Welcome back to iBrattleboro.com Tuesday, November 25 2014 @ 08:05 PM GMT+4  
Home |  Directory |  Contact | 
Linked In, Robots, Connectors, and Hacking    
Thursday, March 29 2012 @ 02:27 PM GMT+4
Contributed by: cgrotke

Sci-TechSome random tech news:

Brattleboro users of LinkedIn can now choose to be from Brattleboro in addition to the “Springfield, MA area” by changing their profile settings. An option to choose Brattleboro has been added, but you must make the change manually. Look for the place to edit your zip code...

Robot update - you can no longer defend against a robot invasion with your pile of big sticks. CHARLI-2 is a new robot with built-in stabilization to prevent your big sticks from having any effect. Move on to Plan B.

Ever want to make your Tinker Toys connect to your Legos to your Lincoln Logs to... well, you can. A group called the Free Arts and Technology Lab has released a Universal Construction Kit of free adapters to connect 10 toy building systems.

Hacking vs. Headaches

I recently got a question from a reader who wondered about all the claims of computer hacking going on, and asked if everyone was really being hacked or if it might be something else.

In the news there are stories of groups of dangerous hackers out to shut down life as we know it. Most of the people being discussed in these stories are of the activist nature and tend to be going after big conglomerations, government agencies, and corporations, not you or me. Wikileaks and Anonymous are not interested in bugging your computer - unless you are perceived to be a big evil organization that needs a spanking.

Another form of hacker that is more common but less discussed in the news is the programmer, often in Russia for some reason, who writes malicious code and sets off little hacking “robots” onto the internet. Once released they go out, follow their rules, and do their own damage o web sites as they go. They often target commonly-used software or services with known exploits and holes.

They might, for example, be looking for a site sloppily set-up using simple default passwords, then login in and change files around if they find one. An example of this is when you visit a site and there is a scary looking skull and crossbones with a warning that the site has been hacked. It’s an annoyance, and must be fixed if it happens, but it usually isn’t a person breaking in. It’s code.

Sometimes there are denial of service attacks, where a site gets flooded with hits in an attempt to shut it down. There’s no person out there clicking a gazillion times a second, but that’s the effect on the server. The person who wrote the code could be out eating lunch, but the robot they set loose shuts down the web site temporarily.

Lise fends theses sorts off for us on a daily basis, as do countless other web professionals out there protecting servers and sites.

Sometimes a similar “attack” occurs through someone’s email, most commonly by clicking on an attachment to an email. Windows users, especially, seem to be continually fighting of viruses, but are continually targeted, and often in offers of getting rid of viruses. It isn’t hacking, but it can feel like your machine has been hacked, and people sometimes describe the symptoms this way.

Your computer might suddenly warn you that your machine has been infected, but provide a link to a malicious site that further damages your machine.

It can seem as if someone is out to get you, but the truth is that in most cases it is a computer virus acting up and impersonating a living being by taunting you with instructions or odd behavior. A trip to a good computer repair person can usually get you on track.

To review, how you are hacked depends a bit on who you are and what you have: High-level targets = actual people logging in and making trouble = goal is to steal embarrassing info or shut down site

Most of us and our websites = coded, robotic scripts that cause trouble = goal to expose hole and damage site

Home users email = coded, robotic viruses infecting computers through insecure attachments and downloads = goal to infect home computers to send out more viruses

These are simplifications and generalities, of course. There are also mobsters and criminals trying to scam people out of money and property. If it can be imagined, it is being tried.

Most people should feel fairly safe that they aren’t being targeted by a specific individual when their site or email goes kablooey. It could be possible, but there are a series of more-likely scenarios to explore first.

 

What's Related

Story Options
  • Printable Story Format

  • Linked In, Robots, Connectors, and Hacking | 5 comments | Create New Account
    The following comments are owned by whomever posted them. This site is not responsible for what they may say.
    Linked In, Robots, Connectors, and Hacking
    Authored by: Stevil on Thursday, March 29 2012 @ 04:15 PM GMT+4

    And Windows users, no matter how many times it gets said, it is worth repeating: If you get an email with an attachment, and the email is unsolicited or from someone you don't know - don't click on the attachment to open it. This goes double and triple if the name of the attachment ends in ".exe".

    I've friends who have gone crazy because they ended up at a website and suddenly gotten a message in a little window that their computer is infected and a scan has found 1,432 viruses, etc. If you didn't ask for such a scan at a reputable ste, it's a scam. Don't click on anything other than the "close" button.

    ---
    "The rich should mind their charities and get off the backs of the poor" - a Bag Lady in Boston
    Linked In, Robots, Connectors, and Hacking
    Authored by: cgrotke on Thursday, March 29 2012 @ 04:54 PM GMT+4
    Another common one is an official sounding email from a
    big company asking you to click on a link for an important
    message about your account.

    Don't click. Delete the email then go log in to your
    account your normal way. If there is a message, it will be
    there.

    I've seen some recent ones purporting to be delivery
    notifications from FEDEX or UPS - but I hadn't ordered
    anything. Delete!
    Linked In, Robots, Connectors, and Hacking
    Authored by: Belfast on Thursday, March 29 2012 @ 07:24 PM GMT+4
    Thanks for this update/roundup/rundown of the current cyberscape (esp. for those of us who only *partly* comprehend such matters and have difficulty discerning which things to fret over the risk of vs. which things aren't likely to befall us, as mere individuals).

    cgrotke wrote:
    "I've seen some recent ones purporting to be delivery
    notifications from FEDEX or UPS - but I hadn't ordered
    anything. Delete!"

    I've been getting the emails from USPS/Fex as well, and knowing I've ordered nothing is what assures me they cannot be valid-but I still do a "double take" when first I see the supposed sender.

    Since I've been visiting YouTube, I've started getting scads of emails claiming to be from "YouTube Service" telling me about my submitted video (never mind that I've never uploaded a video in my life). Thank goodness, I used a different email address for my account there-so I know they're fake emails, because they're being sent to my "non-YT" address. Same thing happens with FaceBook-I get emails purporting to be from FB, but they arrive at my "non-FB" email addy-thus, I know they're fake.

    It can get a bit dizzying to keep track of/sort out, I may have to start keeping a list (of which email address I've used for each site).

    One of the things I do (sorry if this is too obvious !) is block images for emails unless I specifically wish to view them for a single email.

    Also, if I read a questionable email, I look for the link in the text and mouse over it (NOT clicking on it).
    Often that displays the hinky (dishonest) destination at bottom of my screen, which reveals it certainly isn't from a web site I know (sender isn't who it claims to be). Then I needn't worry about deleting the item because it's clearly a trap-I've dodged yet another virtual pothole :)

    ---
    "You cannot administer a wicked law impartially-it destroys everyone it touches, its violators as well as its upholders."
    Linked In, Robots, Connectors, and Hacking
    Authored by: Glenn on Thursday, March 29 2012 @ 07:47 PM GMT+4

    Viewing e-mail in plain text (as opposed to HTML) - i.e. without the pictures and other files - is another standard tool that dramatically reduces risk. (Although it also makes e-mail look drab, of course - but then, how exciting should it be?)

    If you can, you should always look at the (full) sending address of any e-mail and the complete URL for any website. Another common trick criminals use is to have an Internet address that looks right, but really isn't. (This is analogous to someone setting up a "Town Office" sign on 230 SOUTH Main St and collecting fees there, when the Brattleboro town office is on 230 Main St. I hope no-one gets any ideas...) For example:

      Did you get an e-mail from comcast.com, or com.cast.co?
      Did you get an e-mail from fairpoint.com, or fairpoint.com.cn?
      Did you get an e-mail from reformer.com, or reformmer.com?
    Not that you should be paranoid, but everyone should be careful on the Internet.

    Linked In, Robots, Connectors, and Hacking
    Authored by: Glenn on Thursday, March 29 2012 @ 06:04 PM GMT+4

    Good summary! I used to work cyberdefense, I'll add one piece of advice and an observation.

    Don't use Internet Explorer (IE) as your browser. A large number of the attacks that work take advantage of the fact that Microsoft built IE into Windows, so that a) lots of people use it and b) it has some special privileges on your computer that other programs don't. Using a different browser like Firefox or Chrome is generally safer.

    Keyloggers capture anything you type. A common piece of criminal malware (something that you accidentally download, or install from an e-mail) is software that logs everything you type and periodically sends it off to a bad guy. The bad guy has a program that then runs through every key you've pressed and looks for where you typed a bank address, a userid, and a password (or credit card info, etc.) - bingo, he or she has access to your account. These programs don't do anything bad to your computer - they want to stay active as long as possible!