I have already mentioned at various forums that the online programs like Twitter, Facebook, etc were created to make money for those who introduced and marketed them. There is nothing wrong with it but how many similar web sites do we really need? There are several new applications AROUND the Twitter. Every one of them wants you to subscribe and login and multiple the number of users. Why? To sell the web site later! Who are those time-wasters beyond teenagers? You and me, and millions of others.
Imagine that there were no Twitter and similar web sites that grow like mushrooms after rain.
Would you really miss it? Maybe 5% of all Twitters would honestly say yes, but the majority including myself simply would not care.
People stopped to socialize personally. They use Facebook, MySpace, Craigslist, Twitter, Delicious, ...
I have counted more than 150 web sites, so far! There are probably more not listed on Wiki. Instead of meeting people personally, we are texting like crazy - everyone is super-busy to even look around - texting, texting, texting...
This is worse than swine flu. Maybe it is another, more crazy form of forgotten Usenet? I would call most of those web site social time-wasters. There are not so many that are truly useful.
I hope some day people will realize that it must be limited, and the identity theft that is a result of social networking can be stopped if people will stop posting full biography and personal data on the web sites and also will be more careful about infected web pages on social networking web sites that became simple target for malware creators/distributors.
Are you aware of the fact that there are many new social networking sites dedicated to hate, racism, anti-antisemitism, recruitment of Muslims for who knows what, hacking, and similar?
While we cannot simply stop it, we have to be at least aware of what's going on. Instead of endless texting just step aside and think for a moment about what's going with all of this craziness. Is it really useful for your life? Can you live without typing?!
There will be some folks that might disagree with me. OK, what's your take on it?
Thursday, May 14, 2009
I am sick of Twitter, are you?
Wednesday, April 29, 2009
Why I use the VIPRE to protect my PC against malware
- 1. Free ZoneAlarm Desktop Firewall
- 2. Free AVG Anti-virus software
- 3. Free SpyBot anti-spyware software
- 4. Free AdAware Personal anti-spyware and ad-watch software
Word of caution:
When you use multiple anti-malware programs, make sure they don’t conflict with each other. First of all, they may recognize the competing program as a malicious. Secondly, they often use the same areas of memory or control the same important files of your desktop operating system. If you do not temporary disable other anti-malicious programs while you ran the anti-virus or anti-spyware software your PC can be locked or even worse - the files will get corrupted.
Wednesday, April 1, 2009
What to do if you are infected with Confiker
Just to share waht I found:
1. Point your browser to Symantec.com or McAfee.com
If you are able to access the web site, your computer is probably not infected with Conficker as the worm blocks access to most security web sites. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies.
2. If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here: http://www.800-security.com/tech/FixConfiker.exe
Advice to Stay Safe from the Worm:
1. Run a good security suite (I just began using VIPRE from Sunbelt software, and very pleased with it).
2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
3. Don’t use “free” security scans that pop up on many web sites. Many of them are fake. In addition, some of them are using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. In accordance to some security pros, there is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
4. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
5. Be smarter with your passwords:
1. Change your passwords periodically
2. Use complex passwords – no simple names or words, use special characters and numbers
3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
4. Use fingerprint readers (buy from Digital Persona - I love them). You can avoid typing (and any keylog software won't be able to capture it)
5. Use the multi-word passwords (for instance: "my buddies use rtek2000" or "security is not a measure but process"
Wednesday, March 4, 2009
Phishing Guide
I thought you might be interested to read the new articles from PayPal on PHISHING and how to protect your identity and money.
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/UnderstandPhishing-outside
Please read all 3 parts. The links to each next part are below the article. PayPal has done very good job on explaining the problem with plain English and nice illustrations. Don't miss it!
Monday, November 3, 2008
What's your plan on Windows 7 and new PC?
Several weeks ago, one of my customers that I am mostly volunteering (he is over 80) asked me to assist him in buying the new PC. He brought several brochures from HP and Dell. To my surprise, ALL of them where 64-bit systems. The surprise was unpleasant since I did not shop for the new PC for at least 2 years since I bought Dell 8400 with 3GHz processor. Why unpleasant? Did you try to install Office 2003 on 64-bit machine? How about a bunch of other applications that you get used to but CANNOT use with 64-bit hardware?
Do you see where I am pointing to? The PC manufacturers force the consumers to buy the 64-bit systems and, at the same time, force to update ALL applications, games, utilities because they are no longer compatible... What amazes me that I did not see the articles that scream aloud about this situation?
There were many discussions about reasons to skip an upgrade to Vista in favor of coming Windows 7, the newest Microsoft’s desktop OS coming in the beginning of 2010. I have contributed to several articles where I explained why I am NOT going to upgrade to Vista but what I would like to discuss is what to do with Windows XP now.
*** Windows 7 is being dubbed "Vista done right" ***
Plenty of sources have detailed the exciting changes that Microsoft is bringing to Windows 7, the successor to Vista. Microsoft heard the screams of PC users who said they hate Vista, and therefore the new version focuses on the user experience heavily.
Here is what I found on the net:
"While some of Microsoft's competitors focus first on flash, then on the underlying architecture, Microsoft took the reverse route this time. Now, at least, the roads come together. Windows 7 is sexy, usable, and streamlined. It was demonstrated on an ultra-lite computer with a 1GHz processor and 1GB of RAM... the OS can run in less than 512MB and boots up much faster. It's likely to have fast boot options that will provide functionality for watching DVDs or other media without requiring the full OS. And because Windows 7 is built on the same kernel as Vista, we won't suffer from vendors who leverage a Windows upgrade to obsolete their drivers and hardware… in other words, no compatibility problems. Thank goodness!" Check this out also:
http://www.wservernews.com/X9Q2B1/081103-Windows-7
At the same time, you know, I am happy about Windows 2008 server, and particularly, Windows Server 2008 R2 that is also on the horizon. It really makes sense to add the power to the servers. The updated version of Win2K8 R2 comes with significant improvements to virtualization and virtual machine (VM) management. What is interesting, this upgrade is 64-bit only (the fact is known since Microsoft did not make a secret from it). The new PowerShell 2.0 and the new PowerShell-based consoles will be added, including the Active Directory Administration Console. Check this out: http://www.wservernews.com/X9Q2B1/081103-SQL-Server-2008
*** Is it a Great Time to Buy a New Computer?!**
All the major vendors have just released brand new models based on the very latest, thinnest, most power-friendly Intel (and AMD) chipsets. New models offer more storage, better power utilization, and key new interfaces including eSATA. On the "high end", there are some laptops that even can edit High Definition video and burn it to a Blu-Ray disc. By the way, about the Blu-Ray. I see that it did not gain mainstream due to high cost of licensing for manufacturers and high retail cost.
How would you justify spending $150/$200 for a new player if you can buy pretty decent quality copies of HD movies that can be played on most of the DVD players? The market of Blu-Ray players is barely 4-5% of total market (and it is after defeating the HP with their own HD format!). I believe that the new format will be introduced by some of the known firms in the closest future.
Since Windows 7's hardware requirements might actually be lower than Vista's, the new PC 2010 could be a power horse.
I don't know about you but I am not going to upgrade my 3GHz system until Windows 7 (or whatever name it will have) will be available along with thousands of utilities and applications compatible with 64-bit system.
How about you?
Monday, October 6, 2008
3 new NIST documents
There were 3 new documents released by NIST - The US National Institute of Standards and Technology. One of them was related to the Bluetooth Security with suggestions on how to implement the Bluetooth technology securely. It will help those IT professionals who are responsible for Bluetooth communications. If you want to download it, here is the link:
http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
The second document is a Technical Guide to Information Security Testing and Assessment. The finalized document provides a guidance to designing, conducting, and analyzing the data generated by those tests.
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
The 3rd document is just a draft, and at this momnet is not so significant (A Guide to Industrial Control Systems (ICS) Security.
Tuesday, August 19, 2008
DDoS attack from Russian hackers... again
1) http://blogs.zdnet.com/security/?p=1533&tag=nl.e550
2) http://www.telegraph.co.uk/news/worldnews/europe/georgia/2539157/Georgia-Russia-conducting-cyber-war.html
To confirm my point of view regarding Russian hackers and their employers, read the article above.
The actions described in the article are clear demonstration of knowledge in cyber security used to suppress the web site of a defined enemy (in this case, Georgia - former USSR republic). There are no doubts in my mind that it was pre-designed by the Russian Government. ShadowServer.org mentioned that there is no proof that the Russian Government was behind that attack. However, ask yourself why would you try to suppress the Georgian President's web site unless it's your enemy's web site?
As you can see, when the war began, all weapons in your dispositions are used. The cyber hacking or DoS attacks are the new battlefields, and it must be taken seriously.
Finally! Cheaters are punished... kind of...
Please read my comments below regarding this article from InfoWorld.
Microsoft sues site to stop certification test leaks
Microsoft claims Freetech Services was selling actual exam questions on its certification test help-site
* By Robert McMillan, IDG News Service
August 18, 2008 | http://www.infoworld.com/article/08/08/18/Microsoft_sues_site_to_stop_certification_test_leaks_1.html
A federal court in Connecticut has ordered a certification test help-site to stop publishing Microsoft-related materials after the software maker sued the company, claiming that it was selling actual certification exam questions.
In a preliminary injunction signed Thursday, U.S. District Court Judge Warren Eginton ordered Pass4sure.com and its parent company, Freetech Services, to stop distributing the materials.
Pass4sure sells "high quality IT exam practice questions and answers," according to its Web site. The company promises a full refund to anyone who does not pass an IT exam on their first try after using its testing engine.
However, Microsoft says that the company is selling actual exam answers. Company investigators downloaded the Pass4sure practice exams for a variety of tests in early May and found that they were "identical or substantially similar" to Microsoft's own certification exams, Microsoft said in court filings.
Pass4sure sells questions for many certification tests, including those offered by Cisco Systems, Oracle and IBM. The tests cost between about $80 and $125.
These kinds of professional certifications are an important measurement of professional advancement amongst IT professionals and can translate into bigger salaries for those who earn them.
Although Pass4sure no longer lists Microsoft tests on its Web site, cached pages linking to dozens of tests can be found on Google.com.
[My Comments] This company along with several others like TestKing are long due to panishing for unfair practice, stealing the revenue from competitors by engaging in the provocative Search Emgine Optimization technique (using the competitors products' keywords), cheating the Google and Yahoo with saturating their pages with hundreds of keywords related to their own products, selling the programs that repeat actual exams questions, and even selling the IT Certification certificates for a nominal fee. In order to stop their activity and bandit methods to conduct business, they have to be panished financially.
I can almost guarantee that they will announce a new web site under a new name and will do the same! Why am I so sure? They have already created the web sites with the Microsoft exams numbers as the domain names. All the links are being redirected to pass4sure.com and testking.com or testking.name (Example: www.640-802.net). I guess, Cisco must follow the Microsoft's steps.
Friday, June 20, 2008
My reply to the Article about CISSP certification
I posted the reply to the Article about CISSP certification http://www.tssci-security.com/archives/2008/06/19/rip-cissp/#comment-7927 at TS/SCI Security.
Well, I have written an article in 2002 when the certification craziness was in its highest spot (http://www.rtek2000.com/Good/Why_we_have_to_fight_with_hypes.pdf). If you spend 10 min to read the article you will understand my point regarding who particularly benefits from all 5000 existing certifications. It is still the case with some exceptions. I have been an employer and I am an employee, so I know both sides of job market. There are many cases when the certification is a big plus if you want to be hired for certain positions, and as much as I don't like certifications I have to admit that I have few including CISSP that I got last year.
While I was learning the material for about 4 months, I got my horizon expanded. I learned about risk management, disaster recovery strategies, and cryptography. I know for sure that I would never touch those topics otherwise. The CISSP certification is intended mostly for managers who plan the security and risk management within their firms. It is not in any way a substitution for hands-on experience. In fact (and many folks know it) the CISSP certification is about two inches in depth knowledge about 10 CBK domains but two miles wide (a little bit about everything). So, we are talking about generalists here, not hands-on professionals - if you are talking about hands-on knowledge, it has nothing to do with it.
Why it became a popular certification? Mostly due to the good marketing by the ISC(2) marketing team. They were able to penetrate the DoD to make CISSP a standard for any security professional. All other vendors including CompTIA failed to reach such a degree of popularity.
I passed the exam to prove something to myself, and currently I have no benefits of having it in addition to $500 exam, and $85 yearly fees. But you'd be surprised that my resume with the magic letters attracted many job recruiters. The CISSP certification may bring some benefits to job seekers.
Feel free to look for CISSP certification resources here: http://www.rtek2000.com/courses/CISSPresources.html
Thursday, June 19, 2008
The lost war in a progress…
It’s been said a lot about a war with hackers, virus creators, spammers, etc. The war that is in continuous mode – had some start dates but with a high degree of certainty will never have the end date until we use computers connected in the networks.
Unfortunately, we still have a reactive approach to the spyware/virus problems even if there were numerous advances in the anti-virus and anti-spyware technology that deal with sophisticated technique to cause you damage on your desktop or server.
I have recently updated my free AVG anti-virus program with the latest version 8.0. I don’t have a lot of disk space (total probably around 400GB) but the program took about 15 hrs to scan through my files. I was amazed with amount of discovered infected files, registry entries, cookies, etc. It would not surprise me if I’d not use the AVG or any other anti-spyware or anti-virus program before, but after upgrading to the latest version that includes all available protection (even the web links) and the amount of discovered vulnerabilities (keyloggers, Trojans) I was surprised with a level of detecting that was greatly improved with a new version. Of course, all the sophistication of the software comes with a price of being very slow. Agree that 15 hrs of scanning and slowing down the processor to 50% of its capacity is not the best feature of any anti-virus software.
With hundreds of new viruses and spyware program being created and purged in the net, the virus databases are swelling. It takes more and more time to compare each file on your system with thousands of known and possible infections. It is like to have a heavy armory on your body that becomes heavier every hour slowing you down in your quest to fight with an army of virus creators.
Recent news about utilizing the strong 1024-bit RSA encryption that is impossible to crack to screw up your desktop files is a proof of lost war in a progress. Look how shameless the enemy is. To encrypt your data files with 1024-bit encryption and to sell the private key to decrypt it is not something that can be taken easily (http://blogs.zdnet.com/security/?p=1251 ).
Imagine you have the reports or financial spreadsheet files and then suddenly you realize that you cannot open them. Instead of getting the files opened on the screen you are getting a popup message with an e-mail address where you have send money to buy the decryption software. No, you cannot find who the perpetrators are – believe me, they are the same smart to hide their identities as smart to write the software. What would you do?
Some of the folks mentioned that good backup is a protection against this vulnerability. But others properly argued that you usually never check if you can open EVERY file after you performed the backup. It means that you can overwrite them next day with encrypted file if you use the large capacity hard drives or tape to perform the backup operation. There is only one way to preserve the original files if you burn the CD/DVD and collect them day after day.
Something similar happened in a past. If you run Google search you may find the following links: http://www.jahewi.nl/malware/ransomware/ransomware.html, http://news.bbc.co.uk/2/hi/technology/5038330.stm.
Many folks put their two cents about this story. The one comment from Duncan I like I want to re-post here:
“*ransom note received composed of random letters clipped from newspaper*
"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"
..but seriously, folks, this starts to sound like some sort of weird 419 scam. They're not going to decrypt your files even if you pay them, and I'll bet you a whole DOLLAR that if you're stupid enough to contact them, they accept only CREDIT CARDS as payment. Chances are that the data isn't even really encrypted, it's just plain overwritten and GONE, copied over with gobbledygook random data, and you'll just get your identity stolen on top of never getting your files back. On the other hand they think they're being really clever, I'm sure, and the ones that think they're clever are usually the ones that get caught quickly and go to jail for a long, long time.”
I just hope that Duncan is right and the smart a%%$$ will be caught quickly.
