Friday, November 1, 2013

Sounds like the Matrix has this one!

Have you ever had one of those impossible-to-delete malware infections?
You know, no matter what you do, it keeps coming back?
You can't even boot from a CD-ROM, because it won't let you.
Furthermore, you unplug the network cable. And remove the network card, and it is still communicating with the outside world, somehow.
This bad boy (badBIOS, actually) they found out, was using the laptop's built-in microphone and speaker to communicate via ultrasonic sounds!
Good narrative here.

Be careful of who you link/friend, regardless of who else they know. Fake ID gets endorsements, job offers, etc.

Something to think about when you get new LinkedIn or Facebook requests. Several security professionals befriended this fake social media identity (matching fake LinkedIn and FaceBook accounts) in this story.
This non-person received endorsements and job offers. Some offered to help her get a laptop at her new job that would help her get access to things she would not have otherwise had access to.
When "she" sent out an e-card around Christmas time, it contained a link to some software that installed spyware on people's computers. It required their interaction to allow it to install, but it worked very well anyway.
I think my number one takeaway from this story is the fact that the first people duped into linking up and friending this fake person gave her the credibility to link up with other people who would not have been fooled otherwise.

Friday, April 19, 2013

Latest Java Update. They sure have been busy this year (especially for this one)!

If you use Java, as my job requires me to, then it's time for another Java Update.
Apparently, this time, they plugged 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication.
That almost makes it sound safe now, doesn't it?
If you are somewhat new to this, don't forget to uncheck the Ask.com option at the appropriate point, or else you are going to get some crapware installed on your computer (if it's not already there). Like I told a friend of mine, I think the Java department of Oracle is going to be sending Ask.com Christmas cards this year (due to all the revenue Ask.com must be sending Oracle's way for all the sneaky installations they are slipping onto people's computers along with each new Java patch).

The Devil's in the Details

Here is something that should be pretty obvious, but which I have not heard anyone else comment on. So I am going to comment on it. This is an incidental advantage of all the advances that have been made in digital photography and digital video. Specifically, the vast increase in resolution the typical cameras owned and used by people today, combined with the ubiquity of the internet.
I first noticed it after my wife and I had been watching the new Dr. Who series for a while (after the series was (re)started in 2005). I noticed that I "felt" like I had visited London, to some degree, because of all the on-location Dr. Who footage I had been watching. It hit me that background details are so much more visible in HD than they were in NTSC*.
So I imagine this is true for any current show which shoots on location somewhere. I generally don't watch TV besides The Walking Dead (Hello, downtown, deserted Atlanta). And after looking at so many high-definition still pictures of downtown Boston (after the unfortunate Boston Marathon bombings recently), I have a feel for what downtown Boston looks like.
And this isn't even getting into locations included in a modern video game. Most are fabricated, but some locations are modeled to some degree after real locations, with varying degrees of accuracy. How many gamers feel like they have actually been aboard the Normandy from Mass Effect, or the Pillar of Autumn from Halo? What is your favorite place to "visit," which doesn't really exist? The island in "Far Cry?" Not being a genuine, dyed-in-the-wool gamer, I imagine there are lots of places in games that I have never experienced which would rate far better than the ones that I have mentioned.
Anyway, to you young whipper-snappers, back in my day, it took some darned good game programming to make someone feel like they had really been inside your game. You guys have it lucky!

*Yes, I imagine the older Dr. Who was shot and broadcast in PAL standard, but by the time I watched the older Dr. Who episodes, they had been converted to NTSC, because I lived (and still do) in the US, and my only access to the older episodes was via PBS (which was only broadcast in NTSC, like the rest of US over-the-air programs).