Month: January 2010

Seal Shield, a Jacksonville, Fla., company that makes washable computer keyboards and mice, said it will introduce the world’s first washable cell phone at the Consumer Electronics Show in Las Vegas this week.

The company’s washable mice, keyboards and TV remotes can be cleaned in a dishwasher.

This might be good. I have three 20-something step children who have discovered that cell phones as we have come to know them do not survive being dropped in toilets.

Story here.

Company web site here.

Tom Kelchner

There has been extensive news coverage this week of Adobe’s plans for ramped-up security in its popular Reader, Acrobat and Flash Player applications, especially the Reader and Acrobat updates promised next week.

A vulnerability that was publicized in December in Reader and Acrobat allows an attacker to execute arbitrary code with a specially crafted PDF file using ZLib compressed streams. In a short time, proof-of-concept code was made public. In the past week, anti-virus companies began intercepting malicious .pdf files that exploit the vulnerability to install a back door on victims’ machines.

Adobe applications were targets of malware earlier in 2009 too and at least one anti-virus company predicted that in the coming year Adobe products probably will be exploited frequently.

The good news for the company is that Adobe’s products are so popular that they’re drawing the attention of the dark side. The bad news is… well, pretty much the same thing.

Brad Arkin, Adobe’s director of product security and privacy, apparently has been available to anyone with a blog who wants to talk about Adobe’s security ramp up, including this very detailed interview on Kaspersky’s Threatpost blog.

The real takeaway for the average computer user is that Adobe is making major changes in their security practices. Releasing patches on Microsoft’s “Patch Tuesday” each month — something they began in 2009 — being a significant one. Arkin has said, the company will launch a beta trial of an updater this month and it should find its way into default installs of Adobe Reader and Acrobat shortly.

Users will be able to opt out of the automatic updates. That feature will be handy for the information technology staff which is responsible for updates enterprise-wide.

It’s a good approach and Reader and Acrobat users should keep alert for the updates and instructions for configuring their installations.

Congratulations Adobe for being so popular you’re in the cross hairs of malicious operators worldwide… I think.

eWeek story here: Adobe Keeps Focus on Security in 2010 as Attackers Circle

Tom Kelchner

The massive growth of gold farming – the exchange of real money for virtual goods – might result in an increase in gaming Trojans and other malware aimed at gamers in the future.

A well-respected researcher has described the incredible growth of “gold farming,” an significant industry and source of employment in China and other parts of Asia. He estimates there are 400,000 people, working for gold farming companies. They spend as much as 12 hours per day playing online games in order to accumulate virtual goods which can be sold to some of the 50 million on-line game players world wide for real cash.

Richard Heeks, the chairman of development informatics at the University of Manchester in England has been studying the effects of digital technology on international development for 30 years. Scientific American magazine (the paper edition) carried an article by Heeks in its January 2010 edition “Real Money from Virtual Worlds.” It appears to be an updated version of a 2008 paper available on the university’s web site.

The gold farmers – mostly young men – can earn as much as a factory worker in their native China. Although they live in Spartan dormitories and work long hours, they appear to like the work, Heeks said.

The 60,000 to 100,000 gold farming companies worldwide are making $200 million to $3 billion annually, he estimates in the Scientific American article. This is a great source of income and employment in developing countries (one of Heeks’ points).

Perhaps it’s time to start thinking a lot more seriously about the value of virtual goods in online games. Gaming Trojans and other related spyware are going to be a more and more serious malware threat as the dark side realizes the value of the stuff gamers stay up all night to accumulate.

Heeks’ 2008 paper on the university web site:

Current Analysis and Future Research Agenda on “Gold Farming”: Real-World Production in Developing Countries for the Virtual Economies of Online Games

Tom Kelchner

Here’s one more reason not to order drugs from on-line pharmacies, in case the possibility of wasting your money on fake pills, having your credit card account sacked by thieves or poisoning yourself isn’t enough.

The U.S. Food and Drug Administration has posted a warning about extortion artists posing as FDA agents, threatening those who have purchased drugs on line and demanding that “fines” of $100 and more be paid by wire transfer, usually to the Dominican Republic.

The FDA said the victims, who usually had purchased drugs from Internet sources or telepharmacies, were contacted buy scammers who identified themselves as FDA agents or law enforcement officer from other organizations. The scammers tell their victims that ordering drugs via the Internet or by phone is illegal and they will be prosecuted if they don’t pay fines immediately.

The agency points out that their agents never contact offenders that way and only a court can impose fines.

The FDA said in the release: “Anyone receiving a telephone call from a person purporting to be an FDA or other law enforcement official who is seeking money to settle a law enforcement action for the illegal purchase of drugs over the Internet should refuse the demand and call the FDA’s Office of Criminal Investigations Metro Washington Field Office at (800) 521-5783 to report the crime.”

FDA news release here.

Tom Kelchner

Mike Cardwell, an IT consultant in Nottingham, UK, reported on his blog finding a Y2010 bug in Spam Assassin. He found an error in a rule that Spam Assassin folks thought they fixed.

“I think a lot of systems will be experiencing false positives on their ham because of this at the moment. It is a particularly high scoring rule considering that the default threshold is 5.0,” he wrote.

For further information see: SpamAssassin Rule: FH_DATE_PAST_20XX

Thanks Alex.

Tom Kelchner