action Center puts all the nags in one place
Windows XP and Vista are notorious for scattering important information all over creation. At the same time — and quite perversely — every two-bit application you install on an XP or Vista PC can pop up annoying messages, distracting your attention while you're trying to get some work done.
Win7 reduces the shrill impositions to a minimum by funneling almost all interactions through the Action Center. Yes, the Action Center has its roots in the old Security Center, but it's all grown up now.
The Action Center serves as traffic cop for announcements that inform, warn, and often annoy. But rather than a pop-up window, the only alert you'll see is a flag in the notification area (near the clock) that turns yellow or red as needs dictate.
• 6. Win7's security is stronger and less intrusive
Security stuff gets complicated very quickly. Suffice it to say that Windows 7 is significantly more difficult to crack than Vista, which in turn was an order or magnitude tougher to break into than XP. (Internet Explorer and the .NET Framework are noteworthy exceptions.)
Compared to Vista's in-your-face User Account Control (UAC), the equivalent in Windows 7 is clipped and reined in. You can get to the settings easily. For most people, security won't be nearly so difficult in Win7 as it was in Vista — and it won't be as, uh, permeable as it was in XP.
• 5. You can make a movie of what ails your PC
If you haven't seen Windows 7's new Problem Steps Recorder (PSR), you owe it to yourself to try it. Click Start, type psr, and hit Enter. This little utility lets you record everything on the screen — except the stuff you type — as it happens. When you're done, PSR spits out an MHTML file that can be opened and played back in Internet Explorer.
Like the Snipping Tool in Vista (also available in Win7), once you try PSR, you won't know how you ever lived without it.
• 4. Search works — finally!
Windows XP's built-in search feature is a slow, painful, buggy joke. In Vista, search is a little less labored, occasionally usable, but still unreliable.
In Windows 7, Microsoft has, at long last, woven search into the operating system itself. There's no noticeable system overhead, searches proceed fairly quickly, and — most important of all — the results are accurate.
You can initiate a search from just about any location in Windows 7: on the Start menu, inside Control Panel, and in Windows Explorer. Although there are a few idiosyncrasies — such as no true wildcard searches and text searches that match only the beginnings of words — searches in Win7 usually find what you're looking for.
• 3. You get better control of your devices
Windows 7 centralizes control of all devices: printers, MP3 players, phones, keyboards, mice, fax machines, and anything else you plug into your computer. The controls all appear in a place called Device Stage.
The revolutionary part of Device Stage isn't its omniscience. Windows has had various Devices and Printers –type capabilities for years. Device Stage differs in that manufacturers have started writing their drivers to hook into Device Stage directly.
If you're tired of having 10 different programs in 10 different places to control your attached hardware, those days are rapidly drawing to a close. The junky little programs that go with the devices will disappear, too. At least I hope they will. So long, commercial driver-update utilities!
• 2. Win7 Libraries beat out My Documents any day
I first described Windows 7's Libraries feature in my May 14 Top Story . While Libraries don't do away with the need to organize your files, they make it much, much simpler to track files and put them in the right locations.
"A place for everything, and everything in its place," as Mom used to say. With Windows 7 Libraries, file management is easier than ever.
• 1. HomeGroup makes sharing safe, fast, and fun
A stroke of pure design genius, Windows 7 HomeGroup bundles all the sharing options you'd likely want in order to make files, printers, and media accessible to any other Windows 7 PC on your network.
As described in my May 14 Top Story and my Oct. 1 Woody's Windows column (paid content), homegroups work only among Windows 7 PCs — there's nothing analogous in XP or Vista. Still, sharing among Win7 PCs couldn't be simpler.
Three reasons why Windows 7 isn't for everybody
Despite these and other Win7 positives, there are at least three good reasons for Windows XP and Vista users to stick with their current OS:
• 3. If your PC isn't up to snuff, fuhgeddaboutit!
While Windows 7's hardware demands are less stringent than Vista's, there are zillions of PCs that simply can't handle Win7.
In my March 5 Woody's Windows column (paid content), I described how to convert any three- or four-year-old desktop PC into a Windows 7 wonder by bumping it up to 2GB of memory and sticking in a sufficiently powerful video card. I've retrofitted dozens of Windows XP desktops in this way, and the results are hard to believe. With a little bit of goosing and a couple of hundred bucks, those old PCs run Win7 much faster than they used to run XP.
However, if you have a desktop machine or laptop that's more than a few years old, upgrading its hardware to support Windows 7 is likely more trouble than it's worth. Don't bother.
• 2. If your hardware or software demands XP, stick with that OS
The XP Mode built into Windows 7 Professional and Ultimate is a Virtual PC–based implementation of XP. XP Mode makes sense for large companies that want to get the benefits of Windows 7 but have to put up with hardware or software that runs only under Windows XP.
For the typical home or small-business user, however, XP Mode is a pain in the neck. My advice? If the Windows 7 Upgrade Advisor (which you can download from the Microsoft Windows 7 site ) indicates that your XP setup isn't compatible with Windows 7, either upgrade the machine's software and hardware or give up on running Win7 on the system. Life's too short.
• 1. Don't try to fix what ain't broke
By far the most-compelling argument for staying with Windows XP or Vista is this: The Windows you have now does everything you need, and you aren't overly concerned about rootkits or other nearly invisible malware hosing your machine. In this case, there's no compelling reason to go out on a limb with Win7.
Replacing your operating system is slightly simpler than performing a self-administered brain transplant, but it's still no walk in the park. In the vast majority of cases, upgrades to Windows 7 go in smoothly, with a few minor irritations — maybe you can't find the install CD for an old program, for example, or you forgot to write down a password.
But in a small percentage of cases, the Windows 7 installation doesn't go well at all. As they say, stuff happens. Any upgrade could potentially become calamitous, and Windows 7 isn't immune.
If the thought of upgrading your system makes you lose sleep, hey — don't worry. Better the devil ye ken, eh? .
 |
Well that's all for now. Hope to catch up with you at the next meeting
Cheers
President Paul |
|
