Adobe and Microsoft….It’s That Time Again!!

Tomorrow, June 8th, is that infamous day again when Microsoft releases the latest updates for it’s software. Unlike last month’s that was really a ‘nothing’ update, this month’s iteration is huge. In all, 10 bulletins fixing 34 vulnerabilities will be released. Some are rated as critical and effect Windows, Ofiice, and Internet Explorer.

For Windows (including Windows 7 and Windows Server R2)

6 vulnerability patches of which 2 are rated “Critical” and 4 are rated as “Important”.

For Office

2 vulnerability patches both of which are rated as “Important”

For Windows and Office combined

1 vulnerability patch rated as “Important”

For Internet Explorer

1 vulnerability patch rated as “Important”.

Microsoft also confirmed that this update would also include the long awaited fix for the XXS flaw. This flaw could allow priveledge elevation, in Sharepoint, that could lead to a cross site scripting attack.

Microsoft is not the only company that is trying to get it’s software more secure. Adobe has been effected with a critical flaw in it’s Flash and Acrobat softwares AGAIN. I say that as since Adobe announced it’s plan to implement quarterly patches for it’s software, they seem to be getting hit with exploits, some of which are zero-day exploits, on a weekly basis. A zero day exploit is one that was not known of, until it was already being exploited in the ‘wild’.

Adobe says that this effects it’s Flash player version 10.0.45.2 and earlier. Flash version 10.1 does not appear to be effected. This exploit could cause a crash that could lead to a computer being taken over by the hacker. Adobe says that it effects the authplay.dll file and the deleting, renaming, or moving of this file will create a temporary, albeit annoying fix. After deleting, moving, or renaming this file, what will happen, is that any PDF file that is opened that contains SWF content will cause a crash, although this crash will not be  exploitable.

The earlier versions 8.x, have been confirmed not to be effected by this exploit.

The authplay.dll file can be found in these two locations….

c:\ProgramFiles\Adobe\Reader9.0\Reader\authplay.dll

and c:\ProgramFiles\Adobe\Acrobat9.0\Acrobat\authplay.dll

Read Adobes release by clicking HERE.

Now all this being said. Getting your software updates is the #2 most important thing to make sure that you do in order to keep your computer safe. That is, next to making sure that your actions on the internet are safe. I have said this many times before, but never click on links in emails unless you are sure they are from someone that you trust. Most malware needs the user to initiate the attack by click on something. A common way that hackers have infected an unsuspecting user, is by sending a targeted email or spear phishing attack. You will receive an email from, what appears to be your bank. It looks official so you open the email. They then tell you that your account has a problem and to click a link in order to fix the account. Clicking on the link will take you to a site that looks very much like your banks website. Looking up at the URL will tell you that it is not your bank’s website, but it looks so good that you are coerced into entering your personal information (account number, password, etc), and now they have you. Your bank, or any other organization including Amazon, eBay, and other ecommerce sites will never ask for your personal identifying information via a link in an email, so do not be fooled by this trick.

Social networking is also another venue in which attacks occur and many a faithful user is getting infected via this method. A friend’s Facebook, Twitter, Friend Feed, etc. account is compromised by a hacker without their knowledge. You, then receive a message, from this friend’s hacked account, stating that “you should see this photo I took of you last night”. What???….What photo are you talking about? Intrigued, you open the message, after all it is from a trusted friend. It asks you to click a link to view this mysterious photo and takes you to a site that looks very much like Flickr, SmugMug, or other photo sharing sites, but tells you that the photo you are trying to view cannot be opened because you need to download a new version of Flash, or a different codec. You obviously want to see the photo so you click on the link to download this software so you can view this photo. You did not download a new version of Flash or that new codec, instead you just installed a virus, worm, trojan horse, or other nasty.

Should you ever be asked to download a new software or go to a banking site from a link, never click that link. Always, manually type the URL pointing to that site such as http://www.adobe.com and manually download that program or check your banking account by manually logging into your account. Links, email addresses, and social networking names can be spoofed and trick many an unaware user into getting hacked.

Don’t let it be you……

Facebook……About Face!!!

We’ve all, by now, heard all about the security changes made by Facebook. Basically, they have made the public facing nature of their service an ‘opt out’ option rather than the ‘opt in’ option it was in the past. Before these changes, Facebook kept most settings ‘Private’ by default. However with this about-face, all of your settings automatically become public, meaning anyone can view them. This in itself is bad enough, however what makes the situation even worse is that the controls to change your settings back to private are impossible to understand. There is no one central location to go to change everything that needs to be changed in order to keep your personal information from all being public facing.

So what can I do about it? Well there is a great website, named ReclaimPrivacy.org, that will check your Facebook account and let you know what security risks you have present. You can then make the decision as to what you want to do about these settings. What’s more, it is so simple to use, and none of your information from your Facebook account is collected or viewed by this site, as the program will run directly in your browser. You simply need to go to their site, and drag and drop a bookmarklet in to your browser’s Bookmarks Toolbar. Then you launch and sign in to Facebook. Once you are logged in, click the button in the Bookmarks Toolbar and ReclaimPrivacy.org will scan your account and then notify you as to what settings are public facing and what you might want to change.

I thought that I had my account locked down, and was only viewable by my friends, and in some instances friends-of-friends. But one thing that I did not realize is that I had left the door open for any friends-of-friends to share my personal information. This meant that my personal information could be relayed to 3rd parties without my knowledge or consent. That got changed.

Check out ReclaimPrivacy.org as it helps getting your Facebook account back to where you had it, a little bit easier.

We All Love Facebook…..but?

The big three…..Facebook, Twitter, and Friend Feed, places where we all go to network socially. But lately it seems that all of these venues for communicating with our friends and family, have come under scrutiny relating to security problems. All of the social networking sites have come under fire regarding privacy issues. Remember when Facebook changed it’s policy overnight and all of your photos and information were changed to a ‘Public’ status, which had to be reset. Bad move, hell, even Mark Zuckerberg had his photos become public, which were quickly changed, but what was going through their minds to change their terms, and not even have the CEO of the company aware of these changes. All this aside, as disturbing as it is, it is not the biggest threat that is being aimed at us through these social networking venues.

Account hacking is fast becoming a serious problem on the sites. Once only limited to email accounts, Spear Phishing is fast growing in popularity among the bad guys and is something that everyone should be aware of. Weak sign on credentials, from users, are making it even easier for these crooks to hack accounts and eventually gain access to places in which no one, in their right mind, would allow them. Check out my post HERE on setting up a more secure password.

Bad Guys are targeting individual accounts by hacking into their friend’s accounts. What happens, is that a bad guy gains control of someone’s Facebook account, and now has access to all of that person’s friends. They will then send a targeted message which states something to the effect of, “You Should See The Photo I Got Of You Last Night”. Of course, you think you know this person so you click on the link which will take you to a fake website, one that looks exactly like one that is very familiar to you, such as Fickr.com. Now keep in mind that this web page will look very much like a real Flickr page, and will ask you to click on a link to view this photo. When you click on this link, a message will display telling you that a new version of Adobe’s Flash Player, or a different Codec is needed in order to view this photo. Conveniently, a link is supplied so that you can get these new versions in order to make it easier for you to view this much anticipated photo. But what we don’t do, is look at the URL, to see where we really are. You are not at Fickr.com but are at a bad guy’s page. When you click on that link to get that new version of Flash or that new Codec, your computer is immediately infected with what will most likely be, a Trojan Horse. This Trojan will now open up your computer to all sorts of new infections, like Keyloggers, and Worms. This could open you up to identity theft, stolen personal data, such as credit card info, banking credentials, and possibly even Social Security Numbers, which could allow the bad guys to open up new credit card accounts in your name.

The point is that as long as you are aware of these issues, you can safely post and communicate with friends via these venues. However, it is critical, that whenever you click on a link, that you keep an eye on the URL (Uniform Resource Locator). For more information on URL’s you can check out my two part posts by clicking on Part 1 HERE, and Part 2 HERE.

Now I use Facebook, Twitter, and Friend Feed, however I like to keep my accounts buttoned down, and only communicate with friends, family, and some friends-of-friends, but that is it. I have seen accounts that are completely public, meaning anything that is posted is visible to everyone. More and more employers are turning to these venues to check on your back round. Imagine a potential employer seeing the photo of you at that party 2 years ago, lying on the floor drunk. That would definitely make me think twice about hiring you. Keep your most personal information PRIVATE.

Now even more devious than the above mentioned hacking of an account starts in exactly the same way. You get your account hacked. Well now you take your computer to work and connect to the network there. Well now the bad guys can see the same things that you can see on your work’s network. Keep in mind, that there is no way that you will know that this is happening.  So you say, well I don’t have any high clearance access to any critical information. No, you may or may not, but someone that you network with at work may, and your computer being infected may allow this worm to spread higher and higher up the chain. This has just happened recently. An occurrence, such as this, could cost you your job.

This is all the more reason to make sure that you keep information on all of your Social Networking accounts private. At the very least, you want to make sure that any that could cause embarrassment (or worse) is, without a doubt, kept private.

Enjoy this new technology, but keep yourself safe. Social Networking is enjoyable and is very useful, however always remember, that what you do and post today, may come back and haunt you years from now. Once it is public, it just never goes away.

Fan Check Virus….Fact or Fiction

Within the past week, my Facebook account has been seeing a lot of posts warning people of the dreaded Fan Check virus.  But is this really a true virus?  Well after a bit of investigation, it turns out that according to security experts at Sophos, the dreaded Fan Check virus is, in fact, not a virus at all.  It will not download any malicious software to your computer or turn your computer into a Zombie and become part of a Botnet.  However, that does not mean that this bit of software is completely benign and can be used without fear.  Although it is not a virus, it is an incredibly poorly written application that can cause chaos on your Facebook page.  Your Wall could become all jumbled and be unusable as well as other problems to your account.  But again, this is not a malicious software, aka virus. But don’t fear as, as of the date of this post, Facebook has taken Fan Check down and is investigating.

The fact that it could cause unwanted things to occur on your Facebook page is not the real ominous evil behind this application.  Because of the increased chat regarding this subject on the internet, it has opened the eyes of scammers and as a result, malicious sites are popping up all over the place.  By doing a Google, Yahoo, or Bing search for “Facebook Fan Check”, you will receive a large number of hits regarding this subject. But do NOT click on these returns. Why? Because a large number of these pages that are returned from the search, point you to malicious websites.  Scareware is the primary concern and danger.  Clicking on one of these sites will cause a pop-up to occur, which states that your computer is infested with viruses and that you should download their software to clean your computer. THIS IS A SCAM!!!  You are not downloading a virus scanning software, but instead, you are downloading malware, specifically, a Trojan Horse.  This will now open your computer for all kinds of annoying pop-ups, or even worse, other Trojan Horses, spyware, and worms to get into your system.  So stay away from the temptation of searching for “Facebook Fan Check”, as it could spell the beginning of the end of your computer happiness.

HERE is what Snopes.com has to say about it……