Author and IT Consultant since 1986

ABC’s new revamp of the sci-fi show “V” is set to debut in November. It has all the earmarks of a good science fiction drama series: aliens from outer space, strong characters, mysteries, and the underlying question, “are they as benevolent as they seem, or is there some underlying evil purpose they’re hiding?”

So, why am I not excited about it? I love science fiction, after all. The answer lies within ABC’s history. These same traits were present in an earlier ABC show, “Invasion.” Invasion was the first series to appear on TV in years that I was actually committed to watching every week. I, like millions of other fans, were shocked by ABC’s announcement canceling the show. Apparently, Invasion hadn’t done a good enough job of retaining the massive audience garnered by Lost, which it immediately followed. Even though it outperformed many other shows in ratings, rather than shift time slots and cancel something else, they canned Invasion.

I joined the multitude of viewers who cried “foul!” We sent letters and emails, signed petitions, and even tried to influence the Sci Fi channel (now called “SyFy”) when they briefly considered picking up the show from ABC. In desperation, we begged ABC to at least film a special final episode, closing the loop on some of the unanswered questions that the series left dangling. All for naught. Our protests fell on deaf ears, our petitions ignored, our emails unanswered (except for the occasional canned response).

Been There, Done That
So why should I get all fired up over this new series? Just to have the ABC execs yank the rug out from under me again? No thanks. I’ll stick to watching the occasional episode of heroes on NBC, and watching on-demand versions of Stargate Universe and (yes, I admit it) Warehouse 13 on SyFy.

One common objection people cite when discussing a switch from Windows to GNU/Linux (or FreeBSD, OpenBSD, etc.) is the fact that none of their programs work there. They’ve been led to believe that the programs they’re using are the only ones they can use, usually because of a work or school requirement.  Sometimes, they just don’t want to have to learn to use new software.  The fact is, most of the free software available for Linux also runs on Windows.  Another point is the fact that most of the productivity / office software available for free can import and export files usable by Microsoft Office, or offer even higher degrees of compatibility.

To ease the transition from Windows to Linux, users can start implementing the open-source alternatives to commercial software while staying within the Windows operating system.  As they master each piece of software, they can adopt the next one, until they’ve completely weaned themselves from the commercial variants. [click to continue...]

I previously reported that I had become a contributing writer on Suite 101. For my first article, I decided to summarize some of the Best Free Encryption options available for computer users.  I covered the pros and cons of Encrypting File System (EFS), TrueCrypt, and GnuPG.  Here’s the quick rundown:

• EFS: OK for Windows users who aren’t using a home / basic edition of Windows.  Can’t encrypt on removable devices.
• TrueCrypt: Good for encrypting not only sections of the hard drive (or entire partitions), but also removable media like thumb drives, CDs, etc.  Encrypted emails possible, but not ideal.
• GnuPG: Best for end-to-end encryption of data at rest and in transit (via email or IM).  Most complex to set up, but messages can only be decrypted and read by the intended recipient.

For download links and full details, please check out the entire article.

Various security vendors are reporting a significant drop in the percentage of emails comprising phishing attacks lately.  For example, Kaspersky Labs noted a 37% drop from 1st quarter to 2nd quarter this year.  They attribute the drop to better security tools like spam filters, and anti-phishing technology showing up in the latest browsers.  I’d like to think it also has something to do with the Internet’s user base getting smarter about phishing and other types of on-line fraud.

The news is welcome, to be sure.  The trouble is, the cyber criminals aren’t just giving up because phishing has become less profitable.  Most of them are turning to more sophisticated “crimeware” in order to swindle you out of your hard-earned money.   If they can’t trick you into giving them your bank account number and passwords, then they’ll try to get them by using key-loggers and banking trojans.  And these tools are getting more sophisticated all the time.

Recently, security and hacker sites alike are a-buzz about a new botnet control framework called ‘Fragus.’  The features it advertises include encryption (to defeat signature-based anti-malware software),  a sophisticated control interface, customizable exploits, and real-time statistics showing the size and distribution of an operator’s botnet.  Zombie computers controlled by the operator not only are prone to deeper infection as the operator sends more trojans, viruses, etc., but they become conduits, used by the controller to spread the botnet to non-infected PCs.

So, while we can celebrate the drop in spam emails, just remember to keep your security tools up to date, and remain vigilant.  The war against cybercrime is still heating up.

Save 10% on Kaspersky AntiVirus 2010 Instantly!
Instant savings on KAV 1 pc, one year license Digital product Offer Expires 12/04/10

Coupon Code: No Code Needed!

The Apache Foundation shut down several servers last Friday when administrators discovered rogue processes running on one of their machines that serves websites. Investigation revealed that a compromised SSH key on a 3rd party hosting provider allowed attackers to access an account. From there, they were able to create files on an Apache Foundation server, and these files were then propagated to the web servers by automated processes.

A briefing on apache.org gives an overview of the method of attack and the steps administrators took to remove the malicious processes. The page includes the following statements:

“To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.
While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided.“

The Apache admins were able to restore from backup to their web servers, and bring the site back online.  They report that some servers remain offline for further investigation, but that most site functionality has been restored.

The Apache Foundation deserves some applause for being open about the attack and the steps they took to combat it.

One take-away from this incident: protect your private keys.

I’ve been considering joining Suite 101 for a while now, after reading lots of comments on different writers’ forums.  Some found it difficult to join, some found it hard to get articles through the stringent editorial standards, but most agreed that the residual earnings were much better there than on other sites like Associated Content or Helium.

Well, I took the plunge, applied, and was accepted the same day.  I submitted an article the next day.  The second day I received notice that my article was “great” but needed a few revisions.  Namely:

• Break the paragraphs up – ideally close to 75 words
• Add keywords to the subsection headings
• Remove the few occurrences of 2nd person form (”you” and “your”).

Once I made the changes and re-submitted, within one day the article was published.  Now I just have to come up with 9 more articles in the next 3 months, and watch the money start rolling in.  That’s a joke.  But I will report back here whether the articles do indeed earn better on Suite than they do on the other venues where I’m published.

I’m generally surprised when I hear the number of people that fall for Phishing scams.  I mean really, do that many people really think that some corrupt official in some remote country is going to send them millions of dollars?  Less obvious are the ones that try to spoof your bank site or some other institution.  Well, I got one today that I almost fell for.

The email came from ‘mail@online-paypal.com’ – which should have been a dead give-away right there.  The subject was ‘(1 new message).’  The body of the message implied that someone had tried to process a charge against my paypal account, but that the transaction was on hold because it was initiated from a foreign IP address.  There was a link to cancel the transaction.  Of course, my first impression was “Ahah!  Somebody is trying to steal from my account!  Well, I’ll just hit this handy little ‘cancel’ button and put a stop to that!”

I don’t know where the button would have taken me, because at the last moment it dawned on me that paypal doesn’t generally send links in their emails.  Upon close examination I realized the button didn’t link to a paypal domain at all.  I forwarded the email to spoof@email.com, who did indeed confirm that it was a spoof.

The text of the email is as follows (link removed for safety):-

You have initiated a payment for $22.00 USD to info@servage.net.-

Payment details
Amount: $22.00 USD
Transaction ID: 5H633774LW536779Q

Because the payment was made from an foreign ip address, we put the transaction on hold.
To cancel this payment, click here. (this phony link went to pllthdpsec17.com)

Please do not reply to this email.

Email Id: DQ 532 XYONXVVQNMMBWRYWHDULWPGVMVRHOHKYGMIVJY

Hopefully, nobody else is dumb enough to fall for it, like I almost did.

With all the interest lately in the Conficker worm, my friend security evangelist Christopher Spence has set up a simple test on his company blog.  It basically just displays images from 4 of the security companies Conficker blocks.  If you can display the images, you probably are not infected.  Otherwise, there is a link to Kaspersky’s Conficker removal tool.  Visit Christopher’s Conficker Test page.

I’ve recently received an email saying “Congratulations — you have been chosen by IPED current constituents to become a member of the prestigious Partner Advisory Board exclusively for solution providers. ” It goes on to say that by by participating, I’ll have access to unreleased research information, plus be eligible for other rewards, including gift certificates from Best Buy. To participate, I have to complete surveys on topics like Software Infrastructure, Storage, Security, Systems, etc.

The Advisory Board is hosted by UBM’s Institute for Partner Education & Development (IPED). While I want to feel honored, I keep thinking there’s less to this than meets the eye. A search on the internet only turned up the hosts websites, plus a couple of press releases from companies I’ve never heard of announcing the fact that they’ve been selected to serve on the board.

This is the third or fourth such invitation I’ve received. Maybe this time I’ll follow up on it and see where it leads. If I do, I’ll report my findings here.