BeCyberSafe Ltd: Our blog

Our Suspicious Minds...

2006-08-15T00:14:00.000+02:00

...are sometimes not suspicious enough, as it turns out. Knowing what we know and doing what we do, we are generally not surprised even by the most elaborate cyberscams. Like the identity theft perpetrated on several million veterans in the US a little while ago. Lesson learned (for some poor sucker): Use encryption and a decent passphase when dealing with sensitive data.

Ah, but this story is from the news today. Apparently, there is a brisk trade in used hard disks from Western countries to Eastern Europe and Africa - or in this case the UK and Nigeria. And while the disks themselves may of course be stolen, this is generally not the case. Lifting them from any scrapped PC will do nicely. What is the value of a 5 year old computer, anyway?

The real issue, of course, is not the disk, but the information it contains. Bank accounts, credit card numbers, passwords, emails, personal letters, internet searches and any sort of compromising material; it all has value. Huge value, used unscrupously. Which it will be; that is the whole point of this growing international trade.

You should know this already, but in case you do not: Merely deleting information does not remove it from your hard disk, it just makes the space it occupies available for later use. Emails, letters, pictures and any other kind of files can easily be recovered. Sometimes that can be a nuisance, but more often than you care to think it can ruin you. Literally.

Never ever dispose of (scrap, sell or lend) your computer without securely deleting your hard disk first. If you don't now how, let an expert tell you (we are right here). Too cheap even for a next-to-free solution? Use a sledgehammer (provided you can locate the hard disk; smashing the cabinet doesn't do much good except maybe get you committed to mental observation). Run over it with your gasguzzling oversize SUV, finally putting it to some useful work. Set fire to it. Blow it up. Just don't let your PC leave your home or office with your data on the hard disk. Don't do it!

Meantime, you got to hand it to those humans. Their resourcefulness, inventiveness, persistence...even when just coming up with new ways of stealing from their fellow kind. It is quite impressive.

Sucks like a Hoover

2006-06-18T13:02:00.000+02:00

If you are looking for the truly ridiculous, look no further than Austin, Texas. And no, before you ask, we are not going to waste time Bush-bashing right now. 7 million other blogs are already doing that, and rightly so.

Our topic of the day is Ms Tamara Hoover, high school art teacher first and reasonably hot chick second. Her topless art photos on MySpace.com has come to the attention of the school board, who have put her on a leave awaiting her final dismissal.

Some key words here: art class teacher - artistic photos - topless. Not nude, certainly not porn. Turns out only about 10% of the pictures of her are of this variety in any case; the rest are fully clothed. But judge for yourself: This search will take you to 600+ photos of her. Some good, some bad, some interesting, but we'd be hard pressed to find something even mildly arousing. It is apparent though that she is in a relationship with the female photograper, so maybe discrimination of gays is the real issue here. Not that that speaks any better of the school board.

We suppose there are countries where such photos would have implications for someone's job or social standing. Iran, Saudi Arabia and Syria comes to mind...

The reason for mentioning this sad example of misguided morals and anal retentiveness in the BeCyberSafe blog is simply to remind you all that what you put on the net stays on the net for all time and for anyone to see. Ah, and also to offer an ounce of support for freedom in the world. Even in Texas.

Somebody's Watching Me

2006-05-31T23:53:00.000+02:00

I always feel like
Somebody's watching me
And I have no privacy

No wonder. But the question is rather: Who is watching you? You are being tracked on the Internet, unless you take decisive steps not to make it so. Privacy isn't something that can be taken for granted. You have to guard it, maintain it, fight for it.

Why should you? Well for one, because it is your right, and rights should not be relinquished for no good reason and without giving it a thought. When you go on the Internet, no one has told you that everything you send, receive or do will be monitored. If someone did, you'd think twice not only about hooking up, but about the whole proposition altogether. Similarly, if your phone company told you that someone might listen in on any of your calls, you'd probably choose another service - assuming one was available.

I always feel like
Somebody's watching me
Tell me is it just a dream?

Hardly. As fact will have it, if you are in the US, chances are the government already has been monitoring your emails and calls since shortly after 9/11. I know, it sounds insane, which is why people have a hard time grasping the extent of this scandal even after it has been reported by credible media such as the New York Times and Washington Post, reluctantly confirmed by the government (by refusing to deny, of course), and even as the leading telecom companies are facing billion dollar lawsuits from civil liberty groups for their role in aiding the authorities in their illegal activities.

Unfortunately, Americans are not alone in being monitored. Those interacting with them suffer the same, and indeed this was initially assumed to be the purpose of the NSA program now being uncovered (or unravelled, if you will). The EU is also on the verge of introducing laws that will compel phone companies and ISPs to a) store much more data on their customer's activities (including who contacted who when and for how long), and b) to keep these records much longer. And incredibly, the UK is preparing to introduce a law that will make it a crime not to reveal passwords to the authorities when asked to do so, in effect saying that you are no longer allowed to keep anything private, online or off.

Again, why should we care? Because this reverses the burden of proof. Instead of the authorities having to prove someone guilty, that someone - which may very well be you - has to prove himself innocent. That's a bad principle to start with, never mind a violation of basic human rights, but truly horrendous when coupled with the huge imbalance in resources between the government and any individual.

I'm just an average man
With an average life
I work from nine to five
Hey, hell, I pay the price
All I want is to be left alone
In my average home
But why do I always feel
Like I'm in the twilight zone

(Lyrics by Rockwell, inspiration by Bush)

China's Spying PCs

2006-05-25T23:21:00.000+02:00

In a move almost to silly to ridicule, the US State Department has decided to make sure that none of the 16.000 PCs they purchased from Lenovo last year will be hooked up to their secure network. This comes as a result of the initiative of congress representative Frank R. Wolf, a Republican, who fears that China may have fitted the computers with spying software or hardware.

Mr Wolf apparently knows about as much about computers as we do about fungus. No, that's an exaggeration. Make that half as much.

Quite apart from 1) the PCs being routinely tested both by the State Department and outside specialists, and 2) doing such a thing would be like signing a death warrant for Lenovo, consider this: The Lenovo PCs are made by American and Mexican workers at plants in Mexico and North Carolina, in exactly the same fashion that they were produced before the Chinese bought a 27% share of the stocks in this subsidiary of a company you may have heard of before. It's called IBM.

The Frog that Croaked

2006-05-25T11:17:00.000+02:00

Fred's dead, baby. Fred's dead.

Just as Zed in Pulp Fiction, he went down and out fighting. But in the end, the spammers got the better of him through overwhelming attacks and threats, and Blue Security abandoned their fight against spam, killed our friend Fred and went offline.

So is all lost?

Definitely not. For the first time, someone came up with an idea that not only filtered out spam, but actually made spammers stop spamming. There was a simple great idea at work here: Making a database of email recipients that absolutely detest spam, encrypting it, and forcing spammers to wash their email lists against this database through a measured and legal response, by sending opt-out requests in reply to the spam received, one for one.

What was learned? Primarily that more resources are needed to win the fight. A small startup company is unlikely to be able to cope with the intense attacks of spammers scared witless. At the very least they need to be better prepared. Alternatively, the load must shared among the users in a peer-to-peer fashion, giving the spammers tens or hundreds of thousands (eventually millions) of servers to attack instead of just one.

People who hate spam with every fibre of their beings are working on this at this very moment. But the idea is there for anyone to grab, including the powerful IT giants in dire need of good PR. It's a golden opportunity for a bold move that will make Internet history rather than just another buck. Do you read, Mr Ellison? Mr Gates?

My Friend Fred and the 2nd Internet Revolution

2006-05-05T02:08:00.000+02:00

My friend Fred is a small, blue frog. He may be an acquaintance of yours as well. But if he is not, let me introduce him to you. You'll be happy to know him.

As I said, Fred is a small, blue frog. Contrary to most frogs, he doesn't eat flies. His particular choice of feed is spam. Yep, he is a spameater, and man, does he gobble them up!

You may have guessed already that Fred is a cyberfrog, and right you are. He is a small program that you can download for free from www.bluesecurity.com or www.downloads.com. What he does is as easy as it is brilliant. When your spam is reported in one of any number of ways, the guys at Blue Security determines both who it is from and who it is for. That is, who is sending you the unsolicited email (the spammer), and what company he is pushing products for (the spamvertizer). They then politely tell him to stop digging this particular hole, at the very least with regard to all the Blue Community members. He can do so by downloading an encrypted file that contains the email adresses of all the members, and cleaning his list against this.

If he does not comply with this request, Fred jumps into action. For every spam received by a Blue Community member, he sends one opt-out request to the spammer and/or the spamvertizer. As it is one for one, tit for tat, it is a very measured response, well within legal boundaries. However, for the spammer/spamvertizer who may foolishly have sent of millions of spams, the result can be an avalanche of requests that will be difficult to handle, potentially costly (the domain can easily get closed down, at least temporarily), and very unpopular with the culprit's ISP.

This has been so effective that several of the world's largest spammers (and many smaller ones) have taken Blue Community members off their spam lists. For many members, this has meant
a marked decrease in the number of spams received, sometimes from a flood to a trickle. And as multi-domain, multi-account users we can vouch for its effectiveness.

This, of course, has not gone down well with the leeches that make a living from spamming. As there is no chance they'll ever sell anything to a Blue Community member, the sane thing would be to comply and clean their lists. But some are not sane (big surprise), and have mounted various attacks. One is a spam claiming to have "cracked" the encrypted database (easily demonstrated to be untrue) and threathening to flood members with 10 or 20 times more spam (has not happened). Another is a huge distributed denial of service attack on the Blue Security servers that has overloaded them, so that we are now into the second day with the Web site down and my friend Fred disconnected.

The first Internet revolution was going from the old USENET discussion groups to this wonderful new thing called the World Wide Web. The second is this: Claiming our email back from the spammers. We've grown so used to the nuisance of spam that we'be long taken it for granted. Well, as it turns out, that was premature. There really is a solution, and lo and behold, it comes in the form of a small blue frog sitting in the bottom right of your computer screen.

The Blue Security and Blue Community web site will be up shortly, if it is not already when you are reading this. Be sure to sign up (as I said, it's free) both to rid yourself of the spam you receive today, and to avoid new adresses or whole domains in getting spammed.

On the BeCyberSafe web site, we'll teach you the best and easiest way to work with Fred. But the most important thing is that you do!

Have fun with spam?

2006-04-27T23:05:00.000+02:00

Have you bought Viagra on the Net lately? A bride from Ushbekistan? The Russian edition of PhotoShop at 10% of the sticker price (if so, good luck with the menus)? American porn with ladies so full of silicon who have heads so full of air that they would be unsinkable even stuffed in buckets of cement? Cheap stocks in the emerging oil industry of Botswana?

Have you helped the son-in-law of Nigerias deceased Secretary of Defense transfer his inheritance to an US bank account, and are expecting your 7.8 mill dollar fee to arrive any day now?

Of course not. I don't know who these dimwitted morons who buy stuff from a spammer is, as I have never met anyone who would admit to doing so. But since the garbage keeps filling our inboxes, someone must be buying. If they didn't, the spam would slowly cease, as even this particularly unsavory dish costs something to serve. Time, after all, is money. So is bandwith. However, by some measures, 90% of all mail sent is spam. Clearly, the last sucker is not born yet, and plenty of live ones can still be found on the Net.

Let's agree on something right here and now, shall we? It's a simple thing: That we never, ever buy anything at all from a spammer. If you find a must-have product in an unsolicited email (fat chance), do yourself and the world the favor of spending two minutes finding it somewhere else.

Zero response to any spam is the only thing that will eventually kill this menace. That's cold comfort to those already battling an overflowing inbox. And make no mistake, it can get so bad that people simply give in. It's not long since I sent an important email to a friend. Not getting the expected response, I called him some time later to ask why. The reply: "Eh...no...that particular account is so full of spam I haven't checked it for weeks". Which is maybe OK if it is an Hotmail account, but considerably worse if it is your.name@yourownserver.com!

The good news is that there are solutions available even for the most spaminfested of us. Granted, you may ask if it is worth the effort if you get 200 spams and 3 relevant emails per day. But 80% spam and 20% real email, that can definitely be overcome.

So what does it take? A 75 dollar program, a dedicated hardware firewall and two hours per day of tracing the spammers and their ISPs? Well, yeah, if you subscribe to Mr Bush's "fool me once, fool me twice" doctrine. For the rest of us, an hour spent downloading and getting acquainted with the best free antispam programs will suffice - plus ten minutes per day to separate shit from shinola.

And now for le piece de resistance: There are ways to hit back at the spammers, to deliver a nutcracking kick with minimal effort and maximum result. They'll soon learn to leave you alone. How? Let the blue frog do your kicking!

Hollywood Encrypted

2006-04-15T09:44:00.000+02:00

We love encryption. It allows you to store any data anywhere without anyone getting to know anything. Until they have the password, that is, and then it all becomes clear in an instant.

The funny thing about encryption is that while it uses some very advanced technology - understanding it really is dream material for the nerdiest of nerds - it is normally very easy to use. So much so that most of the time we are not aware of encryption being used. Cable TV is encrypted. Access to your Internet bank account also. Amazon and most sites using either shopping cart technology or online payments are encrypted.

Who else uses encryption? Why, thieves and thugs and mobsters and crooks and foreign spies and terrorists, of course! Just take a peek at any half decent Hollywood movie or series these days. Case in point: The new thriller "Hostage" featuring Bruce Willis certainly fits the description (it is only half decent), and also features a bent accountant that stores encrypted files of shady transactions on a DVD masked as a movie. All well thus far. But why can the movie director never resist the urge to fill the computer screen with random numbers to illustrate encryption? For anyone in the know, it immediately breaks the illusion - the suspension of disbelief - and makes you aware that you are just watching another dime-a-dozen product from the Hollywood machine, made by another director who didn't bother to teach himself the first thing about a central premise to his movie.

The same thing is illustrated time and again when the crooks manage to encrypt files so miserably that the Jack Bauer team on "24" can access them in 7 minutes after barking something like "C'mon! Free the overlay server and plug in socket 13 on the ripple system. Do it now!". It's a cool show, but jeeeeez!

Here are a few sorry facts for Hollywood directors and other lost souls: 1) No encryption software fills your screen with random data (unless it features a specific Hollywood function, that is). 2) Any grandmother that can access the Internet should need only 10 minutes to learn to encrypt files in such a way that neither Jack Bauer's team, the CIA or a fourteen year old with glasses can break it open. Not in ten thousand years. Not in ten million years!

Encryption is for everybody. Your backup should be encrypted, so that it is of no use to others who get their hands on it. Your home computer should be encrypted, so that what is private is kept private - simple as that. Your wireless network should be encrypted, or it is likely to be abused by freeriders. Your laptop must be encrypted, so that information stored on it isn't stolen if the computer is. And last but not least: If you send sensitive data by email, you need to encrypt it. Here encryption is simply the "envelope" you put your letter into.

Hollywood has got it exactly backwards. Encryption is easy to use, but done correctly impossible to break. And it is used primarily by companies who are serious about their business, and by good citizens who value their privacy.

Do you?

Backed up?

2006-04-10T19:38:00.000+02:00

You are, you say? Really? Well congratulations, then! If you are even talking about your personal self, and not your work, then you've got an even better reason to give your selv a pat on the back. I assume you have also double checked all your insurances and updated your will? Just kidding. You are an example to be followed.

Surveys show that many businesses, especially small and midsize ones, have poor backup routines for their computer systems. But at least they are usually aware they have a problem, which is a good start if nothing more. Privately, however, most of us walk the slack line without a net - unless we have already experienced falling off and eating dirt. Some even need to do this a couple of times. Bless them, because the meek shall inherit my external hard disk, once I have outgrown it yet again.

Some fool themselves into thinking they have nothing to lose. Reading this, it is likely you are not one of them. But if you are, do yourself the favor of spending ten minutes looking at the contents of your hard disk. You are likely to find letters, spreadsheets, presentations, music, bookmarks - not to mention email. Maybe some personal videos too (or other people's personal videos, come to that). And with digital photography becoming so popular, you may have stored any number of photos; memories frozen in time that if they are lost are apt to be lost forever.

Any number of bad things can happen to a hard disk. Fire, theft, water damage, magnetic disturbances, lightning, viruses, sabotage, or green martians with an appetite for bits & bites. Mostly, they just decide to no longer rotate 7200 times per minute, and quitely give in with a slow, final spin. It can happen two days after you got your new computer, or four years later. If you still have a valid guarantee, you might get a new disk. If not, you'll have to buy one. In any case it will be shiny, new...and blank.

Enough already with the horror stories! You know what to do. Anyone with a computer needs to back up their data, unless someone does it for them. Now for the good news: Backing up is easy, fast and cheap. A couple of empty DVDs or an external hard disk, and you are pretty well set. Now all there is left is to actually do something. You can easily manage without any dedicated software for this. But if you do want or need a backup program, isn't it nice that some of the very best ones are absolutely free?

Main thing: Do it!

So Here We Go, Then!

2006-04-03T00:43:00.000+02:00

The site BeCyberSafe.com and this blog were created because we needed them. Or, to put it a bit more bluntly, because almost all of us do. That is, we all need to give some serious thought to the matters of computer security and privacy, especially in the Internet age. It is just that too few of us do. Our take on this: The information is too fragmented. We don't know the problem, only bits and pieces of it, and thus any tools we apply are unlikely to be the right ones.

Case in point: Most know enough to have an anti virus program installed. However, 80% of all office computers have spyware on them - a whopping average of 27 programs ("State of Spyware Report", Webroot). Well, which is worse, a virus or 27 spies on your system?

The Internet is a wonderful place. You can find anything and everything. Born-again Christian Republicans and Russian criminals, yet also born-again Russian Christians and Republican criminals. CNN and BBC, but also Jim's blog on the history of rabbits and Jill's astrology site. Satanism side by side with taoism, pornography along with knitting. It's a jungle out there, but also a field of flowers. Wonderful!

But amidst all this chaos that is the Internet, there was one thing we never found: A simple, sensible, comprehensible site on computer security and privacy matters. A site not made to scare people out of their money or to push a specific product, but there to give a sober overview of the dangers that do in fact lurk on the net, and offer simple, solid solutions for anyone. A site that provided both the knowledge and all the necessary tools at the price of one overhyped anti virus program. A site that did this while not being saturated with mindless advertising and irritating pop-ups.

Such a site may have excisted. But we never found it when we needed it. Thus, we created it ourselves, and named it www.BeCyberSafe.com . We hope you'll find both the Web site and this blog interesting and useful, and would appreciate your comments!