Michael Gracie

The Chronicle of Higher Education reports that social networks are clogged with malware. Now, that could be true or it may not, depending on who you are talking to.

But it brings up an interesting point - if college kids are spending all their time on social networks, clogging up campus networks in the process, why wouldn’t educational institutions use threat FUD as a stepping stone to shut them off? We all know they already have enough problems with security to begin with.

As if it wasn’t dangerous enough to be online, with the potential of having your credit cards or bank account passwords stolen by some creep, now all you online gamers have to worry about holding onto your magic swords as well.

All I’d be worried about is my invisibility potion, as if I had nothing better to do than pretend I was some warlock tromping goblins in cyberspace, I’d certainly want to be as stealthy as possible.

First, it was news about who killed JFK. Now it’s former Italian Prime Minister Silvio Berlusconi, killed by a terrorist of course. The spam arrives with a trojan attached which infects Windows machines, turning them into spaghetti strainers.

With all the political spam headed your way (not my way, as I have cross-referenced a blacklist against registered candidates nationwide, I wonder how long it will be until candidates are spamming on behalf of opposing candidates, to piss people off and trash their computers in the process.

Whenever you put your email address into a web form, you run the risk of getting spammed. Unfortunately, if you never disclose your email address, you might never be able to sign up for a slick new service. You’ll be forced to read third hand news all day, as that is about all you’d be able to do on the net.

Do you have what it takes to avoid the spam? Can you read a home page like a book? Pick out the avoidance language in a site’s privacy policy? Well, McAfee SiteAdvisor is challenging you on those premises, with their new spam quiz.

It is tougher than you think! I won’t tell you how I scored yet, but I am curious to hear how others do, and why.

When a script kiddie injects a chunk of javascript or a frame into a website, it generally gets fixed pretty quickly and everyone laughs about it. Maybe developers should think twice - those XSS exploits can cause a lot of harm, as detailed here.

I just got though jumping through hoops, getting special characters stripped from forms galore in an app. It was a pain in the butt, and the whole time I was thinking “who cares” if someone sticks a random reference to some other site, or a smiley faced pop-up. I did the work anyway, but I certainly won’t be shrugging off the risks anymore.

***UPDATE***

Brian Krebs has uncovered a few big sites that are affected by XSS. The NSA? Heh.

The VA, who lost a laptop then found it, declaring the data had not been tampered with, has decided to listen to the White House. They are taking the high road, and going to encrypt all laptop data (actually, all sensitive data, which I assume includes that which resides on desktops as well).

All I can say is congratulations. They are “getting it.”

TechWeb looks at ways to lock down your email client, and even I caught a few good pointers. Generic stuff like using plain text and anti-virus plugins are a given, but I never thought about turning off the preview pane.

Anyway, good directions for how to turn features on/off for the popular clients. Have fun.

I once lived in Australia, and yes, since I am a brash American I spent most of my years there getting my ass kicked. But, the beer and wine were good, and I made some lifelong friends.

A group of them recently moved to Denver, and as it turns out they had kids and were using a new service I helped develop (Tot Jot) to keep the grandparents informed as to what the grandkids were up to. Much fun there, with the international connection - total coincidence, from 13,000 miles, but made me smile nonetheless. The other night, I was invited to dinner. They had just shipped in some outstanding lamb (apologies in advance to the veggie crowd - no, screw that, the meat was unbelievable). The guy who put the package together has a farm where he raises all sorts of four legged, free range animal. He rides a horse all day on thousands of acres rounding up his income.

It reminded me that Microsoft just released a new set of patches, and already the botnets are being rounded up for the attack.

I just purchased a new pair of boots for winter myself, but I don’t need spurs for them - I use a keyboard, attached to my everyday steed (a Powerbook), for my herding. And so it seems, do the malcreants.

***UPDATE***

Of course, Corporate America may just need to start issuing extra tack, if the attacks they now have to deal with are any indication.

The Department of Homeland Security announced that you should patch your Windows systems right away.

Yes, the folks that fail miserably on their own cybersecurity are telling everyone else to get on the ball.

So, when you see that little “Updates” popup in the lower right hand corner of your screen (you know, the one that appears each and every time Microsoft issues patches), pay attention this time - a wise and wary group of governmental types say so.

Boy am I glad I read the news the morning, even if I am on a Mac.

***UPDATE***

A suggestion: If the government will pass a law stating that if an employee of an organization (including bureacracies) leaves a laptop in a parked car (or unattended in any other public place for that matter), and it gets stolen, the employee must be terminated immediately. In return, all citizens will then listen to government warnings about computer security threats.

Laptop + parked car = theft risk.

But still, people don’t get it - even employees of the Department of Transportation.

Now there are another hundred thousand or so names and social security numbers floating around. Next up, spin.