Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Thursday, December 31, 2009

Brian Krebs on Security

I don’t read as many blogs as I used to but I regularly kept up with Washington Posts’ Security Fix with Brian Krebs. I was sad to read that after 15 years, today is the last day Brian will be contributing to the Post. This is bitter sweet since my oldest daughter Erica was recently brought into the Washington Post Company to work on some of their blog projects and advise them on other new technologies. I was looking forward to her working with other true professionals like Brian.

I had the pleasure to meet Brian at an Anti-Spyware conference in D.C. We were both invited to a dinner which was organized by the good folks from Sunbelt Software. I was immediately impressed when Brian let our host Alex know that he would be required to pay for his own dinner. I know this isn’t really unusual professional behavior but it’s still rare.

 

briankreb

The good news is Brian certainly won’t be going away. We can now find him at KrebsonSecurity.com. As a seasoned professional you can bet this won’t be just another security blog.

Share on Facebook


Tuesday, December 29, 2009

Top Ten Best of 2009

Like many I thought it might be a good idea to recap the best of 2009 and remind folks of some important posts.  The following were some of the most popular stories of 2009.

Who Gets Your Personal Information on Facebook.

Even before Facebook changed their privacy settings I did some research on what companies were getting your information directly from your friends. The companies frequently have no privacy policy or physical address.

 

Four Secret Reasons Why Win7 is Ten Times Better

Windows 7 is turning out to be a success and as I pointed out in September users were destined to be happy. The core components of Windows 7 were created to increase performance even more than expected.

 

Free #1 Tweak to Improve Windows Performance

One of the most popular posts all year thanks to all the folks on Twitter, Facebook and PC Pitstop giving the thumbs up to this easy tip.

 

Security Vulnerabilities near Apocalyptic Proportions

Unfortunately, not a lot has changed. The vulnerabilities in 3rd party application continues to be a serious problem. At one time I expected the day would come when WinPatrol would be obsolete but that day is still far away.

 

We Have Your Password, and We Own You!

Bad password habits will continue into the year 2010. If you haven't already reconsidered your password habits you should read this story.

 

Mystery Filenames that Make No Sense 

Even though Microsoft Window now allows long descriptive filenames many developers fail to take advantage of this feature. The worse offender continues to be Microsoft with filenames like lsass.exe or ctfmon.exe.

 

Windows 7: Good, Bad and the Ugly

Another popular post let folks know what they could expect before Windows 7 was finally released to the public. I still think Recycling Bin is a stupid name.

 

No, I Don't Want Your #^$% Toolbar 

I’ve continued to resist allowing Toolbar vendors to bribe me into allowing their software to be included with WinPatrol. Unfortunately, many other free programs don’t care and you may be installing unwanted toolbars.
 

Conficker Threat: Fact or Fiction

Everyone was on alert for Conficker to strike on April 1st. If you read Bits From Bill you knew the real danger started on March 31st when folks in the far east had their clocks turn pass midnight way ahead of those of us in America.

 

Bill's Predictions for 2009

My favorite prediction that came true was “Windows 7 Won’t Suck”. See if you think I was correct with my other predictions.

Share on Facebook


Thursday, December 10, 2009

Facebook Simplifies Sharing your Personal Info

Even our local news channels have been reporting that Facebook has simplified their privacy policies. What they failed to notice is how Facebook is encouraging users to disclose even more information to “Everyone”.

The Facebook privacy news has also given credibility to the malicious phishing attempts that arrive in your Email with the subject “Facebook Account Update”. Some of my friends who would normally know better have fallen for these spam Emails thinking it’s part of the newly announced privacy policies.

Instead what Facebook users should see is the following pop up when they sign on.

newfacebook1

Like me your first reaction may be hurray! Facebook has listened to us and will be increasing our privacy. Guess again. When you click to continue you’ll see a revamped version of their current privacy settings. Unless you’re paying attention much of the information you only want “Friends” to see will now be available to “Everyone”. In all the accounts I tested Facebook inconsistently changed the setting from “Friends” to either “Everyone” or “Friends of Friends”.

newfacebook2

Unless you explicitly tell Facebook to use your old settings you’ll be opening up your personal information to the world.

newfacebook3



If you’ve already gone though this process or not I recommend going to your Facebook Settings, click on Privacy and you should see the following window. One problem with this screen is the user interface. It doesn’t tell you that you still need to click on “Change Settings” and re-enter your password. I guess they consider this additional password as security but fail to realize if you come to this screen you’ve already indicated your desire to change your settings.

newfacebook4 There’s also no “Apply” on this screen which as a user interface person drives me nuts. You can just leave this screen and your settings will be changed.

Unfortunately, It Gets Worse

Facebook has also been making some lucrative deals with search engine providers. One of the other new settings you’ll want to look at is “Search”. Do you want Google indexing the information you provide on Facebook making it available to the world? It may be ok if you’re having an affair with Tiger Woods but most of us probably won’t want this information so easily available.

newfacebook5
Find this under Settings –> Privacy Settings –> Search

I’m a pretty public person so my personal information are probably easy to find but I still changed these settings. Facebook to me is something I consider a little more personal and I don’t want to take any chances. I suspect many of you feel the same way.

If you missed my previous article on the companies who created Facebook Applications be sure to read “Who Gets Your Personal Information on Facebook”.

Share on Facebook


Wednesday, December 09, 2009

Introducing WinPatrol PLUS Family Pack

scotty family

 

One of the most talked about packages this year was Microsoft’s Windows 7 Family Pack. Let’s face it, the days of a single computer household are long gone. Unfortunately, you won’t find Win7 Family Pack available at its original $149 price.  I’m a big fan of families so it only seemed right to offer a special WinPatrol PLUS Family Pack.

For $49.95 folks can upgrade to WinPatrol PLUS and use the same PLUS code on their computer, their laptop, their spouses, and all the kids.  The PLUS Family Pack license is valid for immediate family so your kids can be protected even if they’re away at school. The WinPatrol PLUS license isn’t a subscription, it’s good for life.

Click here to Order

This is a limited offer but I hope it will make the holidays brighter especially for those of you with large families.

Share on Facebook


Tuesday, December 08, 2009

WinPatrol Birthday Contest Winner

scotty1997
Last month I celebrated the 12th birthday of my favorite application WinPatrol. There isn’t really an advertising budget at BillP Studios so word of WinPatrol has spread mostly via personal recommendation. There are still a lot of people who haven’t heard of WinPatrol so I appreciate when our fans tell their friends and family how much they like Scotty the Windows Watchdog.  It was natural to have a birthday contest that celebrated and rewarded users for helping to spread the word.

Congratulations to Jeremy Stewart of Bothell Washington who told his friend Sherman about WinPatrol.  Sherman became a WinPatrol PLUS member on November 7th, 2009.

Our grand prize was a copy of Windows 7 Ultimate Signature Edition.

win7signature

 

Thanks to many of you, WinPatrol still get thousands of downloads every day. The number of people who upgrade to WinPatrol PLUS “legally” could be better but I’m not complaining. If you search Google you’ll find WinPatrol has a great reputation and I love hearing from WinPatrol Fans who have had great experiences.


Click larger view.

winpatrol1 
WinPatrol 1.0 in 1997

wpdelay

WinPatrol 2010

 

Again, congratulations to Jeremy Stewart and everyone else who won the 2nd prize of a WinPatrolToGo 1 GB Wristband.

Share on Facebook


Saturday, December 05, 2009

Who Gets Your Personal Information on Facebook?


Are you one of the 350 million Facebook users? I’m a big fan of Facebook and like many I connect daily to see what my friends are doing and to share photos. As a security professional I am very careful about what I post and what information I allow to be shared. In that respect I’m unique. It surprises me how many of my friends will refuse to allow companies to share their information but eagerly give away their personal information to application developers on Facebook.

allowaccess

My friend Diana sent me some Christmas cheer. How could that be a bad thing right? Well, if I accept her cheer I’m sharing my personal information and all my friends with a company called Mob Science who has no physical address or privacy policy posted on their website.

Who are these application developers you’re giving your personal information too. One of the most popular developers is San Francisco based Zynga. They’re responsible for the games Farmville, YoVille, Mafia Wars, RollerCoaster Kingdom, Scrabble and dozens more. You’ll never be offered a chance to read Zynga’s privacy policy but the information is typical. They say only your name, address and gender are collected. As in most privacy policies they protect themselves with vague statements like “we don't generally collect any “Personally Identifying Informationabout our users”.

I’m not saying the folks at Zynga are evil or have bad intent but I doubt most users realize they’re providing information to this or other little known companies. Most people mistakenly believe it’s just all part of the Facebook experience.

It’s not just the games. When you take a quiz, or even donate to “Causes” you’re providing access your personal information. When you create or join a “Cause” you’re registering your personal information with Berkeley based Philotic Inc, started by Sean Parker, one of the brilliant co-founders of Napster.


If you’re a fan of Farm Town, you’ve registered with Florida based SlashKey. Popular game provider MindJolt.com is another one that doesn’t include any physical address or privacy policy on their website. The number two Facebook developer Playfish acknowledges “We collect the following personal data from you … : your date of birth, gender and your contact details including the country where you live and any phone number(s) or email address(es) that you provide.” In addition, “We may use a third party to serve advertisements on our site. Cookies may be associated with these advertisements … We do not have access to or control of cookies placed by third parties.

In the grand scheme of things the dangers from sharing your information with these companies may still be minor compared to other risks. I wanted to focus on 3rd party Facebook Applications because most people don’t understand why their Email Spam seems to know specific personal details.

Facebook Applications can access this info
Did you know when your friend allows an application, they give away all your information too?

When you sign up for Facebook all these boxes are checked as the default setting. That means if your friend allows an application, all the information you may have set to "Friends Only" is made available. Click Here to change your settings. (Update 12/9: Facebook has made some changes do don't be surprised if this page looks a little different)

Facebook has been slow to react to customer concerns but recently announced new privacy options. It’s still up to the individual user to check out their rights and options to protect themselves. If you’re a Facebook user please click here to read how you can update your privacy settings.

Updated 12/9
Facebook has updated their privacy options. Here's the replacement for the screen allowing you to restrict information shared by your friends.



Updated Facebook privacy



Facebook Simplifies Sharing your Personal Info

Labels: ,

Share on Facebook