Chad's News

Here at Chad’s News, we’ve previously written about the lack of internet privacy and wireless security. Now we can extend that realm to include cell phones, especially ones that use GSM. At last month’s DEF CON convention, security researcher Chris Paget demonstrated a home-brewed cell phone tower setup that was able to easily intercept calls from members of the audience. The total cost of the hardware was about $1500.

This type of equipment, known as an IMSI catcher, has been available to law enforcement for years, but at the cost of hundreds of thousands of dollars.

Link: http://www.wired.com/…
(via engadget)

There’s a new security vulnerability in Windows, where your machine can be taken over by simply viewing a shortcut icon. So be very careful about untrusted USB drives, shared files, and anything you’re asked to download (files with “.lnk” and “.pif” extensions are highly suspect). Microsoft has a temporary workaround which changes all the icon images to be identical, but this may be a cure that’s worse than the problem.

Link: http://www.computerworld.com/…
(via Kim Komando)

Many photocopiers use hard drives to store scanned images of the originals. And many people don’t think about wiping that hard drive before selling, trading, or ending the lease on the copier. Which leaves a gold mine of personal and intellectual property information for those who do think about these things.

Link: http://arstechnica.com/…

We’ve all heard the advertisements for LifeLock, where CEO Todd Davis freely gives out his Social Security number because he’s so confident that LifeLock’s service will protect him. Kudos to whoever came up with the idea for such an innovative marketing campaign, but the reality is that Davis’ identity has been successfully stolen 13 times since the ads began airing.

Link: http://www.wired.com/…
(via Kim Komando)

Adobe has released Flash Player 10.1, which includes critical security updates. Adobe products are well known for their susceptibility to malicious hackers, in part because of their ubiquity. Note that you’ll need to install two copies of Flash Player, one for Internet Explorer and one for all other browsers. No, seriously.

Link #1: http://get.adobe.com/…

Link #2: http://news.bbc.co.uk/…
(via Kim Komando)

It’s normal to think of hackers as highly-talented individuals working from a basement in some foreign country. The reality, as indicated in the linked article, can be much different. Innovative Marketing Ukraine was a business—with a human resources department, holiday parties, and call center—that created malicious programs for use by hackers. The majority of the software was scareware, where it infects your computer, disables your anti-virus software, makes it almost impossible to use the internet or run programs, tells you that you have a virus, and offers to remove the virus for a fee. But it gets worse. For the people who actually pay, there’s a good chance that someone will sell the credit card information.

Thanks to Josh for this topic.

Link: http://www.reuters.com/…

Every so often a business or government entity will attempt to release “anonymized” data only to find that the anonymization process fails miserably (AOL, Netflix). The problem is not so much with the actual data itself, but is in how it can be combined with other data sources to identify specific individuals. A researcher has shown that 87 percent of Americans can be uniquely identified with just their ZIP code, birthdate, and gender.

Link: http://arstechnica.com/…

Security researcher Christopher Tarnovsky has managed to hack Infineon’s SLE66 CL PE chip, which the company had claimed was unhackable. Despite this, we shouldn’t be overly concerned. Tarnovsky used acid to reveal the chip’s circuitry, and he also required an electron microscope—not something that your average person has sitting around the house. Once he reverse-engineered the chip’s logic, he modified the circuitry to bypass its (formidable) defenses. Tarnovsky then used tiny probes to view the chip’s internal data signals, allowing him to read its stored memory. This just goes to show that unlimited physical access can break almost any security scheme.

Link #1: http://www.darkreading.com/…

Link #2: http://localtechwire.com/…

In Internet-speak, a proxy is a server that takes your request, sends it to a destination server as if it were coming from the proxy itself, and then sends the response back to you. It acts as a proxy in much the same way that you can use a lawyer as an intermediary or designate someone else to cast your vote at a stockholder meeting. Internet proxies can be used for a variety of purposes, one of which is anonymous browsing.

An anonymous proxy keeps no permanent record of which users have connected to which websites. And since the page request comes from the proxy itself, there is no easy way to track who is actually making the request. (In reality the use of multiple, chained proxies is recommended.) This anonymity is quite beneficial for whistle blowers and victims of political oppression, as well as the privacy- and security-conscious. But it also works for organized crime, terrorists, and other criminals.

Another popular use of proxies (not necessarily anonymous ones) is to circumvent corporate/government filters. The destination website may be blocked, but the proxy server is not—thus allowing the user to view prohibited websites.

Here are additional resources:

• Anonymouse.org and the associated Firefox add-on
• Anonymous Internet Surfing HOWTO
• Public CGI (Web, PHP) anonymous proxy free list
• Tor (warning: Tor is not secure, and don’t even think about hosting a Tor node)

Thanks to Josh for this topic and the links.

So you have a game console that you don’t need anymore. Thinking about selling it on eBay, donating it to charity, or perhaps giving it to a friend? The linked article explains how to remove personal information that may be stored on the console’s hard drive.

Link: http://arstechnica.com/…

Today Microsoft released an emergency out-of-cycle patch for Internet Explorer. The vulnerability exists in IE6 and above, but so far it’s only been seen in the wild for IE6.

Link: http://arstechnica.com/…

I did not realize that the Pidgin instant messaging client stores your saved passwords in plain text. The linked article discusses that and more.

Link: http://lifehacker.com/…