Tuesday, July 31, 2007
Monday, July 30, 2007
I mentioned in a previous post that Scotty of Winpatrol fame will soon get his bark back. The new version of Winpatrol is almost ready for release but if you are feeling adventurous then you can download and test the Beta version here.
There are a couple of interesting and exciting additions to this great program and Scotty has a new icon and of course he woofs again on Vista.
This is a beta version of the program so do follow the advice given by Winpatrol and back up your system before installing it and please do feedback to them if you find any bugs.
Sunday, July 29, 2007
F-Secure reports of another Messenger worm, it sends messages to other Messenger contacts that are along the lines of:
Psssssst …. just between me and you, please accept
Looking for hot summer pictures ? well here they are !!
…and includes a link to a file hosted on chatamis.net.
Friday, July 27, 2007
US District Judge Audrey B. Collins has forbidden Sanford Wallace and his associates from creating or maintaining MySpace profiles, using the site to send private messages or post public comments or to suggest in commercial emails or other electronic communications that that they are affiliated with the social network.
The preliminary injunction came in a lawsuit MySpace filed in March. It claims Wallace created more than 11,000 MySpace profiles that churned out private messages, comments and bulletins that directed users to spoofed MySpace pages seeking their login information.
The ruse allowed him to hijack at least 320,000 accounts, which he used to send 400,000 private messages and post 890,000 comments, both of which redirected MySpace users to the sites freevegasclubs.com and realvegas-sins.com. The sites are owned by Feeble Minded Productions, an aptly-titled firm affiliated with Wallace.
See the full story at The Register.
Thursday, July 26, 2007
However, some developers and commentators have questioned whether this constitutes a vulnerability in the browser, as it requires the attacker to place malicious code on the web server.
If an attacker can place script code on a server, they would be able to manipulate the pages anyway, and would have other ways to steal user access data.
Source | vnunet.com
Anyone who knows me will know that I love Winpatrol, one of it’s endearing features has been the little bark that Scotty gives when alerting you to something or when you launch the program.
Check out all the technical details at Bits From Bill
Saturday, July 21, 2007
It seems that ransom-ware trojans are coming back into fashion.
Gpcode-AI (AKA Sinowal-FY) encrypts data on compromised machines before demanding money from users to decrypt it. The malware also include backdoor key-logging features designed to pinch confidential bank account and credit card details from compromised PCs.
"This Trojan belongs to the Synowal family, traditionally used to steal passwords and banking details. This variant, however, not only does that, but blackmails users by encrypting their data so that they cannot access it," explained Luis Corrons, Technical Director of PandaLabs.
When Gpcode-AI installs on the system, it encrypts every single document on the hard disk and creates a file called "read_me.txt" with the kidnapper’s demands (obfuscated copy below). Prospective marks are asked to fork out $300 for a tool to decrypt the files.Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA).You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: email@example.com and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.
If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.
The demands falsely claim that payment needs to be made by a set deadline or else data will be unrecoverable. In reality the malware lacks any routine to delete encrypted data and the tactic is a simple ruse designed to speed up payment from victims.
The malware uses a complex encryption algorithm to encrypt user files and archives, making it impossible for victims to open files. But the Trojan uses a modified version of RC4 - and not RSA-4096 as mentioned in the text - to scramble data, according to an analysis by anti-virus experts at Kaspersky Labs. The claim that private user files might be sent to a malicious user is also false.
If this happens to you, please don't pay any money. This will only encourage the crime.. if it is profitable then they will do it. Anti Virus developers are currently working on decryption routines for their databases.
As long as you keep regular backups of your essential data then a reformat won't be a problem for you. If you have never considered a backup before now then here is a link to get you started.
Source The Register
Tuesday, July 17, 2007
McAfee have put up a little quiz so you can see just how good you are at spotting fake sites. Remember, I gave you a few tips here on how to avoid Phish sites but this quiz really shows just how good some of these pages can be.
So get yourself a coffee and a biscuit and spend 10 minutes on this quiz. You can access it here
Incidentally, I got 8 out of 10
Monday, July 16, 2007
Drivers for Windows Vista have been a bit of a problem since the Beta version was released last year. A friend of mine couldn’t wait to try it out, but he just couldn’t fix the problem he had with finding a compatible sound driver.
Things are a bit better now, but hardware manufacturers are still taking their time updating their drivers so that your kit will play nice with Vista.
Of course, finding the right driver is the difficult bit. Ed Bott has set up a Vista Master Driver List so if you can’t find it there then it’s probably not been released yet. Thanks to Ed for a great resource and thanks to Corrine of Security Garden for the tip… she’s added this list to Vista Bookmarks which is another site you should check out regularly.
Friday, July 13, 2007
Apple has released a new version of its ubiquitous QuickTime player for both Mac OS X and Microsoft Windows computers. The latest version, v. 7.2, plugs at least eight security holes in the software.
QuickTime vulnerabilities that span both operating systems may present a very attractive target for malicious hackers, as the program is installed by default on all Apple machines, and on most Windows PCs (if you have iTunes installed, chances are you also have QuickTime on your system). Indeed, recent automated attack tools have been found to exploit QuickTime flaws.
Mac users can grab the latest, patched version using the built-in Software Update feature. Windows users should be able to fetch the patches using the Apple Software Update program that comes bundled with most relatively recent versions of QuickTime and iTunes.
Source | Security Fix
Posted by Nellie2 at 5:15 PM
There has been a Flash Player update that addresses two security vulnerabilities.
Please note; You don't have to have the Google Toolbar to install the update so just uncheck it.
Talking of Adobe, there are also some Photoshop CS2 and CS3 updates to address security vulnerabilities.
Wednesday, July 11, 2007
Firefox is prone to a remote denial-of-service vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.
Firefox 220.127.116.11 is vulnerable to this issue; other versions may also be affected.
Source | Security Focus
Monday, July 09, 2007
The MVPS Hosts File was updated yesterday.
What is a hosts file? It's a very useful piece of kit that sits in a little folder not bothering anyone. When you tell your browser that you want to go to a particular website, the browser will convert the address you typed to a bunch of numbers called an IP address, before it connects to the website it will check the hosts file to make sure it's got the numbers right. If there is nothing there, then it will connect.
That seems straight forward enough, but why have a hosts file when your browser always goes where you want it to go.. well if you think about it, sometimes it doesn't. Lots of websites have adverts on them.. some of these ads try to connect to a separate server so they can dump a tracking cookie into your system. Or, maybe you are searching for something and inadvertently click on a link to a bad site which could infect your computer with something horrible. This is where the hosts file comes into it's own. If you have an entry in your hosts file like this;
Then if your browser tries to connect to thisisnotasiteyouwanttovisit.com, when it checks the hosts file it will just come back on itself because the IP 127.0.0.1 is your computer.
So... a hosts file is a very useful security feature to have on your computer, it's not much good though if it isn't kept up to date. The MVPS hosts file is updated regularly. See mvps.org for more information, tips and installation instructions.
Posted by Nellie2 at 11:28 AM
Friday, July 06, 2007
Microsoft have released an advance notification for the normal monthly updates that are due to be released next Tuesday.
Don't forget to prepare for the updates as I've outlined in an earlier entry - How To Prepare for Patch Tuesday.
On 10 July 2007 Microsoft is planning to release:
- Three Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. These updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
- Two Microsoft Security Bulletins affecting Microsoft Office with a Maximum Severity rating of Critical. These updates will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer
- One Microsoft Security Bulletin affecting Microsoft .NET Framework with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
Non-security High Priority updates on MU, WU,WSUS and SUS
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services
- Microsoft will release one NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release four NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Bulletin Advance Notification
Obtaining Other Security Updates
Updates for other security issues are available from the following locations:
- Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch".
- Updates for consumer platforms are available from Microsoft Update.
- You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
Posted by Nellie2 at 4:45 PM
Sunday, July 01, 2007
Did you know about this? It's an online scanner from Panda, but unlike some online scanners this one just takes a minute or two.
It claims to detect more than 1,031,124 virus's and spyware.
You do need to download and install an ActiveX to run it and therefore Internet Explorer is recomended, although if it's Firefox or nothing for you then you can install the IEtab addon to run it.
Nanoscan only detects and it's recomended that you run TotalScan if anything is found.
Here is the science bit .
Don't forget, there are other online scanners available and you should always have an active and up to date resident anti virus program on your system.