Does Anti-Virus make a difference?

Like so many of us in the profession, I was asked to look at friend’s computer. Nothing specific was wrong; she had just moved out of an “Friend/Ex-Friend’s” house. She was worried that they might have done something to her machine. So I started looking at it. Nothing looked really out of place. The owner would never install anything (including updates or e-mail links). So after updating everything, I started to scan for viruses and malware. That’s when I noticed that there was no anti-virus software. I thought that was odd because there was the update program. I asked if she had uninstalled it and she said, “no.” It then hit me:  the “evil plan” was to remove her anti-virus and trouble would soon follow.  Fortunately, her “safe-surfing” habits of never opening or installing programs had saved her! Even after 3 months of surfing, she still had a clean machine. I guess this is pretty good evidence that “Safe-Surfing” and a little luck can keep you safe.

A friend sent me this about E-mail Security

The true state of security :)

So a friend sent this to me awhile ago. I figured it would be great for the New Year

They say a picture is worth a thousand words.

A non-deceptive SE event

Ok, So listening to the latest Social Engineer Podcast   http://www.social-engineer.org  I realized I needed/forgot to write in about a non-deceptive SE event.

 I had won some license plate holders at Ohio Linuxfest a many years ago. So I went to put them on and the screw broke. I went to a local dealer asked if they could put them on. They, like all good dealers said “Sure! $30 each plate.” $60 total is a lot so I started thinking. I ask the manger if he was really going to charge me $60 to remove the advertizing of a competitor? His answer was “Would you like a car wash with this complimentary service?”

The data they collected is at http://www.social-engineer.org/polls/social-engineering-and-deception-whats-the-truth/

A Reply from @Ubertwiter

If your on Twitter and use Ubertwiter then you may have seen this post:

RT @secureideas: RT @Jhaddix: Watching Ubertwitter steal yr data, @Ubertwitter – the uber-spy: http://bit.ly/cN2zke

http://blog.infobytesec.com/2010/07/ubertwitter-your-secret-spy.html

So I contacted them and here is their reply:

From: UberTwitter [mailto:ubertwitter@ubertwitter.com]
Sent: Tuesday, July 20, 2010 8:54 AM
To: David
Subject: Re: Feedback from @securid

 Hi David,

We collect this info for two reasons, first the PIN is used for subscription services, i.e. to turn off advertisements.   The lat/long is use to improved our location service and is covered in our terms & conditions.  Email is never filled out, and we will be removing phone number as there is no reason to have that.  Thank you for pointing this out.
-Paul
follow @ubertwiter for updates

A very nice and fast response. Remember some companies want to do the right thing, we just have to ask.

Thanks

Dave

Why Phish? Just invite!

Garage Sale on Craigslist

 

So I love garage sales as much or maybe more than the next person but this scares me. “We’ll be taking cash or Paypal. (To use Paypal you have to pay on site using my laptop and the transaction would have to clear before you leave. This means no E-check transactions.)” I don’t think the person is planning anything bad but, what if their computer is infected? Now everyone’s usernames and passwords have been exposed. Or what if an evil garage sale shopper has a USB Hacksaw with them and infects the computer? 

I have to run grarge sales are waiting…. 

http://cleveland.craigslist.org/gms/1764370329.html

Your phone been stolen lately?

So my friend works at a school. She was helping a student at her desk for about 15 minutes when the phone rang. She asked the student to hang on while she grabbed the phone. After a quick question she turned around to help the student again but, he was gone. A few minutes later she realized her phone was missing. So after trying to call it and checking the car again she had it turned off. So now that her 3+ year old phone was gone she went to get a new one. She got a Blackberry Curve. So jump forward in time to the next phone bill. She noticed some odd charges on the bill. Thirteen (13) V-Cast charges for music downloads. So she called up Verizon to ask about the charges. They said “The downloads where Hip-Hop, JZ.” Not my friends normal music and not sure if she knew how to download music to that phone. They removed the charges and apologized for the inconvenience.

In under an hour someone was able to steal thirteen (13) songs. Talk about a new reason to steal a phone. So talking to another friend about this he said that one of his Co-Workers had their phone stolen and didn’t cancel the service for about day and they downloaded over two hundred (200+) songs. It will be interesting to see if this was a onetime thing or the start of a trend. I haven’t heard mainstream media talk about it yet…

AlmondJoy Cheesecake

Hi,
I know this isn’t what you’d expect me to Post but, here it is:

Almond Joy Cheesecake (TM I’m pretty sure.)
Special Thanks to Steven Soto.

(2)  8 oz cream cheese
½ cup  of sugar
(2) eggs
½ teaspoon of almond extract
1 cup  of shredded coconut
1 cup  of chocolate chips
1 Already  prepared  graham cracker pie . Or Chocolate pie crust.
Ice cream Magic chocolate shell .

Pre-heat oven to  350.

First blend the cream cheese, sugar, eggs and extract Till smooth. Next add the coconut and  chocolate chips.

Then pour into  the pie crust. And bake for 40 mins. 
Then let cool. pour the magic shell over and chill in the fridge.

Enjoy