Your GPS And Hackers

According to an article at ITPro, exploits have been found which can lead you down the garden path or misdirect you via the unencrypted data transfer protocols your GPS system uses. To be honest with you, the idea of this is pretty scary because I can see people blindly following the instructions given to them, getting into accidents, trouble, robbed or even killed.

It's quite weird, but the trust some of us have placed in some of the information given to us is quite scary. I was on public transportation just the other day and I overheard a conversation between two college girls. One remarked to the other how she thought the other girl was very lucky because she had been to Cairo, and then went on to explain how Cairo was this holistic and spiritual centre. She then went on to state that she was being silly and of course her friend obviously knew this because they both watched "Charmed" ("What?!!!" my brain screamed). Oh brother. I was laughing so hard I almost wet myself. Is fictional TV what the youth of today are using as sources of 'facts' and knowledge? And is the popular media the source of information which they think is worth putting their faith in? If this is the case, no wonder we're in trouble.

Sometimes maybe the idea of a nanny state doesn't seem so bad.

Paid By Credit Card At TK Maxx?

If you have been to a TK Maxx store and have paid for your items by credit card between July 2005 and December 2006, then I suggest that you check your credit card statements for any unknown or unfamiliar activity.

TK Maxx has said that their systems were first accessed by intruders in July 2005, and then subsequently on several other dates in 2005, and again from mid-May 2006 through to mid-January 2007. They have also indicated that all data posted during December 2006 was secure (I'd check anyway). TK Maxx has also stated that it doesn't know whether any fraudulent use of the stolen data has occurred.

Security is apparently a real issue these days.

Survey Says 1 in 10 Britons Victims Of Online Fraud

The results of a recent survey conducted in the UK show that one in ten Britons have been victims of online fraud. I'm guessing that this survey, which interviewed only 2600 people, is like many polls — highly suspect and not necessarily representative. On the other hand, and more interesting than the poll itself, it seems that many of these people who were polled were stupid enough to use only one password on all the sites they visit. Come on folks, that's like leaving the keys to your car on a post outside your house.

(Ed. Note: If there are that many bad passwords out there, maybe the 1 in 10 result isn't so suspect after all?)

Gozi Might Get You (or maybe it already did?)

A new internet trojan called Gozi was detected earlier this year. It's news because this one was and remains particularly nasty. The trojan was originally designed using state-of-the-art techniqes to infect Windows PCs through Internet Explorer 6, gathering personal financial information from mostly home-based computers. According to security research reports, apparently none of the security companies knew of Gozi's existence for as long as 50 days after it was first deployed in the wild. The St. Petersburg, Russia server (to which data is still being sent evidently) was fully set up with a sophisticated database to organize the information, a graphical user interface for crooks to purchase the information, and some other functionality. Most of this stuff has reportedly been disabled now and the database no longer appears to be on the server. More information here and here. Identity theft is not fun.

Details of the Trojan and the stolen information were uncovered in January by Don Jackson, a security researcher at SecureWorks Inc., an Atlanta, GA based managed security service provider. Jackson noted that there are at least two more known variants of Gozi, meaning new attacks are likely. Maybe the Gozi authors are having some trouble cracking Internet Explorer 7? Let's hope the companies which develop and update our security software do a better job at finding out about and protecting us against the Gozi variants which are undoubtedly going to appear soon (if they haven't already).

Now for the good news (not really). Because the server was only 'disabled' as of March 12, check your bank statements for October, November and December 2006, and for January, February and March 2007. The same goes for credit card statements. You are checking this stuff every month anyway, aren't you? If you did get caught caught by Gozi, you probably should review the risk inherent in some of the web sites you've been visiting.

The Digital Divide - No Big Deal

In the UK, Tech pundits are shaking their heads at the possibility that a third of Britons have not been online. I'm not so bothered, not everyone is beguiled or even enthralled at the idea of going online. In fact many of these folks, will probably be quite happy to spend the rest of their lives without doing so. So, why are these pundits bothered? Milestones and medals — they want to be able to pin a big fat piece of metal on their collective chest, or maybe grab a knighthood in return for the 'achievement' of actually being able to say that 100 percent of the population in the UK are cybersurfers. The real problem is confidence and ease of use. With many manufacturers not taking real pains to make their solutions easy to use and the ever present threat of viruses, spyware, identity theft and other dangers, I can't say I blame people for their lack of confidence in the Internet.

The onus is also on us tech heads to get our heads out of the clouds and to take more seriously our job of producing technology that is useful and usable. We don't need any more people wearing white coats and trying to baffle us with buzzwords. We also need more effort from manufacturers at some kind of standardization, rather than the constant battles over new media, file formats and proposed standards. If you want people to embrace and use technology you have to make it both easy and safe to use.

Stolen Laptops, Identity Theft And Other Evils

In recent months a number of laptop thefts have left some high profile organisations particularly vulnerable. Laptops are amongst the most easy and also highly targeted hardware items. So why when this is the case do we still find individuals who insist on storing sensitive data on these devices. Especially when we can get easy access to secure network protocols and fast internet connectivity. The kinds of organizations that hold sensitive private data should be able to afford the kind of protection that current security measures and technologies provide. It should be illegal for these companies and organizations to allow such potential breaches and dangerous storage of private and sensitive information. Is your data safe?

Microsoft Securty Patch Blitz On Tuesday

Microsoft has plans to release a dozen security patches on Tuesday. The patches include about four "critical" patches. These patches usually deal with security issues which could allow an attacker to gain full control of affected systems with no or minimal action by the user.

Microsoft stated that critical fixes are lined up for Windows, Office, MDAC and the security tools. They have provided no further details on the problems being fixed, other than that some of the updates may require a system restart.

Make sure you get yours...