Warnings and Alerts Archive

« Older Entries

Unsecured wireless networks can get you into serious trouble

By derek | Filed in Privacy, Security advice, Tips & Settings, Warnings and Alerts

 

A federal lawsuit filed by Liberty Media Holdings – a San Diego adult content company – promises to keep the lawyers and copyright experts busy in the months ahead. The lawsuit – which accuses around 50 individuals of using their Internet connection, or allowing their connection to be used by a third party to file-share an adult movie – is interesting because it will test whether people who leave their wireless network on open access can be held liable if a third party uses it to download copyrighted content.

 A growing number of businesses are now offering guest access to their company network for site visitors and contractors. This is acceptable if the access is controlled through the use of a password and audit logging system – complete with acceptable usage policies – but many companies avoid the cost of these controls by simply opening up their wireless network on a password-free basis. Although this saves a few dollars a month on subscription fees, it is a very dangerous game because the legal liability risks are quite high.

 This will likely be a test case about the wider use of unsecured wireless networks & could have wide reaching Implications for all of us, not just US based members but worldwide as other legal authorities follow or adopt the  likely US outcome

 Will this end up stopping city wide free wireless or “free” hotspots that don’t ask for user name & password to connect. Could it further go down to the Average clueless user who leaves his/her home wireless unsecured or lets his friend or neighbour connect (without putting explicit restrictions on what that guest can do on the network), even though that is against the majority of ISPs T&C

 http://www.infosecurity-magazine.com/view/24809/comment-businesses-need-to-wake-up-to-open-wireless-access-risks/

RoboForm: Learn more...
Share
Be the first to comment

Adobe Flash player Update 27 March 2012

By derek | Filed in adobe, browser, Chrome, Exploits, firefox, Malware, Security advice, updates, Warnings and Alerts, Windows

There seems to have been a security update to 11.2.202.228 but I can find no release notes or information why the update has been issued except general gossip to say to fix undisclosed vulnerabilities

Some users have reported problems with installing the update via adobe web based install so an alternative method is to use the full installers on http://www.adobe.com/products/flashplayer/distribution3.html

I understand that some antiviruses including Eset/Nod have conflicts with the adobe web based installer

Edit:
details here
http://forums.adobe.com/message/4296259

it isn’t a security fix but a whole new version of flashplayer with additional capabilities

Share
Be the first to comment

Microsoft Security Essentials Anti-Virus ( MSE) update problems

By derek | Filed in Antivirus, Malware, microsoft, Security advice, Tips & Settings, Warnings and Alerts, Windows

There have been problems with MSE ( Microsoft Security Essentials Anti-Virus) updating itself, either through the program or via Windows update the last 2 days. It will continually tell you that you are up to date when you are in fact several definition updates behind
Currently at 7 am GMT on 23 March 2012 the latest published definitions are 1.123.212.0
MSE or WU will only give 1.123.194.0
Yesterday it was 4 definition sets behind

The way to update is to do a manual update from http://www.microsoft.com/security/portal/definitions/howtomse.aspx

Share
2 Comments so far. Join the Conversation
Tags: ,

Make sure your Java is up to date

By derek | Filed in browser, Exploits, Java, Malware, Security advice, updates, Warnings and Alerts

 

Public Java Exploit Amps Up Threat Level — Krebs on Security:
http://krebsonsecurity.com/2011/11/public-java-exploit-amps-up-threat-level/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

“An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and Linux systems.”

“The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.”

 

Share

Microsoft Fixit for Duqu 0 day exploit

By derek | Filed in browser, Exploits, Malware, microsoft, Phishing, Privacy, Security advice, Tips & Settings, Warnings and Alerts, Windows

Temporary fixit & workaround for 0 day exploit relating to duqu malware

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes”  http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments,  That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs  or websites not display correctly ( or even at all )  if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious

  • Open Internet Explorer
  • On the Tools menu, click Options and then click the Security tab.
  • Select Custom and click Settings.
  • Scroll to the Downloads section.
  • Change the Font Download setting from  Enable to Prompt
RoboForm: Learn more...
Share

new Fake AV techniques

By derek | Filed in Antivirus, Exploits, Malware, Rogue Software, Security advice, Warnings and Alerts

http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html

once you get past the colourful language from the analyst, it is a very good read & shows what we are up against. Please forgive any errors in language as he doesn’t have English as a first language

This particular one has the ability to replace your existing antivirus with itself & make you think that you are still protected when you aren’t and it installs Zero access rootkit

This is definitely something to watch out for

 

Share

June 2011 Adobe updates

By derek | Filed in adobe, browser, Exploits, Malware, Privacy, updates, Warnings and Alerts

As if you needed more updates this week…

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

Share

Another new URGENT Adobe flash security update

By derek | Filed in adobe, Apple, browser, Chrome, Exploits, firefox, Malware, microsoft, mozilla, updates, Warnings and Alerts

http://www.adobe.com/support/security/bulletins/apsb11-13.html
An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX). Adobe expects to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

Adobe is still investigating the impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems. Adobe is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

Share

Cybercriminals Hoping You’ll Bite iPhone 5 Bait

By derek | Filed in Apple, browser, Exploits, Iphone, Malware, Phishing, Rogue Software, scams, Warnings and Alerts

Online criminals know there are enough gadget hounds out there to make a scam surrounding any shiny new Apple device a surefire moneymaker. To that end, they’ve already begun sending out phishing emails for the iPhone 5.

The phishing emails appear to be official emails from Apple.com, with the title “Finally. The amazing iPhone 5. Now available in black edition.” The body of the message shows a hand holding a transparent iPhone, followed by an enticing offer to “check it out,” according to MacRumors.

Although there’s been much speculation about the next generation iPhone, Apple has not set a release date for it. In fact, Apple hasn’t even announced it yet, but that isn’t stopping this cleverly crafted Mac-themed scam from spreading.

So what are you checking out when you click the link to see the new iPhone 5?

You won’t receive any info about the smartphone, but you will enable a rigged Windows file to run malicious code on your computer. And you’ll also be taken to a phony Apple Web page that asks for your Apple ID and other sensitive information.

Apple announces new products, especially ones of this magnitude, in highly publicized press conferences. So if you receive an unsolicited email purporting to have information about the new iPhone 5, ignore it, DELETE IT WITHOUT EVEN READING IT.

story from: http://www.securitynewsdaily.com/cybercriminals-hoping-youll-bite-iphone-5-bait-0813/

This malware is quite well detected by many antivirus companies, but not all. It is a fairly standard Zapchast IRC trojan that will attempt to download lots of other crap & malware to your computer.

It also appears to try to  perform a DDOS flood attack against several other competing Mirc users and channels to block their channels, so no doubt will turn out to be connected to the typical fake AV scams and stealing your money

Share
Tags: , , , , , ,

A Different approach to scam phishing

By derek | Filed in Phishing, scams, Warnings and Alerts
I wonder how effective the phishers will be sending this to countless people.
I doubt that there are enough Irish speakers/readers in the world to make it worthwhile
Translated it says
Dear Applicant:
We have noticed that you are entitled to a refund amount 361.43
Complete the tax refund 24h: Tax Return Form 2011
Thanks,
Irish Revenue

Irish revenue scam

 

I have received 5 of these in the last hour. 2 from chinese servers but 3 from different domains on Fasthost.co.uk servers. It looks to me that either fasthosts have been hacked again or they have open relays on their servers allowing bots & phishers to relay through them

 

 

Share