As a computer professional, people often tell me how they turn their computer off at night to save power, usually with a degree of glum "I'm so green" about them.
I usually smile politely, then ask them what time of day they are running their antivirus / security updates?
Usually they stammer and say something like "oh, I check all the time", but you can tell from the hesitation and the look of horror in their face...
Mari Nichols, one of the handlers on ISC's "Internet Storm Center" (if you care about security much, then http://isc.sans.org/ should be in your favorites) tells the story in a recent diary entry about a town who's computers were hit with a big old infection. The CIO was somewhat taken aback that the only computers not affected were the ones who had ignored the cost-savings plan implemented by the town, which involved powering down their computers at night.
We computer in a dangerous time -- take a look at the size of your antivirus' latest dat file if you doubt that. We can ill afford to be anything less than diligent in the applications of AV datfile updates and OS and application security patches, and, to be perfectly frank, those things usually happen at night.
In powersave or low-power mode (not sleep or hibernation), the power curve on a modern desktop is infintessimal, so, as long as you power down the monitor and peripherals, you are still saving a BUNCH of power if you leave the computer itself on. I even suggest not clamshelling your laptop overnight at least once a week so it can catch up on updates.
Monday, February 22, 2010
Thursday, February 18, 2010
Oops X 2
About a month ago, I noticed that my subscription to the Dell Datasafe service that had come with my computer was expiring. I wanted to hang on to an online backup system, but, frankly, I was a little unhappy with the Dell service, and I figured if I was going to pay more than the $20 or so that they were charging, I might as well go with someone I knew to be a pretty good company. Enter Carbonite
Part 2
Last night I was playing around with Huggle. Huggle is a program written to make it easier to revert vandalism in Wikipedia. I like a clean encyclopedia, and I've been doing some vandalism reversion sorta manually for a while, but Huggle takes this process and adds crack. After about 45 minutes or so on Huggle, I reverted something like 300 vandalisms.
Little did I know that I had stumbled into the hornets nest. I was reverting entries that had been chosen for vandalism by people on a certain website known for being, well, to use a term found liberally on that website, asshats (hint: this is not the "goon" website, but the other one). They decided to go after me. I'm told by another Wikipedia person that they posted all kinds of personal stuff about me -- as evidenced by the number of hits to my photo blog that the tracker said came from either Wikipedia, Facebook, or the website in question between 11:00pm and 4:00am (haha, they made money for me thanks to Google Adsense!!).
But these particular asshats are the kind that would probably like to retaliate, and with that in mind, I decided that I needed to dial up the level of vigilance on my identity protection. I signed myself and my wife up for a LifeLock account to supplement the other services I have in place.
If you know me, you probably know that I consider myself somewhat left of the political center. Not crazy-out-there-left, but certainly closer to Jon Stewart than Bill O'Reilly. So, imagine my surprise when I found out that there is a big boycott of the Glenn Beck show, and, damn it, I have given business to two of the last 13 advertisers he has.
I guess it makes sense, both of these businesses are easy sells to people who are scared, and noone scares people like Glenn Beck. The same people who are going to dump everything into gold because the evil socialist facist Nazi is going to bankrupt us and send us into a depression are suckers for data backup and identity protection.
I've sent them a couple of carefully worded e-mails to the effect that "you got my money for this period, but no more, and I really feel bad because you are good choices for these services, but I don't want to support (change to really evil looking, blood dripping font) him (back to normal font)."
Part 2
Last night I was playing around with Huggle. Huggle is a program written to make it easier to revert vandalism in Wikipedia. I like a clean encyclopedia, and I've been doing some vandalism reversion sorta manually for a while, but Huggle takes this process and adds crack. After about 45 minutes or so on Huggle, I reverted something like 300 vandalisms.
Little did I know that I had stumbled into the hornets nest. I was reverting entries that had been chosen for vandalism by people on a certain website known for being, well, to use a term found liberally on that website, asshats (hint: this is not the "goon" website, but the other one). They decided to go after me. I'm told by another Wikipedia person that they posted all kinds of personal stuff about me -- as evidenced by the number of hits to my photo blog that the tracker said came from either Wikipedia, Facebook, or the website in question between 11:00pm and 4:00am (haha, they made money for me thanks to Google Adsense!!).
But these particular asshats are the kind that would probably like to retaliate, and with that in mind, I decided that I needed to dial up the level of vigilance on my identity protection. I signed myself and my wife up for a LifeLock account to supplement the other services I have in place.
If you know me, you probably know that I consider myself somewhat left of the political center. Not crazy-out-there-left, but certainly closer to Jon Stewart than Bill O'Reilly. So, imagine my surprise when I found out that there is a big boycott of the Glenn Beck show, and, damn it, I have given business to two of the last 13 advertisers he has.
I guess it makes sense, both of these businesses are easy sells to people who are scared, and noone scares people like Glenn Beck. The same people who are going to dump everything into gold because the evil socialist facist Nazi is going to bankrupt us and send us into a depression are suckers for data backup and identity protection.
I've sent them a couple of carefully worded e-mails to the effect that "you got my money for this period, but no more, and I really feel bad because you are good choices for these services, but I don't want to support (change to really evil looking, blood dripping font) him (back to normal font)."
Two unrelated stories become one interesting scenario
http://www.netwitness.com
First, security firm Netwitness launches an "Oh my God, the world is coming to an end and there is nothing you can do about it unless you buy Netwitness" (They want you to register for the whitepaper, but there are enough references to in the press that you don't REALLY have to if you don't want to) regarding a particularly successful bot, part of the Zeus network that they are calling Kebner.
Now, don't get me wrong -- I really like Netwitness. I wish I had a budget that would allow me to install it, cause being able to mine weeks of network traffic with an intelligent engine to find stuff going on is actually pretty cool.
I digress...
Based on the cache of data that Netwitness claims to have found, there are about 75,000 computers out there part of the botnet. That's 75,000 computers out there who don't even know that they can be taken over at the slightest whim of some nefarious miscreant.
The next thing I saw was this little gem:
http://www.boingboing.net/2010/02/17/school-used-student.html
A school district outside of Philly bought laptop computers for all of their HS students. What the administrators failed to disclose was that there was embedded code that allowed them to activate the webcams on those laptops, even if they were at HOME. The parents got wind of it when a student was disciplined for "improper behavior" (I'm not even sure I want to know what it is), and the vice principal showed them, wait for it, a picture snapped from the webcam. Needless to say, the class action lawsuit has begun.
Ok, let's put these two together...
Of those 75,000 computers, how many of them have webcams attached (like, for example, the vast majority of newer laptops)? It seems to me to be pretty trivial for Mr. Evil-Botnet-Creator to start silently turning on webcams and waiting to find someone in a, shall we say, compromising situation.
The solution -- "adhesive strip bandages" (aka Bandaids). If you have a laptop with a built-in webcam, run, do not walk, to your medicine cabinet and grab a small bandaid. Position it with the pad on the camera (you don't want the adhesive on it, do you?) and you are safe. Remove the bandaid when you want to use the camera, replace it when you are done. Oh wait, that pesky thing had a built in microphone, didn't it. Crap. Haven't got that one figured out yet. If you think of something, put it in the comments!
Subscribe to:
Posts (Atom)