August 2005

Internet Explorer Exposes Clipboard Data

Microsoft's Internet Explorer exposes clipboard data via javascript with no security confirmation. Ever work on your company payroll or other sensitive material in Excel? Did you "copy and paste" any of the data? Anywhere you surfed after that could possibly be collecting that data. There is no fix for this and while it is highly unlikely you will pass data on to evil people you should clear your clipboard before surfing the web. Or use Firefox or Opera instead of Internet Explorer.

Opera 10th Anniversary

Opera browser is ten years old and still geting better. I like it so much I two paid versions: one on my PC and one on my phone. See what the fuss is about and for a (likely) limited time you can obtain a free registration code for your Opera which removes the advertising banner. The party is here.

Windows Registry Flaw

A recently detected flaw in Windows registry concerns its handling of long string names. A malicious program could hide itself in a registry key by creating a string with a long name which would allow it to remain hidden. Keys added afterwards would also remain obscured so the horror could escalate. The vulnerability affects Windows XP and Windows 2000 even if they are fully patched according to Secunia. A detection tool can be found here: http://isc.sans.org/LVNSearch.exe

Srv.SSA-KeyLogger

If you still use Internet Explorer to surf the 'Net you may be at risk of turning over private information concerning sites you visit such as Paypal or your online bank. Sunbelt Software has discovered a keylogger that can be installed by merely visiting an evil web site where a "drive by download" may occur. The infection opens a backdoor on the system that harvests usernames + passwords that are then sent to repositories. Some 30,000 indviduals have already been victimized. Sunbelt has offered a detection tool. Please consider using an alternative browser such as Firefox or Opera as a way to prevent this type of threat in the future..

Msdds.dll + Active-x = Bad

A file that does not normally ship with Windows but that is included with downloaded applications such as the .NET framework has the potential to to be used maliciously. Details on the file, Msdds.dll, can be found at Secunia and Microsoft. Run a search on your Windows PC and determine if you have the file - if not, you're safe. If you do have it then keep your eyes open for a patch from Microsoft in the near future. Until then keep an even closer eye on mysterious sites asking you to OK the running of Active-x scripts. Remember, the added functionality of Active-x is compromised by its lack of security so limit your Active-x controls to known safe sites if possible.

Adobe Acrobat Security Alert

Both Acrobat and Acrobat Reader have a flaw that would allow an evil .pdf file to cause a buffer overflow. The resulting crash could allow the risk of malicious code execution. Affected versions are Reader and Acrobat 5.1, 6.0 to 6.0.3, and 7.0 to 7.0.2. Users are strongly encouraged to update to the latest version of the software NOW. Use the auto update feature built into the software or visit Adobe.

Bot Battles !

When a trojan opens up a security hole in a computer it is very likely that other trojans will exploit the hole. This is what has happened with Zotob IRC trojan. In fact, it appears that at least four other trojans, broken into two teams, are attemping to kill Zotob. F-Secure has a "high-tech illustration" that explains the bot grudge match.

What You Should Know About Zotob

Microsoft has released several tools to check for and eliminate the series of Zotob virus now infecting Windows 2000 computers.

Zotob.A & Zotob.B Target W2K

Those of you still running Windows 2000 have to be aware of two nasty new Trojans named Zotob.A and Zotob.B - The worm attempts to connect to an IRC channel at a predefined address allowing attackers to, among other things, request system information and download/execute files. Access to numerous security related sites via the hosts file is also disabled.
Patches for this vulnerability have only been available for five days. Keeping abreast of critical security flaws and patching them quickly is your best defence. Never put off a security re-boot until tomorrow - it may be too late.

Rogers Yahoo Software Centre

I received an email from my ISP, Rogers.com, letting me know about a new bundle of security applications that are free for subscribers. So far so good. I launch the URL and am taken to the sign-in page and finally to the welcome page, where the whole process screeches to a halt because I am using Firefox and not Internet Explorer. Not supported. You must upgrade to IE 6.

Not bloody likely am I downgrading. I use Firefox and Opera, thanks.

So, I decide to at least fire up my IE 6 (oh, yes, I have it for just these wonderous occasions) and see what Rogers-Yahoo is offering for security.

None of my business it appears! Oh, you get anti-spyware, anti pop-ups, etc but it does not say whose software. I spend my time educatng people to check that what they download is legit and not spyware or virus filled and here my own ISP is keeping its clients in the dark.

Finally, the (limited) info explains that, "As part of the installation process, we will need to check your computer to determine what Rogers Yahoo! software is currently installed."

My goodness, I don't like the sound of that. Do you suppose they may actually be checking to see if the applications on the CD they insist you install upon joining Rogers is still there?

Good intentions badly carried out.

New Symbian Trojan

What would you do if the new application you just copied to your Symbian cell phone caused the fonts to disappear? Well, if you insist on visiting dodgy sites to download pirated software you may son have real world experience on the issue. A new trojan named SymbOS/Blankfont.A is waiting for you at a Warez site now!

Todays lessons learned:

• Never install an application on any device unless you have searched the Internet and came up blank on horror stories.
• Do not use pirated software.
• Stay away from sites that have evil intent or conduct illegal activities.

CoolWebSearch Spyware Uncovered

Identity theft via CoolWebSearch has apparently been uncovered. If true, and the facts are not yet comfirmed to my satisfaction, this massive illegal harvesting of financial and personal information may hopefully wake folks up regarding the potential security risks when using an unprotected Windows OS. Use a firewall and anti-virus software. Buy a hardware router. Install and run anti-spyware applications. Do not run your Windows in Administrator mode. Get a grip, dammit!

Windows 2000 Flaw

Uh-oh. Windows 2000 has been found to have a flaw in its core components that may be exploited to launch Worms and other nasties. Since Microsoft is no longer supporting this OS for casual users this is a problem. Now may be a real good time for you holdouts to drop a buck and upgrade to XP. Or take your chances and wait until 2006 when the new Vista OS debuts. What do you want to bet that Bill won't allow upgrades from 2000 to Vista? Uh-oh . . .