Be careful with any USB drives you take to photo kiosks — thoroughly scan them afterwards for viruses.

Turns out Big W (FujiFilm) kiosks have been spreading viruses, and Fuji is now investigating equipping them with malware protection. Not before time.

This rung a bell for me. I’m sure a month or two ago after I got some photos, I found the drive I’d used had a suspicious autorun.inf file on it that I could’t figure out the origin of.

As Graham Cluley comments, it might be best to use a USB drive with a read-only switch.

Zero-day flaw. EVERYBODY PANIC! (Well, if you use Windows.)

Simply browsing a USB drive, Windows file share or WebDav directory can potentially infect you via a rootkit inside a .lnk file. All current versions of Windows said to be vulnerable.

Microsoft advisory: Vulnerability in Windows Shell Could Allow Remote Code Execution — no fix yet, but they do list a workaround.

Sophos’s Chester Wisniewski’s blog: Windows zero-day attack works on all Windows systems — Chester notes a good workaround:

Today, a colleague suggested the best mitigation I have heard so far: deploying a GPO disallowing the use of executable files that are not on the C: drive. This will work for most environments, and you really shouldn’t be running executables from USB drives and network shares anyway. We tested this solution against the vulnerability and it does in fact provide protection.

…which would be nice, but I’m buggered if I can find it in gpedit.msc.

From the looks of it, most of the big anti-virus vendors are onto it, and will detect it as long as your definition files are up to date.

Facebook, seriously, WTF?

I mean, what the hell is that? Some kind of deformed Pac-Man? The Man in the Moon?

I’ll tell you what it is — some unrecognisable blob, that’s what.

And I bet they knew, too. When I clicked “Try different words”, the blob was replaced by the word “unusable”.

(Previous CAPTCHA fail)

The Six Dumbest Ideas in Computer Security – nearly five years on, and I’m not sure anything much has changed.

I love that the source for Figure 1 is the Department of vauge psuedo-scientific statistics.

Originally found via http://www.codinghorror.com/blog/archives/000387.html

The other day a McAfee stuff-up led to thousands of Windows XP machines getting a virus data file which deleted SVCHOST.EXE, a vital part of the operating system.

As Ed Bott remarked: I’m not sure any virus writer has ever developed a piece of malware that shut down as many machines as quickly as McAfee did today.

In Australia, one high-profile company hit was Coles, with around 10% of registers knocked out of action causing a number of their supermarkets to have to stop trading while they fixed it.

Yes, Coles runs on Windows.

About 12 years ago Coles ran a project (which I worked on for a short time) to move off NCR cash registers in favour of Windows-based POS systems (then on NT4) developed in-house for the company, with the initial rollout being in Coles. The plan was to subsequently roll it out across other then-subsidiaries such as Target, K-Mart, Myer and so on.

They did a fair bit of interesting workflow analysis, for instance coming up with the Windows Start Menu-style interaction for the cashier to select which fruit/veg they were putting on the scales. It was all designed to cut training requirements and transaction times, and improve backoffice operations, as well as freeing them from dependence on NCR, which at the time had told them support was ending for the registers they’d been using.

Obviously Thursday’s problems showed a down side of the plan!

Perhaps the lesson here is that if your Windows PCs are secure (you wouldn’t imagine they’d allow people to slip in a disc or USB stick and run any old program on them) and fundamental to your company operation, you shouldn’t allow any automated updates onto them (not McAfee, Microsoft, nor anything else) without verifying that it works okay first.

Facebook has new simplified privacy options.

Including one for About Me, which it claims “refers to the About Me description in your profile”.

“About Me”? I don’t remember that.

So I went looking in my profile. It was nowhere to be found. I thought maybe somewhere on the Info tab. Nup, couldn’t see it.

Eventually with some clues from someone on Twitter pointing me to it, I discovered it’s invisible unless you’ve set it to say something. Very helpful.

So to find it, it’s under: Profile / Info tab / Personal Information, then if you can’t see About Me, click the Edit button for Personal Information. Only then will it appear.

And just to confuse things, the “Write something about yourself” box underneath your photo in your Profile is different.

So here’s the thing. The other day I was looking at Facebook, at the Wall of a friend of mine, Jason.

And for a few minutes there, Facebook decided I was logged-on as Jason.

Except I wasn’t. I didn’t have any permissions to look at his private stuff, nor change things, but every time I clicked on the Profile button it showed me his Wall, not mine.

When I clicked Home, it thought I was me again. Clicking back to Profile, Jason again. I just couldn’t get to my own Profile.

In the bottom-right it said I had a bunch of notifications. But it wouldn’t let me see them; they must have been his.

Then I clicked logoff, and became me again.

I had a look at a couple of other friends’ Walls, it didn’t do it. But back on Jason’s, it got stuck again. I let him know, of course.

Makes me glad it didn’t just assume I was him and let me do and see anything he could. All I ever saw (apart from the number of notifications he had) was stuff I could see anyway as his friend.

All very odd.

OK. This is a worry. I found it on my Start Menu (for All Users) and also on my Desktop.

As you can see, it’s got an eBay icon, and the name eBay, but it points to somewhere very different: adon-demand.de/red/2303/

Searching around, I see that McAfee Site Advisor has a page on it, and says “We tested this site and didn’t find any significant problems.”

A post on the FoxIt forums alleges it’s put there by the FoxIt Reader installer, and that appears to be right — an update of that is the only thing I’ve installed recently, and no other user on this PC has the privileges to install these shortcuts.

I love FoxIt Reader, it’s much faster than Adobe Reader. It asks if you want the ask.com toolbar, but this, it doesn’t ask about. [See comments]

FoxIt, is not nice behaviour.

I wonder what eBay would say about their logo being misused like this?

Ho boy.

The Bushfires Royal Commission has been told staff answering calls at the Bushfire Information Line on Black Saturday were unable to see crucial information about the fires because of an IT upgrade.

More than 12,000 Victorians called the Victorian Bushfire Information Line or on Black Saturday.

Calls that were not answered went to Centrelink.

But the commission was told staff there were unable to see the Department of Sustainability fire database because an IT upgrade had accidentally blocked that access.
…

– ABC News Online

So on the hottest forecast day ever, and which everyone from the Premier down had warned would be the worst fire danger day ever, Centrelink staff, who are the designated backup responders for the bushfire information line, were blocked from getting the information they needed from the DSE web site?

Apart from the timing issues of IT upgrades to systems that are important to the fire-fighting effort, it appears to underscore the severe dangers of restricting network access unnecessarily.

While I was walking down the street running an errand, I tried scanning for Wifi networks on my N95 phone.

I must have found about 20 or 25 of them during just a few minutes’ walk. Probably every fourth or fifth house seemed to have one.

Many of them appeared to be named after the families living there. Some had obviously default names of common brands… Netgear and the like. A few had gobbledygook names which may or may not have been defaults.

And to my surprise, almost all of them were secured.

Almost.

Two weren’t — one an apparent Apple network, and one Netgear one, both close by to each other.

Hopefully not too many of their neighbours are sponging off them!

Apparently it’s e-Security week in Australia. Who knew?

This post from Graham Cluley of Sophos (who does a very entertaining and informative blog on computer security) includes this short video on how to choose a good password which is easy to remember, but hard for hackers to guess.

Simple tips for better web password security from Sophos Labs on Vimeo.

Not sure I agree with his conclusion, but it’s certainly worth some thought.

It looks like Kaspersky Anti-Virus is blocking at least some web adverts from prominent advertiser Doubleclick, on the basis that they’re phishing.

Here’s the warning from Kaspersky itself:

And here’s what appears on the web page:

This warning is appearing on sites using Doubleclick, including Yahoogroups and Facebook Scrabble (international).

Interesting.