Your PC. Prepared for Anything.
Security and Privacy
Security and Privacy
August 11, 2009 – Next Microsoft Patch Tuesday, including 5 Critical Updates
Aug 8th
This “Microsoft Patch Tuesday” (incidentally, the latest a “Patch Tuesday” can occur because August, 2009 started on a Saturday) includes 9 updates, including 5 critical updates for Windows operating systems.
Most of the critical updates are related to the ATL (ATL or Active Template Library, which allows developers to write ActiveX controls). Windows users will want to be sure to install these updates to address this serious flaw.
Phony “Blue Screen of Death” Attempts to Scare You into Spending $39
Aug 4th
The same mean folks who brought us the rogue anti-spyware product “Winweb Security 2008” have developed another bogus “product” called SystemSecurity.
Their latest attempt trick is to you is by simulating a “blue screen of death” using a browser window. They place a DOS-like red alert box over the blue screen, giving you the option to “fix” your computer’s “security issues.”
Don’t fall for it! Check the screenshot from Sunbelt Software’s blog entry below. Clearly, this fake BSOD is displayed in a browser. It could be a little harder to detect if the browser was in kiosk (full-screen) mode, but pressing Ctrl+Alt+Delete should show you whether you’re truly experiencing an operating system crash, or a cleverly-designed scam attempt.
ht: Sunbelt Blog
Adobe Flash Player, AIR, Acrobat and Reader – Update Now
Aug 3rd
From Adobe’s recent security advisory, last updated on 31 July 2009:
A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
Adobe is considering this a critical update, considering that an unpatched computer could be taken over.
To Patch
Check the “Solution” section of Adobe’s Security Bulletin for specific download links for updated versions Flash Player, AIR, Acrobat and Reader software.
NOTE 1: If you are using Internet Explorer AND another, plug-in based browser (such as Firefox or Opera), run the “About Flash” check for each browser.
NOTE 2: Internet Explorer users, if you upgrade the Flash Player, by default, you will be prompted to install the Google toolbar, bu you may uncheck this option.
Vanish: Create Self-destructing Email and Posts
Jul 22nd
There is a lot of “space junk” (parts of old spacecraft, tools, etc.) currently orbiting the earth. Since it could be dangerous if any of these were to fall to earth, NASA handles this issue by actually keeping track of each piece floating out in space.
Similarly, there are a lot of things on the internet that have been “floating around” for years: email messages, Facebook wall posts, etc. Wouldn’t it be nice if there was some way to send or post these things, but have them disappear after a limited time?
University of Washington computer scientists have created a research prototype (read “use at your own risk”) called “Vanish” that is designed to give any data posted on the web a limited lifetime (at this point, 8 to 9 hours) before it becomes inacessible to anyone (including the person who posts the data).
To use Vanish, you’ll need to install both the Vanish system and the Firefox plugin, which requires Firefox 3 or better. Follow the steps here.
Once everything is installed, in Firefox, select the text you’d like to post for a limited time, right-click and choose the “Vanish” context-menu option. The Vanish software will create a PGP-like block of text which you can then send or post. Anyone who has access to this data (for example, an email recipient) who has the Vanish Firefox plug-in installed will be able to read the Vanish-encoded data during the 8- to 9-hour lifetime of the data. After that time, no one will be able to read the data.
Again, though Vanish is a research prototype, it is an interesting concept that data that normally would “live forever” in cyberspace would, in the words of the researchers themselves, “approximate the ephemeral nature of a phone call.” Keep an eye on Vanish. If it becomes a mature application, it could change the way we handle a certain part of our communications.
Sandboxie – Laugh (Cautiously) at the Next Browser Vulnerability
Dec 25th
What’s a Windows user to do? Between the most recent zero-day exploit to affect Internet Explorer and Mozilla Firefox recently named as the most vulnerable application on the Windows platform, even with all Windows updates installed, virus protection and the current version of your browser, you can still end up with a nasty malware infection.
That’s exactly what inspired developer Ronen Tzur several years ago. He wrote an application called Sandboxie which protects your computer by using the “sandbox” concept. Basically, More >
Patch Windows Now – Critical For Windows 2000 and XP
Oct 26th
Microsoft typically releases updates for Windows on the 2nd Tuesday of each month (aka Patch Tuesday), but this week, they released an important patch outside of their normal schedule.
The security bulletin describes the details. An issue with the “server service,” part of the Windows operating system, could allow your Windows computer to be taken over in a “worm attack” similar to the SQL Slammer attack that occurred in January, 2003.
This issue is considered “critical” for Windows 2000, XP and Server 2003 and “important” for Windows Vista and Server 2008. Check if your system is up-to-date at the Windows Update site.
What Every Computer User Must do Now – Round up your data
Oct 19th
Corporations have disaster recovery plans, and so should you. If you want to minimize your own computers’ downtime due to hard drive failure, operating system corruption (i.e. the “Blue Screen of Death”), and the like, there are a number of solutions that you can use that can help you get back up and running quickly. More >
Adobe’s Workaround for “Clickjacking” Issue, and What You Can Do Now
Oct 15th
UPDATE: Adobe released Flash Player 10.0.12.36. Look-wise, it’s an improvement. Take a look at the 3-D effects that Flash Player 10 supports at Alternativa’s demo site.
New versions usually mean new vulnerabilities. Protect yourself with Firefox + the NoScript add-on.
———————————————————————————————-
Adobe recently acknowledged a critical issue with its Flash Player. Named “clickjacking,” this occurs when a user visits a legitimate site, then clicks on a link or Flash content on the site. But actually, they are clicking on an invisible control (perhaps a button) placed there by a malicious person.
Adobe considers this critical. Robert Hansen and Jeremiah Grossman, the researchers who discovered this vulnerability, will release specific details after Adobe fixes the issue.
In the meantime, Israeli researcher Guy Aharonovsky demonstrated how clickjacking can be used to reset Adobe Flash Player’s privacy settings, then surreptitiously turn on a computer’s microphone and webcam. Adobe published a workaround to protect users from this issue right now.
Adobe plans to release an updated Flash Player at the end of October, 2009. Be the first to know by signing up with Adobe’s security notification service.
A great way to protect yourself now is to use the Firefox browser with the add-ons Flashblock and/or NoScript. NoScript has recently been updated specifically to prevent clickjacking.
Photo: PiPiWa
Gmail: Prevent those “Oh no!” moments with Mail Goggles
Oct 9th
We’ve all been there. You’ve hastily dashed off an email, then hit the “Send” button, only to feel the pangs of regret. You wrote something that you really didn’t want to say. But it’s too late–the damage is done. If only you could have a second chance to stop that email from going out… Well, you can!
If you’re a Microsoft Outlook user, you can set up a rule to defer sending your messages for a specified number of minutes. Whichever accounts you’ve configured Outlook to use can take advantage this feature.
If you enjoy using the access-anywhere convenience of Gmail’s web interface, you can enjoy a similar feature that will make you think twice (actually 5 times) before you can send an email.
Mail Goggles is a new experimental feature released by Google labs. Enable it after you log into your Gmail account by clicking on Settings > Labs, then scroll down till you see Mail Goggles listed)
Mail Goggles
Once you’ve enabled Mail Goggles, it is active by default on Fridays and Saturdays, from 10 PM to 4 AM. (You can adjust these settings at Settings > General.) During the times that it’s active, when attempting to send an email, you’ll be presented with 5 math problems that you must answer before the message can be sent.
If you’re a Gmail user looking for a way to help you consider if you really want to send that email (especially during certain time periods), consider enabling Mail Goggles.
Photo: Cooperis
LunarSoft’s Anti-Malware Toolkit: One-Click Download of Many Utilities
Oct 6th
If your family and friends turn to you for help, especially when their computer’s been infected, Lunarsoft can help you.
Their Anti-Malware Toolkit will download the latest versions of a suite of applications, definitions and utilities. Armed with this arsenal, you can be out the door and on your way to helping your friend in just a few moments.
You can find useful how-to information, such as which order to install and run these anti-malware applications, at the Lunarsoft PC Cleanup wiki.
A tiny download (394 KB for installer, a mere 60 KB for the zipped version), the Anti-Malware Toolkit can be a useful tool to have on hand before you answer your next distress call.
Photo: Holeymoon