billso.com

From ComputerWorld: IBM security researchers claim that hackers are hiding or masking almost all of their Web attacks. JavaScript is still the tool of choice for infiltrating Web browsers. Most users shouldn’t turn off JavaScript, especially students who use tools like webmail, WebCT and TurnItIn.com. So we rely on antivirus and Internet security software that runs on the client-side to screen out these attacks before they can be executed.

Hackers have added more tricks to their toolboxes, because the potential payoff for evading security software and infecting computers can be huge. Encryption is one such tool - hackers often encrypt their programming code so that software cannot easily identify the attack.

As IBM researcher Kris Lamb states, hackers have stopped targeting the operating system and have moved to a higher level of the application stack that runs on almost any desktop and laptop computer that connects to the Internet - the web browser.

So we come back to good old common sense as the user’s best defense against computer attacks.

1. Hover your mouse over a web link and inspect the URL before clicking.
2. Don’t click URLs in email messages if the links look suspicious.
3. Find, install and use good security software. I recommend the free version of Avast for Windows users who need to protect their residential computers.
4. If you’re not using your computer at home, turn it off. You’ll burn less energy, and hackers cannot access your computer if it’s not running.

See my earlier posts on security software and attacks from 10 June 2007, 13 August 2006 and 27 November 2005 for more information.

The Washington Post reported yesterday on allegations that US Customs agents have inspected and confiscated laptop computers, iPods, and mobile phones during passenger inspections. Passengers claim they were asked to provide passwords and open files. In some cases, mobile phones were inspected and returned with purged call logs. One person claims their laptop has been held for an over a year.

According to this article, the Electronic Frontier Foundation and the Asian Law Caucus have filed a civil lawsuit against the Federal Government, based on 20 complaints from Northern California residents. The goal is disclosure of the US government’s boder search policies. One sourse of concern is an apparent pattern of racial profiling, in which agents targeted Asian and Muslim passengers.

The US Department of Justice asserts that electronic equipment falls into the same category as a briefcase, and may be searched and confiscated for inspection.

However, the scenarios described in this article sound more like coercion or out-and-out robbery.

Of course, many corporate travelers have confidential or private information on their computers and phones. The Post article cites a Canadian law firm that sends corporate travelers headed to the United States with “empty hard drives”. There’s an operating system and a web browser on the laptop, of course, but employees access their email and documents through a secure Internet connection such as a virtual private network (VPN). This helps keep confidential data off the drive, as the law firm fears discovery by search more than a hacked Internet connection.

BoingBoing and the Consumerist each had articles about the Post report, although both blogs misidentified US Customs as the TSA.

Sadly, the activities alleged in this lawsuit do not surprise me. BusinessWeek recently reported on Indian IT outsourcing firms that have systematically underpaid IT workers who were brought to the United States on H1-B visas. These workers make tempting targets, as their outsourcing companies can send the workers back home for any reason. By the time some workers determined they would never get their back-pay, they were no longer in the US. It seems that only a few lawyers or client companies will step in to help these guest workers.

From Wired: developers are launching a beta version of QTrax, after reaching deals with the major music labels to allow free music downloads.

QTrax is an ad-supported P2P application that works within the Firefox web browser on Windows computers. Internet Explorer and Safari are not supported. Macs will be supported on 18 March, according to this article from New York’s Silicon Allwy Insider.

That article also reveals that Universal was the final of the 4 major labels to sign with QTrax.

The music files use Windows Media DRM, so they probably won’t work on iPods. A QTrax spokesmen claims iPod compatibility is high on the service’s list, and this Associated Press article says that QTrax has developed a workaround for iTunes compatibility. Apple has released patches to break previous iTunes workarounds by other companies.

QTrax has signed over most of the music revenues to the labels, so the service will earn the bulk of its margin by selling highly targeted web advertising. Of course, it is trivial to block ads in Firefox web pages by using an extension like AdBlock Plus. Whether AdBlock will work with the QTrax Songbird engine is another question. OpenDNS should block the ads, as I mentioned on 3 September 2007.

When I checked QTrax.com a few minutes ago, I saw a single image that claimed the service was overwhelmed by demand - check in tomorrow.

I mentioned OpenDNS on 3 September and 13 July of 2007. This is a free service that looks up domain names. Domain names represent the numeric IP (Internet Protocol) addresses that are used on every server. The Domain Name System (DNS) is highly distributed, and a good target for all sorts of legal and illegal opportunities.

OpenDNS is much faster than the domain name servers I’ve used at other ISPs. Every ISP has to provide DNS services to subscribers. The DNS servers are an important part of maintaining a fast connection, but some ISPs just do not manage their DNS servers well.

OpenDNS a great way to speed up an Internet connection, especially for residential and WiFi users, by outsourcing every domain name lookup request to a dedicated set of very fast servers in North America and Europe.

It’s hard to beat secure, fast and free.

OpenDNS also includes some nice security features. The service will block phishing and adult web sites, using a constantly updated list of known servers. This is a more elegant solution that proprietary security software that usually slows down a Windows or Mac computer.

Late last year, OpenDNS asked users to recommend the service to schools and universities. A recent article in THE Journal reports that over 10,000 educational organizations have adopted OpenDNS services.

Crackers have started to attack domain name servers, inserting false domain name entries that redirect users from well-known sites to forgeries. Schools and educational institutions are an attractive target for these attacks, as their IT security is sometimes less than adequate. In the past, school email servers have been a primary target for botnets. Hackers break into these servers, which can then be used to send spam. The legitimate users of these servers may not realize their email system has been compromised until their ISP cuts off their email access.

Installing OpenDNS on a personal computer is easy to do. I would not recommend that employees do this on their company computer without the support of their IT department, as some companies maintain specific entries in their own domain name servers.

My brother sent me a link at Tekenstein with an amusing set of pictures regarding heat sinks. The bigger the heat sink, the more heat it can dissipate. The first set of pictures shows a massive heat sink. Of course, heat sinks must be attached to a CPU in a very careful manner, because the chip can be very fragile. The second set of pictures shows a heat sink that someone screwed directly into a motherboard. Maybe the installer needs to RTFM.

A heat sink is a metal device that helps keep a something else cool. Heat sinks are usually installed on the CPU of a computer to keep the Intel or AMD chip from melting or burning. Sometimes the heat sink includes a fan, to keep air moving. I’ve also seen heat sinks and fans attached to the GPU (graphic processing unit) on a graphics card.

Keep your computer clean and cool

Below are some pictures of heat sinks that I found on Flickr. This image shows several sizes of heat sinks (image courtesy Winston_loves_london).

This heat sink is a typical size for a desktop computer, but it is too clogged with dust to be of much use. Dust can really destroy a computer. It’s important to keep your computer off the floor, and to follow a good set of instructions like these from ask-Leo.com and clean-things.com (image courtesy MShades).