Thursday, October 14, 2010

Java now a major malware target

Users of Java should make efforts to keep their Java installations updated on their computers. As noted in the blog posting Java: A Gift to Exploit Pack Makers, it has become a major target of interest for malware writers / exploiters.

A Java update released on 10/10 was reported in the posting Java Update Clobbers 29 Security Flaws. This posting tells you how to update your installed version to the current Java 6 Update 22. Your installation may update automatically if you have it set up to do so. I recommend checking and updating it right away. I also concur with Brian's suggestion to avoid the extras that want to install themselves when updating Java. Don't rush through the installation screens without looking for the optional extras that require you to "opt out".

On Windows PCs Java is not loaded until needed to run a Java applet, such as the popular addonChat used by my ham radio friends. When loaded, you will see a Java icon in the tool tray.


If you want to make sure that Java (and other programs) are updated on a timely manner to avoid security flaws, you can choose one of the following tools that are also mentioned in Brian's first posting mentioned above:

I use the Secunia Personal Software Inspector continuously, and run the File Hippo tool occasionally.

John

Tuesday, July 6, 2010

Spam e-mail processing

The transmission and reception of e-mail has become less reliable and more complicated over time as the volume of unsolicited bulk or commercial e-mail (UBE/UCE, aka spam e-mail) increases. According to several published reports, the percentage of spam e-mail is now around 90%.

At the Server
Corporations and Internet Service Providers (ISPs) have been deploying increasingly aggressive spam filtering to combat this onslaught of junk and malicious e-mail. Today there are as many as five possible dispositions for e-mail arriving at a server owned by the service provider:
  1. Discard the e-mail when identified as blatant spam
  2. Place the e-mail in a separate spam folder in the user's e-mail account
  3. Tag the e-mail as possible spam and place it in the user's e-mail inbox
  4. Remove detected malicious software content from the e-mail and place the “disinfected e-mail” in the user's inbox, with notification of the action taken
  5. Place the unaltered email in the user's e-mail inbox
Most service providers today offer some degree of customization of the filtering that takes place at the server. This involves one or more of the following actions by the user, depending on what the service provider offers:
  1. Designate whether the service provider should place suspected spam in a spam folder
  2. Designate e-mails tagged as possible spam as being not spam.
  3. Designate e-mails that should be treated as spam, but were not tagged by the server.
  4. Add a sender's e-mail address to the recipient's contact list on the server. Many service providers use a recipient's contact list as a “white list” of addresses whose e-mail should not be treated as spam.
  5. Select a level of spam filtering sensitivity, possibly with separate thresholds for immediate discard and for spam tagging of e-mails.
At the User's Computer
On the e-mail user's computer, the client software for handling e-mail has gained features to help the user to filter out the spam that remains after the first level of processing by the e-mail server belonging to a corporation or ISP.  In the case using a browser-based e-mail client (i.e. web-mail client), most of the features are those available at the server. A user can typically also create custom filters for handling e-mails according to criteria chosen by the user.

In the case of dedicated e-mail client software running on the user's computer, such as Mozilla Thunderbird or Microsoft Outlook, customization of the built-in spam filtering can be accomplished through one or more of the following actions by the user:
  1. Designate what to do with e-mails automatically tagged by the client software or the server as possible spam. Options may include: discard, save in a spam folder, remove tag.
  2. Mark additional e-mails as spam that were not previously tagged as spam. This typically trains the client software to recognize possible spam, tailoring the spam recognition profile to the individual user.
  3. Un-mark e-mails tagged by the client software as possible spam, in the case where the user considers the e-mail to be not spam.
  4. Add a sender's e-mail address to the recipient's contact list in the client software. Many client programs use a recipient's contact list as a “white list” of addresses whose e-mail should not be treated as spam.
  5. Set up filters to handle e-mails according to tags, From: addresses, To: addresses, Subject line or body content, etc.
Those who originate spam continue to adapt to the above measures, with the result that some spam gets through to the end recipient and some legitimate e-mail is blocked.

The above observations are based on my own experience with one Internet service provider, one corporate e-mail system, and at least six e-mail client programs. Comments and additional observations are welcome.

Tuesday, June 15, 2010

Visitor to shack: IC-703

Here is a photo showing the IC-703 that Bill loaned to me for use during my upcoming visit to Baton Rouge. Thanks, Bill!

This morning the IC-703 and my Heathkit SB-104A took turns on the antenna during our morning QSO.

Thursday, June 10, 2010

Rio on ConnectNow

This screen shot shows my daughter's dog Rio.


Monday, May 31, 2010

Weather Radar Websites

Per discussion on 3740 kHz on a recent morning, here are a few of my favorite websites for weather radar information:
  • National Weather Service - Southern Mississippi Valley Sector
    This one provides a nice quick overview of my region to see what is in nearby states. Other sectors can be selected, along with a full national view. You can click on the word Loop to animate any sector view over a 70-minute interval. By clicking on any city you will be taken to the nearest local radar view, such as this view for Mobile. Various controls are available there, and radar animation can be activated for a 40-minute loop. The animation requires JAVA to load since it is a JAVA applet. Since the NWS is funded by us taxpayers, there are no ads.
  • Weather Underground's WunderMap - To reach your local view go to the home page, enter your zip code in the Search box near top of page and click Go. On the resulting page you will find lots of information and map displays. Below the little radar thumbnail you'll find links for Local Radar, Hi Def Radar, WunderMap, etc. Click on the WunderMap link. The resulting display shows radar information and Weather station markers that you can click for local conditions at those sites. You can un-check the Weather stations box in the Map Controls section under the map if you want to simplify the display. There you can also find a Start link for animating the radar display. Additional options are available under Radar Options. You can 
    • zoom in or out easily using the + and - buttons on the upper left side of the radar map
    • pan using the arrow buttons or by click and drag on the map
    • select the Map, Satellite, Hybrid, or Terrain view
  • StrikeStar lightning map
    This site displays lightning activity over the past 60 minutes or a 24-hour summary across the USA. Regional views (e.g. Southeast) can be selected to show a better view close to your current location.  Color coding of the data display is defined near the upper right side of the map.

Wednesday, April 14, 2010

W4BXI Test of 5 Antennas

Here is a screen shot of audio recorded at about 0835 CDT at my receiver during W4BXI's test of 5 antennas on 3740 kHz. The total time duration is just over 50 seconds. Today I had the RF gain set to max, where the S-meter readings are most 'accurate'.  Yesterday I had it set some amount below max during the audio recording. Having the RF gain at max may alter the receiver's AGC action and resulting amplitude comparisons. I note that the background noise rises in amplitude before each tone transmission starts.For future audio recordings I'll make a point of reducing the receive RF gain.

Tuesday, April 13, 2010

W4BXI Antenna Traces

Here is the audio waveform recorded this morning on 75 m at WA5MLF during W4BXI's test transmissions on four different antenna configurations. The effects of signal fading (QSB) can be seen during each transmit period. The elapsed time shown is 21.55 seconds. The recording and waveform display are from CoolEdit2000, but the same features are available with the free program Audacity



Tim WA4PTZ also made an audio recording at his station. He captured the last 3 test transmissions. Below is a dual-trace display with Tim's recording on top and WA5MLF's recording below. The elapsed time is 17.9 seconds. Click here for an mp3 copy of the composite recording.


The upper waveform gives the appearance of a steady signal from W4BXI for each tone (carrier) transmission, but it is not known how much the AGC in Tim's receiver or PC sound card affected the recording levels. Note that the noise level after each transmission rose to a level with peaks similar to the level of the steady tone (carrier).

John

Wednesday, January 13, 2010

Selected computer security tools

Here are a few links about certain computer security tools that I have repeatedly suggested to friends and family members:
  • OpenDNS -- Can be set in your router or in each PC individually. For a laptop that is used elsewhere to access the Internet, it should be set up in the laptop even if set up in the home router. For a household with many PCs, especially children's, the router may be a good place to set it. The optional user account can enable more powerful and customized filtering of web sites.
  • Password Managers
    • SplashID -- I use on my PDA. It syncs with the version on my PC.
    • Password Safe -- Free. Duplicates what I have on SplashID. Has a nice Auto Type feature that provides single-keystroke entry of userid & password at a web site's log-in screen.
    • LastPass -- A web-based password manager; I have not used it.
  • File Shredder -- Can process individual files or entire folders and their subfolders with contained files. Example of the latter usage is to shred the entire "Documents and Settings" folder of a PC being recycled or discarded.
  • CCleaner -- Excellent product for cleaning up software debris that accumulates in your PC.
  • Drop My Rights -- A free utility from Microsoft that reduces the administrative rights of a web browser, email program, or media player to prevent most accidental installations of malicious software when using these routine programs.

Electronics Recycling
Off topic, but included here for convenience. See the blog posting about Technical Knock Out, a good place for recycling old computers.