Typical consumer will kill their computer in 18 days?

(via The Consumerist)
Wired has an article in which they experiment with taking a newly purchased computer and acting like a typical consumer who has not had any guidance or instruction in dealing with spam, pr0n, and other frequent Intarweb occurances.  Note that this was done with the intention of seeing how quickly a system would become hopelessly unusable when used with a complete disregard for the consequences of one’s clicks.

What kind of idiot buys a computer and willingly – even eagerly – exposes it to all the malware and viruses he can? Me. I bought a Dell Dimension B110 ($468! Cheap!) and tried to kill it for more than two weeks. I clicked on every pop-up and downloaded the gnarliest porn, gambling, and hacker files I could find. It seems our Internet overlords are sterilizing spam. If I were to treat my body the way I treated this computer, I’d have yellow fever, bird flu, and Alzheimer’s. But the Dell? Eh. Somewhat the worse for wear.

. . .

Day 18: I take the Dell to Best Buy’s Geek Squad and tell a technician that I’m having a bit of trouble with it. Less than four hours later I get a call back from Carla. She declares it a total loss and advises wiping the hard drive and restoring it with system disks. “The tech ran a couple of virus scans,” she says. “One kept beeping so much that he had to just turn it off.” Ah, that’s the stuff.

[tags]Spam effects, Wired[/tags]

Assassination in the U.S.

A really interesting article on Assassination in the United States.  And for people who think the government keeps everything from us, this one is hosted by the secret service (should that be capitalized?  I don’t know).  Sadly, the article is a PDF file which contains an image (or images, I’m not certain).  So I can’t rip out a suitable text section to post here.  But trust me, this is a good read, if somewhat longer than most folks would want to read through.  Check it out.

[tags]Assassination, Secret Service[/tags]

Penetration testing via USB keys

There have been a number of articles written about the security experts who recently during a security penetration test randomly dropped around the target facility USB flash drives with a trojan set to autorun. I like Bruce Schneier’s write-up and story links o this, so will reference it. First, Schneier has this:

Recently I’ve been seeing more and more written about this attack. The Spring 2006 issue of 2600 Magazine, for example, contains a short article called “iPod Sneakiness” (unfortunately, not on line). The author suggests that you can innocently ask someone at an Internet cafe if you can plug your iPod into his computer to power it up — and then steal his passwords and critical files.

So if you aren’t reading 2600 Magazine to keep up with the security underground, you’re in the dark.  Get to reading it.  I’ve found it to contain loads of worthless stuff, but the letters section and at least a few articles per issue are usually worth the cost of the magazine.  And if any of you want to get me a lifetime subscription to 2600, I’d be more than happy to accept it…
Next, he links to the story about the USB drives used for the penetration test.

We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.

The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.

After this, it’s just a matter of waiting. And as noted in the penetration testing story, it didn’t take long. I have to admit, I probably would have gotten taken by this attack as well, and I’ve spent years working with computer security. It’s not that I wouldn’t be suspicious of the USB drives. My problem is, I didn’t know USB drives could be set to auto-run just like CD drives can. In fact, it’s the default behavior in Windows!

AutoRun is just a bad idea. People putting CD-ROMs or USB drives into their computers usually want to see what’s on the media, not have programs automatically run. Fortunately you can turn AutoRun off. A simple manual approach is to hold down the “Shift” key when a disk or USB storage device is inserted into the computer. A better way is to disable the feature entirely by editing the Windows Registry. There are many instructions for doing this online (just search for “disable autorun”) or you can download and use Microsoft’s TweakUI program, which is part of the Windows XP PowerToys download. With Windows XP you can also disable AutoRun for CDs by right-clicking on the CD drive icon in the Windows explorer, choosing the AutoPlay tab, and then selecting “Take no action” for each kind of disk that’s listed. Unfortunately, disabling AutoPlay for CDs won’t always disable AutoPlay for USB devices, so the registry hack is the safest course of action.

Bruce winds up with this comment that seems obvious to everyone interested in protecting computers except the folks at Microsoft:

In the 1990s, the Macintosh operating system had this feature, which was removed after a virus made use of it in 1998. Microsoft needs to remove this feature as well.

[tags]Security testing, USB drives, Autorun, Network security, Bruce Schneier[/tags]

Sony says PS3 is a computer, not a console

In a further attempt to alienate customers, maintain an absurdly high price, and give Micro$oft a better lead in the next-gen console battle, Sony, through President and CEO Ken Kutaragi , has announced that the PlayStation 3 is a computer, not a console.

Kutaragi pointedly commented of the next-gen console, which is due to launch this November at dual price points of $499 and $599 in North America: “We don’t say it’s a game console (*laugh*) – PlayStation 3 is clearly a computer, unlike the PlayStations [released] so far.”

This, Sony says, leaves open the possibility of upgrades or additional configurations in the future.

. . . “I think it’s okay to release a [extended PS3] configuration every year”. It’s clear from the comments that Sony is indicating that it will be possible to upgrade hard drives and perhaps even other components easily.

The Sony CEO gave another example in the interview: “As PS3 is a computer… it also wants to evolve. We’ll want to upgrade the HDD size very soon – if new standards appear on the PC, we will want to support them. We may want the [Blu-ray] drive to [have a writable version upgrade].” He then tempered his comments: “Well, BD may not develop like that, though.” But extensibility is what Sony is stressing that you get for the price of a PS3, nonetheless.

I think Bill has the whole PS3 situation covered best of all the sites I follow.  That last link in particular has some pretty good discussion on the fiasco.

[tags]PS3, Playstation 3, Sony suicide[/tags]