Practical Technology

for practical people.

September 23, 2009
by sjvn01
0 comments

Can you trust that Hallmark e-card?

Everyone likes getting cards. I’d prefer paper-cards to an e-card, but hey, I’m not choosy. Any card is still a sign that someone’s thinking well of me. Except, of course, when it’s not really from a friend, but a soul-less bot trying to infect my computer with the latest malware.

In particular, it seems like a day doesn’t go by that I get a Hallmark e-card in my e-mail, and every last one of them has been spam message bearing malware or an attempt to get me to link to a malicious Website. I’m not the only one.

A quick look over the Web showed me that Hallmark malware spam seems to come in waves. And, yes, we’re getting another tidal wave of them now. As the holiday season approaches, I’m sure we’ll only see more of them.

As it happens, Hallmark does sell real e-cards, so you can’t just delete every e-mail that comes along that proclaims it’s a Hallmark card. Fortunately, there are ways to tell the real cards from the bad ones.

More >

September 23, 2009
by sjvn01
0 comments

21st-Century Backups

So you’ve never gotten into the habit of making regular backups? Fortunately, nowadays copies of your e-mails probably rest safely with the likes of Yahoo, your photos with Flickr, your word-processor documents with Google, your music with iTunes, and so on. Whew! These applications reside on massive server farms, surely making your data as secure as they’d be with one of those fancy corporate disaster-recovery services.

But no. Data in the cloud are still vulnerable—in fact, your precious documents are no safer there than they ever were on the noisy, ancient 10-megabyte hard drive of your first PC.

Consider this. Within the past year, Apple discontinued its .Mac Groups and personal home pages, and AOL closed down its AOL Pictures, Xdrive, and BlueString services. Things are even worse over at Yahoo, which terminated Yahoo Briefcase, FareChase, My Web, Yahoo Audio Search, Yahoo Pets, Yahoo Live, Yahoo Kickstart, and Yahoo for Teachers, and will soon shutter the venerable Geocities, a site that was already five years old when Yahoo bought it in 1999.

At least these services folded in an orderly fashion. Linkup, formerly MediaMax, closed its doors in the summer of 2008 with little notice, taking with it hundreds of gigabytes of personal photos and videos. Its customers needed backups, and so do you—even a robust service like Gmail goes off-line from time to time.

More >

September 22, 2009
by sjvn01
0 comments

The SMB Blues

SMB (Server Message Block) is the network protocol glue that binds together many file and print servers and clients for Windows and Linux, but it’s recently been running into some trouble. First, Microsoft’s proprietary take on it, SMB2, has real security problems. Next, Likewise has released a new open-source SMB/CIFS (Common Internet File System) file server software stack to share files among Linux, Mac, Unix and Windows computers, which, in the past, had been based on Samba, the popular open-source SMB server. Samba’s leadership is not happy with this.

To bring you up to speed, SMB was created by IBM to help make Windows-based file systems available on a network. It became extremely popular, Today, it’s probably the most popular of all network file systems both for Windows and Unix/Linux systems.

Microsoft tried, and failed, to keep this a proprietary system. In 2007, European Union court decisions forced Microsoft to open up the protocol. Samba, which earlier had reverse-engineered SMB/CIFS, was legally allowed access to the protocol.

More >

September 22, 2009
by sjvn01
0 comments

Applications are your biggest Security Risks

According to the SANS Institute, a prominent computer security company, it’s your applications, not your operating system, that’s probably putting you and your PC into the most danger from being attacked.

In its latest report, The Top Cyber Security Risks, based on data from over 9-million systems protected by TippingPoint intrusion prevention system, its your unpatched PC software that’s most likely to give your computer a bad case of malware. The biggest targets aren’t, as you might think, Web browsers or e-mail clients that work directly with the Internet. No, it’s the applications like Adobe Flash and PDF Reader, Apple QuickTime, and Microsoft Office, that your Web browser or e-mail client call on to read or play media from the Web that’s currently the real problem.

Here, says SANS writes, is how it works: “Waves of targeted email attacks, often called spear phishing [E-mail messages that look like they’re real message from a trusted sender], are exploiting client-side vulnerabilities in commonly used programs. … This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected Web sites. Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software.”

More >

September 21, 2009
by sjvn01
0 comments

Free Linux, Proprietary Linux

Linux’s heart is open source. But, developers can pick and choose how much, if any, proprietary software they want to include in their distribution. Recently, the Free Software Foundation announced its latest additions to its listing of open-source purist distributions. This lead me to thinking about both these distributions and the best of the distributions that go the other way and contain a great deal of proprietary programs.

There was a time when if you wanted to be sure a Linux distribution to work on any PC you almost had to include some proprietary firmware for graphic and Wi-Fi drivers. Those days are long gone. Hardware component manufacturers tend now to either include open Linux drivers or have opened up their specifications enough that Linux developers have created drivers for their equipment.

Today, the most common reason to include proprietary software is to provide video and audio support. The most popular video and audio codecs, such as Adobe Flash; Microsoft WMV (Windows Media Video) and MP3, are proprietary. While there are open codecs, such as Ogg Vorbis, they tend not to be used very much.

More >

September 20, 2009
by sjvn01
0 comments

Microsoft says turn off Windows feature to protect Windows

There’s no real reason for SMB2, (Server Message Block 2), a Microsoft network file and print-sharing protocol that ships with Windows Vista, Windows Server 2008 and Windows 7, to exist. All it does is duplicate the basic network file and print functionality that Windows has provided for over a decade. But, SMB2 is in there, it is broken, and, now it can be used to take over PCs.

Microsoft admits that the problem is real. Mark Wodrich and Jonathan Ness, part of the MSRC (Microsoft Security Response Center) engineering team wrote that an experimental exploit is already out and that it can fain “complete control of the targeted system and can be launched by an unauthenticated user.” Just what you didn’t need.

There is a way to fix it. Well, sort of. You have to turn SMB2 off. You can do that the hard way, by editing the Windows’ registry, or, the easy way, by clicking on this “Fix it” link from a Vista, Server 2008, or Windows 7 PC. But, if you do, and you use SMB2 to connect to network drives or printers, you’re also going to lose the ability to use any of them. That will go over big in many businesses.

More >