Better Safe Than Sorry

Patching Mania!

Your Windows machine has many, many third-party software applications: Adobe Reader, Apple Quicktime, Google Picasa, Java, Realplayer, Winamp, etc. Heck, even Microsoft has a pile of applications seperate from its OS: Think Media Player, .NET framework, Siverlight, MS Office, etc.

I have in excess of 175 programs!

So, is there an easy way to ensure you 'puter has all the most current (meaning secure) versions of all these applications? Try Secunia Personal Software Inspector.

The first steps include PSI inspecting your entire system for outdated, insecure applications:

Hopefully the result will look like this:

If it does not, well, you have some patching to do. Secunia PSI offers links to the latest versions so manually starting a download is easy. Once patched Secunia PSI stays in the background to monitor your system. If applications upgrade themselves (many do) it will let you know:

So, I strongly advise those of you who wish to be more secure to download and run this well thought piece of software goodness!

Third-party apps create insecure Facebook

Popular social networking site Facebook has exposed users to phishing attacks that use already hacked accounts to contact friends. Links presented to users lead to look-alike pages not associated with Facebook that may hold any one of 11 rogue scripts (and counting) that do bad things. Trendmicro has details here.

Until facebook tightens up the ship now heading for the shoals be very careful about using third-party apps. Yes, that means a large chunk of facebook, sorry. Do this . . . no, seriously . . . and facebook will adapt or die. Now if Leafs fans would just do the same.

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Facebook Privacy

Check out the handy list of 10 Privacy Settings Every Facebook User Should Know by Nick O'Neill on February 2nd, 2009 at: http://www.allfacebook.com/2009/02/facebook-privacy/

Facebook Botnet Proof of Concept

An application was recently created for Facebook called ‘’Photo of the Day‘’ that displayed a new photo from National Geographic every day. What users were unaware of was that the app turned their PC into part of a botnet that launched a denial-of-service attack on a targeted server. The server was one owned by the creators so no one was harmed but as a concept its frightening.

These co-opted PC's could be used to spread malware, trojans, etc. and are a direct threat the many social nnetworking sites that are now all the rage.

So, always assume that any software, even those online, could be compromised. One of the best ways to protect yourself is to use Firefox browser with the No-script add-on. This would likely have informed users that something weird was up.

OpenDNS Updater Triggering AV Alerts

If you use AVG Anti-virus you may have had it warn you that opendns updater.exe is infected with a trojan horse. This appears to be false. Update your AVG client and see if it continues to report an infection.

If the built in heuristic routines still report a problem you can stop AVG from complaining by:

1. Right-click on AVG icon located in taskbar and open the AVG User Interface
2. Choose Tools, Advanced Options
3. Highlight PUP Exceptions
4. Click add exception
5. Browse to the opendns updater.exe file, select it and click ok
6. Close AVG

If AVG has already quarantined your opendns updater.exe file:

1. Right-click on AVG icon located in taskbar and open the AVG User Interface
2. Choose History, Virus Vault
3. Highlight the entry containing opendns updater.exe
4. Click the Restore button, then click OK
5. Close AVG

Your system should now work - if the OpenDNS icon is complaining right click on the OpenDNS Updater icon in the taskbar:



Left click on Run Update, the result should be:



Also left click on Check Version, the result should be:



For assistance please click the Crossloop icon to the left at the bottom of the sidebar.

Secunia Software Inspector online

Ever wonder if your software is up to date? Secunia has the launched an online advisor of sorts. The inspection (quick and basic or slower but thorough) checks most common applications on your Windows system and reports if they are in need of upgrading. The easy to understand display even gives you links and instructions to complete the upgrade. This excellent online application from Secunia is here: http://secunia.com/software_inspector/