Friday, August 29, 2008

Still Blogging

Evening,

I wanted to let everyone know I am still blogging! In fact I have two articles that I am in the process of developing and performing further research. I hope to have them published soon (in the next few days).

Sent via BlackBerry

Mobility

No, not the commercial about powered-scooters, but the ability to roam freely and still have access to all of your data. Mobility has become a growing trend, more and more websites focus heavily on mobile interfaces and applications, to ensure their user-base has access to the services provided, no matter their location.

I thought it would be fitting to type this blog entry on my Blackberry, the irony would have been warranted. However, due to still owning a 8700c, I do not have the ability to spell-check my emails (and I am a horrid speller). Although with the ability to post blog entries via email (through blogger), I most certainly could have done so.

A few years ago there was a big movement to enable websites to be compatible on cell-phones and develop mobile related applications. I will not lie, I was a non-believer. I didn't see the average person (even technical savvy ones) using their phone to browse the web.

Download speeds were horrible, and the content layout (on a tiny screen) almost unbearable. Combine these issues with high data prices, I saw the technology going no where fast! But then something interesting happened, smart phones became common ground.

No longer did you see only business executives and rich kids running around the streets with a "smart phones". These devices commonly tote QWERTY (Full) keyboards and a larger screen. The sole purpose of the device is to provide more features then just a "phone".

Now you had a small computer in your pocket. Replacing the old PDA with something that makes phone calls as well. You were walking around with a contact list, calendar, phone, and more, on one device. But best of all you had a web-browser.

All of the WAP enabled websites were easily accessible on a easy to use device, where ever you would go. At this point I jumped on the "band-wagon". I purchased a Blackberry. To be honest, my addition to the (sometimes referred to CrackBerry) device, has only grown stronger as time progresses.

I original used the device solely for email and appointments. Having the ability to keep in touch with clients, family, and friends was always helpful. But I also had an entire archive of my data. Anytime I would need to look something up, or recall a conversation, a quick search and I had the email.

From there I installed amazing apps such as, Opera Mini, Google Maps, TwitterBerry, Beyond411 and plenty more. I truly live a mobile life.

I spend the majority of my life away from the desk, and therefore away from the desktop. That is precisely the reason I own a "desktop-replacement" (overly powerful/slightly heave laptop). But when I am driving down the highway, booting my laptop and catching some WiFi isn't an option. Luckily I have the mobile market to turn to and trust.

With the release of the iPhone and the anticipated release of the Android platform, the experience is only getting better. More and more applications are released, and more and more services are being available each day.

If you haven't taken the plunge into the mobile market, now is the time to do so. The desktop computer will never be replaced, but in five years, you will most definitely have everything you need, in your pocket/hand.

Audio. Video. Data. AWIS.

Wanted to inform everyone of a new project I am working on.

You may have read a tweet of mine, noticed a news article, or spotted a forum post, but for now the details are staying secretive.

I posted a nice teaser on the project homepage: Project AWIS

Stay tuned for more information as we get closer to a "release" date.

Thursday, August 28, 2008

XP AntiVirus 2008 Fun...Not

Many of you have more then likely heard about the newest wave of malware, XP AntiVirus 2008, 2009, or the other list of names they are toting now. For those of you who have, skip below to the "story", for the rest, continue, and I'll briefly describe the newest trendy threat.

Threat:

Over the past few months large-scale web-defacement sprees have been compromising legitimate (popular) websites and injecting a whole slew of malicious code. Big-name sites once compromised, would deliver malware directly to the unsuspecting users who visited the site. With trust on the malware distributors side, many users would ignore the typical security precautions.

As this practice became more wide-spread the malware became a bit more "realistic" and "authentic" looking. The attacks turned from the typical "mysterious" files being pushed to the system, to an elaborate social-engineering workshop.

New malware is being developed that looks and functions much like real software. The first to hit the circuits was XP AntiVirus. The malware looks and functions exactly like real Anti Virus software, however in the background it is stealing all of your personal information (passwords, financial information, etc, etc).

Users would visit a legitamet (and trusted) website, which would inform them that "XP" had released an update to their AV product. Knowing they were on a popular, trusted site, they would then click "Ok", download the software and become infected.

Screenshots:



The Background:

My mother owns a number of computers, ranging from personal servers (that I have setup) to a few laptops. She runs Linux on everything, not by choice, simply because I force her to. I don't mean to sound harsh about it, but Linux doesn't suffer from half of the problems Windows does. And that is even more true with someone like your mother (who is more then likely not computer savvy).

However, I lied a bit, she does own and use one Windows-based laptop. Only one, every other component runs Linux (even the router). She refuses to give up this system, at all costs. Mainly due to a few very Linux-unfriendly websites and my lack of time to help get them working.

Of course this one Windows system is the one I receive the most "calls" about. Nothing is every working correctly, and every time I touch the thing there is another piece of spyware.

So after this last "rebuild" of the system I locked things down really well. To the point she was annoyed at the lack of usability. Unfortunately I made the mistake of locking the system down from external "unwanted" penetration. I didn't put much protection in place from the user. I assumed all of the "awareness" would work, and the system would stay in a fairly clean state.

Don't misunderstand, there were security applications, that prompted her when malice actions may be present (even if she was the one who started them), but lets face it, everyone clicks "Allow" anyway.

The Problem:

I was partially correct, the "awareness" did work, she herself did not infect her system with anything. But my brother did.

She was out of the house, and he "snuck" onto the system (which just-so-happened to be mistakenly unlocked). He downloaded the XPAV software to his PSP (Portable Playstation) and then transferred it to the laptop. He then installed the application (or should we now call it malware). Allowed all web-updates and downloads of further trojans. And then denied the entire thing.

The Solution:

This malware is changing everyday, and each infection is different. The malware downloads a number of additional malice components, and most is undetectable by current signatures.

So a complete re-install of Windows, and a lot of yelling was in order.

The Lesson:

Of course you have heard this before, and I can assure you, you will hear it again. The user is always the weakest link, and no matter how secure the system is, you have to educate the users. And protect yourself against them.

Also, don't just educate the primary user, stress the issues to anyone who may come in contact the system.

Oh - and lock your screen when you walk away.

More information of the malware can be found: here, here, or here.

Back...Again..Maybe?

Hello (yet again),

Well you can't say that I didn't warn you! And we all know that past actions predict future actions. You should have known the whole "blogging" thing wasn't going to work.

Yet, here I am sitting behind the keyboard, writing another post. I miss the "idea" of blogging, not the actual process. It truly isn't that I do not like blogging, because I do. I just can't seems to remember (or better yet fit the time into my day). But, I am going to work on that.

As of recent I have found the time to fit Twitter into my life. If I can post tweets, I can certainly post a few blurbs on a blog, right?

So expect some posts soon, or don't -- either way I am back for a bit...