Generations at Work

Maryland
Entrepreneur
Awards

MEQ Podcasts

Archive Browse:

Archive Search:

Help


Pounding the Keyboards: Hackers, Patches and Exhaustion


By Cliff Feldwick

Probably the most annoying thing about hackers in general is that they keep forcing us to do updates and patches on almost every program (even programs that seem innocuous) in order to cover ourselves; eventually, the exhaustion factor sets in and you don't bother anymore. But then, you're dead.
It also makes computer people harp on doing updates and patches, which is boring and is what you don't want to hear, until the general reaction is the same as when you were a teenager and your mother asked about your homework.
This all started with the Google vs. China fight. That's when Google accused China of targeting its servers and the e-mail accounts of human rights activists in various countries. The question came up as to how it was doing this - which led to the discovery of (yet another) vulnerability in Internet Explorer (IE) - the so-called "zero day bug."
As of this writing, Microsoft is busy working on a patch, but hasn't released it yet. Because of this, in a probably overly paternalistic move, the security arms of both the French and German governments (the Bundesamt fur Sicherheit in der Informationstechnik, for those of you who are keeping score) have advised people in those countries to stop using IE entirely and switch to an alternate, such as Firefox, Opera or Chrome.
That's probably not a bad idea, but is a little over the top. All browsers have bugs, of course, but IE has many more and is used by such a majority of people that it's especially targeted.
This isn't anything new, of course. A quick online search reveals years of warnings from people such as MI5 (the British intelligence service) about Chinese attempts to infiltrate business, as well as defense systems. The Pentagon has acknowledged that the office of Robert Gates, U.S. secretary of defense, was targeted by the Chinese.
So it's not just pimply-faced, lonely teenagers doing this, but well organized groups, often government led and funded. And again, should we be surprised? Governments have been spying on each other since the days of ancient Greece or earlier; the web just offers one more way to make the effort.
But wandering back to my original premise: It's not just IE that is vulnerable (and interestingly enough, the newer versions running on newer Windows such as XP, Vista and Windows 7 are particularly susceptible), but the add-ons as well. Adobe Reader, used by just about everyone for viewing documents, has holes, as does the full Acrobat program. So you need to visit the company's web site and download updates to patch these holes.
While there, don't forget to check for the Flash update to close a backdoor in that program ("And what the heck is Flash?" I hear you saying). Since Flash 6 was distributed as part of Windows XP, and most people would never bother updating it, it has become yet another way in to do damage. Visiting web sites that use Flash to display pages (a-ha - that's what it is) opens you to malicious code to download password stealers and Trojans that make you ever more vulnerable.
See what I mean about fatigue? And have you started studying for the math test yet?
What to do? Go to www.adobe.com, click on Support, then Updates, then choose whatever you have loaded (Adobe Reader and Flash at the very least) and follow the prompts to load the latest updates. And allow Windows to update - by the time you read this, Microsoft will (probably) have a patch for IE. Then do it again in a couple of months.
You can thank me later.

No Friend of Mine
In an interesting twist, the Florida Judicial Ethics Advisory Committee ruled that judges and lawyers in Florida must not "friend" each other on Facebook. I guess this means no lunches or late-night bar crawls as well.
Anyway, it seems a little far-fetched that being "friends" in this way could actually sway a decision, but you never know what a losing attorney might say. So, to reduce even the appearance of favoritism, out goes Facebook.
Will other professions do likewise? Not likely - how many politicians have Facebook pages (if in doubt, go with "all" - even if their interns are actually keeping them up)? And do they bar lobbyists, builders or attorneys from friending them?
It reminds me the time several years ago when the Maryland bar told attorneys they couldn't join networking groups like Leads or BNI because it looked like they were soliciting business, which was unseemly, apparently.
Meanwhile, people such as "Mephen L. Stiles" (or something like that ... that's not backwards, is it?) were advertising on the inside ceiling of ambulances and making the late night marketers of knives ("Wait! There's more!") look like amateurs. That's bogus.

Ever Wonder Where ...
People get those ridiculous signs and videos they post on Facebook? Try www.failblog.org or www.oddlyspecific.com.
It can be R-rated. You have been warned.

Cliff Feldwick is president of Riverside Computer Consultants, and may know a thing or two about updates and patches - when not boring people to death talking about updates and patches. He also troubleshoots PCs and sets up networks, and may be reached at 410-880-0171 or at cliff@feldwick.com.