Welcome to the Geek Choice Blog

There are reports today from many technology news sources and others like the Wall Street Journal that Google has been getting through the privacy settings of people using Apple’s Safari web browser on their iPhones and computers. Apparently they used a specific code that would trick the web browser software into letting them be able to monitor the users. The most interesting part of all of this is that Safari is set by default to block the type of tracking Google was doing. The code was actually found by a researcher from Stanford, Jonathan Mayer. Although Google is not alone is this, there are other companies reported by the WSJ to have used techniques like this. Apple is currently working on these work around and will work vigorously to put a stop to this privacy workaround. Most think this work around is used for Google to get a leg up in the social media game or is Google trying to poke holes into Apple’s phone software to show that Droids are better choice. What do you think people?

So as we know the iPad and iPhones have been pretty clean from getting malware and things of that nature. However now a Mac hacker by the name of Charlie Miller found a way to get a bad app into your phone right under Apple’s nose. Apparently Miller is going to present a method that exploits a flow in Apples restriction on code signing on iOS devices at the SysCan conference in Taiwan next week. Miller actually planted a sleeper app in the app store to demonstrate this trick, an app can actually phone home to a remote pc that downloads new unapproved commands onto the device and executes them at will, including stealing photos, reading contacts, make the phone vibrate or play sounds or re-purposing normal iOS app functions for malicious gain. “Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Here is the video that will demonstrate the security vulnerability:

Microsoft’s popular free antivirus program Security Essentials has put in a mediocre showing in the latest quarterly tests from German test outfit AV-Test.org, finishing second to the bottom out of 22 products.
In Q1 2011 Security Essentials 2.0 (MSE) performed well at the least demanding test, that of spotting malware drawn from the industry-agreed Wildlist selection, scoring 100 percent. It also put in a good performance against a large group of recent malware samples selected by AV-Test itself, with a creditable score of 97 percent detection.
The product’s performance deteriorated sharply when pitted against 107 recent zero-day malware web and email malware attacks, described by AV-Test as ‘real-world’ testing’, spotting only half. The product’s performance in ‘dynamic detection testing’ – noticing malware on or post-execution – was also modest at only 45 percent.
The top-scoring product in the tests was BitDefender’s Internet Security Suite 2011, with a maximum weighted score of 6.0 across all tests, ahead of BullGuard Internet Security 10, F-Secure Internet Security 2011, and Kaspersky Internet Security 2011, all on 5.5. MSE scored 2.5, ahead of only one product, CA Internet Security Suite 2011.

A lot of the reason we see people buying Mac’s over PC’s is not just because of its ease of use but also because it has been virus free for the most part. Well now that might start to change as there are reports out there that a backdoor Trojan is floating around. The Trojan is a variant of a well known remote access Trojan *RAT*, it is known in Windows as the darkComet. It has come to be known on the MAC as the Blackhole RAT. The problem that can happen with Mac users is the Black Hole name is already being used by legitimate application that will increase security on your Mac. It helps you get rid of sensitive information like recently used file lists, data that is on the clipboard and much more.

It has been known to do these types of things to your PC:
Place text files on your desktop
Sending URLs to the client to open a website
Sending a restart, shutdown or a sleep command
Running arbitrary shell commands
Obstructing what you are doing by placing a full screen window with a message that only allows for you to click a reboot option only
Possible the worst of them all, using a pop up fake admin password window to try and phish out your password

It looks this Trojan is able to get on your system main through pirated software downloads, torrent sites, or anywhere you may download applications that need to be installed. So be careful where you download your applications.

When we used a dial-up connection to the Internet, security was not a significant problem. With today’s “always on” broadband connections, security has become a major concern. This discussion applies only to broadband connections like DSL or cable modem connections. Many broadband connections come with a router built in to the modem.

If the box that came from the telephone company or cable company has more than one plug that looks like a wide telephone jack, chances are that you have a built in router.

This is what a DSL Modem/Router looks like from the back.

To check your computer’s security, go to Hacker Watch for a free security check.

To secure your computer, the first thing you need is a router. Every router has a hardware firewall. A router is the only device to appear on the Internet, and the router is a dumb device with no important data. Without a router, your computer is on the Internet, and there is important data on it. There are software firewalls but they are not nearly as effective as a routers hardware firewall. The built in firewall in Windows XP is particularly ineffective.

A router is not expensive, and it’s easy to connect. There are two basic types of routers: wired and wireless. A wired router may be purchased for as little as $10, while a wireless router for as little as $30. Every wireless router also has wired connections – usually 4 wired connections. For current prices, check your local office supply store.

A router connects with standard Ethernet connectors, sometimes called Category 5 Patch Cables. It simply connects between your cable or DSL modem and the computer. Some early modems connected with a USB connector instead of Ethernet. If you have one of these, call your DSL or cable provider and they will replace it. Many DSL modems have both USB and Ethernet connections. If yours is connected with USB but the modem has both USB and Ethernet connectors, you just need to find the original box – there will be an Ethernet cable in it, or you can buy one at any office supply store for about $5.

If you have a cable connection and a wired router, you’re done. If you have DSL, there is one more step.

Since DSL uses your telephone line, there are more than one ISP’s on the line. A DSL connection has to connect to the right ISP. You will have to uninstall the connection software that came with the DSL package and tell the router how to connect. To uninstall the connection software, click on “Start”, click on “Settings”, click on “Control Panel”, click on “Add/Remove Programs”. Find the software that came with DSL modem and remove it. To tell your router how to connect, bring up your web browser (usually Internet Explorer) and go to 192.168.1.1. That is the standard router address. If that address does not work, find the address of your router in the router manual. Also find the router password. You now need to define the connection type. It will be called DSL or PPPoE. Select that type of connection and enter your DSL account name and password from the paperwork that came with your DSL package. You’re done for a wired router.

If you have a wireless router, there is another step.

Since a wireless router broadcasts a signal over the air, it should be secured through encryption. The signal can travel about 300 feet under ideal conditions. Also, the router password should be changed to prevent a hacker from taking over your router. Standard passwords are well known. If you choose not to secure the signal, someone could park in front of your house, and hack into your system or download hours of illegal music and you would be liable.

To secure your wireless router, you need to activate WEP, WPA, WPA2 or encryption. Every router is a bit different, so check the router manual for instructions. You can also turn off wireless operation and use the router as a wired router.

The reason we secure a wireless network is to stop people from using the services of our network who don’t have permission to utilize them. It is harder to secure a wireless network from hackers as compared to a classic wired network. This is due to the fact that a wireless network can be accessed anywhere inside the range of its antenna.

In order to secure a wireless network from hackers, we should take proper steps to save ourselves against security issues. If you don’t secure a wireless network from hackers, you might end up without its service. The consequence might also include the utilization of our network to attack further networks. To secure a wireless network from hackers, you should follow these simple wireless networking tips.

The first thing you have to do is to position the access point’s antenna in a place which restricts the range of its signal to go further than the required area. You should not put the antenna close to a window because glass can’t obstruct its signals. Place it in a central location of the building.

But you can go even further.

Use WEP:

WEP stands for Wireless encryption protocol.  It’s a customary technique for encrypting traffic on a wireless network. You should never skip it as that will allow hackers to get instant access to the traffic over a wireless network.

Change the SSID, disable the broadcast of SSID:

SSID stands for service set identifier.  It is the recognition thread utilized by the wireless access point due to which the customers are capable of starting connections. For every wireless access point arranged, select an exclusive as well as unique SSID. Also, if it’s attainable, hold back the broadcast of the SSID out over the antenna. It won\t appear in the listing of offered networks, while being able to provide services as usual.

Disable DHCP:

By doing this, the hackers will have to decode the TCP/IP parameters, subnet mask as well as the IP address in order to hack your wireless network.

Disable or modify SNMP settings:

Change the private as well as public community settings of SNMP. You can also just disable it. Otherwise the hackers will be able to utilize SNMP to get significant info regarding your wireless network.

Utilize access lists:

For additional security of your wireless network, and if your access point support this feature, employ an access list. An access list lets us determine precisely which machinery is permitted to attach to an access point. The access points which include the access list can employ trivial file transfer protocol (TFTP) now and then in order to download modernized lists to steer clear of hackers.

Wi-Fi and other wireless connections are all open to attack from outsiders and hackers. With this new and easy internet comes new and threatening risks. Hackers can get into your information and find out everything about you, including financial and personal, things you do not want out in the open.

By taking these steps, you can make sure that hackers stay on the outside.

It is like catching the cold virus, it is spread by other people through bacteria, reproducing until the system is infected and sick. No one wants a virus, it does not feel good, and they restrict your activity as well as keep people at a distance from you. The computer virus acts much like the biological virus in that it has the same effects, only it infects files and spreads electronically. In this article I will define the virus, explain how it spreads, and how to tell the difference between a virus and other forms of attacks.

The basic definition of a virus is a series of written instructions in a computer program that is designed to reproduce and infect another computer. It is programming code that’s purpose is to destroy another program. Most of the time a user will not realize that they have a virus because they can take the form of a regular program, or hide deep in your system files unbeknownst to anyone it is there.

Anti-virus programs have been fighting a never-ending battle with hackers, people who want to rip off and spread chaos throughout people’s computers. How do they spread? A real computer virus can only be spread by a human who inserts it into the target computer himself via floppy or disc, or even sending it over the internet.

The first “wild” virus, that is, a virus that appeared out of the computer lab back in the 70′s, actually attacked the Apple DOS system. Back then, the only way to really create a virus and have it spread was through hands-on work like inserting a floppy disk into a computer.

Viruses spread when they are attached to the .exe or executable file. Say you want to open a program that has been on your computer for a while, you trust it to work properly and it does. But a hacker hooks a virus to the .exe file that the next time you open the program the virus takes effect, damaging the files and ruining the program.

That is the main idea of a computer virus, to attach to a file (cell) and jumping to other files like it, until the computer is no longer usable. At Geek Choice calls come in about viruses or recovering a computer from an attack. So what can you do about it to prevent your computer even further than the anti-virus protection is.

When in doubt, and when your computer is definitely infected, choose the System Restore that was explained earlier in the November blogs. This will turn back the clock to a time when  your computer was not infected. But hackers are getting smarter, making their viruses disable the Control Panel, or messing with the System Restore so that the computer gets restored to the same day the virus started.

The difference between the virus and other programs like adware, spyware, and malware, is that the virus spreads and reproduces. It is a catch-all phrase for all the bad stuff that happens on a computer. When something starts to go wrong, people think virus because it makes sense. But knowing exactly what is wrong with your computer can allow whoever you ask to fix it to do it faster and perhaps recover the files.

Here at Geek Choice we see it happen all the time. People call in asking for help recovering their email or even their log-in so they can access the computer, because the evil hacker guessed “monkey” and got it right. Stop these weasels before they really do some damage to your email or computer.

A computer security company called Duo Security ran a decryption of hundreds of thousands of passwords and was able to crack everyone of them, simply because they were “weak”. A weak password contains only letters and numbers, sure mixing them up with alphanumerals is good, but not enough.

Passwords seem like something to get it out of the way so you can sign up or log in fast. This attitude can prove to be fatal, as hackers can just as easily decrypt passwords like Duo did, but with evil intentions reek havoc on your personal files.

Some of the accounts that Duo cracked into were from federal and state government agencies, with employees providing weak passwords, anyone with a knowledge of hacking could have access to confidential information that is very valuable. If you think your email was one of the ones tested, go to this Web-based tool to find out just type in your email address.

Personally I used to just put in a funny name or something relevant to my life that I could remember. I learned quickly that it is not what I can remember, but what someone who wants to access my files remembers. Now I am being safe by using letters, a symbol or two, and a number. This is the safest bet to ensure that hackers will at least have a harder time trying to get in.

The most common ways of hackers is to guess:

• the user’s name or login name
• the name of a significant other, a friend, relative or pet
• birthplace or date of birth, or a friend’s, or a relative’s
• automobile license plate number, or a friend’s, or a relative’s
• office number, residence number or most commonly, their mobile number.
• a name of a celebrity they like
• a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
• a swear or curse word

If you use the last one on this list, you might as well deserve to be hacked into and destroyed. But for the rest of you out there enjoying the a small sense of security when you login to accounts such as PayPal, online banking, or online stores with saved credit card information, it is time to open your eyes to the big picture. You know, the one where you are hiding in the corner because all your information was hacked into and used to buy all sorts of lewd and unexplainable items. This is something you could have avoided if you had heeded the advice given at Geek Choice Blogs and changed the password to something like: ilovegeeks@123

It can’t hurt, but it will if you are not smart and leave the password at: “iamamonkey”

Remember Monty Python’s Flying Circus? One of the skits is done in a cafe where the only item on the menu is Spam. “Spam! Spam! Spam! Spam! Lovely Spam! Wonderful Spam!” sang the Viking patrons at the cafe. That is where all that nasty lunch meat reference of an annoying computer scam comes from.

Not many people are big fans of a can of Spam, there are some who enjoy the taste, but I do not know of anyone who likes electronic spam. Spam is spread out all over the internet and is designed to attack computers gathering information, data, or just giving them viruses. It began back in the 90′s with the use of email, spammers sending out thousands of bogus emails. Email providers even had to get a service that detected spam and sent it to a separate folder. But even that is not keeping out the crap as spammers find new ways to infiltrate and bypass security systems to annoy you even more.

I read in a message that a person had 493 messages that were spam, wow.

Today, botnets are software agents that run by themselves and are independent once they are set up by a hacker or spammer. They are sent out through distributed systems, systems that are autonomous and communicate with other computers in a network. Hence the name: ‘roBOT NETwork’. These robots are designed to infect your computer with trojans, worms, and other malicious wares.

In fact, the email botnets send out so much spam equaling 85-90% of all messages send and received!

Spam does not stop at emails, they reach out to instant messaging, social media such as Myspace and Facebook, and even blogs like Geek Choice. I cannot tell you how many spam comments I get with bogus links to websites or just random words to fill and clutter the inbox.

The number of spam messages for the United States reached 6.6  Trillion this past year, they were second only to Brasil with 7.7 Trillion, and India came in third with 3.6 Trillion.

This is a costly business, spam means manpower, loss of productivity, and additional equipment and software, in 2007 the United States spent $13 Billion alone on combating it. What can you do at home to fight back against these bots? Not a whole lot.

These botnets are so numerous to name, trying to will give you a headache, which is exactly why they are designed. The infected computers, called “zombies”, send out all those annoying emails about Viagra or Cialis, or new products, or a girl who wants  to have sex with you(check to make sure it might be a real one).

You might not even know it, but your computer could be infected and be sending out messages! Once the virus is installed, the “botmaster” can control is from anywhere. Recently a botnet named Rustock has become the biggest of the bots, controlling over one million bots sending out over 44 billion spam messages a day(Symantec study).

They are getting harder to detect too. These new botnets can be detected right away with the security softwares, so they are switching from carrying bulk messages to carrying smaller amounts so they can slip right by and into your inbox.

Bottom line, there will always be spam sent out in the billions every day. It is a fact of life, as long as internet exists, so will spam. Yum!

It does not come soon enough, this holy holiday, when depression rates soar and stress doubles during a a few months in the winter; yes, Christmas is here!

We all know shopping is done and the gifts are bought for our kids, friends, and loved ones, but this year it seems everyone is going online to shop. This brings up new threats to your security and new ways for those pesky thieves to get your money. Here are ways to protect against them and make sure the season is as jolly as it should be.

If you have kept on the blogs at Geek Choice, you are one step above everyone who has not, because you know about phishing attacks. These are fake websites that grab your info without you even knowing it, usually by clicking on a link that goes to a website set-up by a hacker. During the holiday season, these attacks increase ten fold because people are ignorant to phishing, thus making it easy to hack into your credit or debit card information as they surf and shop. Be careful, be aware, check the URL that loads from a link on website or email-make sure it matches what the address bar says.

While you are looking for the coolest toy or newest video game that your kid just has to have, before you fill out the form of payment with your credit card information, check the website for signs that verify that it is secure. First look at the address bar, look at the beginning of the address: if it has HTTPS you are good. Also look on the bottom of your browser, it usually has a locked padlock to show that it is secure. Most big sites like Amazon, EB Games, and Best Buy actually have certificates of security on their sites.

Here is a good one, forget using debit cards unless you are okay with putting information such as access to your bank account. Use credit cards.

There are certain security questions that a site might ask you, like where you have previously lived, answer them. These are designed to make sure you are who you say your are.

Attacks happen all the time on the internet, you may think it won’t happen to you, until it happens and ‘what are you gonna do’ is all you can say. Don’t be that schmuck, take action. Arm yourself with sufficient facts that will keep you safe this holiday season. When you are spending all that money on things that will probably become trash in a couple years, remember that there are people out there with the means and the will to access your information. But they cannot if you know what to look for.

That is our goal, my goal in this blog, to educate the masses of people out there of the risks posed by the internet. It is a scary world today, and today’s world is online, so what are you doing to protect yourself?