Security Developments, Software Updates and Best Practices
The link to the Infoworld article doesn't work. I was able to find the article, and the correct URL is: http://www.infoworld.com/article/04/04/20/HNtcpwarning_1.html
Thank you Joy for the feedback, as I've corrected the InfoWorld link :)
Recently I'd been reading the posts concerning the issues found with MS04-011. I've got another one to add. Several systems I manage running W2K Professional SP4 and kb patched along with IE6 fully patched began to all show signs of inability to move across the internet. At the same time the system's processor would go to 100% CPU usage and remain until I could manage to shut down IE6 with Task Manager. After reading the Microsoft KB835732, I then took note of the following Microsoft KB article http://support.microsoft.com/default.aspx?kbid=841382 I wondered if this could also apply to the issue I was seeing. After uninstalling MS04-011 from these systems immediately the problem with all these systems went away. Hopefully between firewalling ports tcp 445, 5554, 9996 and keeping antivirus software up to date I can keep the critters out of the systems till a revised MS04-011 patch comes out addressing this. G'day, Kevin
MS04-011 Sasser.E (new ports 1022 and 1023)
Any idea when Microsoft will release a patch?
Looks like Symantec has updated Norton Antivirus 2004 to block the exploit: http://securityresponse.symantec.com/avcenter/venc/data/downloader.trojan.html
I think this the old F00F bug that was discovered back in 1997. It's basicly a hardware bug in the Pentium 1 CPU that makes the processor lock up and freeze the entire computer. It does not affect PII and later CPUs. More information: http://www.x86.org/errata/dec97/f00fbug.htm Cheers, /Lars.
Interestingly, and perhaps not coincidentally, the volume 1, issue #7 publication of the newsletter has a small bio about MVP, Mr. Harry Waldron. :) I saw that when I received it several weeks ago. :) Rick
Or just install QwickFix+Spybot+Spywareblaster, to avoid malwares. http://www.pivx.com/qwikfix/index.html http://www.safer-networking.org/ http://www.javacoolsoftware.com/spywareblaster.html
Spam has crashed my computer several time, and I have spent several hundred dollars on computer repairs over the past year.. I have spent hours sending replys asking to be remove of email listings, but soon as I do this, I begin to recieve more spam... NOTE: It has been a no win situation for me!
How about adding functionality to be able to scan a remote machine for BHO's. This would be great in large enterprise environments.
If you have just one account would making a limited account highten or lower your security? I could imagen that an adminaccount not in use could be hacked more easely through the net.
I have IWAP-WWW on my windows xp - it just appeared out of "no where" and I can't even access my "user account" in the control panel...so any suggestions?! Thanks in advance for your help!
There's 12 AVs working now (including ClamAV).
I sent you a separate e-mail about what found. IE6 and AOL9.0 can be be made not vulnerable, by making a simple change to the IE Internet security settings. Click on Custom, and disable "Navigate subframes across domains". It was reported at http://www.windowsbbs.com/showthread.php?t=32457
Symantec writeup starts off well. However if you don't have any uptodate av software to detect the files, when you reboot it all starts off again as they didn't check the various startup locations in the registry/program locations. I'm still trying to disinfect my parents-in-law machine.
The other day a microsoft spam control download popped up on my screen that I attempted to download, but I lost it. How do I get it bacK
Thanks for this, Harry. You would think as a registered user they would let me know.
cool...
I run both Windows and Linux in-house and I, too, wish there were more (any?) choices out there for Linux A/V. The situation is doubly ironic because Linux pioneered so other security tools (Satan, Tripwire, Snort, etc etc). I'm also curious about why: 1. The Open Source community doesn't take on Linux A/V software as a project (and I confess - *I* don't know how I'd go about initiating such a project myself) 2. The Windows community doesn't collectively throw out that junk garbage Petri dish called "Outlook Express"? *Any* kind of mail client would be better than Outlook when it comes to preventing random infections by naive (e.g. home) users... IMHO...
Hi Harry "1. Dont breach your own firewall." This advice is certainly one way to do it. But more recently the method I've been favoring is to use 802.1x the way microsoft did in their implementation. http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/wlandply.mspx "2. Dont spurn Media Access Control" Unfortunately ease of use often trumps security. Raise your hand if you are running DHCP. See what I mean. Almost all of us went for ease of use instead of managing static addresses. It gets unweildy really fast. Instead of collecting hardware addresses which are spoofable use digital certificates in 802.1x. Again see the microsoft article. You get b-directional authentication. Clients are authenticated to the server, server is authenticated to the client.
i have been infected by this worm and its draining my battery and infecting other bluetooth capable mobile phones. even if i will turn it off (bluetooth) still will send the virus. i tried to format and upgrade my mobile phone and erase the worm. beware of this worm and it is very frustrating.
Hi Harry! Just wanted to let your readers know that we have a tutorial on how to use this tool and interpret its results. It can be found here: http://www.bleepingcomputer.com/forums/topict3077.html
Seems to be that the AV industry is already a week late with this. We got mails with Jpeg attachments containg string Ducky as editor already a week ago mailed as "Feedback" to our website. Just we were unsure, what's the malicious code in it and didn't want to try it out.
Some websites are saying that the attachments can be *.zip files as well.
Something similar is arriving to my Gmail account (25 messages in 5 days) and to my Grex account (3 mails), althout the attachment is a 129 bytes plain text file (no double extension) that contains the info of the attachment that has been filtered by Norton. They all are built the same but using different subjects and coming from different real sender, the spoofed sender is the same. ----- EXAMPLE OF ONE FROM THE INBOX ---------- From: info@yahoo.fr <info@yahoo.fr> To: cdrom_drae@gmail.com --> not my e-mail account Date: Sat, 20 Nov 2004 17:55:41 UTC Subject: Your Password <KEY:2008> Parts/attachments: 1 Shown 15 lines Text 2 129 bytes Plain ---------------------------------------- Your password was changed successfully! ++++++ User-Service: http://www.yahoo.fr ++++++ MailTo: postmaster@yahoo.fr *-*-* Anti_Virus: No Virus was found *-*-* GMAIL- Anti_Virus Service *-*-* http://www.gmail.com <u>Attachment</u>: 'suppression de norton antivirus1.txt' <blockquote>Content: Norton AntiVirus a supprimé la pièce jointe suivante : yahoo.6228.doc.com. Elle était infectée par le virus W32.Sober.I@mm.</blockquote> ============= The original sender can be found here: Delivered-To: *******@gmail.com --> My mail account Received: by 10.38.75.25 with SMTP id x25cs28978rna; Sat, 20 Nov 2004 10:12:09 -0800 (PST) Received: by 10.38.171.55 with SMTP id t55mr198713rne; Sat, 20 Nov 2004 10:12:07 -0800 (PST) Return-Path: <info@yahoo.fr> Received: from rkhkangnp.fr (80-***-***-61.adsl.nuria.telefonica-data.net [80.***.***.61]) --> I've masked the original IP by mx.gmail.com with SMTP id 71si453451rnb; Sat, 20 Nov 2004 10:12:07 -0800 (PST) Received-SPF: neutral (gmail.com: 80.***.***.61 is neither permitted nor denied by domain of info@yahoo.fr) From: info@yahoo.fr To: cdrom_drae@gmail.com ============= <u>The subjects of the mails are:</u> Your Password <KEY:2008> Password confirmation <KEY:3682> Registration confirmation <KEY:8459> I wonder why it keeps sending the txt file as it's only spamming inert mails, maybe a bug in the worm?
This looks to be some info about this worm. Removal instructions should be at the bottom of the page. If you're not able to log in to your computer to do what the page tells you to do, try booting it in safe mode. That should bypass any virus type startup files, so you can log on without the hassle of the instant relog problems.
Might help if I actually posted the URL. Heh. Here it is. http://securityresponse.symantec.com/avcenter/venc/data/w32.funner.html
Well, as it's not a browser specific bug but a plugin flaw instead everyybody should update their java plugin either using IE, Opera or Firefox.
"...information is gathered and problems are identified and analyzed..." Having done audits/assessments for a number of years (in FTE and consulting positions), one of the most important (and often overlooked) parts of an assessment is communicating the issues to the customer in terms of their business needs. Sure, it's easy to go on-site and run Nessus or ISS's Internet Scanner (regardless of what anyone says, there are still consultants and consulting organizations that do just that and not a great deal more) and print out a report on company letterhead. Look at a default setup of Nessus, for example...there are no less than 9 warnings for issues that all relate back to null session enumeration. And in a great many cases, this may not be a security issue at all for an organization. The point is that the assessment team needs to do a thorough job of the assessment, to include interviewing key personnel, reviewing documentation, etc. "Continuing work" Agreed. Security is a process, not a point in time. H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com
"...how will users react to a new virus attack where the AV vendors don't have signatures out, yet they have infected email attachments to process in their in-boxes?" Having gone through just such an event, it's not only important to have security awareness training for users, but it's also important to have suitable training for administrators, as well. During the incident I was involved in, I spent my time and energy organizing several sysadmins to assist in containment and eradication procedures, while on admin got on the phone with our A/V vendor. While he was on hold, he decided to do his own "analysis". Since then, I have seen others (CERT members, admins, etc.) attempt to do the same sort of thing...and it's a mess. To often, they spend no time thinking about such things ahead of time, and when they get into a situation in which they feel the need to do *something*, they invariably end up missing some really simple steps along the way. This is seen time and time again in the public lists. On an aside, the issue of interconnectivity applies to users, as well (bear with me here...). Just as networks are becoming more and more interconnected, one also has to keep in mind that policies and awareness are, too. For example, a company I worked for got hit by an email-borne worm. Users were instructed to (a) do not open email if they don't know the sender, and (b) if they do know the sender, but the attachment doesn't look quite kosher, don't open it. Well, one of our customer's marketeers had a habit of sending jokes and animated files (animated GIFs, Flash movies, etc.) to people he knew, so when the email arrived, the marketing folks who received it immediately double-clicked on the attachment. While we were trying to reiterate and enforce our policies and awareness, we had a customer who wasn't quite on board with that sort of thing. H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com
I could send this to my mother in NEBRASKA and she'd head for higher ground...
I have been hearing of reports that 040 has caused problems, there is a link in the KB now of known issues, but some of the issues I am hearing is that when you install it from WU or AU it does not update all the files. I had someone report to me that after they installed 040, they could no longer invoke an IE object from a link in an email, the browser window would open, but not go anywhere. Regards. SE~
OMIGOD! A 300 foot tsunami! Quick! Quick! Send an email!
It is also important to note that MS04-038 is still required for Windows XP SP2 and Windows Server 2003.
Great write up Harry!!
I just installed FireFox 1.0 on my computer in an attempt to protect myself from the ones that exploit the holes that exist in MSIE and because my version, MSIE 5.5, has been crashing and locking up my machine to the point where it is almost useless. I cannot upgrade because I am running Windows 98SE and I understand that I would have to upgrade my Windows OS to use a newer version of MSIE. I have not had one crash or system freeze with FireFox. I am also running McAfee VirusScan as my AV program. Today I happened to surf over to a site that I know has a link to webpdp.gator.com. The address for this and other sites are in my Mcafee list of banned URLs and IPs, but I didn't get the warning from Mcafee. When I went to this address with MSIE the warning came up as expected. I then went to eicar.com with FireFox to test my AV protection. Much to my surprise I was able to download all the test files without any warnings at all. It looks like I am surfing the net without any AV protection at all. I have sent inquires to Mcafee and looked through the McAfee Support Forums for a solution but no luck. The only issue with FireFox and McAfee seems to be the automatic update of the DAT files and the lack of Active X. I would like to urge all FireFox users to test their browser to make sure that their AV programs are working. In the meantime I'll will be attempting to get some answers from McAfee and Mozilla about this problem. I would appreciate any suggestions or help with this matter. Donald
Here is another Scam! FROM: THE GAMING CONTROL BOARD INTERNATIONAL PROMOTIONS/PRIZE AWARD DEPARTMENT Dear Recipient RESULTS FOR CATEGORY "A" DRAWS/XMAS BONANZA Congratulations to you as we bring to your notice, the results of the first Category draws of TRIPPLE WINS INTERNATIONAL SCIENTIFIC GAME PROMOTION. We are happy to inform you that you have emerged a winner under the first Category, which is part of our promotional draws. The draws were held to mark their first international program prior to end of year bonanza for Microsoft users. Participants were selected through a computer ballot system drawn from 25, 000, 00 names/email addresses of individuals and companies from Africa, America, Asia, Australia, Europe, Middle East, and Oceania as part of our International Promotions Program.Two names came as the lucky winners You/Your company email id, attached to ticket number 6422-5-486, with serial number 79-26 drew the lucky numbers 33-92-78-05 (18) consequently won in the First Category.You have therefore been awarded a lump sum pay out of $6.000,000(six million united state dollars)each, which is the winning payout for Category" A" winners. This is from the total prize money of $12,000,000 shared among the 2 winners in this category. CONGRATULATIONS! Your fund is now deposited with our transfer agents Cash Change First Securities INC UK ,and insured in your name. In your best interest and also to avoid mix up of numbers and names of any kind, we request that you keep the entire details of your award strictly from public notice until the process of transferring your claims has been completed, and your funds remitted to your account.This is part of our security protocol to avoid double claiming or unscrupulous acts by participants/nonparticipants of this program. We also wish to bring to your notice our end of year premium stakes draw where you stand a chance of winning up to $50 million; we hope that with a part of your prize you will participate in it. Please contact your claims agent immediately for due processing and remittance of your prize money to a designated account of your choice. FILE/CLAIMS OFFICER Mr.Edward Clapton Financial Director, Cash Change First Securities INC UK 14 Jupiter House Calleva Park Aldermaston Reading Berkshire RG7 8NN. TEL: +44-704-010-6304 TEL: +31-626-322-273 fax: + 31-205-248-858 FAX: +44-870-136-9041 EMAIL:edward_clapton424@mmail.com you are advised to contact your file/claims officer by email and/or fax within a week of receiving this notice. Failure to do so may warrant disqualification. NOTE: For easy reference and identification, find below your reference. Remember to quote these numbers in every one of your correspondence with your claims agent. REFERENCE NUMBER: TGA-4GA-65389 Congratulations once again from all our staff and thank you for being part of our promotional program. Sincerely, THE LOTTERY COORDINATOR, TRIPPLE WINS INTERNATIONAL GAMES JAN LUYKENSTRAAT 59 1071 CS AMSTERDAM THE NETHERLANDS N.B: Any breach of confidentiality on the part of the winners will result to disqualification. Please do not reply to this mail box. Contact your claims agent immediately. ___________________________________________________________________________ Mail sent from WebMail service at PHP-Nuke Powered Site - http://Antanavige.com
Harry, you are a moderator at forums.mcafeehelp.com, which I believe also runs on a vulnerable version of phpBB....
I saw a post today about a new Microsoft product called OneCare Live. This looks strangely familiar to a beta I worked on previously called PC Satisfaction. It was a nice product that just kind of died on the vine...
<DIV class=postcolor>Click Here for more information: Secunia Advisory - <A href="http://msmvps.com/harrywaldron/archive/2005/06/07/50934.aspx" target=_blank><STRONG><FONT color=#496690>Secunia Advisory - Mozilla Frame Injection Vulnerability </FONT></...
&nbsp;&nbsp; Microsoft has issued Security Advisory 912840&nbsp;for a Vulnerability in Graphics Rendering...
&nbsp;&nbsp; Microsoft has issued Security Advisory 912840&nbsp;for a critical vulnerability in the Windows...
&nbsp;&nbsp; McAfee has just updated their website with information related to the new WMF&nbsp;variant.&nbsp;...
In the various forums I participate in, I saw that many administrators&nbsp;worked during the holiday...
This entry below in December&nbsp;caused some recent confusion, with the&nbsp;official MSNM 8 beta, which&nbsp;has...
Harry Waldon reports that the "Live Messenger Beta" download is actually a security risk, written by...
&nbsp; Nullsoft has expediently released version 5.13 to address this ZERO DAY attack ISC Informationhttp://www.incidents.org/diary.php?storyid=1080Download...
En tous cas, les administrateurs de forums PhpBB devraient y prendre garde : Un bot du nom de FuntKlakow...
Rumours on the internets have been rumbling about a new botnet getting ready to unleash the fury on phpBB sites. It could be bunk info, but it is good to be aware. Links I've found on it so far: http://www.incidents.org/diary.php?storyid=1201 ht
&nbsp;&nbsp;&nbsp; As many of you may know one of the new IE 0 day exploits is spreading and being used...
From Microsoft MVP Harry Waldron's Security News &amp; Best Practices Blog:&nbsp; Trend and Symantec...
http://msmvps.com/blogs/harrywaldron/archive/2006/04/06/89552.aspx Go Harry :o) I've already had my...
This is a new one to me. A virus that encrypts your files and then demands you send money to the developer to decrypt your files. Obviously, a bad idea overall, and people are actively working on a 'crack' for the virus already. More info here: http:
Yahoo Inc., the world's largest provider of e-mail services, said on Monday that a software virus aimed...
The fake Windows Genuine Advantage Tool (wgavn.exe) has been named as W32.Cuebot-K worm by Sophos. ...
The fake Windows Genuine Advantage Tools is now detected by Trend Micro. They also posted the behavior...
It seems that the criminal element is taking phishing to new heights and has evolved into vishing for...
Harry Waldron blogs about the Formspy / Firespy spyware trojan, which is also described by Sophos and
From Harry's bloghttp://msmvps.com/blogs/harrywaldron/archive/2006/07/25/105724.aspx "FormSpy (aka FireSpy)...
On July 29, 2006, a new worm MSH/Cibyz.A surfaced which uses Microsoft's new XP...
Corporate and home users should install the latest service packs for Office and using the...
Microsoft will be discontinuing update support for Windows XP SP1 and SP1a effective October 10, 2006
Below are ideas that might help on "what to do" if your web servers are compromised: 1. Isolate
Edit: fix title. Come on guys - are people really so determined to find bad news about IE7 that they
Döbbenetes mennyiségek: Facts related to the new Windows Vista operating system: 4000 engineers estimated
Vista represents great security improvements for Windows. Jim Allchin's comments may be an analogy
There was a news about Mr. Jim Allchin's interview is misunderstood. BTW, Mr. Allchin r espond to it
Jim Allchin's recent comments on the enhanced security found in Vista were misinterpreted during a telephone
PingBack from http://techcompanies.notesandcomments.com/blogs/1969/12/31/microsoft-security-updates-november-2006/
McAfee offers a free removal tool (special version of STINGER) for the new Philis.BG worm, a.k.a, Looked
Microsoft developed a security guide earlier this month that can be helpful in assessing and establishing
This new IRC based threat attempts to spread using a number of security exploits, including the SYM06-010
Hasznos dolgok. The 2006 edition of this list is available at the following site: http://sectools.org/
Symantec has published a removal tool for the new Spybot.ACYR worm which manipulates the SYM06-010 vulnerability
Just read a fascinating blog post from the folks over at Secureworks. Basically they noted that W32/HLLP.Philis.bq
Jim Allchin provided an EXCELLENT response to Windows Vista and the improved protection from malware
F-Secure has declared MEDIUM RISK for the new Luder worm, which is disquised as a "Happy New Year" greeting
Abode users should move to version 8 to avoid the PDF Cross Scripting vulnerability . Version 8 offers
Users should continue to be cautious and not select any attachments in email from untrusted sources,
This article came to my attention via Harry Waldron's blog: http://msmvps.com/blogs/harrywaldron/archive/2007/02/10/mcafee-virus-scan-8-5i-fails-vista-vb100-certification-due-to-update-problems.aspx
Here's who's shaping what you read, watch, hear, write, buy, sell, befriend, flame, and otherwise do
HTML is now a little more dangerous due to an unpatched issue discovered over the weekend. Microsoft
I originally spotted this article thanks to Harry Waldron's blog , and what I read there saddens
Harry,
this is indeed a new development. Rootkits are too good to be true for malware writers. One can expect more intricate methods of avoidance in the future.
Malware begats malware... once it's accepted as normal for legitimate vendors to deny you service and demand your input, it's a small SE to posing as such things (as this malware does) and triggering the same or similar payloads.
Found this page while researching the topic:
www.daemon.be/.../targetedattacks.html
It looks at a couple of these "targeted" attacks in detail.
Pingback from Password News » Blog Archive » Microsoft Security - Check the Strength of your Passwords
Shame you didn't mention the forum, but I guess if "a member asked how they might protect themselves better", it has a high percentage of "LCD" users. And, what is a LCD user you may ask. LCD stands for Lowest Common Denominator. While I agree totally with everything listed above, I think the poster was being a little ambitious with Items 5, 6, 7 and 8. 8. Ramp up your security services and lock down unneeded services - now how would a newbie user interpret that? This type of user can be likened to a female car driver [please - no hysterical responses - I have 2 daughters and 1 wife - they will do it for you]. This car driver expects the car to run all the time. They will fill the fuel tank, but everything else is to be done for them. And so it is with their computer. Unless the OS is set up with Automatic Updates then forget it. If a firewall and anti-virus software is installed, it should be of the free variety [there are a few excellent choices out there], and must also auto update. The nag screens. The nagging is simply incomprehensible to most users. The nagging is also incomprehensible to me. I just clicked them all away. The first was expected, the second humorous, and the third didn't even register before I clicked "Allow". And I [think I] know what I'm doing. Let's just hope these LCD's don't participate in any online financial transactions.
Internet Storm Center is an excellent tool! I love it.
Thanking Rod for sharing this link, as the MyIT Forums newsletter is one of my "must reads"
First of all, good security ain't solely about operating systems themselves It's more about the
Pingback from MB’s Windows Security » Blog Archive » Vista and XP are equally at peril to malware… wait, what?
Umm, I would think that Yahoo stores your opt-out choice as a cookie. So if you delete cookies after opting out of Yahoo web beacons, you're deleting your opt-out. Note that Yahoo states that "This opt-out applies to a specific browser rather than a specific user." This info would be compatible with a cookie mechanism to store the opt-out info.
heh - niiice ...
if you're having a problem getting the forum to recognize a full link, surround it in
Based on personally testing corporate AV products head-to-head, I've found McAfee provides a robust
Congratulations!
(I hope you continue feeling young, as I do after 40 years with the same employer.)
W32/Almanahe.c
Any first release for a browser on a new OS is likely to have security issues that they didn't think about, which is plainly obvious with this release. :) Still, we'll see how it plays out in the greater market.
Security issues were found with Apple's Safari beta for Windows, when it was released earlier this
Pingback from University Update-Apple Safari-Apple Safari Beta v3.01 for Windows released to fix security issues
So, what can you do about it? For end users, keep your endpoints patched antivirus up-to-date. For Symantec users, there is a good article at sharpebusinesssolutions.com/savce_upgrade.htm describing how to keep SAV agents healthy and under support. For admins of affected web sites, a simple clean-up of the page is not sufficient - your site administrator’s credentials need to be changed. There are easy to use tools available for MPack to use to reinfect your sites even after you have manually cleaned them up. These automated tools are being fed lists of compromised site admin usernames and passwords, so make sure that you put a strong password on your site admin account.
I hope it's all that they it is because my messenger mean the world to me , anyway good work hope to see more soon chow.
Mostly the computers got infected due to human negligience or actions. The tips given above are good enough to follow to make your pc secure but your actions are still important e.g if you recieve an email containing suspicious email link or attachment never ever try to open it otherwise your actions may cost you.
Pingback from Microsoft Patch Watch
Getting a postcard via email? Don't click. I actually had a real postcard from a family member the
Pingback from » Security cricism on iphone - Internet computer & network security
I think the above security issues are beyond the layman user. The only business environments will consider these issues.
What do I do if I have clicked on the link? I didn't notice that it did anything other than bring up an error page. I have updated and run Spybot and Adware without any results.
Thanks.
Hi Dan - I'd suggest going to the VirusIntel site referenced below and running some of the free scans, as this is a virus rather than spyware. If you find a virus, search Google for Nuwar cleaning tools.
If you have the issue of not being able a clean a virus infection, the general advice in this link might help you right away. Most often a virus cannot be removed message can be resolved by cleaning in SAFE MODE:
HOW TO CLEAN A DIFFICULT VIRUS (Safe mode is the key)
forums.mcafeehelp.com/viewtopic.php
GREAT SITE FOR FREE VIRUS REMOVAL TOOLS
(see left side and ONLINE SCANNERS or FREE REMOVAL TOOLS)
www.virusintel.com/tiki-index.php
I just took the bait (1 July 2007). It even had my name on it! Guess I'm screwed. Am running my virus scan, but damage may already be done.
hi,
i find one related story at this site:
Security CENTRAL Forum
http://www.SCForum.info
Hi, Harry. Just wanted to say hello and thank you for your blog. I've been getting your RSS feed for some time now, and I really enjoy reading it. Thanks for all your hard work for the community. You're an invaluable source of information and make a large contribution to security worldwide.
may name is manish hardasani and ithink yahoo sarvise is too good sarvice and best sarvise
Thanks! I am scanning now.
Of these five legal scams, invention protection and promotion services are the most insidious--as for taking the "mark" for really big bucks, that is. Many of these people are so committed, so devoted to their pet, often lifetime, projects, that they will spring for a good chuk of their lifetime savings to see them succeed.
Those perusing the menu of what these con artists have to offer would do well to take long pause in deciding whether they would rather have red meat, or fuzzy green meat.
--Jack Payne
www.sixhrs.com
Yeah, is anyone suprised? thenewsroom.com/.../456135
I did click on one of these but it said it was a forbidden site. Does this mean it stopped it or should I be concerned?
Pingback from Fast-Flux Bot Nets: The Future of Botnets | Project Afterlight. Articles, News, Updates, and Reviews on Technology and Life.
I am working on a formula that has 7 nested IF statements to search a specified cell for different combinations of 3 words with different outputs for all 7 combinations. I had to define ranges and split the formula into 2 seperate formulas to make it work. How do I use the same defined ranges in all the cells in that column?
How do you get it to stop automatically rebooting? I've already disabled Auto Reboot, but it's still restarting me.
Pingback from University Update-Microsoft Windows-Microsoft Security Updates - July 2007
Many useful articles related to SOX and other regulatory compliance authority can also be found on www.compliancehome.com/.../SOX. This website acts as a source of information for many of the regulatory compliance authority such as SOX, HIPAA, OSHA, FISMA, etc.
Pingback from University Update-Firefox-Flash Player plug-in - Critical Browser Security Update
Hi. Neighbor has sent you a postcard.
See your card as often as you wish during the next 15 days.
SEEING YOUR CARD
If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:
67.176.97.119
Or copy and paste it into your browser's "Location" box (where Internet addresses go).
We hope you enjoy your awesome card.
Wishing you the best,
Mail Delivery System,
dgreetings.Com
Pingback from Corporate Executives targeted in Focused Security Attacks | Stop Spyware Ads
Au revoir DirectX 8, vive 10.1 (oui, mais juste pour Vista... SP1 !) Test : Archos 605 WiFi (beau joujou
Try and keep up.
Opera 9.22 was released 19.07.2007.
www.opera.com/.../windows
But thanks anyway.
All login systems should have a time-out or lock-out after X number of attempted password to foil dictionary attacks.
Great recommendations. I still run into organizations (e.g. websites) with password restrictions like "must be between 5-8 alpha-numeric characters" even though they use 1024-bit SSL. Policies like these drastically reduces the security of the site. Depending on criteria, a 5-8 alphanumeric password is equivalent of 13- to 23-bits of encryption, a far cry from 1024-bit.
Maybe we need to have some central agency issue special encrypted certificates in order for anyone to email anything, If your email doesn't have a cert, it doesn't get mailed.... or received by a mail server. (All isp's would have to jump on the bandwagon). Then if you are caught spamming, they revoke your cert, and you're dead in the water.
Pingback from University Update-Windows Vista-Microsoft Security Updates - August 2007
Thank you for this information. My worst suspicions have been confirmed re the numerous e-card for you emails I have been receiving lately, none of which I have opened as they appeared suspicious, but I am now deleting all of them without opening as they come from "sister" "family member" etc and are sent at very unlikely hours from email addresses unknown to me. You have been a big help.
i got one of these emails. why is the numeric web address so dangerous
Hi Buck - Excellent Question ... Specifically for the Storm Worm attacks, the URL contains malware that could automatically download and install on your PC. Sometimes the website is taken off line by security firms.
Numeric URLs should be considered untrusted in email or websites unless you are familiar with the site based on past experience (e.g., sometimes websites will switch from a DNS to numerical representation).
I'd add two extras:
1) Do not shop from someone else's computer, including public systems
2) Do not shop via public WiFi hotspots or over weakly-encrypted WiFi
I see (1) is there in the small print, but IMO it's big enough to warrant its own digit.
On (2), Google( "Black Hat" Hamster )
On 'I keep records in folders labeled by vendor in a folder called “My Received Files.', is that the same "data" location that accumulates ?unsolicited Instant Messenger attachments? I'd want to keep such hi-risk material outside of the data set and backups thereof, whereas I presume you'd want to retain and backup details of your ecommerce activities.
i got a mail like that (net gambler) and answered that I'm not aware of subscribing to such a thing.
am I in danger just by answering this mail. (the link was not working)
Kind regards
BORIX
The wife bit on this one.
What this did was stop the PC from booting and dusted the restore. To get rid of it I started the PC in safemode, ran ad-aware, which got rid of it a bit, not all. I was able then to normally start the PC. I found another spyware app, cannot remember the name. I ran that and it did eliminate this worm.
Jeff
I was infected with Trojan: Cutwail .T on 7-27-2007, date of first report and CA failed to locate until an update on 7-30-07. It was discovered by the I have CA Secuirty Suite aka whatever they call it updated for XP Prfessional.
CA Web site had removal instructions and I found NOTHING in regitry entries nor the files allegedly left. I assume CA cleaned the thing up on a complete scan/cure.
Logs show I acquired this from the website WebMd.com, which reuires a user login.
Thx for this web site.
yep, saw this one and KNEW this had to be worse than it appeared. My inate senses seem to be treu. I logged into wife's email and sho 'enof, there it was in some form again.
NEVER, EVER click on an unsolicited email unless you know the sender, and that is still dangerous! I have had family members infect me with a latest virus that CA didn't pickup on yet.
Get a GOOD AV prgm, learn to set it up, use it, update even hourly! (Or before opening emails and never ever go to a website a friend includes within a joke. Remember - no one is running a site for free. If not infected cookies and .com files want to track everything you do.
Rcv'd toda from something like jacobonsjsky@wave.....,com
Email title: Don't send me that stiff Dude.
Text:
I know it is you sending me that email. Check this out:
(URL to youtube)
Never heard of him and not dumb enough to go to site!
careful please and lets work to end this crap
Boo! I was really looking forward to this!
Thank You!
I just got bit by the thing. It's now 1:01 am in Texas. I looked out there, (the wheather guys said it would be clear, but it's cloudy as hell) and there's nothing out of the ordinary.....Mark
P S , I should have known, since I was the only person who even had heard. Still, I didn't want to miss "the moon turned to blood".
Got two over the weekend. Both had lol in the subject along with things like "Dude, you're gonna get caught" and "How did you get that on film?"
just opened my emails on yahoo after been on a weeks holiday abroad to find 40 messages wanting me to luk at videos on youtube people wud have 2 be stupid to open them
hi
i cant make out ur tip
Seems someone somewhere hasn't a clue what 3D images are..
or is F-Secure's just lacking command of the FI.English language?
<b><a href="www.packet8.net/.../call_center_solution.aspx"title="Call Center Management">Call Center Management</a></b>
Packet8 offers the first fully integrated iPBX call center management solution.
i need this information for the purpose of presentation in the college on this topic...
Contingency plan templates created by www.training-hipaa.net can jump start HIPAA, Sarbanes Oxley (SOX), FISMA, ISO 17799 and many other regulations/standards contingency plan project which includes risk assessment, business impact analysis (BIA), business continuity plan (BCP), disaster recovery program (DRP), emergency mode operation plan (EMOP), data backup plan, testing and revision procedures and many other projects. These templates can also be used by IT departments of different companies, security consulting companies, manufacturing company, servicing companies, financial institutions, educational organizations, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others. Any organization large or small can be use these templates
www.training-hipaa.net/.../enterprise_contingency_plan_template_suite.htm
This file appeared in my laptop in a new system folder (987cc....) on 13 Dec 2006. It was probably after a Windows update. I ignored it until now. I have accidently dragged an important file into the system folder and can't get it out. Message is: "access denied." I tried to delete the msxml4-KB927978-enu.log file but also get: "access denied." Is there any way to retrieve my important folder from this strange system folder?
Hi Gil - You might try booting to SAFE MODE and making sure System Files are visible to Windows Explorer (by setting options). You also need local ADMIN access to your laptop in order to access any system folder.
If this is a company PC, I'd recommend letting Tech Support help you, as they would have ADMIN rights to accomplish this. Good luck and I hope you are successful in the recovery process.
Also, if this is your own PC -- I'd recommend joining Bleeping Computers and posting in the XP Home and Professional forum (2nd one under Operating Systems)
www.bleepingcomputer.com/.../index.php
Thank you very very much. It worked perfectly. I got back my important folder and I deleted the strange folder and it's log file. I had read elsewhere that the folder could be deleted without risk. I'll look into Bleeping Computers. Many thanks.
Works fine.. THANKS
I never recieved 1 "scam/junk email" until I joined "MySpace", In the first week
I recieved 7. Must be a great source of revenue for them selling our email addresses.
A lifesaver ! No other solutions worked. Tried deleting softwaredistribution and catroot2 folders in %windir% and %windir%\system32 as per microsoft instructions from a while back when I had this issue.
After using repair was the key. It is strange that no errors are returned. It just fails and gives no further info.
Thanks a bunch
Pablo Maiorino
My favourite is requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
The immediate nit-picky response is "what if the vendor-supplied defaults for other security parameters are more secure than the non-defaults?"
I don't think they mean that you can't use the defaults if they are secure, just that you shouldn't blindly leave the defaults in place.
This solution worked for me after seeing the windows update log files spammed with:
Setup encountered an error: The update.ver file is not correct.
I think i got this stuff on my pc, how am i gonna get rid of it!!
And do you think that the virus could have infekted every single rar fil on my system?!
Hi - While this specific virus is over a year old, I'd recommend using the link below (VirusIntel site) and some of the free online or command-line scanners. Be sure to write down the specific name(s) of any viruses found, so you can match up the right set of cleaning instructions.
(see links on left top side -- "Free Protection and Removal Tools")
These older instructions in the McAfee forums may also help. Most often a complex virus can be cleaned using SAFE MODE:
Real fix:
service.real.com/.../en
Pingback from wikipedia » Storm Worm - Comprehensive Analysis by Cyber-TA
Pingback from people » iPhone unpatched vulnerability and Exploit
Pingback from home » Nanowire Storage - 100000 year retention with Terabyte storage …
Pingback from Ghillie Suits » Storm Worm - Now infects PC with different file names
New post at msmvps.com
Pingback from Storm Worm - Now infects PC with different file names | Echoes of Microsoft
Pingback from simplyconnections » Blog Archive » Storm Worm - manipulates invite your friends to YouTube links
I have installed abode 8 and i am having trouble with my abodeupdater which is using all my cpu and my computer stalls
Pingback from ebay » eBay - Botnet attempts to compromise user account security
Pingback from greeting card » More new Storm worm variants - Electronic greeting cards may be unsafe
Pingback from online » Cyber-Security Month - CIO Magazine Articles
Pingback from tube » Latest Storm Worm - uses fake You-Tube links
Pingback from tube » Latest Storm Worm - Features music video offers
Pingback from internet » Blog Archive » Storm worm strikes with DDoS attacks if researchers attempt to …
Pingback from tool » Firecat 1.2 - Firefox based security testing and audit tool
Pingback from tool » Article: Biometrics - Security Fad or Serious Tool?
Pingback from new york » Storm worm strikes with DDoS attacks if researchers attempt to …
Pingback from Ghillie Suits » Major Malicious PDF attack underway using Adobe exploit
Pingback from credit report com » Major Malicious PDF attack underway using Adobe exploit
Pingback from www.topcreditcardsadvice.info » Major Malicious PDF attack underway using Adobe exploit
Pingback from html » Storm worm strikes with DDoS attacks if researchers attempt to …
Pingback from www.bestdebtarticles.info » Major Malicious PDF attack underway using Adobe exploit
Pingback from www.bestfinancialadvisor.info » Major Malicious PDF attack underway using Adobe exploit
Pingback from html » Major Malicious PDF attack underway using Adobe exploit
Internet security requires us to think and act beyond simple system scans and the elimination of threats and risks. It seems to be a popular train of that to focus only on the removal of problems from ones computer. I like to think of desktop security as being similar to ones personal health.
Preventative treatment like exercise and a proper diet can help you stay healthy and ward of disease. The same goes for your computer. You’ve got to practice or having something in pace to help you with <a href=forums.eeye.com/.../756.aspx>intrusion prevention</a>. Sure there are medicines to help you get rid of a cold and the like as there are programs to help remove viruses from your computer. My question is why would you not take preventative measures? Those who get sick to often die or are never the same again after a big infection not unlike a hard drive.
Pingback from home » Stolen Laptop - Phones Home and is successfully recovered
Pingback from home » McAfee Study - Security perceptions verses Reality
Pingback from Wedding
Pingback from internet explorer » Internet Explorer - Special URL strings may bypass security …
Pingback from My Ghillie » Trend Micro reports 200% increase in Severe Malware Infections
Pingback from Ghillie Suits » Trend Micro reports 200% increase in Severe Malware Infections
Pingback from Sporting Goods
Pingback from quote » Trend Micro reports 200% increase in Severe Malware Infections
download yahoo messanger
Pingback from My Ghillie » New Halloween e-card security threats
Pingback from Halloween » New Halloween e-card security threats
Pingback from New Halloween e-card security threats
Pingback from greeting card » New Halloween e-card security threats
Pingback from Halloween News Aggregator » New Halloween e-card security threats
Pingback from 97paths » Blog Archiv » New Halloween e-card security threats
There is an interesting post over at msmvps.com
Pingback from Halloween News Aggregator » Storm Worm - New Halloween based attacks
Pingback from Halloween » Storm Worm - New Halloween based attacks
Pingback from quote » New Halloween e-card security threats
Pingback from quote » Storm Worm - New Halloween based attacks
Pingback from anti virus » New Halloween e-card security threats
new at this;probably doing it wrong.always get trojans when downloading players (like active x) if a site says i need a certain player can i safely load it another way?
Interesting point at msmvps.com
Pingback from My Ghillie » ISC - Collection of 31 Best Practices for Cyber-Security Awareness
Pingback from ISC - Collection of 31 Best Practices for Cyber-Security Awareness
Pingback from My Ghillie » Mozilla Firefox 2.0.0.9 Release
Pingback from Mozilla Firefox 2.0.0.9 Release
Pingback from fasterda » Mozilla Firefox 2.0.0.9 Release
You mean ThisIsAReallyHardPasswordToHack1234 is harder to hack than some nimrod forcing me to remember x4%2F9 ?!!! :-)
Pingback from My Ghillie » Password Strength - Length is more important than complexity
Pingback from Password Strength - Length is more important than complexity
Wonderfull, thx for the help :)
Nice post and that was a really good presentation. Keep up the great work on the blog, your posts are always interesting.
Thanks
Mike
Do you think it is wise to have an open comment posting option at the completion of this article given the subject matter of the article? Would requiring posters to register in any way help suppress the threat posed in this article?
Pingback from Techy News » Blog Archive » SPAM - Using Google Advanced Search to hide malicious URLs
Pingback from hgecom » SPAM - Using Google Advanced Search to hide malicious URLs
Pingback from quickda
Pingback from MSDN Magazine - It's all about Security this month
Pingback from Techy News » Blog Archive » MSDN Magazine - It's all about Security this month
Did you see the post at msmvps.com
Pingback from Techy News » Blog Archive » Microsoft Windows Live goes Live
Pingback from youtube » Storm Worm - manipulates invite your friends to YouTube links
Pingback from 94files » Blog Archive » Microsoft Windows Live goes Live
Pingback from Techy News » Blog Archive » Web Site Defacements using obuscated script attacks affect 52000 pages
Pingback from depotsq » Blog Archive » Web Site Defacements using obuscated script attacks affect 52000 pages
Pingback from Techy News » Blog Archive » Sarbanes-Oxley turns five years old
Pingback from How To Shop Safely Online | Nellie2
Pingback from shopping » Blog Archive » Article: Best practices for online shopping
Pingback from accounting » Blog Archive » Sarbanes-Oxley turns five years old
Pingback from adobe » Major Malicious PDF attack underway using Adobe exploit
Pingback from angelina » Stoned.Angelina virus from 1994 found on new Medion Laptops
Pingback from 2006 » Blog Archive » Castlecops PIRT - Prevented over $150 Million in Phishing attack …
Pingback from blog » Castlecops PIRT - Prevented over $150 Million in Phishing attack …
I've had this article bookmarked to add to what seems to be turning in to an annual Holiday Online Shopping Safety reminder.
I dug this one up again to link to again also.
Pingback from down » Castlecops PIRT - Prevented over $150 Million in Phishing attack …
Pingback from couple » Castlecops PIRT - Prevented over $150 Million in Phishing attack …
Interesting: msmvps.com
Pingback from Microsoft Security Bulletins - November 2007
Pingback from Seagate - A few Maxtor 3200 hard drives may contain a virus
Pingback from Web 2.0 - Social Media - Internet News - Blogging » Microsoft Security Bulletins - November 2007
Pingback from Best Practices - Don't call phone numbers in spam email
My family's telephone protocol is 1) dont' answer if the Caller-ID says "Private", "Unavailable", or something similar, and 2) Don't use any e-mail message as the source of a telephone number. Use a different source instead, like a bank statement or telephone book.
In other news, Sun rises in East... Shouldn't any new Version of an operating system be an improvement over the prior version?
Yes, I agree with Robert's comment that every OS should include improvements ... The key purpose of this post is share an outline of the specific forthcoming improvements :)
Pingback from Techy News » Windows Server 2008 provides improved security
DF shares some excellent recommendations, as this is similar to the approach we use in our family :)
Pingback from Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don't call phone numbers in spam email
Pingback from Credit Cards: Low Interest Cash Reward Cards » Best Practices - Don’t call phone numbers in spam email
Pingback from www.topcreditcardsadvice.info » Best Practices - Don't call phone numbers in spam email
Pingback from www.bestdebtarticles.info » Best Practices - Don't call phone numbers in spam email
Pingback from Techy News » Storm Worm - now uses Geocities based links
i need this exer.
Why is nobody asking Google to remove the search results that these URLs "get lucky" on?
Here's the URL to their reporting page:
www.google.com/.../removals
Pingback from card » Blog Archive » Castlecops PIRT - Prevented over $150 Million in Phishing attack …
Pingback from card » Blog Archive » New Halloween e-card security threats
Pingback from mattst88 » Apple Quick Time and iTunes Critical Vulnerabilities
Pingback from Stock spam - New MP3 version will try to talk you into it
Thank you so much for this blog. I also retrieved an important folder accidentally placed in the Windows update system folder. Although I did have a backup copy I was really annoyed that I couldnt do anything with this one hence my search for an answer which led me here. Thanks again - you're now in my favourites :)
Some updates are noted below on this very serious threat related to malicious web sites that may be offered
Pingback from Many Credit Card Options » Blog Archive » Good E-commerce safety tips from Webroot
Pingback from Credit Cards: Low Interest Cash Reward Cards » Good E-commerce safety tips from Webroot
Thanks for this information.
Pingback from Windows News » Blog Archive » Windows XP Service Pack 3 Overview
Pingback from Windows News » Blog Archive » Storm Worm - Will a New Holiday version surface?
Worked like a champ! You're a genius!
Pingback from Windows News » Blog Archive » IE 7 and Firefox - Some Interesting Security Comparisons
Pingback from happy new year
Pingback from Windows News » Blog Archive » Steve Riley - Excellent Powerpoint presentation on Social …
Pingback from Luc Ippersiel.com ??? My Geek Life » Blog Archive » How-To… Protect Against PIEs
I dispute answer 5 where she says that email password transmissions are encrypted. They are *not* always encrypted, in fact they are sent in plain text and can be captured as plain text using a network sniffer.
Show me somebody using a wireless hotspot and Outlook Express or Outlook with pop3/smtp, give me a network sniffer and I'll give you their email password.
Thanks a lot. Worked like a charm
help my screen is incontent €3.500.00 behoordt te geven maar liniet is €5kan toch niet met deze middelen kan ik mijn zoorgdrager niet betalen maar julikie mischien mijn laptop is ge hackt ff denk door DANIÉL Graves;help please deze mensen ook een robert heb er aan gezeten en henk midelburg no problem raad van cliéten mening teld waar ik hoof eeind verantwoordelijke ben
thanks adres:jerry .Julius. Altman= monstreseweg 81R huis werk adres
monstersestraat 142c
Finally... I've found the solution, and it works. I've been stuffing about for hours with google and searching in forums trying to find a solution, and this is it.
I am so keeping a copy of that batch file on a USB stick for next time I upgrade my motherboard, processor and ram and have to do a revert to the CD rebuild.
Great work Harry, I was really pulling my hair out over this one.
Pingback from Credit Cards: Low Interest Cash Reward Cards » Malicious DNS servers could enhance Phishing attacks
Pingback from Movies and Film Blog » Microsoft Access - Malicious Exploit in-the-wild
"Users should avoid unexpected MDB files found in email or offered as downloads for websites. They
Pingback from karlisle » Malicious DNS servers could enhance Phishing attacks
Pingback from khoike » Microsoft Security Updates for December 2007 - PATCH NOW
Pingback from Christmas E Cards
Also you can find plenty PowerPoint templates and backgrounds on the following site www.poweredtemplates.com/free-ppt-powerpoint-templates.html
While this ended up being a hoax, the original post still reflects the need for folks to follow IT security policies, even if they don't always agree:
www.bigspring.k12.pa.us/news.php
Pingback from Credit Cards: Low Interest Cash Reward Cards » Spammed Trojan email - Avoid Happy New Year Exe attachment
Occasionally, I'll receive an email hoax as noted below. However, this event is REAL, so please take
Site is taked down.. Could not connect to server anymore!
Okut is a scam. I think the real new big social networking will be MateCube. I dont think it'll grow as big as facebook, but it will surely become a top player in the industry. http://www.matecube.com
Pingback from Wireless News » Blog Archive » Wireless Security - 10 tips to secure your laptop
Pingback from Windows Update Fail » Windows Update - Microsoft's guidance if it stops working after XP …
Pingback from Microsoft Windows Update » Microsoft Security Updates for December 2007 - PATCH NOW
Pingback from Download Windows Update » Apple Safari for Windows XP and Vista - v3.0.4b Security Release
Pingback from Windows Internet Explorer » IE 7 and Firefox - Some Interesting Security Comparisons
Pingback from Windows Internet Explorer » Microsoft Security Updates for December 2007 - PATCH NOW
Pingback from Microsoft Internet Explorer » Blog Archive » Microsoft Security Updates for December 2007 - PATCH NOW
Pingback from Microsoft Internet Explorer » Blog Archive » IE 7 and Firefox - Some Interesting Security Comparisons
Pingback from Internet Explorer Problem » Blog Archive » IE 7 and Firefox - Some Interesting Security Comparisons
Pingback from Windows Update Software » Apple Safari for Windows XP and Vista - v3.0.4b Security Release
Pingback from Windows Update » Apple Safari for Windows XP and Vista - v3.0.4b Security Release
Did you see this post at msmvps.com
Pingback from Windows Vista » Article: Defending Windows Vista
not to be confused with real good ecards...smilebox is a great program.
This new 2008 version of the Storm Worm has improvements in the technical designs as well New and Improved
Pingback from Perl Coding School » Blog Archive » perl news [2007-12-31 18:20:40]
Pingback from Bigger, Better Storm Worm Botnet for 2008 | Nellie2
errr...or simply ditch windows for Linux.
Please note that Anonymizer has become more and more incompatible with WEB 2.0 functions. Especially for file uploads via https.
Hope you had a great Christmas and happy New Year.  I certainly did not work during the break so
[l] On January 1st, a post entitled Best Practices - Internet Safety for 2008 shared concepts related
Thank you! Thank You! Microsoft's own repair does not give you the real story (whats new). Tried the Microsoft's manual registration procedure with no success. The updater kept trying to install the already downloaded updates. Did not realize that: "The next time you visit the Windows Update site, you should not have any problem installing the latest patches." Worked like a charm!
ok. here's my bet. the Internet dies in 2008.
or dies "enough" to scare away 80% of users.
there's site allowing one to gamble on the death
of famous people. i bet on the Internet.
This problem was worse that what is being reported.
The blocked script caused some web sites to not work.
For instance the navigation bar at www.fln.org was blank.
Pingback from Internet blog » CDTs Warning List of Deceptive Music Sites to Avoid
Pingback from Internet blog » Best Practices - Internet Safety for 2008
i have been attacked by raila odinga that keeps on popping on ma screen am ware of "smss" but am wondering if mcafee 8.5i would work on a visat operated machine its ma 3rd day with no work done help me out pliz
Hi ! I read this site its too much nice compatitively and hence I am too much attrected towards it.
May I know that Has anyone heard of The Young Entrepreneur Society ?
Pingback from Apply Creditcard » Best Practices - Internet Safety for 2008
Pingback from Best Practices For 2008 - Linux and other Operating Systems | Nellie2
UPDATE MY WINDOWS WITH EASE AND FREE OF COST AT NET
Pingback from » Malware - Anti-Virus Vendors struggled to keep us protected during …
Pingback from Anti Virus
Pingback from Windows Vista » Windows Vista - 12 Tips To Boost Your PC's Performance
Pingback from Najlepsze Programy, Recenzje, Informacje. » Blog Archive » Windows Vista - 12 Tips To Boost Your PC's Performance
spamming is surely a threat to cyber space. most of the spammers are also hackers and they break into your pc as soon as you click on their email links. in order to fight the spam threat we need a strong spam filters for our emails which secures us from most of the spam mails. i have heard that http://www.zapak.com is one of the good e-mail service provider who gives maximum protection from most of the spam mails, now thats what we internet lovers require.
More on 5, please? AFAIK there's no easy-UI to managing SR, and the .REG approach to SR can only modify the allocated capacity that the shadow copy process shares for both Previous Versions and System Restore.
I don't know of any control over frequency or "depth" (number of days back in time)of Restore Points, other than implicitly limiting "depth" by limiting allocated capacity.
Most of the overhead of SR is continuous, as material changes are backed up in real time. The only overhead imposed when a Restore Point is created, is the capture of the registry and other key file "snapshot".
AFAIK, Vista does not periodically compress SR's backup material into .CAB files, as WinME did (the notorious "cabbing" bouts of unexpected disk thrashing) and XP did not. Whether NTFS compression is invoked, either at creation time or periodically, is unknown to me; nor do I know of settings that may influence this.
Pingback from Best Practices - Internet Safety for 2008 by IT News
Do you ever retire old detections? I ask, because often I find up-to-date scanners miss old malware, such as that present within dumps from old Win95-era HDs etc.
IMO, intervention scanning is a missed opportunity for av vendors, as it may be the only opportunity for a user to test an av product without having to uninstall their existing one. Windows-based killers such as Stinger, Avast Cleaner etc. are useful, but they don't convey the full detection capabilities of the av's "real" products, and resident malware can defeat them in various ways.
What I'd like to see is an OS-level file-parsing engine built into the WinPE platform, into which multiple av vendors' engines can be plugged. Each engine would then be efficiently applied in series to each file that is picked up and scanned.
Pingback from js/exploit bo | Tv news mag
Pingback from Internet blog » Microsoft Windows Home Server - How to get started
Pingback from » Microsoft Windows Home Server - How to get started
BIG hat tip to our very own Eileen B I just noticed that Harry's post has a list of the 25 top blog sites
Hie there....i can say that i got hit by this worm and my network 0f 40 machines went down not to mention the server itself and we lost ALL DATA ....my machines automaticall backup data at a given time of the day and little did i know that all the data that was being backed was infected and now my servers hit. I am sick and tired of this F@#&ing worm and it seems to avoid all the antiviruses i have used...any suggestions?
I cannot seem to find a way of downloading the GDI tool, it appears to not be available at this time! Any help welcome!
As previously noted, a new Valentines theme emerged from the Storm worm Botnet last week and copies were
Hi Harry,
I have unfortunately gotten this vicious virus with Mcafee installed in my system.
My manual scan option is disable by the virus.
How do I remove this virus?
Appreciate your help...
Yap
The excerpt below is taken from the Wikipedia's article on PIE. The last two paragraphs reveal how the Flash Control Panel settings are a sham because they can easily be overridden by Visual Basic Script or similar code running on web pages!!! There is no way for us to stop this without changing some laws!
Internet Privacy/Persistent Identification Elements
See also: Local Shared Object
Flash Player is an application that, while running on a computer that is connected to the internet, is designed to contemporaneously interact with websites containing Flash content that are being visited online. As such, under certain configurations the application has the potential to silently compromise its users' internet privacy, and do so without their knowledge. By default, Flash Player is configured to permit small, otherwise invisible "tracking" files, known as Persistent Identification Elements (PIE)[3] or Local Shared Object files, to be stored on the hard drive of a user's computer. Sent in the background over the internet from websites to which a user is connected, these files work much the way "cookies" do with internet browsers. When stored on a user's computer, PIE (.sol) files are capable of sending personally sensitive data back out over the internet without the user's knowledge to one or more third parties. In addition, Flash Player is also capable of accessing and retrieving audio and video data from any microphone and/or webcams that might be either built in or connected to a user's computer and transmitting it in realtime over the internet (also potentially without the user's knowledge) to one or more third parties.
While these capabilities can all be affirmatively blocked and/or disabled by the user, the Flash Player application does not provide an internally accessible "preferences" panel to accomplish this. Instead access to the various settings panels necessary to manage the application's "Privacy," "Storage," "Security," and "Notifications" settings can be achieved through a web-based "Settings Manager" page located on the "support" section of the Adobe.com website, or by third party tools (see Local Shared Object). Each of the functions can be enabled/disabled either "globally" to cover all websites, or set differently for individual websites depending on how the user desires Flash Player to be able to interact with each one.
Whilst the Flash Control Panel Settings in theory allow users to protect their Privacy it should be remembered that suitably crafted Visual Basic Script or similar code can overwrite any user defined settings before the Flash Player Plug-in is called by a Webpage.
In addition to cookies, many banks and other financial institutions also routinely install Persistent Identification Elements using Flash Player on users' hard drives when they establish and access their accounts, as do other interactive sites such as "YouTube" and the like.
Pingback from Domaining - Information on Domains and Domaining » Internet Domain Names - Five day grace period abused by malware …
As noted in this post , scammers are attempting to trick individuals during the tax season to reveal
E] As noted in this post , scammers are attempting to trick individuals during the tax season to reveal
Pingback from ActiveX Vulnerabilities - Facebook, MySpace and Yahoo
Check the Datagrid CLSID - too many characters!
Symantec have it wrong on their website, and your one of MANY people who have copied it!
The CLSID for Yahoo! Datagrid originally published by Symantec and ISC is incorrect and you have copied it here. Please check the original articles, both of which have now been corrected.
Thank, you for clearing this up. I just received this very email