Chad's News

The linked article lists 10 different ways to demolish a hard drive. Unfortunately, several of the methods don’t actually destroy the data, but they do incapacitate the drive and necessitate the use of special equipment to read what is left. For those that do wipe the data, item #3 (using a grinder) is probably the simplest, and item #10 (Thermite) is definitely the most satisfying. Also, I’m not sure that any magnet, no matter how powerful, is able to completely wipe a disk. Back in my military days, the only approved method for disposing of classified hard drives was to physically break the platters into pieces.

Link: http://www.pcpro.co.uk/…
(via Slashdot)

Peer-to-peer file-sharing programs are best known for their use in illegally distributing copyrighted music and video files. With some of these programs you host the shared files on your computer, and other users can search your computer for a particular file. This is a significant security issue. Some people have not configured the file-sharing program correctly and are unintentionally sharing private information. And in certain cases, a child installs the program on the family computer without the parents’ knowledge. The first linked article discusses how a man used Limewire to perform identity theft, and the second is about private photos taken from other users’ computers and posted on the internet.

Link #1: http://www.pcworld.idg.com.au/…
(via Slashdot)

Link #2: http://www.neatorama.com/…

Here’s a new type of computer attack that could catch the unwary user. The program, called Ippon, scans unsecured wireless traffic for software update requests, many of which are automatically performed by the programs on your computer. It then responds to the update request before the real site does, and your system is updated with malware that can take over your computer, steal personal information, or destroy data. There are ways to defend against this, but it takes a tech-savvy person to use them.

Link: http://blogs.techrepublic.com.com/…

Criminals placed a fake ATM in a Las Vegas hotel, hoping to skim card and PIN data. Unfortunately for them, the hotel was hosting the Defcon hacker conference. While normal people might not notice a problem, it didn’t take long for attendees to spot the fake ATM and report it to the authorities.

Link: http://www.computerworld.com/…
(via Slashdot)

Be careful when connecting to airport wireless networks, especially if they’re free or unsecured. Problems range from legitimate but poorly secured networks to fake networks designed to grab your login credentials. According to the linked article, this problem is very rampant, and you shouldn’t do anything sensitive or confidential on these networks. This would mean not entering any login information, even to check email.

Link: http://www.foxnews.com/…
(via Slashdot)

Back in March, there was some concern about the Conficker worm. The linked article has a very readable overview of the worm, its history, what happened on April 1^st, and what it’s up to now.

Link: http://www.newscientist.com/…

There’s a new virus/worm out, and it’s taking the web by storm. Here’s how it works:

1. You visit an infected site that has a malicious script.
2. The script takes advantage of bugs in Adobe Reader and Adobe Flash to infect your system with a virus.
3. If you have any FTP programs installed on your computer, the virus gets the login credentials, connects to the sites, and infects those websites with the script. This means that anyone visiting -your- site will now be infected.
4. Whenever you use Internet Explorer to visit Google, you are redirected to a different site, possibly to activate pay-per-click advertisements.

To protect against Gumblar, do the following:

1. Install the latest version of the Adobe Reader.
2. Install the latest version of Adobe Flash Player. (Note, there’s one version for Internet Explorer and another version for all other browsers—you may need to install both.)
3. Update your antivirus software and definitions, then run a virus scan.

For those who have FTP programs installed with saved passwords, I suggest (1) configure your FTP client so it doesn’t save the passwords, and (2) change the passwords. Also, this article explains how to determine if your website is infected and lists methods to remove the malicious code.

Link: http://www.itworldcanada.com/…

Here at the Chad’s News network command center, we do external site/database backups on a weekly basis. The website in the linked article maintained a backup server but did not create an external or off-site backup. A hacker broke into their system and destroyed the data on both servers. Thirteen years of irreplaceable data lost.

Link: http://news.bbc.co.uk/…
(via Slashdot)

You’re a hacker who wants to break into a large web forum, steal their user data, and destroy their database. The site is using the latest software patches and has a large array of security features to prevent unauthorized intrusion. What do you do? Simple, hack into their off-site backup, which is not nearly as secure but still contains their database login credentials.

Link: http://ask.slashdot.org/…

Well-informed Chad’s News readers may have heard about the latest variant of the Conficker worm and the fact that it’s going to do something on April 1^st. Simply put, the impact of this worm has been exaggerated. First, all that will happen is that the worm will change how it operates. Second, any effects will occur on systems that have already been infected. Keeping Windows updated and using current anti-virus software should be sufficient to keep yourself protected.

Link: http://www.networkworld.com/…
(via Slashdot)

There’s a serious Firefox exploit that’s been published on the web. It relies on the user viewing a maliciously coded XML file. Mozilla is working on a patch, but until it’s ready, I recommend being careful about where and what you’re browsing.

Link: http://www.infoworld.com/…
(via Kim Komando)

Update: The fix is available now but won’t be pushed out via the update channel until next week.

There’s a new, critical flaw in the Adobe Reader software. Be careful about opening untrusted PDF files.

Link: http://www.infoworld.com/…
(via Kim Komando)

Update: The situation is getting even worse. On Windows systems it’s no longer necessary to even open the file.

Update #2: Adobe has released a fix.