Scams A-Poppin'

The Knabe family appears to have become a scam magnet. In one week we've received one confirmed scam and one very likely. I'll post details on the confirmed scam today or tomorrow, and on what we find about the other next week. 

Just a hint: If you receive prepayment for a job you're not sure you applied for, you probably didn't, and it's not.

HeartBleed Exposes the Danger in "The Internet of Things"

I've had discussions online about the "Internet of Things" and why I don't care to have my appliances connected to the Internet, but I don't think I've ever talked about it here. Thanks to Heartbleed, the time has come. 

The Problem Now

Adobe hacked, customer info, source code stolen

Adobe recommends that if you have an account with them you change your password on their site, and on any sites you may use that same password on. Fortunately, it looks like all of the credit card information accessed was encrypted, and Adobe believes the encryption held. Adobe is offering anyone whose credit card information was stolen a year of complimentary credit monitoring.

Will 2012 be the year the Internet dies?

This month two very dangerous bills will continue to be pushed in the House and Senate. The "Stop Online Privacy Act" (SOPA) and the "Protect IP Act" (PIPA) are among the most anti-Constitutional bills considered in the last decade. If passed they will make it possible shut down websites in the U.S. without warning and limited right to appeal. It's only because of the "National Defense Authorization Act" President Obama signed into law Saturday that they aren't the worst of 2011. More on the NDAA next time.

HP Printers are hot stuff

Yesterday Wired's Threat Level Blog reported that researchers had shown HP printers can be taken over remotely and set on fire. Unlikely as that sounds, it's made possible by HP's insecure method of applying firmware updates. A bogus update could change the temperature of the fuser, raising it, lowering it, or keeping it on constantly.

It doesn't take much work to secure your Android phone.

Jack Wallen put out an Android phone security primer on Tech Republic. I don't have an Android phone, but a lot of people do, so I thought it would be a good idea to go over some of the steps here.

The first best thing you should do is set a pin to unlock it. Then lock the phone. There are still ways to get at the data on your phone, but that will stop the casual pickpocket/guy who picked up your phone when you left it at the bar.

Practically unbreakable (but memorable) passwords

A month ago in the June 1st edition (episode 303) of his Security Now! podcast Steve Gibson announced that he had experienced an epiphany on what makes a secure password. The traditional requirements for a secure password have been missing an important point. What's the point? That a secure password doesn't have to be what is known as a 'strong' password.

Is the FBI an agency out of control?

Kevin Gosztola at looked at 5 types of FBI abuse of power. That abuse of power was, and is, assisted by the FISA court. The FISA court is supposed to oversee the FBI investigations, but unless oversight means rubberstamping electronic surveillance (1506 requests in 2011, 1506 approved) it's falling down on the job.

LulzSec ends hacking business

LulzSec Security is closing it's doors. As reported on Mashable and a host of other places they are claiming that the intent from the start was to disrupt the security industry for 50 days in an attempt to restart the 'anti-security' movement. They believe they have fulfilled that goal. They might have, but I doubt it. Not for very long, anyway. 

Should teachers know students have criminal backgrounds?

Megan Ryan of the Houston Chronicle reports that a bill requiring teachers to be informed when a student has a criminal history is sitting on Gov. Perry's desk waiting to be signed. The goal is greater safety for teachers and for other students.