watch dodogg MAXIMUM PC TAKES A BITE OUT OF BAD GEAR dog
22
READY TO BE PHARMED?
Everyone with a pulse knows not to open “phish-
ing” email that claims your PayPal, CitiBank, or
eBay accounts have been compromised, right? Well
scammers are working on new methods to rip you
off. A report on News.com indicates that scammers
are now phoning consumers directly to try to gain
access to their financial and online accounts.
The technique isn’t new. Black-hat hackers
and private dicks have long used the art of “social
engineering,” or pretexting, to trick people into
giving them confidential information, but these
phone phishermen are applying a new spin by
using scammed voice over IP (VoIP) accounts to
set up phone banks by which to hit consumers.
While most people would never divulge informa-
tion in an email, an authoritative voice that claims
to be from your bank can work an amazing Jedi
mind trick on you.
How do you avoid being scammed? Avoid
giving out your private information. Period. And
remember, your bank already knows your credit
card number and PIN, so why would it ask for it?
If you’re suspicious, tell the person that you
would rather call the institution he or she claims to
work for. Of course, verify that the number you’re
calling is the bank first. The numbers are usually on
the back of your credit cards.
The Anti-Phising Working Group (www.
antiphishing.org) is also warning of the growing
risk of pharming—a dangerously insidious way
to rip you off. Most people know to not click links
in email and to instead type the URL directly into
the browser as a way to avoid being scammed,
right? But what if your computer’s hostfile has
been hijacked by malware that redirects you to
another site? You typed the URL for your bank into
your browser, and it appears that you’re at the
your bank’s homepage, but your computer actually
redirected you to a cloned site of your bank, where
it’s hoped you will blithely enter your account and
password info. If the scammers are working it, they
might even ask for more personal data than normalbecause you think you’re on a real bank site.
Ahh, but what if you keep your PC in
pristine condition, completely free
of Trojans, worms, and virus-
es, and you decapitated
and dumped the body of
ActiveX in the ocean?
That doesn’t help if
your router has been hijacked
wirelessly. If the router’s DNS
entry gets pointed away from
your ISP to a DNS server under the
control of the scammer, you’d never
know it. Even worse, there’s been chatter
of several attempts to “poison” DNS servers
into redirecting traffic from certain sites such as
your bank—something you could never detect on
your end easily. So how do you know you’re at the
site you typed into your browser? If your bank uses
server certificates, your browser should know if that
certificate is suddenly missing or changed.
It’s enough to make us want to go back to the
checkbook and mailman method. Woof.THINKPADS USE
PROPRIETARY HARD DRIVES?
I work for a large corporation that purchases thousands
of IBM/Lenovo Thinkpads a year. Our current model is the
IBM T43 model number 18714AU, which comes with a
40GB drive. That configuration works for most folks, but
about 10 percent want bigger drives. We obtained some
Seagate 160GB hard drives, and much to our dismay, the
drives generate a POST error 2010 because they’re not
certified by IBM. After pressing Escape to clear the mes-
sage, the notebooks and new drives work fine.
Lenovo has since updated the BIOS so it still gives
the error but the notebook boots without stopping. It’s still
annoying to the user and there is always speculation that
it will fail because of the so-called “incompatibility.” We’ve
had success when we tested these drives in Dell, Toshiba,
and Apple notebook computers—why not IBM/Lenovo?
Seagate’s tech support said the problem is with IBM/
Lenovo. So now we have these expensive drives sitting
around, the users get smaller
drives or different laptops, and it’s
double the work for us.
How does IBM/Lenovo get
away with this kind of behavior?
— JeffProprietary hard drives? What’s next, a monitor with
advertisements that flash across the top? To get
to the bottom of this mess, the Dog pinged Lenovo
who assured us that it isn’t any dark conspiracy
to get consumers to purchase hard drive upgrades
directly from Lenovo. The problem, the company
said, lies with the serial ATA-to-parallel ATA bridge
chip that the T43 notebooks use. The bridge chip
apparently looks for information from the hard drive
manufacturer and when it can’t find it, it gives the
2010 error: “Warning: Your internal hard disk drive
(HDD) may not function correctly on this system.
Ensure that your HDD is supported on this system
and that the latest HDD firmware is installed. Press
<Esc> to continue.”
Lenovo said there’s a slight risk of data cor-
ruption, so it recommends that consumers obtain
a firmware update from the hard drive vendor. The
BIOS update just bypasses the error. Lenovo/IBM’s
website has three work-arounds: No. 1: As men-
tioned before, get a firmware update. No. 2: BuyMAXIMUMPC OCTOBER 2006Our consumer advocate investigates...
PVoIP Phishers PPharming Dangers
PLenovo PnVidia PLexar
Boomer, Watchdog of the monthGot a bone to pick with a vendor? Been spiked by a fly-by-night
operation? Sic The Dog on them by writing watchdog@maxi-
mumpc.com. The Dog promises to answer as many letters as
possible, but only has four paws to work with.because you think you’re on a real bank site.
Ahh, but what if you keep your PC in
pristine condition, completely free
of Trojans, worms, and virus-your router has been hijacked
wirelessly. If the router’s DNS
entry gets pointed away from
your ISP to a DNS server under the
control of the scammer, you’d never
know it. Even worse, there’s been chatter
of several attempts to “poison” DNS servers
into redirecting traffic from certain sites such as
your bank—something you could never detect on
your end easily. So how do you know you’re at the
site you typed into your browser? If your bank uses
server certificates, your browser should know if that
certificate is suddenly missing or changed.
It’s enough to make us want to go back to the
checkbook and mailman method. Woof.because you think you’re on a real bank site.
Ahh, but what if you keep your PC in
pristine condition, completely free
of Trojans, worms, and virus-your router has been hijacked
wirelessly. If the router’s DNS
entry gets pointed away from
your ISP to a DNS server under the
control of the scammer, you’d never
know it. Even worse, there’s been chatter
of several attempts to “poison” DNS servers
into redirecting traffic from certain sites such as
your bank—something you could never detect on
your end easily. So how do you know you’re at the
site you typed into your browser? If your bank uses
server certificates, your browser should know if that
certificate is suddenly missing or changed.
It’s enough to make us want to go back to the
checkbook and mailman method. Woof. IBM/Lenovo’s T43 notebook displays a
2010 error when Seagate 160GB hard
drives are installed, causing concerns
about proprietary parts.