Legal experts: LimeWire likely doomed | Media Maverick – CNET News

Posted on May 18, 2010 by wjimenez275

A federal court judge has likely dealt a death blow to LimeWire, one of the most popular and oldest file-sharing systems, according to legal experts.

Mark Gorton, LimeWire’s founder, could see a federal court decision force his company to shut down operations possibly very soon.

On Wednesday, CNET broke the news that U.S. District Judge Kimba Wood granted summary judgment in favor of the Recording Industry Association of America (RIAA), which filed a copyright lawsuit against LimeWire in 2006. In her decision, Wood ruled Lime Group, parent of LimeWire software maker Lime Wire, and founder Mark Gorton committed copyright infringement, induced copyright infringement, and engaged in unfair competition.

“It is obviously a fairly fatal decision for them,” said Michael Page, the San Francisco lawyer who represented file sharing service Grokster in the landmark case, MGM Studios, vs. Grokster and also represented Lime Wire’s former CTO in the company’s most recent copyright case. “If they don’t shut down, the other side will likely make a request for an injunction and there’s nothing left but to go on to calculating damages.”

With an injunction, the RIAA can force LimeWire to cease file-sharing operations.

via Legal experts: LimeWire likely doomed | Media Maverick – CNET News.

Filed under: Uncategorized | 1 Comment »

Laptop Scandal School’s Own Law Firm: Aside From Those 58,000 Spy Photos, There’s No Evidence Of Spying | Techdirt

Posted on May 17, 2010 by wjimenez275

A law firm employed by the Pennsylvania school district caught using student laptop webcams to spy on students at home has released a 72-page report pdf on the incident after a 10-week investigation. Most of the report’s findings aren’t too surprising; it exonerates most higher-level school officials like any wealthy school district’s in-house investigation should, concluding that there’s no evidence indicating that anybody above the IT level “knew how TheftTrack worked or understood that it could collect large quantities of webcam photographs or screenshots.” The report also confirms reports that the system took some 58,000 images — a far cry from the 42 images the school originally claimed.Aside from those 57,958 extra photos and screenshots, e-mails alleging that school administrators found the spy technology entertaining — and the fact the system was only unearthed in the first place because a student’s at-home behavior was spied on — the study concludes that “we found no evidence that District personnel used TheftTrack to “spy” on students.” Still, at least the report slams the school district for being “overzealous” in their use of the technology, and for having a complete disregard for student privacy:

Although there is no forensic method to determine with certainty how often images stored on the LANrev server were viewed, we found no evidence that any District 3 personnel surreptitiously downloaded images from the LANrev server. Rather, the collection of images from laptops while they were in the possession of students resulted from the district’s failure to implement policies, procedures and recordkeeping requirements, and the overzealous and questionable use of technology by IS personnel without any apparent regard for privacy considerations or sufficient consultation with administrators.

By and large the study places the lion’s share of the blame on school IT folks, most of whom were already forced to retire. It does seem rather convenient that the district was allowed to hire their own law firm to investigate (at least when lawyers weren’t working with plaintiffs to allegedly help keep evidence out of the hands of federal investigators). That’s of course the first thing the lawyer for the district’s former IS director Virginia DiMedio complained about. While the IT folks certainly appear oblivious and culpable, there seems to be plenty of incompetence to go around. Hopefully higher level administrators aren’t entirely immune to the ultimate fallout, given they failed to pay any attention to the fact their district was busily building a little Macbook surveillance state with little to no accountability.

via Laptop Scandal School’s Own Law Firm: Aside From Those 58,000 Spy Photos, There’s No Evidence Of Spying | Techdirt.

Filed under: Uncategorized | 1 Comment »

Defective McAfee update causes worldwide meltdown of XP PCs | Ed Bott’s Microsoft Report | ZDNet.com

Posted on April 21, 2010 by wjimenez275

At 6AM today, McAfee released an update to its antivirus definitions for corporate customers that had a slight problem. And by “slight problem,” I mean the kind that renders a PC useless until tech support shows up to repair the damage manually. Here’s how the SANS Internet Storm Center describes the screw-up:McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus.McAfee now has its own KnowledgeBase page posted, with details about the problem and the fix. The symptoms are described, tersely, as “Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.”

via Defective McAfee update causes worldwide meltdown of XP PCs | Ed Bott’s Microsoft Report | ZDNet.com.

Filed under: Instructional, PC Security | 1 Comment »

Adobe Issues Workaround for Security Issue

Posted on April 8, 2010 by wjimenez275
Adobe has issued a security warning in regard to PDF files that have other files attached to them. Security researchers have found new ways for common PDF documents to release malicious code without the knowledge of the person opening them.

As Adobe investigates this, you must use the following method to disable this risk.

Open up Adobe Reader. Click on Edit on the upper menu bar and then click on the Preferences option at the bottom of the drop down. Click on “Trust Manager” in the left pane. Clear the check box “Allow opening of non-PDF file attachments with external applications”  Click Ok to exit the screen.

For Mac users, the Preferences option can be found under the Adobe Reader name on the upper menu bar.

Filed under: Uncategorized | 1 Comment »

FIFA World Cup themed malware campaign spreads malicious PDF files | Zero Day | ZDNet.com

Posted on March 29, 2010 by wjimenez275

For all of you World Cup Soccer fans:

Researchers from Symantec are reporting on an ongoing targeted malware campaign using a FIFA World Cup 2010 theme, in an attempt to trick end users into executing a malicious PDF file, exploiting a recently patched flaw in Adobe Reader.More details on the campaign:The attackers have downloaded Greenlife’s PDF document, and changed it to include malicious code. They then attempted to email the malicious PDF to a user in a major international organization that brings together governments from all over the world. We should emphasize that downloading the PDF from the Greenlife website is perfectly safe at the time of writing this blog.The attack makes use of a recently patched vulnerability in Adobe Reader – CVE-2010-0188. The patch for this critical rated vulnerability was released by Adobe on February 16, 2010. Since then we have observed a large number of targeted attacks attempting to exploit this vulnerability. Proof-of-Concept exploit code is available in the Internet which is contributing to the large number of observed attacks. The exploit makes use of a flaw in the TIFF file parsing in Adobe Reader. In particular, a stack overflow is caused by inserting a TIFF image into the PDF with a specially crafted “DotRange” tag.

According to recent reports, malicious PDF files not only comprised 80 percent of all exploits for 2009, but also, represent the preferred infection vector for targeted attacks in general, for the first time ever surpassing the use of malicious Microsoft Office files.

Users should not just update their Adobe products, or perhaps even consider an alternative PDF reader, if truly paranoid. They should take a comprehensive approach when dealing with all the 3rd party applications and browser plugins, currently installed.

via FIFA World Cup themed malware campaign spreads malicious PDF files | Zero Day | ZDNet.com.

Filed under: Instructional, PC Security, Uncategorized | Leave a comment »

LifeLock Settles FTC Charges For $12 Million — InformationWeek

Posted on March 23, 2010 by wjimenez275

I was thinking about using them. With the ease of identity theft, there must be something that can be used…Common sense?

The FTC complaint alleged that the firm’s identity theft protection and data security claims were false.By Thomas ClaburnInformationWeekMarch 10, 2010 11:19 AMThe Federal Trade Commission on Tuesday announced that identity theft protection company LifeLock has agreed to pay $12 million to the FTC and 35 state attorneys general to settle charges that its service doesn’t work as advertised.The agency says the payment represents one of the largest FTC-coordinated settlements on record. The settlement forbids company principals from making further deceptive claims and requires the company to take measures to protect customer data.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz in a statement.Since 2006, LifeLock has been charging customers $10 per month to protect them against identity theft. The company rose to prominence as a result of its advertising campaign involving the public display of CEO Todd Davis’s social security number on the side of a truck, ostensibly as proof that its identity theft protection service worked.

The FTC charged that the fraud alerts LifeLock placed on customer accounts weren’t effective against most types of identity theft, that its service claims were false, and that its data protection claims were false.

In 2008, LifeLock was sued in a civil lawsuit that made claims similar to the FTC’s allegations. That lawsuit alleged that “the statements by LifeLock’s CEO regarding the ability of LifeLock to protect his own identity are deceptive because his identity was stolen while he was a customer…”

via LifeLock Settles FTC Charges For $12 Million — InformationWeek.

Filed under: Instructional, Uncategorized | 1 Comment »

Do You Really Know Where That Link Is Taking You?

Posted on March 19, 2010 by wjimenez275

These are some scary technical times we live in. Yes, it’s very nice that everything is available with a click of the mouse button, but do you really know where that click is taking you?

Scammers are taking advantage of every hot news story out. Do a search for an issue and the results may contain poisoned links that lead to malware. The malware could be in the form of rogue antivirus software, which looks like a professional looking antivirus program and warns you of non-existent infections. The fake apps then push you to buy a license for the software to clean up the fake malware it finds. Once you’ve clicked on that link, look out. Some of the things the downloaded malware will do is steal passwords and logins by recording your keystrokes. It can install programs that will turn your computer into  bot to be used in future infections of other computers. It could be used to hold your data for ransom, where the owner of the malware charges you in order to receive the removal information. In many instances,  you’re reformatting your hard drive and reinstalling your programs.

So, how do you really know that the link you’re clicking on is safe? My preference is to install W.O.T. (Web of Trust) in your browser. When you do a search, W.O.T. will place a circle next to the link and it will be Green for safe, Yellow for caution, and Red for stay-away. The other thing you can do with W.O.T. is to right-click on a link on a website and choose View WOT Scorecard. That will take you to a page that shows you the ratings of the page before you actually visit it. The latest browsers are trying to help keep you safe as well, with built-in phishing and malware protection so it’s recommended that you update your browsers to the most recent versions. You can find the latest version of Firefox here, Internet Explorer here, and Google Chrome here.

Now and in the future, it’s really important to be careful about your browsing. Make sure the links you click on are going to be good for you.

Filed under: Instructional, PC Security, Uncategorized | 2 Comments »

You might be breaking the law with your computer: UPDATED | 10 Things | TechRepublic.com

Posted on March 17, 2010 by wjimenez275

Twice this week I’ve had people ask me that  if they connect to a neighbor’s unsecured wi-fi if it is possible that their neighbor could gain access to their files or information. I told them that since they were actually joining that neighbor’s network, than under certain circumstances, yes their information could be accessed. I was reminded of the other reason you may not want to ride your neighbor’s wi-fi in this article of 10 ways you might be breaking the law with your computer. The item pertaining to this topic follows.

State and federal laws regarding access to networks

Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompass connecting to a wireless network without explicit permission, even if the Wi-Fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime. But if you decide to hop onto the nearest unencrypted Wi-Fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café’s Wi-Fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.

The federal law that covers unauthorized access is Title 18 U.S.C. Section 1030, which prohibits intentionally accessing a computer without authorization or exceeding authorized access. But it applies to “protected computers,” which are defined as those used by the U.S. government, by a financial institution, or used in or affecting interstate or foreign commerce. In addition to fines and imprisonment, penalties include forfeiture of any personal property used to commit the crime or derived from proceeds traceable to any violation. You can read the text of that section here.

In a recent case regarding unauthorized access, a high profile lawsuit was filed against a school district in Pennsylvania by students who alleged that district personnel activated their school-issued laptops in their homes and spied on them with the laptops’ webcams. The FBI is investigating to determine whether any criminal laws were broken. Because the school district owned the computers, there is controversy over whether they had the right to remotely access them without the permission of the users.

via 10 ways you might be breaking the law with your computer: UPDATED | 10 Things | TechRepublic.com.

Filed under: Instructional, Internet Items, PC Security | Leave a comment »

Are you still texting while you drive?

Posted on March 12, 2010 by wjimenez275

I see it all of the time. People driving next to me looking down at their phones while texting. If they knew about this site, they’d be able to send texts verbally to anyone on their contact list.

I came across Dial2Do the other day. I’m signing up for the 30 day trial period and will let you know my thoughts, but what it proposes to do is great for those of us on the road a lot.

Not only can you  send texts, but you can create reminders, and even listen to and send e-mail – all while keeping your hands on the wheel and your eyes on the road. For those using Twitter, you can send your tweets verbally. The reminders are transcribed and sent to your listed e-mail account. You can send thoughts and ideas to your Evernote account. You can get local weather, and listen to news feeds, and much more.

The cost? $40/year or $4/month. The cost of a cell phone usage ticket? Around here it’s $275.  I’m going to try it. I’ll report back in a few weeks.

Filed under: Instructional, Uncategorized | 1 Comment »

Trojan Pretends to Be Microsoft Security Suite – www.esecurityplanet.com

Posted on March 4, 2010 by wjimenez275

Microsoft is warning users that a Trojan is masquerading as the company’s popular free Microsoft Security Essentials (MSE) package.

The alert came from Microsoft’s (NASDAQ: MSFT) Malware Protection Center (MMPC) on Wednesday.

“One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software,” Microsoft said in a post on the MMPC’s Threat Research & Response Blog. “So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials.”

The masquerading rogue security tool goes by the name Security Essentials 2010, which is very similar to the actual name of Microsoft’s suite, though the real suite does not have a date in its name.

Users who encounter the fake will see a bogus malware detection scanner that reports many files on a PC are infected with various types of malware, including Trojans and adware, replete with what looks like a legit “system warning.”

Users infected with the Trojan, known as Win32/Fakeinit, will be presented with a screen informing them that the software is just a “trial version” and that “removal and real-time protection features are disabled.”

The solution, the fake software informs users, is to “activate [the] full version.”

That’s not a good idea, however.

“Fakeinit’s downloader not only installs the fake scanner component — it also monitors other running processes and attempts to terminate the ones it doesn’t like, claiming that they are infected,” Microsoft’s blog entry cautions.

The bogus anti-malware product also makes changes to the user’s registry to lower security settings, and to prevent users from deleting the “Your System Is Infected” background that it displays in order to raise the user’s anxiety level.

According to the blog post, Fakeinit also downloads a second Trojan that installs the Alureon rootkit — another piece of malware that Microsoft warned a week ago was the source of many Windows XP machines exhibiting blue screens and constant reboots.

Additionally, the malware cuts off access to a list of URLs popular with users, including Ask.com, Amazon.com, Craigslist.com and many others, according to Microsoft.

Aside from some minor grammatical errors in the text — a common tipoff that a piece of software is actually malware — what gives away the real purpose of the bogus software are the statements identifying it as a “trial version” and requests to activate the full product.

The actual Microsoft Security Essentials suite is available without charge from Microsoft.com.

via Trojan Pretends to Be Microsoft Security Suite – www.esecurityplanet.com.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Filed under: Instructional, PC Security | 4 Comments »

« Previous PageNext Page »