Archive for November, 2005

Be careful what you click on!

Wednesday, November 30th, 2005

Remember the foolish announcement made by the UK security company [tag]Computer Terrorism[/tag] about an [tag]Internet Explorer[/tag] [tag]vulnerability[/tag]?  Well, now it seems that there's an exploit in the wild.  This is what happens when a company makes an irresponsible disclosure.  A [tag]Microsoft[/tag] advisory appears here.

It was bound to happen and as yet there's no patch for the vulnerability (although if you want to protect yourself, I've posted details on how you can do that here).

More info on Security Fix

Google is watching you!

Wednesday, November 30th, 2005

Bruce [tag]Schneier[/tag] uncovers some interesting articles on how [tag]Google[/tag] collects information about you and your searches and the impact that could have on [tag]privacy[/tag].

If anyone is collecting information, there is a reason why they're doing it and no matter how many guarantees they give you now about how that information is used, if it's kept, it's there in the future if the company decides to change the rules on you (it's also there waiting to be stolen too, I guess).

Russinovich joins class action legal team

Wednesday, November 30th, 2005

According to the Washington Post, Mark [tag]Russinovich[/tag] or [tag]Sysinternals[/tag], the guy that broke the news of the [tag]Sony BMG[/tag] [tag]rootkit[/tag], it to join the class action legal team who filed a lawsuit against Sony BMG earlier this month.

Good news!  Russinovich is just the kind of tech guy they need on board to make this work.

As a side note, it looks like [tag]First4Internet[/tag]'s website is looking, well, different to how it did a few weeks ago - there's very little information at all there now about the company or their products.  Gone is all the horn-blowing that was up earlier this month.  Maybe it's an update (I doubt it, I think they have more on their minds than a site update) or maybe it's a sign of them distancing themselves from the whole XCP mess.  There is however a lot more info over on http://www.[tag]xcp[/tag]-aurora.com/ for you to look through.

Mailing list

Wednesday, November 30th, 2005

This blog is seven months old and has grown at a speed that I simply couldn't have dreamt of - I have tens of thousands of visitors every week and a few thousand regular readers.  When I started this blog I never expected it to have grown so fast - I thank you all for visiting and sending me messages!

With this in mind, I have a new feature to announce.  Coming real soon - the PC Doctor mailing list.  This will be another way for you to keep in touch with things that go on here.  I will be rolling this out across both this site and http://vista.pcdoctor-guide.com.

What am I going to use the mailing list for?  Well, here are a few things that spring to mind:

  • A summary of the hottest posts
  • PC Doctor news
  • Prizes and giveaways

I won't be bombarding you with email - my plan is for an email every couple of weeks, no more and you will be able to unsubscribe at any time (and your email address won't be disclosed to others - that's a PC Doctor cast-iron guarantee!

Watch this space!

Thinking like a phish

Wednesday, November 30th, 2005

One of the best defenses against threats like phishing is to think like a phish and if you want to think like a phish the best place to start is by asking yourself the question "what do I/others really want to hear in an email?" or better still "what kind of think might you not question if they read it in an email?".  Well, here's one that I thought of a while back - an IRS refund of $571.  It's so simple.  And the timing is perfect too - with the Holiday season in full swing. The time limit is there to give a sense of urgency - no time to think, gotta visit the site and claim your $$$.

From: tax-returns@irs.gov <tax -returns@irs.gov>
Reply-To: no-reply-2005@66.34.46.216
To: my email
Date: Nov 26, 2005 12:16 PM
Subject: [IRS] Tax Refund

You are eligible to recieve a tax refund for $571.94.

To access the form for your tax return use the link below:

http://www.govbenefits.gov/govbenefits/externalLink.jhtml?url={edited for safety}
(copy and paste this link in your browser address bar)

12 days left to apply for your refund. You may not receive your refund as quickly as you expected. A refund can be delayed for a variety of reasons. For example, a name and Social Security number listed on the tax return may not match the IRS records. You may have failed to electronically sign the return or applied after the deadline.

This email has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

It's so simple.  And the timing is perfect too - with the Holiday season in full swing. The time limit is there to give a sense of urgency - no time to think, gotta visit the site and claim your $$$. This whole scam is made even more convincing by the dumb system that someone in charge at Govbenefit.gov put in place - a link forwarder.

More info on the Sophos website.

How can you tell it's a scam?  Well, the site asks for your credit card info!