Daily Bits

Security

Pirates Under Attack

by

The Pirate Bay is arguably the best known file sharing web site today. This group has risen to fame over the years due to their service of providing millions of users around the world with all sorts of files – many of them considered to be illegally shared. There was a time when The Pirate Bay was taken down and was temporarily “closed.”

Recently, it has been quite active again, with users continuing their file sharing activities. This time, though, The Pirate Bay came under attack – from a different source. A group of researchers from Argentina took it upon themselves to show the vulnerability of the site.

What they did was to hack into the system, compromising the data of more than 4 million registered users of The Pirate Bay. The group announced its “feat” in their blog, Insilence.biz, and went one step further by outlining the specific details of how they did it. This is what they have to say:

As any other website, as any other system or mechanism, www.thepiratebay.org has robust parts and soft spots. We [believe] that the people behind this [community] always acted with the local laws on their side, and so have we. The community caused problems to huge companies and corporations[,] which turned into threats between this companies and them. What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn’t anything out of the ordinary…

Just like many of the commenters in their blog, I do not totally understand why they hacked the site. Perhaps it was out of a twisted sense of justice? What do you think about this move? Is it justified or is it a mere publicity stunt?

Originally posted on July 15, 2010 @ 1:00 pm

Stay Safe On XP SP 2 After July 13

by

If you haven’t already heard, tomorrow is quite an important day for Microsoft Windows XP Service Pack 2 users. After tomorrow, Microsoft will no longer be providing automatic security updates for this version of their operating system. More information about this in my post last month.

If you’re really concerned about this issue, the easiest fix is to ditch XP, right? But it is totally understandable if you do not want to do that just yet. More so, there are ways by which you can continue to enjoy a relative degree of security while continuing to use XP SP2. Here are some tips.

Stick to XP, but upgrade to XP SP3. This version will continue to receive automatic updates till August of 2014 – that’s a long way off. You can either download and install SP3 using Windows Update, download a disc image (for use in more than one machine), or buy the installation CD (only $3.99).

If you really want to continue using XP2, here’s a simple fix that can increase your security: stop using Internet Explorer, if you haven’t already. I know very few people who continue to use this Internet browser for so many practical reasons. If I were you, I’d go with Chrome of Firefox (which has a new beta, by the way).

Here’s a no brainer – make sure your anti-virus software is up-to-date and reliable. This is assuming that you already have one installed. Even the free ones are pretty good, and they usually prompt you for updates anyway.

Originally posted on July 12, 2010 @ 1:58 pm

Security Tips When Using Public Wi-Fi

by

It’s a dream coming true, isn’t it? Most places you go nowadays, you can access the Internet via Wi-Fi. Most cafes are following the trend – even Starbucks, which has been resistant for quite some time. In some cities, the coverage is especially wide.

While this is pretty convenient for all of us, we should realize that using public Wi-Fi isn’t exactly the safest thing to do. Still, as long as you don’t access and transmit sensitive information, right? You might be wrong there – you cannot deny that there are many ways by which you can be prone to security issues when using Wi-Fi. With a little vigilance, though, you can make your access a little more secure.

Always use SSL, if possible.

That is, use HTTPS instead of HTTP. For example, when accessing Google, key in https://www.google.com/ instead of http://www.google.com/. The good news is that this is where Google is headed anyway. If you take a closer look, Gmail already uses HTTPS as a default. To make it even easier, check out HTTPS Everywhere, an add-on for Firefox.

Make sure your sharing settings are secure.

In other words, turn off all sharing! If you’re like me, you have certain files and folders that are shared for use at home. When you go out and use public Wi-Fi, however, it is better of you turn sharing off. How to do this? Go to Network and Internet -> Network and Sharing Center, then click Choose Homegroup and Sharing Options -> Change Advanced Sharing Settings.

Double check your firewall.

Sometimes, for one reason or another, I turn off my firewall at home. I don’t exactly remember the reasons, but I am pretty sure they were convincing at that time. Don’t take it for granted – operating systems come with basic firewall setups, but they can be your very first line of defense.

Originally posted on July 2, 2010 @ 1:40 pm

Cyber Security Bill Approved, Feared By Many

by

The Internet has become so big that the government just can’t seem to “ignore” it. In fact, laws have been cropping up left and right, so as to impose some measure of control over activities online. The most recent one is the Cyber Security Bill which the Senate Committee has just approved.

If you’re unaware of what the bill is all about, here’s a short description, courtesy of Politic365:

• Would establish a White House office for cyberspace policy and a national center for cybersecurity and communications, which would work with private U.S. companies to create cybersecurity requirements for the electrical grid, telecommunication networks and other critical “infrastructure” (water, electricity, banking, traffic lights and electronic health records)
• Allow the U.S. president to take emergency action to protect critical parts of the Internet, including ordering owners of critical infrastructure to implement emergency response plans during a cyber emergency
• The president would need congressional approval to extend a national cyber emergency beyond 120 days under an amendment to the legislation approved by the committee

Naturally, controversy has arisen, primarily because of the fear of the creation of an “Internet kill switch.” Imagine the power that any one person has if he has access to this kill switch. You can read through the Myth versus Reality document that Homeland Security has created, though, and decide for yourself if your fears are unfounded or not.

On the one hand, the concept seems sound – an attack is bound to happen one of these days and the government is being proactive in passing this bill. On the other hand, we know that it is open to abuse, and there are so many loopholes.

What are your thoughts and sentiments on the Cyber Security Bill?

Originally posted on June 29, 2010 @ 1:44 pm

No More Windows XP SP 2 Updates After July 13

by

Mark the date on your calendars, people! After July 13 of this year, Microsoft will stop rolling out updates for the stable operating system Windows XP Service Pack 2. News reports have not stopped sprouting left and right about the decision of the software giant to stop offering extended support for this particular operating system; and by no means are they rumors – the cessation of the support is confirmed.

Foremost of those who are worried are corporate clients who use Microsoft XP SP2 for many of their business computers. What is to happen if they stop getting those updates?

Experts say that while the news might initially be alarming, there really is nothing to worry about. The fact of the matter is that Microsoft XP SP2 will continue to be stable and secure in spite of updates not being offered in the future. More so, it really is only the 32-bit version of XP SP2 that will be affected. Those who are using the 64-bit version will still continue receiving automatic updates – way until April 8, 2014 in fact.

Here’s an added perk: for companies using the 32-bit version, there is the option to upgrade to Service Pack 3 for FREE. Believe it or not, it really is free. So there really is NO problem at all.

Then why is Microsoft stopping the updates for XP SP2? Windows 7 is out, and you know how it is. Pretty soon, XP will not be commonly used at all. In the meantime, hold your horses and don’t press the panic button. There is time enough to enjoy XP (whether it’s SP2 or SP3) and to transition to Windows 7.

Originally posted on June 24, 2010 @ 11:42 am

AT&T Security Breach: iPad Users Beware

by

Boy, am I glad that I am not using an iPad right now! First of all, I really want the iPhone 4 (I think I have posted enough about that baby for now). Second, and more importantly, there seems to be a breach in AT&T’s security system which has affected countless iPad users.

What happened was that the e-mail addresses of some iPad users were exposed. Take a look at this image.

So what happened? There’s this group called Goatse Security, which is composed of hackers and security experts. The Examiner shares what these guys did:

Goatse Security used a PHP script to compile a list of the SIM card IDs in iPad 3Gs. Because the SIM card IDs are sequential, the script helped Goatse Security to determine which were legitimately being used by iPad 3Gs by going down a list of all possible numbers. Then, using additional scripts to masquerade as an iPad-like user agent, Goatse accumulated email addresses and the associated SIM card IDs for many iPad 3G users.

Just how many people have been affected? The estimate is more than 10,000 users! To make it worse, some high profile people were included in the list. Think White House Chief of Staff Rahm Emanuel and New York City Mayor Michael Bloomberg. Then there are other well-knonw people like Diane Sawyer, Harvey Weinstein (movie producer), and Janet Robinson (New York Times CEO).

AT&T has already taken action, and says the breach has been fixed, but no doubt, this will cause a big stir – if it hasn’t already.

Originally posted on June 10, 2010 @ 4:19 pm