New trend in credit card fraud

The ISC StormCast for today – https://isc.sans.edu/podcastdetail.html?id=3266 – mentions a new way stolen credit cards are being automated.  Rather than start at minimal amounts (as in 0.05) to test the cards, the attackers are starting at high amounts and ratcheting downwards until the transaction is accepted....

Mobile usage March 2012 according to Nielsen

Nielsen reports today that more than 50% of Americans use smartphones, and than Android-based phones are in the lead.  Android is at above 48%, and iPhone is at 32%. Android software is heavily fragmented, however, and I would suspect that a demographic study of users would reveal that iPhone users are more valuable in...

“Free” antivirus software packages

The word “free” is always dicey when you talk about computer software. Usually, free software is a loss-leader for the software company, and such software often comes bundled with stuff which tries to separate you from your money later on. And, in the worst cases, this “stuff” is spyware, which spies on you, trying to figure out how to sell you more stuff. Nevertheless, there are some computer security companies which make available some good antivirus software, and they give it away to home users. Those companies hope to make money later, either from upgrades, or indirectly as a marketing cost leading to higher trust levels (for instance, tech people buy their software for non-home situations) I often will recommend these packages to my clients, and they work well in a pinch. The biggest problem with these programs is that they can turn into “nagware” – that is to say, they start nagging you to buy an upgrade. AVG, for instance, used to be pretty quiet, but now (in 2008) its newest version is total nagware. Avast! 4, from the Czech company Alwil. http://avast.com/eng/download-avast-home.html The main annoyance with this software is the yearly registration requirement, but that is no more or less annoying than some website registrations. AVG Free, also from a Czech company, AVG (formerly Grisoft). http://free.avg.com/download-avg-anti-virus-free-edition — AVG has been amping up the upgrade nags quite a bit lately, so if you install this, be prepared. Comodo Internet Security: http://www.comodointernetsecurity.com/download_cis.html — This program is a bit technical and geeky, but its latest upgrade strikes me as worthwhile. There are a few other currently free antivirus software packages...

LogMeIn: good stuff

Thought I’d give a shout-out to the makers of LogMeIn (http://logmein.com), who have come up with a useful free version of a product which turns out to be more handy than my previous option (a combination of DynDNS, VNC, and fiddling with routers). In the span of 3 months, I went from not using it at all to having more than a dozen systems on it.  (It even has a Mac version, in beta, which I can use to remote-control my media-laden MacMini.) About two years ago, I tried to get Hamachi working — that was the original project by this company, so far as I know. Frankly I was left a little baffled, and ended up using the old standby, OpenVPN.  However, compared to Hamachi-of-two-years-ago, LogMeIn is wonderfully slick. I foresee a time when I’ll be using its Rescue, Pro, and Backup versions — there are situations appropriate for those kinds.  (Pro allows you to locally print off a remote program; Rescue lets you help people remotely without an install; Backup does what backup implies — competitor to Mozy?)  But for now, LogMeIn is good enough to keep me from exploring further VNC, PCAnywhere, Connect, Remote Desktop, SharedView, WebEx, or Glance.  In the future, those will surely become part of the...

Malicious website advertisements: new trends

A client of mine ran into an odd event last week: the computer seemed to be infected either with a virus or with an anti-virus program which wouldn’t shut up. After looking at it a bit, I had to shut down the web browser, and though I couldn’t find any malware, I made sure her workspace was over at a non-admin account. Now today, I find that reputable websites (that is, if mlb.com and canada.com are reputable) are serving advertisements from doubleclick — and those ads are the culprit. This youtube video shows what happens. What can you do? Well, we are now in the age of cross-site web programming, wherein almost all websites are assembled together on the web browser to create one’s internet experience. You have to assume that even responsible websites will be using scripts, videos, or widgets from other sites. And you also have to assume that they won’t catch everything. So: you have to practice safe browsing, now more than ever. This means one thing, above all: Don’t browse the web when you’re using your computer in a profile or account which can make widespread changes on your machine. (These are usually called “administrative” accounts.) If you do, well, you’ll be paying someone to clean up your machine sometime...