Your PC. Prepared for Anything.
Web Browsing
Web Browsing
No Longer Using Internet Explorer? Lock It Down!
Mar 4th
Unless you live in the European Union, your Windows computer will have Internet Explorer installed.
Maybe you no longer use Internet Explorer for browsing, and have moved on to a more security-conscious browser like Chrome or Firefox? You’ll still need IE, or rather, Windows needs IE for downloading patches. Also, programs like Microsoft Outlook are closely integrated with IE, so they need access to it as well.
The Problem
IE, by default, allows scripts on web pages you visit to execute. Most of the time, these scripts do something useful, but too often, a malicious script can install spyware or do something else nasty on your computer. Microsoft continues to be fairly diligent in fixing these issues as they’re discovered, but the big problem is when malicious scripts execute on unpatched computers.
The Solution
Steve Gibson, on a recent Security Now! podcast, shows us how to lock down IE so it still does what we need it to do, but essentially turn off scripting. This can protect you from the next IE security vulnerability.
Here’s how to lock down IE: More >
Weekly Round-up 2009-09-12
Sep 11th
A quick run-down of posts and tweets from the past week:
Untangle for Windows-Free Unified Threat Management for the Rest of Us – We posted about Untangle for Windows, a free download of an open-source based Unified Threat Management suite. The Linux-based version of Untangle is very stable and mature, and Untangle for Windows, though it is beta software, shows great promise. We will be detailing our experiences with Untangle for Windows in an upcoming post.
Windows 7: How to Reset the Recycle Bin – In Windows 7, a corrupted recycle bin can prevent you from deleting files or emptying the recycle bin. Tech-recipes.com shows us how to fix this issue.
WordPress 2.8.4 – Lorelle warns us that a security vulnerability in all pre-2.8.4 version of WordPress (used for self-hosted blogs, as opposed to WordPress.com blogs) is being actively exploited. Upgrade now to close that security hole.
GeoChirp – GeoChirp is a Twitter/Google Maps mash-up that shows what your neighbors (as identified by your and their IP addresses) are tweeting.
Keeps those comments and questions coming. We appreciate them!
Untangle for Windows – Free Unified Threat Management For the Rest of Us!
Sep 4th
The skinny: Untangle for Windows is a free way to protect your home/small office network (up to 10 computers). It leverages open source software to give you advanced control of your network that until recently was only affordable to larger corporations. Its features are impressive, especially for a free download.
Unified Threat Management (UTM) software is a fancy name for a collection of dedicated software (or a hardware appliance) that work together to protect a network by providing for example, virus protection and web filtering.
Years ago, UTMs were only available as hardware appliances which were installed in a server rack in a data center. More recently, software UTMs were released by companies like Endian and Astaro and Untangle that can run on PCs. These software UTMs require a dedicated computer. More >
Bogus Firefox Add-on Poses As Flash Player
Aug 30th
“Adobe Flash Player 0.2″ is not what it seems. It has been posted on various forum sites. Unsuspecting Firefox users who have installed this (assuming that it’s gotten past your anti-virus/anti-spyware software) find themselves infected. (To check, in the Firefox menu, choose Tools > Add-ons and look for “Adobe Flash Player 0.2″).
This bogus add-on injects its own advertisements along with Google’s ads. In addition, it can also monitor the results from a user’s Google queries, which it sends to a special website. This is another reason to consider using Startpage.com for your web searches.
As always, keep your anti-virus/anti-malware software updated, and only obtain add-ons from legitimate sites. Read more at Trendmicro’s blog.
Phony “Blue Screen of Death” Attempts to Scare You into Spending $39
Aug 4th
The same mean folks who brought us the rogue anti-spyware product “Winweb Security 2008” have developed another bogus “product” called SystemSecurity.
Their latest attempt trick is to you is by simulating a “blue screen of death” using a browser window. They place a DOS-like red alert box over the blue screen, giving you the option to “fix” your computer’s “security issues.”
Don’t fall for it! Check the screenshot from Sunbelt Software’s blog entry below. Clearly, this fake BSOD is displayed in a browser. It could be a little harder to detect if the browser was in kiosk (full-screen) mode, but pressing Ctrl+Alt+Delete should show you whether you’re truly experiencing an operating system crash, or a cleverly-designed scam attempt.
ht: Sunbelt Blog
Adobe Flash Player, AIR, Acrobat and Reader – Update Now
Aug 3rd
From Adobe’s recent security advisory, last updated on 31 July 2009:
A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
Adobe is considering this a critical update, considering that an unpatched computer could be taken over.
To Patch
Check the “Solution” section of Adobe’s Security Bulletin for specific download links for updated versions Flash Player, AIR, Acrobat and Reader software.
NOTE 1: If you are using Internet Explorer AND another, plug-in based browser (such as Firefox or Opera), run the “About Flash” check for each browser.
NOTE 2: Internet Explorer users, if you upgrade the Flash Player, by default, you will be prompted to install the Google toolbar, bu you may uncheck this option.
In-Session Phishing – Keep Your Guard Up!
Jan 15th
By now, most people know about phishing emails. You know, those messages made to look like they are from banks and other financial institutions, sent out in the hope that someone will click on the phony link and enter their username and password?
A recent threat to watch out for is called “in session phishing.” The research firm Trusteer recently published an advisory which warns against an exploit that could be used to trick you into giving away the user name and password for your web-based financial site.
How In Session Phishing Works
First, the financial website must be compromised. A hacker needs to upload their malicious code to the site’s server. Unfortunately, with the number of unpatched web servers, there is a real possibility that a website can be hacked.
The second part of the attack takes place as a customer accesses their financial institution’s site, logging on normally to a secure session. So far, so good. The problem happens when the computer user, still logged into that website, opens another tab, perhaps to visit another website. At that point, a JavaScript function, used by the most popular browsers to determine if the user is logged in, is called from the hacked website. If the browser responds “yes,” the browser displays a phony, but convincing “Your session for ABC Bank has timed out. Please enter your user name and password to continue” message. If the user enters their information, their user name and password can be stolen–bad news, indeed!
How Can I Protect Myself?
Besides the basics of keeping your computer patched with the latest updates, and keeping your antivirus software up-to-date, protect yourself by simply knowing whether you are still logged in to your financial website (or finish your business, then log out). This is the electronic equivalent of knowing whether someone is standing behind you at an ATM machine, watching you enter your PIN.
Stay vigilant so that you can stay ahead of the bad folks who hope to trick you out of your identity. Your online financial accounts may depend on it.
Photo: Vince Alongi
Sandboxie – Laugh (Cautiously) at the Next Browser Vulnerability
Dec 25th
What’s a Windows user to do? Between the most recent zero-day exploit to affect Internet Explorer and Mozilla Firefox recently named as the most vulnerable application on the Windows platform, even with all Windows updates installed, virus protection and the current version of your browser, you can still end up with a nasty malware infection.
That’s exactly what inspired developer Ronen Tzur several years ago. He wrote an application called Sandboxie which protects your computer by using the “sandbox” concept. Basically, More >
Adobe’s Workaround for “Clickjacking” Issue, and What You Can Do Now
Oct 15th
UPDATE: Adobe released Flash Player 10.0.12.36. Look-wise, it’s an improvement. Take a look at the 3-D effects that Flash Player 10 supports at Alternativa’s demo site.
New versions usually mean new vulnerabilities. Protect yourself with Firefox + the NoScript add-on.
———————————————————————————————-
Adobe recently acknowledged a critical issue with its Flash Player. Named “clickjacking,” this occurs when a user visits a legitimate site, then clicks on a link or Flash content on the site. But actually, they are clicking on an invisible control (perhaps a button) placed there by a malicious person.
Adobe considers this critical. Robert Hansen and Jeremiah Grossman, the researchers who discovered this vulnerability, will release specific details after Adobe fixes the issue.
In the meantime, Israeli researcher Guy Aharonovsky demonstrated how clickjacking can be used to reset Adobe Flash Player’s privacy settings, then surreptitiously turn on a computer’s microphone and webcam. Adobe published a workaround to protect users from this issue right now.
Adobe plans to release an updated Flash Player at the end of October, 2009. Be the first to know by signing up with Adobe’s security notification service.
A great way to protect yourself now is to use the Firefox browser with the add-ons Flashblock and/or NoScript. NoScript has recently been updated specifically to prevent clickjacking.
Photo: PiPiWa
Firefox Add-on|NoScript
Sep 18th
Since mid-August 2008, users have been reporting “malvertisements,” maliciously-designed Adobe Flash banner advertisements that copy text to the clipboard in Windows, Linux and Mac OS X.
While this “hijacking attack” does not infect computers directly, it copies the URL of a website offering bogus “security software.” Apparently the bad guys’ hope is that you would mistakenly paste their URL in an email to a friend, for example, to unwittingly trick someone to go to their website, putting your friend at risk of getting infected if they visit the bad guys’ site. More >