We recently mentioned that you can point your router or browser to OpenDNS’s DNS servers to protect your computers from the DNS Poisoned Cache vulnerability brought to light by Dan Kaminsky. While many Internet Service Providers (ISPs) have patched their DNS servers, others have not yet done so.
There is another reason to consider OpenDNS, as you can use it as a free web-filtering service. How-To Geek posted a well-written tutorial describing this in detail.
What is Web Filtering? (more…)
Photo by Jeff Epp
If you’re going to donate your old PC or sell it, make sure you don’t leave any personal information on the hard drive. The open-source [free for personal use] DBAN (Darik’s Boot and Nuke) will completely and securely wipe your computer’s hard drive.
Another occasion to use DBAN is to completely destroy a virus. While this is a drastic measure, there are some cases when a computer can be infected with a virus so pesky that it can survive a hard drive format. In other words, if you’re dealing with a nasty virus and decide to simply format the drive and reinstall Windows, you might still be facing that virus after all that work. If you’re going to go to the trouble of reinstalling Windows, use DBAN to completely wipe the hard drive clean first.
Preparing Your DBAN Media (more…)
UPDATE: After Dan Kaminsky’s Blackhat presentation, Steve Friedl posted the specifics of the bug in An Illustrated Guide to the Kaminsky DNS Vulnerability.
As we mentioned last month, security researcher Dan Kaminsky discovered a serious exploit in the Domain Name Server (DNS) systems used by the thousands of internet service providers (ISPs).
- The good news: In an unprecedented cooperative effort, Mr. Kaminsky led a team of engineers from many vendors who secretly worked together to create patches to fix the exploit. The patches were simultaneously released in early July, 2008.
- The bad news: Since then, code that demonstrates how to take advantage of this exploit has been found “in the wild”
- The really bad news: Many ISPs still haven’t patched their DNS servers.
What Does This Mean to Me?
If your ISP’s DNS is not patched, and they are attacked using this exploit, you may unknowingly be redirected to a phishing site. For example, you may think you’re browsing to www.MyBank.com, but actually your browser is redirected to a look-alike site. If you enter your user name and password, these could be stolen, and the bad folks who created the look-alike site could access your account and wreak havoc.
What Can I Do? (more…)
Photo by: Ghirigori Baumann
An .ISO file is an “image,” containing the complete contents of a CD or DVD. It’s a common way that versions of Linux (or many of its variants) are released. For example, you might want to download a copy of F-Secure Rescue CD 3.00 so you can scan a hard drive for any malware.
Also, if you create a BartPE .ISO file as we discussed earlier in “Backup Your Hard drive Now – While You Still Have Time,” you’ll need a way to turn the .ISO into a bootable CD.
If you have Nero or a similar program, you can burn that image to a CD or DVD. Alternatively, you can use the free utility ImgBurn to do the same thing. (more…)
OK, we admit it. While we at PreparedPC.com don’t always live on the cutting edge, we did get googly-eyed when we read about the new features in WordPress 2.6.
After reading the Wordpress upgrade guide, we decided to make the leap. After backing up and carefully copying files to right places, and reactivating the plug-ins, we launched our browser and checked to make sure everything was OK.
It wasn’t. The categories that should have been listed on the sidebar were GONE!
No problem though, thanks to David Cumps. He ran into the exact same issue. He identified that a bug in the 2.6 upgrade script deleted the category descriptions from the WordPress database table wp_term_taxonomy. He also graciously wrote up specific instructions to fix the issue by manually updating the database table. This worked perfectly!
Now that the upgrade is behind us, we look forward to taking advantage of the new features to make the useful information on this site even prettier.
Takeaway: Software upgrades are never fun, especially when something breaks. Apparently this issue will be fixed in WordPress 2.6.1, so wait a little longer if you plan to upgrade.
Thank you again to David Cumps.
Just as your ears might be assaulted by someone’s foul mouth as you walk down the street, you might unwittingly come across some family un-friendly language on a web page. You may not browse to any overtly nasty sites, but on sites that allow unmoderated comments, some people might leave some profanity-laced prose.
The Profanity Filter for Firefox, a Greasemonkey script, can help by actually replacing foul words on web pages with “***”. It actually runs after the page loads, so the original page (including any profanity) is displayed on the screen momentarily before the script replaces any words.
JKDefrag is a freeware utility that handles that unglamorous but important task of defragmenting your hard drive(s). JKDefrag falls into that happy category of programs that handle a task better than Microsoft’s own utility for the job. Running JKDefrag is quite safe because it “hooks into” Windows’ defragmentation API (Application Programmer’s Interface), sending defragmentation requests to the operating system, so that Windows (not JKDefrag) does the actual work of moving files to the right area of the hard drive. (more…)
An emerging and intrusive technology may soon be coming to your ISP. Three companies, NebuAd, Front Porch and Phorm, are best-known for using deep packet inspection of ISPs’ user’s browsing habits as a way to present targeted advertising to users. Advertising on the web is nothing new, but the way these companies’ services work is something you should know about.
Basically, these companies, with the consent of ISPs, install an appliance into the ISP’s network. This device acts as a proxy: when you browse to a page, this proxy device intercepts your request, then inspects the content of the requested page for key words, and uses this information to present targeted ads to the user. (Steve Gibson goes into detail regarding how Phorm’s WebWise service gathers information in his Security Now! podcast #151.)
So with these companies’ devices placed inside of your ISP’s network, ISPs make money, and their customers’ surfing habits get analyzed.
As part of the most recent 2nd-Tuesday-of-the-month “patch Tuesday” (July 8, 2008), Microsoft released patches for Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008. Windows Vista (neither the 32- or 64-bit versions) is NOT affected. Windows 2000/XP users who are using ZoneAlarm could lose internet connectivity after applying the patch. Read ZoneAlarm’s press release about that here.
(This patch does require a reboot.)
For specific information, read Microsoft Security Bulletin MS08-037 and Knowledge Base Article 953230.
DNS (Domain Name System) translates “friendly” site names (like preparedpc.com) into numeric addresses used by the internet computers. The problem: a basic flaw in unpatched DNS installations (more…)
It’s important to backup your files, but you may be inadvertantly storing and backing up multiple copies of files on your hard drive. You might forget that you have another copy of a video clip or MP3 file somewhere else on your hard drive, and duplicate folders of photos from Aunt Myrtle’s 75th birthday party (no offense to Aunt Myrtle!).
Big Bang Enterprises’ DoubleKiller will allow you to quickly identify and remove those duplicate files. The free version allows you to specify whether DoubleKiller scans for files based on file name, size and date. According to Big Bang, the pay version, DoubleKiller Pro runs at least 70 times faster, can be run from a command line, and offers advanced comparison options not available in the free version. (more…)