Who can we trust?

The news (Dec. 20, 2005) about ABN Amro eyes electronic data transfers after tape loss incident said that "a tape containing information on 2M customers was lost for a month" and "On Friday, ABN Amro told customers that the tape was lost while being transported by DHL Worldwide Express delivery service from a data center run by a subsidiary of LaSalle Bank Corp. in Chicago to an Experian Information Solutions Inc. credit bureau facility in Allen, Texas."

Another incidence, Backup Tapes Missing from Marriott Timeshare Business, if you are one of the Marriott Vacation Club International members etc., your information may be stolen.

The worst thing is that such information might not been encrypted. We may wonder why a big corporation would treat sensitive information in such a way. In other words, no matter how careful we are, if we have to hand over information to a bank, a hotel, a charity body or a security specialized company, we are at risk. That is nothing about online. In fact, the lost of credit card information with online cases had been much lower than conventional means.

No wonder some said that criminals did not need any guns, just send someone to work in transportation companies and there will be a lot of treasure because there are many such careless corporations.

Shall we have a better Internet?

From the article, The Internet Is Broken, David D. Clark has excellent suggestion for a better Internet. Whether this suggestion may lead us to a better future remains unknown.

I am afraid that such revolution would not be happened due to the requirement for all ISPs etc. to invest huge amount to meet the ideal conditions. Furthermore, hackers are like virus. They evolve fast.

Some times ago, someone asked me what was the best way to protect the computer. 'Stay away from any network' was my answer. We can take another example. Can we avoid traffic accidence? Even if we were not on the road, we might face traffic accidence if our home or office would be next to any road. The only way is to live in remote area without roads. Can we?

It is good to have the top-level specialists, computer manufacturers and software houses working to fight against hackers. We do hope for a better protection. But, in reality, we need to find our own way to stay out of trouble.

Online criminals must be homeless

This is the time to think about Christmas and New Year. So are those online criminals, but not for peace. According to Businesses brace themselves against Bagle barrage, many emails with the subject lines like "New Year's", "New Year's Day", "Happy New Year" and "We congratulate happy New Year" are with attached viral file.

We may assume that these online criminals are homeless or without families, therefore they have no peace, no holiday and nothing to enjoy. Poor guys.

If they have employers, then they are the best workers.

That means we must maintain the same defense every day of the year.

The most dangerous thing is the assumption of safety. Basing on what happened lately, we must understand that firewall, software etc. cannot have hundred percent protection. Good practice is the last part we should not forget.

Security = hacked

It is frightening to know that a leading security software company has been hacked and sensitive data of customers were stolen. See: Hackers Break Into Computer-Security Firm's Customer Database.

Until now, we can say there is no way to fight hackers unless we stay off line. We cannot avoid the online; we need to be online.

I have said that the best way is to have all sensitive data encrypted, not with common technique that hackers know better than we do, but with unique encryption. I feel happy for the users of my USC Password Security Storage System Light Version 2.0. Of course, this is for the passwords only.

Remember the case about rootkit in my last blog. It is something important from now on. That is why I have suggestion for the users to avoid entering the numkey from the keyboard. In fact, all sensitive data must use copy and paste.

Even with firewall and antispy program, we are still in danger next year.

Rootkit threat may make all of us busy in the coming days

After going through the information about rootkit attack and the available scanning for this problem, it seems that the only way to get rid of those spyware with rootkit is to reinstall the Windows.

It is possible that if there is any solution from Intel, the contribution will be for new CPU. All existing PC may not enjoy such protection.

In other words, we have to face the threat by us. If all spyware etc. will take the rootkit, then all existing protection methods may be useless. The only thing I do not find is the firewall. Whether it can stop the data theft remains to be checked.

I think that for corporations with a team of security specialists, they may not be in danger. But for most of us, it is not an easy task to protect.

By reviewing my suggestion, Avoid Keylogger with UPSSL Version 2.0, it seems that this is the only way to protect our online accounts. I have started to work according to this suggestion for online activities. It is not difficult, yet I shall look for improvement of this practice so that all users can perform daily online work easily and be protected.

Can Intel save us from rootkit attack?

It has been confirmed recently that there was sharp rise for spyware etc. to make use of rootkit to hide away from scanning and uninstallation. Check: Where are Rootkits Coming From?

This is called a sophisticated technique. Of course, for the first one to use it. There are many copy-cats and some were happy to share destructive technique with others. By this way, we may have all spyware making use of various types of rootkit.

Now, it is said that Intel has started their work to fight against this new threat. Check: Intel Researchers Sneak Up on Rootkits. I do believe that when top level IT corporations are angered by the villains, there will be a great chance of wiping them out. At least, we shall have a higher protection.

However, the armor is not yet available. We shall face serious threat for some more days.

For the users of USC Password Security System Light Version 2.0, there is a suggestion to avoid the keylogging, check: Avoid Keylogger with UPSSL Version 2.0. This is the extension of the use of copy/paste through clipboard so that even the numkey will be protected.

It seems that there is no better solution. As mentioned in last blog, I have continued to check with keylogger for a few days to be sure about the suggestion.

If you prefer other way, then the best you can do is to have an off-line computer to mark down all sensitive data, saved them in files on diskette or any other media. Then work with the online by the same way as my suggestion, copy and paste.

Before Intel or other has come up with effective solution, we have to keep ourselves safe until that day. Yet, I believe that if we can accustom the online operation with some software like the Password Security System Light Version 2.0, and follow the suggested way of inputing numkey, login and password, we shall be free from this threat.

Keylogger - from good to evil

Keylogger is used sometimes ago for parents to watch the online behavior of the children or for the office to monitor the staff.

The problem is this technique will record everything input from the keyboard. In other words, our online login and password are recorded too.

Therefore it is a ready tool for spyware.

My USC Password Security Storage System Light version 2.0 provides users to use copy and paste for their login and password. This is a good way because Keylogger cannot record the login and password that move through the clipboard.

Can users avoid the Keylogger? It depends on individual case. Of course, no one can be certain if a Keylogging spyware has just invaded.

If users really have Keylogger slipped into the PC, there is a danger when they input the data in all password programs including mine.

After going through testing, I am working for the fast solution and shall be posted online in my site, www.uscforesight.com, on/before Dec. 11, 2005.

New problems are never far away: Spear Phishing and Foxy

A new member has been added to phishing, spear phishing. It is a highly sophisticate tactic to disguise as someone we trust, and infect our computer. One thing we may not need to worry is that this type of attack is for targeted person or corporation to steal their sensitive information. It is said that about 18 months ago, a professor and writer discovered that some of his unpublished works had been posted by other people. Later, the official found that a lot of corporations including military related organisation were included.
Of course, we never know whether we would be the target because we never know about their intension.

In fact, the case is not difficult to understand. Once they got the email address data from any PC, all information would be in hand. Furthermore, they have the technique to send email through any hosting server. The hosting service for one of my site has to shut down the email function that used to notify site owner of any updated information etc. Announced reason was someone had taken this function to send spams.

As we always know, P2P will not go away so easily. There is a new P2P program called Foxy starting to prosper in China. It is said that hundred thousands had been downloaded within a month. With the huge number of online population and the general public's negligence of copyright in China, it is very soon to reach over millions.

USC Password Security Storage System Light version 2.0

Besides what I have mentioned about those problems found from user's experience myself, the function keys are used so that going online with this password program will be much faster.

The Website/reference is changed to 90 characters because it is seldom to have URL with more then 90 in length and it is better for displaying.

The login name is changed from 16 to 50 and accepts single byte signs so that email addresses can be input.

The password remains with 16 characters and also accepts single byte signs in case users have strong password.

Space is not accepted and it is certain that space would not be allowed as URL and password.

After CHECK - INTERNET, users can choose automatically calling IE with the chosen website by clicking on the button or F2.

Upward arrow for next website, downward arrow for previous website, button NEXT or F1 to input another choice etc.

Anyone has interest can visit www.uscforesight.com/DSUPSL.htm.