Featured Posts

<< >>
RB | February 2, 2012
No comments

Never Check Email First Thing In The Morning

Sid Savara a widely regarded personal development trainer published 7 Reasons You Should Never Check Email First Thing In The Morning at his site sidsavara.com. #1 – Ignorance Is Bliss..fully Productive – When it comes to email, ignorance is bliss. That’s why if you’ve got something important you want to make progress on, the author [...]

Category: Business | Tags: , , , , , , , , , , , ,
RB | January 31, 2012
No comments

Best Companies to Work For In Michigan – 2011

FORTUNE Magzinze recently published the 100 Best Companies to Work For 2011 and there were three Michigan based firms om the list. 26. Plante & Moran 29. Quicken Loans 68. Stryker rb- So please note that none of these high performing companies are car companies. I wrote about Michigan leading that nation in new tech [...]

Category: Business, Michigan | Tags: , , , , , ,
RB | January 26, 2012
One comment

Spot Can Run, But He Can’t Hide

The new pet-oriented Global Positioning Systems (GPS) on the market, now make it possible to constantly track your best friend according to a report in MIT’s Technology Review. The GPS devices made just for pets are generally small enough to be attached to a collar which allows Owners to track their furry companion’s every paw [...]

Category: Internet of Things, Social Networking | Tags: , , , , , , , , , , , , , , , , , ,
RB | January 24, 2012
One comment

Tablet Info

The Tablet PC has long been a pet project for Microsoft founder Bill Gates, who showed the first Tablet PC prototype in 2000 at Comdex. Mr. Gates described the device, which featured input via stylus only, as an evolutionary step in PC functionality and usability. For the next ten years leading up to CEO Steve [...]

Category: Hardware, Tablet computing | Tags: , , , , , , , , , , , , ,
RB | January 17, 2012
One comment

QR Codes Can Put Users at Risk

QR malware-Updated 01-26-12- It was just a matter of time and now the Websense (WBSN) ThreatSeeker Network has started spotting spam messages that lead to URLs that use embedded QR codes. According to a report at Help Net Security this is a clear evolution of traditional spammers towards targeting mobile technology. The spam email messages look like traditional pharmaceutical spam emails and contain a link to the Web site 2tag.nl. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL. When the QR code is read by a QR reader, it automatically loads the spam URL.

Quick Response codes (QR codes) are a “new” type of barcode that can be used for a variety of purposes tracking, ticketing, labeling of products, etc. They can be put anywhere, in magazines, buses, websites, TV, tickets, and on almost any object which they might want to learn more about.

 Help Net Security writes that when used for legitimate purposes, they make life easier for users. “All you need to ‘visualize such a code is a smartphone with a camera and a QR reader application to scan it – the code can direct you to websites or online videos, send text messages and e-mails, or launch apps,” point out BullGuard’s researchers.

Unfortunately, QR codes can just as easily be used to compromise users’ mobile devices. “Much like URL shortening services can be and are used maliciously because of the fact that they obscure the real target URL, QR codes can also be used for such deception,” Joe Levy, CTO of Solera Networks told DarkReading. “QR codes … provide a direct link to other smart phone capabilities such as email, SMS, and application installation. So potential attack vectors extend beyond obscured URLs and browser exploits very nearly to the full suite of device capabilities.”

Mobile malwareThere are several ways attackers are already using malicious QR codes to perpetrate their scams. A recent attack via QR code “Attaging” took place in Russia and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” sent a series of expensive text messages ($6 each), racking up unwanted charges.

On Apple (AAPL) iOS devices, hackers are sending users to websites that will jailbreak the device and install more malicious malware. Tomer Teller, security evangelist at Check Point Software Technologies, told DarkReading, “a user scans a barcode and is redirected to an unknown website … the user phone will be jail broken and additional malware could be deployed (such as key loggers and GPS trackers).”

Android malware“On the Google (GOOG) Android  … Criminals are redirecting users to download malicious applications. All a user needs to do is scan a barcode and it will redirect to a website that will download the Android Application” according to the article.

In addition attackers are using QR codes to redirect users to fake websites for phishing. “A QR code will redirect to a fake Bank that will look exactly like your bank. Since most smart phone screens are small, a normal user may not see the difference and will type in his or her (information) and hand it to the attackers,” Teller says. According to Mobile Commerce News some apps, like the NeoReader from Neomedia, that collect personal identifiable information (PII). This information is then sent to third parties who mine the data and possibly resell it.

Mobile paymentsThe trend to mobile QR based payment systems from firms like LevelUp, Kuapay, and Paypal are developing will drive QR code malware forward Mr. Levy says. “As our mobile devices and our wallets continue to converge through such technologies as near field communications (NFC), Bump and QR, malware authors are bound to prefer these very direct paths to the money. After all, these devices and apps are well on the road to becoming our new currency.”

So how do you protect yourself and the data on your mobile?

  • Download an app that scans QR codes and barcodes and shows the URL to which the codes want to take you. “Only use QR code reader software that allows the user to confirm the action to be taken i.e. visit a website link,” Paul Henry, security and forensic analyst at Lumension told DarkReading. “If you do not know and trust the link, cancel the action.
  • Do not scan QR codes from random stickers on walls and similar surfaces. Help Net Security says scammers are counting on people to do that because they can’t curb their curiosity.
  • Consider installing a mobile security app on your device, especially if it runs the Android OS. “Android is an open platform, which means that its source code can be examined by criminals and exploited easily when they find a weakness in, say, the Android browser,” according to the article. “That’s why most malicious apps transmitted via QR codes target the Android-based smartphones.”

rb-

I am not a fan of QR codes they seem to take you to an advertisement. Most of the destinations are fluff at best and dangerous at worst. Now that they have become nearly ubiquitous, they present more risk than necessary. Avoid QR codes.

Related articles

 

Category: Security | Tags: , , , , , , , , , ,
RB | January 15, 2012
One comment

Congress Prepares to Destroy the Web

Stop SOPAThe Stop Internet Piracy Act (SOPA) legislation being debated in Congress has the potential to destroy the internet as we have come to know it. If passed, SOPA would require internet providers to block access to sites in other countries hosting stolen intellectual property (IP) from the U.S. It also puts any site that has even an accidental link to a protected intellectual property (IP) at risk for legal action according to the BusinessInsider and many others.

DetroitMichigan Democratic congressman John Conyers Jr, husband of convicted Detroit City Council bribe taker, Monica Conyers, not only supports SOPA, but was a co-sponsor of SOPA (H.R.3261) according to ProPublica.

Conyers support of SOPA may have been purchased for $158,574 in campaign contributions in 2010 from the Computers/Internet and TV/Movies/Music industries according to ProPublica. This is an increase of nearly $14,000 from the 2008 election cycle.

Electronics Frontier FoundationStolen IP is a very broad and vague term. Most the leading Internet sites rely on user-generated content and links that might have protected IP on them. BI predicts that some of the web’s favorite sites may cease to exist because of the bill Conyers sponsored.

Which sites? The BusinessInsider asked anti censorship advocacy groups like the Free Software Foundation, the Electronics Frontier Foundation and the Participatory Politics Foundation for some answers and they projected the following (This is NOT a comprehensive list).

Reddit logoThe experts say Reddit is a forum for linking to and commenting on content, and it’s all user-generated. As a result, some users are going to post or link to content that don’t have the rights to. Both of those are big no-nos for SOPA according to BI. Alexa ranks Reddit #115.

The virtual artist platform deviantART attracts 45 million unique visitors per month. The site allows emerging and established artists to exhibit, promote, and share their work on the web. It makes the SOPA hit list because if an artist infringes upon a copyrighted work, both the artist and the site may be subject to legal action. deviantART will have to closely censor what is uploaded on the site says BI. Alexa ranks deviantART #131.

ebay logoThe virtual auction house and e-commerce site eBay (EBAY) makes this list because of sellers who use the site to distribute counterfeit merchandise. The article says the site does discourage selling these types of items with policies on IP. Alexa ranks eBay #20.

Amazon (AMZN) could also be at risk due to sellers who attempt to distribute counterfeit goods. Alexa ranks Amazon #9.

Etsy logo Etsy, the virtual marketplace of over 800,000 active “shops” is threatened by SOPA because it allows users to buy and sell handmade or vintage items, art, and supplies according the BI. Etsy faces risk from SOPA because it will have to monitor the handmade goods it offers. If an IP holder claims to be harmed by any activity on the site, Etsy could be forced to suspend their service. That would harm all the vendors on the site and not just those accused of IP theft. Alexa ranks Etsy #162.

The BusinessInsider says YouTube is at risk from SOPA despite its effort to keep keep pirated content out. If copyrighted works are found on YouTube by an IP holder, it could mean a suspension of service. SOPA will further censor the kinds of content the YouTube community can upload. Alexa ranks YouTube #3.

Facebook Facebook also makes the experts list because if one of it’s 800 million users shares a link to a copyrighted work or to a site that is accused of infringing IP, Facebook could be held liable as well. SOPA will likely force Facebook to further monitor and censor its users. Facebook is ranked #2 by Alexa.

Like YouTube, if copyrighted works are found on Flickr by an IP holder it could result in the suspension of service. SOPA will further censor the kinds of content the Flickr community can upload. Under SOPA, any copyright violation complaint made could suspend both the site and its revenue streams according to the article. Flickr is ranked #42 by Alexa.

WordPress logoOver 70 million people use WordPress to publish their blog. WordPress faces risk by SOPA because the bill could mandate the site further monitor and censor the bloggers. If a WordPress site is accused of violating IP protected works or a commenter links to a copyrighted work, BI predicts that could potentially shut down all the blogs hosted on the site. WordPress is ranked #18 by Alexa.

Over 40 million people use Tumblr to share photos, poems, posts, and other creative content. Tumblr faces the same threat as WordPress according to BI. If a blogger or commenter uploads or links to copyrighted works, then Tumblr and its users could be at risk. Tumblr is ranked #40 by Alexa.

Vimeo logo Vimeo is a video sharing website and has a reputation for being the place where creative types in the video and film industry upload their original work. However, given the user-generated nature of the site BI says, Vimeo still faces risk from users who include even a portion of copyrighted material in their film. Vimeo is ranked #11 by Alexa.

Big name sites that the experts say a at risk from SOPA include:

Google (GOOG) ranked #1 by Alexa.

Yahoo (YHOO) is ranked #4 by Alexa.

Wikipedia ranked #6 by Alexa.

Twitter ranked #10 by Alexa.

Microsoft‘s (MSFT) Bing is ranked #26 by Alexa.

The BusinessInsider concludes that the real victim of SOPA would be the startups (which Conyers says SOPA will save jobs)whose innovation will be restricted by this bill. Smaller websites may not have the lawyers to fight a bill like SOPA and other sites may not consider launching at all for fear of prosecution.

Related articles
Category: Politics | Tags: , , , , , , , ,
RB | January 12, 2012
No comments

Congress Gets Richer While We Get Poorer

Congress money bagsA new analysis from The New York Times shows that members of Congress have gotten richer during the financial crisis, while the people they represent have seen their incomes decline according to Zeke Miller at the BusinessInsider. The median congressional net worth rose from $800,000 in 2004 to $1.2 million in 2010, while that of the general public declined from $108,000 to $100,000.

Congress greedThe BI article says millionaires are also overrepresented in Congress, with at least 250 members worth at least seven figures. Lawmakers aren’t inclined to discuss their personal wealth, but they don’t even want to discuss whether family or friends have been affected by the financial crisis. The NYT asked all 534 members about how close friends and family members weathered the downturn, and just 18 responded, raising questions about whether members of Congress are out of touch with the people they represent.

Nancy Pelosi stays at a $10,000 a day hotelAs further proof of how out of touch Congress is, Henry Blodget at the BusinessInsider points out a report from the Hawaii Reporter (via Drudge), that Nancy Pelosi is spending her Christmas at the Four Seasons Resort Hualalai at Historic Ka’upulehu on Hawaii. And this has become something of a tradition for her. For the last two years, she has reportedly stayed in the resort’s $10,000-a-night suite.

Related articles
Category: Business | Tags: , , , , , , , , , ,
RB | January 10, 2012
No comments

Are You on the Pwnedlist?

Malware Pwnedlist.com lets you see if your email has compromised by checking it against a collection of nearly 5 million possibly compromised accounts. Brian Krebs at Krebs on Security reports that a user can enter a username or email address into Pwnedlist.com’s search box, and it will check to see if the information was found in any suspicious public data dumps.

PwnedlistPwnedlist.com was created by Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint.Mr. Puzic said. “… I could create a site that would help the everyday user find if they were compromised.”

Pwnedlist.com currently allows users to search through nearly five million emails and usernames found online at sites like sites like Pastebin. The site also often receives large caches of account data that people directly submit to its database. Mr. Puzic told Krebs on Security it is growing at a rate of about 40,000 new compromised accounts each week.

EncryptionMr. Puzic said information contained in these data donations often make it simple to learn which organization lost the information. “Usually, somewhere in the dump files there’s a readme.txt file or there’s some type of header made by hacker who caused the breach, and there’s an advertisement about who did the hack and which company was compromised,” Mr. Puzic in the article. “Other times it’s really obvious because all of the emails come from the same domain.”

Mr. Puzic said in the article that Pwnedlist.com doesn’t store the username, email address and password data itself; instead, it records a cryptographic hash of the information and then discards the plaintext data. According to the blog. a “hit” on any searched email or username only produces a binary “yes” or “no” answer about whether any hashes matching that data were found. It won’t return the associated password, nor does it offer any clues about from where the data was leaked.

If Pwnedlist says you email or user ID is in their database, they offer the following advice:

Shocked woman

  1. “Don’t panic! Just because your email was found in an account dump we collected does not mean it has been compromised.
  2. Immediately change any passwords that might be associated with this email account.
  3. It is probably a wise idea to go through all your accounts and create new passwords for each of them, just in case. “Better safe than sorry.”

The two researchers plan to begin publishing regular updates to their Twitter account (@pwnedlist) when new data dumps are discovered. Longer term, Mr. Puzic told Krebs that he has multiple goals for the site, including a longitudinal study on password security.

rb-

I have several emails, professional and personal which thankfully Pwnedlist does not have in their databases. I follow password best practices and use an 8 character or longer password with a at least one letter, number and special character. I also change my passwords regularly.

End user password best practices:

  1. Passwords should be something you can remember but difficult for others to guess.  That means avoid information anyone can pick up from Facebook.
  2. Use at least 8 characters.  Some authentication systems will ask for more, but 8 well-chosen characters is usually enough.
  3. Mix letters, numbers, uppercase, lowercase, and even symbols when possible.  1GrdDC@82 is stronger than letter22
  4. Avoid dictionary words because many brute force attacks are designed to guess them. ”password” is not a good password.
  5. Use a unique password for each account.  Your password at work should be different from your Facebook password.
  6. Do not share your password.
Related articles
Category: Security | Tags: , , , , ,
RB | January 5, 2012
4 comments

CSCO CEO Tries Bribing Shareholders To Get A Tax Break

Embattled Cisco (CSCO) CEO John Chambers recently urged the networking giants shareholders to lobby congress for a big corporate tax break. He tried to bribe promised to increase their dividend if the tax break comes through reported the BusinessInsider.

Cisco SystemsBI explains the CEO was talking specifically about repatriation, the term for when multinational corporations bring cash from overseas back into the U.S. Today they are charged the full corporate tax rate, 35%.

Mr. Chambers has been the poster child for multinationals like Cisco wanting to be granted another so-called “repatriation tax holiday” that would allow them to bring back more than a trillion dollars at a much lower tax rate. He even appeared on a 60 Minutes arguing for the plan. (I have written about Cisco’s efforts to dodge taxes here and here)

Money bagsMr. Chambers made the case that a repatriation tax holiday would be of personal benefit to Cisco shareholders. “Repatriation at a rate of between zero and 2 percent puts us on a level playing field,” he said. If Cisco could bring its overseas funds back it would spend them on beefing up manufacturing sites, jobs and “if approved” the company would “increase dividends,” he said.

“The current tax system was developed when Microsoft (MSFT) wasn’t even public,” the Cisco CEO said. He urged the assembled to “Take time to send a note to members of congress and others,” he urged.

In 2004 Cisco and other multinationals were granted a tax holiday. Opponents of a tax holiday for repatriation aren’t convinced that Cisco needs the tax break now. Some say that multinationals have accumulated offshore cash through gimmicks. They also point out that corporations can borrow against their overseas stash at really low rates and will use this as an ongoing method to avoid paying U.S. taxes.

Related articles
Category: Business | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »

Switch to our mobile site