Better Safe Than Sorry

Critical Microsoft Fixit

Bill has announced that an unpatched critical security hole in Windows XP operating systems is a genuine threat. A temporary patch using Microsoft Fix it is available here - after the .msi file downloads double-click it and the install is self-explanatory. Users who apply this patch will not need to uninstall it before applying the official patch when it becomes available towards the middle of July.

Restart Later?

Using Windows XP means having to restart the OS on a regular basis for many reasons. Many times you may be in the midst of something and choose to restart later. Rebooting your PC is also forced upon you at times and again it always seems to happen when you are knee-deep into something that causing you to reboot later - much later.

When you install software applications under Windows XP the installer (such as InstallShield) will frequently suggest you close all other programs before continuing the install. Oh, sure. As if.

Best practice sez: Restart, reboot and close all other programs before continuing the install and your XP box will be better behaved. There is much less chance of software or hardware conflicts if you plan ahead to avoid doing anything later.

Restart, reboot and close when asked.

Internet Explorer F1 Key Flaw

If you use any of the last several versions of Internet Explorer you are advised to not press the F1 key if prompted by any web site. A flaw has been discovered that could open up your Windows machine (except Vista, way to go Bill!) to evil-doers. The Microsoft Security Advisory (981169) is here: http://www.microsoft.com/technet/security/advisory/981169.mspx

The quote from Microsoft below:

Successful exploitation of this vulnerability requires that users assist the exploit by pressing the F1 key on their keyboard. Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.

Consequently, malicious Web sites may attempt to persuade users into pressing the F1 key. Such a Web site could invoke an endless loop of dialog boxes that tell the user to press the F1 key to end the loop, or offer information such as pricing information or help to be revealed through the F1 key.

Users are advised to avoid pressing F1 presented by Web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to terminate the Internet Explorer process.

Adobe Flash Security Upgrade

Adobe has released an out-of-sequence update of its Flash Player that fixes two critical security holes in its Web browser plugin.

The latest version is now version 10.0.45.2. Visit here to check your version.

Also, remember that you will have to install the upgrade seperately for each browser you use so if you're like me well, Internet Explorer, Firefox, Opera and Chrome all need patching!

If you can read this . . .

. . . then your Windows machine hasn't had a BSoD lately I'll guess. It appears one of the updates from Bill has caused mischief

If you have not updated recently you may wish to do a custom update after deselecting KB977165. If you have downloaded the updates but not installed them, again, you may wish to do a custom update after deselecting KB977165. If you have installed it and everything is fine but you are still wary and want it gone then simply go to the Control Panel - Add or Remove Programs (ensure Show updates is checked) - click the Remove button for KB977165.

Best practice is to download but not install for a couple of days. If there is a problem let the rest of the Interpipe sort it out, eh?

Krebs on Security has a (probable) fix here.

Government warnings about IE

When goverments warn about the dangers of using Internet Explorer you can be sure it's time to seek out a alternative application - a safer surfer.

There is, in no particular order, Firefox, Opera and Chrome as well as other browsers.

Do yourself and others a favour by not using Internet Explorer. It's a security hole.

Why, it's like the Adobe Reader of browsers ;)

Go here for links to two of the afore mentioned browsers or you can search for other browser options.

Firefox Update

Y'all better check yer Firefox to see that you are running version 3.5.5 - if you aren't then run a manual upgrade (Help - Check for Upgrades). You might also set Firefox to automagically download and install upgrades:

Facebook Hacking

A new applications on Facebook, "City Fire Department," has been compromised by hackers. The application had been modified to deliver an iframe which can bring content from one Web site to another. This iframe tries to exploit vulnerabilities to download a fake antivirus program called Antivirus Pro 2010.

A few of the other hacked or bogus applications are:

• MyGirlySpace
• Ferrarifone
• Mashpro
• Mynameis
• Pass-it-on
• Fillinthe
• Aquariumlif

Ok, here is the deal - When you find a wonderful new application on Facebook do a quick search on Google or bing to determine if anyone has had any problem with it. You can also wait, yes wait, for a day or two until enough newbies have started using it to provoke any disasters - if all is well after this then you might . . . might try it. Just make sure your Facebook preferences are locked down for maximum security. Or just don't use any of these silly applications until Facebook gets a grip and uses some mechanism to confirm these applications aren't a giant security hole!

Firefox Plugs Microsoft Security Hole

If you use Firefox (and you should, imho) you have probably already seen a pop-up alert informing you that it is blocking Microsoft`s .NET Framework Assistant and Windows Presentation Foundation add-ons that were stealthily installed by Microsoft earlier this year.

This hole was supposed to have been fixed earlier by having users edit the Windows registry - but this idea stunk because editing the registry is potentially dangerous. Microsoft later released a simple point and click removal tool - except this left behind the Windows Presentation Foundation plug-in which is what was just killed by Mozilla.

So, the confusion up to now has been addressed by both Mozilla and Microsoft to remove both nasty bits. Whew!

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Facebook Privacy

Check out the handy list of 10 Privacy Settings Every Facebook User Should Know by Nick O'Neill on February 2nd, 2009 at: http://www.allfacebook.com/2009/02/facebook-privacy/

Patches Make Pefect

On February 10, 2009 Microsoft released four critical patches that could allow evil-doers to take control of an unpatched computer remotely. The updates affect Internet Explorer 7, Windows XP Professional Edition, Windows Vista, Exchange 2000 Server, Exchange Server 2003 and 2007, SQL Server 2000 and 2005 and Office Visio 2002, 2003 and 2007.

The best part of his was the Security Bulletin (MS09-002) that accompanied the patches that stated, "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,"

Since probably 90% of folks running any flavour or Windows run as an Administrator most people are at risk here.

If you use Windows try to ensure you do nor run in Adminstrative mode. This is bad. Very bad.

So, ensure your Automatic Updates are turned on and patch early and patch often.

Phishing Targets Tweeter

The popular mobile service Tweeter has been hit with phishing messages. Nothing new about this. It is a good time to remind folks about the devious nature of these evil doers. Any method will be used to induce the unwary or stupid to visit sites that will attempt to upload all kinds of malware, spyware, trojans, etc. to your PC, smartphone or other device. The vector for this specific attack is the very popular 'TinyURL' online application that turns large, unwieldy URLs such as “http://www.somewhere.orf/really/long/directory/” into something such as “http://tinyurl.com/4d4a2” which can be remembered long enough to key into a browser. The problem is that the TinyURL could lead one to evil sites. Very bad. TinyURL's solution, which folks either don't know about or don't use or understand is to use the Preview TinyURL. In our previous example one should append the TinyURL with preview: “http://preview.tinyurl.com/4d4a2”. This will allow for the best practice of safely viewing a rendering of the intended target before actually visiting it.

WPA Cracked

If you use WiFi to connect to your Internet provider via a wireless router be aware that recently a crack has been found that could allow eavedroppers to detect your passphrase. The simple solution (for now) is to use WPA2 rather than the now vulnerable WPA. If by some chance you missed the memo about the much older WEP protocol you should have stopped using that years ago! If your router does not use WPA2 then ensure it is using AES encryption and not TKIP. Also be damned sure your passphrase is long (12+ characters minimum) and contains a mixture of lower case, upper case, numerals and characters. So, password IS NOT up to scratch. k*uh7%vg4Sk9jNVfdxq)( is just about right ;-)

Critical Patches Released for Adobe Applications

Adobe has released patches that fix at least eight security holes in both its Acrobat and Adobe Reader programs. These flaws could be used by evil doers to take control of vulnerable systems. Versions 8.1.2 and earlier are affected. Adobe has rated these updates as “critical” indicating that the flaws could allow attackers to comptomise an unpatched system without the users knowledge. The Windows update may be found here.

Opera 9.62 released

The latest version of the safest browser around has been released. You are advised to download and install to patch two security holes that could be used for, among other things, cross-scripting attacks. It is available here: http://www.opera.com/download/

Critical Microsoft patch available

Microsoft has issued an out-of-band update. This is unusual as Microsoft rarely releases patches ahead of the usual once monthly Patch Tuesday. In this case the severity of the security hole has prompted them to wisely hurry the process along. This update is for XP and Vista although for Vista users it is not deemed critical. What the heck, do it anyway. If you have Windows Update all organized (as you should) you should be safe. If you are unsure if you already have the patch installed then go to Add/Remove Programs in the Control Panel, make sure the check box for show updates is checked:

and, when the list is finally displayed look for:

If it's not installed go back to the Control Panel and click on Security Center. Make sure all the settings for Windows Updates, your firewall and whatever anti-virus you use are all functioning as they should.

Adobe Flash Upgrade

Adobe has released version 10 of its flash player. This release addresses the so-called Clickjacking attacks where a user could be tricked into clicking a link that would send them to a rogue website. The new version 10 for Windows may be downloaded here.

Opera Upgraded to 9.60

Time time to visit http://www.opera.com and download the latest and greatest version 9.60 of the most secure browser.

Firefox Update Available

Get it while it's hot. This update fixes one bug: ‘’where users were unable to retrieve saved passwords or save new passwords‘’.

Yikes.

Click on ‘’Check for Updates‘’ from the Help menu to update and don't forget to restart Firefox for the update to take effect.

 

Facebook .zip attachment is Bad

People have been getting these fake Facebook 'Add Friends' emails.

The evil-doers attached .zip file contains, wait for it you plugs, a Trojan Horse. C'mon, steady, don't fall for that old trick.

Unless you are expecting an attachment don't accept it. Anti-virus blah blah updated frequently blah blah backup daily blah blah idiot, don't be an ;)

Post-it Passwords

One paragraph in a press report on the recent theft of works by artist Bill Reid astounded me:

"(Museum Director Anthony) Shelton said the heist was well organized: three Mexican Zapotec Indian gold-coloured necklaces, which were found despite being hidden in drawers, were the first items taken."

Folks . . . you just can't put your passwords on a sticky-note afixed to the underside of your keyboard! Got it?

Foxit Reader Security Upgrade

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades recent security holes. Please take the time to download the upgrade from here.

US Bound? Secure Your Electronics!

Famed security guru Bruce Schneier has a very imformative article in the UK's Guardian newspaper online. In it he reminds potential visitors to the United States that border agents can and will search through all of your electronic devices. Laptops, cell phones, PDA's, iPods, etc. are all likely targets. Read the whole article here.

Foxit Reader Upgrade Available

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades plug several security holes. Please take the time to download the upgrade from here.

Lessons Learned

It seems G-Archiver, a third-party tool for backing up Google's Gmail, was/is sending usernames and passwords back to evildoers. The lessons here are simple: Always check online to see if the software you are thinking of using is safe. A simple search should confirm if others have any concerns regarding security, privacy, function or usefulness. Secondly, consider trying open-source software when possible. Since these applications are constantly examined by users for problems you tend to be protected in part from hassles that effect proprietary applications.

RealPlayer Exploit

User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.

AOL AIM IM BUST

Clear as mud, eh? Internet Service Provider AOL has been informed that its IM client has a flaw that makes it possible for evil attackers to remotely execute malicious code on users computers. Those using Internet Explorer are especially vulnerable. Best practices? Try an alternative such as Pidgin (formerly GAIM).

Web 2.0 vs. Privacy Concerns

There is a growing concern that many of the more popular Web 2.0 applications such as Facebook.com or Myspace.com have more than their share of security holes. No doubt. Best practise? Don't give out data anywhere that could compromise your integrity (Nudie photos? Dope smokin' movies? Looking like a doofus?) or security (SIN, birthdate) unless you have faith in the recepient to keep it safe.

Mpack Intrusion Means Patch Often

Brian Krebs over at the Blog Security Fix has mentioned the availability of the Mpack hackers kit which allows anyone with cash to make serious intrusions into computers and networks. This kit works because folks don't patch all the software on their Windows machines in a timely fashion. If your Windows Operating System is secure but all the software you run is old and unpatched you are vulnerable to this threat. Best Practice? Click on the 'Secunia Software Inspector' icon over in the left column and let Secunia inform you what needs patching. Also sign up for email updates so Secunia can inform you when to re-run the test.