Leopard Doesn’t Seem to Be a Secure Operating System

Apple Inc. has launched Leopard and everyone has been happy. But it seems that this move is somehow similar to the iPhone experience. After just a few days or weeks since the product has been released, the troubles have started to appear. In Leopard’s case it seems that Apple Inc. has hurried to release the new version of its Mac OS X, and this way hasn’t been able to offer a secure operating system as they would have wanted.

Although the security features that the famous American company has added to Leopard look greet on paper, in practice most of them are half-baked or just useless, according to the security researchers. Furthermore, this security issue comes to add to another recently discovered problem involved Leopard. It seems that the new Mac operating system is slowly “killing” the users’ wireless connections. Whether there is a connection between these two recently discovered problems one could not know till now.

Rich Mogull, one of Gartner Inc.’s annalists, has said that he thinks “that this is the most significant update in the OS X line when it comes to security.”. But he has as well added that “Apple didn’t finish the job. There’s a lot of room for improvement here.” It appears that Apple Inc. has really been in a hurry. This hypothesis seems correct if one remembers that some time ago the annalists and users have been asking themselves whether Apple will launch Leopard in October, as promised. Apple Inc. had already delayed once Leopard’s release because of its iPhone project.

And now it all makes sense, after all. Apple has launched Leopard in October, as promised, but the OS is not finished and the users are exposed to security threats. This problem comes despite that fact that Apple Inc. touts more than a dozen of new security features and tool in its new operating system.

Al Qaeda to Launch Cyber-Attack on Nov. 11

Al Qaeda plans to launch an electronic Jihad on Nov. 11, attacking “Western, Jewish, Israeli, Muslim apostate and Shiite Web sites,” according to an unconfirmed report.

The report comes from DEBKAfile, an Israeli online military intelligence magazine, which said on Oct. 30 that its counter-terror sources had picked up a special Internet announcement in Arabic.

According to DEBKAfile, Osama bin Laden’s followers announced on Oct. 29 that on “Day One they [would] test their skills by launching cyber attacks against 15 targeted sites” and would expand the e-Jihad thereafter until “hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.”

• Click here to read the original DEBKAfile posting.

DEBKAfile’s sources told the news outlet that American intelligence agents, in their eagerness to track the sites, wound up crashing al Qaeda’s sites shortly after the first announcement.

On Oct. 30 the sites were back up, reportedly claiming that their Islamic firewalls had shrugged off “infidel assault.”

Al Qaeda also reportedly boasted of an “impenetrable” e-mail network for volunteers to sign up and receive instructions that would slip by “security agencies in their respective countries.”

“Our sources say the instructions come in simple language and are organized in sections according to target,” the DEBKAfile article said. “They offer would-be martyrs, who for one reason or another are unable to fight in the field, to fulfill their jihad obligations on the Net. These virtual martyrs are assured of the same thrill and sense of elation as a jihadi on the ‘battlefield.’”

• Click here to visit FOXNews.com’s Cybersecurity Center.

DEBKAfile’s theory is that Usama bin Laden’s terrorist group is retaliating against Western intelligence agencies’ habit of detecting new terrorist sites and knocking them offline as soon as they’re up.

[Other experts have said the jihadi Web sites are being knocked offline by Western e-vigilantes, to the chagrin of intelligence-gathering agencies who would rather have the sites left up and running.]

DEBKAfile says Al Qaeda thwarted the Western assaults by posting dozens of new sites simultaneously, causing the intelligence agents to scramble in their efforts to take them down.

But the electronic arms race has of late seen al Qaeda’s operatives getting better at keeping their sites online for longer even while Western attackers got better at taking them down.

Now, according to DEBKAfile, “Bin Laden’s cyber legions are fighting back.”

The attack would be carried out with a software kit known as Electronic Jihad 2.0, Paul Henry, vice president of technology evangelism for Secure Computing, has told various news outlets.

That software, which has been around for some three years, has purportedly become easily configurable and could be downloaded by attackers who could then launch a distributed denial-of-service attack.

It all sounds serious, but the report is being treated with skepticism by many law enforcement officials, and with good reason. This is not the first rumor about an electronic Jihad to seize the Internet citizenry’s imagination.

Aug. 26, 2004 was also supposed to see the Internet go down in e-flames from a sustained and devastating cyber-attack by Islamic cyber-Jihadists, but the rumors at that time turned out to be utterly baseless.

Stop or the System will Shoot!

The volume and sophistication of attacks that threaten business e-mail networks and systems is growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats, not to mention user inboxes filled with junk that they must wade through every morning.

Recently, however, a new solution has emerged that places an additional message security layer at the network edge, significantly strengthening a company’s overall messaging security posture, and effectively stopping spam before it can get to users.

But first, just how big is the spam problem, and why should you be concerned? According to recent studies, the current volume of overall e-mail sent worldwide is now over 75 billion messages per day. By 2008, this number is expected to rise to a volume of 100 billion per day or more.

About 85 percent of all e-mail worldwide is “unwanted”, a percentage that has been growing steadily over time. Unwanted e-mail includes spam, viruses, malware, Trojans, denial-of-service, and phishing attacks. Even more troublesome is that the volume of total unwanted e-mail is doubling every six to nine months.

Threats to corporate e-mail security can be grouped into four primary categories: spam, phishing, viruses, and zombies. Spam is broadly defined as any message that is unsolicited and unwanted, or “junk mail”. Phishing is a scam in which fraudsters “fish” for personal information by pretending to be a legitimate company.

Viruses come in many forms. Some are intended merely to cause a nuisance and block network traffic temporarily, while others, such as Trojans, contain or install a malicious program or payload.

And zombies are the newest threat to enterprise network security. A zombie PC is one that has been taken over by a remote hacker through the use of Trojans, which are files that appear to be legitimate but instead are viruses that hijack a PC and use it to send spam, viruses, DoS attacks, and phishing scams. These zombie machines are networked and used in conjunction with each other to send thousands of messages each, often targeting specific entities.

While each of these categories poses a unique threat to e-mail security, many attacks combine several elements to exploit multiple vulnerabilities simultaneously, adding to the problem.

Unwanted e-mail is also becoming more difficult to detect, mainly because attackers are professionals with the budget and technical prowess to develop spam, phishing attacks, viruses, and zombies that can get through existing filters. Gone are the days of lone hackers working late at night. Many of these hackers run teams of engineers with very sophisticated equipment and technology.

The fact is that professional hacking teams typically have all the same security software that corporations do, and will constantly test their strategies to see if they can outsmart the filters.

One example of this is hash busting text, where spammers will have their zombie networks send out e-mails that are each unique and cannot be recognized with a hash. Another example is the increasing use of image-based spam, where all the text is in image format, and even the images can be made to vary uniquely (more hash busting). This makes it very difficult to detect e-mail based solely on the content of the e-mail.

The net result is that the reputation of the sender is becoming more and more important as a way to detect unwanted e-mail. Legitimate senders with good reputations will rarely send spam, and if their systems are ever compromised by a zombie, their reputation score will almost immediately reflect that, and their e-mails can be flagged as unwanted until their systems and corresponding score returns to normal.

Every message that crosses the corporate gateway uses valuable bandwidth, which is already in short supply for most organizations. IT departments are being forced to add additional mail security gateways and mail servers to their infrastructure as the volume of mail outstrips the capacity of their existing machines.

Considering that the inbound mail volume at many companies is doubling every three to four months, mainly due to bad e-mails, it’s easy to see that IT departments have a significant challenge on their hands trying to purchase, test, and install the components of their rapidly growing e-mail infrastructure.

So what are the options to solve this problem? Some companies simply wish to add hardware into their architecture, but considering the growth rate of inbound e-mail, to double or triple hardware and infrastructure costs every 6-9 months is simply not in the budget.

To take a more proactive approach, many administrators are starting to use products or services that look at the sender’s reputation. By doing so, they hope to eliminate bad e-mail at the connection (network or TCP/IP) level. While the intent is laudable, the issues with many of these reputation services are numerous.

For example, by deploying an e-mail gateway Message Transfer Agent (MTA), such as Sendmail, Postfix, or any other number of alternatives, administrators attempt to cut down the number of messages passing through. Unfortunately, each of these solutions requires additional levels of security in order to effectively reduce message volume to a tolerable level.

Rather than trying to add more hardware and multiple new layers to the infrastructure, consider another approach. A typical (simplified) messaging architecture involves e-mail traversing the network edge, followed by the e-mail security gateway, and finally the e-mail server.

The intelligence in these e-mail security gateway products employs multiple techniques, including anti-virus scanning, deep content inspection, filtering for keywords and heuristics, and custom rules. More recently, the notion of a sender’s reputation as a key factor in categorizing and managing inbound e-mail has emerged as a critical step in the process.

Rather than continuing to add secure gateway hardware to the infrastructure to handle growing e-mail volumes, a better approach would be to add security intelligence at the network edge, cutting down the e-mail that passes on to the e-mail security gateways and servers for further inspection and processing.

One such system that’s beginning to gain currency is a software module loaded on to application delivery networking device – a network edge solution that adds security intelligence to manage and filter inbound e-mail traffic by considering the sender’s reputation when making traffic management decisions. The device leverages a reputation system for information about every sender that attempts to connect to the protected enterprise’s mail servers.

When the device receives an SMTP connection request, it will hold the response to the sender until the sender’s reputation is checked against the reputation database. Neither the SMTP headers, nor any part of the message itself is downloaded until the sender’s reputation is determined.

What’s cool about this is that the administrator has incredible flexibility in determining what to do with the e-mail based on that reputation, including partitioning e-mail traffic between various pools of e-mail gateways and servers for “fast-tracking” known good senders, redirecting senders with questionable reputations, and immediately dropping known bad sender connections with an error code telling them not to retry the connection, as it will only lead to another rejection.

By filtering out known spam senders with this device, administrators can eliminate the majority of their e-mail volume right at the network edge. This significantly cuts down on the bandwidth and expanding hardware costs required to deal with the remaining e-mail passed on to existing security gateways and mail servers, and helps maximize existing messaging security solutions already in place.

In sum, when the load and risk imposed on networks by unwanted e-mail is growing, historical single-layer deep inspection architectures for dealing with high volumes of spam are no longer enough. What is needed is a fast growing breed of smart systems that manage to stop spam at the network edge, before it burdens systems, user productivity, and patience!

Hackers are always just one step behind

Like many organisations, American Century Casualty Co. (ACCC), an insurance company based in Houston, US, used to insist that its network access be restricted to users on the corporate LAN (local area network), as narrates Charlie Rubin in a recent article in Communications News (www.comnews.com).

ACCC had to think of a policy change ‘during the year-end holiday break in 2006, when some of the state-wide claims managers asked if they could do some work from home’. However, Stephen Gentilozzi, the company’s IT manager, had no real solution for the managers at the time.

“We gave them access through our Citrix client as a temporary fix, but we also started looking for a permanent solution that would satisfy our users as well as our own security requirements,” he would recount to Rubin. “The goal was to eventually provide some 150 claims managers, field appraisers and other executives with anytime, anywhere access to the corporate network, with full security.”

Gentilozzi was looking for ‘a secure socket layer virtual private network (SSL VPN),’ which would allow access from any browser-based PC (personal computer). And the product that he zeroed in on, early this year, was SSL VPN-Plus from NeoAccel, a company founded by an Indian entrepreneur, Michel Susai.

“The solution took less than two hours to deploy, and ACCC first rolled it out to claims managers and adjusters,” informs Susai, sharing his success case study with Business Line. “Users immediately liked the ease of installation, and some noticed better network response time than they had gotten with the old IPsec VPN solution.”

With a successful rollout to claims managers and underwriting managers complete, Gentilozzi will soon add the appraisers who take photos and handle estimates with body shops, he adds.

Susai, a B.S. in computer science and engineering from the Pune Institute of Computer Technology and Research, describes himself as ‘a serial entrepreneur and an innovator of pioneering technologies that optimise the performance of Internet applications,’ with ‘a passion for pure science and innovation’. He likes to transform his ideas ‘into industry changing business applications’.

NeoAccel, headquartered in the US, and with development offices in Mumbai and Pune, is ‘backed by strategic investors such as Sabeer Bhatia, Silicon Valley investor Prabhu Goel and venture fund NTT Leasing, who have pooled in around five million dollars into the start-up’.

Excerpts from the e-mail interview.

There is no end to security concerns because there is no end to hacking. Isn’t this an on-going process?

Yes, security is an ongoing process, just as learning is. Computer technology was developed to provide solutions, but we have learned how hackers have leveraged the same technology to misuse and steal valuable information. The trend right now is for software vendors to fix problems in their solutions and come up with more secure solutions. But at the same time, hackers are finding loopholes in new technology and are able to circumvent this new security. So it’s a learning process: software vendors keep finding potential flaws and fixing them, and hackers keep finding new flaws.

But no matter how secure technology and solutions become, there is always a method to break into it. The reason being the core concept of computers: a computer is nothing but a machine that maps one symbol to another. A hacker can always use brute force techniques to break into any kind of security. Software vendors just make just hacker’s work harder but cannot stop them from working.

For example, data encryption is considered to be the strongest security technology ever developed. But it is still not 100 per cent hacker-free. Given infinite time and processing power hackers can still break any kind of encryption.

Some enthusiast broke into Google’s server. How did that happen?

Considering that security is meant to make a hacker’s job harder, even a single flaw that provides hackers a shorter path to achieve their goals makes all technology solutions vulnerable to hackers.

A software solution is usually a combination of multiple security and non-security domain technologies. The security holes lie at the boundary where one technology integrates with other. For example, a solution might have strong authentication features to identify users, but the security might get compromised when the browser has cached the session key in cookies to provide seamless access to users across different applications and domains.

Any solution that is not well designed to handle the integration boundary issues is prone to getting hacked, and this can happen with any of the reputable solutions. Google is no exception.

What happened at Google was an error in Google’s domain name system (DNS) – not a hack. DNS translates domain names (google.com) into addresses (123.456.789.123) and, most likely, a maintenance in Google’s DNS was caught by an enthusiast and was able to take advantage of it (by re-directing visitors to Google’s Web site) for a very short time. Nevertheless, this points out that even if you think no one (i.e., a hacker) is watching, they actually are!

What is the state-of-the-art defence mechanism against hackers? How is your VPN superior to the substitutes available in the market?

A state-of-the-art defence mechanism is to have “security by design”. Each and every technology has to be validated as per the solution requirement and should be integrated without leaving any gap in integration. Three requirements for a VPN solution are: authentication, integrity and confidentiality.

NeoAccel has implemented an industry-standard implementation of the latest technologies to develop a state-of-the-art solution. NeoAccel uses SSL, an Internet encryption standard, to address integrity and confidentiality factors. Our strengths are: strong authentication, information control, strong encryption, and a secure hardware platform to run these capabilities on.

NeoAccel does not claim to be a flawless solution because hackers are always just one step behind. With a complete analysis of current technologies, they are almost ready to break the most secure solutions today!

Is anyone thinking of unified e-defence application that will forever bar hackers?

Computer software started as a facilitation tool. Take information access as an example: there was a need to “access” information so the Internet was born. Then came a requirement to for “remote access”, so that information is accessible from anywhere.

Until now, information was accessible only to authorised resources from authorised sources. With remote access technologies came a threat of information leaks, and so we are talking about “secure remote access”, and people are working on building unified e-defence applications for common people.

Unfortunately, adoption to security has been slow because security comes with restrictions and cost. We are giving due importance to security; but we are still giving more importance to “facilitation” than to “control”.

We will, therefore, see a new generation of applications that will defend itself from attackers. An e-defence application will detect when it is being attacked. It will respond by blocking access to such resources as a first level of security and then try to trace the attacker. Application could be intelligent to set up a trap, let the attacker enter the system and then doom the offender.

There are technologies in place, like intrusion detection systems (IDS), intrusion prevention systems (IPS), ‘Honeypots’, and others. Honeypots lure hackers into what appears to be a real server, but is actually a server specifically designed to identify the hacker. But these are still peripheral technologies. An e-defence application will combine all these technologies to build a single solution. Reassuringly, though, sophisticated technologies are already being used by government organisations working on detecting cybercrimes.

**

Short bio:

Susai founded NeoAccel in 2005. In his earlier company NetScaler, he could significantly improve Web content delivery for large enterprises and service providers, using ‘request switching technology’. ‘Today, over 75 per cent of global Web traffic is processed through a NetScaler appliance, such as Amazon.com, Google, and MSN. NetScaler was acquired by Citrix Systems for $300 million. Prior to NetScaler, Mr. Susai was responsible for developing several Internet infrastructure scalability products at Sun Microsystems, and led the development of the Internet strategy initiative at Unisys.’

Yahoo Hack Day breaks into India

A motley crew of some 100 Web developers gathered at Taj Residency here for Yahoo’s Open Hack Day, which made its first appearance in Asia over the weekend.

The one-day event on Friday attracted students, employees of software companies and even the unemployed, who toiled over 24 hours to create new applications based on Yahoo’s application programming interfaces (APIs) and technology.

This was the third in a series of Open Hack Day held over the past year, and the first in Asia. Yahoo kicked off its inaugural Hack Day in Sunnyvale, United States, in September 2006, and held the second one in London, United Kingdom, in June this year.

In the software parlance, hacking refers to the “modification of a program or device to give users access to features that were otherwise unavailable to them”. Thus, hacks are not necessarily always conducted with malicious intent.

“Hack Days were initially started for Yahoo employees,” said David Filo, founder of Yahoo, who was in town for the occasion. He noted that the Internet company previously gave its developers a day off to venture into projects that may not be part of their daily tasks.

“The response was overwhelming,” Filo said. “And that’s when we decided to extend Hack Days to everyone, whether they work at Yahoo or anywhere else.”

Bradley Horowitz, vice president of Yahoo’s advanced development division, explained that Hack Day will allow the company to “empower” anyone to be a creator and make it “even easier for them to build the next generation of Web [applications]“.

According to Filo, there are currently some 500 million Yahoo users worldwide. “But we know that a large chunk of the next half billion will come from emerging markets, such as India, Latin America, Middle East and other Southeast Asian countries,” he said.

He added that the profile of the next half a billion users is going to be very different from that of existing Yahoo users. “Events like the Open Hack Day, is one way of getting to know what value Yahoo can offer to this next half a billion population,” Filo added.

And the winners are…
On Friday, Yahoo set up a staging area at India’s Taj Residency, complete with desks, Wi-Fi connectivity, a stop-watch and bean bags, and provided hotdogs, India’s local kathi bread rolls, pastries, biscuits and cold beverages.

Some of the participants chose to work alone, while others worked in groups. A majority of them stayed awake through the night to work on their applications.

At the end of the 24-hour deadline, there were 31 submissions and a member from each participating team had 90 seconds to showcase their hacks.

The “Best in Show” award went to an application called “Maps Doodle”, which integrated Yahoo Maps with a canvas overlay. The tool allows users to doodle on maps or highlight routes to specific destinations, in more user-friendly functions than creating codes using the API. For example, the user’s movements are recorded as he draws out the route. He can then send an URL link, which his friends can access to replay the path he drew out.

The “Brainiest Hack” award went to an application dubbed “YaHealer”, a Yahoo Widget that allows doctors to collaborate and share medical files and photos online.

In total, Yahoo acknowledged 10 applications at the event.

Hackday: Hackers come out of the dark

HACKING IS NOT a job done just by suspicious characters sitting in small rooms in undisclosed locations, trying to break into military installations or robbing banks, as shown in Hollywood films or even poorly-shot Bollywood movies. The stereotyped image of hackers was put to rest by around 200 software developers in a two-day event called ‘Hackday’ organised by Yahoo in Bangalore and London. “Don’t call it an event. It’s a camp,” said a hacker.    

The developers or ‘hackers’ came all prepared with sleeping bags, for this 24-hour marathon of punching furiously on the keyboard to hack, hack, eat, rest and hack. The Taj Residency, where it was organised, looked like a command centre in a futuristic war movie.   

All participants were provided physical and mental sustenance throughout the event, with plenty of fuel (food, in this case) served. Hackday was a straight dive into 24 hours of hacking on a collection of tools, such as Application Programming Interfaces (APIs) and data. Developers, to make programmes usable to a particular platform, use APIs.    

At the end of the first Hackday in India, that had around 200 hackers participating, the hackers submitted 31 ‘hacks’. Each hacker had his/ her 90 seconds of fame while presenting the hack on three massive screens to the assembled audience, as well as the seven judges.

According to the Yahoo Developers’ Forum, all the hacks were of high quality, including the ones created by the Indian hackers that didn’t fall into a stereotypical format. Some of the titles awarded were ‘Best non-technical hack’, ‘Best desktop hack’, ‘I wish I had a Mac Hack’, ‘Most viral hack’, ‘Most likely to arrive at next hack day on time hack’ and ‘Brainiest hack’. 

“We want to thank all the hackers for putting so much effort into it and coming up with such a wide range of hacks and ideas,” said Chris Heilmann, one of the organisers.

Hackday, in a way, was not only about hacking. People could be seen chatting with fellow hackers about movies that were playing in the town or the latest DVD game that is ruling the market, or things like the Champions League. Hackday may have come and gone, but good hackers would remain.

India lagging behind in cyber security solutions: expert

It is much simpler than actual robbery. Enter the Admin login, type the user name (most often it is ‘Admin’), enter the magic code in place of the password and bingo, you will get access to the forbidden crannies of many a corporate entity.Ankit Fadia, the international wizard of computer security and digital intelligence demonstrated this with ease and élan on two vulnerable online transaction portals of Dena Bank and BSNL on Tuesday.

“I have a list of 150 to 200 websites with serious security lapses. Even after repeated cautioning, Dena Bank has not plugged the loopholes,” he said at a press meet here.

Ankit was in the city for the national-level launching of a Diploma Course in Cyber Security Programme in association with the Institute of Management Technology, Ghaziabad.

The course, reportedly the first of its kind to receive recognition from the Ministry of Information Technology, will be offered from January, 2008 all over India through IMT’s Centre for Distance Learning.

Announcing the details, Ankit said that though advancing in the field of Information Technology, India was lagging far behind in providing foolproof cyber security solutions. “We have become so dependent on the Internet that it is now absolutely necessary to have proper cyber security measures in place,” he said while stressing the need for revolutionising ethical hacking.

The Dean of IMT Ghaziabad — Centre for Distance Learning said that the course would provide virtual classroom experience through videoconferencing at IMT’s study centres all over India.

SMS hacking: He might have an answer

A slip of a youth, Dipak Kumar Jain has done something that has even baffled the cyber experts.

A commerce graduate from local VD College, Dipak has developed a software through which a hacker can send SMS to anyone through mobiles held by other persons and having other numbers and, importantly, without the knowledge of the original mobile owner.

He is now working on the detection system which he claims can take shape if he gets proper patronage.

His work, Dipak hopes, would help check cycer crimes. The Bollywood and Delhi’s power corridor were in a fix a fortnight ago over such fraudulent messages involving the names and numbers of several known actors as well as Union ministers. Dipak’s system can provide vital information to the cops.

Recently, he was called by a leading TV channel in New Delhi where he shared his research with senior police officials and cyber crime experts.

Cyber Criminals Sell Hacking Tools

Recently, Secure Computing Corporation announced that rapid change in- and high profitability of- cybercrime are driving cyber thieves to increasingly adopt a related and lucrative profession — selling hacking tools to budding hackers — which range from individual viruses to comprehensive kits — which ultimately enable hackers to devise their own attacks.

The firm pegs current online availability of hacking tools at more than 68,000.

Benjamin Low, managing director (Southeast Asia and India) of Secure Computing, warned, “The world of cybercrime is evolving at an amazing speed. Cybercriminals are getting very innovative in their methods to devise new ways of infltrating security systems, and once they have achieved that, they are now reaping the rewards of this booming industry by selling their proven methods to others.”

A majority of these tools are free, but they require some skills to operate. An increasing number of hackers are offering kits such as: MPack, Shark 2, Nuclear, WebAttacker, and IcePack for sale that are easier to use, and succeed in propelling even the uninitiated into the world of cybercrime.

Top class hacking tools can today cost as much as $1,000, with the most expensive of these selling along with 12 months technical support.

According to Low, the risks involved are minimal. Even if the kits are used to commit crime, they cannot be traced back to the concerned hacking group since most kits come with a disclaimer saying the software is for educational purposes only.

The only risk, if at all, is that people might steal the software (kits) and sell it at an even lower price than the hackers.

  Current user? Wanna share your experience with others? Write your User Review.  

Hacking Google Earth (And Weird Sights)

Google Earth is free and it’s about the neatest tool around for poking around the planet (and killing some time).

For one thing, someone at PC World (no, not me) actually got paid to sit and find weird looking things. (See the very popular In Pictures: The Strangest Sights in Google Earth, a 16 image slideshow.)

I’ve got other examples — and sites you can visit to help you get more out of Google Earth. First, though, you’ll need to get a copy and install Google Earth.

Once it’s installed, consider one really basic way you can use it. Say you’ve visited a spot, maybe a park on the coast of California. While there, you spotted something, say a building, and were curious about what else was there. Fire up Google Earth and take an aerial peek.

That’s exactly what I did when Judy and I camped at Jalama Beach Park in California. In the binocs, I saw what looked like a ship wreck, just south of Vandenberg Air Force Base. I’m still not sure what it is, but it’s sure cool viewing it with Google Earth. (Download the KMZ file. When clicked, Google Earth will open and you’ll be swept away to the ship wreck’s location.)

One stop you have to make is to Google Earth Hacks (thanks Ken from Canada!) where you’ll find 21,000 of the latest images posted by Google Earth fanatics. For instance, there are locations for lighthouses, aircraft in flight, and weird man-made structures. Check out the rest here.

Once you’re hooked, start reading the Google Earth Blog to keep up with what’s cooking.