Scammers lurk in the shadows of the Internet studying their prey. They record your personal information like: your name, children’s names, pet’s names, phone numbers and the suburb you live in (even your full address!). If your password is made up of your children’s name, it doesn’t take a master criminal mind to figure it out (see our tips on password). If you operate a business from home, it’s also very easy to look up your address, just follow the link to your business’ web address on your Facebook profile and presto!

One of the most important ingredients in successful identity theft is to obtain your birthday. Unless your friends and colleagues mention their birthday on the Facebook first, we recommend you congratulate them by just sending them an SMS or better yet, call them (call me old fashioned!). Not only will it be extra special but you have helped to protect their identity at the same time!

Also beware of Facebook apps like MyCalendar that wants to store your friends’ birthdays. Do you know who will have access to that information?

Hackers have been targeting WordPress sites to exploit for some time now. Typical behaviour after hacking a WordPress site is to attach a malware payload to the website so that visitors will be infected automatically. Most WordPress owners only find out when their clients contact them to let them know that their site is blacklisted on Google!

Here are some tips to improve the security of your WordPress site.

Disclaimer: Information contained on this website is intended for general guidance.  It should not be used as a substitute for technical advice. Whilst all care is taken, it is the user’s responsibility to ensure that advice provided is appropriate. Whether through our negligence or not, Cybersphere does not accept any liability for any loss or damage that has resulted from information provided on this website.

For the past two days, the Kaspersky Lab Expert, Mr Costin Raiu, had a dummy infected machine under observation. This morning, that computer was taken over remotely and the content of the Mac scanned and the attacker also downloaded a number of documents off the infected computer.

“We are pretty confident the operation of the bot was done manually – which means a real attacker, who manually checks the infected machines and extracts data from them” says Raiu. You can read the full report on securelist.com site.

Meanwhile, we recommend the use of antivirus applications on all Mac OS X computers. For our recommendation, please read our previous post.

We have tested a number of leading AV applications on the market.  There are a number of factors to consider:

• Does it scan for viruses, malwares and spywares?
• How long does it take to scan a hard drive?
• How deep does it scan?  That is, can it find a virus inside a zipped file?
• How much does it slow down the computer?
• How much does it cost?

After extensive testing on Apple OS X 10.7.3 Lion on both iMac and MacBook Pro, the antivirus application we recommend is: Sophos Antivirus for Mac Home Edition v8.0.

This free application is not perfect.  On average, our test Macs took 2 to 3 hours to perform the first full scan of hard drives.  In our testing, many other AV applications managed to scan the hard drive in a shorter time.  However, some of them were unable to scan deep enough and missed viruses nested with multi-level zipped files.

Also, every AV application places some load on the computer making it less responsive.  The Sophos Antivirus for Mac Home Edition is no different.  However, compared with some of its competitors, Sophos placed a minimal toll on our Mac.  Depending on the age of the Mac, this may be more or less noticeable.

It is worth pointing out that Macs may be immune to Windows viruses but are still able to pass them onto unsuspecting Windows users (eg. colleagues and customers).  The Sophos automatically scans for Windows viruses on a Mac, protecting us, as well as, protecting people we email.

The price of the AV application was not a factor in our consideration.  Sophos was awarded with our recommendation purely based on its performance.

Installation Guide

1.	Once the antivirus application is downloaded from Sophos, double click on the .dmg file to commence installation.
2.	Double click on ‘Sophos Anti-Virus Home Edition.mpkg’
3.	Click on Continue
4.	Enter your password (if you are admin)
5.	Continue through to the end…
6.	…until you see ‘The installation was successful’ message and clock on Close.
7.	It is important that you restart your Mac.
8.	When your Mac restarts, find and click on the Sophos icon on the top-right hand corner of your desktop and choose ‘Update Now‘ to check for any updates, then choose ‘Scan Local Drives’ option.
9.	Scan will commence.  First scan of hard drive can take several hours.

Disclaimer: Information contained on this website is intended for general guidance.  It should not be used as a substitute for technical advice. Whilst all care is taken, it is the user’s responsibility to ensure that advice provided is appropriate. Whether through our negligence or not, Cybersphere does not accept any liability for any loss or damage that has resulted from information provided on this website.

That virus has grown a set of sharp teeth and it is now able to install itself without the user’s knowledge! The Russian website monitoring the spread of this trojan claims that about 30,000 of the 600,000 Macs that have been infected are in Australia.

In order to be infected, prior to the trojan you had to have downloaded and installed a program called, ‘Java for OS X’ (if running the latest Mac OS X Lion, or otherwise the older OS X which came pre-installed with java). The java program, normally harmless, allows web browsers like Safari to run more sophisticated codes/programs (it is actually a very useful program)… unfortunately, this also allowed nasty viruses to perform sophisticated attacks on Macs as well.

Our advice is to disable ‘java’ when not using it to prevent similar viruses from exploiting that weakness.

Apple has also released a software update so do check to make sure that your Mac has all the latest updates from Apple installed.

We can no longer say, ‘Macs are virus free’.

If you are concerned about the possibility of infection, download the attached zipped document. It contains two command line scripts that will look for the trojan in two different places.  Unzip the file and double click on the ‘trojan-check’ script and wait for the message.  Then repeat with the ‘trojan-check-2′ script.

If you receive a message that ends with, “…does not exist” (as seen below) for both scripts, you are safe! If you get any other message, please contact your IT support organisation for further advice.

Download the flashback-trojan-checker for Mac OS X.

Cybersphere acknowledges and gives credit to Ms Christina Warren who has developed these scripts and kindly shared them with the world.

Disclaimer: Whilst all care is taken, it is the user’s responsibility to ensure that these scripts are scanned for viruses.  It is the user’s responsibility to determine that these scripts will not cause any harm to their computer prior to use.  Whether through our negligence or not, Cybersphere does not accept any liability for any loss or damage that has resulted from a computer virus, or an error associated with these files.  

Every computer that is connected to the internet is pointing to a Domain Name Server (DNS).  It is a computer that directs visitors to the website they requested – much like a traffic cop of the street. Unfortunately, some ‘Doctor Evil’ has created a malware that changes the DNS setting on your computer and forces your computer to go somewhere else – to sites they control. They control which websites you visit.

Fortunately, the FBI has caught the bad guys and terminated their operation some time ago and confiscated their equipment. The FBI has since been running this ‘evil’ DNS server, and directing traffic back to the proper websites as a community service.  However, they will be shutting down the reformed DNS server on 9 July.

If your computer was infected with the DNS Changer malware and it has been pointing to the ‘evil’ DNS server, when the FBI switches it off, your computer will not be able to access the internet. Simply put, it will be lost and will not know where the internet is!

To prevent this from happening, the Australian Government has set up a lovely little website for those who are concerned.  We encourage you to visit this site:

http://dns-ok.gov.au

A message “You are not infected” should bring a peace of mind.  If on the other hand, the message confirms that your DNS has been changed, there are several easy ways to fix that too.  Please feel free to contact us if we can assist you.

• LR4 can only run on a Mac with Intel 64bit processors and OS X 10.6.8 or newer OS (on PCs, it must have Win 7 or Vista).
• LR4 comes with a brand new image processing engine called PV2012 and it will process your images differently to your LR3′s PV2010 engine – so your images will look different and may need additional adjustments.  As such, it is ill-advised to upgrade half way through a project as images will appear differently.
• Highlights in images are automatically recovered during the import stage to minimise the blown out whites in images. Very nice!
• ‘Recovery’, ‘Fill Light’ and ‘Brightness’ sliders from LR3 have been replaced by ‘Hightlights’, ‘Shadows’, ‘Whites’ and ‘Blacks’ in LR4. They are not just a name change. They do operate differently and will affect how you operate within the Develop module. Do allow some time to re-learn how LR4 works. Landscape photographers will love the new ‘Highlights’ and ‘Shadows’… you can get a lot more out of raw images then in LR3.
• The ‘Localised Adjustment’ feature is good but not fantastic! It is essentially a ‘brush’ without contextual awareness.  In comparison, the U-Point technology in NikSoftware is context aware – for example, you can adjust the colour of the sky but not the trees within.  Still, the Localised Adjustment feature is handy when you have mixed lighting conditions: matching the flash on your subject’s face to the warmer colour temperatures of the reception centre or applying noise reduction only where you need to do so.
• An album can be designed from within LR4 with the new ‘Book’ module. The design can be outputted in PDF format for maximum compatibility. The included templates for album page layouts are extensive, however they cannot be customised.  Album sizes are also limited to 5 sizes.  Square album: 7″ x 7″ and 12″ x 12″.  Portrait album: 8″ x 10″. Landscape album: 10″ x 8″ and 13″ x 11″.  So, if an album design feature is desired, LR4 is ready.
• The new ‘Map’ module display pins on Google map are based on geo tags of your images (similar to the Apple iPhoto 11).  The photographs taken on iPhones are automatically geo tagged but most DSLR images are not (requiring an additional GPS device).  If you are super organised, you can manually assign locations to your photographs so that you can still sort them and search them as if they were geo tagged.
• As most media professionals are aware, printers produce images with less colour gamut than what is visible on most computer displays.  The new ‘Soft proofing’ feature can simulate your prints on screen using your printer’s ICC profiles.  Furthermore, soft proofed images can be individually tweaked for the type of paper you plan to use. You can create a virtual copy (VC) and make a print media specific adjustment for selected images.  For example, if a photograph needs to be printed on a glossy paper, as well as textured art paper, you can create VC for both and can tweak images to suit your paper types.  Once you are happy with what you see, print!  This should be a good saving in paper and ink!
• One click Chromatic Aberration removal tool is now available in the Lens Correction panel.
• We are yet to verify this on another machine, but LR4 may require a more powerful computer then LR3 to maintain a similar level of performance in some features, especially in the Develop module.  For example, when adjusting the exposure by slider, the refresh rate is noticeably slower in LR4 then in LR3 – that is, if adjusting the exposure, an image preview transition from dark to brighter in big jumps or steps, rather than in smooth, gradual transition.  Even just switching from one module to the next is slow (eg. Develop module to Map module).  The Lightroom is processor hungry so a Core2Duo processor is better than a single core processor, but a QuadCore is even better for faster Lightroom work.  I am testing this on a mid-2009 MacBook Pro (3.06Ghz Core 2 Duo) with 8GB of memory connected to 30″ NEC display. So, if your system is faster, you may not notice these delays.

With over half of the professional photography industry using the Adobe Lightroom in their workflow, it has been the standard that other software makers are judged against.  With the price cut of LR4 (thanks Adobe!), it is sure to continue its dominance.  Provided your computer is relatively new, I highly recommend upgrading to Lightroom 4.  Do remember that once you install LR4, it will upgrade your Lightroom catalogue.  Once upgraded, the old catalogue cannot be accessed by LR3 so do make a back up before proceeding.

The most common website passwords for email sites (eg. Hotmail) are ‘password’, followed by first name plus 1 (eg. james1).  Names of children are also common passwords for parents.  Also sequential key strikes like ‘qwerty’ and ’123456′ were common.  Other weak passwords include: abc123, iloveyou, letmein, passw0rd (zero as letter O).  Also common – although researchers were unable to explain the popularity – were monkey and shadow.

With the increase in identity theft, I highly recommend using complex passwords.  If you have trouble remembering them (who doesn’t?), use password storage software on your computer and iPhone.  They store all your passwords in encryption so no one can peek at your list.  This way, you only have to remember one password to gain access to hundreds of other passwords.

For passwords to be complex, they must not contain words in a dictionary. However,  you can substitute the letter-O with zero and letter-I or letter-L for number one.  The use of some uppercase characters is also recommended.  Symbols should also be used to make a password like G0c@rT (go cart).  Also, the length of a password is a key factor determining it’s strength.  At Cybersphere, we recommend a password length of 9 characters or more to our clients.

Wikipedia Blackout