Written February 2010
by Cliff Feldwick
Probably the most annoying thing about hackers in general is that they keep forcing us to do updates and patches on almost everything, even programs that seem innocuous, in order to cover ourselves. And eventually a certain exhaustion factor sets in and you don’t bother – and then you’re dead. It also makes computer people harp on doing updates and patches, which is boring and you don’t want to hear, until the general reaction is the same as when you were a teenager and your mother asked about your homework.
This all started with the Google vs. China fight, when Google accused China of targeting its servers and the email accounts of human rights activists in various countries. The question came up as to how they were doing this, which led to the discovery of (yet another) vulnerability in Internet Explorer, the so-called “zero day bug”. As of this writing, Microsoft is busy working on a patch but has not released it yet. Because of this, in a probably overly paternalistic move, the security arms of both the French and German governments (the Bundesamt für Sicherheit in der Informationstechnik, for those of you keeping score) have advised people in those countries to stop using Internet Explorer entirely and switch to an alternate such as Firefox, Opera or Chrome. Probably not a bad idea but a little over the top. All browsers have bugs of course, but IE has many more and is used by such a majority of people that it is especially targeted.
This isn’t anything new, of course. A quick online search reveals years of warnings from people such as MI5 (the British intelligence service) about Chinese attempts to infiltrate business as well as defense systems. The Pentagon has acknowledged that the office of Robert Gates, secretary of defense, was targeted by the Chinese. So it’s not just pimple-faced lonely teenagers doing this, but well organized groups, often government led and funded. And again, should we be surprised? Governments have been spying on each other since the days of ancient Greece or earlier. The web is just one more way to do so.
But wandering back to my original premise: it’s not just Internet Explorer that is vulnerable (and interestingly enough, the newer versions running on newer Windows such as XP, Vista and Windows 7 are particularly susceptible) but the “add-ons” as well. Adobe Reader, used by just about everyone for viewing documents, has holes, as does the full Acrobat program. So you need to visit their website and download updates to patch these holes. While there, don’t forget to check for the Flash update to close a backdoor in that program (and what the heck is Flash, I hear you saying). Since Flash 6 was distributed as part of Windows XP and most people would never bother updating it, it has become yet another way in to do damage. Visiting websites that use Flash to display pages (aha – that’s what it is) opens you to malicious code to download password stealers and Trojans that make you ever more vulnerable.
See what I mean about fatigue? And have you started studying for the math test yet?
OK, so what to do? Go to www.adobe.com, click on Support, then Updates, then choose whatever you have loaded (Adobe Reader and Flash at the very least) and follow the prompts to load the latest updates. And allow Windows to update – by the time you read this Microsoft will (probably) have a patch for Internet Explorer. And do it again in a couple of months. You can thank me later.
No Friend of Mine
In an interesting twist, the Florida state judicial ethics committee ruled that judges and lawyers in FL must not “friend” each other on Facebook. I guess this means no lunches or late-night bar crawls as well. Anyway, it seems a little far-fetched that being “friends” in this way could actually sway a decision but you never know what a losing attorney might say. So to reduce even the appearance of favoritism, out goes Facebook. Will other professions do the same? Not bloody likely – how many politicians have Facebook pages (if in doubt, go with “all” – even if their interns are actually keeping them up) and do they bar lobbyists, builders or attorneys from friending them?
It reminds me of several years ago when the Maryland bar told attorneys they couldn’t join networking groups like Leads or BNI because it looked like they were soliciting business, which was unseemly, apparently. Meanwhile people such as Mephen L. Stiles (or something like that) was advertising on the inside ceiling of ambulances and making the late night purveyors of knives (“Wait! There’s more!”) look like amateurs. Bogus.
Ever wonder where…
People get those ridiculous signs and videos they post on Facebook? Try www.failblog.org or www.oddlyspecific.com. Can be R-rated, You have been warned.