The idea behind this page is to highlight events or items that are, as the title suggests, in the news. With age these articles will be discarded or incorporated into a different page on this site.
11/07/2008 - Following up on our previous entry about the CD copy protection software SecuRom,
we did find both Windows registry entries and files in the Windows\System32 directory. This
occured even though nothing else was installed. Due to reported problems caused by this Digital Rights
Management software, it was decided to remove all traces of SecuRom. For those wishing to do the same
be aware that any programs that you use that utilizes copy protection of SecuRom will not function
until SecuRom has again been installed. As this particular machine is used in a business,
SecuRom removal instructions at this location were followed for removal.
11/04/2008 - One of our best customers recently became interested in selling products on
E-Bay. Having seen the TV commercials for the Video Professor touting their "Sell On E-Bay"
courses, our client ordered the CD course. To lower the risk of lawsuits initiated by the
Video Professor company, which started a suite involving a large number of anonymous critics,
I want to state out front that this is not a criticism of Video Professor products or practices.
Plenty of those can be found on the Internet with a minimum of searching. The subject of this
entry is the Copy Protection scheme employed on the CDs that contain the courses, namely
SecuRom, which is not a product or service of the Video Professor but is Digital Rights Management
software developed by Sony DADC. Those who follow security issues will remember the class
action law suite brought against Sony for the use of "rootkit technology" in its DRM software.
Those interested can get the details from the Security Now! net cast episodes #9 and #12 at
grc.com. Since then it has been reported that Sony has continued use of this technology in
their DRM software. At this point we don't know for sure that these CDs installed anything
of this nature, but we will be checking to make sure that it didn't. A simple search for
SecuRom will turn up plenty of results which indicate that SecuRom is something that you
do not want on your computer.
10/18/2008 - It has been reported that a spam letter has been circulating lately containing
a reference to Microsoft updates. Beware, this is a scam! Microsoft does not use
email for Windows update distribution.
Another item which may be of interest to computer
users is the bugged credit card readers in Europe which were used to steal 50 - 100 million
dollars through the use of wireless technology.
Firefox browser users that like the security provided by Add-Ons such as NoScript may be
delighted to know that there is an additional add-on called CSRF Protector. This add-on
protects the user from certain Cross Site Request Forgery attacks. Computer users can increase
their security no matter which browser they use by simply clicking the log out button before
leaving sites to which they have logged on.
09/12/2008 - By now most are well aware of the second Tuesday Windows updates. Several were
distributed this month, which included Service Pack 1 for Vista. For those that follow my
advice and use the Tea Timer tool in SpyBot Search & Destroy to monitor their processes
and registry, be aware that Tea Timer may interfere with the installation of Service Pack 1
even though it has little to no affect on regular Windows updates. I suggest that you turn
this feature off until after Service Pack 1 for Vista is finished installing. For those that
need instructions for turning this feature on and off, you will find this covered in the
Tea Timer article on this site. With Tea Timer
turned off for the Service Pack 1 installation, perhaps you won't have the troubles I had.
Remember to turn Tea Timer back on when finished installing Service Pack 1. Don't worry
about paranoia because the bad guys out there ARE out to get us.
08/01/2008 - The month of July brought the most feared security issue to reality, DNS cache
poisoning. The alarm first went up early in the year 2005. Since then, other vulnerabilities
in the DNS system have been found and the "proof of concept" details released via the web.
This made it just a matter of time before exploits of these vulnerabilities started showing up.
The DNS cache, in principle, works similarly to the Hosts file on your own computer making
our page on the Hosts File a good source for
background reading to understand the severity of this problem. This news article on SecurityFocus.com
gives a few details of an actual exploit of DNS cache poisoning:
Poisoned DNS servers pop up as
ISPs patch
To set your mind at ease you can test your ISPs DNS for this security flaw with several online
test sites. One such site that is easy to use can be found at
Doxpara.com
Please note that this is not a Windows PC only problem but affects Apple OS and Linux OS users
as well.
Be careful out there folks.
05/24/2008 - Secunia's PSI program (Personal Software Inspector) has become the newest entry
on this site's Recommended Utilities page. This
program also represents an extra level of computer security. Individuals with broadband Internet
connections that have been listening regularly to the Security Now net cast will already know about
PSI. Due to the constraints of dial up Internet connections, the Security Now mp3s are acquired
from grc.com one day after the original airing of the net cast. As a result, there is a delay
in reporting info garnered from this source.
03/16/2008 - The link list of resource sites on our security page has been updated. Several
sites have been added to the list. An interesting bit of news has surfaced recently that
illustrates the vicious ongoing battle in security. A company designed a machine that could
reassemble shredded documents including those documents that had been shredded by the crosscut
shredders available. As a result, shredder manufacturers are attempting to thwart this
by adding water reservoirs. Theoretically, adding water to the shredder output turns it to
pulp making document shredder waste unusable for anything but Paper Mache.
03/11/2008 - Telephone customers beware, cramming appears to be on the rise once more. Cramming
is the practice of adding phony and/or inflated charges to your phone
bill and is most often done through a billing clearinghouse. Often as not these charges are
overlooked by the consumer and the scammers walk away with a fortune. While repairing a
clients Quickbooks file recently, we found such an item on their phone bill. The charge was
placed on the phone bill by ILD Teleservices. A web search for this company will return not
only their web site ildtelecom.com but also a vast number of complaints against them from
individual telephone customer all around the country. Be sure to check your phone bill for
charges under the heading of charges from other companies.
02/21/2008 - One of the major routes used to invade our computers these days is the
use of so called rouge programs. These have been mentioned on our
Security Page but the warning there
was not nearly strong enough. On a routine visit, AntiSpyware Shield and Virusheat
were found on a customers computer. A simple web search proved both to be "rouge
programs". Historically, these rouges masqueraded as anti-spyware programs. These
days they pass themselves off as anti-virus programs and drive cleaners. The worse of the
two rouges mentioned is Virusheat. The author of this piece of nastiness has managed
to have it marked as "Safe" and is loaded when booting into "Safe Mode",
making it nearly impossible to remove.
02/18/2008 - Virus warnings sent via email have been circulated by computer users for
nearly as long as there have been computer virii. This was brought to my attention by
a warning my wife recently received in her "Inbox". This one warned of an "Olympic Torch"
email attachment that when opened would "burn the whole hard disk C of your computer"
and that there was as yet no protection from this attack. This particular warning included
a link to
Postcard
on Snopes.com. On clicking this link, most people will see at the top of the page
Status: Real virus and immediately pass the warning on to their friends. When the
entire article is read, however, you will find that "Postcard" does not match the description
in the warning. Instead of erasing your hard drive, a worm is downloaded to your computer
that exploits a "remote code execution" vulnerability to recruit your computer into
a denial of service bot army. The article also states that this attack was started in June
of 2007 and that "Generally, only unpatched Windows-based systems are vulnerable". Toward
the end of the article, a note is posted advising to not confuse this real virus with the
"Virtual Card for You" hoax and includes the link to
Invitation,
which would have been in the warning had the sender read the entire article. The description
on this page matches the email almost word for word. On the other hand had the sender
actually read the Snopes pages, the first thing the sender would have noticed is the
second line of the page "Status: Hoax". A little extra research on the part
of the computer user will, in cases similar to this, decrease the burden of our overworked email system.
02/17/2008 - Last week was a big week for updates. February 12 was the second Tuesday
of the month and Microsoft released several major critical updates for Windows and
Internet Explorer.
- It was reported that Apple released a major update for their OS.
- A few weeks ago, a vulnerability was found in Adobe Reader, which has since been patched.
This vulnerability is now being exploited. It is advised that you update your Adobe Reader
as soon as possible.
- Individuals that use Skype should be aware that a patch has
been made available that fixes some potential vulnerabilities.
- Security
experts have deemed Yahoo's Music Jukebox as unsafe to use due to unpatched flaws
in the ActiveX controls used by this program.
02/04/2008 - Once again the
Security Now!
net cast team has brought to public attention a major security breakthrough. This talk
covered the Microsoft release of Windows SteadyState, which is a replacement for the
Shared Computer Toolkit. According to the net cast, Windows SteadyState, which was designed
to make life easier for those with shared access computers, is also a very good security
tool. More details can be found on our
Windows SteadyState page.
01/31/2008 - We have noticed some activity with the advertising links we have been using.
This activity has been in the area of security for UFDs. To be even more precise RTS
Software.
We have been examining the traffic patterns with the intent of thinning out some of the ads. The wide range of interest shown makes it difficult to decide what to cut and what to keep. It may be necessary to change our weeding criteria, after a few more months.
01/19/2008 - It has been a common practice for the bad guys to wait until "Patch Tuesday"
until turning loose new malware. Evidently, the bad guys spent the Holidays getting these
things ready because there is a multitude of new ones showing up this month. First,
users that connect to the Internet through a router are no longer as secure if they haven't
disabled the router's Universal Plug and Play feature. An attack on this feature using Flash
can initiate LAN(Local Area Network) traffic and/or expose open computer ports to
the Internet.
A new Trojan Horse program was discovered by Sunbelt Software, the makers of the Kerio Personal Firewall and other security software. This bug locks up your computer and provides a "900" phone number to call in order to return control of your computer to you. According to security sources, the user of the infected computer ends up paying $35.00 to get computer use restored.
Fortunately, several of the other new bugs exploit vulnerabilities that have already been patched. Therefore, those that have kept there Windows installation current will be immune to these exploits.
"Proof of Concept" code has been released that demonstrates how to exploit a vulnerability in "Quick Time" to execute code. Depending on the design of the bug this vulnerability can infect a Windows PC or an Apple computer. It may be a busy year for the computer security segment of the computer industry.
01/15/2008 - This second post of the year is to give warning about a vulnerability
that was patched by Microsoft on January 8th. This was a low level buffer overflow
vulnerability that allowed remote code execution in the TCP/IP stack. An attack on this
particular vulnerability in the IGMP protocol is not blocked by Windows built in
firewall. Therefore it would be highly advisable to run this update even if you are
connecting to the Internet via a NAT router that can block this attack. The MLD protocol
was also patched but hasn't been assigned the importance that the other patch has been
given.
Another security concern has been discovered in "the wild" (it already exists). This concern
is a stealth MBR (Master Boot Record) rootkit, which patches the Windows kernel on the fly
to install the rootkit while Windows is starting.
01/02/2008 - The site modifications started in October have been completed for a
long enough period of time to give us some data with which to work. There has been
a significant increase in the number of pages being visited while the number of
visitors seems to have remained in line with the number of visitors prior to our
web site make over. While analyzing our web logs we noticed a few other things you
may find interesting. After the November Microsoft updates, the IE7 Runonce problem
resurfaced after a short absence among web searches. Even though the IE7 was
included in the November updates, there still appears to be a hefty number of people
using IE6 and Firefox easily takes the number 3 spot. While Windows XP still has
the lions share of users, Windows Vista is rapidly gaining in spite of the negative
remarks about Vista one can find on the web. At any rate, the web site redesign
seems to be doing the job we hoped it would do.
Microsoft, Microsoft Office, Windows, Windows XP and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other names have been included in the above text that are trademarks of the respective companies.
