If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

December 19th 2007 indictments were handed down to Michael and Robert Edmond of Texas. Working mainly from there rural Richmond, TX home, the Grand Jury charges basically boiled down to trafficking counterfeit Cisco products. The counterfeit computer equipment had cheap knock off network components purchased from China wrapped in Cisco cases and boxes. Cisco is a company that manufactures and sells computer hardware that focuses on networking computers together. Together, Robert and Michael have 12 substantive counts of ‘conspiring to traffic in counterfeit computer products’.

To the the average man or woman on the street, this may not seem to be a big deal. “How does that effect me?” Well it is a big deal to Homeland Security and Security experts in general. What if I told you that according to the indictment, the two brothers shipped some of the counterfeit networking products directly to the Marine Corps, Federal Aviation Administration, Air Force defense contractors, universities, financial institutions, Department of Energy, and the FBI?

Popular Mechanics wrote an indepth article called “The Manchurian Chip” after attending a briefing hosted by Homeland Security. During this briefing, Michael Chertoff ( Secretary of Homeland Security ) brought up some sobering issues… “Increasingly when you buy computers they have components that originate … all around the world,” he said. “We need to look at … how we assure that people are not embedding in very small components … that can be triggered remotely.”

Whether it is Al-Quida against the US or one of it’s allies, Lebanon or Syria against Israel, North Korea against the rest of the world…. How easy would it be for some ill-doer to encrypt a code into the hardware in order to reroute servers ( pharming through DNS ), just start transmitting data, or shutting down personal and national security systems at any given time? Remember… Some no-name clone chips, from who knows where, made there way into networks for air traffic control towers, banks and weapons systems. ( Does anyone remember “Die Hard 2″ ? ) The thing is this, if a software problem arises such as a virus, or phishing scheme, or spyware, it is relatively easy to fix it over the network. Send out an update, a patch or service pack. But if ( and that’s a BIG IF ) a hardware problem is found it needs to be physically repaired one at a time meaning that a large network could take months.

The possibilities of damage that can be done here are only limited by the imagination. Those that are a little technically inclined all ready know how easy it is hack into an unsecured computer or network. And they know that about 90% of all home computers are not adequately protected. How long will people stay blind to the various online threats? While many companies can protect your personal identity, How much more important will it be if an out Hi-Tech war is started?

Soooooo……..

You thought that all your firewalls and encrypted passwords, anti spyware and anti virus programs were keeping you safe? Here is just a snippet of the 2008 Web Security Trends Report, as described by Yuval Ben-Itzhak, CTO of Finjan - a global provider of web security solutions for the enterprise market.

Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites.

“Currently, we see the rise of the Crimeware-as-a-Service (CaaS) business model in the Crimeware-toolkit market. Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,”

Long gone are the days of pimply faced geeks sitting around trying to remap your keyboard. It’s called Crimeware-as-a-Service (CaaS) and it’s high tech organized crime.

Here is another gem from Dark Reading:

“We are starting to see more sites like this, where criminals are going another step forward and turn out to be a service, a cybercrime as a service,” says Yuval Ben-Itzhak, CTO at Finjan.

“With relatively less effort, they can get more money. Instead of collecting data and trying to sell it, which takes more time, they build a platform to do that, and can reach a wider audience that would like to commit these crimes,” he says. This lets other criminals who don’t want to install and update their own software or run their own malicious servers get their stolen information via a Web-based service that does the dirty work for them.

“This is another step forward for criminals to improve their market, the commercialization of stolen data,” he says.

There is not enough room to cover it all here so the links to the full reports are included above. I encourage everyone to read them in there entirety and re-evaluate there self worth. Because you really are not worth much according to the FraudArena. There is a growing trend to market infrastructure to harvest your personal information. While it is precious to you and I, this report from FraudArena tells me how little my personal information is worth. I’ll give you a high-level look, but check the site.

So, do you still feel safe knowing that for the price of a movie and dinner with your significant other, a no name - no face thug can wipe you out. It’s not going to get better so that’s why it’s now more important then ever to protect yourself and stop relying on a piece of computer equipment or software, because now they are quickly becoming the enemy.

Information on how to secure your e-mail abounds. But much of it is advanced and doesn’t apply to the typical end user. Spam filters, setting up encryption on mail servers, and e-mail gateway virus scanner management is just asking to much from most computer users. Even then you can narrow it down it individual mail clients like Microsoft Outlook, Mozilla Thunderbird, or Mutt. One on one I wish more people learn more about the software they use. But below is a small list of key practices that EVERYONE should take to heart because it not only affects you… it affects everyone in your email list.

1) Use a Email client that is strictly, or can be configured to render plain text only. Clients like Outllook and Thunderbird can render HTML e-mails, at least configure it to render simplified HTML instead of rich or ‘original’ HTML. This way you reduce the risk of being phished by security crackers and identity thieves. With plain text you are less likely to identify yourself as a valid recipient of spam.

2) If privacy is an issue, avoid the web based servers like Gmail, Yahoo, and Hotmail. (Do I even have to mention AOL?) Instead, use a local POP3 or IMAP client to retrieve e-mail. Even then do your home work and be proactive because even if your Webmail service provider’s security policies seem sufficient, some providers have been accused of selling e-mail addresses to spamming partners. One point in case is Hushmail who proved to be less than diligent in providing security to their users’ e-mail.

3) It’s a good idea to make sure, even if the e-mail itself isn’t,that your e-mail authentication process is encrypted. Quite simply, You do not want some security cracker intercepting your authentication session with the mail server. If someone does this, that person can then send e-mails as you, receive your e-mail, and in general just be a major headache. Check with your ISP to determine whether authentication is encrypted and even how it is encrypted.

4) Digitally sign your e-mails. A couple of tools to do this are PGP and GnuPG. They attach a private key to e-mails. This way recipients who have your public key will be able to determine that nobody could have sent the e-mail in question without having access to your private key. Even then, you need to protect your private key.

5) If, for any reason, you absolutely must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public ore otherwise unsecured network.

Or lastly, Let Spam Arrest worry about it for you. You should know that filters don’t work. The filter robots can flag a utility bill as easy as a off shore oil joint venture. You’ve heard the saying that “If you ain’t on the list – you ain’t getting in”. No one gets in without permission. It will even protect your existing e-mail addresses. Read more HERE.

As a computer tech, I get quite a bit of feed back about XP over Vista (or visa-versa). A random sample of 10 people would go something like. 1 preferred Vista, 4 would prefer XP, 2 didn’t care and 3 didn’t know how to right click a mouse.

One big advantage of Vista would be its ability to do system repairs during start up. It will automatically switch to startup repair mode if it detects a corrupted registry, finds windows system files missing or damaged device drivers. It will also go as far as to do a memory test of hard drive repair after a system crash or blue screen. With XP, all this needed to be done manually. As a computer tech that’s no problem so now most of the work is done for me and it makes it easier for the end users to maintain there own system. So even if I don’t like it…. I like other people having it.

Being able to see snapshots of running programs as you run over the tabs, and having a centralizes location when browsing for programs makes it a bit more organized and easier on the eyes if your into fluff.

They also have 4 different versions of Vista. On one hand this is good because big businesses can get advanced encryption and back up routines, while for a lower cost consumers can get a scaled down, less expensive version that still does everything it needs to do.

Now then, heres why XP is, and should be, the operating system of choice. Most of the kinks have been worked out of XP while Vista is just starting to roll out the service packs. Also that just about every product on the market still works with XP. In time that will change and we will all be forced to use Vista but for now, but consider that many companies have proprietary software written for them. So before upgrading to Vista, be sure to contact the software manufacturer if updates will be needed and are available.

The number one reason that XP will remain the OS of choice is the plain fact that people are creatures of habit and don’t like change… Don’t want to learn a new program. That includes me. But like it or not, we are all just lemmings to the great and powerful OZ known as Microsoft.

It takes all kinds. At least a couple times a week I have a customer calling me up for support because they get the dreaded ‘blue screen of death’ or some other explorer error. Heck, one fella even refused to believe that his 7 year old modem was bad. We were sending him a noisy signal even though all his cable TVs were working.

It is extremely difficult to explain what a corrupted registry is, or why it serves no purpose to have an anti-virus program that has not bee updated in a year. So I come across this little goody called EAZ-FIX that does not rely on your operating system to boot in order to recover from system crash. EAZ-FIX restores PCs back to an operating condition even with a failed operating system and /or corrupted registry. Unlike other system recovery methods, EAZ-FIX does not rely on the Microsoft Windows operation system for operation. Working below the operating system at the disk level, EAZ-FIX monitors and controls disk I/O, and ensures full restoration of the operating system within a boot cycle – even after catastrophic failures.

Like I always say…. Learn how to maintain your own system or get cozy paying some one else to do it for ya.