Wednesday, May 31, 2006

The Importance of the Limited User - Revisited

If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use.

By running Windows the way Microsoft ships it - using the all-powerful administrator account - you expose yourself to huge security risks. If a Trojan horse or virus makes it onto your machine while you're using an administrator account, it can get its hooks deep into the operating system (often without your knowledge.) However, by regularly using Windows under a limited account, you can safely avoid the vast majority of malware out there today, simply because the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example, that installation process fails.

Read the article HERE.

CSI: Redmond

Once upon a time not that very long ago, Microsoft CEO and chief cheerleader Steve Ballmer was attending a friend's child's wedding. One of the parents complained that his PC had slowed to a crawl and was performing miserably. Would Steve mind having a look?

Ballmer spent the better part of the next two days trying to rid this PC of worms, viruses, spyware, malware, severe fragmentation, and well, you name it. Picture it: the world's 24th wealthiest person, a man worth $13.6 billion according to Forbes magazine, sitting at a table for two days, playing tech support. Ballmer eventually gave up and instead lugged the machine back to Microsoft's campus.

It turns out there were more than a hundred pieces of malware of various types. Things that these engineers using Microsoft's own private tools could not ferret out and fix. Some of these threats hooked themselves deeply into the core operating system and essentially lied about their existence. Other malware scoured the hard drive for anything containing the string "virus," and would "shoot them dead." The result was disabling any installed antivirus software.

It took a team of engineers to restore this system to health. And it was a real wake-up call.

"This really opened our eyes to what goes on in the real world."

As a result of this event and others like it, Microsoft got religion about system health.

At least that's what we're told.

Read the article HERE.

Tuesday, May 30, 2006

10 dumb things users do

Users find plenty of ways to run into trouble, from gunking up their system with shareware to leaving it exposed to attackers to forgetting about using surge protectors.

Check this list to see how you rate.

See the list HERE.

Symantec Plugs Hole in Record Time

To its credit, by working feverishly through the holiday weekend, Symantec's security response team has completed patches for a "high-risk" worm hole in two enterprise-facing product lines.

Of course, the haste in patching the hole may also be due to the fact that it was their commercial product. Much like Microsoft working to fix the Word exploit [ see story below ], it always comes down to dollars.

Read the story HERE.

Monday, May 29, 2006

Microsoft defends monthly patch cycle

Bret Arsenault, Microsoft Corp.'s chief security advisor, talked today about why Microsoft doesn't plan to release an out-of-cycle fix for an unpatched vulnerability in Word for which an exploit is already available.

The plan right now is to release a patch on June 13 as part of the regular update.

Read the entire interview HERE.

Microsoft May Release Word Patch Early

In a re-think, Microsoft may release the patch for the Word exploit early. Why ? Probably because it affects their business clients. And that's where the money is.

Read the article HERE.

Is Your Data Encryption Really Secure ?

There are various types and methods of data encryption. Some of the most popular forms of data encryption include single file encryption, folder encryption, volume encryption, whole disk encryption, and of course email encryption. The Windows XP operating system has the ability to perform file and folder encryption. There are 3rd party tools, like PGP Desktop, which can perform whole disk, logical disk, file, and e-mail encryption.

Read the entire article HERE.

Sunday, May 28, 2006

Symantec AntiVirus Puts Millions at Risk

A flaw has been found in Symantec's [ NORTON ] latest enterprise antivirus software that allows hackers to exploit a PC without the user having to open anything. Version 10 and above of Symantec's enterprise anti-virus software is said to be affected.

The consumer AV products, however, are said not to be affected by the threat.

But :
Last December, a flaw was discovered in Symantec's Antivirus Library that potentially allowed remote attackers to gain control of users’ systems. And in October, a critical flaw was found in the company's anti-virus scan engine software.

And I personally find it to be a major resource hog and a very intrusive software.

Read about the latest flaw :

  • Click here to read the original story at CNN.com
  • Flaw found in Symantec antivirus software - vnunet.com
  • Symantec Antivirus Vulnerability Revealed - SecurityProNews
  • Flaw Found in Symantec AntiVirus - PC World
  • Symantec AntiVirus Worm Hole Puts Millions at Risk - eWeek

  • Saturday, May 27, 2006

    Private Post for Outlook Express

    A British company is turning email encryption into a mainstream option with the development of a super user-friendly free download of its product called Private Post.

    Encrypting your email literally wraps your messages and attachments in an envelope to keep you safe from hacking, phishing, identity theft and, ultimately spam.

    Private Post is a military grade product using 256-bit AES encryption and it’s the first commercial implementation of elliptic curve cryptography so its really secure.

    Online demo HERE. Download it HERE.

    Core Force - Endpoint Security Solution

    Core Force is the first community oriented security solution for personal computers. It is free and provides a comprehensive endpoint security solution for Windows 2000 and Windows XP systems.

    CORE FORCE can be used to:
    Protect your computer from compromises by worms, virus and email-borne malware

    Prevent your computer from being used as a staging point to amplify attacks
    Prevent exploitation of known bugs in the OS and appls running on your computer
    Prevent exploitation of unknown bugs in the OS and appls running on your computer
    Detect and prevent execution of adware, spyware, trojan horses and other malware

    Core Force is great lockdown system, but it takes time to set up and configure.
    It will NEVER be something to use “out of the box”.
    It takes time to become familiar with Core Force, but it is an amazing tool.


    Core Force can be downloaded HERE.

    Friday, May 26, 2006

    Protecting Our Keystrokes

    Whether it is passwords, documents, e-mail or instant messaging, much of today’s private information is entered via keyboards. If not protected, keystrokes can be used by malicious entities for accessing data or identity theft. The potential destructive use of keylogging technology makes it a subject that should not be taken lightly.

    Read the whitepaper HERE.

    Thursday, May 25, 2006

    Windows Vista - Are You Ready ?

    Set your systems for Vista

    Microsoft has kicked off a campaign aimed at helping customers prepare for the new operating system, which is set for a mainstream launch in January. Microsoft launched a "Get Ready" Web site, which includes an Upgrade Advisor tool to help people determine just how Vista-ready an existing PC is.

    Does Vista really need 15GB of disk space?

    In short, no. But this alarming message may appear on your monitor.

    It's all explained HERE.


    Windows Vista Beta 2: The key word is 'Beta'

    I've just spent the past four days living and breathing Microsoft’s Windows Vista Beta 2. I would like to tell you how easy it was to install and how much fun I’ve had using Vista Beta 2 over the past few days, but I can’t. That’s because the combination of Beta 2 and the laptop computers I tried to install it on was like trying to mix oil and water.

    Read the entire article HERE.

    Vista - Premium Ready

    Computer makers who meet higher requirements will be able to tout their machines as "Premium Ready," indicating the PCs are able to take advantage of higher-end features, such as Vista's Aero graphics. Microsoft did publish official minimum requirements for Vista, largely matching the Vista-capable specifications. Systems need ...

    Read the article HERE.

    Wednesday, May 24, 2006

    What Is Gaim?

    Following on from yesterday's item regarding the Yahoo messaging worm, many of you should seriously consider this alternative.

    Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, Novell GroupWise Messenger, Lotus Sametime, and Zephyr networks.

    Gaim users can log in to multiple accounts on multiple IM networks simultaneously. This means that you can be chatting with friends on AOL Instant Messenger, talking to a friend on Yahoo Messenger, and sitting in an IRC channel all at the same time.

    Gaim supports many features of the various networks, such as file transfer, away messages, and typing notification. It also goes beyond that and provides many unique features. A few popular features are Buddy Pounces, which give the ability to notify you, send a message, play a sound, or run a program when a specific buddy goes away, signs online, or returns from idle; and plugins, consisting of text replacement, a buddy ticker, extended message notification, iconify on away, spell checking, tabbed conversations, and more.

    A VERY detailed FAQ page is available HERE.

    War-driving in England

    Yes - another article about wireless security.
    Why - because many people do not realise the severity of this issue.

    The Internet is changing, from being a network of computers to a network of the most varied devices possible. And the world itself is becoming increasingly mobile, with an enormous range of communication devices available. This is a relatively new phenomenon and, like all innovations, it’s of interest both to hackers and to information security companies. The situation is complicated by the fact that, like everything new, wireless networks and protocols still haven’t got over their teething troubles: in the hands of inexperienced users, they can pose a serious risk.

    62% of networks at InfoSec were operating without encryption, and this is an unacceptably high percentage. The majority of these access points provide access to the equipment of IT exhibitors, a major target for hackers.

    In a notorious case last year, scammers installed several false access points, with an interface which appeared to provide access to the public network. Unsuspecting users who connected via such access points entered their passwords and other confidential data which were then sent directly to the scammers.

    Read this very informative article HERE.

    Tuesday, May 23, 2006

    Yahoo messaging worm installs bogus browser

    Security researchers have identified a new worm spreading across Yahoo's instant messaging network that has been cloaked under the guise of a "safety" browser in an attempt to dupe users.

    Malware writers have created a new worm that installs a new browser and plays screeching music. [Because Safety Browser uses the Internet Explorer icon to identify itself, users can easily mistake it for the legitimate Microsoft browser.]

    The annoyance starts with a link apparently sent by a friend in Yahoo's instant messaging program. Once loaded onto a PC, the malicious program automatically hijacks the computer's existing browser home page and encourages users to visit a fraudulent Web site that attempts to load spyware programs onto their devices.

    A detailed and illustrated explanation is available HERE.

    The Ultimate Net Monitoring Tool

    The equipment that technician Mark Klein learned was installed in the National Security Agency's "secret room" inside AT&T's San Francisco switching office isn't some sinister Big Brother box designed solely to help governments eavesdrop on citizens' internet communications.

    Rather, it's a powerful commercial network-analysis product with all sorts of valuable uses for network operators. It just happens to be capable of doing things that make it one of the best internet spy tools around.

    Entire article available HERE.

    Monday, May 22, 2006

    Encryption tool rekindles security debate

    Philip Zimmermann wants to protect online privacy. Who could object to that?

    He has found out once already. In 1991, he developed an encryption program called Pretty Good Privacy, or PGP, for use in sending scrambled e-mail messages.

    Now he is again inviting government scrutiny. By Monday, he plans to release a free Windows software program, Zfone, that encrypts a computer-to- computer voice conversation so both parties can be confident that no one is listening in.

    What sets Zfone apart from comparable systems is that it does not require a web of computers to hold the keys, or long numbers, used in most encryption plans. Instead, it performs the key exchange inside the digital voice channel while the call is being set up, so no third party has the keys.

    Read the text article HERE.

    Sunday, May 21, 2006

    Big bank goes phishing

    I was on the road recently. I forgot/lost/misplaced my password to log on to Internet banking so I could pay my staff. I called 1-800-Amsouth and asked for my password.

    They asked me for: 1) my name; 2) account name and number; 3) address; 4) federal ID number; and 5) date of birth. Then they gave me my password.

    My wife overheard the conversation and raised hell with me about how easy it was to gain access to our intertwined online accounts with no decent security check. AmSouth's proof-positive security check was, in fact, public information.

    Then it only got worse. AmSouth called me at home. The woman on the phone said she needed to discuss a problem with me, but first I needed to answer a couple of questions. Then she proceeded to ask me for personal information to "protect me" and "confirm my identity."

    What's wrong with this picture?

    Read the entire article HERE.

    Friday, May 19, 2006

    When Spyware Performs as Advertised

    A few words of caution to any Myspace users out there considering "free" software designed to let you spy on unsuspecting others online: Be sure to read the fine print when a product like this says "free," and don't be surprised if the software is used to spy on you.

    Read this interesting article HERE.

    Thursday, May 18, 2006

    Password Recovery Speeds

    How long will your password stand up ?

    This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. The figures shown are approximate and are the maximum time required to guess each password using a simple brute force "key-search" attack.

    Check your password HERE.

    Wednesday, May 17, 2006

    Two Popular Software Programmes Upgraded

    Nmap 4.0

    Numerous security professionals consider Nmap, an open-source network port scanner, to be an essential part of their toolkit. A cross-platform tool, Nmap provides 11 scan techniques and many scan customization features to help you discover and identify the applications installed on your network as well as test firewall and intrusion detection system (IDS) configurations. The recent release of Nmap 4.0 represents more than two years of upgrades, module overhauls, and feature tweaks, making this version of the venerable tool faster and more reliable than earlier versions, especially when run on Windows.

    More about it HERE.

    Kaspersky® Anti-Virus 6.0 and Kaspersky® Internet Security 6.0

    Kaspersky Lab, a leading developer of secure content management solutions that protect against viruses, Trojans, worms, spyware, hacker attacks and spam, is launching new and enhanced versions of its antivirus and Internet security software.

    Read the press release HERE.

    Why Google is Shaking the Security World

    Ask Google anything — what's happening to GE's stock price, how to get to 881 Seventh Ave. in New York, where Mission Impossible 3 is showing, whatever happened to Brian W. after he moved away in the ninth grade — and you'll get an answer. That's the power of this $6 billion search engine sensation, which is so good at what it does that the company name became a verb.

    Read the entire article HERE.

    Erazer Trojan takes on software pirates

    The Trojan looks through P2P file sharing folders, seeking out formats such as AVI, MP3, MPEG, WMV, GIF, and ZIP. When it finds these files, it wipes them out and places a copy of itself in the folder.

    Trojan Erazer could be dangerous because it tries to turn off antivirus applications and other security tools, the researchers observed, noting that its methods are worrisome because it deletes files, steals information, adds itself to the registry, and then drops more malware on the target system.

    Read all about it HERE.

    Tuesday, May 16, 2006

    The War Driver Returns

    I am back on the prowl.
    Stealthily I slide through the night, searching for unprotected wireless networks.
    I find one!
    Who cares?

    Read the full article HERE.

    Monday, May 15, 2006

    Wireless Security Attacks and Defenses

    This paper provides great insight into properly securing Wireless LAN's. It's amazing the number of WiFi installations that are open to neighbors and others!

    Is your network as secure as it can be?


    Read the White Paper HERE.

    Blasting away security myths

    During my nearly two-decade computer security career, I’ve always been amazed by how many security myths are propagated as fact by readers, instructors, leaders, and writers.

    Just because most people say it's so doesn’t make it correct.

    Because of this, I have a new rule: You should not teach, lead, or write about something until you’ve at least tried it once yourself. Don’t just repeat the same things as mantra without testing to see if the statement holds water.

    For instance...finish the article HERE.

    Sunday, May 14, 2006

    QuickTime Multiple Vulnerabilities

    Twelve vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system.

    If you use iTunes you also have QuickTime installed on your computer.

    Read the Technical Descriptions HERE.

    Go straight to download page : http://www.apple.com/support/downloads/quicktime71.html.

    Saturday, May 13, 2006

    Invasion of the Computer Snatchers

    Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again.

    Grab a coffee. Enjoy this great STORY.

    Friday, May 12, 2006

    Anonymity In Your Pocket

    You may have heard about those heavily advertised software packages like Anonymizer, SafeSharing, InvisibleIP, SecretSurfer, etc. Well, not only do they charge you money and/or a subscription fee, but they are bloated and full of useless components. They also require an installation which leaves tracks on your computer. How is that anonymous?

    Download Torpark and put it on a USB Flash drive.
    Plug it into any internet terminal whether at home, school, or public

    Try Torpark; its small, portable, clean, free of spyware/adware, and its free.

    Visit the website HERE.

    Thursday, May 11, 2006

    New security program to prevent exploits

    SocketShield is designed to stop exploits and block malware at the gate. Since we've seen several zero-day exploits this year already, I think this application can really help prevent the massive trashing of machines as we've seen with the WMF exploit and the CreateTextRange exploits that were used and are still being used.

    Read about it HERE.

    Wednesday, May 10, 2006

    Microsoft Issues Security Updates

    Microsoft today issued three software patches to fix a security flaw in Windows, another in its Exchange Server e-mail product, and two "critical" vulnerabilities in older versions of Adobe's Macromedia Flash Player that comes bundled with Windows.

    Full details available HERE.

    Monday, May 08, 2006

    70% of malware relates to cyber crime

    PandaLabs has published its malware report for the first quarter of 2006, which confirms the new malware dynamic based on generating financial returns. Spyware, Trojans, bots and dialers were the most frequently detected types of malware between January and March 2006.

    Read the article HERE.

    Sunday, May 07, 2006

    Trojan Horse Delivered In Automatic Update

    This is a fictional article about a Trojan Horse Virus.

    Many major operating system vendors have automatic update services. Many hardware vendors and other software packages have followed this trend, incorporating automated update services into their products. In some cases, the services for automatic updates run as the local “system” account. This account has the ability to access and modify most of the operating system and application environment. When automatic updates were relative new, many people would perform the updates manually, however, as time has progressed, many now trust these services and allow the updates to proceed in a truly automated fashion.

    If we don’t think that this “worse case scenario” can happen, then we’re kidding ourselves.

    A very interesting read may be found HERE.

    Saturday, May 06, 2006

    Winning the spyware wars

    The internet is the quintessential free lunch: in exchange for free software and free information, we get free viruses and free spyware. It is a high price to pay for a bargain.

    But now the price of internet freedom has begun to fall - companies that litter our computers with annoying pop-up adverts and secret profiling software have begun to clean up their act.

    This is the paradox at the heart of the internet’s future: as more and more people make more and more money there, they will be giving away more and more cool things for free, as a vehicle for lucrative advertising. That does not have to be bad news for the consumer: slowly we, the people, are taking control.

    Read the entire article HERE.


    Who Owns Your Computer?

    When technology serves its owners, it is liberating. When it is designed to serve others, over the owner's objection, it is oppressive.

    It's the battle to determine who owns your computer.

    You own your computer, of course. You bought it. You paid for it. But how much control do you really have over what happens on your machine? Technically you might have bought the hardware and software, but you have less control over what it's doing behind the scenes.


    Read the entire article HERE.




    Friday, May 05, 2006

    Security Updates

    Microsoft to Issue Three Security Updates Next Week

    Microsoft said today it plans next week to release three free software updates to fix security holes in its products, including two vulnerabilities in Windows and another in its Exchange Server corporate e-mail product..

    At least one, possibly both, of the Windows patches will carry a "critical" rating -- Redmond's most severe. Microsoft considers a flaw "critical" if the vulnerability could be used by attackers, viruses or worms to seize control over a targeted computer without any action on the part of the victim. The Exchange patch also will come with a "critical" label.

    Microsoft will issue the updates at some point on Tuesday afternoon.

    Firefox 1.5.0.3 released to address DoS vulnerability

    The DoS vulnerability has been patched and all Firefox users should update to the latest version - Firefox 1.5.0.3 HERE.


    Thursday, May 04, 2006

    Test Your Security Knowledge

    The Security+ exam from CompTIA is an entry-level certification for those wanting to authenticate their knowledge of basic computer/networking security concepts. It consists of 100 multiple choice questions that need to be answered within 90 minutes.

    This sample test of 50 questions is intended to let you test your knowledge of the subject of basic security and your readiness for this, or a similar, certification test. It should also be pointed out that CompTIA offers a page of study tips for the exam, and it is worth skimming.

    Answers are at the end of the article. Good Luck !

    We lack savvy on cyber-safety

    Washington has one of the highest rates of computer ownership in the US — nearly three-quarters of adults own a computer. Yet we still have some things to learn about staying safe online.

    People pick up their computers like a car and expect to turn a key and have it run trouble free.

    View complete story HERE.

    Wednesday, May 03, 2006

    Cracking the Cult of Hackers

    In the early days, it was all about ego. Today, hacking is absolutely predominantly financial. Everything is driven by financial gain.

    Much like spies and movie stars, hackers carry the allure and mystery of another world. Or maybe it is the relatively lower level of tech savvy among most people -- some of whom dread switching e-mail programs, much less contemplating the intricacies of programming code -- that gives hackers their particular luster.

    Read this very informative article HERE.

    Release of open source security suite

    Germany's Federal Office for Information Security (BSI) will present several new open source-based desktop and security applications on Wednesday at a local Linux event.

    The applications include an e-mail encryption tool for Windows users, a security suite for the public and private sectors, and desktop systems for public administrations.

    The GNU Privacy Guard for Windows (gpg4win) application is based on the free software GnuPG, designed to enable data encryption and easy integration with other applications, including Microsoft's Outlook 2003. The software, available for free under terms of the GNU General Public License, can be used not only by public administrations and businesses but also by consumers.

    Find out more HERE.

    Tuesday, May 02, 2006

    Security is not just a Microsoft issue

    Few days go by without someone writing to me and saying that Microsoft’s security efforts are “a joke.” Almost daily I encounter articles by tech columnists recommending that we all use Linux or Macintosh, run non-Microsoft applications, use an alternative browser, and so forth “for better security.”

    The point is that you can’t escape security problems just by using non-Microsoft products. Their security problems may get more publicity, but the false sense of security you get by using that “secure” OS or browser may end up exposing you to even more risk.

    Read the entire article HERE.

    Monday, May 01, 2006

    Microsoft to use Authentication for Office

    In its increasingly aggressive drive to stamp out piracy, Microsoft is bringing Office into the WGA fold, and adding a new notifications service to WGA itself.

    Windows Genuine Advantage has worked so well that Microsoft is planning to introduce a version of the anti-piracy authentication program targeted at its Office suite.

    Microsoft officials said on April 24 that the company is commencing this week a pilot of "Office Genuine Advantage," (OGA) a program that will operate almost identically to Windows Genuine Advantage (WGA).

    More information HERE.