Tuesday, July 31, 2007

Firefox v2.0.0.6 Released

Mozilla has released Firefox v2.0.0.6 today to address two critical security vulnerabilities.  Users should update as soon as possible.


To update Firefox go to Help > Check for Updates

Monday, July 30, 2007

Winpatrol 2007 v12 Beta Available

I mentioned in a previous post that Scotty of Winpatrol fame will soon get his bark back.  The new version of Winpatrol is almost ready for release but if you are feeling adventurous then you can download and test the Beta version here.

There are a couple of interesting and exciting additions to this great program and Scotty has a new icon and of course he woofs again on Vista.

This is a beta version of the program so do follow the advice given by Winpatrol and back up your system before installing it and please do feedback to them if you find any bugs.

Sunday, July 29, 2007

Another Messenger Worm

F-Secure reports of another Messenger worm, it sends messages to other Messenger contacts that are along the lines of:

Psssssst …. just between me and you, please accept
Looking for hot summer pictures ? well here they are !!

…and includes a link to a file hosted on chatamis.net.

Friday, July 27, 2007

Spammer Banned From MySpace

Technorati Tags: , ,

US District Judge Audrey B. Collins has forbidden Sanford Wallace and his associates from creating or maintaining MySpace profiles, using the site to send private messages or post public comments or to suggest in commercial emails or other electronic communications that that they are affiliated with the social network.

The preliminary injunction came in a lawsuit MySpace filed in March. It claims Wallace created more than 11,000 MySpace profiles that churned out private messages, comments and bulletins that directed users to spoofed MySpace pages seeking their login information.

The ruse allowed him to hijack at least 320,000 accounts, which he used to send 400,000 private messages and post 890,000 comments, both of which redirected MySpace users to the sites freevegasclubs.com and realvegas-sins.com. The sites are owned by Feeble Minded Productions, an aptly-titled firm affiliated with Wallace.

See the full story at The Register.

Thursday, July 26, 2007

Password Vulnerability in Firefox and Safari

The latest versions of Firefox and Safari contain a password management security flaw that could allow certain websites to access stored usernames and passwords.A message on the Full Disclosure mailing list warned that users who have either browser configured to remember passwords, and have JavaScript enabled, are at risk.

Mozilla fixed a similar reverse cross-site scripting flaw in Firefox last November, but this was a lot more serious as it did not require JavaScript to be enabled.

Heise Security has a demonstration of the vulnerability on its website to allow users to determine whether they are vulnerable to the attack.

However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.

If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.

Until a fix is released, users are urged to disable JavaScript in their browser or avoid the use of the password manager on sites where users are allowed to post JavaScript pages.

Source | vnunet.com

To disable Java Script in Firefox, go to Tools > Options > Content and untick the Enable Javascript checkbox

To disable Java Script in Safari, go to Preferences > Security > and untick the Enable Javascript checkbox

Winpatrol Gets It's Bark Back

Anyone who knows me will know that I love Winpatrol, one of it’s endearing features has been the little bark that Scotty gives when alerting you to something or when you launch the program.

However… for some reason, Scotty lost his bark on Windows Vista.  But the good news is that Scotty will get his bark back on the next Winpatrol update…. I can’t wait!  Scotty  Woof Woof!

Check out all the technical details at Bits From Bill 

Saturday, July 21, 2007

Ransom-ware Trojan is Back

It seems that ransom-ware trojans are coming back into fashion.

Gpcode-AI (AKA Sinowal-FY) encrypts data on compromised machines before demanding money from users to decrypt it. The malware also include backdoor key-logging features designed to pinch confidential bank account and credit card details from compromised PCs.
"This Trojan belongs to the Synowal family, traditionally used to steal passwords and banking details. This variant, however, not only does that, but blackmails users by encrypting their data so that they cannot access it," explained Luis Corrons, Technical Director of PandaLabs.


When Gpcode-AI installs on the system, it encrypts every single document on the hard disk and creates a file called "read_me.txt" with the kidnapper’s demands (obfuscated copy below). Prospective marks are asked to fork out $300 for a tool to decrypt the files.
Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA).You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.

To decrypt your files you need to buy our software. The price is $300.

To buy our software please contact us at: xxxxxxx@xxxxx.com and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.

If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.

Glamorous team

The demands falsely claim that payment needs to be made by a set deadline or else data will be unrecoverable. In reality the malware lacks any routine to delete encrypted data and the tactic is a simple ruse designed to speed up payment from victims.

The malware uses a complex encryption algorithm to encrypt user files and archives, making it impossible for victims to open files. But the Trojan uses a modified version of RC4 - and not RSA-4096 as mentioned in the text - to scramble data, according to an analysis by anti-virus experts at Kaspersky Labs. The claim that private user files might be sent to a malicious user is also false.

If this happens to you, please don't pay any money. This will only encourage the crime.. if it is profitable then they will do it. Anti Virus developers are currently working on decryption routines for their databases.

As long as you keep regular backups of your essential data then a reformat won't be a problem for you. If you have never considered a backup before now then here is a link to get you started.

Source The Register

Tuesday, July 17, 2007

A Little Phish Quiz

McAfee have put up a little quiz so you can see just how good you are at spotting fake sites. Remember, I gave you a few tips here on how to avoid Phish sites but this quiz really shows just how good some of these pages can be.

So get yourself a coffee and a biscuit and spend 10 minutes on this quiz. You can access it here

Incidentally, I got 8 out of 10

Monday, July 16, 2007

Windows Vista Drivers

Drivers for Windows Vista have been a bit of a problem since the Beta version was released last year. A friend of mine couldn’t wait to try it out, but he just couldn’t fix the problem he had with finding a compatible sound driver.

Things are a bit better now, but hardware manufacturers are still taking their time updating their drivers so that your kit will play nice with Vista.

Of course, finding the right driver is the difficult bit. Ed Bott has set up a Vista Master Driver List so if you can’t find it there then it’s probably not been released yet. Thanks to Ed for a great resource and thanks to Corrine of Security Garden for the tip… she’s added this list to Vista Bookmarks which is another site you should check out regularly.

Friday, July 13, 2007

QuickTime Update Fixes Eight Flaws

Apple has released a new version of its ubiquitous QuickTime player for both Mac OS X and Microsoft Windows computers. The latest version, v. 7.2, plugs at least eight security holes in the software.

QuickTime vulnerabilities that span both operating systems may present a very attractive target for malicious hackers, as the program is installed by default on all Apple machines, and on most Windows PCs (if you have iTunes installed, chances are you also have QuickTime on your system). Indeed, recent automated attack tools have been found to exploit QuickTime flaws.

Mac users can grab the latest, patched version using the built-in Software Update feature. Windows users should be able to fetch the patches using the Apple Software Update program that comes bundled with most relatively recent versions of QuickTime and iTunes.

Source | Security Fix

Flash Player Update

There has been a Flash Player update that addresses two security vulnerabilities.

Adobe Security Bulletin

Please note; You don't have to have the Google Toolbar to install the update so just uncheck it.

Talking of Adobe, there are also some Photoshop CS2 and CS3 updates to address security vulnerabilities.

Wednesday, July 11, 2007

Mozilla Firefox Multiple Popup Tabs Denial of Service Vulnerability

 Firefox is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox is vulnerable to this issue; other versions may also be affected.

Source | Security Focus

Monday, July 09, 2007

Hosts File Update

The MVPS Hosts File was updated yesterday.

What is a hosts file? It's a very useful piece of kit that sits in a little folder not bothering anyone. When you tell your browser that you want to go to a particular website, the browser will convert the address you typed to a bunch of numbers called an IP address, before it connects to the website it will check the hosts file to make sure it's got the numbers right. If there is nothing there, then it will connect.

That seems straight forward enough, but why have a hosts file when your browser always goes where you want it to go.. well if you think about it, sometimes it doesn't. Lots of websites have adverts on them.. some of these ads try to connect to a separate server so they can dump a tracking cookie into your system. Or, maybe you are searching for something and inadvertently click on a link to a bad site which could infect your computer with something horrible. This is where the hosts file comes into it's own. If you have an entry in your hosts file like this; www.thisisnotasiteyouwanttovisit.com

Then if your browser tries to connect to thisisnotasiteyouwanttovisit.com, when it checks the hosts file it will just come back on itself because the IP is your computer.

So... a hosts file is a very useful security feature to have on your computer, it's not much good though if it isn't kept up to date. The MVPS hosts file is updated regularly. See mvps.org for more information, tips and installation instructions.

Friday, July 06, 2007

MS Security Bulletin, Advance Notification for July

Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday.
Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.

On 10 July 2007 Microsoft is planning to release:
Security Updates
  • Three Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
  • Two Microsoft Security Bulletins affecting Microsoft Office with a Maximum Severity rating of Critical. These updates will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer
  • One Microsoft Security Bulletin affecting Microsoft .NET Framework with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services
Non-security High Priority updates on MU, WU,WSUS and SUS
  • Microsoft will release one NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release four NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    Microsoft Security Bulletin Advance Notification

Obtaining Other Security Updates

Updates for other security issues are available from the following locations:

  • Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch".
  • Updates for consumer platforms are available from Microsoft Update.
  • You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

Sunday, July 01, 2007

Panda NanoScan

Did you know about this? It's an online scanner from Panda, but unlike some online scanners this one just takes a minute or two.

It claims to detect more than 1,031,124 virus's and spyware.

You do need to download and install an ActiveX to run it and therefore Internet Explorer is recomended, although if it's Firefox or nothing for you then you can install the IEtab addon to run it.

Nanoscan only detects and it's recomended that you run TotalScan if anything is found.
Here is the science bit .

Don't forget, there are other online scanners available and you should always have an active and up to date resident anti virus program on your system.