Rss

Meet Google’s Dashboard

By now you have either heard about or received an email from Google that it’s privacy policies have changed. If not…here is the link to it: Google’s update privacy policy.

The short of it is that they are combining services and their corresponding data. What this means is that when you now perform a search on Google, all of your input from Gmail, Google Voice, Google+, and the countless other services they offer that you may have partaken in will have a significant bearing on your search results.

So…you may be backtracking in your mind “wait…didn’t I do a search for some stuff for fun? I sure don’t want that popping up at work.” It’s not going to be that bad and to give you some idea of the Google services you are linked to, Google has provided us with a new tool. It’s called the Dashboard and it allows you to see and even in some ways control what data Google has on you.

They even provide a nifty little video to help walk you through the Dashboard experience:

Now this does not mean you have carte blanche to go crazy. All of your interactions with Google and it’s tools are still recorded. They are still monitored and ads are still being served to you based on your previous interactions. But you are given the notion that you have some control with the Dashboard.

I guess the lesson here is to make sure that you check and double check what you type into Google, even if you are not logged in. Just because you are operating in your browser’s “incognitor/some call it ‘porn mode'”settings, does not mean that Google is still not watching your keystrokes when you go to its site. It is. They have a persistent cookie.

So be smart. You should never do anything on Google that you wouldn’t do with your mother sitting in the room. With that said, you really should view your search history. Google gives you a tool to do this. Point your browser to www.google.com/searchhistory and be prepared to login with your Google ID and password. Wait…you say you don’t think you have one?

That’s okay…it’s simple to create one. If you create a Google account for no other reason, it’s to make sure you can see what connections Google has to you and your personal information. I know…I know…you don’t want to have another login to remember but this one is important.

Most new hires are Googled. Businesses and their research departments want to know what they can dig up on you. Plus, it’s much easier for them to find your Facebook, MySpace, Twitter, and other social network entries from this one source.

So while Google is consolidating its data, privacy policies, and other items, it is not always bad.

You should really pay attention to privacy policies

privacy lock icon

Privacy and data collection

Google has been getting slammed lately in the tech media space for it’s blog post ( http://j.mp/z5Z5EO ) declaring that they are unifying all of their privacy policies into one massive policy. What has happened is that Google is being accused of violating it’s initial rule–“Don’t be evil.”

Evil is actually in the eye of the beholder as Google is not saying they are selling our personal data. They are merely sharing it across their own platforms to serve their own needs. As long as Google keeps this data internally and does not share it with third parties, I have no problem with that.

What I would like however, is to have control over the data that Google has gathered about me and the ability to change or delete it when Google does turn evil, which all for profit companies must do if they are to survive.

There are hundreds of companies who make billions of dollars off of each our personal profiles. Our criminal records, our driving records, and even how much money we gave to our local dog-catcher’s re-election campaign are all part of data sets that large companies like ChoicePoint, and Insurance Services Office sell to their customers. Even your prescription records are acrued and compiled to be resold by Milliman and Ingenix.

I would venture a guess that those who fear our federal government’s intrusion into our private lives have never searched deeply into who they should really be worried about. Private companies exist for one purpose…to make rich people richer. Government exists for one reason–to do for people what they cannot do for themselves.

Fearing government regulations is one thing that many Americans do but it’s misguided. Regulations on private business are necessary to keep our food and our money safe.

MyLife.com–why you should avoid it

You see the commercials on TV that someone may be looking for you. It seems like you have old boyfriends/girlfriends lining up to talk to you after all this time and they are doing it at the MyLife.com website.

Well…I accidentally clicked on the MyLife.com site when Google returned it in a search for a former coworker’s email address. What happened next was eye-opening.

First off..you must understand how malware-laden sites work. You visit a site with malware loaders, a popup comes up on your screen telling you that you have a virus and need their “anti-virus solution” or worse, the computer seems to lock up and there is nowhere to click except on a yes or no box on the popup.

If you are smart, you know that clicking on either box, or even on the circle x in the upper righthand corner, to close the window, will result in something being uploaded to your computer without your knowledge. It’s one of the reasons why I found and re-published instructions for creating a shortcut for immediately closing Internet Explorer without triggering any loaders (see this link: http://tech.jchampion.com/?p=16 ).

Well I mention all of this because this is the exact same behavior that the MyLife site exhibits. The site “grabs” Internet Explorer and there is nowhere to click on the page to close the application except inside the popup box that pushes you to register for this pay service. And for the record, you may not be surprised to learn that not very many of your old friends, girlfriends, or boyfriends are looking for you on this site as they probably did not want to pay the fee to contact you either.

And according to Techpaul’s blog ( http://techpaul.wordpress.com/2009/03/06/just-say-no-to-mylifecom/ ), the site is more annoying than nefarious. In order to join you must surrender your contacts list and from that moment on, your friends and family will be spammed relentlessly by the MyLife servers. In addition, it appears that they turn over your contact information to any advertiser whose ad you click on. Hint–there is only one teeny tiny “no” link on those ads while the rest of the ad is a clickable surface. Sneeze and exert pressure on your mouse and the advertiser gains access to your profile/contact information and possibly that of your friends as well.

In short…please stay away from the MyLife.com site and if you have joined, perform a Google search on how to remove your name and information from social networking sites.

Hackers expose Grindr members intimate images

An app that has been used to target gay and bisexual men and their smart phones has had its userbase hacked. The hackers gained access to and exposed images of some of the site’s users.

While that’s bad…what makes it worse is that many of these members had very intimate images of themselves maintained on the Grindr system. This will no doubt create a problem for many of the site’s members.

Here is a reminder — if you must take adult oriented images of yourself, please remember how easy it is to hack a phone and share those images. Once an image is released on to the Internet, it will exist forever.

So please keep anything you do not want shared with the world, stored on a system that is secured and if possible have the images of yourself encrypted so that even if bad apples gain access to your system, they will have a very hard time decrypting your images and ruining your reputation.

What is arbitration and why you should care about

 

Scotus would allow the makers of this device the safe harbor of arbitration

SCOTUS would protect the makers of this fraudulent medical device

 

Everyday thousands of Americans enter into new contracts with credit card issuers, mortgage companies, new home builders, and many many other large corporations.

I would venture a guess that 95% of most of these consumers think that is something goes haywire, like your new home develops cracks in the foundation or the lender modifies your contract 60 days after you’ve signed it, that you can seek some remedy in a court of law.

You can kiss having your day in court goodbye. Today 95% of all contracts between businesses and consumers have some sort of binding arbitration clause in their agreements. And on January 9th, 2012 the U.S. Supreme Court, in an 8-1 decision said that binding arbitration clauses in contracts are just that…binding and cannot be overturned.

The reason why so many companies are forcing mandatory binding arbitration clauses on their customers is that in many cases the terms for arbitration are buried deep within the paperwork your banker, broker, or realtor has you skip over just to get your signature.

In addition, the company gets to pick the arbitrator, the state of the arbitration, and the terms that you can seek arbitration under. So a Texas resident with a beef against a California credit card company would have to take the time, and money, out of their lives to go to California for the arbitration hearing.

And even then the deck is still further stacked against the consumer.

According to statistics compiled by the University of Colorado and Smart Money magazine, consumers have won approximately 4% of the arbitration cases heard. In 2009, the Minnesota State Attorney General sued a major arbitration firm because of alleged close ties to the banks the firm heard cases from. The major banks also named in this suit temporarily dropped their arbitration clause but you can expect that it will be back and enforced as soon as the type can be set on each company’s word processors.

It’s this simple…pay attention to what you are signing and where you buy high dollar items from. In some cases, you should shop around and even if it costs a few dollars more, you should get your loans, credit cards, and other financial instruments from those companies who do not have these clauses in their agreements but if people do not pay attention and keep buying and lending from whomever is cheapest or easiest, then you can expect to see 99.5% of all American based companies using arbitration clauses in their paperwork.

I’m back and posting; more Symantec code stolen; and why your Apple really needs an antivirus

After a nine month hiatus, I am back and posting. No I did not have a baby but I did change jobs. I’m no longer the DOD contractor geek but now I’m a full time college professor teaching, among other things, security.

So let’s get started…Symantec initially said that hackers may have stolen their code base but it was for old products. Well that was not entirely truthful. Symantec’s latest announcement said that source code for Norton Antivirus Corporate Edition, Norton Internet Security, pcAnywhere, and Norton GoBack had been taken. This is in addition to the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 that the company acknowledged two weeks ago.

What does this mean? Well if you are one of the many who use Symantec products, it means that you will need to be very careful about what updates for the Symantec software you download. Some of it could be fake.

Also puncturing a hole in a mythical secure operating system, is F-Secure’s announcement that the number of trojans, malware, and loaders for Apple MacOS products climbed this week.

Last year, F-Secure noted that Apple products enjoyed a roller-coaster ride of security. With some months being better than others. Best bet…if you have a Mac, get an antivirus.

And finally…I will be revamping this site a little now that I have more time to devote to it. Remember that the key to keeping crap off of your home computer is to be smart and not download or visit sites that are known for pushing malware on to user’s PC’s. Use Firefox with the NoScript add-in and above all else…stay away from porn and gambling sites.

A good read from OpenDNS

OpenDNS has taken the time to analyze a popular Facebook scam which they describe as a virus. It’s a good read and worth your time to read and understand.

Facebook is so useful and fun but at the same time without vigilance, your system can be easily compromised, your Facebook login stolen, and your friends harassed by one slip of your mouse.

The article can be found at:

http://blog.opendns.com/2011/05/05/facebook-who-views-your-profile-scam/

Also if you’re not using OpenDNS for your home’s network, take a look at how easy it is to setup and use while you’re on their site. The service is free and you can block ads, malware sites, and other types of sites from interupting your browsing session. Their site is OpenDNS.com

Clicking on an Osama picture can be hazardous to your computer

Malware purveyors keep looking for the next thing to convince you to click on download/”Look at this!” type of links. Sunday night’s announcement of Osama Bin Laden’s (I don’t really care if I spell that name right–the terrorist doesn’t deserve for it to be spelled correctly) death and the subsequent details coupled with America’s thirst for blood and gore mean that the pickings are ripe for malware purveyors.

So Facebook users…you’re up first. You are a prime target because most of you are not all that computer saavy and most click on anything that looks tantalizing…afterall if it looks salacious it must be awesome, right? And also if no one knows I clicked on the gory details link, what’s the worst that can happen? After all, there is that big “X” in the upper right hand corner of my browser right?

The FBI knew this was going to happen and issued a press release to the American public warning people about such links:

“The FBI today warns computer users to exercise caution when they receive e-mails that purport to
show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could
damage your computer. This malicious software, or ‘malware’, can embed itself in computers and
spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members.
These viruses are often programmed to steal your personally identifiable information.”

So what does this mean to you, the common user? It’s simple. Until the Obama administration announces it has released photographs and/or videos, there are no such things. You should pay full attention to the FBI’s warning. Click on nothing that you do not know. Click on only those things you were expecting and from trusted sources after using your anti-virus/anti-malware to the fullest.

Finally…if you do accidentally stumble into one of these traps…follow the regular steps to remove malware viruses from your computer. If you don’t know what these are, then you should be extra careful about the things you click on.

The Epsilon Breach Just Keeps Getting Worse

When it first happened, media from CNN, Fox, Time, NY Times, Washington Times, and other popularity driven news organizations did the lazy thing and reported the press release that Epsilon and those companies who turned over your personal information to Epsilon wrote to give the information they wanted you to think was true.

Epsilon Breach Press release

But the information contained in that release, like most press releases, is misleading at best and downright false at worst.

Here’s why…spam and spear phishing are the least of your worries in a breach of this kind. Coupled with other information email addresses, usernames, and companies you deal with can tell a lot about you and give identity thieves and identity sellers, loads of personal information to gain access into your life.

Not to mention that the folks who stole this information want you to turn over your computer to them. While they don’t want the electric bill from running it, they do want to use its CPU cycles, ram, and hard drive space to rent out to spammers, malware providers, adware servers, adult oriented material, child pornography, and let’s not forget about general mischief.

So how do you protect your from all of this sad activity?

1) Never click on links in incoming emails.
2) Use a good anti-virus/anti-malware/firewall.
3) Use common sense. Do not load photos/images just because a friend, an acquaintance, or someone else you may know sent them to you. Using steganography, a user can load javascript loaders, into the cutesie images that are sent to you and those can be used to begin delivery of malware, spyware, or other stuff you just don’t want on your system.
4) Stop sending emails that are meant to be forwarded. These give hackers an idea about which users are more susceptible to attack than others.

Finally–the reason why spam and malware continue to spread is because people are allowing the tools that come with their PC’s to expire, or just think a sofware firewall is sufficient. And let’s not forget the profit margin. Sending spam is quite profitable and people keep opening it, reading it, and responding to it.

It’s so profitable in fact, that many of the original spam factories of the 90’s are now legitimate email marketing companies.

So please…take responsibility for your computing actions. If you cannot afford to pay for the Symantec/McAfee software subscription that comes with your new computer…have a tech remove it and install Microsoft Security Essentials, AVG, Avast, Avira, or some other free anti-virus option.

Things you don’t own anymore

It started with Microsoft and the notion of software licensing. It was a simple enough idea; since Microsoft wrote the code and owned it, their claim to ownership did not end when the user paid their hard earned money for it. No one really paid much attention to this at first because users never really pay attention to anything important beyond price.

So enter into the field other software companies who followed Microsoft’s model. The model remained the same, you pay a software manufacturer x-amount of money in order for the right to use their software. You do not own it. You cannot resell it. You cannot loan it out and your wife and children cannot legally put it on their computers if you have it installed on yours.

And by the mid-90’s users were not paying attention to the law and these software licenses. So other industries began using this model for their items.

Audio/video production companies, like Sony, MGM, and Universal Music Group, began implementing these policies with their media. Up until the mid-90’s, the idea of making copies of your cd’s, tapes, and albums, was normal and we all did it and shared those duplicates with family members but the media rights holders had different ideas and to quote Sony Music Group’s attorney, “copying music that you own,” for your own listening purposes, “is stealing.”

So where am I taking this? Today, Adobe software announced a new subscription plan for their industry leading, and pretty much monopolistic software. Adobe Photoshop, Acrobat, Flash, and other tools are seriously overpriced and are among the most pirated materials on the planet.

How bad is their plan? Would you be willing to pay $50/month-every month for the rest of your life, to use Adobe Photoshop? How about paying $139/month every month for the rest of your life for their creation suites?

Can you wait for the car industry, which has already jumped on board this, “you paid for it but you don’t own it” bandwagon, to join the subscription plan? Can you see paying $650/month, every month, for the rest of your driving life for the right to drive a Kia and $1200/month to drive a Ford F150? Wait for it..it’s coming because you don’t pay attention.