According to reports from British PC security experts, over fifteen million computers from countries spanning the globe have been infected by a new computer virus. The virus, which is of the worm variety, goes by a variety of names including Downadup, Kido, and perhaps most commonly, Conficker. It is estimated to have spread to over six million PCs in the last three days alone.

While the virus has infected a large number of computers, including some British hospital PCs, it is unknown at this time if the “Conficker” actually has any effects. Some believe it was created simply to demonstrate the skill of its creator, but others believe it may be capable of stealing personal information such as passwords and online log-in IDs. Its also being considered that the virus may include a “rootkit”, which would give the virus creator remote access to the infected to computers.

Hackers have attacked many PCs with thousands of bugs, spam, and other nefarious tactics. Currently security experts are saying that cellular phones will be the next likely targets.

A report by Georgia Tech has identified the growing popularity of cell phones as a new path for hackers. Of specific concern is that as mobile phones gain more computing power and Internet connectivity, hackers will be able to utilize the security vulnerabilities of phone operating systems and web apps.

Botnets, which are networks of infected PCs are the common approach used for spamming and denial of service attacks. Botnets  have massive computer power and could use a very high number of computing devices to take offline or wipe clean other devices.

If botnets are used in cell phones, new fraud scams could begin. For instance, infected phones could be programmed to call pay-per-minute numbers or purchase ringtones. If the criminals can do so effectively, they will continue.

The facts that cell phones are usually always on and have typically poor security makes them appealing to hackers. Also, an antivirus software can consume a significant amount of battery life.

The hurdle for the hackers is to learn how the cellular networks work and change their attacks accordingly. Mobile network providers are more tightly controlled when compared with home or business Internet providers, which would mean that lines of communication could be closed quickly for infected phones.

For successful hacking, there needs to be a significant number of Internet browsing and downloading taking place on mobile devices, which is just significantly starting now.

Who said American automotive innovation is over?!

For its 100th anniversary, not to mention the lagging sales in the traditional auto markets, General Motors is introducing the first mass produced electric car, the Chevrolet Volt.

Let’s looks at both the drawbacks and the advantages of the Volt over existing cars. First, the drawbacks: The car still requires gasoline for long trips. For the first 40 miles, the trip is solely battery powered, but for greater distances, a small gas engine recharges the batteries. Since the ultimate moving force behind the car is electricity, this is still considered a true electric car, and not a hybrid. The overall distance a Volt can cover is a respectable 300+ miles.

Also, the price for the Volt is not yet known. Another electric car called Tesla, which is actually a limited production sports car, costs $100,000. It is highly unlikely that the Volt would cost this much, but estimates range from $30,000-$50,000, which still wouldn’t make it an overnight success in Chevy dealerships.

It is important to note that if electric cars do become hugely successful at some point, it is logical to assume that this would result in significant demand on the electric grid. With all the talk about global warming, pollution, and energy security, it is conceivable that this would provide additional push for alternative sources of energy to become commonplace.

The benefits: The Volt can reach a top speed of 100 MPH, which is respectable, considering most drivers never reach anywhere near that speed in a traditional car. The Volt also seats a family of 4 comfortably, so gone is the idea of a golf cart-type new age vehicle. Additionally, the interior is slick and, being part of a new technology, cutting edge.

Notably, charging the car at home is done via a normal electric cord, thus achieving a zero learning curve for the consumer.

The car is intended for practical drivers that are environmentally conscious and people that are willing to give the American car another chance vs. the successful import hybrids. Once the car becomes available in 2010, let’s see if this innovation indeed returns a lasting spotlight to the American automobile…

I was having some files issues with my (Vista) PC over the weekend, and came across a pretty good file removal software (clone remover), so thought I’d give it a little props here.

It can be annoying and time-consuming to find duplicate files, (especially when you have as much data on your PC as we at TechConsumer tend to keep) and Windows isn’t really set-up to locate them easily. It was nice to find a software that provides a little help in this regard.

No, I’m not trying to sell you anything – you can go to the Moleskinsoft duplicate files remover page and download the file finding software for free. It will allow you to search for duplicate files by content, properties, mp3 title, for similar images, or files with a zero size.

For my specific purposes, what I needed to do is use the similar images function (maybe I need to get better at naming and organizing my images in the first place – but the moleskin software sort of came to my rescue), which basically finds similar images in such formats as (.jpg, .bmp, .png, .psd and others) that differ in resolution, or have a difference such as a caption. This proved to be a timesaver, and probably prevented a big headache on this author’s end.

The latest news from United Kingdom’s major retail bankers says that if your online bank account has been compromised and you didn’t use any Internet computer security software such as antivirus and antispyware (e.g. Norton 360), you solely bear the responsibility for the loss, and they won’t compensate you a dime. A clause has been added to the newly updated Banking Code to make this very clear.

According to recent Internet safety and online identity fraud research, the British Police are being informed of a new cybercrime event every 10 seconds. This accounted for over GBP 300 million in financial loss for private and business bank customers in England in 2007. However, many online computer safety specialists claim that the vast majority of online crimes are never reported because they haven’t been detected or were of a lesser severity.

They don’t risk their lives to get money, they don’t shoot at anyone any more, and they don’t do any physical harm to their victims. Today’s crime is online crime and uses computer safety holes and threats in software and equipment to sneak money from peoples’ pockets while they’re sitting right in front of their laptops. No need to shoot nor to threaten anybody. Just a few smart code snippets smuggled into the victim’s PC via email or a booby-trapped website and you are done. Simple as that.

As Marcus Ranum, the author of The Myth of Homeland Security, explains, cybercrime delivers a criminal with a means of automation and the advantage of being anonymous. The criminal needs very little in terms of information technology knowledge or hardware and can cross global borders very fast, making it more effortless to hide and harder to be prosecuted.

So remember that you, the web user, are alone responsible for your doings online. And if you get your online banking password stolen and money robbed by cybercriminals, chances are no one except you will pay for this. Your identity is already an easy enough target for those knowing how to steal it. To minimize the chance of this happening, be sure to get yourself a copy of at least some of the free antivirus and antispyware software available.

A second type of emailing that also serves the purpose of keeping in touch without really saying anything is the email that has been forwarded a million times because no one had the guts to go against superstition. Usually, it contains some inspiring thoughts and finishes with a dilemma: something beautiful will happen to you if you send the e-mail to 10 other people. Otherwise, it’s bad luck to stop the chain of forwarding.

This is where my cynical personality kicks in and I delete the email. I guess, so much for forwarding. I still appreciate that friends write me, though, even if it is because they had to send the email to 10 people and I was in that number. I often email them or call them right after just to say “hi.”

The third type of emailing can absolutely take advantage of you. This was my experience with TAGGED.

I received an e-mail from a friend I had not seen or heard from in years. I was excited to read her name in my inbox but the subject line made it obvious that the email comes from a third party, not directly from her. It said that she requested me as a friend on Tagged. I opened the message and saw a rectangular box with two big red buttons reading “Yes” and “No”. Right above them there was a question: “Is Mana your friend?”

At this point I knew that no matter what I clicked, I would be forwarded to another site asking me more questions. But I wanted to get in touch with my friend. To the right another box explained: “Click Yes if Mana is your friend, otherwise click No. But you have to click!” And like this was not direct enough, Tagged also added: “Please respond or Mana may think you said No” (with a sad face at the very end). So I clicked Yes.

As expected, I had to fill out a huge form to sign up. And during all this, I was encouraged with messages that I can see my friend’s photo album, I can search for other old friends of mine, and make new friends. But I didn’t care about new friends. In fact, I did not want communication with anyone other than my friend Mana. Here I should say that I am generally not involved in social networking–just not a fan of chatting with strangers. So, after a long sign-up process, I was eager to see my friend’s profile. But, it was time for advertising.

I spent a very long time clicking “No Thanks” buttons of tens of advertising forms. So far, I had to give information that I did not want to share (but it was required by the site) and waste time declining offers. By the time I was “official,” I was frustrated and irritated. I opened my friend’s profile but did not find anything there. There were no pictures, no information, or any other news from her. What a disappointment. I closed the site and continued checking my other emails for the day.

The next day, when I opened my inbox, I had five messages waiting for me from complete strangers. I wish I had created a fake address before signing up at Tagged. Two more days later, I had a total of twelve messages. Two age groups seemed particularly interested in me, middle-aged men and guys barely past their teenage years. Two of them wrote me twice asking me either to chat or to add each other as “friends.” And some of them had some creepy messages.

By the end of the third day I wanted to unsubscribe. I went on the website and found out that I can make my profile private. I would have done this earlier had I not been so frustrated by the whole sign-up/advertising process. Who would have had the patience to go play with the settings after the whole sign-up ordeal? Changing my profile status to private definitely helped. Although I still received three other messages. I guess I got tagged.

Bite me, Blockbuster Online. Oh, and you too, Facebook.

About three years ago, I signed up for Netflix, Walmart DVD Online, and Blockbuster Online. I wanted to see which interface was better, and who was quicker about sending me DVDs in the mail. Netflix won, hands down.

Blockbuster has recently come out with an interesting idea, however, where you can rent online, as well as in the store. They have been pestering me to “come back” for years, and yesterday they sent me a free month. So I thought, what the heck. I’ll sign up, rent a few, and then cancel after 29 days.

I canceled after one. Here’s why:

I put Enchanted in my queue, because the kids have wanted to watch it. I thought it would be a fun surprise. It was a surprise, all right.

I wandered over to Facebook sometime later, and there in my newsfeed is a proud proclamation, “Marion Jensen added Enchanted to his Blockbuster queue!”

WHAT?!

I’m glad I didn’t add what I wanted (Beaches, Sense and Sensibility, and Pretty Woman).

Now, I’ve gone through the settings of Facebook long ago and have turned notifying all actions from external sites (nobody is so bored that they run to the web to see what I’ve been doing), but that didn’t stop Facebook. Even though the default to Blockbuster Online was “notify me first,” it posted this breaking story to my newsfeed. My co-worker logged in and saw that I had added Enchanted to my Blockbuster queue.

I’m pretty ticked.

So, the lesson? Screw Blockbuster, go with Netflix. And as far as Facebook goes, BACK OFF.

As soon as I see an alpha version of Justin Ball’s app that brings social networking to blogging, I’m bailing.

*Update* Several readers have asked why I added the Blockbuster app if I didn’t want my queue broadcast to the world. The fact is that I didn’t add the app. The app was added for me, by Facebook. I can only assume that the two systems talked to each other because I login with the same e-mail address.

Marion Jensen

We took a lot of flack over a post back in January that questioned the security of Apple’s Mac OS X. TechConsumers left various comments ranging from “For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails” to “Mac OS X *is* inherently safer. You have to be a major league Windows zombie not to know and accept that.”

Well, CanSecWest’s PWN 2 OWN contest has just shown that Mac OS X isn’t “inherently safer” and that clearly it is possible for a user to open an e-mail on a Mac and have it join a spam botnet.

For those not familiar with CanSecWest or their PWN 2 OWN contest, here is the scoop. CanSecWest is “the world’s most advanced conference focusing on applied digital security.” And for the last few years, they have been running a contest during the conference to see which operating system is the most vulnerable: Windows Vista, Mac OS X, or Ubuntu Linux.

If you can hack (run arbitrary code) the laptop running the OS, you get to keep the laptop and a $10,000 cash prize. It is important to note that the “hacker” does not get physical access to the machine, and the laptops are in their default configuration. If you want more details please check out this link.

For the second year in a row the Mac was the first to fall, and Charlie Miller is now the proud owner of a MacBook Air with Mac OS X 10.5.2. Charlie is best known for being the researcher who first hacked Apple’s iPhone. It may be rude to say, but it is kind of vindicating for us that clearly we weren’t out on a limb when it came to Mac security. Within two minutes of the start, he directed the contest organizers to a certain website that executed his exploit.

Although the winner cannot publicly disclose details of the vulnerability, it is safe to assume the problem is in Safari. This comes after Paypal started recommending to their users that they ditch Safari due to security issues. And for the icing on the cake, Apple has started to use some under-handed methods to trick fool scam swindle con hustle sucker encourage iTunes/Quicktime users to install their underdog browser.

What can the nay-sayers say now?

Note: This article is cross-posted at PseudoSavant.

So I joined MySpace about a week ago and was already annoyed at the way they sent me my password over email. But then, just a few days later, I got an email with my first MySpace message / friend request from someone named Riley whose profile picture is a girl in a swimsuit. Originally, her (or his?) profile showed the same city and state that I live in, though now it’s been changed to Greenville, Ohio. Here’s the text of the message:

“Heya sunshine!
I recently broke up (9 months ago) and am ready to date once again. I’m not looking for a serious relationship though. It’s too soon. A little about me: I’m adventurous, outgoing and open-minded. I’m pretty good-looking and healthy. I like going out but also dont mind snuggling! If you make me laugh, you’re half way into my heart. I was browsing the site; my best-friend. After figuring out how things worked I came across your profile. I’m interested! I hope you’re not shy and that you’ll respond. Please dont reply directly though, this is really not my profile, I’m just borrowing it. Send your reply to my real email address instead: kate_cannon_x@yahoo..

Thanks and have a nice day!”

Interestingly enough, I’ve used Facebook and LinkedIn for years now and have never had this problem (or the previous password problem I discussed). But MySpace, for being the most popular social network out there, continues to disappoint. And it’s only been one week!

Perhaps I’m the exception rather than the rule, but if anyone joining MySpace for the first time should expect spam posing as a wannabe friend within one week… Wow, it just seems like one more issue to fuel the lack-of-privacy fire.

In MySpace’s defense, they do have some spam settings in the privacy section of your profile. I suppose it’s nice to be able to customize those settings, but I wonder why the default setting gets me spam? I suppose that’s the catch-22 of social networking and privacy: default openness vs. default privacy. What should those defaults be?

I’m personally a fan of “opting in” to the “my profile is accessible to everyone in every possible way” configuration rather than having to “opt out” of it. But I get the impression that, in general, the default demographic for social networks may prefer it the other way around. And that can make implementing decent privacy settings all the more tricky…

Coincidentally, MySpace updated both their terms of use and privacy policy this past week. Of course, it’s not like I read that relatively long legal verbage every day (if ever). So I have no idea what might have changed recently.

                                                    
I picked on search engine Mahalo as an example of a company emailing its customers passwords. I mentioned how having your password floating around openly on mail servers can defeat the purpose of having a password in the first place. Mahalo’s founder and CEO, Jason Calacanis, joined the discussion and some good thoughts were shared from both sides of the issue.

Today I found out that MySpace is on the list of companies sending out passwords through email. I finally signed up (that could be a separate conversation, why I’ve ignored MySpace till now) and promptly got a welcome email with my password staring back at me. MySpace, though, takes it one step further and adds insult to injury by saying “Keep it secret. Keep it safe.” right below my visible password. As if I had a choice at that point, MySpace, you just made it less secret and less safe.

But, of course, I used a I-don’t-care-as-much-if-others-know password that I wouldn’t use for other “important” sites. And I’m sure that the hundreds of millions of MySpace users do the same (yeah, right). In all seriousness, though, I can see how certain sites don’t need the same level of security as others. As an example, there is an obvious difference between MySpace and your bank in terms of security.

In reality, though, there’s a wide spectrum of sites and services protected by passwords. It’s not black and white with only “banks” on the one side and “social networking” on the other. So who should decide which service deserves what level of protection? Well, in this case, it’s my opinion that it’s in the best interest of any company protecting your information with a password to avoid sending that password insecurely over email.

But assuming a world where there will always be companies that send passwords in emails, the very least they could do is tell you this before you decide on your password. That way, you’d know to what degree a company values the protection of your information before you decide on what password to give them.

One very simple implementation of this is that of a company showing you your password as you choose it. You’d then know that this should be a less important type of password. In fact, I’m not sure why asterisks are necessary to “hide” your password as you’re typing it the first time if 30 seconds later the same password previously hidden by asterisks is visible on screen in your email.

However the “less secure” message is conveyed before you create your password, is it too much to ask for this kind of disclosure from companies?

Note: This article is cross-posted at BobCaswell.com.