Chrome Remote Desktop BETA

Google Chrome browser now has an App that allows for easy, attended remote access. Both computers must be running Chrome but it is OS independent worling on Windows, Mac and Linux. It is in BETA so expect weirdness until the bugs are worked out. This App should put the fear of God in other remote access applications such as Crossloop but until it allows for unattended access like UltraVNC it has limitations. Of course, you need a Gmail account for this to work and that means another step on Google's march to Internet dominance.So, fire up Chrome and install the Chrome Remote Desktop BETA.

Disabling Facebook facial recognition

Recent changes by Facebook have enabled facial recognition - very nice - Google Picassa also has a great facial recognition component. That Facebook would turn it on by default, however, is a bad idea. Should you wish to disable this feature do this:

Login to Facebook and click "Account" in the upper right-hand corner of the page.

Click on "Privacy Settings."

Click on "Customize Settings."

Go to "Things others share."

Next to the option "Suggest photos of me to friends. When photos look like me, suggest my name," click "Edit Settings."

Click on "Edit Settings."

Change it to "Disabled."

Click "Okay."

Or go here http://www.sophos.com for more details and screencaps.

Adobe Flash Update

Time to update your Windows Adobe Flash player. Remember that each browser (Internet Explorer, Firefox, Opera, etc.) needs to be updated individually. Chrome (bless its heart) will update automagically. Go to http://get.adobe.com/flashplayer and follow the instructions to upgrade.

BrowserCheck

This Firefox add-on, which also works with other browsers such as Opera, Chrome and IE8, checks your installed browser plugins for outdated versions and allows you to easily download the newer version.

This security plugin to be a mini-Secunia PSI that just checks your plugins such as Adobe Flash, Shockwave Player and Quicktime. A very useful tool to do what normally is a very annoying job.

It is here: https://browsercheck.qualys.com

Firefox 4 Released

The latest and greatest Firefox, version 4.0, is being downloaded in some serious numbers.

Since Microsoft's Internet Explorer 9 is not available for XP users this is not surprising.

I'll stick to Firefox until I'm satisfied IE9 actually works.

Firefox has some nice features you might want to use:

Don't want websites to track you as you browse the web? You can enable this feature in Firefox 4:

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Select the Advanced panel and ensure the checkbox is checked for "Tell web sites I do not want be to tracked".

Click OK.

Want to clear the Recent History?

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Click History then "Clear Recent History".

Choose which settings you wish to delete and the time range and click "Clear Now".

Secunia PSI Broken

It appears Secunia PSI is having problems with users reporting that recent scan results show no results . . . or applications . . . hahahaha. This is too be expected from BETA products so no harm done unless there is a security hole in PSI itself. The forum users mention server problems not allowing for update information and/or file signatures. Stay tuned.

Facebook coughing up UID's

The online platform for farming, organized crime and poker . . . known in these here parts as Facebook, again finds itself on the wrong end of user privacy. It appears certain online apps (Farmville, etc) have been providing info that could allow evil-doers to reveal names, phone numbers, email addresses, photos and other personal bits.

I use Facebook but never play any games and check the privacy settings religiously to try and stay ahead of the inevitable security breach.

An excellent write up is here: http://mashable.com/2010/10/18/facebook-apps-leak-user-info/

Gmail Security Checklist

The safety conscious folks at Google have a new page that explains how to check your account to ensure your privacy level is adequate.

It is here: http://mail.google.com/support/bin/static.py?page=checklist.cs&tab=29488

Even if you think you are covered give this checklist a glance - you may well be surprised.

New Hotmail Account Recovery Tools

Microsoft has introduced two new features for use when you need to regain control of your Hotmail account(s). Good job, Bill!

First, “Trusted PC” links your Hotmail account with one or more of your physical PC's. Should you need to recover your cracked account it can be done by using one of these machines.

Second, Hotmail will send a secret code via SMS to your cell phone that can be used to reset the password of your cracked account.

So, if you still use Hotmail login to your account(s) and ensure it has all the details required to allow you to recover your account in the future because you know it wil happen.

Facebook Privacy Widget

This is a lovely Firefox Add-on that attempts to check and then offer to fix all your rogue Facebook settings. Krebs on Security reports on a study that found most of the Firefox crashes were do to crappy Facebook applications :(

Facebook IP Leak

It appears emails sent from facebook contain enough info that it is possible to geo-locate a sender The details are here.

Facebook f**k up

Oops. Facebook's new Open Graph API is leaking sez PC World. It's security breaches such as these that will cause problems because of the interrelationship between so many disparate applications and the general mass of users who never check settings. If people don't start taking security seriously before a problem develops the cost and effort to fix the problem could be very high indeed.

Palm Pre Security Hole

The recent Palm Pre OS has been found to have a major, glaring security gap because, since the browser is embedded into the OS, it's naturally vulnerable to various exploits (Javascript being the obvious one) making it a large target for evil-doers. A fix better come sooner rather than later to save the brand for the forseeable future. What were they thinking?

Third-party apps create insecure Facebook

Popular social networking site Facebook has exposed users to phishing attacks that use already hacked accounts to contact friends. Links presented to users lead to look-alike pages not associated with Facebook that may hold any one of 11 rogue scripts (and counting) that do bad things. Trendmicro has details here.

Until facebook tightens up the ship now heading for the shoals be very careful about using third-party apps. Yes, that means a large chunk of facebook, sorry. Do this . . . no, seriously . . . and facebook will adapt or die. Now if Leafs fans would just do the same.

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Facebook Privacy

Check out the handy list of 10 Privacy Settings Every Facebook User Should Know by Nick O'Neill on February 2nd, 2009 at: http://www.allfacebook.com/2009/02/facebook-privacy/

Facebook Botnet Proof of Concept

An application was recently created for Facebook called ‘’Photo of the Day‘’ that displayed a new photo from National Geographic every day. What users were unaware of was that the app turned their PC into part of a botnet that launched a denial-of-service attack on a targeted server. The server was one owned by the creators so no one was harmed but as a concept its frightening.

These co-opted PC's could be used to spread malware, trojans, etc. and are a direct threat the many social nnetworking sites that are now all the rage.

So, always assume that any software, even those online, could be compromised. One of the best ways to protect yourself is to use Firefox browser with the No-script add-on. This would likely have informed users that something weird was up.

OpenDNS Updater Triggering AV Alerts

If you use AVG Anti-virus you may have had it warn you that opendns updater.exe is infected with a trojan horse. This appears to be false. Update your AVG client and see if it continues to report an infection.

If the built in heuristic routines still report a problem you can stop AVG from complaining by:

1. Right-click on AVG icon located in taskbar and open the AVG User Interface
2. Choose Tools, Advanced Options
3. Highlight PUP Exceptions
4. Click add exception
5. Browse to the opendns updater.exe file, select it and click ok
6. Close AVG

If AVG has already quarantined your opendns updater.exe file:

1. Right-click on AVG icon located in taskbar and open the AVG User Interface
2. Choose History, Virus Vault
3. Highlight the entry containing opendns updater.exe
4. Click the Restore button, then click OK
5. Close AVG

Your system should now work - if the OpenDNS icon is complaining right click on the OpenDNS Updater icon in the taskbar:



Left click on Run Update, the result should be:



Also left click on Check Version, the result should be:



For assistance please click the Crossloop icon to the left at the bottom of the sidebar.

Secunia Software Inspector online

Ever wonder if your software is up to date? Secunia has the launched an online advisor of sorts. The inspection (quick and basic or slower but thorough) checks most common applications on your Windows system and reports if they are in need of upgrading. The easy to understand display even gives you links and instructions to complete the upgrade. This excellent online application from Secunia is here: http://secunia.com/software_inspector/