Category: SECURITY

Categories
SECURITY Technology

Is Lovely Warren committing a crime by sharing her password? The Ninth District could decide soon.

When Mayor Lovely Warren’s office announced that her Facebook accounts had been “compromised,” they didn’t specify by whom. And we may never know, since they’re not really under any obligation to tell us. But one thing they made absolutely clear is that Lovely Warren’s Facebook accounts are in fact managed by an unspecified but large number of people who are sharing account credentials. That means that, if indeed the account was “compromised,” they didn’t really have any idea who compromised the account themselves.

This is hardly an unfamiliar or uncommon practice in office settings. Among the many and varied jobs I’ve done on my way to becoming a freelance web developer, I’ve done a fair amount of deskside support. And one thing that is universal at every level of deskside support is: everybody shares passwords.

I mean everybody. CEOs can never really be trusted to know their passwords – their assistants do. And if the assistant is out, do you think business stops? No. All those passwords are written down in her desk drawer for just such emergencies.

This habit repeats itself across industries, companies large and small. But what are the consequences of someone breaching security with a shared password? A case before the Ninth Circuit Court asks this very question. The Electronic Freedom Foundation filed an amicus brief in this case, the overview of which is explained in this EFF Article:

David Nosal worked for Korn/Ferry, an executive recruiting company. Korn/Ferry had a proprietary database of information that, under corporate policy, employees could only use for official Korn/Ferry business. After Nosal left to start his own recruiting company, the government claimed he violated the CFAA when he allegedly convinced other ex-employees of Korn/Ferry to access the database by using a current Korn/Ferry employee’s access credentials, with that employee’s knowledge and permission. The district court refused to dismiss the charges, ruling that the act of using someone else’s computer login credentials, even with their knowledge and permission, is a federal crime. Nosal was convicted by a jury, sentenced to one year in prison, and ordered to pay a $60,000 fine and nearly $830,000 to Korn/Ferry in restitution.

The government paints a pretty dire case, but even at face value, what is happening here is fundamentally no different than any CEO – or Mayor – sharing a password. One has an allegedly unethical intent; one has a drearily predictable, utilitarian intent. But both acts are functionally identical.

The government’s position on this makes every night shift help desk jockey the exact same common criminal as the Mayor of Rochester. Has Lovely Warren committed a crime?

As we can see in the Ninth Circuit case and in Lovely Warren’s most recent dust-up, authentication – the act of verifying you are who you say are – is a serious business. What, then, of the declared “compromiser” of Lovely Warren’s account? That member of her team or related party that used Lovely Warren’s credentials to access her account and rail against her detractor? When someone works against authentication and falsely identifies themselves, most of us would call that “hacking,” though the Mayor’s Office has so far avoided that term.

Cornell University’s Legal Information Institute documents the US code on fraud, and it seems to arguably describe what happened in Lovely Warren’s Facebook account, according to reports:

(a) Whoever, in a circumstance described in subsection (c) of this section—
(1) knowingly and without lawful authority produces an identification document, authentication feature, or a false identification document;
::snip::
(7) knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law

Certainly, unlawful impersonation of a public figure must be a crime. It may even turn out that sharing passwords is illegal. If a crime as been committed, it behooves the Mayor and her newly-minted head of communications to provide some answers. It’s worth the conventional media in Rochester asking some real questions about this and not letting it go.

Was she hacked? Impersonated? Or did something else go on? And who will ask these questions, or does the whole story get swallowed up and forgotten in the Christmas holiday?

Categories
SECURITY Technology

What price security? Google signals that security will affect site’s ranking

Photo: <a href="http://www.financenews24.com/wp-content/uploads/2013/10/google-company-headquarters-wallpaper.jpg">financenews24.co/</a>

In a blog post dated August 6th, Google’s head of Webmaster Trends Analysis, Gary Illyes announced that effective immediately, Google rankings will favour sites serving content from an HTTPS address. This form of communication is encrypted between the server and the client, and so discourages snooping by those with malicious intentions:

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

This all sounds pretty decent so far, right? Still, I’m not sure that it actually is a good thing, when you step back and look at the full picture. In the most positive light, it could be construed as an ineffective distraction to real security. In a more negative light, Google’s new tactic could be seen as strong-arming the Internet, to the detriment of low-income Internet properties.

What is HTTPS?

HTTP stands for HyperText Transfer Protocol, and is the vehicle by which the majority of what people think of as the Internet is delivered. If you look at the address bar for this website, you’ll see that the first few characters are http://. That tells the browser to use HTTP.

If the same traffic is encrypted, which means scrambled so as to be unreadable by anybody but the server and you, the first few characters will be “http*s*://.” The “s,” you see, is for “secure.”

It is fairly routine for your email, your bank and increasingly, your social networks to all be served up in this way. Encrypting your communications ensures some level of privacy from criminals, particularly encrypting the transmission of username/password challenges for logging in.

For the website in question, the price of admission to this secret world is what is known as an “SSL Certificate.” This is a set of secure data that only that server has, with which they encrypt the data they’ll be sharing with you. Basic SSL Certs with barebones support come in around $9 a year, which is a very affordable bar to entry for most Americans.

Now for the bad news

All of this sounds great, it really does. A more-secure website, especially one with usernames and logins, is a better one. But does that make one website a more authoritative voice or a better resource? Because that is what Google’s mission is supposed to be about, if we’re still concerned with that sort of thing.

Search is about content, not someone else’s priorities

If I wanted Google to make the decision for me where I “should” spend my time, as opposed to who has the content I’m looking for, I’d probably be asking for it. But that’s not why I use Google and that’s not why, as a publisher, I rely on Google’s rules to get my pages in front of your ocular tissues.

Where spam pages are concerned, Google is well within it’s mission to cull the herd. I don’t need to find myself in spam hell because I searched for a common term, nor do I want my site listed among the sleazy crop of Russian honey pots. But security is a personal matter about which I can make my own decisions.

Security is a state of mind

While we’re on the issue of the ambiguous term “security,” let’s keep in mind that, just because someone else can’t snoop your communications with a website, that in no way presupposes that visiting the site is “safe.” What’s to say the site itself isn’t doing dodgy things with your data? Google can’t guarantee that, nor should it try.

Wait. Google is talking secure communications, now?

Whether or not it was their fault; whether or not Google was pressured by the government to allow holes in their security that the NSA could snoop through, the fact remains that they did exactly that. To hear Google now carping about secure communications on the Internet is rich, to say the least.

Wait. SSL Certificates are secure, now?

Perhaps you recall, and perhaps you do not recall, the big security freak-out of a few months back? Heartbleed? Yeah, that whole thing. That’s when the world’s most affordable SSL Certificate system, OpenSSL, was found to have a gigantic hole in what was supposed to be it’s encryption.

No one with any knowledge of Internet security found it surprising that Heartbleed was discovered in the era of NSA snooping. It was exactly the kind of back-door intrusion loophole the NSA must have been employing. So now, Google wants us to trust certificates that they themselves helped undermine.

The “Google Tax”? $9 a year doesn’t sound like a lot to Middle Class America.

But any new cost of doing business matters, especially for those with lower incomes. And regardless of how much of a burden it is or is not, there is something counterproductive to the “free and open Internet” Google claims to want in requiring yet another fee to pay.

It seems to me that Google’s HTTPS plan is too disruptive in all the wrong ways, and not disruptive enough in the ways they would prefer it. I’m hoping this is another Google Wave-esque idea that goes the way of the dinosaur sooner rather than later.

Categories
SECURITY Technology

WTF is #Heartbleed? And should I hoard gold?

Based on photo: <a href="https://www.flickr.com/photos/mthierry/4595284293/in/photolist-8152Vx-ixhBvk-kdtrCt-8yrcCp-yzYZu-Fv2JC-628tqw-8kkTMR-8JoD7R-BCQVo-N8y7X-4f8GWL-5yRWvZ-dcF764-bwWEhh-dezkg3-6gQuS3-LVLCC-fNrAny-ft1b3W#">m thiery</a>

There doesn’t seem to be a tech, a hacker or a tech-savvy food service employee out there who isn’t sounding the alarm about a threat called Heartbleed. I’ve been doing a lot of liveblogging of my discoveries re: various institutions and companies and their preparations for Heartbleed. But I’ve not yet had the opportunity to sit down and summarize what we know about the threat so my audience can understand it.

First and foremost, Heartbleed is not a virus, malware or spyware. It’s not a “bug” in the sense that we discuss various threats these days. Running McAfee on your system will not help. Instead, Heartbleed is a vulnerability in the fabric of what allows for confidential communications over the Internet. In other words, those websites you access with https:// in the address, rather than http:// When exploited, Heartbleed has the power to render visible the information that was supposed to be confidential, including usernames and passwords, confidential data and worst of all, the keys a given service uses to make all future communications secure.

Well, damn. That certainly sounds bad. And it is: Heartbleed attacks a form of communication that is nearly ubiquitous on the modern Internet where security is a concern.

But before you go to all the trouble of refreshing the potpourri and washing the doilies in the bomb shelter, let’s talk about what it can and cannot do, and how you can protect yourself without going broke on duct tape.

The Whole Internet is Not Busted

When a security vulnerability like this comes around, often people find themselves trapped between blase attitudes and hair-on-fire panic of their friends and neighbors. But to be clear: only websites that you browse using https:// are affected, and not all of them, either.

An example of an https:// website.
An example of an https:// website.

Any site you browse using http:// is the same as it ever was. What makes the difference between the https sites that are and are not affected? Well, let’s talk about that.

How Heartbleed works

The heart of the problem is something called Secure Sockets Layers (SSL), which creates encrypted “tunnels” of information between you and the service you are connecting too. When communicating through these tunnels, all information is scrambled in a way that is unreadable to a would-be snoop. Examples of SSL tunnels would include https sites, SSH shells, FTPS and the ubiquitous VPS connections many employees have to their employers’ systems.

Heartbleed is a vulnerability in one common Open Source implementation of SSL, called OpenSSL. In this implementation, there is a means for completely unauthenticated users – complete strangers on the Internet – to be able to read the information held on the memory of servers that deliver SSH content. Worse than simply seeing the actual confidential data you meant to hide, this new vulnerability provides the “keys to the kingdom,” allowing an attacker to see the username and password of a legitimate user and also the keys by which the server provides secure content. That means any further connections to that server using those keys will be compromised.

So, yeah. Its pretty damned serious, indeed. And because use of OpenSSL is so ubiquitous, the potential harm to the online community is pretty vast and staggering.

There’s Good News, Too

But there are many more sites that do not use the OpenSSL system to encrypt their data, and as of the time of this writing, those SSL systems remain unaffected by Heartbleed. In particular, your bank, PayPal and anyone dealing with PCI-compliant eCommerce (which should be just about everyone doing eCommerce, we hope) are all unaffected by Heartbleed.

There are many more encryption algorithms that are not related to OpenSSL and do not require any kind of patching or security fixes. And the fix for OpenSSL is also freely available; most credible services are already locking down their SSL connections. Therefore, even a site that is currently using OpenSSL isn’t any less secure by nature than any other.

What is the Solution?

Because the fix for OpenSSL’s Heartbleed bug, server admins are busily patching their systems and where necessary, reissuing keys for affected systems. And you can bet that OpenSSL’s next build will come with the patch already implemented.

However, once a server has been patched, the next step is to reissue keys and have users encrypt their passwords with those new keys. That’s why you may have gotten emails from stuff you do online recommending you reset your password.

Should I Just Start Resetting Passwords, Then?

No. First of all, while it’s always recommended that you update passwords on a regular basis and I’ve even given you a handy guide to creating secure ones, doing so en masse promises to create confusion. There’s no sense making the situation worse by forgetting new passwords or creating a bunch of duplicates.

But secondly and much more important in this case, resetting your password will only be effective after the SSL keys are regenerated. So if Company X is affected by Heartbleed – and hasn’t yet secured their servers – resetting your password changes nothing. And after they’ve secured their servers, they’re just going to ask you to change your password again, because that’s exactly what is required.

Your best bet if you’re concerned about your security online is ask, ask, ask. Find out if your bank or social network is affected by Heartbleed by asking them. Check your list of sites you frequent and find out what you should do about them.

Categories
SECURITY Technology

Scan tech for ancient paintings at may be the cure for the TSA junk shot

Imagine a world in which your naughty bits are treated with the same loving care by TSA as are the ancient works of the great masters of our species’ art. That world may be coming soon, if tetrahertz scanning technology becomes mainstream.

Tetrahertz spectroscopy uses energetic waves somewhere between the infrared waves your remote control uses and the microwaves you use to cook up your leftover garbage plates. It has the uncanny ability to discern the structures and shapes of materials below the visible surface in a non-destructive fashion.

X-rays, by contrast, would never be used to scan the subsurface of ancient works, because it would be too destructive. But no one at the TSA has any problem aiming a dose straight at the old John Thomas if they think you’ve got a literal rocket in your pocket. And broadcast the resulting nudie pics to some perv behind a desk, no less.

Newly published research, funded by the Department of Homeland Security, aims to eliminate this problem – and direct scanning of passengers, altogether – by using tetrahertz technology to scan the whole room at once:

Researchers now report in ACS’ The Journal of Physical Chemistry Letters a more precise and direct method for using that “terahertz” (THz) technology to detect explosives from greater distances. The advance could ultimately lead to detectors that survey a wider area of an airport without the need for full-body scanners.

So instead of making you stand for a quick porn shot, of which they never have the decency of sending you a few glossies anyway, you can now walk unimpeded through the airport safe in the knowledge that a scanner is looking for bombs everywhere. Of course, that also means that instead of per-person dick pics, you’ve got a whole room full of naked people.

But there’s safety in numbers, right?

Categories
Politics SECURITY Technology

Hope you enjoyed the midgets, fellas: the NSA now snooping your porn viewing habits

Photo: <a href="http://www.flickr.com/photos/suckamc/2848262242/sizes/l/in/photolist-5kG68G-5wRYU2-5NyYpu-5P7zb7-5RGhPW-5RLCtv-5SSxYS-6nS1n5-6oCW6c-6AmLas-6TX7gf-77DwWQ-7hPRPj-7iSeYv-7r9Mph-8XMNGc-fJiRK3-cJs221-cJrZof-bDJbvr-aqFzwL-aJLtzV-bPn9xP-buyi49-btBSxf-8XjB5t-7E5kN2-8m5pUR-d1dN1C-fh4n9S-8kr92T-8Vzyqy-871bRm-871gLE-8716VN-86X12p-871dcf-86WXD2-871ihy-8716mY-86X79v-8718J3-871i5s-86WYJP-86X2fe-871fWs-87178Q-98Ro26-bhuyuV-bgLL58-btBbWc/">Martin Cathrae</a> @ Flickr.com

Congratulations, America! Your high-calibre technology and dread fear of terrorism has yielded the finest vehicle for panty-sniffing the world has ever known.

Not content to simply read your emails or those of world leaders, the Huffington Post now reports that the NSA is using the porn and “online sexual activity” data of targets to discredit them. And not simply the NSA alone, but according to the Snowden-released reports:

The Director of the National Security Agency — described as “DIRNSA” — is listed as the “originator” of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration.

So, if you’ve been thinking about “radicalizing” pot smokers into voting their best interest, you might consider rethinking that daily visit to youporn.com. The NSA snooping porn to advance the agenda of the DHS is bad enough. But what is the interest of all these other players?

Categories
SECURITY Technology

Twitter and the NYT: what is DNS?

On Tuesday of this week, Twitter, the New York Times, Huffington Post and a raft of other websites suddenly found their traffic getting rerouted to servers Russia and Syria. The rerouting was due to a successful hack by a group calling themselves the Syrian Electronic Army, a name that brings to mind proto-Goth synth bands of the 80’s. Service was restored to most sites quickly enough, but you may be wondering: what the hell even happened?

I’ve covered the ins-and-outs of DNS in the past in the context of a particularly-vicious malware attack a little over a year ago. But now seems like as good a time as any to recap, since after all, most of the media is too busy primping and preening over the importance or lack thereof in the New York Times to inform you.

DNS stands for Domain Name Service, and in short, it’s sort of an address book for the Internet. The pretty alphanumeric domain names we all know and love, like chocolateandtomatosauce.com, horney0ldbabes.org or rochesterhomepage.net, are not the addresses computers recognize. Computers navigate the web by using large numbers assigned to each other computer, often notated by four numbers separated by dots, like 127.0.0.1.

Someone, somewhere needs to map all those domain names to their numbers, and that’s where DNS comes in.

What happened in the case of Twitter, NYtimes.com and so forth is that the SEA hacked into the Australian company that carries the official registration of those domain names. By changing the number associated with the domain name, they ensured that anyone looking up those addresses would get the wrong information.

Most people probably never saw any disruption at all. That’s because most ISPs carry their own copies of DNS records, refreshing that data only periodically. In the short term, this was always a pretty low-level threat. But the point was probably more to cause disruption and panic than to do any real damage.

Categories
SECURITY Technology

Wait. How many requests does our government make for our Google data?

Google has released its latest Transparency Report for 2012 and the big story in most of the media is that 88% of the time, Google complies with government subpoenas. We’re all supposed to suck in our collective breath that Google would be so cavalier with our personal data:

In its latest “Transparency Report,” Google revealed that it received 21,389 requests for information about 33,634 users in the second half of 2012, with 8,438 of those requests coming from the U.S. government. Google handed over the data 88 percent of the time, based mostly on just a subpoena, which does not require the approval of a judge.

Wait. Aren’t we burying the lede, here? Let’s have a look at the actual numbers. Here is the chart for requests by country, and once again we see that the United States is peerless in its requests for private data. Only India comes within one quarter of that number, and with only 66% of requests honored, it really makes you wonder what they’re requesting:

Requests by country, sorted by request number. No one touches us. U-S-A! U-S-A! U-S-A! U-S-A!

This follows the same pattern we’ve seen from our government in the past. As I noted then, the trouble with all these numbers is that the represent a company’s interpretation of law and of privacy. But considering that Google complied with 88% of the US requests, as opposed to 66% of India’s and 0% of Turkey’s requests, it seems very clear that there is some judgement happening at Google. They don’t appear to simply be turning over private data without discretion, in fact, the 88% compliance number strikes me as proof that the orders coming from the United States were filed in compliance with the law.

One can argue that the law is flawed. I certainly would. But that is not Google’s issue, nor really is there any other company providing its users with such – well, transparent – information about their compliance with subpoenas. The real question is: why are so many requests coming from a nominally free society?

Categories
SECURITY

Twitter is asking you to reset your password. Do it.

Every once in a while, we go through this. For one reason or another, Twitter asks to reset your password. Typically, they only send out emails asking you to do this when the situation’s gotten pretty wide-spread, and per TechCrunch, that is exactly the case with Twitter’s last set of emails.

Here is a copy of what the email looks like:

Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/…

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

The first thing that jumps out at me is: why the hell is Twitter sending out emails with links to reset your password? That’s like the phishing-est phish that ever phished a phish.

But what caused this problem in the first place? Well, the servers might have gotten hacked or something like that. But these are probably the least-likely scenarios.

The simplest answer is that some very popular web service that uses Twitter login was compromised. If you use Twitter to log into, say, Huffington Post and they subsequently get hacked, the permission you gave them to your account may be sufficient to allow them to tweet or DM on your behalf.

Another possibility is a wide-spread dupe site, such as those that fool users with “vanity phishing” DMs, may have gotten particularly active.

Regardless of whether this is an internal or external problem for Twitter, it is probably in your best interest to reset your password. Even if you haven’t gotten the email.

AND EVEN IF THIS EMAIL IS LEGITIMATE, NEVER, NEVER, NEVER CLICK LINKS IN EMAIL! Go to Twitter directly and reset your own password. Email links are just way, way too dangerous.

Categories
SECURITY Technology

“Assume all PCs are infected.”

Photo: <a href="http://www.flickr.com/photos/threeheadedmonkey/3856171871/sizes/z/">ThreeHeadedMonkey</a> @ Flickr.com

The EU may be having its share of problems, but at least their banking regulatory systems are starting to take online banking security seriously.

Sure, that’s largely because the threat right now is fairly unavoidable. And in particular, banks in the EU and increasingly in the US are seeing trojan attacks on high-balance bank accounts from the likes of such recently-infamous nasties as ZeuS and SpyEye. These are key-logging and observing pests that track your movements online and are able to steal your credentials (username and password) by just watching over your shoulder:

The report detailed how thieves using custom versions of the ZeuS and SpyEye Trojans have built automated, cloud-based systems capable of defeating multiple layers of security, including hardware tokens, one-time transaction codes, even smartcard readers. These malware variants can be set up to automatically initiate transfers to vetted money mule or prepaid accounts, just as soon as the victim logs in to his account.

While high-balance bank accounts of the rich and of businesses are currently being targeted, it stands to reason that it won’t be long before small-timers pick up the ball and run with it. TrendLabs has some scary details about how the new viruses are making their way around the Internet:

The phishing messages of today have far less urgency and the message is implicit:

  • “Your statement is available online”
  • “You message is ready”
  • “Incoming payment received”
  • “Pending Messages: There are a total of 1 messages awaiting your response. Visit your inbox now”
  • “Password reset notification”

In many cases these messages are identical to the legitimate messages sent by the legitimate organization. Sometimes, the only difference between the legitimate version of the email and the phished version is the bad link.

What is the solution for this mess? Well, Krebs on Security offers an interesting one: do your banking on a Linux installation that runs off a CD. The theory goes that, because Linux is such a small-footprint OS that it actually can run off a CD and because the CD can’t be altered, your OS cannot be compromised while you do your banking. Great idea, but not practical for most people.

By the way, all this discussion of malware comes with the backdrop of Microsoft having recently revoked certificates of its developers because they’ve already been compromised. Which basically means: apps developed using their certificates to prove that they’re legitimate have already been proven to be illegitimate. Good times!

Categories
SECURITY Technology

DNS Changer malware: what you need to know

You may have heard about yet another new virus threat that’s making headlines today. As many news outlets have been reporting – with greater and greater urgency – there is a new form of “malware” that’s been loose for some time, but is about to make a much bigger impact on a lot of people’s lives. Basically, if you’ve got it, you’re not going to be able to get on the Internet after July 9th. Because the FBI is shutting things down.

Since a lot of the reporting I’ve seen locally has been… well, terrible.. I thought I’d give you a quick run-down of what exactly is going on. Let’s start with the question on everybody’s mind:

WTF?

The “DNS Changer” pest has been “in the wild,” meaning actively making its way through public networks and computers, for quite a while under various names. Its purpose was basically to redirect users trying to get on the Internet to bogus websites so that its creators could collect click-through ad revenue. The FBI and officials in Estonia arrested the perpetrators a while ago, but realized they had a big problem: if they shut down the servers that the malware was pointing to, everybody with the malware would get cut off from the web. The solution was to leave the servers running, but instead of pointing to the baddies, the FBI redirected traffic right back to where it was supposed to go in the first place.

All well and good, but there’s still a ton of computers – estimates are in the half-million neighborhood – with that virus, and the FBI can’t keep those servers running forever. Well, July 9th is the cut off date, so if you’ve got this little beastie running on your box, you better do something fast.

Malware? Is that like a virus?

Yeah, sorta.

The only real difference between most viruses and most malware – and to be clear, these terms border on slang, so the definitions tend to be somewhat fluid – is that viruses generally pose as some legitimate bit of software or data and infect silently. Malware generally attempts to cover itself with the veneer of legitimacy by talking you into voluntarily installing the software. Many veteran PC users will remember all those “start-up applications” that ran their PCs into the ground years ago. Stupid crap you thought you were being smart by installing. And by the way, its pronounced “male-ware,” not “mall-wear,” damnit. Think “malevolent” or “malignant.”

Regardless of the definition or how you got it, the point is: it sucks.

What is DNS and why did it change?

Ah, DNS, our old friend! Cornerstone to the Internet and so effective, most people don’t ever hear the term. This is especially clear when watching and reading local news on the subject, sadly.

DNS means Domain Name Service, and essentially, it’s the phone book of the Internet. Every domain name, such as dragonflyeye.net and bangin-midgets.org, refers to a computer or a network out there on the Internet. But which one? Well, your computer doesn’t know the answer to that, so it relies on DNS servers to provide that information.

When you tell your computer to go to google.com, it actually asks one of these servers where google.com is, the server responds with the correct address, and away you go. Typically, your computer would use DNS servers provided by your Internet Service Provider (Time Warner, Frontier, etc), but it doesn’t have to: you can manually set a different set of DNS servers to contact if you wanted to for some reason.

What the DNS Changer did was exactly this: it changed the server that your computer points to from a legitimate one to an illegitimate one. Those illegitimate DNS servers pointed you – not to the Google you know and love, but to bogus servers that look just like Google. You know all those ads on Google’s search pages? People pay money for you to click on them. But with the DNS Changer servers pointing you to bogus sites, all the money that would normally be collected by Google was instead collected by the owners of those servers. With half a million computers still infected, even after anti-virus software has been removing it for months, they must have made a lot of money.

And you can clearly see the long-term problem facing the FBI: if your computer is referring to the wrong “phone book” and that phone book goes away, where do you find all your beloved websites? You don’t. The solution was to just make the DNS servers report correct data, instead of the bogus stuff while people had an opportunity to fix their systems. And again: the FBI will be turning these servers off completely on July 9th.

Awesome. Now what?

Now you need to find out if you’ve got the DNS kruft and if so, get rid of it. If you’re not on a Windows computer, you’re probably safe. If you are:

  1. Run your antivirus software! I trust you have some, yes? Make sure it has been recently updated as well.
  2. Failing that, there is a website, http://dns-ok.us , that will run a quick, software-free scan for you.
  3. DCWG.org has a resource page that will give you more information.
  4. Finally, many ISP’s including Time Warner are providing their own support. As a last resort, you might try calling them.

Boilerplate preaching

I know you’ve heard this all before. But if you’ve got this little nasty, that is because you didn’t heed the advice. And hey: we all screw up from time to time. So… once more, this time with feeling:

Never install software unless you were planning on it. If something on the Internet tells you to install software in order to view content or improve your PC, that’s a red flag. Before installing anything from the Internet, you might first want to Google search the name of the application. If it even smells slightly off, there’s a blog post, a forum thread, or something else to wave you off. Most legitimate software that drives content on the Internet is going to be either pre-installed or easily-recognizable: Flash, Acrobat, maybe QuickTime.

And for the love of god, people, use your anti-virus! Keep it up to date, make sure you run scans once in a while – most anti-virus software actually allows you to schedule all this to run without you. But that doesn’t mean you shouldn’t check in from time to time.