PC Club of Charlotte
Bytes and Bits
October 2008 issueOCTOBER 9th MEETING PROGRAM
VIRTUAL MACHINES
Presented by: Galen Bolin
Do you need to run a program that needs Windows 3.1? Would you like to experiment deeply with Linux? Do you need a test environment for a new program you don’t want to put on your primary computer? Did you just buy a new Mac, but can’t quite let go of all your Windows programs? Are your kids (spouse, coworkers) always messing up or infecting your computer?
Galen Bolin will demonstrate how you can run all these scenarios (well, maybe not Win 3.1) on the same computer – at the same time! Virtual computing allows the power of a modern computer to be divided among multiple operating systems simultaneously. It’s like having 3 computers in the space of one. Come Thursday to learn more.
Please join us for an informative evening!
The October PC3 Meeting will be held
on Thursday, October 9th at
Little Diversified Architectural & Consulting 5815 Westpark Dr. Charlotte, NC 28217
The meeting begins promptly at 7:00pm. (Doors do not open before 6:45).
--------------------------------------------------------------------------------
Letter From The President
The Winterfeast Party will be December 11 at the Levine Senior Center. Tickets are available at all meetings for $15. You must have your reservations in by Dec. 1. If you would like to help with planning or presenting the party, please contact me at
President@pc3.org.
Please help us make the club more responsive by signing the attendance sheet at every meeting. Periodically we will also ask you to verify your contact information. If your address, phones, or other status changes; please pass it on to
Membership@pc3.org. Also, please keep your information current for the Bytes & Bits mailing list at
http://pc3.org/bytes/?p=subscribe&id=2 (this link is at the bottom of all our newsletters). If you will, include your real name so we can correlate email addresses with faces. The mailing list is automated and independent of our membership lists, so you need to update both places. And remember, we will never sell or make inappropriate use of your information.
Now that gas is available again, you can all participate in our SIGs. I have a special plea to join the Online Collaboration SIG at Levine on October 15. The Microsoft Office SIG with Warren Shanahan as the teacher is currently looking at advanced features in Word. Dewey Williams moderates the Web Design SIG that meets the first Wednesday and talks about issues of interest to people who want to publish online. Check the calendar for details on all our meetings.
-=-=-=-=-=-=-=-
Big Brother may not be watching, but everyone else is.
How paranoid are you?
I used to count on anonymity by obscurity to protect my privacy. I figured I was too boring for anyone to make the effort to track everything I do and profile me. In the less than 10 years since I last said that, it turns out that I am valuable and it is not too difficult to track and correlate every last thing I do.
Know that shopper’s card you use at the grocery or drug store? By watching your purchases, they know how many cats and kids you have, whether you live a healthy lifestyle, and possibly even specific ailments or habits. Meanwhile, your credit card company knows the health of your finances and when you’re away from home as well as how often you eat at McAlister’s and whether your hobbies are gardening or fishing. Your cell phone carrier knows within a few feet where you are as well as having a record of all your calls and copies of your contacts list, txt messages, and photos. Even your belt or shirt (and if Homeland Security gets its wish, your drivers’ license) could be blabbing your position every time you walk in or out of a store through the RFID “inventory control” chip embedded in it.
Modern voluminous databases and large amounts of computing power allow companies to gather all the information they collect and infer the pieces that apply to a single person. They can identify you even if traces don’t share identical identifying information. And then they look for a way to make money off your dossier.
You think it’s great for the grocery to send you a coupon for one oat cereal because you’ve bought another one. The competing manufacturer pays them without knowing who you are. But what if the grocery decided to sell your cigarette purchases to your insurance company?
It should be even scarier online. You’re already plugged into the biggest computer in the world and you are instantly moving from place-to-place. One moment you may be talking to your broker, the next buying a shirt with PayPal, and after that jumping among friends at MySpace.
Who can follow you at the speed of a click? How do they know who you are? Weren’t all those financial transactions protected with https?
Every webmaster – even Dewey – knows at least what your personal IP address is, what type of browser you’re using, and where you came from if you clicked a link to get there. If you’ve got cookies on the computer (and you can hardly surf the web without collecting them), they know a lot more about you. By looking your identifiable cookie up in their database, they know everything you’ve told them including possibly your name and address, credit card numbers, and every thing you’ve looked at on their site.
It’s good that the outdoors store reminds you to buy a scarf, saves you having to look up your wife’s shirt size, and doesn’t make you retype your shipping address, right? But what if they give you a list of targets because you just bought a bow and arrow somewhere else? How did they know that?
When a site has an ad on its page, that probably is put there by another company which now has permission to add their own cookie to your gut. Go somewhere else and the same ad server reads its cookie and may have a lot of inferred or specific information from your previous stops. Don’t bother trying to parse their EULA and Privacy Statements – most of them allow free exchange with “affiliated partners.” And they are also permitted to change them on a moment’s non-notice.
A few months ago (
http://pc3.org/smfpc3/index.php/topic,121.0.html) I challenged you to search on a random topic, but warned you not to be signed into your Google account while you did it. Remember that IP address I said all websites can connect to you? The search engines know it too and intentionally save all your searches by your IP address. Their stated purpose is to improve their search algorithms, but there’s a lot of information there. And that information could be available to Google’s subsidiary Doubleclick. Doubleclick is a major provider of targeted display advertising on the net and was one of the early users of the idea to track with their cookies you as you surf to various sites. If you have any account with Google, you are known across all their other subsidiaries from Checkout to Finance to Health to YouTube; they are in the same database.
Google is just the goliath for this example; I’m sure everyone else tries to leverage the same technology. AOL knew your identity wherever you went long before Google. Yahoo and Microsoft encourage a single login for all their services. As the old sayings go: you live in a fishbowl; be wary, very wary.
References:
http://www.sciam.com/article.cfm?id=privacy-in-an-agehttp://www.sciam.com/article.cfm?id=do-social-networks-bringhttp://www.google.com/intl/en/options/ http://www.sec.gov/Archives/edgar/data/1288776/000119312507044494/dex2101.htm http://www.doubleclick.com/ http://www.torproject.org/ Bill Barnes, President, PCCC
10/3/08
--------------------------------------------------------------------------------
SPECIAL INTEREST GROUPS
Web Design SIG
Levine Senior Center
Wednesday, October 1 - 6PM
(Check PCCC Website for possible date change)
Online Collaboration SIG
Levine Senior Center
Wednesday, October 15 - 6PM
(Check PCCC Website for possible date change)
MS Office SIG
Levine Senior Center
Tuesday, October 28- 6PM
"Advanced Microsoft Word " (Segment 2)
For the times and locations of all meetings: go to
http://pc3.org/EventCalendar.
The Event Calendar is the most reliable source for late program changes
(including cancellations).
--------------------------------------------------------------------------------
Board Meeting Minutes
Personal Computer Club of Charlotte
Monday, September 22, 2008
Attending: Bill Barnes (President), Barbara DeMase (Treasurer), Terry Bozarth & Warren Shanahan
Meeting was called to order at 5:35PM, by President Bill Barnes.
We committed to having the Holiday Party December 11 at Levine Senior Center, 1050 DeVore Ln, Matthews, NC 28226. (Please do not try to search this location at Google, it is wrong. Locate the Senior Center from our map at
http://pc3.org/news/images/maplg_pic_levine.jpg or from MSN or Mapquest.) Our thanks to Terry for making the arrangements. Although the cost of the meal is up this year, through our relation with Levine of Warren and his team teaching their classes, the overall cost will be comparable to recent years. We will hold the ticket price at $15 for members and one guest with a comparable contribution from the club treasury. There are advantages to membership.
We chose a menu of Grilled Flank Steak and Pan Seared Tilapia for the entrees. We will also have vegetables, a salad, and a chef’s choice dessert. Barbara DeMase and all SIG coordinators will be selling tickets at all meetings in October and November. If you cannot make it to a meeting, please contact her at
treasurer@pc3.org. Barbara and Terry will coordinate decorations and Dewey is again searching for gift donations. If you would like to help in any capacity, please contact us from the Officers page on pc3.org.
Treasurer's Report
Aug.1st through Aug 31st , 2008
Assets: as of August 31st, 2008
Checking account:
Beginning balance: $1510.28
Deposits/Credits 115.05
Checks .00
Withdrawals/Debits 19.25
Ending Balance $1606.08
PayPal 429.05
Cash on hand 30.00
Total: $ 2065.13
Disbursements: none
Warren continues to get an enthusiastic response from the seniors in his classes. Any members who want to participate, please contact him.
There are currently 3 SIGs active:
Web Design – first Wednesday of the month
Online Collaboration – third Wednesday of the month
Microsoft Office – last Tuesday of the month.
Always check the Calendar for late updates on meetings.
We have our meetings planned for the rest of 2008 but need your input for next year. If you have a topic idea or know someone who could help us out on the ideas below, please contact
president@pc3.org.
Programs
October - Virtual computing – Galen
November - Digtal Photo Tips – Richard
Future – We need ideas, folks!
CAD – idea from Paul & Cliff. We need to focus the topic: do we want high-end gee-whiz or something our members might use like house design?
Windows Home Server -
Q&A – Dewey (some day)
Own your computer – data organization – Bill
Online gaming – Mike Wetmore (guest from Bill) and member Alex Albi.
Social networking – Looking for a demonstrator.
Doing the “easy” stuff – using podcasts, RSS subscriptions, mp3s, picture sharing, using external media, “decommissioning” a hard drive … add more ideas
Blue-sky ideas:
Technology showcase – everyone bring in their toys and describe them. Possiblities: GPS, digital video, smart phone, video over internet, ebook reader.
Eatin’ before the Meetin’ October 9 is at 5:30 pm at Fuel Pizza at Park Rd. Shopping Center – please do not go to McAlister’s.
The next Board meeting is 5:30 pm October 27 at Showmar’s on 7th Street.
Submitted by Bill Barnes
CYBER SECURITY
Cyber Security Tip ST06-001
Understanding Hidden Threats: Rootkits and Botnets
Attackers are continually finding new ways to access computer systems.
The use of hidden methods such as rootkits and botnets has increased,
and you may be a victim without even realizing it.
What are 'rootkits' and 'botnets'?
A 'rootkit' is a piece of software that can be installed and hidden on
your computer without your knowledge. It may be included in a larger
software package or installed by an attacker who has been able to take
advantage of a vulnerability on your computer or has convinced you to
download it. Rootkits are not necessarily malicious, but they
may hide malicious activities. Attackers may be able to access
information, monitor your actions, modify programs, or perform other
functions on your computer without being detected.
'Botnet' is a term derived from the idea of bot networks. In its most
basic form, a 'bot' is simply an automated computer program - or 'robot'.
In the context of botnets, bots refer to computers that are able to be
controlled by one, or many, outside sources. An attacker usually gains
control by infecting the computers with a virus or other malicious
code that gives the attacker access. Your computer may be part of a
botnet even though it appears to be operating normally. Botnets are
often used to conduct a range of activities, from distributing spam
and viruses to conducting denial-of-service attacks.
Why are they considered threats?
The main problem with both rootkits and botnets is that they are
hidden. Although botnets are not hidden the same way rootkits are,
they may be undetected unless you are specifically looking for certain
activity. If a rootkit has been installed, you may not be aware that
your computer has been compromised, and traditional anti-virus
software may not be able to detect the malicious programs. Attackers
are also creating more sophisticated programs that update themselves
so that they are even harder to detect.
Attackers can use rootkits and botnets to access and modify personal
information, attack other computers, and commit other crimes, all
while remaining undetected. By using multiple computers, attackers
increase the range and impact of their crimes. Because each computer
in a botnet can be programmed to execute the same command, an attacker
can have each of them scanning multiple computers for vulnerabilities,
monitoring online activity, or collecting the information entered in
online forms.
What can you do to protect yourself?
If you practice good security habits, you may reduce the risk that
your computer will be compromised:
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses,
so you may be able to detect and remove the virus before it can do
any damage. Because attackers are continually writing new
viruses, it is important to keep your definitions up to date. Some
anti-virus vendors also offer anti-rootkit software.
* Install a firewall - Firewalls may be able to prevent some types
of infection by blocking malicious traffic before it can enter
your computer and limiting the traffic you send. Some operating
systems actually include a firewall, but you need to make sure it
is enabled.
* Use good passwords - Select passwords that will be difficult for
attackers to guess, and use different passwords for different
programs and devices. Do not choose options that allow your
computer to remember your passwords.
* Keep software up to date - Install software patches so that
attackers can't take advantage of known problems or
vulnerabilities. Many operating systems offer automatic updates.
If this option is available, you should enable it.
* Follow good security practices - Take appropriate precautions when
using email and web browsers to reduce the risk that your actions
will trigger an infection.
Unfortunately, if there is a rootkit on your computer or an attacker
is using your computer in a botnet, you may not know it. Even if you
do discover that you are a victim, it is difficult for the average
