Digital Choke Daynotes

 Sunday, October 24, 2004       mail    link   the story

Brian Bilbrey sent out an important note if you are a Red Hat Linux user (or subscribe to mailing lists related to Linux). The message says that there is an important security update related to a security risk. It includes instructions on how to download the "patch" from a web site, and how to install it.

The result will probably be a compromise to your system. I haven't seen any reports yet of what the patch actually does. But the RedHat site has this statement (which is not on their main page, but the security page here):

Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team. These emails tell users to download and run an update from a users home directory. This fake update appears to contain malicious code. Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified. For more details see www.redhat.com/security/team/key.html.

There are several things you should remember from this:

• Never download a patch from a link in an unsolicited email. Always go to the web sites to get the patch.
• Never open a patch that a 'company' sends you as an attachment to email messages. Responsible companies never send patches via email.
• "Trust, but Verify" is the mantra of us security dweebs.
• "Phishing" is not just for Windows. (That link will take you to our Phishing report.)

And it's not just Windows or Linux systems that are vulnerable. I found a report from F-Secure (anti-virus company) about a newly discovered virus for Mac OS-X. They linked to a site called MacInTouch , which starts out with this statement:

There's now a real virus out there for Mac OS X that can do some real damage. It doesn't seem to be too destructive although it does delete some UNIX commands and modifies prefs for a couple of others. It will gather all password info on your machine. For now, lets call it "Opener."

It's not clear if this virus is not "too destructive". The folks at F-Secure say that

It seems to be pretty nasty as it contains destructive functionality, a keylogger, a backdoor etc.

So, Will Robinson -- be careful out there.

 Monday, October 25, 2004       mail    link   the story

You've probably seen similar reports (one is here), but the National Cyber Security Alliance and AOL did a phone survey asking how people about the security of their computer. (The study is here, and is quite interesting.)

The results were not pretty. While 77 percent of the users surveyed felt fairly confident they could withstand a security intrusion from the internet, over half did not know what a firewall was.

This survey is even more interesting because researchers also inspected the users' computers. When their computers were checked, the results were even more staggering. Nearly 80 percent of the PCs were infected with some form of spyware or adware. The average user had 93 spyware/adware installations, while one computer was running (barely) with more than 1,000. On the virus front, 67 percent of the users had outdated anti-virus software and 15 percent had no anti-virus software at all.

More secure products (operating systems, programs, browsers, whatever) is not the only thing we security geeks have to worry about. User education is also important.

Which is why this is another plug for my "Simple Steps for Safe Computing" link. It is my own humble effort to try to educate others. Dr. Jerry Pournele was kind enough to include a link to it in the mail section of his web site last week. And I got a little surge of about 500 people that looked at it because of that reference. One can hope that they have passed along the link to others.

I'm not the only one trying to educate users; I just did a Google of that phrase ("Simple Steps for Safe Computing") and got 19 results. My page is the seventh entry, which is interesting, but not the main point.

This type of information, mine or someone else's, needs to be passed around to those that less technical. If you've been around here for a while, you know that computer security is a common theme. We need to share this type of information around to all we know. You can point to my pages, or someone else's, but the information needs to be shared.

I won't guarantee that my steps will fully protect a computer, but they will help.

 Tuesday, October 26, 2004       mail    link   the story

Working on my cold. It started Sunday; I probably got it from the grandkids when I watched them Friday night. I didn't sleep well Sunday night, so stayed home from work yesterday. Slept about the same last night, but that was due to the rain. I live in a two story house; the master bedroom is on an upstairs corner. And one of the aluminum gutter downspouts is at the corner of the house. So when it rains lightly, the dripping water sort of echoes throughout the downspout. Sort of like a dripping faucet. You would think there would be something you could put in the downspout to reduce the dripping sound. Any ideas?

So the cold is at the "slightly sore throat and talking like a frog" state. Which is not really good news, as tomorrow night I am teaching a class on one of the "Citizenship" merit badges for a scout troop at our church. Just hope the voice holds out. I'll be taking along a bunch of Hall's "Fruit Breezers" lozenges to help out.

I dug around in the office closet for the merit badge books. Then I found a couple of good merit badge sites with the requirements and a scout worksheet (www.meritbadge.com). I think that I'll start on the "Citizenship in the Nation" badge first...or the "Citizenship in the Community" one (which takes a bit more work). I probably will decide when I get there. But I did find some good material with a couple of Google searches. So it's off to check out the stuff that I printed to refresh my memory of things.

And did I mention that it is less than two shopping months until Christmas (and less than one until my birthday)?

Brian Bilbrey (who knows more about *nix than most people I know, hosts this place [along with Greg Lincoln], and is a member of the "Daynotes Gang", so check out his "Grafitti" pages), sent along a clarification of my post (Sunday) about the fake Red Hat update advisory (thanks, Brian!):

the RH [Red Hat] phishing email didn't have an attachment. It was sending people to a website to pick up a "tarball patch", the site was www.fedora-redhat.com, a real domain name registered to a mishmash of name and geographical oddities. The site was up when I wrote the email, hosted on Yahoo Webhosting services. It is now down. And there weren't even any gross spelling or grammatical errors in the email (there were a couple on the site, what maroons!).

So, my advisory not to open attachments in unsolicited email didn't apply here (although still a good practice). But the phishing email was typical of many that are being sent out. This one was fairly clever, with a real web site that seems real (at least by the name; I didn't see the actual site, and I don't think it was up long enough to get into the Google cache). The mail itself was fairly believable at first glance, especially to the 'noobs' (that's pronounced "new-bies").

One good technique for hackers to get information is 'social engineering'. This, and other phishing emails and web pages, are good examples of social engineering. You can see examples of current phishing attacks here. Most phishing attacks are trying to get financial information, and some are well done.

So: "Let's be careful out there" (Sergeant Phil Esterhaus [Michael Conrad], "Hill Street Blues", 1981-1984). Not everyone on the 'net is a nice person like me.

 Thursday (am), October 28, 2004       mail    link   the story

Home today: a bit stuffy, slight sinus headache, scratchy throat.

Last night's Merit Badge lesson went real well. I decided on the "Citizenship in the Nation", so got to talk about the Declaration of Independence, Constitution, checks and balances, and other good stuff. There were 8 boys there, and they all paid attention almost the whole hour. And my voice held out with minimal cracking.

At the end of the lesson, we all trooped (isn't that what scouts do?) outside and took a peek at the lunar eclipse. The sky was mostly clear, so we got a good view.

So, it went well. But I was 'whacked' when it was over. Got home about 8:30pm, and was too tired to do the nightly surfing and daynoting.

Yesterday on the way home from work I was treated to a fantastic meteor logical view. It was a bit after 6pm (Pam had to work late), so the sun only had an hour left in the western sky. But to the east, there was this terrific bank of clouds (cumulus? the white fluffy ones?), with a giant thunderhead rising above it. It was quite a site, and since the first part of my commute is mostly east, I got a great view of it.

There are a few sections of that part of the commute where you can see the foothills and Sierra Nevada mountains (on a clear day). Yesterday, the cloud cover was high enough that you could see the mountains (with a bit of snow) under the clouds, then the fluffy cumulus clouds, and then that giant thunderhead with the classic anvil shape. It was very impressive; I wished that I had the camera with me to take a picture of it. Haven't been able to find a picture on the local news sites. (later...see below)

Today is mostly cloudy, cold, but no rain yet. So I am staying indoors with my cold, watching TV and surfing. Right now, it's "Bullit" with Steve McQueen. Just saw the classic car chase, with Steve in his 1968 Mustang against a stock Dodge Charger R/T careening through the hilly streets of San Francisco. A nice 10-minute basic car chase. No special effects, a few continuity problems (the green VW bug shows up too many times, along with too many hubcaps falling off of the Charger), but a good chase culminating in the fiery crash into a gas station.

For you trivia fans, the license plate on the Mustang is "JJZ 109" (California plates; yellow characters on black background).

See, you can actually learn important (?) information here.

 Thursday (pm), October 28, 2004       mail    link   the story

The folks at the local "major Sacramento newspaper" (the Sacramento Bee) have a picture of yesterdays "thunderhead". Here it is.

Great picture.

 Friday, October 29, 2004       mail    link   the story

These two stories are encouraging in the war against Internet fraud. You can find more information about these stories at your favorite news site.

"The US Secret Service Thursday announced arrests in eight states and six foreign countries of 28 suspected cybercrime gangsters on charges of identity theft, computer fraud, credit card fraud, and conspiracy."

"Internet service provider EarthLink (earthlink.com) announced on Friday that it has filed a new lawsuit in federal court in Atlanta as part of its continuing fight against spam."

So, that's the good news. Here's the bad news.

Widespread alerts for new varients for Beagle/Bagel viruses in emails. Most anti-virus vendors are sending out extra updates (McAfee has released two or three since their normal Wednesday updates).

So make sure that you have the latest updates from the virus vendor of your choice. And the usual precautions apply.