« Adobe | Main | All Things Mac »
Tuesday, April 14, 2009
Twitter Awareness
The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0
These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.
Now add smartphones and netbooks to the mix ;(
For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/
Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.
Edited on: Tuesday, April 14, 2009 12:07.58 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices, Firefox Extensions, Mobile, Mozilla Firefox, Online Apps, Security Alerts, Virus-Trojan-Worm Alerts
Monday, January 19, 2009
Downadup Worm Awareness
The nasty worm dubbed Downadup.AL is reaching out and touching many people. F-Secure has a (beta) application to check your Windows system for infection - it's here: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip. If you use Firefox browser (and why wouldn't you?) using the Add-on No-Script is a wise move to prevent this and other nasties from gaining a foothold into your system. Of course, running a software firewall, hardware router and and Anti-virus application is your best bet to remaining free of doom.| Categories: Adware/Spyware Alerts, Security Alerts, Virus-Trojan-Worm Alerts
Sunday, September 07, 2008
Facebook Botnet Proof of Concept
An application was recently created for Facebook called ‘’Photo of the Day‘’ that displayed a new photo from National Geographic every day. What users were unaware of was that the app turned their PC into part of a botnet that launched a denial-of-service attack on a targeted server. The server was one owned by the creators so no one was harmed but as a concept its frightening.
These co-opted PC's could be used to spread malware, trojans, etc. and are a direct threat the many social nnetworking sites that are now all the rage.
So, always assume that any software, even those online, could be compromised. One of the best ways to protect yourself is to use Firefox browser with the No-script add-on. This would likely have informed users that something weird was up.
| Categories: Adware/Spyware Alerts, Concepts, Online Apps
Wednesday, June 04, 2008
Evil Hewlett-Packard support application
If you use an HP computer chances are it has a pre-installed customer support application that has been found to contain multiple security vulnerabilities. The software is designed to make it simple for users to automatically update HP drivers and software. However, flaws in ActiveX components within the HP Instant Support allow drive-by download attacks in cases where users unwittingly visit insecure websites.
HP Instant Support HPISDataManager.dll version 1.0.0.22 and earlier are affected. Users should upgrade to version 1.0.0.24.
To install the upgrade HP users should visit "http://www.hp.com/go/ispe" and choose “launch an online diagnostic session".
| Categories: Adware/Spyware Alerts, Security Alerts, Virus-Trojan-Worm Alerts
Tuesday, November 27, 2007
Unpatched QuickTime Flaw
Those using QuickTime should be aware that a flaw in the most current version could allow attackers to execute code remotely on users machines. While there is no patch available CERT has posted various workarounds to minimize the risk.| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts
Saturday, October 20, 2007
RealPlayer Exploit
User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.| Categories: Adware/Spyware Alerts, Alternative Applications, Best Practices, Mozilla Firefox, Mozilla Thunderbird, Opera, Penelope Email, Privacy Issues, Security Alerts
Monday, June 11, 2007
OpenOffice.org Virus Spreads
A virus written in numerous scripting languages that can affect Windows, Linux, and Mac OS X computers is slowly spreading via infected OpenOffice.org documents. Best practice is, of course, to never accept documents as attachments in email if you were not expecting them. Inform the sender that it is always best to announce attachments before sending. Having a good Anti-Virus and firewall is also an excellent idea just in case nasties end up on your system. Better safe than sorry!| Categories: Adware/Spyware Alerts, Alternative Applications, Best Practices, Openoffice.org, Privacy Issues, Security Alerts, Virus-Trojan-Worm Alerts
Friday, June 08, 2007
Yahoo Messenger Critical Upgrade
Yahoo Messenger has released an upgrade to fix a known security hole that would allow attackers to execute code on your PC. Please upgrade to version 8.1.0.401 from here: http://messenger.yahoo.com/download.php| Categories: Adware/Spyware Alerts, Alternative Applications, Best Practices, Instant Messaging, Privacy Issues, Security Alerts, Virus-Trojan-Worm Alerts
Monday, May 14, 2007
Google: 1 in 10 Websites Unsafe
Especially if you use Internet Explorer as opposed to Firefox or Opera. The chance of being nailed by a "drive-by download" is almost non-existent when using any browser other than Internet Explorer. Do yourself a favour and try a safer alternative.
| Categories: Adware/Spyware Alerts, Alternative Applications, Headlines, Mozilla Firefox, Opera, Privacy Issues, Security Alerts, Virus-Trojan-Worm Alerts
Friday, July 21, 2006
MySpace.com + IE Flaw + Known Exploit = Chaos
It appears Internet Explorer is again being exploited by evil Windows Metafile (.WMF) images. Worse, these images reside on MySpace.com with some 50+ million users. This exploit quickly follows the most recent Microsoft Update forcing drastic action from someone.At out-of-cycle patch from Microsoft or a third-party fix from a two-person shop in Guyana all works for me. Until a fix appears use an alternative browser such as Opera or Firefox.| Categories: Adware/Spyware Alerts, Alternative Applications, Mozilla Firefox, Virus-Trojan-Worm Alerts
MS PowerPoint Attachment Trouble
If you receive an email from an unknown Gmail address and it contains an MS PowerPoint presentation then delete it.Edited on: Monday, July 31, 2006 4:27.20 PM EDT
| Categories: Adware/Spyware Alerts, Alternative Applications, Mozilla Firefox, Security Alerts, Virus-Trojan-Worm Alerts
Saturday, July 08, 2006
Macromedia Flash Player Update
The most recent version is available here:http://www.adobe.com/products/flashplayer/. This fixes a few security boo-boos and is a must have download.Edited on: Monday, July 31, 2006 4:27.03 PM EDT
| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts
Wednesday, May 24, 2006
IM Worm Targets Yahoo Users
A worm dubbed yhoo32.explr is spreading across Yahoo's IM network. It forwards itself using the contact lists of people whose computers have already been infected. If installed it hijacks the browser home page steering the users to an evil site that attempts to load spyware.| Categories: Adware/Spyware Alerts, Alternative Applications, Instant Messaging, Security Alerts, Virus-Trojan-Worm Alerts
Wednesday, May 17, 2006
Poker Players Beware!
If you downloaded RBCalc.exe as distributed by checkraised[dot]com then you have a rootkit on your system! Always check downloads before you make them to ensure they are safe.| Categories: Adware/Spyware Alerts, Best Practices, Privacy Issues, Security Alerts, Virus-Trojan-Worm Alerts
Thursday, March 30, 2006
Flexispy.A Symbian 60 Trojan / Keylogger
This nasty litle piece of work is actually a commercial product named Flexispy! It records information about voice calls and text messaging sessions. The information is sent to a company server where it can be viewed on the web. Now, I can imagine many scenarios where this type of application could be used in a positive manner but lets get realistic and assume it will be used for nefarious purposes. F-Secure has all the details.| Categories: Adware/Spyware Alerts, Mobile, Privacy Issues, Security Alerts, Software Tools, Virus-Trojan-Worm Alerts
Sunday, November 13, 2005
MS to Remove Sony Rootkit via Anti-Spyware & Malicious Software Removal Tool
Microsoft has decided that the Sony Rootkit poses a threat to its operating systems. Future updates to the Microsoft AntiSpyware application and the now commonly updated Malicious Software Removal Tool will contain the signatures required to remove the truly evil Sony Rootkit. Thanks Bill!| Categories: Adware/Spyware Alerts, Best Practices, Privacy Issues, Software Tools, Virus-Trojan-Worm Alerts
Tuesday, November 08, 2005
Sony Rootkit UNinstaller Almost Worse than Rootkit!
According to Mark Russinovich of Sysinternals.com (the chap who initially discovered the menace) the uninstaller only forces XP to issue the Windows command "net stop" that disables the driver. This inept handling can and has caused XP to crash. The President of Sony BMG's global digital business division Thomas Hesse has explained it all, "Most people, I think, don't even know what a rootkit is, so why should they care about it?" Right. I don't know what Sony stock is either so why should I care if it drops like a rock? Check out the story at The Register here: http://www.theregister.co.uk/2005/11/09/sony_drm_who_cares/ and don't miss the link to the NPR interview with the clueless Sony Prez.| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts, Software Tools, Virus-Trojan-Worm Alerts
Thursday, November 03, 2005
Sony Rootkit Uninstaller Available
Sony is now offering users an uninstaller for the Rootkit that would have secretly installed on their PCs if they had placed a Sony music CD in their CD drive anytime after March 2005. While the Rootkit is (probably) not in itself dangerous it does allow hackers a potential entry point into a users PC and for this reason alone should be removed. Bad Sony, bad dog!| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts, Software Tools
Tuesday, November 01, 2005
Sony, DRM & Rootkits
Sony BMG is currently using a rootkit-based DRM system on some CD records sold in USA.
The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed.
The quotes above were taken from F-Secure - The whole article is here.
| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts
Saturday, October 22, 2005
World Of Warcraft = Spyware
It seems the company the produces the popular game World of Warcraft, Blizzard, has been caught reading the processes on users PC's. Now, even though the EULA states this is happening and users could decline it's still a massive invasion of privacy. Read the story here: http://www.eff.org/deeplinks/archives/004076.php and check out the way to "spy on the spy" here: http://www.rootkit.com/newsread_print.php?newsid=371.| Categories: Adware/Spyware Alerts, Privacy Issues, Security Alerts, Software Tools
Tuesday, August 30, 2005
Windows Registry Flaw
A recently detected flaw in Windows registry concerns its handling of long string names. A malicious program could hide itself in a registry key by creating a string with a long name which would allow it to remain hidden. Keys added afterwards would also remain obscured so the horror could escalate. The vulnerability affects Windows XP and Windows 2000 even if they are fully patched according to Secunia. A detection tool can be found here: http://isc.sans.org/LVNSearch.exeEdited on: Tuesday, August 30, 2005 12:39.13 PM EDT
| Categories: Adware/Spyware Alerts, Software Tools, Virus-Trojan-Worm Alerts
Friday, August 26, 2005
Srv.SSA-KeyLogger
If you still use Internet Explorer to surf the 'Net you may be at risk of turning over private information concerning sites you visit such as Paypal or your online bank. Sunbelt Software has discovered a keylogger that can be installed by merely visiting an evil web site where a "drive by download" may occur. The infection opens a backdoor on the system that harvests usernames + passwords that are then sent to repositories. Some 30,000 indviduals have already been victimized. Sunbelt has offered a detection tool. Please consider using an alternative browser such as Firefox or Opera as a way to prevent this type of threat in the future..| Categories: Adware/Spyware Alerts, Virus-Trojan-Worm Alerts
Saturday, August 06, 2005
CoolWebSearch Spyware Uncovered
Identity theft via CoolWebSearch has apparently been uncovered. If true, and the facts are not yet comfirmed to my satisfaction, this massive illegal harvesting of financial and personal information may hopefully wake folks up regarding the potential security risks when using an unprotected Windows OS. Use a firewall and anti-virus software. Buy a hardware router. Install and run anti-spyware applications. Do not run your Windows in Administrator mode. Get a grip, dammit!| Categories: Adware/Spyware Alerts, Best Practices
Monday, July 25, 2005
Spyware "calling home" Increasing
The Register reports that the UK firm ScanSafe estimates that around 8% of outbound traffic from PC's is evil Spyware applications attemping to connect to the Internet.Get thee hence to a firewall, varlet, or thy doom is certain!
Monday, July 11, 2005
MS Anti-Spyware Allows Claria Adware?
It appears that Microsoft's Anti-Spyware application now defaults to allowing these well known purveyors of spyware to exist on users computers. For this reason alone we suggest you always run more than one spyware removal application - consider this as the layered defence. Try Spyware Blaster, HijackThis! and Spybot - Search & Destroy.
Edited on: Wednesday, July 20, 2005 6:31.58 PM EDT
| Categories: Adware/Spyware Alerts, Alternative Applications
Wednesday, June 29, 2005
Newest Windows AntiSpyware (Beta)
Edited on: Wednesday, July 20, 2005 4:12.38 PM EDT
| Categories: Adware/Spyware Alerts
Monday, March 14, 2005
Java Applet trojan
>
>So, if you have Java switched on in your browser and a dodgy website asks you whether you want to run Java applet, just answer no.
>
>To be absolutely safe turn off Java. Ooh, but you'll miss all the bounching balls and goofy sound effects. End sarcastic comment.
Edited on: Wednesday, July 20, 2005 5:36.32 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices
Thursday, February 10, 2005
Future Threats
Ack.
Edited on: Wednesday, July 20, 2005 5:43.49 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices, Bluetooth, Mobile, Security Alerts, Technology, Virus-Trojan-Worm Alerts
Monday, January 17, 2005
No More Internet for Them
The article has no mention of alternatives to Windows OS, browser alternatives to Internet Explorer or email alternatives to Outlook Express.
Sigh.
Edited on: Wednesday, July 20, 2005 5:59.43 PM EDT
| Categories: Adware/Spyware Alerts, Alternative Applications, Best Practices, Concepts, Eudora Email, Mozilla Firefox, Mozilla Thunderbird, Openoffice.org, Opera, Software Tools
Thursday, January 06, 2005
Microsoft Releases Anti-Spyware beta
Security has always been a weak point at Microsoft and this problem has, up until recently, been solved by third-party software vendors who have produced well thought out applications to save us from evildoers.
Since Bill has seen the light we have received Microsoft Firewall and now the Microsoft Anti-Spyware beta.
I would suggest you at least try the Anti-Spyware and see if it offers any increased security when used in conjunction with established Anti-Spyware applications - remember this is BETA and may not work quite as expected.
Several lunatics at slashdot.org claim the validation procedure can be ignored. Your mileage may vary.
Comments welcome from all those with busted Windows OS's and you Windows 2000 beta users - you know who you are . . .
Edited on: Wednesday, July 20, 2005 6:03.21 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices
Wednesday, December 15, 2004
Rogue/Suspect Anti-Spyware Products & Web Sites
here to confirm the cure isn't worse than the disease.
Edited on: Wednesday, July 20, 2005 6:17.20 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices, Software Tools, Virus-Trojan-Worm Alerts
Thursday, December 02, 2004
Spyware Database Search
So before you download that neat new program you found check this site and confirm that you won't infect your system.
You would also be wise to check several popular Search Engines for the name of this neat software and the word "spyware" (without the quotes) - If this search returns indications of weirdness perhaps you had better not download the software.
Edited on: Wednesday, July 20, 2005 6:22.07 PM EDT
| Categories: Adware/Spyware Alerts, Best Practices, Software Tools, Virus-Trojan-Worm Alerts