Let\’s start with this cool device I found: Imagine this scenario – you copy your client\’s precious data for a wipe and reload, reformat their drive, and when you begin to restore the data, your backup drive dies. Sound unlikely? It is – but this actually happened to me. I vowed to never format a client drive again unless I had at least TWO known good backups. That may be a good policy, but backing up twice would take twice as long – unless you had one of these adapters that creates a USB RAID 1 cofiguration. It will copy that precious data to two SATA drives at once.
Now for news:
This one just makes you shake your head – a rogue anti-malware vendor that actually provides live (fake) technical support. Of course, many people assume that this support indicates that the vendor is legitimate, which is, of course, why the ploy works.
The so-called \”chip and pin\” method of credit card authentication is used widely in Europe, and has been considered for use in the US (I am not sure about Canada). The method is considered to be a strong, two factor authentication method and banks often refuse to refund questionable charges when it is used. There have been several articles about the compromise of this system in the past couple of days, but this one from Bruce Schneier is the most informative.
It is worth noting that Adobe has some important patches available (don\’t delay on these), and that one of the patches issued byf Micrsoft on Tuesday resulted in a number of BSOD problems. The problem was not with the patch, but an interaction with a piece of malware that was already present on some XP computers.
I am not sure this is even news, and it surely is not good news, but ID fraud hit a new high in 2009.
We used to feel that two-factor authentication made for reasonably safe banking, but even two-factor authentication and one-time passwords do not ensure safety. Attacks against banks are becoming increasingly sophisticated. The problem is that everything is done in the browser. If the browser has been compromised, there is no guarantee of safety. How can you ensure that the browser has not been compomised? The best way is to boot from a live Linux distibution on a CD. The browser cannot be compromised when the files are read-only.
Who pays when bank accounts are compromised? That is often a question for the courts. Here is a case with more than a half-million dollars at stake. Both the bank and the bank\’s client would have benefitted from some good securiyt consulting and education. Both parties broke common-sense security rules. The courts will have to decide who pays for their errors.
Dennis H in West Virginia, US
February 16, 2010