Archive for the Security advice Category

Make sure your Java is up to date

By derek | Filed in browser, Exploits, Java, Malware, Security advice, updates, Warnings and Alerts

 

Public Java Exploit Amps Up Threat Level — Krebs on Security:
http://krebsonsecurity.com/2011/11/public-java-exploit-amps-up-threat-level/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

“An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and Linux systems.”

“The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.”

 

Share

Microsoft Fixit for Duqu 0 day exploit

By derek | Filed in browser, Exploits, Malware, microsoft, Phishing, Privacy, Security advice, Tips & Settings, Warnings and Alerts, Windows

Temporary fixit & workaround for 0 day exploit relating to duqu malware

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes”  http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments,  That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs  or websites not display correctly ( or even at all )  if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious

  • Open Internet Explorer
  • On the Tools menu, click Options and then click the Security tab.
  • Select Custom and click Settings.
  • Scroll to the Downloads section.
  • Change the Font Download setting from  Enable to Prompt
RoboForm: Learn more...
Share

new Fake AV techniques

By derek | Filed in Antivirus, Exploits, Malware, Rogue Software, Security advice, Warnings and Alerts

http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html

once you get past the colourful language from the analyst, it is a very good read & shows what we are up against. Please forgive any errors in language as he doesn’t have English as a first language

This particular one has the ability to replace your existing antivirus with itself & make you think that you are still protected when you aren’t and it installs Zero access rootkit

This is definitely something to watch out for

 

Share

Using a standard User Account with high UAC settings in Windows 7

By derek | Filed in Security advice, Tips & Settings, Uncategorized, Windows

You should always use a standard user account in Windows 7 and Vista.  We know that in in ideal world, you would have created a standard user account and a separate Administrator account when you installed Windows. However we don't live in an ideal world and many new computers come with a default account already set up that has full Administrator permissions and access. This link will show you exactly how to create a new Administrator Account and demote your existing Admin Account to a standard user. Make sure you create the new Admin account before demoting your existing one.

When you are the only user on the computer, you can make life easier when starting up the computer, by setting windows not to ask for a user name and password when you log on and automatically log onto your everyday user account.  

Windows 7 and Windows Server 2008 R2 introduce additional User Account Control (UAC) settings that are similar to the Internet Explorer security zone model. If you are logged on as a local administrator, you can enable or disable UAC notifications, or choose when to be notified about changes to your computerWindows Vista only offers you two types of UAC settings: on and off. In Windows 7, you have more settings to choose from.

The default settings for Windows 7 are set too low and can allow you or anybody with access to the computer to accidentally allow malware to install or settings to be changed. This is especially true if you have children ( teenagers) who use the computer. I Strongly recommend that you always set UAC to the highest level Always notify. When you use this setting while also using a standard user account ( not an Administrators Account) then you will be protected from 99.9% of any attempt to install malware or change any settings on your computer without you knowing about it.

You should be aware that when you use a standard user account and have UAC set to any level except "Always Notify" and something attempts to install or change settings without you initiating it, Windows is designed to silently reject the changes. This behaviour is very good in a corporate environment when windows is locked down to stop any attempt at installing programs or changing settings, but causes so many problems in a typical home environment.

The advice below has been copied from http://support.microsoft.com/kb/975787

Adjusting UAC settings in Windows 7

To adjust the UAC settings in Windows 7:

1. Open User Account Control Settings, type UAC in the Start Search box, and then click Change User Account Control settings in the Control Panel window.

 
 

Open UAC

2. Move the slider to a desired notification setting, and then click OK.

 
 

UAC levels

There are four UAC settings that you can choose from:

  1. Always notify

    Select this setting if you:

    • Always want to be notified when programs try to install software or make changes to your computer
    • Make changes to Windows settings.
  2. Notify me only when programs try to make changes to my computer

    Select this setting if you:

    • Want to be notified only when programs try to make changes to your computer.
    • Don't want to be notified when you make changes to Windows settings.
  3. Notify me only when programs try to make changes to my computer (do not dim my desktop)

    Select this setting if you:

    • Want to be notified only when programs try to make changes to your computer without the desktop being dimmed.
    • Don't want to be notified when you make changes to Windows settings.
  4. Never notify (Disable UAC)

    Select this setting if you:

    • Never want to be notified when programs try to install software or make changes to your computer.
    • Never want to be notified when you make changes to Windows settings.

 

Share

Login Directly Into Windows 7 Without Entering a Username or Password

By derek | Filed in microsoft, Security advice, Tips & Settings, Windows

Every time Windows 7 is started it asks you to select the username and enter the password to access your system. There is no doubt that this is a very important security measure to stop other people using your computer or changing your settings, but what if you are the only user of your computer?

In windows 7, you can easily get rid of the login prompt window, go through the following steps to do it.

Go to Start and type netplwiz in the  Search box and hit Enter. The User Accounts dialogue box will be displayed as shown in following screenshot.

User Accounts screen

Now uncheck Users must a enter username and password to use this computer option and press OK. Thats all you need to do, now you will never see the login window again

Share