Security Fix Blogger
Friday, June 5, 2009 11:00 AM
Security Fix blogger Brian Krebs was online Friday, June 5, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.
Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.
Brian Krebs: Good morning, dear Security Fix readers, and welcome to Security Fix Live. I will for the next hour or so field your questions about all things security, tech, privacy or geek-related. Please, please, please try to be as specific as humanly possible in describing your setup when asking a question about a hardware or software problem -- that includes telling me a bit about the operating system you're using, installed security software, any error messages, default browser, and possibly any recently installed software. With that, I'll get to the questions. ONWARDS!
McLean, Va.: How secure are "Air Cards" like the Novatell 760 offered by Verizon, which enables very fast broadband access to the internet over the wireless network for your PC or desk top. Alex
Brian Krebs: They're a lot more secure than simply hopping on a local wireless connection that you don't control. I say this as someone who attends hacker conferences several times a year and wouldn't dream of getting on a wireless network where there are known to be people actively trying to compromise those who join the network, or at least eavesdrop on them. I tend to feel this way whether I'm at the local coffee house or at a hacker con, probably because that experience has so colored my perception of open wifi networks.
Not saying Verizon's or AT&Ts or whomever's wireless protocols can't be cracked/intercepted, etc. They probably can. I'm just not aware of easy, available tools for doing that as I am for traditional wireless networks.
So, in short, given the choice between my aircard and a maybe faster wifi network, I will always choose my aircard. I've got a Sprint card at the moment, but I've used the Verizon aircards and have found their coverage to be superior (although their connection software leaves a lot to be desired, IMO).
Hope that helps.
Fairfax, Va.: Advertising on the Internet is still a source of money and unfortunately a reason for people to try to game the system. Major companies advertise or post ads on their websites. And since many websites also have popup and other annoying types of ads, I must assume that the companies advertising or posting ads on their website either support these practices or at the very least turn their heads the other way. Any chance we can get companies to stop using services that use or allow bad practices?
Brian Krebs: I think we need to draw a distinction between two things here: pop-up ads and other related ads; ads that are malicious in nature, and are usually inserted under the guise of legitimate ads into an ad network that runs its banners on multiple sites.
Pop-up ads should not be a big deal: the main browsers come with decent pop-up blockers and tools like adblock for Firefox can take care of the rest. But I'm of two minds about this issue, since ads of course pay my salary and help keep the content on our site "free". It's easy to forget that, sometimes, but it's a reality.
The ad networks ARE working to try to solve the malware-hidden-in-ads problem, but the guys doing this stuff are pretty sneaky and moreso each day.
A few weeks back, I gave a keynote at a conference here in DC, and an afternoon panel that day talked about this very issue, and all the different ways bad guys who are running tainted ads make it extremely hard for the people who's job it is to spot this stuff. You can see all of the presentations, including my keynote, at this link.
Stockholm, Sweden: Brian, on the last Security Fix Live, you mentioned the problem with annoying pop-ups for the pay-for programme as a possible hinder to installing the otherwise excellent free Avira AntiVir Personal as one's antivirus protection. In this context, readers might find it interesting to learn that there exists a work-around for this problem, which can be found here.
Brian Krebs: Thanks, Henri. Again, the transcript from the last chat is here.
San Francisco, Calif.: I have a blog that uses Wordpress but is hosted by Yahoo. It appears that my Wordpress site has been hacked by a Trojan and I can't access it. Going on line to the Wordpress forum, I discovered dozens of similar tales of woe. Wordpress refuses to answer any inquiries and Yahoo says that this is a problem that I have to take up with Wordpress (although I used it since it was posted on Yahoo's site). In the Wordpress forum, there were several work-arounds that involves a level of coding that is way beyond my capabilities. Do you think Wordpress should take responsibility for this (even though it is "freeware)? Do I have any other options besides paying someone a lot of money to get my blog back for me?
Brian Krebs: The situation you describe is unfortunately all too familiar. There's a joke I'm fond of that describes this type of finger-pointing quite well:
Q: How many computer programmers does it take to screw in a lightbulb?
A: None. It's a hardware problem.
This is the type of answer you get too often from software and Web services companies, who like to point the fingers at each other. If you have a problem with your security software, and contact their support, often times you will be told it's Microsoft's fault; take it up with them, and vice versa.
I need to research the particular issue you're referencing a bit more to comment in an informed way about it (and I will investigate this), but I would wager that both Yahoo and Wordpress have a lot of work to do in terms of helping to educate people on how to stay safe online, and help make it easier for people who aren't computer or programming experts to not pollute the internet. Making sure that customers have the latest, patched version of whatever platform they're using -- free or no -- is a huge part of this process.
That said, many open source and free services -- particular blog software and site design software -- have mailing lists that you can and should sign up for to receive updates about new versions that are available to plug security holes. The time to build an understanding about how these tools work and what you need to do to keep them current is before you have a problem, not after. The same thing goes with computer data backups, but computer users seldom grasp this until they find themselves in a bad situation.
Cameron, N.C.: Brian, I asked for your help last time with my router. I took your your advice and disabled the IPV6. It took 2 tries for it to take but it's been working fine since. I DL'd the Win7 RC this weekend and after I installed it I again disabled the IPV6. Still have not had any problems with the router. Glad I didn't have to reprogram or replace it. Thanks for your help.
Brian Krebs: Cameron...thanks so much for circling back and letting us know. I'm very glad to hear my suggestion worked.
My response from that chat was:
I recall something like this happening with Vista, and I believe it had something to do with IPv6 (internet protocol version 6). You can google that term later, but the point now is to get your router playing nice with [Windows 7]. I would recommend trying to disable IPv6 in W7 and see if that fixes the problem.
To do this, go into the Network & Sharing Center in Windows 7, then on the left side look for "Change adapter settings. Right-click on the network card that's connected to the router and select properties, and then untick the checkbox next to Internet Protocol Version 6. Reboot. See if that fixes the problem. I'd be willing to bet money that it does.
Arlington, Va.: What are the causes of a corrupt boot.ini file. I corrected it using the repair console from an old xp cd I had laying around. Just curious.
Brian Krebs: Could be a number of things, but isolating the cause would take more information than I have here. I would look to when this happened and whether it got fouled up after you installed some new piece of software or hardware. Keyboards have actually been known to cause conflicts of this sort, believe it or not.
Pittsburgh, Pa.: Brian,
Is it just me, or have you noticed the quality of LinkSys products really going to the dogs lately? The last 3 items I bought from them had to be returned as inoperable or flat out dead on arrival. As a result, I've switched to DLink for wireless routers and adapters with nary a problem.
Brian Krebs: Thanks for your question. I've used the same Linksys WRT router for going on six years now without any real problems. But then again, I don't use the stock firmware that ships with the router, which is complete garbage as far as I'm concerned.
And the firmware is probably where most of the problems you're having with the routers is coming from. If you haven't already done so, have you considered investigating 3rd party firmware for the router? Changing the firmware on a router is pretty painless, and opens up a whole new world of options on your router that in all likelihood won't be there with the stock firmware. Plus, as many of these are open-source and maintained/updated, they tend to be less buggy and more interoperable/flexible.
DD-WRT is a great option. Open WRT is another. Both are compatible with a wide range of consumer routers. I'm sure other readers will chime in with their favorites. Point is, there are plenty of options, and you shouldn't feel like you have to accept what ships with the router.
Northern Virginia: Like many in the area, I live in a high-density apartment complex, which is presenting some challenges in terms of equipment setup. In particular, there are many, many wireless networks in my immediate vicinity, which seems to be interfering with the efficiency of my own network; according to various speed tests, I am getting only 25% of my rated speed via wireless, but 100% via wired connection. My G network is secure and shows no intrusions; it has WPA2 security via an ASUS WL-520GU G router running DD-WRT firmware. I also have a unique SSID and great signal strength. The items that need connections are in the same room, but wiring is either not possible (Wii) or difficult due to wire clutter. I have tried switching to all 11 available channels with little difference. Other than accepting the lowered speeds, using wires or getting powerline adapters, do I have any other options to help remedy this? Only one of the devices is N capable, so that doesn't seem that helpful. Thanks!
Brian Krebs: Have you considered the quality of the wireless card or adapter you're using to receive the signal? Sometimes, investing in a decent wireless card (I know, something protruding from the laptop may not be ideal) can make all the difference.
Again, other readers may have their own opinions, but certain wireless cards simply are superior in terms of range. I have found that the older Orinoco Avaya cards had exceptional range, as do most of the Buffalo brand cards (the latter being among the pricier).
Outside of that, have you done any tests to see what exactly your wireless cards are saying the signal strength is? Tools like Netstumbler for Windows can help with this, as can various other free tools, or apps for the iphone.
Another thing I'd try just for giggles if nothing else works is buying a new router from a place that will let you return it without a fee and seeing if that changes things.
Warner Robins, GA: No question Brian just a shout out to you for good work.
I listen to the Security Now podcast each week and often Steve Gibson mentions you by name. If that cranky old geek likes your work you must be doing something right!
Just my two cents worth.
Brian Krebs: Hah! Thanks for the kind words, and for mentioning old Steve. I didn't realize he was a fan. I've made a note to tune in to his show. You're the second person in a month to mention it.
Arlington: Hi - Windows XP SP3, 512 MB RAM, Antivir, teatimer, Windows firewall. This is more a comment than a question but I have noticed that Firefox (fully updated) has gotten very slow lately when I open it up. Last night I removed several of my add ons to see if it makes any difference. I removed my Dilbert of the day, a spell checker add on, and an add on that allowed me to highlight a word on a web page and get a definition, plus one or two others. I'm still running no script, flag fox, ad block plus, as well as a couple of others. I assume you have a better computer than me, but have you had any problems with too many add ons? Also, when should we expect your review of Windows 7?
Brian Krebs: Hi Arlington. Yes, there is such a thing as add-on overload. Each add-on, as you've experienced, introduces its own unique load on Firefox, and some of them frankly aren't as well designed as others and can introduce speed and stability issues. One way, as you've discovered, to diagnose the potentially buggy add-ons is to disable them all, and then re-enable them one-by-one gradually, to see when the problems show up.
I've never used the Dilbert plug-in, but have had no real performance issues that I'm aware of resulting from the other add-ons you describe.
I suspect my colleague Rob Pegoraro would be the one to expect a full-on review about Windows 7 from, although I may take a stab at it as we get closer to the planned release date later this year.
Jackson, Miss.: My folks live in a REALLY rural area and all the Internet access they can get is dialup. For the past 2 weeks every time they get online within a few minutes, it disconnects. I checked their computer on the connections settings and the "disconnect if idle" and all such things are not enabled. They had the local telephone service provider to check their lines and physically come by and they said no problems. They have Norton and a spyware checker activated and running. Is this a security issue?
Brian Krebs: Could be. Or it could be any number of things. Setting aside the security question...I'd recommend trying the easy solutions first.
First off, is there more than one phone number they can use to dial in to their provider's dial-up connection? There usually is. Try an alternative number than the one they're currently using to see if that helps.
Alternatively, I recall a free program released long ago that tries to fix this problem by merely pinging a MS Windows server periodically to keep the connection alive. I think this tool from PCWorld might actually be it.
Either way, let me know if either of those solutions work or not. In the meantime, you might have them install/download/run either Superantispyware Free or Malwarebytes and see if that turns up anything.
LinkSys Routers - followup: Brian,
The issues I had were with re-certified wireless routers, WRT150N, to be specific. First one lasted a week, the next was dead out of the box. I bought a DLink DIR 615 (new)for the same price as the refurb, and it's been working well.
Brian Krebs: AH! Critical piece of info there. I don't think I would ever buy a used router (at least, not the type that costs $50 at Best Buy).
Springfield, Va.: I recently was gifted with an iPod Touch and notice it has wifi capabilities. Do I need to worry about connecting to free wifi access networks? Do I risk transferring any viruses or such if I afterwords connect it to my iMac? Thanks.
Brian Krebs: I wouldn't' worry too much about it, but by the same token I probably wouldn't do my internet banking over the thing either.
It's highly unlikely that your iPod touch would be a vector for introducing malware to a Mac (at least I'm not aware of any such threats at the moment).
Warner Robins, GA: This is for Arlington and Firefox extensions.
Firefox in Win XP should has a Safe Mode. This is basically Firefox straight out of the box but with all "your" additions turned off.
"C:-Program Files-Mozilla Firefox-firefox.exe" -safe-mode
This is where it is located in XP.
Brian Krebs: More advice for the Firefox user with the add-on question.
Re: poor wireless signal: Brian,
If the device is in the same room as the wireless router, there could be a proximity issue, i.e. too close to the signal. Another idea might be to re-orient the antenna on the router to get max signal output. Make sure the wireless receiver is set up for the channel, etc. Also, having the same brand on the transmit and receive end could also be an issue.
Brian Krebs: More advice for the person with the wireless reception question.
Bethesda, Md.: How good is the Windows (XP) firewall? Do you really need to dump a lot of extra security software in addition to using it?
Brian Krebs: It's not bad as a basic firewall, but it's not nearly as configurable as third-party software firewalls, and it doesn't give you much insight into what it's block or not blocking. Some people like this -- and prefer not to be bothered all the time with pop-ups asking whether "blahblahblah.exe" should be allow to access the internet. Others want much more granular control.
For most Internet users, or for the average person who can't be bothered with such prompts, I've come to believe the Windows firewall in XP is about the same as having something like ZonaAlarm free installed: if the user just says "yes" to everything that pops up, it doesn't matter.
San Jose, Calif.: Someone has been using a gadget (maybe a skype phone) to listen in to our customer service lines (landlines) for months. The providers (AT&T and Comcast) said it(such listening-in) was impossible. The policemen and the FBI brushed aside the attempts for a report and actions. Does anyone have any idea what to do?
Brian Krebs: I have no idea how to answer your question, or even whether I should. But it reminded me of one of the funniest answering machine messages I've ever heard.
If you are obsessive-compulsive, press 1 repeatedly.
If you are co-dependent, ask someone to press 2 for you.
If you are multiple personalities, press 3, 4, 5 and 6
If you are paranoid, we know who you are and what you want. Stay on the line and we will trace your call.
If you are delusional, press 7, and your call will be transferred to the mothership.
If you are schitzophrenic, listen carefully and a small voice will tell you which number to press.
If you are depressive, it doesn't matter which number you press, no one will answer you.
If you are dyslexic, press 69696969696969
If you have a nervous disorder, please fidget with the hash key until the beep. After the beep, wait for the beep.
If you have short-term memory loss, please try your call again later.
Stockholm, Sweden: Brian, re your suggestion to a reader experiencing router problems to disable IPv6 : whatever are we going to do when we run out of IPv4 addresses, as seems likely in the next year or so ?...
Brian Krebs: Well, in that chat I linked to in my response, there are multiple answers from readers suggesting an alternative firmware as a potential fix, instead of my solution. That would probably work too.
To your question, one can hope we'll be at service pack 3 for Windows 7 when the switch to IPV6 really happens globally (I know it has already in many countries, but I think your guess about the next year in the US is probably a bit too optimistic).
ipod question: What's the best way to link multiple ipods to one computer? My dad wants an ipod for his birthday but he doesn't own (or know how to use) a computer.
Brian Krebs: Web search is your friend. First link returned in Google Search for "multiple ipods same computer:"
Hope that helps.
Alexandria, Va.: Hi. I have a couple old computers I'd like to get rid of, but I don't know how to wipe them. I used one of the utilities Cnet suggested, but you had to delete all of the data off first. I thought I had done that, but still found old e-mails and other data on the computer. So, how does one completely wipe a computer clean. And, for what its worth, one of the computers does not have a working disk drive.
Brian Krebs: Again, another answer that will almost certainly elicit other suggestions from readers, but I've used and recommended DBAN on several occasions. It does the job.
You burn the downloadable image to a CD, then boot into that CD with the hard drive you want to wipe connected to the motherboard via whatever connectors you normally use (IDE/SATA cables). Run DBAN through the default options and it should do a fine job nuking the data on there. When done, replace the wiped drive with the other drive and repeat the process.
Email hack: Yesterday I was inundated by messages from every contact in my hotmail account because apparently someone hacked in and spammed everyone I know. I have a Mac at home, but just started work at a new place with seemingly ancient PCs. They seem to have updated virus software, and I ran a check yesterday and came up with nothing. Is this a virus problem or was I just unlucky?
Brian Krebs: I blogged about this kind of thing a few weeks ago. You can read the comments for other reactions from people who had this happen.
Some people believe that the most likely explanation is that people who have this happen to them have fallen for a phishing scam that tricks them into giving over their credentials at a fake yahoo/hotmail/gmail site. The fact that you use a Mac and had this happen to you would seem to add a LOT of credence to that notion that you fell for a phishing scam.
Advice: Don't trust email. Don't respond to unsolicited email, particularly the kind that warns of dire consequences unless you respond/act immediately. Never provide sensitive information requested via email, and avoid clicking on links in unsolicited email. When in doubt, type the address of the site you're trying to visit, and check things out by visiting the site manually.
Odenton, Md.: My issue is with a stubborn piece of software for my blood pressure monitor. I have the Omron HEM-790IT, which includes their proprietary software to upload the data from the device onto a PC to graph, track, and print the readings. After several attempts to install and run the software, it still just blinks the window open, then closed when double-clicking the icon. The installation seems to go well every time, just the software will not stay open for more than a quarter second. Their "tech support" is very limited, saying that I am the only one who has ever had an issue! I have followed all of their advices (close all apps, defrag, virus scan, malware scan, etc.) to no avail. Is there something I am missing to get this software to run? Thanks.
Brian Krebs: Are you running this software on Vista or XP? If Vista, does the software maker say it even supports Vista?
Have you tried uninstalling, rebooting, and then re-installing the software?
los angeles: How can I paste text from Words into a Windows email? It stopped working about three weeks ago. I have Vista. bob
Brian Krebs: I suspect this has something to do with IE8, although you haven't said whether you installed this update to Windows or not (I suspect you have).
It looks like you are not the only one experiencing this very problem (see this thread for more info.
If you can't find a solution, and you in fact are using IE8, perhaps consider nuking/uninstalling IE8 per Microsoft's instructions? That's probably what I'd do; I couldn't live without cut-n-paste. I'm sorry I don't have a better answer for you.
I have a couple old computers I'd like to get rid of - reply: If he doesn't want/need the drives, 2-3 1/4" holes thru the drive works just fine. No one will ever use those drives again.
Brian Krebs: Like I said, this is one of those issues where everyone has suggestions. Drilling holes and otherwise physically destroying the drives is always an option.
Computer Newbie-Alexandria, VA: I occasionally see articles claiming that you can load certain applications like Firefox, etc onto a USB flashdrive to ensure private web browsing from any computer. Is this true? Does this really protect an individual if she, let's say, is checking a bank account on her company computer? Are there any other precautions to take? Thanks for you help. Sorry for all of the questions.
Brian Krebs: Yes. Portable Firefox is an app many people enjoy. You can burn it to a thumb drive and take it with you and when you're at a PC that's not yours it will run the browser from the thumb drive and keep all your browsing history and bookmarks and all that on the thumb drive, not on the host computer. Will it help any if the computer you've inserted this drive into is infected with a keystroke logger? In all likelihood, no. Most keyloggers are in fact "form grabbers," in that they intercept the data that victims enter into Web forms on a Web site *before* that data gets encrypted and sent to the banking or ecommerce site.
Rockville, Md.: What exactly does the Microsoft.NET Framework assistant do? Why is is bad, or is this mostly a "curse you, Microsoft" thing?
I have it. I'm not sure if I need to get rid of it or not. The only other extension I have in Firefox is Java Quick Starter 1.0. Is that anything to worry about? Do these things update automatically when Firefox updates, or should I be proactively checking them? And are there any others that I should have?
Also what is the difference between an extension and a plug in? I seem to have a bunch of those. How do I figure out which of them are OK and which I should disable? Or do they need to be deleted in a more thorough way?
Sorry. I'm very new to Firefox, at least new to trying to use it proactively rather than passively.
Brian Krebs: Thanks for your question. For a great deal of information about what the add-on in question does, check out this wikipedia link. Basically, it allows users to run certain applications by clicking once on a link in a Web page. Microsoft ported this functionality over to Firefox because it said many Windows users were requesting that functionality.
To your question, previously, Microsoft required application developers who wanted to use the click-once/framework assistant functionality without alerting users to a security prompt to pay a few hundred bucks to get certified as legit, something that may or may not serve as a bar over which bad guys might have to hurdle. I don't think that restriction is in place with the current version of .NET.
The point of the blog post was to bring up the issue of Microsoft installing an add-on without notification in Firefox and then blocking users from easily disabling it. Also, the fact that so few people actually know what this thing does or would be used for is yet another example of why this should never have been pushed out as an add-on for everyone.
Jackson, Miss.: One more problem. FYI When I followed the link you sent to the ping software, seems the link takes you to a funky website for sale??? and other links to Amazon and such. Never found the software link. Will try the malwarebytes route.
Brian Krebs: Oh lordy. Yes, as another reader points out, the deeper link for that software at PCworld- for keep it alive -- seems to have been hijacked by pclightning.com. My apologies.
re: getting rid of computers: Thanks. Dban will work on the one with a disk drive, but how to kill the computer without a drive? thanks!
Brian Krebs: As I said, once you've wiped the hard drive that's in there, just remove the hard drive that's in the computer with the CD-ROM, and replace it with the other hard drive. You may have to open up the side panels on the computer and unscrew some screws and get dust all over yourself, but that's probably the easiest way to do this. Just make sure when you do that that you've unplugged everything from the system and grounded yourself before reaching into the computer guts. And it's best not to do this on carpet, by the way.
Washington, DC: I'd like to get some advice regarding the best, and most secure, method of backing up my PC files. I am currently using a Seagate external hard drive and the clunky software that came with it, but I wonder if something like Norton Ghost or an off-site backup service would be a better option for me. Thanks in advance.
Brian Krebs: I've used, recommended and will continue to recommend Acronis True Image as a great tool for anyone who's looking for a backup solution, particularly if you are backing up to a removable/external drive with lots of space. It will let you make complete backup images of your hard drives, and then intermittent backups on a regular schedule. There are other programs that do this, but I find TrueImage has served me well now for about 5 years.
San Diego, Calif.: I need to insert hard spaces into a Word document in order to keep a phrase altogether (like: 18 min). If I try to correct this on text already typed, the line continues to break in the wrong spot. If I erase and retype that phrase, then it does fine. While I have a work around, it is sort of a pain, especially for longer phrases. Do you know of any reason why this should be so? Is this a bug or feature? OS: Vista Home 64, MS Word 2007 (also happens in Word 2003).
Brian Krebs: Not sure, really. I'd probably try monkeying with the various autocorrect options in Word, turning different ones on and off to see if that fixes the issue. I turn off almost all of the auto-correct features in Word because I find them to be annoying and resource-intensive.
New Albany, Ind.: I have a Sony computer that has started to hang at the "Sony" name on the screen at startup. I then have to restart one or two more times to get it to move on to the windows start screen.
I ran the Windows file and sector scan. It does have four bad sectors on the hard disk.
Cause and possible fix?
Brian Krebs: Is the system not booting at all? Or is it just very slow to boot up? Does it eventually boot into the Windows desktop after the magical third try you mention?
Need more details please.
Brian Krebs: Egads. I've almost gone on for an hour past our time. I wish I could go on folks, but we're done for this week. A big THANKS! to all who joined in the discussion -- either just stopping by to read or submitting questions. Please join us again in a couple of weeks for our next Security Fix Live. In the interim, please drop by the Security Fix Blog on a regular basis to stay on top of the latest security news, tips and advice. As always, be safe out there, people!
Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.