Facing Up to Facebook
Vol.1, #17 – November 4, 2011 – Issue #17
- Editor’s Dossier
– Facing Up to Facebook
- Eyes Only Your Viewpoint on Security Issues
– Adobe Offends
– Virus Calls
– Super Cookies – Not So Super
– Verizon without Symbols
- Operations: What You Need To Know
– Facebook CTO Bret Taylor: Majority Use The Privacy Settings
– Free Malware Removal
– Free Support
- Deb’s Deep Dive
– Taking a closer look at Windows Remote Desktop Protocol (RDP)
- Zone – Cool Products & Other Stuff
– Blue Angels
– Life of Flowers
– Tablecloth Trick
– Flying High
– NASA Studying Ways to Make ‘Tractor Beams’ a Reality
– Little Bot of Horrors: Insect-Eating Robots Act As Venus Flytraps
– How Google’s Self-Driving Car Works
Facing Up to Facebook
Welcome to November! In beautiful Tampa Bay it is a most welcome relief to the heat of the summer.
Facebook appears to always be in the news. The controversy surrounding this social media network is endless, whether it is on privacy issues, security or safety for families and children. To their credit, Facebook addresses these issues forthrightly. Not too long ago Facebook’s Chief Technology Officer Bret Taylor related that the majority of the people using the social network have privacy settings enabled. Privacy awareness is at an all-time high I would think. You can read a bit more about what he had to say in Operations.
Deb Shinder digs real deep into Windows Remote Desktop Protocol (provides users with an interface to another computer), this week in Deb’s Deep Dive.
Privacy seems to be taking a hit in London with police able to zero in on conversations and even shut your mobile phone down. Read more in Dirty Tricks.
Enjoy the latest issue of VIPRESecurityNews. And remember stay safe out there.
P.S. You can write to me at any time, I want to know how you feel about Internet security and if you have any ideas for articles or subjects you would like us to cover. Email me feedback@SunbeltSecurityNews.com
Eyes Only Your Viewpoint on Security Issues
I found that Adobe is a big offender regarding add-ons. When I go to update my Adobe Acrobat & Reader, I have to look at screen carefully because somewhere, usually in an upper corner is a checked box. Once it was a toolbar, IE9, this time around it is Google Chrome which I do not want. Got caught once & had a heck of a time uninstalling it. Maybe they think they’re doing us a favor, NOT. Keep up the great work. – KS
I read the article Microsoft calling… had to laugh as I had the same experience this week… (I am in Cape Town). An Indian lady called to say that she was from a company and that she had to warn all private computer owners that Windows had contracted a virus and it was being downloaded with the updates. She informed me that I just had to follow her instructions, i.e. go to Start Menu… Well, I told her that I don’t know who she is and to please stop wasting my time. She was very insistent and started repeating the whole tale again to which I said Goodbye! Thanks for your newsletter. – SJ
Super Cookies – Not So Super
I’ve been reading about the increasing number of “super cookies” that can track everywhere that one visits on their PC and then report this information back to the planter of the cookie. Are there any plans in the works from Sunbelt/VIPRE/GFI to treat these cookies like the malware that they are and either eliminate them on scans or (preferably) prevent them from being planted in the first place? – DK
Editor’s Note: Dodi Glenn, our fearless VIPRE Product Manager, weighed in on the super cookie story. “Super cookies or “flash based cookies” can be removed by using a free program called CCleaner (not an application created by GFI nor supported by GFI). I personally do not believe that browser based tracking represents as big as a threat as some have made it. In the event something actually malicious, such as an exploit, initiates from a super cookie, we are able to create a detection for it.
Verizon without Symbols
Re: the gentleman who has Bell Canada. I have Verizon as my internet supplier & I too have a problem with their security. They will NOT allow passwords to use Symbols, which would provide a strong password. They also limit you to a fairly short P/W. The only thing to do is alter between Caps & Lower case & throw sum numbers in-between. But how many people really do that? I had to fight with customer service for over an hour to change my router (they provided it) P/W to something other than the word “password”. They used that for everyone. Can you believe it??? Obviously Verizon does not care about their customers’ security. Love my weekly newsletters & read them faithfully. I often forward them to friends & family. – KS
Operations: What You Need To Know
Facebook CTO Bret Taylor: Majority Use The Privacy Settings
Yes I am sure a few of you are not on Facebook, but from what I can tell the vast majority of our readers are using the network. You can skip this section if you are not. But if you are Taylor makes some poignant remarks about online privacy and worth a read.
“The majority of people on Facebook have modified their privacy settings. I think the people who use Facebook a lot are very, very aware of privacy settings. They know exactly what their current boyfriend or ex can see. As our service has grown, there’s a lot of increasing scrutiny on how we provide our service. If we can make your privacy controls so transparent that you are comfortable with sharing data on Facebook, that’s good. We certainly hope to make the privacy settings as accessible as possible.
“Activity log is a new feature, part of our timeline. It’s a private page that’s the backend of your timeline, all content you’ve shared on Facebook for all time. You can browse it, and navigate by time. It’s a single place on Facebook where you can see all your information. If we can give people granularity over the control of sharing data, the more these products will see. If you’re going for a job interview, you can go back and change photos of yourself posted in college. A lot of that was there before but we made it more accessible.”
Free Malware Removal
Malicious software is tricky and sometimes, these critters get through all your layers of protection. However, did you know that we will remove malware that has gotten into your computer for free? All you need is a valid subscription to VIPRE and our team of malware removal specialists will get the bad guys out. Our team will assist any customer that becomes infected while under VIPRE’s protection. Just go online and fill out the support form and a member of our Malware Removal Team will get back to you right away. You don’t have to pay for this incredible service.
Like our Malware Removal Team above our Support Team is also at your service. You don’t have to call in or send emails or wait in line, just fill out our support page and you will automatically create a support “case”. So should you be experiencing technical issues with your GFI product please feel free to fill out a support request and a technician will be happy to assist you.
Stay on top of all the real-time threats: GFI Malware Research Labs
Deb’s Deep Dive
Taking a closer look at Windows Remote Desktop Protocol (RDP)
You might be one of those Windows users who has come across the Remote Desktop Connection client in the Accessories folder of the Start menu, briefly wondered what it was, decided it didn’t pertain to you, and moved on. You might be one of the many who have used the Remote Desktop Protocol (RDP) without realizing it – when getting or providing assistance with computer problems using the Remote Assistance feature that first appeared in Windows XP and has been included in subsequent versions of Windows. You might be one of us who uses RDP daily to access the desktop of another computer on your home or office local network (for example, to run a program on your upstairs game room computer from the computer in the bedroom or kitchen). Or you might be an RDP power user who connects to your home computer’s desktop over the Internet from work or a hotel room.
Remote Desktop is a wonderful feature that can add convenience and even save you money. You can set up one powerful system to run processor or memory hungry applications and instead of having to duplicate that setup in other locations, use low-powered, inexpensive machines to connect to it. The Remote Desktop host machine does all the work, and the experience is almost like being there. You can, for example, have all the features of Windows 7 and its apps when working on an old XP computer. You can even install a RDP client on your tablet or mobile phone (and it doesn’t have to be a Windows-based phone or tablet – there are apps for iPad/iPhone and Android, too), and run your computer’s desktop from those devices. Or you can connect from a Linux or UNIX computer using an open source command line program called rdesktop or a graphical RDP client program called tsclient. (The “ts” stands for Terminal Services, the server implementation of RDP that was first introduced in Windows NT and allows multiple client connections with separate desktops).
There are few caveats for using RDP in a home or small office setup (without a terminal server). Only the Professional and above editions of Windows can be Remote Desktop hosts, although you can use the Home editions as clients to connect to them. You will need to leave the host computer turned on, and of course, you have to have permissions set to allow you to connect to it. And there are some security issues involved, especially when you use RDP over the Internet.
You’ll get the best Remote Desktop experience if you use the latest version of the Remote Desktop Connection client, v7.1 (which is added to Windows 7 by Service Pack 1), or at least v7.0 (which comes with Windows 7). This version lets you get the Aero Glass UI on your remote desktop and it also gives you true multi-monitor support and Windows Media Player redirection. You have to be connecting from a Windows 7 client computer to get these advanced features, though.
Another reason to use the latest version of the Remote Desktop Connection client is security. Old versions don’t support the highest levels of encryption. Starting with v6.0 of the RDC client, you can use Secure Sockets Layer/Transport Layer Security (SSL/TLS) for authentication, along with Federal Information Processing Standard (FIPS) grade encryption for connecting to a Vista or Windows 7 desktop (previously you could only do this when connecting to a Windows Server 2003 SP1 server or above). There are also third party products that can be used to create a Secure Shell (SSH) tunnel through which you can connect to a Remote Desktop Session.
There have been vulnerabilities discovered in the Remote Desktop Protocol itself, so it’s important to make sure that when you enable RDP on a computer, you also keep it current on security updates. Remote Desktop can help you do more, but you should always follow standard security best practices to ensure that it doesn’t open you up to risks.
‘Til next week,
Deb Shinder, Contributing Editor
London’s Met Police Uses ‘Blanket Tracking System’ To Intercept/Remotely Shut Down Mobile Phones
London’s Metropolitan Police, headquartered at Scotland Yard, has been accused by privacy campaigners of violating citizens’ privacy and civil liberties, after it was discovered that the police service had acquired military-grade surveillance equipment to track and if necessary, disable mobile phones.
Facial Recognition Software Could Reveal Your Social Security Number
According to a new study which will be presented August 4 at the Black Hat security conference in Las Vegas, technology has made it possible to identify and gain the personal information of strangers by using facial recognition and social media profiles like Facebook.
Adobe to Plug Flash-Related Webcam Spying Hole
Adobe Systems is working on a fix for a Flash-related vulnerability that could be used by Web sites to surreptitiously turn on a visitor’s microphone or Webcam.
Is Your Phone Spying On You?
Did you opt in to constant surveillance just because you bought a smartphone? The answer is “somewhat,” but at least when it’s your own device doing the tracking you can do something about it. In this episode of Device & Conquer, I’ll lay out how your phone can track you, dispel a few myths about that, and about GPS satellites, and give you a few tips for taking back what privacy you still have.
Java Update Plugs 20 Critical Security Holes
Oracle has shipped a critical Java update to fix at least 20 security vulnerabilities, some serious enough to cause remote code execution attacks.
Making Search More Secure
We’ve worked hard over the past few years to increase our services’ use of an encryption protocol called SSL, as well as encouraging the industry to adopt stronger security standards… As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a Wi-Fi hotspot in an Internet cafe.
Zone – Cool Products & Other Stuff
I am always looking for some hot stuff to share with our readers maybe you are too. Hit me back at firstname.lastname@example.org.
Cockpit footage taken from the backseat of a Blue Angels jet during an airshow. This looks like so much fun:
Life of Flowers
Watch and listen to “Life of Flowers” and see if it doesn’t makes you smile:
“Hi, this is Michael – and this is Sven. And today we show the ultimate trick.”
I want to tell you about a guy named Jeb Corliss. He has a most unusual occupation as a professional BASE jumper, skydiver, and wingsuit flyer. He has jumped from sites including Paris’ Eiffel Tower, Seattle’s Space Needle, and the Petronas Twin Towers in Kuala Lumpur, Malaysia. This stuff is pretty amazing folks – better strap on your own seatbelt.
NASA Studying Ways to Make ‘Tractor Beams’ a Reality
Tractor beams — the ability to trap and move objects using laser light — are the stuff of science fiction, but a team of NASA scientists has won funding to study the concept for remotely capturing planetary or atmospheric particles and delivering them to a robotic rover or orbiting spacecraft for analysis.
Little Bot of Horrors: Insect-Eating Robots Act As Venus Flytraps
Robots might bake cookies or vacuum your rugs, and that all sounds very nice. But what do you think about robots trained to eat living organic matter, as in machine versions of the carnivorous Venus flytrap?
How Google’s Self-Driving Car Works
When word spread that Google was testing a self-driving car, the technology was heralded as the transportation wave of the future. Programmed with optimal fuel efficiency and safety in mind, the company claimed that it can reduce car accident by half. But despite some nifty navigational chops, beneath it all, isn’t it still a heartless, calculating robot making some potentially life or death decisions?