Bogus Spyware Removal Apps

Newsday is running a piece on bogus spyware applications that mimic successful free applications (like Spybot and AdAware), but either don’t work, or worse: install spyware themselves. The article quotes Eric Howes, a BBR security forum regular, who maintains a list of 75 such suspect products, with more being added daily. Howes also points out the lengths to which over-eager entrepreneurs will go to get their products noticed (like phony review sites, Google rank manipulation, etc.).

http://www.broadbandreports.com/shownews/51512

Posted in Security | No Comments

Scam Alert: Juice Boost

From the scam of a lifetime department: A spammer in our Broadband Tweaks forum is pushing a referral scam service called Juice Boost, which promises users 2Mbps speeds for free, anywhere there’s a phone line, using “State-of-the-art data compression, byte stream and ultimate data burst technology”. The service also promises you’ll never see a blank page, a piece of spam, or a worm again, or the company will pay you.

While our users might smell a rat immediately, would your parents? Grandparents? According to the website, the technology, which is currently in beta, “Works with any PC or MAC of the lowest specification believable”. So those of you still running a 133Mhz relic won’t be excluded from the party.

Of course it’s simply dial-up compression software with a coat of paint at the foundation of a pyramid scam, but the promises made by the technology include some of the most outlandish and amusing claims we’ve ever seen.

While users who visit the site won’t see these claims, users who respond to a particular referral code – usually provided in e-mail or message board spam – will. We’ve omitted that code to keep the referrer from making any money for links. You can however buy their product on e-bay if getting ripped off was on your action-item list for today.

Here’s some of the promises you’ll see when you log in from a referrer:

“Speed up a dialup connection to over broadband speeds for FREE.”

“Speed up a broadband connection to 2MB for FREE.”

“Save money by disconnecting broadband and using JUICE for FREE.”

“Make your Internet experience more pleasurable.”

“You will never see another dead, blank or irrelevant page ever again and if you do, we will pay you ?500 GBP*.”

“You will NOT get another spam email EVER, but if you do we will pay you ?100 GBP* in compensation.”

“You are guaranteed to get a minimum connection speed of 2MB with 100% uptime. If we fail to meet either or both we will pay you ?500 GBP* per failure.”

“YOU will NEVER receive a virus or worm in your email inbox again as we operate up to the millisecond software to stop the same, but if you do get one we will pay you ?500 GBP* compensation.”

“JUICE is able to block every porn and adult site on the Internet if you choose to filter it and if we fail you we will pay you ?200 GBP* per reported instance.”

“That’s how confident JUICE is,” the site proclaims. “We can STOP your child from chatting to people who pretend to be children in chat rooms by using amazing breakthrough IP filtration and parenthesis technology.”

Parenthesis technology! Where do we sign up?

http://www.broadbandreports.com/shownews/51256

Posted in Internet, Privacy, Security | No Comments

Data Driven Attacks Using HTTP Tunneling

While many systems administrators are turning to firewalls and routers to control content on port 80, HTTP (hypertext transfer protocol), as well as intrusion detection and prevention, attackers can use HTTP tunneling to bypass access control restrictions. Tunneling involves encapsulating traffic in HTTP headers; a tunneling program receives the HTTP traffic, strips out the headers, and forwards the traffic. TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) packets can be sent in this way. An attacker, once inside a network, can install an HTTP tunnel program to covertly access other parts of the network using other ports and services, such as Telnet (TCP port 23). An attacker could also gather intelligence about a network without alerting administrators with a visible port scan. Penetration testers can use HTTP tunneling to find holes that would otherwise go unnoticed, since most networks inspect inbound traffic with few restrictions on outbound traffic.

http://www.securityfocus.com/infocus/1793

Posted in Security | No Comments

Go green: Shut down idle PCs

Q. I’ve heard that frequently turning my computer on and off can hurt the performance of internal parts. But I don’t want to leave it on all the time either and waste power. What’s the best course?

A. While it once might have been true that computer hard drives or power-supply systems could be degraded over time by turning the machines on and off, there’s little reason now not to go the green (and money-saving) route: Shut things completely down if you’re not going to be using your PC for many hours.

Recent tests at Canada’s University of Waterloo found that computers with Pentium 4 processors running at 1.7 gigahertz drew 110 watts of electricity while booting up and 60 watts when they were on but idle. A 17-inch cathode-ray tube (CRT) monitor added an additional 75 watts. Newer, flat-screen LCD monitors use about half as much juice as CRTs.

In a sense, then, the PC isn’t a big juice hog. A microwave oven devours electricity at a rate of 750 to 1,100 watts, according to the U.S. Department of Energy.

PCs in power-saving standby or sleep mode have even less of a presence. In the Waterloo tests, they were draining 35 watts. That’s roughly equivalent to three clock radios.

But add up hours of standby time, and multiply that by the millions of computers in the world, and it is some serious electricity.

In fact, microchip maker Infineon Technologies AG, which is working on making electronics’ sleep modes more energy-efficient, estimates that a mere 1 percent decrease in standby power consumption would save the nation 360 megawatts — the equivalent of a medium-sized power plant. Put another way, 10 percent of an average home’s electricity consumption comes from machines of some kind sitting on standby, said Infineon spokesman Saswato Das.

Dell Inc., the world’s leading seller of PCs, has no official position on whether its customers should leave the machines running or not. Leaving computers on all the time doesn’t erode their performance, but it doesn’t appear that turning them off and on does either, because the reliability of key parts has improved significantly, spokesman Lionel Menchaca said.

“There used to be a bigger difference in terms of wear and tear when you power up your PC, but it’s not as much of an issue now,” Menchaca said.

After the tests at Waterloo, Manfred Grisebach of the university’s information systems and technology group pointed out that hard drives that never get shut down seem to live a long time. But, he said, so do drives that get shut off all the time.

“What we can’t say is which last longer,” he said.

http://www.cnn.com/2004/TECH/ptech/07/28/good.question.ap/index.html

Posted in Hardware | No Comments

Companies step up e-mail surveillance

Large companies are now so concerned about the contents of the electronic communications leaving their offices that they’re employing staff to read employees’ outgoing e-mails. According to research from Forrester Consulting, 44 per cent of large corporations in the United States now pay someone to monitor and snoop on what’s in the company’s outgoing mail, with 48 per cent actually regularly auditing e-mail content.

The Proofpoint-sponsored study found the motivation for the mail paranoia was mostly due to fears that employees were leaking confidential memos and other sensitive information, such as intellectual property or trade secrets, with 76 per cent of IT decision makers concerned about the former and 71 per cent concerned about the latter.

Porn and ropey jokes still figure on the list of concerns for execs, though, with 64 per cent admitting to worrying about “inappropriate content and attachments” on the e-mails. What worries those in charge of tech most about their staff e-mails differs depending on the size of the business, the study found.

The smaller the enterprise, the more likely it was to worry more about attachments and less likely to be troubled by the possibility the e-mail won’t be up to compliance standards set by Sarbanes-Oxley and other legislation.

Understandably, with Basel II and similar looming, financial services was the vertical that is the most concerned with meeting compliance targets–as they should be, it appears.

A survey of UK financial institutions found that around half would be unable to find an e-mail over three years old; storing e-mail is a key demand of the new legislation.

http://zdnet.com.com/2100-1105_2-5276512.html

Posted in Privacy | No Comments