The Mac OS X operating system — long touted as immune to viruses and hacking — has been compromised by a Trojan horse attack that installs a backdoor hacker tool, according to Mac security specialist Intego.

The Trojan program pops up an error message when Mac users visit certain booby-trapped Web sites, stating that a ‘missing plug-in’ must be installed before they can view the site. If the user clicks ‘OK’ to install the plug-in the backdoor remote control program is actually installed.

Once installed, the backdoor program lets cyber criminals remotely control the infected Mac and use it as a platform to broadcast spam or infect other computers.

The usual cautions and safety recommendations apply: Don’t install any software that is offered to you unsolicited, either via an e-mail or in a pop-up advisory at a Web site.

Internet security company CheckPoint Software Technologies Ltd. of Redwood, CA, offers some thought-provoking weekend reading for parents…

Ten ways to make using the Internet safer for your family:

  1. Educate yourself about online hazards, and set clear rules for family Internet use. Websites such as Kids In The Know, or Cybertip.ca provide a range of age-appropriate strategies and tools for parents and teachers to apply to young people’s Internet use.
  2. Tell your children up front that what they do online is not private. People who your children don’t know are viewing some or all of your children’s participation in chat rooms, blogs, social networking sites such as FaceBook, Twitter or MySpace, etc. It’s your duty as a parent to educate your children about online hazards, and to protect them.
  3. Internet use by family members will be a supervised activity. Rules will be set in terms of amount of time online, kinds of activities, and kinds of Internet content. Internet use will be subject to safety rules in terms of inappropriate or dangerous activities. If children commit to use the Internet safely and responsibly, they will earn your trust. If they are engaging in harmful, risky, or obsessive activities, they will have their access to the Internet restricted.
  4. Understand that Internet savvy kids are way ahead of you, and you must catch up. In a recent study, 32 per cent of online teens stated they clear their browser history at the end of an online session, to ‘cover their tracks’ about where they have been and what they’ve been doing. 16per cent of online teens admitted creating private email addresses or social networking profiles to hide what they do online from their parents.
  5. If there is any violation of the rules for safe Internet use, then use will be restricted. For example, computers will not be allowed in children’s bedrooms, but rather will be kept in the ‘public’ parts of the house such as living room, den or kitchen. The object is to encourage safe Internet use, rather than to forbid Internet use, which would perhaps motivate the child to find a way to go online from a location outside the home.
  6. Use Antivirus, Parental Control and Firewall Software. Install and regularly update a full-featured Internet security software package, which includes parental controls (which limit the range of content the child can access) virus detection, anti-‘phishing’ and spam email filtering, and firewall features. This will greatly reduce the likelihood of your computer being damaged or hijacked by malicious cybercriminals or vandals, and will give you a degree of control over, and reporting of, attacks against your PC or home network.
  7. Check websites that your children have created, or which they visit. …And ensure that they are not putting ‘personally identifying information’ on those sites which could make them vulnerable to cyberstalkers or criminals: Remarkably large numbers of children and teens assume that sharing photos, personal history and physical descriptions is harmless. According to one recent study, 32 per cent of online teen girls have given out a photo or physical description of themselves to someone they don’t know.
  8. Monitor Webcam Use. Online predators attempt to make contact with children who have access to webcams. Ensure that you know who is connecting via webcam with your child, and for what purpose.
  9. Emphasize the Positive. Work with your children to develop a beneficial online aspect of family life: communicating with friends and family, exploring the online ‘world library’, enriching personal education, developing hobbies and skills.
  10. Continue to Educate Yourself and Your Children. Internet content and technology is constantly changing. Treat change as an opportunity to increase the benefits of technology to you and your children’s lives.

By: Paul Comessotti, Canadian Country Manager, Check Point Software Technologies Inc., Calgary, AB, and Kellman Meghu, Security Engineering Manager, Check Point Software Technologies Inc., Mississauga, ON.

***

To round out your TLP family Internet safety tutorial… See, also, TLP Security correspondent Eric Jacksch’s recommendarions for supervising your Children Online and his Internet Safety Tips for Parents.

In which we travel three quarters of the way across the continent, to Ottawa, Canada — and move up several social and income brackets — to look at another case of identity theft that seems quite different on the surface but has many underlying elements in common with the scam, perpetrated on an Oregon farmer, that we studied in Part I

High visibility

A prominent Ottawa, Canada, physician (who shall remain nameless for purposes of this case study) recently found himself the target of a cyber crime attack focused specifically on him. It was just the sort of gambit that Internet security specialists and law enforcement officials have been warning us about in recent months.

The cyber equivalent of a classic conman’s ‘sting’, the gambit could have cost many family members, friends and associates of the popular gynecologist a lot of money — a total in excess of (US)$100,000 — if all those solicited had paid up as instructed. As it was, the escapade cost some of the potential victims considerable concern and definitely cost the doctor his long-awaited, hard-earned vacation.

Key similarities

Our doctor fell prey to a somewhat different sort of scam but his experience and the Oregon farmer’s (see Part I) share some key points in common: The objective of both cyber crimes was theft, the perpetrators were professional crooks and the crimes were both planned in such a way that they could not have been pulled off without the ‘help’ of the Internet.

And the doctor, like the farmer, may also have unwittingly informed the crooks in his case that he would be away.

The best of intentions

Before he left on his trip, the good doctor conscientiously mass-e-mailed everyone on his contact list that he would be away for a specific period of time — more than 100 recipients, any one of whom could have acted on the information themselves or, more likely, passed it on to third parties (i.e.- the crooks).

Armed with the knowledge of his plans, the crooks apparently extracted the contact e-mail addresses from a copy of the doctor’s own message and sent every last one of them a new message, purportedly from him, stating that the doctor was not at his favourite mountain resort but was, in fact, in Costa Rica on an emergency trip to help a family member who was ‘in trouble’ down there. The message went on to ask that the recipient immediately wire (US)$1,000. to an account in the Central American country, which is known worldwide as a financial ‘anything goes’ zone. The transfers would, effectively, have been untraceable, allowing the crooks to make a clean get-away.

But at least a couple of the doctor’s closest associates smelled a rat when they received the crooks’ e-mail ‘cheese’. One had the presence of mind call the doctor’s wife’s cell phone before making any kind of response to the cash request and she quickly set the story straight.

Electronic countermeasures

The Doctor immediately e-mailed everyone on his contact list again, assuring them that he was alright and warning them that the ‘Costa Rica’ message was a scam. He also, of course, notified police.

However, the authorities admitted that the chances of tracking down the perpetrators were very slim. The doctor’s actual e-mail contacts were all ruled out fairly quickly as candidates for the crime and police opined as it would be all but impossible to prove that any one of them passed the information about the doctor’s vacation plans to someone else who, unbeknownst to the contact, would use it for criminal purposes.

Some points to ponder…

Thanks to the Internet, the whole scam took less than 12 hours to play out — from the time the baddies sent the cash request to the addresses on the purloined contact list to the point where all the innocent parties involved were finally in-the-know and the danger had effectively passed.

Although no one who received the bogus cash request reported having sent any money to Costa Rica before they were informed that the request was a scam, authorities say there is no way of knowing how much money the crooks in this case may actually have gotten away with. They note that people who have been taken in scams such as this one are often reluctant to admit it. Chalk up yet another one to human nature.

Finally, both the farmer and the doctor now know that you can still have your identity stolen, no matter how careful you are with your user IDs, passwords, credit cards, ATM PINs, bank statements, account numbers, cancelled cheques, paid bills or personal ID documents.

And, now, you know, too.

Years back, we used to joke about virtual reality gaming and what would happen if a total virtual environment like Star Trek’s holodeck was really invented. As I recall, our consensus at the time was that those who couldn’t separate virtual and real worlds would probably die of starvation. While we’re fortunately not quite there yet, blogs and traditional media have been buzzing about a British couple who divorced over an alleged virtual affair in Second Life. There’s part of me that really hopes this is an elaborate publicity stunt but, sadly, it is probably not.

Second Life is a cutting edge online game. It allows three dimensional movement, people can create buildings and objects that have a realistic aspect to them — and it has an economy. Not only can players trade virtual currency but that currency can be converted into real-life dollars through official and unofficial currency exchanges. So, you can play for free, you can use real money to buy virtual property and you can also, if you have enough time on your hands, earn virtual money and sell it for dollars. In some ways, people have been doing that for years by playing games long enough to build up a character to the point that others would buy it from them instead of starting the game from scratch. But the formalized money exchange makes Second Life somewhat unique. And, while I call it a game, some people take it much more seriously. After all, it is conceivable that some people might be able to make a living working in this virtual world.

On Second Life, you create an ‘avatar’, or what most gamers refer to as a ‘character’”. It’s a thing that you control. You choose its gender, what it looks like, what it wears and where it walks, jumps, sits — or flies. It might look like you or it might not. You might choose your own gender, or perhaps the other. It’s the virtual equivalent of what kids do with stuffed animals, dolls and action figures. It’s way less real than the game piece I move around the board playing the Disney Princess version of Monopoly with my daughter. Second Life is a virtual world existing only inside a computer.

But despite the fact that it doesn’t exist, apparently some people manage to immerse themselves in Second Life to the point that it becomes real to them. According to media reports, this couple met online, at some point got married and, apparently, it went downhill from there. The husband’s virtual character allegedly had a virtual encounter with a virtual prostitute and his wife’s virtual character girlfriend left him. But, in real life, they stayed together. Then she allegedly hired a virtual private detective to set up a virtual ‘honeypot’ trap. Things went well. Her virtual character decided to trust his virtual character, and they subsequently had a splendid virtual wedding. Then she apparently found his virtual character ‘chatting affectionately’ with another virtual character and filed for a real-life divorce.

There is no mention as to whether any of the virtual characters required a visit to the virtual doctor for virtual tests or virtual antibiotics but one thing is certain: Some people apparently need to log off Second Life, turn off their computer and spend some time in their First Life for a change.

From: CNet.com —

Industry analysts warn that the line between computers and smart phones continues to blur — and the ultimate result is more likely to be a violent collision than an amicable merger.

As CNet.com’s Brooke Crothers reports, “This will happen as more tweener products emerge. ‘New product categories such as Netbooks, MIDs (mobile Internet devices), and smartphones all lie in the spectrum between the traditional PC and handset product categories,’ [Doug Freedman, an analyst at AmTech Research] wrote. ‘Cell phones are increasing in screen sizes, computational power and capabilities, while PCs are seeing declines in screen sizes and increases in connectivity.’”

As a result, PC makers and phone makers will race to create the next generation of ‘tweener’ products and carve out as large a chunk of that market as they can.

Down the road, Freedman writes, in a research note, “We do not expect the PC and handset to converge into a single ‘holy grail’ device.” PC and cell phone makers will continue to build devices that try to bridge the gap. Apple’s iPhone is an example of a device at one end of the spectrum, while the 10-inch Asus Eee PC Netbook addresses the other end. … We expect most users to continue to require two devices: one large form factor device and one small form factor device.”

Angry iTunes users are calling for a boycott of the Apple iTunes store after finding that certain video content they have purchased via download from iTunes can’t be played — even on their genuine Apple equipment.

They say they get an error message referring to “High Digital Content Protection” (HDCP), saying their external display device is not “HDCP-authorized”.

HDCP compatibility is apparently a condition imposed on Apple by the movie providers.

Apparently, HDCP limits the playing of iTunes-sources HD movies to displays that are HDCP compatible. A special connector, built into newer Mac computers, is required. The problem is, many HD displays — even genuine Mac displays prior to the current generation — don’t have the connector and, so, are not capable of showing the new HDCP movies.

“In other words,” laments Apple watcher Andy Foster in The Computer Blog, “the only way any of us can guarantee we can play the stuff we buy that is HD is to ensure we have the newest in hardware. … Forcing a user to buy new hardware to view your content will backfire, and no one will be able to predict at any point whether the explosion will be big or small.”

Stay tuned..

Microsoft (MS) this week announced that it is planning to phase out its Live OneCare subscription-based online security service late next year and introduce a new suite of free ‘core anti-malware protection’ services for users of XP, Vista and Windows 7.

“Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, Senior Director of Product Management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware.”

The new program, currently code-named ‘Morro’, will be built on MS’s current malware protection engine and is intended to protect users against a wide spectrum of online threats, including viruses, spyware, rootkits and trojans. It will also be a smaller set of applications, making it more accessible and more usable for non-highspeeed Internet users.

According to the official MS news release, “‘Morro’ will be available as a stand-alone download and offer malware protection for the Windows XP, Windows Vista and Windows 7 operating systems. When used in conjunction with the ongoing security and privacy enhancements of Windows and Internet Explorer, this new solution will offer consumers a robust, no-cost security solution to help protect against the majority of online threats.”

Morrow is scheduled to launch sometime in the second quarter of 2009. From that point, Live OneCare users will continue to receive full support through the end of their current subscriptions.

Part II — Memo to retailers: Don’t mess with moms!

I’m taking my own series on marketing and mommy blogs on a bit of a tangent. Last week, I talked about the buying power of the mom demographic. This week, the pain reliever Motrin made a case study out of why marketers should tread carefully when targeting the mom demographic.

Over the course of 24 hours last weekend, Motrin released what they probably thought was a clever and edgy new ad targeting mothers of young children, and then reeled under the collective fury of just the demographic they were targeting, eventually taking down their website and then going so far as to issue a hat-in-hand apology.

Here’s the ad that started it all:

Now, I don’t find the ad offensive per se, but I do find it patronizing and poorly thought-out. Moms don’t wear babies in slings to be fashionable, and slings worn properly shouldn’t hurt at all. Insinuating that you need to wear your child like a badge of honour to somehow legitimize yourself as a mother is a bit over the top.

Offended mothers across the Internet took to their keyboards. The day the ad was posted, one mother was tweeting about it on Twitter and just a single hour after that, the hashtag #motrinmoms was the most popular search term on Twitter. Less two days later, at least two moms had created video responses to the Motrin ad, Technorati showed more than 1700 blog posts on the subject, and the Vice President of Marketing for MacNeil Consumer Healthcare had issued the following apology on the front page of Motrin.com and via e-mail to a large number of the very mothers who complained about the original ad.

This kind of one-day turnaround, from ad début to apology, would have never happened in a Web 1.0 – or earlier – world. Memo to marketers: moms are online in massive numbers, and they’re not afraid to harness the power of social media. Court them at your own risk!

***

Danielle Donders shares her digital parenting experiences with us on Thursdays. She is a proud MommyBlogger at Postcards from the Mothership, and vaguely remembers a day job studying the tools of social media in the context of government communications.

In which we learn that creative crooks can can steal your identity no matter how careful you are with your paid bills, cancelled cheques, user IDs and PINs…

It can happen to you

You may have caught wind of a bizarre incident, in which a farmer from Oregon was targeted by crooks who made dozens of ordinary people unwitting accomplices in a house burglary. The story was all over the Internet for couple of weeks in late March and Early April. Observers were calling the occurrence ‘bizarre’ and ‘unusual’. But, as we’ll see by the end of this two-part feature, this kind of thing is becoming more and more common. And it can happen in your back yard.

Net an unwitting accomplice

When the farmer went out of town for a few days, the crooks posted a fake Craig’s List ad in his name, saying that he was, in fact, moving out of state permanently and all of his worldly goods were for free for the taking.

Sounds far-fetched, I know… But dozens of people — many of whom drove considerable distances — believed the tale, came to the man’s house bright and early the next morning and started carting off whatever they could carry.

It turned out that a ‘Bonney and Clyde’ team of small-time crooks had set the whole thing up to cover their own tracks. They had apparently ‘viewed’ the farmhouse, which was up for rent, a few days earlier and thoroughly cased the joint. It was then that they learned the owner was headed out of town for a few days.

They came back as soon as the man left for his long weekend and took everything in which they were specifically interested. Then, they posted the fake ad and let human nature (i.e.- greed) take it’s impartial and majestic course.

Police tracked down the crooks from Craig’s List account information and arrested them a few days later. Most but not all of the goods removed from the house and property were eventually recovered or voluntarily returned. Ironically, the stuff that was not returned was taken not by the crooks but by anonymous citizens who had responded to the fake ad. Chalk up another one to human nature.

Tomorrow, in Part II: Another place, another case, an eerily similar scam…

The Canada Revenue Agency (CRA) is warning of another Internet identity theft scam targeting Canadian taxpayers. It’s actually a new round of scam e-mails on an old theme, first reported by the CRA last summer.

E-mail messages claiming to be from the CRA are being sent to Canadians, saying that the recipients have a refund coming to them from the federal income tax agency — but they must first bring their account information up-to-date. The letter asks them to download a form from a linked Web site, fill it out and e-mail or fax it back.

The form, titled ‘T2’ is not an official CRA form, although the CRA does have an official ‘T2’ that looks very different. The bogus ‘T2’ asks for a variety of personal information including bank account and passport numbers.

Any unsolicited e-mail you may receive claiming to be from the CRA is a scam. As the CRA Web site advises, the Agency does not correspond with taxpayers via e-mail:

“The CRA advises individuals who receive the unsolicited e-mails to delete them immediately. Do not go to the Web sites listed in the messages as some of these sites contain harmful software.”

While the Bush regime has been cool to the concept of Net neutrality, advocating increased government control over the Internet, it appears that the Obama administration will embrace freedom of access.

The Obama transition team last week named two well-known Net neutrality advocates to direct its Federal Communications Commission (FCC) Review team.

They are: Former FCC staff member Kevin Werbach and University of Michigan Law professor Susan Crawford.

Crawford asserted herself as an advocate for universal Net access at the annual Wired.com Tech Policy Summit, where she told assembled government and industry reps that the Internet is an essential service, “like water, electricity, sewage systems: Something that each and [every] American needs to succeed in the modern era.”

Werbach is a well-known blogger specializing in U.S. tech policy.

Today’s Next Big Thing is about the convergence of three technologies, each of which is in service today, either in the military or in office toys for the Uber-Geek (or Geekette). Here’s what the tea-leaves say lies in our future, when small, electrically-powered flying vehicles, mini navigation systems and affordable Infra-Red imaging are combined…

***

There’s always one. The rescue team found his SUV on a fire trail. Inside, his mobile phone and satellite beacon were still transmitting its plaintive call for assistance, and still asking for its owner to press the ‘I’m OK’ button that would have called off the search. The MISPER — missing person — hadn’t acknowledged in the six hours alloted since the phone started nagging and was somewhere in the wilderness — a wilderness that was now damp with rain and the light was fading fast.

A call to the helicopter base produced a promise that they’d get a chopper out there ‘as soon as possible’ but its ETA was well after nightfall and conditions were poor. If the MISPER was injured, he’d likely not survive the night.

The rescue team pulled the tarpaulin off the trailer and started the five minute pre-flight checks of half a dozen objects, all painted a bright yellow, that looked rather like chunky trash can lids. Then, with a throaty whir of electric motors driving rotors, one by one the Eye Spies lifted off to their assigned areas.

Each of them carried a TI — Thermal Imager — that transmitted a picture back to base. Each Imager had on board just enough ‘intelligence’ to know where it was, where it was going, what to do if its self-tests found a fault during flight — and to transmit a picture of anything that ‘looked interesting’. The fading light made no difference and the driving rain only slightly degraded performance. Even thick fog could not stop these spies-in-the-sky.

They found dozens of examples of native wildlife, which showed up even more clearly as the temperature dropped, their warm bodies providing excellent contrast against the cooling forest floor. And, eventually, an hour later, an Eye Spy located the missing person at the bottom of a nearby ravine.

It took the rescue team two hours to get to him, even using active Infra Red goggles to navigate through the rain and darkness. He had compound fractures of both legs, severe hypothermia and was suffering from severe blood loss — but he’d survive.

The MISPER was a celebrity though, a Tri-V Rock artist, and by the time they got him to the hospital, the word had gotten out. A Flash Crowd of bloggers with personal Webcams was there, some recording, some giving off live feeds that the networks were paying Big Bucks for. The local TV station even had its own version of Eye Spies, ‘Paperazzi Sparrows’ the size of their namesake. These flitted over the crowd, recording in every wavelength of the visible spectrum and some well beyond, as the night was pitch black and it was still raining. Sound quality was poor, but next year’s versions of the Sparrows promised better performance by integrating their audio feeds.

Some of the bloggers carried umbrellas — and not just to keep off the rain. Anyone who wanted privacy in these days, in the 2030’s, carried one, lined with Infra-Red absorbent material. Some towns had passed ordnances banning Sparrows — the intrusive nuisances — but the laws were difficult to enforce. Most were anonymous, autonomous and couldn’t be jammed. An over-sized tennis racket was sometimes employed by professional bodyguards but, then, there was a danger that someone in the crowd would be hit by a disintegrating sparrow as it got volleyed away and the courts had been inconsistent in ruling where the fault lay in such cases. Already, some manufacturers were making over-sized butterfly-nets to catch Sparrows, instead.

Umbrellas were less likely to provoke litigation. And besides, as here [in Australia], they could even be used for keeping off the rain.