You can't force someone to take down a photo of you. But you can remove the tag. Sophos research shows 90% of people don't like other people being able to post photos of them. So they're all going to quit Facebook, right? All of the guys at Computer Mechanics are in the 10% because we are very photogenic.

Happy days! You need to update your installation of Adobe Flash Player due to 7 critical security flaws; YES, only 7. Go here to update. Read here if you want more detail, like the fact that you might need to install it twice if you run two browsers...

A security issue with popular remote admin application PC Anywhere. If you're using it with Symantec software check here to see if your PC Anywhere version is cactus. The update link on that page is orange and mentions 'hot fixes'.

Good detail from Krebs (as usual) including advice not to leave remote admin software running on your computer.

Symantec has identified 13 apps that carry a virus affecting Android phones. It takes over your home page and shows you ads. This generates revenue for the hackers. You can just remove the application once you know which one it is. More info here if your phone starts acting possessed.

The Anti-counterfeiting Trade Agreement is being demonised as worse than the (stupid) SOPA and PIPA laws knocked back by Congress. And in many respects it is.

Australia has signed on (you look surprised) but it's not law yet and there is still time to lobby your local pollie.

A good summary of what it's all about by ZDNet's David Meyer.

Those zany activists are causing trouble again with their Denial of Service attacks on reputable web sites. The latest effort invites people to participate in those attacks, in which repeated calls to a web site hammer it until it collapses.

Just be a bit careful about participating in such shenanigans as you may be liable to prosecution. Kaspersky spells it out.

Jan 18th was the day wikipedia and others showed their distaste for Congress's proposed Stop Online Piracy Act; widely regarded as America's most dangerous and ill-conceived internet legislation yet. 

Here's a very good summary of some anti-SOPA articles. Favourite headline: Dear Congress. It's no longer OK for you not to know how the Internet works.

Some re-furbished malware (the Ramnit worm virus) has harvested 45,000 Facebookers' login details, mostly in the UK and France. Details have been supplied to Facebook so you'd be notified if you were affected. Details.

Once the crims get your details they use them to access corporate networks, since people tend to use the same passwords. Since Facebook is a common 'attack vector' it makes sense to use a different password for Facebook at least.

An article here by Sophos pointing out that a link on a reputable web site led to a poisoned web page. The bait? A pregnant Kate Middleton doll. Wouldn't work on me. Nonetheless, the Sophos message is sensible: "Always run up-to-date anti-virus software on your computer, and ensure that every webpage your computer visits is being scanned for malicious code". 

The Bradley Manning trial highlights the US military's total failure to guard against the abuse of internal documents by its intelligence analysts. What systems apply in your company? Give us a call if you'd like a security audit. 9325 1196.

You Have Downloaded is a web site that trawls the net to see if you've downloaded any (potentially illegal) files then makes that information available on their database. Nice. See you in court.

Stephen Colbert explains what Cory Doctorow describes as the  worst proposed Internet law in American legislative history.

Here's the latest U.S. government attempt to take over the Internet. It's called the Stop Online Piracy Act (SOPA). American legislators proposing giving content makers (movie studios and the recording industry) the power to shut down web sites they claim infringe their copyright. There's no obligation to prove anything. They can also order banks to stop processing payments for those sites. 

The Dept of Justice will be able to close foreign web sites also and any innocent sites that share the domain will have no legal recourse. Oh. And it lets the DOJ do DNS blocking; exactly what US politicians have criticised the Chinese government for. 

It's a frightful piece of legislation and according to this detailed rave has a high chance of becoming law.

Just be real cautious about emails that invite you to re-set your password. Often the links they want you to click will install malware along the way. In almost every case, if you didn't change your details the software won't require you to change your password.

Be 100% confident before clicking any links. If in doubt, go to the web page of the company, look at your account details and see if it needs changing there.

Dec 10, 2011: a million BigPond customers were unable to access their email for a full day. Looks like nobody died. 

Received some sham emails this morning that purport to come from the Australian Tax Office (but do not). They say you have incorrectly filled out a tax form - as if that could ever happen! Although the email uses the ATO logo it's not personally addressed and you should NOT respond giving any personal information. Proper ATO correspondence comes in the snail mail.

According to some sources, it runs on 140 million phones around the world and records everything you do, sending whatever info the phone company is prepared to request. Here's a comprehensive report from Bruce Schneier. It's mostly Android phones but you can check if it runs on your particular phone.

Facebook posts that purport to link to pictures of blonde ladies might instead lead you to a screensaver that embeds malware on your computer. If you see a link from a friend that seems a little out of character, don't click on any link in that post. Their account may have been compromised and be automatically spamming. You can see the picture here without getting the worm.

Just be a little careful with emails that look like they've come from Twitter. We've recently seen convincing looking spam that says something like "Irena is now following you on Twitter". But if you click the link to view her profile, joke's on you, buddy.

Sites such as Trip Advisor are a great source of info about hotels but there's currently a kafuffle about fake reviews and a suggestion that some spiteful individuals may be bad-mouthing their competitors.

If there are lots of reviews on the hotel you're pretty safe going by the percentages but treat harsh reviews skeptically. Probably better to focus on the positive reviews that sound authentic.

There's spam around at the moment suggesting you've forgotten your Norton Symantec password and requested a new one. You haven't. I've got it right here. (Kidding). Don't click anything in that email. 

This is just weird. It's possible to access anyone's iPad2 using your Smart Cover. Unless they've read THIS and secured against it.

One of the DEFCON (hacking conference) projects is to choose some high profile companies (Apple, McDonalds, WalMart) and see how hard it is to get sensitive information out of them. Then they publish the results. Not one of 14 companies put up effective barriers and only 3 employees baulked at requests for private information. This is a chilling result and should be widely reported. 

Does your ISP verify your ID before giving you access or account information?

Click the Do I Have Java link on this page to find out. If you have Java, you need to make sure it's up to date. Big new security upgrade just issued. You update by following the instructions after you clicked that link or by choosing the Free Java Download button on the same site. 

Then remove any old versions. You may want to ditch Java entirely; Brian Krebs has good info on some alternative protections here.

The other day we wrote about the high incidence of malware transmitted by USB sticks. One of the common software tools used by criminals for this is Stuxnet. A new variant has just been discovered. It collects information about your system and your defences and will probably be used to design future worms. 

An article by F-Secure reveals how this new worm disguises the information it sends back to the criminal gangs. Essentially, it sends an image that looks like a normal email attachment then encodes the information about your system in the image file. 

Do not use unknown USB sticks and keep your virus protection right up to date. More about Stuxnet. 

Microsoft says almost half of computer infections are due to actions by inexperienced users, rather than security holes in software. Interestingly, USB sticks account for 26% of problems according to the report. 

If you are uncomfortable with your level of knowledge in this area, permit us to suggest that you get some maintenance done on your PC and while we're there making the box run faster, we'll answer questions and suggest some strategies. 9325 1196.

Don't rush into this. It's Apple's replacement for MobileMe; an attempt to host your email, books, music, photos, calendars and apps in the 'cloud' (fancy way of saying On The Web). And then it updates all devices wirelessly. However, as respected site Slate notes: there be dragons. We suggest you wait til the glitches are ironed out. 

We'll have another look in three months or so.

Exercise a little caution scanning QR 2D barcodes with your phone. McAfee suggest you use scanning software that shows a preview of the URL you're headed towards before you load the page. If the URL's  different to what you've been promised, the page may have malware. Follow the link for recommended scanners.

U.S. legislation has been introduced (but not passed) that would allow companies to contact mobile users with auto-dial, pre-recorded 'informational' messages. Let's be clear about this in Australia: NO.

In a separate move, President Obama has said he wants to make it legal for Government debt-collectors to contact people's mobiles (they can already robot-dial landlines). 

No such thing. Look out for lying spam with malicious links (or malicious spam with lying links).

Not relevant to our readers but it looks like people who access porn sites using a Facebook login or who click a Like button on a porn site will automatically broadcast that in their Facebook timeline when the feature goes public. Incidentally, the launch of that feature may be delayed by a legal challenge from  timelines.com. 

A video overview. Prepared by the UK's Child Exploitation and Online Protection Centre. Short and dramatic. Good educational material for young teens.

The ACCC and QLD police report increasing dating website fraud, with crooks fleecing vulnerable (e.g. normal) people with romance scams. Get this: 20% of people who are fooled lose $100,000+. Dating sites will soon be compelled to display warnings. As if dating girls is not scary enough already. Conference.

We're trying out an app from the trustworthy F-Secure company that attempts to improve your Facebook security. Potentially useful. Try it here.

Once upon a time you only had to worry about opening .exe files in your emails. Those days are gone. Using the Right-to-Left Override, hackers can now encode worms and malware in innocent-looking files like Word documents and text files.

Just make sure you scan every file with your up-to-date virus and malware checker. Full article.

We haven't sighted the email but have heard that there's one doing the rounds claiming to come from Australia Post. It asks you to fill in details so you can retrieve unclaimed mail. Close reading will reveal poor grammar and spelling, which is always a clue. 

If you're a user of the bookmarking service Delicious, you need to act before Sept 23 to transfer your bookmarks to AVOS, the company who've taken over the business. All you have to do is click a link but if you don't, goodbye bookmarks. 

If you're a user of the bookmarking service Delicious, you need to act before Sept 23 to transfer your bookmarks to AVOS, the company who've taken over the business. All you have to do is click a link but if you don't, goodbye bookmarks. 

Twitter users need to be wary of clicking links in Direct Messages (DMs), even if they come from trusted sources. Usually they are out of character; ('you're hilarious in this video') - that's your only warning. More detail here. Because we are humourless technicians, we usually avoid any link containing the word 'hilarious'. 

Facebook have put together a guide to help you through the maze of complexity that is FACEBOOK SECURITY. How can we put this? It's poorly written. But it contains useful advice; we learned stuff.

Just FANTASTIC detail from F-Secure and others about the latest changes to Facebook security settings, as they try to counter the superior security architecture of Google Plus. 

They're giving you the ability to cap the amount of sharing that happens, but you'll have to read articles like the above to know how to set the limits.

43,000 Yale University students had their names and social security numbers searchable on-line for 10 months due to a change in Google indexing that Yale did not pick up. So glad we all went to Harvard instead. Story.

A reminder to keep those naked photos of yourself AWAY from social networks and other people's mobile phones. What do you mean you don't have any? 

Recent example: high profile bureaucrat in the States who upset the hacking community may have had his privacy seriously compromised. Story here. 

No evidence of this in Australia yet but be wary of free charging kiosks in foreign parts. When you plug in your USB cable most phones automatically dump the data that lives on your phone. Unscrupulous people could configure the charger to keep your data on their system. Just something to be aware of. Showcased at the hacker conference Defcon in quite a clever way - full details here.

Great article by software security firm Sophos on the 'digital breadcrumbs' left by the man arrested over the Sydney bomb hoax drama and how modern policing now involves cyberskills. 

Some excellent advice for people using Facebook and other social networks from Lenny Zeltser. Via Harry Waldron.

Quite a funny suggestion at the end of this short article. Basically the article tells how to find out if people are mooching off your wi-fi signal and what you can do to stop them. The article assumes a bit of knowledge; if you want to better secure your wi-fi we can help with that.

If you can't log in to your Facebook account or strange messages start appearing on your wall, your account may have been hacked. If you can, change your password immediately. Then run a scan on your computer with up to date anti-virus and anti-malware software. If you can't change your password, resort to the official Facebook security advice.

Call us if you need assistance; 9325 1196. 

Should your laptop fall into the wrong hands, your passwords won't protect your data. This article reports from the Black Hat Security Conference that criminals are able to access your gmail, Facebook and other passwords once they have your computer.

Full hard disk encryption e.g. Microsoft BitLocker is one solution; often used by corporates but if you store sensitive data, worth considering for private use.

Otherwise, if your laptop gets stolen, change all passwords IMMEDIATELY.

It just gets worse. First they infect your computer. Then they track your passwords and steal money out of your bank account. THEN, they put a fake balance over the top of your real one! I'm beginning to dislike these people. Don't respond to unexpected messages when you visit your banking site. More detail here.

A very frightening post by a user who put all his eggs in the Google basket then had his account suspended without explanation or recourse. Long article but worth scanning and considering.

Our sympathies to all Norwegians for the deaths of innocent people. Please be careful not to click on Facebook postings from people you don't know who claim to have video of the bomb blast. They are using public empathy during the tragedy to infect computers. Full details here.  

This video contains a very watchable description of the computer virus threat to the global economy. It's by F-Secure's Mikko Hypponen. Gets more interesting as it goes - highly recommended.

Google is informing over a million computer users they are infected with a particular kind of malware, posting 'your computer appears to be infected with malware' in a yellow panel at the top of search engine results.

The malware has the potential to hijack your computer, i.e. give  control to a remote user. If you need help removing the malware (thought to be installed by fake anti-virus software) you can contact us on 9325 1196.

Clicking on shortened URLs used in Facebook and Twitter is inherently risky. If it's from someone you don't know or you have ANY doubt about its integrity, check where the link takes you before you go  there. The JoshMeister explains how to do this in great detail.

IOS (Apple's operating system for the iPhone) and Android have quite different approaches to security. Both have strengths and weaknesses. Neither is clearly better. Details here if you're keen.

Finally, Microsoft is insisting on proper passwords for Hotmail accounts. YES, you DO have to change it. 1234 is not all that secure.

It's true that P2P sites have heaps of free software; even products that normally cost thousands of dollars. Unfortunately they all come with malware. The next time someone tells you they got their software for nothing, make sure they know their computer is almost certainly infected. Point them in our direction for detoxification. 

Internet Explorer users; make sure you're using version 9. Better malware protection in that product. The general rule is: UPDATE WHATEVER SOFTWARE YOU USE. Particularly important with web browsers. Here's some Microsoft propaganda about how great Internet Explorer security is. 

Latest impressive looking forgery: a fake antivirus product that looks convincingly like a Microsoft Update alert. It ain't. Don't touch that button. 

An analysis of the economics of the spam business with some informed opinions in the comments. Come on; there's nothing on television!

From Brian Krebs, leading smart cookie; three tips for online safety (which is great; who has time for six?). Tip 3 is worth a mention: if you're not using it, uninstall it. Too many apps glue up the works. Lean PC = Fast PC.

Blogger is back online after a day at the races. Or somewhere. Here is Google's apology to millions of bloggers.

People using Google's Chrome browser (which is very fast incidentally) need to configure the product to automatically update if they're security conscious.

In Chrome, choose Tools, About Chrome then tick the Update box. Mac users: there is no Tools menu; it's under Chrome. Article on latest security bug.

Do you run security software on your phone? Although problems on phones are less common than on PCs, security companies like Sophos sell products which protect against trojan viruses. Android users; here's an example of a virus that could be contracted by download an app from the official Android market.

The network is still off the air while Sony shores up its defences following the hack that compromised 77 million player details. Meanwhile, the company has announced further intrusions; these connected to a competition held in 2001 for Sony Electronics. Smaller numbers, still: *shudder*. 

*Groans*. LastPass, a free password management site that automatically generates hard-to-crack passwords is forcing users to change their master password due to the possibility its database has been compromised.

Should you still use services like these? Yes; you're better off using a system like this than typing a simple password on all the sites you visit. The password companies take their security seriously as evidenced by this precautionary measure. Notwithstanding this glitch, it's good practice. More here.

The latest attack vector of choice is Google Images. Clicking on particular thumbnail images (and there are lots of them - even normal-looking images) link through to rogue anti-virus products. Brian Krebs gives this advice in his excellent summary of the issue:

If you stumble upon one of these fake anti-virus security alerts, avoid the urge to click your way out of it. Instead, hit Ctrl-Alt-Delete, select the browser you are using (firefox.exe, iexplore.exe, etc.) and shut it down.

Since the scam requires a malicious script to run, Firefox users can avoid the problem by running NoScript.

You could own a limited edition replica of the Royal Engagement Ring. Just send $75 to Computer Mechanics (kidding). Here's a nice bit of Royal Wedding spam via Kaspersky.

Facebook in particular went out of its way to silence dissent. Seems it's not ok to use such occasions to talk about a cause. We're all just supposed to say how wonderful it is... Article from the excellent Boing Boing.

Sony's Play Station gaming network was shut down yesterday following a breach of security by hacker(s). The Australian reports that credit card information may have been accessed but the three digit CVN codes on the back of cards was not. Hands up whoever thought of implementing CVN codes; you can have a day off. 

At the very least, names, email addresses and birthdates have been accessed for 77 million uses (seems a lot) and users are advised to contact their financial institutions and set up fraud alerts, whatever that means. Just phone your bank and tell them you've got a PlayStation?

Here comes the bride and a very large attack vector. Some searches for Royal Wedding and the like are netting fake antivirus scanning software. As one security blogger says, beware of emails about 'strange turnips that look a bit like the future King of England when held at the right angle'.

Much gnashing of teeth in the U.S. over 'revelations' that Apple and Google store your location history, unencrypted, on your phone. As ComputerWorld point out, there are other far more real privacy issues with mobile phones. If you're worried about it, take out the battery.

Three weeks on, it's time to upgrade Flash again. Brian Krebs, who found the vulnerability writes in detail on the matter here. In short, update here and stand by for further updates on Adobe Acrobat and Reader. They're a couple of weeks off. Isn't computing fun?

If you blog at Wordpress.com you should change your password immediately; the site's database has been compromised. If you don't know how to change passwords, read the article from Sophos.

America’s Homeland Security is planning to send terror alerts to people on Facebook and Twitter. Frankly, I already get these from my family. Nonetheless; without a big public awareness campaign, you’ve got to imagine people will think they’ve been spammed. Instead, they should just have a big bell in the town square. 

Software that allows people to track other people's keystrokes on an iPhone or iPad is now being sold on the Internet BUT: it only works on a jailbroken phone. Jailbreaking is generally done by young, tech-savvy users to circumvent Apples rules and regs. Keep your phone legal to avoid the risk. Source.

Some scare-mongering in this video but also some interesting questions. In the U.S. your car can be tracked by authorities without you knowing. What is the position here?

Early warning from the U.S. of automatically generated Skype calls that ask you to download a Microsoft Windows update over the Internet. The page you land at then tries to scare you in to buying 'anti-virus' software. Get your updates in the normal way only. 

Also, in Skype, choose Preferences - Privacy and set it so that you only get calls from Contacts.

Facebook continues to accelerate as a vehicle for trojan viruses. The video promising teacher nudity will disappoint. So will what happens to your computer. Do not click on videos from people you don't know.

Jess Cooper's big birthday party in Sydney (200,000+ signed up on Facebook to attend) was cancelled. She was apparently unaware of how to set privacy levels for an event. Also, someone went to great effort to broadcast the invitation. Here are some FB privacy basics. Meanwhile, there's now a Facebook page called Can't sorry, I'm going to Jess Cooper's.

Charlie Sheen is not dead. Despite what you might have read on  Facebook. So I suppose that's a good thing. Don't click on a link to a video of his lifeless body, however tempting.