This Sounds Dangerous
Almost to the point of “could be incorporated into a dystopian story” dangerous. There’s a second OS in each mobile phone, and it’s not necessarily secure or stable.
Security
Yeah, I Think of Them as Safe Too…
As noted by voluntaryXchange, the preferred malware vector is now PDF files. Which is logical, given their ubiquity and the apparent vulnerability they make available.
I haven’t kept up on these things as much as I might have, since I fell out of being a computer geek for a living.
Cloud Backup Trends
Rob May has a great post at the company blog at Backupify on trends driving cloud backup. It sounds right to me, particularly the parts about data portability, it being managerially smart to prepare for black swans, and users being vastly more the problem than permanent data loss by a cloud provider is likely to be.
It has always irritated me when vendors try to “own” your data. It still happens, but I’d love to think it’s on the wane. In my ill-fated business, one of the key elements and benefits of our not-quite-finished document management software (and associated law firm case management, but the package could be used in other environments, or as a generic/personal doc manager) was that you owned your data and your documents. There was no lock-in. There was an easy ability to locate and access documents directly should the software not be available.
Thus I’ve always loved the data portability angle Rob brought to his startup.
Intentional… Or Malware?
I have run into the scenario of checking an end user’s computer for signs of p0rn, or surfing p0rn sites, and seen ambiguity introduced by popups from sites that are not p0rn per se, or clicks that were unintended and aborted. Obviously, malware can not only cause popups, but also download files nefariously.
This is an extreme cautionary case, in which a worker was fired for child p0rn, had his reputation ruined, faced criminal charges, and was found to be innocent. Tech support completely failed and even helped persecute him. That’s bad.
Upgraded
Talk about feeling watched. No sooner did I remove the rogue links than they were replaced with similar ones off a different college URL.
I dropped everything to upgrade WordPress. Seems to be working so far.
Time to Update WordPress
I came over here to update the blogroll and noticed a funny thing:
Someone was able to hack WordPress in a way that gave them access to the blogroll. No idea when it happened, but the links all redirected through this WordPress blog using a trailing structure in the form of:
?q=cash-loans
At the end of the URL to which I linked. Not sure offhand what the ?q is and how it differs from the ?s format used to return search results. It did the job, anyway, redirecting to an entirely different location. I suspect the blog in question was also victimized and had no active role.
The lesson? This is probably why there have been security-related updates to WordPress that I should have installed periodically. I’m pretty sure none of the WP blogs in our “empire” are fully updated except the newest one. Oops.
The other lesson? If I posted here regularly as I really do plan to, I would notice these things promptly, limiting any benefit accruing from the linkage.
Now multiple WordPress updates are on my list of things that must be done sooner rather than later.
Junction Points
And in the process of showing Wayne Vista and geeking out some more, I noticed that in DOS the hidden folders that can’t be accessed and are in some cases obviously for backward compatibility are labeled [JUNCTION] instead of [DIR]. They are NTFS junction points, which act like folders (or files) but are pointers to other folders (or files). Also, I had set Explorer to show hidden files and folders, but for some reason that didn’t cascade to the user profile folder, so explicitly turning that on made the hidden stuff visible even from Vista in Explorer.
There is a switch for DIR that shows just junctions, so using /AL and /S redirected to a text file with > will give you a list of all of them on the machine.
There’s also a DOS command, MKLINK, for creating junctions. Who knew.
It’s NTFS security that makes the junctions inaccessible. They don’t need to be; they’re shortcuts to something you can get at elsewhere.
Very cool.
Zombie Story
This is a good description of cleaning up a zombie computer that had been completely taken over by trojans and malware.
I always tend to forget the hosts file as a factor in these situation. Then again, I’m not sure I’ve ever encountered one so bad that it was a factor.
Alarm in the Firefox Zone
Via Dean Esmay, disturbing news about Zone Alarm and Firefox. Well, sounds like it’s also about XP SP2.
Secure Downloading
There’s a great discussion, entertainly and religiously tempestuous of course, going on over Firefox and Internet Explorer. Not about the browsers, at least not at first, but about whether the Firefox download can be trusted to be secured and the file you receive and install untampered with.
I’m following the comments in the Wizbang post, in which Kevin laughs at the post by a Microsoft employee that started the debate.
If you take it in the spirit of having pointed out a potential problem with Firefox distribution, it’s worth pondering. If you take it as a silly attempt to scare folks away from Firefox, it really is amusing.
In any event, I can’t recommend Firefox highly enough. It saves hours upon hours of work and boatloads of grief associated with malware that Internet Explorer all but invites onto computers. But hey, IE can be downloaded securely, with certainty you are getting the binaries Microsoft intended.