Moving….

Please be advised, that I have moved.

Come and visit My Edible Earth at http://www.MyEdibleEarth.com for some more interesting tech and science news.

See ya’ there!!!

Highly Critical Exploit Found In Windows

Microsoft issued a new Security Advisory on Friday, July 16th regarding an old Windows vulnerability associated with shortcut icons.

This vulnerability, which is rated as ‘Highly Critical’ by Secunia, effects every version of Windows back to and including Windows 2000. This flaw even effects Windows 7 Service Pack 1 Beta and Windows Server 2008 R2, which were only released a couple weeks ago.

The flaw has been traced back to a flaw in the way Windows Shell parses shortcut files. This can enable malicious code to be executed, normally from a USB thumb drive or external media storage device, such as a CD or DVD. However it has been found that this flaw can be ran using malicious links in email as well as from malicious websites. Network Sharing and WebDav are also viable venues to exploit this flaw.

Shortcuts are links to actual files and uses the hidden .LNK extension. A specially crafted .LNK file needs to be parsed by Explorer, in Windows, for the exploit to work. The maliciously crafted file uses AutoPlay to execute the malicious code. Even if AutoPlay is disabled at it is in Windows 7 by default, this code is still able to run on a users computer. Users who are operating as an Administrator are most vulnerable to this flaw. If the exploit is successfully ran, it can enable a hacker to take over a users computer.

Although, in a blog post, Microsoft softened the severity of this flaw by stating that only ‘limited’ attacks have been occurring. However you can be sure that malicious hackers will be jumping on this real soon and more widespread attacks will be occurring. Microsoft stated that most attacks are occurring in Iran and Indonesia, and is related to malware known as the Stuxnet worm.

Hopefully, Microsoft will issue an ‘out-of sequence’ patch for this exploit, but as of now, they have only released a work around ‘fix it’ option which, for most will be more annoying than worrying about the exploit. It works by disabling all .LNK files. By using the ‘fix it’ option, all icons on the computer will default to the white rectangular blank icon. Microsoft also offers directions for a manual fix which is aimed more at IT professionals. Recently, however, even these work arounds have been found to not be completely effective at protecting infected systems. These work arounds only work on systems that are running Windows XP SP3, Server 2003, Vista, Server 2008, 7, and Server 2008 R2.

Being that this worm also effects older versions of Windows, such as Windows 2000, Windows XP, and Windows XP SP2, this exploit is even a more dangerous threat as these computer will NEVER receive a patch. Microsoft recently discontinued support for these operating systems. Being that there are a lot of machines operating that are still utilizing these softwares, this exploit can have far reaching and longer term effects.

This exploit has been around since the early days of Windows but has, only recently, been discovered. This is regarded as a ‘Zero Day’ flaw, which means that it was only discovered after it was actively being exploited in the ‘wild’.

Hopefully Microsoft is working around the clock to permanently fix this flaw and will issue and ‘Out of Sequence’ patch soon. At the very worst, let’s hope that it will be fixed with their next scheduled update which is set for Tuesday, August 10th.

For more information on this exploit, visit Microsoft’s Security Advisory 2286198 and Support Articles.

Patch Tuesday

It is that time again….Microsoft’s usual monthly update cycle. This month, Microsoft released four security bulletins which addressed 5 vulnerabilities in both, Windows, and Microsoft’s Office suite.

Here are the Security Bulletins with links explaining them in detail…..

MS10-042 – Rated Critical

MS10-043 – Rated Critical

MS10-044 – Rated Critical

MS10-045 – Rated Important

Although it is of the utmost importance that all of these patches are implemented on your system, the two most critical updates are MS10-042 and MS10-045. For an indepth explanation of these two patches, you can visit the Security Research and Defence teams blog by clicking HERE.

As always, Microsoft has also updated the MRT (Malicious Software Removal Tool) as part of the monthly patch. The tool will automatically do a quick scan when the computer updates, but it is a good idea to manually run a ‘Full’ scan as soon as you can. To launch the MRT…..

XP – Click on Start>Run, then type MRT in the open dialog box and press Enter. The MRT will open, just follow the instructions and run a ‘Full Scan’

Vista and 7 – Click on Start, in the search dialog field, type in MRT and press enter and follow the instructions to run a ‘Full Scan’

Note that on a very small percentage of machines, I have found that the file extension is also required to launch this program. By that I mean, instead of typing in MRT, you may need to add the file extension and type MRT.exe instead of just MRT.

Now also of importance this month is Microsoft’s termination of support for computers that are running Windows XP with Service Pack 2. This means that these computers will no longer receive security updates from Microsoft and will be completely open to vulnerabilities being exploited by hackers. It is highly recommended that anyone who is still using XP SP2 to update to XP SP3 as soon as possible. To get this update, you can visit Microsofts Technet site and download and install Service Pack 3. Make sure that before you do this update, that all of your important data is backed up, as there have been a small percentage of computers which have crashed after this update was completed. Almost all of these crashes have been because an undetected malware program was also installed on that computer. I have installed SP3 on numerous computers and have never had an issue, but it is always better to lean towards the side of safety. Once this update has completed, you will need to continue running updates on your computer as installing SP3 will spawn numerous other updates. Just keep on running the Windows Updater until no new updates are available.

Windows XP Service Pack 3 will be supported, by Microsoft, until at least 2014.

Skimming for Dollars

A new and very dangerous method of getting your money has been devised by hackers. Known as ‘ATM Skimming’, hackers have produced a very small ‘skimming device’ which is inserted into the slot of an ATM machine in which you swipe your card. The device is designed to record all of your banking information off of the magnetic strip on your card. A very thin clear, plastic sheeting, which is capable of copying your Personal Indentification Number (PIN), is also being placed over the keypad so that these thieves now have complete access to your bank account.

The scary thing about this is that you will never even know that your banking information was just stolen. Everything will look perfectly normal to you. What’s even worse, is that technology has been developed so that this information can be sent via wi-fi or over the internet. This makes it possible for the crooks to steal the information without ever having to revisit the ATM machine. They could be in a Starbucks down the street or on the other side of the planet and be gathering you personal banking information.

Now, on the plus side, is that the financial institutions are aware of this scam, and are constantly monitoring their ATM’s. Video surveillance at ATM’s is also a somewhat efficient deterent, however these hacks are becoming more and more prevelent. Care should be especially taken when using an ATM at a convenience store, grocery store or any other location that is not a bank and are therfore less likely to be monitored as closely as an ATM at a bank.

The only real defense that you have is to be aware of this, and to constantly monitor your bank account, especially after making a transaction at an ATM. Any fraudulent activity on your account should be reported to the authorities and your financial institution as soon as they are discovered.

Browser Tabs…Friend or Foe?

I’ve written about many of the threats that we face on the internet in many of my past posts. Quite frankly, it just seems to never end. Thankfully, due to the blog-o-sphere, many of us are now aware of what to look for. Phishing, spear phishing, man in the middle, etc. are all terms that, in the very recent past, may not have been familiar to many of us. Because of this fact, many are now aware of the attacks, what to look for, and how to prevent them. As a result, the hackers are forced to come up with new and more devious methods of stealing your personal information. Well they have done it again.

In the past phishing scams have required you to click on links in a malicious email from someone pretenting to be you bank and asking for your personal information in order to fix a “problem with your account”. When you click on the link, it directs you to fake site that will look very much like your bank’s web page, and once you fill in the ‘User Name’ and ‘Password’, you have given away your personal banking log in credentials. But as I said earlier, users are becoming more and more aware of these phishing scams and the use of them is becoming less and less effective.

Tab Napping, or Tab Hijacking is fast becoming the new scourge of our browsing woes according to Aza Raskin, a security expert on Mozilla’s Firefox Web Browser Team. Extra special care is going to be needed when using our browsers, especially if you are prone to using numerous tabs at one time.

This is how it works…..

A hacker can actually detect when a tab, in your browser, has been left idle for a long period of time. By replacing that tab with a fake website that looks just like a real site, such as your banking site, they will ask you to reauthorize your credentials by entering your User Name and Password. Knowing that your bank will often do this when your account has been idle for a period of time, you don’t think anything of it and re-enter your credentials. At that point, they now have your personal banking log on information. They can then actually redirect you to your actual banking site, as you never were really logged out to begin with. Plus, the damage has already been done. By doing this, you will never even realize that you have just had your banking information stolen.

How Can I Protect Myself From Tab Napping?

Even though this is a serious problem, being aware of the signs, can make this a relatively simple thing to avoid.

First off, as always, before entering your personal credentials to any website, look at the actual Uniform Resource Locator (URL) for the page that you are on, and make sure that you are, in fact, where you think you are.

Secondly, while glancing at that URL, make sure that you are on a secure page, one that begins with https:// and not just http://. Never enter any personal information on a page that begins with only http://.

Thirdly, whenever doing any banking, instead of opening a new tab (Ctrl-t) in your browser, open a new window, (Ctrl-n) for your banking log on. This way only one tab will be open in that window, confusion will be less likely, and tab inactivity will be avoided.

Next, avoid leaving tabs open that are asking for your log in credentials. Always close log in pages to your bank, ecommerce sites, or any other site that is looking for any personal identifying information. You can always re-open these pages should you need them again.

I think that making sure you are where you think you are is the most important thing in avoiding these phishing scams. Before entering any personal information on any site, look at that URL and make sure that it is actually from the company or institution in which your are logging into. If unsure of how to do this, check out my two part post on Uniform Resource Locators by clicking HERE and HERE.

The Diary of Anne Frank

Today is the birthday of Anne Frank. Born on June 12, 1929 in Germany. Anne Frank lived most of her life in Amsterdam, Netherlands. A German by birth, she lost her German status due to anti-Semitic Nazi attitudes. After the 1940 Nazi invasion of the Netherlands, the Frank family were forced into hiding due to increasing violence against the Jewish populations in 1942. After two years in hiding, they were betrayed and Anne Frank and her sister Margot were moved to concentration camps where they both eventually died, of typhus, in March of 1945. Anne Frank was 15.

But Anne Frank’s legacy is her writing abilities. During her hiding, she kept a detailed diary of her life. After the end of WWII, her father Otto announced that the diary had been saved, and released it for publication. Due to the great detail, the diary has been published in book form, made into Hollywood movies and has even been the basis behind many stage plays.

As a tribute to Anne Frank, the following 3-D, interactive website was created. It provides detailed biographies of the people involved, as well as descriptions of the office building in which the family hid. But the most intriguing aspect of this site, is the interactive interface with the warehouse. You can take a virtual walk through the building room by room exploring all the “nooks and crannies”. The rooms were restored to appear the way they did back when Anne Frank was in hiding.

The Diary of Anne Frank

Adobe and Microsoft….It’s That Time Again!!

Tomorrow, June 8th, is that infamous day again when Microsoft releases the latest updates for it’s software. Unlike last month’s that was really a ‘nothing’ update, this month’s iteration is huge. In all, 10 bulletins fixing 34 vulnerabilities will be released. Some are rated as critical and effect Windows, Ofiice, and Internet Explorer.

For Windows (including Windows 7 and Windows Server R2)

6 vulnerability patches of which 2 are rated “Critical” and 4 are rated as “Important”.

For Office

2 vulnerability patches both of which are rated as “Important”

For Windows and Office combined

1 vulnerability patch rated as “Important”

For Internet Explorer

1 vulnerability patch rated as “Important”.

Microsoft also confirmed that this update would also include the long awaited fix for the XXS flaw. This flaw could allow priveledge elevation, in Sharepoint, that could lead to a cross site scripting attack.

Microsoft is not the only company that is trying to get it’s software more secure. Adobe has been effected with a critical flaw in it’s Flash and Acrobat softwares AGAIN. I say that as since Adobe announced it’s plan to implement quarterly patches for it’s software, they seem to be getting hit with exploits, some of which are zero-day exploits, on a weekly basis. A zero day exploit is one that was not known of, until it was already being exploited in the ‘wild’.

Adobe says that this effects it’s Flash player version 10.0.45.2 and earlier. Flash version 10.1 does not appear to be effected. This exploit could cause a crash that could lead to a computer being taken over by the hacker. Adobe says that it effects the authplay.dll file and the deleting, renaming, or moving of this file will create a temporary, albeit annoying fix. After deleting, moving, or renaming this file, what will happen, is that any PDF file that is opened that contains SWF content will cause a crash, although this crash will not be  exploitable.

The earlier versions 8.x, have been confirmed not to be effected by this exploit.

The authplay.dll file can be found in these two locations….

c:\ProgramFiles\Adobe\Reader9.0\Reader\authplay.dll

and c:\ProgramFiles\Adobe\Acrobat9.0\Acrobat\authplay.dll

Read Adobes release by clicking HERE.

Now all this being said. Getting your software updates is the #2 most important thing to make sure that you do in order to keep your computer safe. That is, next to making sure that your actions on the internet are safe. I have said this many times before, but never click on links in emails unless you are sure they are from someone that you trust. Most malware needs the user to initiate the attack by click on something. A common way that hackers have infected an unsuspecting user, is by sending a targeted email or spear phishing attack. You will receive an email from, what appears to be your bank. It looks official so you open the email. They then tell you that your account has a problem and to click a link in order to fix the account. Clicking on the link will take you to a site that looks very much like your banks website. Looking up at the URL will tell you that it is not your bank’s website, but it looks so good that you are coerced into entering your personal information (account number, password, etc), and now they have you. Your bank, or any other organization including Amazon, eBay, and other ecommerce sites will never ask for your personal identifying information via a link in an email, so do not be fooled by this trick.

Social networking is also another venue in which attacks occur and many a faithful user is getting infected via this method. A friend’s Facebook, Twitter, Friend Feed, etc. account is compromised by a hacker without their knowledge. You, then receive a message, from this friend’s hacked account, stating that “you should see this photo I took of you last night”. What???….What photo are you talking about? Intrigued, you open the message, after all it is from a trusted friend. It asks you to click a link to view this mysterious photo and takes you to a site that looks very much like Flickr, SmugMug, or other photo sharing sites, but tells you that the photo you are trying to view cannot be opened because you need to download a new version of Flash, or a different codec. You obviously want to see the photo so you click on the link to download this software so you can view this photo. You did not download a new version of Flash or that new codec, instead you just installed a virus, worm, trojan horse, or other nasty.

Should you ever be asked to download a new software or go to a banking site from a link, never click that link. Always, manually type the URL pointing to that site such as http://www.adobe.com and manually download that program or check your banking account by manually logging into your account. Links, email addresses, and social networking names can be spoofed and trick many an unaware user into getting hacked.

Don’t let it be you……

Google…What’s with the Security?

Google has had it share of negative publicity lately. Many people have started doubting their philosophy of “Due No Evil”, which is really nothing new. But this latest faux pas when, after being requested, by German legislators, to reveal what information the company had gathered from vehicles photographing for Google Street View, Google discovered that they had got a lot more than the bargained for. Apparently, due to some unknown, old code that had been in the software, Google’s vehicles have been gathering personal information from people who use public, unprotected wi-fi. Now in fairness to Google, this information is being obtained from a vehicle that is mobile, and is scanning more that one wi-fi hotspot in any given second, so how much information could they have possibly gathered. More-over, Google has said that they have not used any of the collected information, and have vowed to destroy it. I don’t know, but I really think this was blown a little out of proportion.

But wait, that was not even the purpose of this post, I just got to ranting.

Google has just released a beta of encrypted search. A Google search that will be carried over an SSL connection. So what does this mean? Well it means that no one will be able to see the search query from the time it leaves your browser, to the the time it arrives at Google’s servers. SSL(Secure Socket Layer), and the latest version now known as TLS (Transport Layer Security) are the means in which a data packets are sent over the internet in a scrambled format, and then re-assembled on the other end using private and public security keys. This assures that any information that may be intercepted is received in a jumbled heap, and will make no sense. How do you know you are using SSL/TLS. Well check out the URL as it will tell you. Any URL that begins with https:// and not just http:// is being carried over a secure connection. You will notice that almost all financial institutions, e-commerce sites, and many others that ask for personal identifying information are carried over SSL/TLS.

So why is Google starting all this? Is it in response to the aforementioned Google Street View fiasco? I don’t think so as Google has been doing this for quite some time now. It started with Gmail back in mid-2008 when it began offering secure transmissions of email as an option that had to be enabled. To a lesser known extent, it was also offered for Google Docs around the same time. After the Google servers were hacked allegedly from within China, Google then turned on these settings as default.

So why wasn’t all this done earlier? Running a network over SSL/TLS takes more bandwidth (of which Google has no shortage of), and can also slow the connection down. I think that these were the limiting factors which kept them from being turned on until now. With today’s broadband connections, most encrypted connections can be made without noticing much of a speed hit for the end user. This is a first of it’s kind, as none of the other major search companies, like Yahoo, Bing, Microsoft, or AOL offer this security option.

All that being said, keep in mind that once you click on a search result, you will then lose the encrypted connection and be transmitting over http only. It also will not protect you should you have malware on your computer, such as a keylogger, but it will keep anyone from sniffing your transmissions over wi-fi connections.

To view Google over SSL, click the following link……

https://google.com

Facebook……About Face!!!

We’ve all, by now, heard all about the security changes made by Facebook. Basically, they have made the public facing nature of their service an ‘opt out’ option rather than the ‘opt in’ option it was in the past. Before these changes, Facebook kept most settings ‘Private’ by default. However with this about-face, all of your settings automatically become public, meaning anyone can view them. This in itself is bad enough, however what makes the situation even worse is that the controls to change your settings back to private are impossible to understand. There is no one central location to go to change everything that needs to be changed in order to keep your personal information from all being public facing.

So what can I do about it? Well there is a great website, named ReclaimPrivacy.org, that will check your Facebook account and let you know what security risks you have present. You can then make the decision as to what you want to do about these settings. What’s more, it is so simple to use, and none of your information from your Facebook account is collected or viewed by this site, as the program will run directly in your browser. You simply need to go to their site, and drag and drop a bookmarklet in to your browser’s Bookmarks Toolbar. Then you launch and sign in to Facebook. Once you are logged in, click the button in the Bookmarks Toolbar and ReclaimPrivacy.org will scan your account and then notify you as to what settings are public facing and what you might want to change.

I thought that I had my account locked down, and was only viewable by my friends, and in some instances friends-of-friends. But one thing that I did not realize is that I had left the door open for any friends-of-friends to share my personal information. This meant that my personal information could be relayed to 3rd parties without my knowledge or consent. That got changed.

Check out ReclaimPrivacy.org as it helps getting your Facebook account back to where you had it, a little bit easier.

Galaxy 15…Watch Your Head!!

A television communication satellite which broadcasts cable service throughout the United States has suddenly gone rogue. On April 5, Intelsat, a communications company that controls the satellite, known as Galaxy 15, suddenly lost control of the orbiting vessel. Although, the cause of the loss of control is unknown, it is speculated that solar radiation caused by a recent sun storm is what caused the loss of navigational controls. However, the satellite is still broadcasting and is now expected to cross the orbit of another satellite, known as AMC 11. When this happens, the two satellites will be too close to one another and their signals will be disrupted. This could result in the loss of cable tv signals through out the United States.

Intelsat has been working with SES World Skies, the controllers of the AMC 11 satellite in order to attempt to regain control of this satellite, but to no avail. It is also unknown why the broadcasting signal from the Galaxy 15 satellite cannot be shut down, which broadcasts on the same frequency as the AMC 11. Currently, among other preventative measures, they are pondering using the propulsion system of the AMC 11 satellite to move it approximately 60 miles away from the equator, where it orbits approximately 22,000 miles above the Earth’s surface. This should sufficiently seperate the two satellites enough so that, hopefully, no degredation of signal will be noticed. This should also keep the AMC 11 satellite within its broadcasting ‘orbital box’, a carefully prescribed set of orbiting parameters in which the satellite must maintain in order to send signals and have them be received on Earth.

Cable and satellite TV companies are watching this attentively. According to the Associated Press, Direct TV has stated that this will not affect their services. Comcast has stated that they are monitoring the situation, and a spokesperson for Cox Communications said it did not immediately know whether this would affect it’s services. Calls from the Associated Press to Dish Network, Time Warner Cable, Charter Communications, and Cablevision Systems either had no statements or did not return calls.

The expected date when these two communications satellites are expected to cross orbits is on May 23rd. There is absolutely no chance of a direct collision between the two orbiting satellites.

A spokesperson for Intelsat was quoted as stating “We are confident that service disruptions will be minimized or avoided”

Let’s Hope So!!