Archive for the Privacy Category

« Older Entries

Microsoft Fixit for Duqu 0 day exploit

By derek | Filed in browser, Exploits, Malware, microsoft, Phishing, Privacy, Security advice, Tips & Settings, Warnings and Alerts, Windows

Temporary fixit & workaround for 0 day exploit relating to duqu malware

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes”  http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments,  That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs  or websites not display correctly ( or even at all )  if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious

  • Open Internet Explorer
  • On the Tools menu, click Options and then click the Security tab.
  • Select Custom and click Settings.
  • Scroll to the Downloads section.
  • Change the Font Download setting from  Enable to Prompt
Share

June 2011 Adobe updates

By derek | Filed in adobe, browser, Exploits, Malware, Privacy, updates, Warnings and Alerts

As if you needed more updates this week…

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

RoboForm: Learn more...
Share

Microsoft is aware of nine fraudulent digital certificates issued by Comodo

By derek | Filed in browser, Exploits, firefox, Malware, microsoft, mozilla, Phishing, Privacy, Rogue Software, scams, Skype, updates, Warnings and Alerts

The full advisory can be found on the Web at: http://www.microsoft.com/technet/security/advisory/2524375.mspx.

===========================
SUMMARY
===========================
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Certificates for the following Web properties are affected:

• login.live.com
• mail.google.com
•www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375 (http://support.microsoft.com/kb/2524375).

Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.

===========================
RECOMMENDATIONS
===========================
Review Microsoft Security Advisory 2524375 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ), and links to additional resources. MSRA Security Partners who are experiencing issues believed to be related to the issues described in this advisory should contact us via e-mail or by calling 888-HELPSEC with your custom Access ID.

===========================
ADDITIONAL RESOURCES
===========================
• Microsoft Security Advisory 2524375 – Fraudulent Digital Certificates Could Allow Spoofing –http://www.microsoft.com/technet/security/advisory/2524375.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc

More details on Comodo blog

Share

The problem with the Prefetch function in Firefox and Chrome

By derek | Filed in browser, Chrome, Exploits, firefox, Privacy, Warnings and Alerts

Did you know that Firefox and Chrome both have a feature that fetches pages and links that it thinks you might be going to click on? This can slow down your computer and browsing dramatically. The majority of problems come up when using a search engine, particularly Google with its “preview function”.
The pre-fetch function in these browsers silently loads every link in the background and caches ( stores) the pages in your internet temporary files folder used by Firefox or Chrome. So far Internet Explorer has resisted the temptation to do this.
It also has another major problem when using security software that blocks dangerous or known malicious IP numbers or web addresses. You either get constant alerts about malicious pages attempting to infiltrate your computer or pop up warnings saying xxxx address or IP number has been blocked. Some security softwares will block you from the original page that you are attempting to visit because of the preloaded link to a potentially malicious site, that can lead to major problems with search engines. In 99% of the time, you have absolutely no intention of ever visisting that site, it is just Firefox or Chrome being helpful and preloading the pages for you Read the remainder of this entry »

Share
Tags: , , , ,

Another Microsoft Security Essentials scam

By derek | Filed in Antivirus, Malware, microsoft, Phishing, Privacy, Rogue Software, scams, Warnings and Alerts

Once again we need to warn you about a scam involving Microsoft Security Essentials
Security Essentials is a free Antivirus program from Microsoft available to any windows user with a validated copy of a supported desktop version of windows ( XP SP3, Vista SP2 Windows 7 ) You should only download it from the Microsoft Security Essentials website
The scammers have created a look a like site with links to download Security Essentials BUT following the links you have to create a membership with them & pay for the privilege of downloading free software. It is the same scam that I told you about in this post about Adobe Reader
This one appears to be a different bunch of scammers but with the same result. They will clear your credit card & sell all your details to anyone they can.
One malware researcher used their links to download Security Essentials & got a nasty trojan instead of the genuine program

Fake Microsoft Security Essentials site

If you read carefully, you see they do say in the tiny small print that MSE is a free program and you are paying for the benefit and convenience of downloading it from them instead of the approved free Microsoft site

We stress again that http://securityessentials-2011.com is a scam site that is trying to steal your money and is not to be trusted . Only download Microsoft Security Essentials direct from Microsoft

Share
Tags: , , , ,

Skype Update scam

By derek | Filed in Exploits, Malware, Phishing, Privacy, Rogue Software, scams, Skype, spam, Warnings and Alerts


Following on from my previous post, the scammers are also using Skype

Fake Skype website


The fake website looks like this and the membership page is exactly the same as shown previously

Skype email scam

Once again Don’t fall for it only only use the genuine Skype site to download skype & update it

Share
Tags: , , , ,

Adobe Reader Update Scam

By derek | Filed in adobe, Exploits, Malware, Phishing, Privacy, Rogue Software, scams, spam, Warnings and Alerts


There are about to be updates issued for Adobe reader to plug security holes and vulnerabilities. The scammers have jumped in on the act and are sending emails pretending to be from an Adobe update service.

Adobe PDF scam email

If you are foolish enough to follow the links then you end up on a scam site trying to sell you an unknown PDF reader, BUT the sting is that you don’t just download & try it or even buy it outright. Oh no ! you have to create a membership and give all your details before you even find out how much is being taken from your bank or credit card.


Don’t fall for it and only update Adobe reader from the official Adobe site, when the actual Update is released ( It is expected in Early October 2010)
Or of course use an alternative PDF reader of your choice, Just be aware that PDF vulnerabilities do affect all PDF readers and some might not get updated as quickly as others. Just because you use an alternative doesn’t mean that you are immune or safe from vulnerabilities in Adobe products

Share
Tags: , , , ,

The dangers of Freenet

By derek | Filed in Privacy, Uncategorized, Warnings and Alerts

I have had this bought to my attention & I feel it should be widely spread because I am very concerned that users might not understand what they are getting themselves into. Too many people think they can use Freenet in place of other P2P programs to share copyright files, music, movies etc and by using the anonymous behaviour of freenet they won’t or can’t be caught and punished for it.

Read the remainder of this entry »

RoboForm: Learn more...
Share

List of public DNS services

By derek | Filed in browser, Malware, Phishing, Privacy, Uncategorized

Until fairly recently, nobody bothered with changing their DNS server. Everybody used the ones provided by their ISP. Today, there are several providers worldwide that provide free public DNS service with additional features like  blocking known malware sites,  blocking known phishing sites, parental controls and some even say that their services are quicker and more  reliable.

Here are a  few of the  better known and more reliable ones . It's up to you to choose the one that has the  features or protection that you want.

You will  find instructions on  how to change DNS addresses on their webpages.

OpenDNS
208.67.222.222
208.67.220.220

Google Public DNS
8.8.8.8
8.8.4.4

Norton DNS (Symantec Corporation)
198.153.192.1
198.153.194.1

ScrubIT (ScrubDNS Inc.)
67.138.54.100
207.225.209.66

DNS Advantage (Neustar Inc)
156.154.70.1
156.154.71.1

Comodo Secure DNS (Comodo Security Solutions Inc.)
156.154.70.22
156.154.71.22

Share
Tags: , , , ,

Misleading Google adverts

By derek | Filed in browser, microsoft, Privacy, scams, Warnings and Alerts


Many of us in the security community are concerned about misleading adverts. This one in particular has started to make waves within the wider Technical support community. It is frequently displayed on blogs & forums offering free technical support and appears designed to fool a user into thinking that they are getting Microsoft Technical Support, when in fact the link goes to a site that makes you pay for help and assistance  that has absolutely no connection to Microsoft as a company
The advert below is the one in question. Click on it to get a full size image

We all understand that adverts are a necessity in todays world to defray costs in running a website and an occasional rogue or misleading advert will slip through. I use Google adsense here on this blog and hope that all the adverts will be honest and above board. All webmasters, blog owners and Forums admins do need to keep an eye open for such adverts. Google must take a high degree of responsibility and start to police its advertising system more closely and weed out these deliberately misleading adverts.

The Company Justanswer.com who publish the adverts should be ashamed of themselves and I ask all readers to avoid that company and any others that use such underhand tactics to drive vulnerable visitors to their site.

Share