Having read all the other Dan Brown’s works I got interested in reading Digital Fortress : A Thriller, especially knowing that it’s background theme is computers and cryptography. In the other books (DaVinci Code, Angels & Demons and Deception Point) most of the facts look to me like they are accurate, perhaps because I’m not an expert in any of the fields they touch (neither art, fossils or the Vatican situation). But I know something more about computers and I have always liked cryptography, so I have been studying it for some time, and having read the book I found some things which don’t really fit.
Some of these things are what we could call “artistic licenses”, where the author has invented something which doesn’t really exist so the novel is plausible, but others are factual errors which look like Dan didn’t get really documented about it. And it’s a pity, because he says two ex-NSA cryptographers contributed to the book and they should know much better what they were talking about. Dan, are you really sure they were ex-NSA members?
Finally, I’m getting a list of some errors not related to computers. As the novel is partly ambiented in Seville, a Spanish southern city, and I’m from Spain I found some gross errors about the city and about the country. I don’t live in Seville, but I have been there on holidays, so I’m sure more errors about the city can be found. Anyways, let’s go with the list.
WARNING: for those who haven’t read the book and have the intention of doing it, this contains all kind of spoilers.
Continue reading ‘Digital Fortress: what Dan Brown got wrong’
W32.Hotmatom is a new worm that uses Hotmail to spread itself. When downloaded it installs in your computer, running every time Windows starts. Then it monitors your browser (only Internet Explorer) and when you send a new email to someone the worm adds a signature to the email, pointing to a web page with a copy of it which will be downloaded if the user accesses it.
The signature is chosen between one of these:
- Hola, feliz dia de san valentin te hice una postal, descargala de aqui [http://]romanticsletters.miarroba.com
- Hi, Happy San Valentin Day Download you Postcards from [http://]romanticsletters.miarroba.com
- i want show you something,[http://]romanticsletters.miarroba.com
- oye hasme un favor sip porfa, esque hice una postal para alguien pero quiero ver si se ve, ayudame, de aqui la descargas, yo la puedo ver pero puess quiero ver si se ve en otro lado, [http://]www.romanticsletters.miarroba.com ,me dices ok?
The worm also deletes files from disks A and C, overwriting them with its code. Looks like all the webpages linked don’t work anymore, but there could be other variants with different links.
As always, the recommendation is not to open any link received in an email and have a good and updated antivirus.
From | BlogAntivirus.
In my last post about Mac OS X I talked about someone who asked hackers to try the security of his Mac mini and discovered that it had been compromised in 6 hours. But what I didn’t tell is that he allowed anyone to create an account in his system, from which a local exploit was probably used to gain superuser access.
Usually, local exploits are easier to find and give you full access to the system, so having an account in that computer made the challenge much easier. It’s not very normal to find a server connected to Internet where anyone can login and create his own account.
Another owner of a Mac mini has decided to try this again, but this time not allowing the creation of local accounts. The server is located at the University of Wisconsin and the instructions are at Mac OS X Security Challenge. Will anyone be able to hack into this system and modify the webpage? Maybe or maybe not, but at least, this is a more realistic scenario than the other contest.
From | Netsec
Many Mac users think they are not in danger when using their computer, as Mac OS X is thought to be quite secure. But this isn’t true anymore, as we have seen in recent news with the apparition of two viruses which exploit some vulnerabilities in the operating system. Although these viruses have not been seen in the wild, because they were intentionally crippled, the damage is already done as some simple modifications would allow them to expand.
But these viruses are not the only threats to Mac OS X as the owner of rm my Mac discovered a few days ago. Trusting his operating system, he invited hackers to try to delete (rm is the unix instruction for deleting files) all the files in the disk of his mac mini, which was connected to Internet.
Six hours later, he discovered that it had been hacked, but the attacker didn’t remove his files, although he could have done it. According to the hacker, the machine was attacked with some unpublished exploits for Mac OS X which have not been been made public yet neither have been patched.
So, if you own a Mac you should better be aware of this and try to protect it. A firewall and deactivating all not needed services is the least you can do. I don’t currently own a Mac, so I don’t know if the default configuration already does this (should do it), but better check it before it’s too late.
From | ZDNet
The most used technique by cyber-thieves to steal money from bank accounts is phishing, trying to get your password for the bank and transferring funds from there to their own account. But public is getting more aware of this type of attack, so it’s getting less profitable.
Criminals are trying to find other ways to get your money and, in a “clever” movement, they are not asking your password anymore, but wait until you login into your bank account and then use your credentials to get the money transfered.
If we make a simile with the real world, until now the thieves were spying us when we were entering our PIN into the ATM and, when we left they used this PIN to get money. Now, they wait besides the ATM for us to come and try to get money and when we are doing this they transfer the funds to their account without the need of the PIN.
As always, we should have a good antivirus, a good antispyware and never trust links embedded in an email.
From | Truston Identity Theft Blog.
I usually like to put a password in the BIOS, not really for security, but to avoid someone messing up with the settings and rendering the computer unbootable. Unfortunately, sometimes I can’t remember the password I used in some computer and, as they are not very critical, I don’t have them written anywhere.
When in need to change it the easiest way is usually opening the computer case, finding the jumper for clearing the CMOS and setting it for a few moments. If we can’t find the jumper, mainly because we don’t have the mainboard manual, we can remove the battery (if it’s removeable, sometimes they are not) and wait for half an hour. With these methods, the password disappears, but also does all the rest of the information saved in CMOS, so we’ll have to configure the settings again
There are other software methods if you don’t feel like opening your computer case. Get into a DOS prompt and execute the DEBUG command with these instructions
c:\> debug.exe
-o 70 2e
-o 71 ff
-q
This works in almost all cases, but it’s a little dangerous, as you could damage something in memory, so you better take care.
From | Info Directory.
Although the concept of Java was “compile-once-run-anywhere”, in the mobile market this has not been really true during a long time. Differences in the implementation of the Java Virtual Machine and in the capacities of the different telephones made the process of writing generic software (especially games) a difficult one.
This was one of the main reasons why virus writers didn’t target this kind of platforms, as the distribution of it would be difficult. But when money is in the game we could expect sooner or later someone would do it.
In this case, the threat is coming from Russia, where a trojan has been found which, disguised in an application which allows to visit WAP sites for free, sends SMS to premium rate numbers, getting money from the user.
It has been named Trojan-SMS.J2ME.RedBrowser.a and, luckily, it can not replicate by itself, you have to download and install it yourself to activate it. Even more, when sending an SMS it will show a warning telling the user what’s happening and not all mobile phones can send SMS from a Java application
The recommendation, as always, is not to download software from suspicious sites or accept files from unknown people.
From | Kaspersky Lab weblog.
If you are in charge of more than a computer and you need to update different Microsoft operating systems, the fastest way might be to download an ISO image with all the updates released this month. You can get this from Microsoft Download Center and the download size is 323.6 MB.
From | Nautopia
Continue reading ‘All February 2006 Microsoft Windows updates in a CD’
