Friday, August 14, 2009

Still Around

Been lots of updates that I've missed posting about. Been busy with that real world thing. Should be busy soon with Windows 7 and Snow Leopard coming out in the next few months. List of important updates that you should have:

Lot more, but those are notable. The 10.5.8 update will also update you to Safari 4.0.3 unless you are still using Safari 3.

Tuesday, July 14, 2009

Windows Security Updates for July 2009

Patch Tuesday is here. From the Microsoft Security Bulletin, there are six security updates. There are two for the Windows operating system, one for the Microsoft Office system, one for the Windows Internet Explorer browser, one for Microsoft ISA Server, and one for Microsoft Virtual PC.

Most important I believe is the fix for the Internet Explorer Video Active X exploit. Microsoft Security Bulletin MS09-032 patches this one by setting killbits in IE to stop the exploit before it can do anything.

Here are the specific updates:

MS09-032 - addresses a vulnerability in Microsoft Internet Explorer (KB 973346) - This one is mentioned above with the Video Active X issue.

MS09-028 - addresses a vulnerability in Microsoft Windows (KB 971633) - This addresses vulnerbilities in DirectShow that could allow specially crafted Quicktime files to gain the same rights as the current user. Not good if you are logged in as an admin user, like most people are.

MS09-029 - addresses a vulnerability in Microsoft Windows (KB 961371) - Embedded OpenType Font Engine which could allow your computer to be taken over.

MS09-030 - addresses a vulnerability in Microsoft Office (KB 969516)
MS09-031 - addresses a vulnerability in Microsoft ISA Server (KB 970953)
MS09-033 - addresses a vulnerability in Microsoft Virtual PC (KB 969856)

You can see all the gory and boring details on the July 2009 Security Bulletin. Of course, the easy way to get patched against these threats is to go to Windows Update.

Friday, July 10, 2009

Imageshack got Hacked

Looks like Imageshack left the backdoor of their server open. All images hosted by them are showing the hacked image, but the wording seems to indicate that no pictures were deleted.

Imageshack, one of the web's largest image hosts, was attacked tonight by a movement called "Anti-Sec". The result of the attack has been toreplace all ImageShack hosted images with a manifesto for the movement (below).

Still breaking, see more plus the hacked image at Mashable

Tuesday, July 07, 2009

Google Chrome Operating System

The Google Chrome blog announced just recently that they are planing an operating system. Initially geared for netbooks, but I'm sure there's more in plan. I'm guessing they wpn't target full blown computers for awhile, but this is probably an extension of Android that Google aready has for the cell phone market.

Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we're already talking to partners about the project, and we'll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve
Google Empire marches on.

Monday, July 06, 2009

Internet Explorer Video Active X Exploit

Been awhile since Windows had a zero day exploit that would allow the bad guys to take over your computer just by visiting a web site. Got one now. All you need to do is to visit a web site that has been set up to use this vulnerability with Internet Explorer and boom, they got you. Apparently, a flaw in Microsoft directShow( MSVIDCTL.DLL ) lets them do it. It does need to be IE 6 or 7 with Windows XP or Windows 2003. Yay! Vista and presumably Windows 7 aren't affected.

One way to avoid this is to not use IE. Firefox, Opera, Safari and other browsers aren't affected. The bad guys could try to open IE or trick you into opening it, so it's best to the video Active X advisory page and use the fix it button to turn off the part of IE that allows the exploit.

F-secure detects it as Exploit:W32/Agent.LBV. They have a write up and plug for their free beta of ISTP or ExploitShield that also protect you. Also has video link showing them trying to get infected with it and failing.

McAfee detects it as Exploit-MSDirectShow.b and has their write up here that says this has been around since last December and only has become widely know recently.

The Registry key that the Microsoft advisory page modifies is this. Best to not mess around in the registry. Might be more, but I'm not going to list them all.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400

More tech details at Microsoft Security Advisory 972890.

Wednesday, July 01, 2009

Somewhat new rogue Barracuda Antivirus gets wrath of legit Barracuda Networks

Another day, another rogue. This time it's named Barracuda Antivirus. I guess they wanted to ride the coattails of the real Barracuda firewall products. As usual, the fake Barracuda Antivirus will pop fake warnings and try to goad you into buying it.

The real Barracuda Networks had this to say:
This rogue ‘Barracuda Antivirus’ program is in no way affiliated with Barracuda Networks and is just one of a string of recent examples of hackers attempting to spread malicious programs using an established and trusted Internet security brand,” said Stephen Pao, vice president of product management for Barracuda Networks.

Barracuda is a successor to AntivirusBest. You can probably get rid of it with Malwarebytes Antispyware using the removal guide at Bleeping Computer for AntispywareBest. Screen shot of Barracuda Antispyware here.

More information about the real and legit Barracuda Networks here. They make hardware products to filter malware and spam for large networks, not really a home consumer solution.

iPhoto update 8.0.4 available

I don't use iPhoto too much, but it has it uses. There's a nice 103 MB update for it that fixes the issue from the iPhoto 8.03 update that caused iPhoto to crash. You could work around it by holding the Option key and then choosing your library, but what fun was that. I didn't have that problem, but this should help those that did.

Tuesday, June 30, 2009

Firefox 3.5 final available

Probably not a secret to most, but the latest version of Firefox is out. A big update, since the version went from 3.0 to 3.5. Most of the changes are underneath, so they aren't readily apparent. I've run it for a few hours and haven't had any issues. Tried doing just about everything you can with a browser and it all went well.

Speed is one thing that Firefox 3.5 is touted as having over the older version. It seems like everyone is touting their new, even faster browser. I do notice that Firefox doesn't compare itself to other browsers like Safari and IE but the earlier 3.0 and 2 versions. Safari is still faster for me going loading new pages, but clicking back to ones in your history, it's still Firefox.

One thing you'll see that is new is the private browsing feature. Safari has had it for quite awhile. Google Chrome launched with it and spread awareness, even getting the nickname "porn mode". Nothing groundbreaking, but handy to have. You can always just clear your private data manually.

Firefox 3.5 does have one thing that no other browser has. It supports some video types natively, without the need for a plug-in or 3rd party add-on. However, it's only the open source Ogg file types. Most things people watch online aren't using this. you can see a demo of a video that also showcases the new features. If web developers make more use of Ogg files, then this could be good. My guess is that it won't mean much until more file types are supported. Wikipedia might be an exception.

Missing is a top sites feature, like Safari and Opera have. You can get it with add-ons for Firefox, but this is becoming a standard feature of these days. I didn't think it was a big deal when Opera had it and then when Safari 4 added it. Once i started using it, it was like tabbed browsing. How did I get by without it before?

Other features include geolocation, the ability to drag tabs to be their own window, and adding a window as a new tab in a different browser window.

Of course there is security. there's a whole list of features listed at the Mozilla Firefox security page. Private browsing and Forget This Site are the new ones listed. Many of the others, like antimalware and antiphising are listed as improved. I haven't tested those two filters, but they are likely to be weak as they have been in all browsers.

You can download Firefox 3.5 at now. The internal updater for Firefox 3.0 doesn't offer it, as of yet.

AVProtection2009 Rogue

Saw an alert today about AVProtection2009. Like all rogue antispyware programs, it warns users about threats on their computer, which are usually false. It runs a somewhat real looking scan. After the scan, the program will offer to remove the threats if you purchase it.

Not too many details yet except what's at the Panda link above.

Friday, June 26, 2009

SecretService is the latest Rogue antispyware

SecretService is the latest rouge antispyware product acording to S!
ri. Away from home, so check out his page for more info.

Tuesday, June 23, 2009

Airport and Time Capsule Update 7.4.2

Well, here we go. First update and it's an Apple router one.

Apple released firmware update 7.4.2 for their Airport Base Station and Time Capsule today. Nothing particular for security mentioned, but there are several fixes which are listed as:

  • Fixes some problems with extending and maintaining connectivity with extended networks
  • Fixes an issue with clients that enable 802.11 "Power Save"
  • Fixes connectivity issues with some third-party devices
  • Fixes an issue when the base station is configured for PPPoE
  • Fixes some Back To My Mac issues with connectivity and support for third-party routers
You don't have to use an Airport router for a Mac to get online and a Windows computer can use an Airport router. I got a Time Capsule for a good cheap price recently and i like it. It's an 802.11n router, has an internal hard drive for sharing files and has a USB port that you can connect more hard drives and printers to so all my Macs and PC's can easily share files and print.

The wireless range is pretty good. I can turn down the transmit power to 25% and still connect through two outside walls and on the other side of the yard from where the router is.

Monday, June 22, 2009

How to Tell If That Pop-Up Window Is Offering You a Rogue Anti-Malware Product

One thing I run into often, is how to know if that program that is
saying it can fix your spyware and malware woes is actually any good.
As many have found out, even programs that remove malware can be
malware themselves. The infamous SpyAxe (which started me blogging)
was the first mainstream one. That was 2006. Since then, there have
been many, many that have followed. They usually get onto your system
by tricking you into installing a video codec to watch something.
There's even been some for the Mac. It can be quite confusing figuring
out what is a legit antispyware program and what is a rogue.

Sunbelt has a good piece on how to find out. I'll link to the blog
post since the it's a pdf file.