Monthly Archives: June 2008

e-books

Posted by on 23 June, 2008 No comments

Like any other thing on the internet that can be downloaded, e-books present their own risks.

books If you need to download an unknown program or plugin to access the e-book then consider if it’s really necessary. Sometimes things you download carry malicious code which often ends up installing spyware on your computer.

One such example is a browser plug-in from bitroad.net. It promises to help download free e-books. In the background it installs malware.

E-books represent a large shift in technology for distributing media. Formats will continue to change, new tools will continue to be developed, and new opportunities will be found to distribute malware on the side.

So always take care what you download or install (in general, the less you install on a computer the better it’ll work). And invest in a good anti-virus package that also scans for spyware.

Bluetooth Patching

Posted by on 11 June, 2008 No comments

blue background Microsoft has just released June’s lot of Windows patches for XP and Vista. Among the latest patches is one to fix a vulnerability in the Bluetooth stack.

If your computer uses Windows XP or Vista and it has Bluetooth then you need this patch. If your computer doesn’t automatically download and install patches you’ll need to go to Internet Explorer, go to the Tools menu and select Windows Update. Until then you should turn off Bluetooth, otherwise someone could take control of your computer.

Bluetooth has always had security problems from the start. There have been a few fixes along the way but overall it’s an insecure technology.

Technical details about this patch here.

Plastic Container Hoax

Posted by on 10 June, 2008 No comments

There is an email being circulated that warns people on the dangers of plastic containers. It provides a pseudo-scientific explanation on how plastic containers can cause cancer, and references some medical sources.

It’s a hoax. People start these emails for fun just to see it forwarded to millions of people. There’s no financial gain to be made from these hoaxes, no harm done either. And to you this should be an important reminder not to believe everything you read on the internet.

plastic water bottle Here is some of the text from the email (to help Google index this page and to help more people find this article):

Dear Friends, Gentle reminder, is never to late to change our bad habits of having everything fast. Avoid warming food in microwave using plastic containers. This may endangers your lives.

Cancer Update please see below ! Hopkins
This information is being circulated at Walter Reed Army Medical Center as well.
Please circulate to all you know; Cancer update
Johns Hopkins – Cancer News from Johns Hopkins

No plastic containers in micro
No water bottles in freezer
No plastic wrap in microwave…

A dioxin chemical causes cancer, especially breast cancer.

Dioxins are highly poisonous to the cells of our bodies. Don’t freeze your plastic bottles with water in them as this releases dioxins from the plastic.

Recently, Edward Fujimoto, Wellness Program Manager at Castle Hospital , was on a TV program to explain this health hazard. He talked about dioxins and how bad they are for us.

He said that we should not be heating our food in the microwave using plastic containers..

This especially applies to foods that contain fat.

He said that the combination of fat, high heat, and plastics releases dioxin into the food and ultimately into the cells of the body…

Instead, he recommends using glass, such as Corning Ware, Pyrex or ceramic containers for heating food… You get the same results, only without the dioxin. So such things as TV dinners, instant ramen and soups, etc., should be removed from the container and heated in something else

Paper isn’t bad but you don’t know what is in the paper. It’s just safer to use tempered glass, Corning Ware, etc.

He reminded us that a while ago, some of the fast food restaurants moved away from the foam containers to paper. The dioxin problem is one of the reasons

Also, he pointed out that plastic wrap, such as Saran, is just as dangerous when placed over foods to be cooked in the microwave. As the food is nuked, the high heat causes poisonous toxins to actually melt out of the plastic wrap and drip into the food.

Cover food with a paper towel instead.

Now onto the explanation about this hoax:

At the beginning of the hoax email it states that this research comes from John Hopkins. John Hopkins Bloomberg School of Public Health is a medical school in USA. They have nothing to do with this email or the information contained within it. In fact they’ve published a statement that says,

These messages, frequently titled “Johns Hopkins Cancer News” or “Johns Hopkins Cancer Update,” are falsely attributed to Johns Hopkins and we do not endorse their content.

Freezing water does not cause the release of chemicals from plastic bottles.

Read the full notice here. And in case you’re still thinking “what if the email is right, what if…”, John Hopkins Bloomberg School of Publish Health also adds:

This is an urban legend. There are no dioxins in plastics. In addition, freezing actually works against the release of chemicals. Chemicals do not diffuse as readily in cold temperatures, which would limit chemical release if there were dioxins in plastic, and we don’t think there are.

microwave oven Read the rest of this quote, and much more scientific information about why this is a hoax, here. Note that microwaving some types of plastics can be hazardous, read the medical article for accurate information. The above Q&A was published in 2004. This hoax email has been going since 2002.

So the next time you receive one of these emails, instead of forwarding it to 10 people thinking you’re doing them and yourself a favour, let the sender know it’s a hoax and refer them to this article for reference.

Advanced Fee Fraud on LinkedIn

Posted by on 8 June, 2008 No comments

The Advanced Fee Fraud is also known as a 419 scam. This is an old and still very popular scam whereby someone who is either a foreigner or is posing as a foreigner asks a stranger for help transferring large amounts of money. They promise a large compensation in return, and ask for some money to get things started. It sounds simple and a lot of people fall for this.

business card LinkedIn is a social networking site, much like FaceBook and MySpace. LinkedIn is mostly used by professionals, i.e. adults with bank accounts and who have money. This would make a good target for a scammer.

It’s been reported that these advanced fee frauds have been appearing on LinkedIn recently. Users of the service are being too trusting of the community and scammers are taking advantage of this.

If you use any social networking site please be aware of people trying to scam money using these ploys. Read up on how this scam works and let other people know about it.

Malware in Resumes

Posted by on 5 June, 2008 No comments

cubicles Recruitment companies receive a lot of resumes in Word format, as you’d expect. But it seems that there’s a growing trend of these Word files being infected with some type of malware. Often there is automated software at recruitment companies to forward the resumes to their clients without scanning them for malware.

Hackers have caught onto this and are targeting these companies. They’ve been sending resumes (probably not their own) with backdoor trojans embedded in the document. This gives them a chance to gain access to these networks.

If your work involves receiving many Word documents from the general public put in place a plan to screen these for known malware, and to limit the damage they can do if a new (unknown) trojan gets through. Most security specialists can help with this.

Tracking Mobile Phones

Posted by on 3 June, 2008 No comments

It’s no secret that mobile phones can be tracked by phone companies. The technology has existed for years and there are usually privacy laws in place so the facility isn’t abused.

A new system has been designed to track mobile phones in a defined area such as a shopping centre. It works by tracking the unique IMEI number that every GSM phone transmits.

phoneThey can’t track your name or phone number using this, but they can work out your shopping habits such as which shops you walk into. If they were extra smart they would link your name, when you pay for something with a credit card, to your phone’s ID. But they haven’t done this yet.

It’s already been installed in two US shopping centres (one of them is Gunwharf Quays in Portsmouth).

Apart from marketing and security data this provides to its operators it’s a privacy issue to regular people. Read the full article here.

Safari Threat

Posted by on 3 June, 2008 No comments

Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?

A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.

So what’s the flaw?

It’s being called Carpet Bombing. Here’s how it works.

safari elephants A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.

The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.

Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.

So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?

We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.

Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx

Further info here, here and here.

Privacy of Olympic tickets

Posted by on 2 June, 2008 No comments

6.8 million Olympic tickets have been printed and will be carried by people attending Olympic events in China this year. What’s different this year is that each ticket will contain a tiny microchip.

This chip will contain visitor’s photo, passport details, address, email address, and phone number. (Photo and passport data will only be on tickets for the opening and closing ceremonies).

US passportThat’s a lot of information recorded on the actual ticket itself. Usually tickets just have a serial number, or sometimes even a person’s name.

Chinese Olympic organisers have their reasons, they want to protect the events against known protestors.

Another perspective is that this is a privacy risk for people purchasing and carrying the tickets. A visitor carrying one of these tickets has no control over:

  • who gets to read the information stored here
  • whether the information is accurate
  • any other information stored on the chip (you can’t know what’s on it)

There isn’t anything you can really do other than choose whether or not to attend. If you wish to attend and purchase a ticket just be aware that this private information will be written on the ticket and will be readable by anyone with the correct equipment.