Welcome to GuruNews
Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.
You can interact with the PC Guru team via our Web site, located at http://www.thepcgurus.com. On our site you can post your computer questions, comments and rants on the forums, e-mail the PC Guru
team members and chat one on one in our nightly IRC chat beginning around 8:00 PM EST. You can also subscribe to our RSS feeds so you can get the latest news and forum updates from the PC Guru Web site directly on your computer.
If you're new to the Newsletter you can read back issues at Team member JP Durbin's website at http://www.jpdurbin.net. There are links to all the old 84 Online issues as well as the new GuruNews missives.
The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region. Visit http://www.whascrusade.org to make donations online.
Those of you Jonesing for the halcyon days of 84 Online might find team member USS Rover’s list of streaming tech shows at http://www.kalnet.com/%7Eussrover/c-shows.html useful. Times are listed in Zulu (GMT) and Central.
To subscribe to this newsletter just drop by www.thepcgurus.com and sign up!
Vol. 6, No. 39
9-21-06
1 Social engineering
2 Old fashioned high tech
3 Anonymous browsing, MS Tube, yet more battery horrors, I Robot
4 Electronic dictionary
5 Startup error
Kevin Mitnick is probably the most famous computer hacker in the world, given the fact that he’s not really a computer hacker. Mitnick back in his day was actually known as a phone phreaker, or someone who broke into telephone networks and switches. This allowed for free long distance calls but the biggest gain was both new knowledge of the system and the sheer thrill of secretly gaining access to protected systems.
I don’t call Mitnick a hacker because he doesn’t use technology to do much of anything. He didn’t use obscure networking tools to probe IP addresses for vulnerable ports or keyloggers or trojans to gain access to PCs. He used simple psychology, making calls and presenting himself as someone he wasn’t with just enough of the right knowledge to sound convincing.
This practice is called social engineering or pretexting. In emails it’s referred to as phishing, which I’ve mentioned many times before, but pretexting is more a verbal medium used in telephone calls and on rare occasions in person. You present yourself as an agent of an agency or department in a conversation and exhibit knowledge of said organization to be believable and the other participant of the conversation, trusting you since you’re a member of their “circle”, will give you privileged information without hesitation.
As with many of these topics, this one was triggered by an email message to the Gurus. This one actually came from our resident cartoonist Terry Wise and reads:
“My mom (in Elizabethtown) received a phone call this week from a lady asking her to participate in a survey about Medicare or Medicaid. (I suspect the survey changed as the caller hears the voice and guesses an age.) Mom said she would, and the caller then said something like... "Let's see... I have your age at 68, is that right?". Mom said no and told her her age, then the girl asked her to confirm her birthday. Mom's getting suspicious at this point, but did. Then the girl says... "Okay... I have the last 4 numbers of your social security # as digit digit digit digit, right?" Mom... "No". Girl... "Gosh, these files are really messed up... can you help me straighten them out?", and went on to apologize for the mistakes and hoping mom would help her not get fired and do her job. Mom had caught on by now and (being mom) politely got off the phone.
www.Scambusters.org calls this pretexting and a sharp caller can get SS numbers, birth date, pets name, a credit card #, etc. Be aware that these phone scams are going on and pass the info on.”
A bit different than Mitnick’s exploits, which were mostly harmless to individuals, but using the same exploits to gather personal information, most likely for identity theft.
Something similar was apparently used by investigators working for HP executives against their own board members, as well as reporters looking into the scandal (http://news.com.com/2061-10789_3-6117034.html). In this case the executives were looking for the source of leaks to journalists and the investigators posed as all manner of people to obtain phone records, email messages etc. Keyloggers may have been involved as well, and when all is said and done there may be a shortage of executives at HP sometime soon.
This sort of scam is a threat to everyone, from the individual to the corporate switchboard operator. I certainly can’t cover everything in one issue, or in even one month, but here are some tips on protecting yourself and your company:
No credit card company, bank or other financial institution will ever call or email you to verify personal information, period.
Write down the time and date that any such calls come in and ask for the caller’s name. Advise them you will get the information and call them at their office and hang up, then call the actual company and report the call.
Don’t take any information the caller gives you at face value. Look up the phone numbers of companies mentioned rather than use those supplied by the caller.
Knowledge of your name, address and phone number are available online just as they are in a phone book. Knowledge of that information lends no credibility to callers that get that information correct.
Never give your credit card number, Social Security number, date of birth or maiden name to ANYONE that calls you, regardless of how you feel about their authenticity. Even if you recognize the voice as someone at your bank, tell him or her you’ll run down to the branch office to settle matters.
That’s not much of a list and it’s far from complete but it’s a good basic guideline. As cynical as it sounds, the best advice is “trust no one”. It’s against our very nature but in this day and age, unfortunately it’s a necessity.
Next week we’ll get geeky and talk about magnetic fields. Try not to pass out while holding your breath in anticipation :)
Kevin Mefford, Editor
Terry Wise
A group
of computer hackers and human rights workers have launched
a
specially-crafted version of Firefox that claims to give users
complete
anonymity when they surf the Web:
http://www.techweb.com/wire/security/193004447
Microsoft
on Tuesday launched a video-sharing service that would
challenge the popular
YouTube in the fast-growing market for online
amateur and professional
video:
http://www.informationweek.com/news/showArticle.jhtml?articleID=193003657&subSection=Breaking+News
In
yet another chapter of "The Laptop Battery From Hell," an IBM
ThinkPad did
its best Human Torch impression while boarding a flight
at LAX:
http://www.dailytech.com/article.aspx?newsid=4256
This
headline is NOT from a 1950's sci-fi movie---"Experimental AI
Powers Robot
Army". I, for one, welcome our new robot overlords:
http://www.wired.com/news/technology/software/0,71779-0.html?tw=wn_index_26
Copy
us on the good stuff, as long as it's cool to the touch ;-)
Matthew
Dattilo
thepcgurus@gmail.com
www.mattstodayinhistory.com
Download of the Week
Whether your dictionary is untouched or dog-eared and falling apart, this free program, WordWeb, can replace it quite effectively. Not only does it include common definitions but it shows synonyms and antonyms as well. You can use it with any word processor or as a stand-alone tool.
Its Lookup field lets you use asterisks and strings to find words in a number of different ways. If you enter *gry, for instance, the program will retrieve angry, hungry, and other words ending with those letters. You can add words to the program's database too. If you're a truly advanced wordsmith, you might find the program's hypernyms, hyponyms, meronyms, and holonyms useful. It’s free here:
Art Maley
Email Question of the Week
Q: Got a problem--I think! I have a
new computer running XP and all is
good except that recently, whenever I
reboot I get an error message
with a window entitled: Soundman.Exe--"Entry
point not found". The
message is as follows: "The procedure entry point
setupdienumdevice
interfaces could not be located in the dynamic link library
setupadll.
Every thing seems OK so what gives? Thanks for any help
you can give me.
A: That's basically just a tray icon for a
Realtek or Avance sound
chipset and isn't needed. As long as your sound
is working normally
just click Start and Run and type in "msconfig" (without
the quotes).
Click the
Startup tab and find the box for soundman and uncheck
it. Click Apply
and Close and restart the PC and the problem should
be solved.
Hope that helps
and keep us posted :)
Kevin Mefford
Contact info and legal
stuff
If you have tech support
questions or ideas and/or submissions for our newsletter please submit them by
visiting www.thepcgurus.com and click
on the “Email the Team” icon.
Copyright 2001-2006 The PC
Gurus, all rights reserved.
Publication, rebroadcast or storage is prohibited without prior consent,
however you may freely forward this publication to friends as long as A) it is
forwarded in its entirety and B) no fee is charged.
Information provided in this
publication is provided "as is" without warranty of any kind, either expressed
or implied. Although the
information provided is known to work on most systems, it may not work on ALL
systems. Make use of any
information supplied at your own risk.
The PC Gurus are a group of
volunteers who provide support for the PC, Mac and Linux users in the
Kentuckiana region.
To unsubscribe from this newsletter visit http://thepcgurus.com/mailman/listinfo/newsletter_thepcgurus.com or send an email to microdome@seidata.com with the words “unsubscribe newsletter” (without the quotes) at the top of the body of the message.