July 2010 - Posts
Using the UPDATE NOW button for MSE all home users should ensure they are up-to-date with the latest virus definitions. On July 15th, Microsoft enhanced their MSE scanning engine and usually this will improve capabilities to better detect or clean malware. While I did a quick scan the day I installed it, it's even better to start a FULL SCAN of your PC and let it run on it's own a few hours (takes about 2 hours on my home PC). While my system was clean, it's a best practice to periodically scan the entire hard drive to ensure it's malware-free.
HOW TO PERFORM FULL SCAN
1. Launch MSE
2. Under HOME TAB, select FULL SCAN
3. Let it start and periodically check as it could run for several hours
Microsoft Security Essentials - New 1.1.6004 Engine Available
http://msmvps.com/blogs/harrywaldron/archive/2010/07/16/microsoft-security-essentials-new-1-1-6004-engine-available.aspx
Koobface (Facebook spelled backwards) is a common attack in social networks. It is designed to steal personal information for misuse and resides in a stealth-like manner on infected systems. New variants continue to emerge as documented by AVERT Labs below. Usually it is spread through invitiations to click on a malicious link (usually video links). Facebook users should protect their privacy settings and avoid clicking on URLs or accepting folks they don't know as friends.
AVERT LABS - Koobface Going for Broke?
http://www.avertlabs.com/research/blog/index.php/2010/07/16/koobface-going-for-broke/
QUOTE: The Koobface worm has been one of the top malicious threats to Facebook users since 2008. Like most threats, Koobface has morphed over time, adding and changing malicious payloads, while maintaining the ability to propagate, or spread, from one system to another. Several weeks ago Koobface added DNS hijacking functionality that blocks access to security sites, tipping users off to the fact that something might be wrong with their systems. Since then the authors have taken a giant leap toward invasiveness with the installation of a fake anti-virus Trojan. About 10 minutes after the initial infection, users may see the typically fake scanning windows and infection alerts.
AVERT LABS - More Koobface URLs Plague Users
http://www.avertlabs.com/research/blog/index.php/2010/07/16/more-koobface-urls-plague-users/
QUOTE: McAfee Labs researchers have seen a noticeable spike in URLs leading to Koobface malware. (Koobface is an anagram of Facebook.) The latest, unexpected Koobface campaign spreads by tricking Facebook users into downloading and running links
ADDITIONAL LINKS
http://en.wikipedia.org/wiki/Koobface
http://blog.eset.com/2010/04/07/massive-new-koobface-campaign
http://blog.scansafe.com/journal/2010/4/9/how-massive-is-koobface-really.html
http://blog.fortinet.com/tag/koobface/
http://blog.teesupport.com/how-to-guide-remove-koobface/
ESET has identified two new attacks that exploit the new unpatched Windows Shortcut vulnerability (e.g., malicious LNK files)
Zero Day LNK Vulnerability - ESET identifies two new malware attacks
http://blog.eset.com/2010/07/22/new-malicious-lnks-here-we-go
QUOTE: Having implemented generic detection of the CVE-2010-2568 vulnerability used to propagate the now infamous Win32/Stuxnet, ESET has identified not one but two new malware families that exploit the same vulnerability. This vulnerability allows code execution through malicious LNK (shortcut) files.
We have identified a new family that exploits this unpatched vulnerability in order to spread, which we have labelled Win32/TrojanDownloader.Chymine.A. At the time of analysis, this threat downloads and install a key stroke logger which we detect as Win32/Spy.Agent.NSO trojan. The server used to deliver the components used in this attack is presently located in the US, but the IP is assigned to a customer in China.
Minutes after identifying this new attack, we observed a known threat, Win32/Autorun.VB.RP, which has been updated to include the CVE-2010-2568 exploit as a new propagation vector. Win32/Autorun.VB.RP seems to download and install additional components on infected machines.
This new development follows a typical path of evolution in malware. Often there are only days between the initial release of information regarding a critical vulnerability, and the discovery of its exploitation being executed in the wild by malware authors. It is safe to assume that more malware operators will start using this exploit code in order to infect host systems and increase their revenues.
An excellent article discussing techniques for keeping corporate users safe and responsible when using Social Networks for business purposes.
SECURITY - Stay Safe, Productive on Social Networks
http://www.eweek.com/c/a/Security/Stay-Safe-Productive-on-Social-Networks-494366/
QUOTE: The pros of social networking outweigh the security cons, but the risks to corporate image and data are still significant. Keep employees safe while they make use of these valuable collaboration tools.
PART 2 - Discusses Techniques for keeping users safe
http://www.eweek.com/c/a/Security/Stay-Safe-Productive-on-Social-Networks-494366/1/
1. Strong relevant Corporate policies
2. Security Awareness education
3. Technology - Content Filtering, Publication Gateway devices, etc.
Best practices and technical defenses should be used to avoid new attacks related to malicious spoofed Windows shortcuts. Currently these zero-day attacks are not circulating extensively, and have only surfaced in limited targeted attacks. However, this is likely to change as note in articles at bottom, as malicious developers are exploring new conduits for seeding this in-the-wild.
The danger of these attacks are that spoofed short-cuts can easily trick anyone into selecting them. Also, automated settings in autorun could lead to completely automatic attacks, when the exploit is circulated using removable devices or unsecure network shares.
Microsoft releases FixIT for Windows Shortcut zero day attacks
http://www.zdnet.com/blog/security/ms-ships-temporary-fix-it-for-windows-shortcut-zero-day-attacks/6916
QUOTE: Microsoft has released a “fix-it” tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell. The attacks, which incorporate signed drivers from RealTek and JMicron, are spreading locally via malicious USB drives or remotely via network shares and WebDAV. Microsoft has posted a pre-patch advisory that spells out the problem:
Microsoft Security Advisory (2286198)
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2286198.mspx
QUOTE: The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.
DOWNLOAD FIX IT PATCH FROM HERE:
Microsoft Security Advisory: Vulnerability in Windows Shell could allow remote code execution
http://support.microsoft.com/kb/2286198
QUOTE: Applying the Fix it will require a restart of the machine. The installation of the Fix it will prompt the user before restarting the system.
TIP: Always download both the Fixit and Undo Fixit patches, carefully labeling them in separate folders. After a true patch emerges, both temporary Fixit tools will be removed from the kb in favor of the new security bulletin. While the full security release will usually take care of undoing the FixIt, it's good to have the Undo Fixit available just in case it's needed (as corporate inventory systems may not handle temporary fixes accurately).
SPECIAL WARNING: The Internet Storm Center warns Windows 2000 users to be especially careful as there will most likely be no forthcoming patch. Windows XP users must move to SP3 so they can recieve this protective patch when it becomes available.
ADDITIONAL PROTECTION TO FIX-IT PATCH: Disabling AUTORUN, keeping AV updated, and best practices are in order for all operating systems
HOW TO DISABLE AUTORUN FOR USB
http://support.microsoft.com/kb/967715
INTERNET STORM CENTER - Windows shortcut dangers
http://isc.sans.edu/diary.html?storyid=9217
http://isc.sans.edu/diary.html?storyid=9181
http://isc.sans.edu/diary.html?storyid=9190
AVERT LABS - EXCELLENT FAQ
http://www.avertlabs.com/research/blog/index.php/2010/07/19/microsoft-0day-malformed-shortcut-vulnerability/
QUOTE: How widely is the issue being exploited? . The issue is known to be exploited by malware in the wild. Initial attacks were limited. However, an exploit module in metasploit was published today that uses WebDAV shares as an exploit vector. We expect wider exploitation of this issue. Users should keep their anti-virus software updated with the latest DATs (signatures).
Users should be careful with any unusual or unexpected icons or shortcuts presented to them. So far these attacks are limited and AV protection is emerging
Malicious Windows shortcut files (LNK extension) used in targeted attacks
http://isc.sans.edu/diary.html?storyid=9181
http://www.theregister.co.uk/2010/07/16/windows_shortcut_trojan/
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
QUOTE: (ISC) I've tested the exploit and can confirm that it works in Windows XP, Vista and Windows 7. The exploit uses a specially crafted LNK file. This file allows the attacker to execute an arbitrary file by carefully specifying its location – the LNK file in itself does not exploit any vulnerability such as buffer overflows, for example, so it is a legitimate LNK file. Some things that you should be aware of:
* If autorun is disabled, when a USB device with malicious LNK files is inserted, the exploit will not be triggered automatically.
* The exploit is triggered every time a folder containing a malicious LNK files is opened (for example, with Windows Explorer). It does not matter where this folder is – it does not have to be on a USB device, but in order to execute to malicious binary, the attacker has to specify its location correctly.
CORPORATE DANGERS: What makes this vulnerability extremely serious is the fact that it can be opened from any place, including remote shares, for example. The victim just has to browse to the remote share in order to trigger the vulnerability. So double check permissions on any remote shares you use in your companies (you shouldn't allow users to write in root folders, for example).
Microsoft Security Advisory (2286198)
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2286198.mspx
QUOTE: The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
WHAT IS LNK EXTENSION?
http://filext.com/file-extension/LNK
Moving to the new engine will happen automatically and transparently for most users through the standard UPDATE process. The engine release is not a new version release of MSE, that users will be prompted to install. While I have my PCs at home set to update daily, users can update manually by launching MSE from the start menu, selecting the Update tab, and clicking on the UPDATE button.
The virus definitions file created on July 15, 2010 at 10:23 EDT will require a few more minutes to apply as it contains a new anti-malware engine to improve MSE scanning capabilities. Engine updates are often released by AV vendors to tune up the the product and handle new areas of risk more efficiently. After applying the updates, a quick scan of the hard drive was performed to test the new release. So far, no issues have been experienced with this update. Best practices and MSE continue to work well in protecting our family PC.
Use Help and About to show version information. As of July 16, 2010 they are as follows:
Microsoft Security Essentials Version: 1.0.1963.0
Antimalware Client Version: 2.1.6805.0
Engine Version: 1.1.6004.0
Antivirus definitions: 1.87.23.0
Antispyware definitions: 1.87.23.0
STAYING UP-TO-DATE WITH LATEST RELEASE OF MSE: If you are not on the 1.0.1963.0 version of MSE, please use the HELP menu option to check your version of MSE. Click on the small triangle icon to invoke the HELP drop down menu. The HELP facilities has a Upgrade Microsoft Security Essentials option that you should click on and accept the upgrade if you are not on the "1963" version.
New Antimalware Engine is planned for release on 15 July 2010
http://blogs.technet.com/b/enginenotifications/archive/2010/07/09/antimalware-engine-release-for-july-2010.aspx
Microsoft Security Essentials Home
http://www.microsoft.com/security_essentials/
How to install MSE on your home PC
http://msmvps.com/blogs/harrywaldron/archive/2010/03/21/microsoft-security-essentials-latest-installation-guidelines.aspx
Please apply these updates as prompted to ensure your system is up-to-date and protected. There was no need to reboot after these changes. As Windows 2000 support expires today, there were no final W2K updates submited this month:
Microsoft Security Updates - July 2010
http://www.microsoft.com/technet/security/Bulletin/MS10-jul.mspx
QUOTE: Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities:
Bulletin ID: MS10-042
Bulletin Title: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP and Windows Server 2003.
---------------------------------
Bulletin ID: MS10-043
Bulletin Title: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 7 for x64-based systems and Windows Server 2008 R2 for x64-based systems.
---------------------------------
Bulletin ID: MS10-044
Bulletin Title: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Access 2003 and Office Access 2007.
---------------------------------
Bulletin ID: MS10-045
Bulletin Title: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Outlook 2002, Office Outlook 2003, and Office Outlook 2007.
---------------------------------
There are numerous links providing further information for early testing by corporate professionals
Windows 7 and Windows Server 2008 R2 Service Pack 1 -- EARLY BETA BUILDS
http://technet.microsoft.com/en-us/evalcenter/ff183870.aspx
Please Note: This early release of Windows 7 and Windows Server 2008 R2 SP1 Beta is not available for home users. The SP1 Beta does not provide new end-user features, and installation is not supported by Microsoft.
QUOTE: Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback, and is easy for organizations to deploy a single set of updates. Windows 7 and Windows Server 2008 R2 SP1 Beta will help you:
- Keep your PCs supported and up-to-date
- Get ongoing updates to the Windows 7 platform
- Easily deploy cumulative updates at a single time
- Meet your users' demands for greater business mobility
- Provide a comprehensive set of virtualization innovations
- Provide an easier Service Pack deployment model for better IT efficiency
In order to download and install the Windows 7 and Windows Server 2008 R2 SP1 Beta you must currently have a Release to Manufacturing (RTM) version of Windows 7 and Windows Server 2008 R2 already installed. To learn more about piloting, deploying and managing Windows 7, visit the Springboard Series on TechNet. To learn more about SP1 Beta and Windows Server 2008 R2, visit the SP1 Details Page.
Several excellent charts are published which show a continued growth in malware. Most of these are unique minor variants of a main family of malware. The growth of malware variants is very challenging for security vendors to keep up with.
McAfee - Mid-year report shows huge growth in malware
http://www.avertlabs.com/research/blog/index.php/2010/07/07/malware-at-midyear-a-summary/
QUOTE: Now that we’ve reached the middle of the year, it’s time to take a look at our malware collection. During the first half of the year, 10 million samples entered in our database. That’s certainly no decrease compared with last year.
From these we can see that malware developers have lost their creative spirit. Malware designers create their apps to make money, not for style. Because the old techniques still work, it is not necessary to be inventive, just repetitive. For example, it is not rare to see more than 10,000 Koobface variants in a single month.
Today when we quantify the malware world, the consensus is to use the number of unique files in our collections distinguished by their MD5 hash (or checksum). On June 30, we counted 43,337,677 unique binary files. Perhaps we’ll reach 54 million by the end of December.
Oracle will be release security updates for their products as noted below:
Oracle - 59 security vulnerabilities to be patched on July 13th
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2010, which will be released on Tuesday, July 13, 2010. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 59 new security vulnerability fixes across hundreds of Oracle products. 21 out of 59 vulnerabilities are in Solaris product suite. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
World Cup Lottery - More spam to avoid
Sunbelt shares an interesting analysis of a recent attack that may not be well designed, but it could still impact privacy if one participates.
World Cup Lottery - Poorly designed attack still has dangers
http://sunbeltblog.blogspot.com/2010/07/so-i-won-world-cup-lottery-online-did-i.html
QUOTE: Is it me or has the quality of trolls sunk to even more amateur levels? And, clicking on the attachment (kids, don’t try this at home) we get: Wow. Word 97! I guess this is a low budget operation. Nelson Mandela hasn’t been president of South Africa for 11 years. And after fill this information of yours we will officially send you our verification that you are the winning,
NAME:..................
ADDRESS:...............
NATIONALITY:...........
SEX:...................
AGE:...................
PHONE/MOBILE:..........
FAX:...................
OCCUPATION:............
COMPANY:...............
After two years, I continue to be amazed as the number of Conficker infections that remain. There are no new reported variants, instead the older ones continue to exist and even thrive due to poor security practices by individuals or even companies.
Microsoft provided the MS08-067 protective patch on October 23, 2008. Then one month later, the Conficker worm was reverse engineered from the patch. Conficker provided an important "lessons learned" in the need to apply all security updates the day you are prompted to do so.
MS08-067 Conficker - Infections are high with sharp spike in June
http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking
Password stealers and Conficker top June malware
http://news.cnet.com/8301-1009_3-20009730-83.html
QUOTE: The month also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following the path of the original Conficker, the new variant jumps on a weakness in Windows Server that allows code to be executed remotely when file sharing is turned on, according to Sunbelt. This strain also takes advantage of weak administrator passwords to disable certain Windows services and anti-malware protection.
"Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back," Sunbelt Software research center manager Tom Kelchner said in a statement.
To date, security researchers have discovered the following variants of the worm in the wild.
Win32/Conficker.A was reported to Microsoft on November 21, 2008.
Win32/Conficker.B was reported to Microsoft on December 29, 2008.
Win32/Conficker.C was reported to Microsoft on February 20, 2009.
Win32/Conficker.D was reported to Microsoft on March 4, 2009.
Win32/Conficker.E was reported to Microsoft on April 8, 2009.
Conficker - Other Good Links
including a quick visual chart to see if your system is infected
http://www.confickerworkinggroup.org/wiki/
http://en.wikipedia.org/wiki/Conficker
http://www.microsoft.com/security/worms/conficker.aspx
Key protection became available on October 23, 2008
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
Conficker - Cleaning Tips
http://msmvps.com/blogs/harrywaldron/archive/2009/01/27/conficker-cleaning-tips-for-corporate-users.aspx
MSE and Forefront users should update their virus scanning engines as prompted next week.
New Antimalware Engine is planned for release on 15 July 2010
http://blogs.technet.com/b/enginenotifications/archive/2010/07/09/antimalware-engine-release-for-july-2010.aspx
QUOTE: As part of regular update of our Antimalware technology to address the latest in the threat landscape, the Microsoft Antimalware Team is planning to release a new antimalware engine on 15 July 2010.
Affected products:
-- Microsoft Security Essentials (MSE)
-- Forefront Client Security (FCS)
Engine Version will be in the range of 1.1.600X.0
Safety and functionality rather than lightening fast performance are my primary goals in selecting a browser. While high speed Internet minimizes these differences, good internal performance is certainly desirable. This article provides an interesting discussion on browser performance:
Firefox 4 improves JavaScript rendering performance by 27%
http://www.computerworld.com/s/article/9179048/Firefox_4_picks_up_speed?source=CTWNLE_nlt_pm_2010-07-09
QUOTE: Firefox 4's first beta is 27% faster than Mozilla Corp.'s more stable browser, Firefox 3.6.6, but it still lags behind some of its rivals, including Chrome, Opera and Safari, benchmark tests show. Computerworld ran the SunSpider JavaScript benchmark suite in Windows Vista Business three times for each browser, then averaged the scores.
Browser Java Script rendering speed test rankings
1. Safari 5
2. Opera 10.6
3. Chrome 5
4. Firefox 4 b1
5. Firefox 3.6.6
6. Internet Explorer 8
Internet Explorer 8, Microsoft Corp.'s newest production browser, was also tested, but it remained the slowest by far. For all intents and purposes, IE8 isn't even in the JavaScript race.
Firefox may not be the fastest browser, but it's still the second-most-popular browser on the planet. In June, Firefox accounted for 23.8% of all browsers used to reach sites monitored by Web analytics firm Net Applications. Internet Explorer gained ground at a record pace, which is highly unusual, to end the month at 60.3%. Chrome, Safari and Opera held usage shares of 7.2%, 4.9% and 2.3%, respectively.
The ISC is conducting a poll and there is currently a 50% "YES" vote. I would encourage folks to vote their conscious on this and to only vote once.
VOTE HERE: Microsoft Spurned Researcher Collective - Is it irresponsible?
http://isc.sans.edu/poll.html?pollid=295
BACKGROUND: Recently a security researcher attempted to pressure Microsoft into making changes within a certain timetable, as it was a serious flaw in a rarely used service. While I'm not certain of what was discussed, it appears that the two sides could not agree.
The frustrated researcher then documented proof of concept code publicly to force Microsoft to patch. Within 2 days dangerous exploits appeared in the wild. That truly placed pressure on Microsoft to patch this vulnerability and it will be accomplished in the July updates. While I don't know if the exploit had been used in targeted attacks previously, public disclosure exacerbated the issue. Some folks got infected through this dangerous exploit, although thankfully it is not widespread.
I believe that the researcher would have been better served to report the incident and kept the potentially malicious source code private. If vendors don't respond on a timely basis, the researcher has done their part. A highly talented individual who provides code publicly that could be easily used by malicious individuals reduces the safety of the Internet.
Even when a patch might be rushed out the door, an estimated one third of folks don't patch. While the reseacher and Microsoft both published patches, well over 90% of users did not apply the FixIt solution. These individuals would be vulnerable if directed to a malicious website or via dangerous P2P sites. As anti-virus vendors sometimes cover dangerous exploits, that's truly the only protection for most folks.
MSRC is the Microsoft Security Response Center, and this new group spoofs this in their new name. They are doing so as a parody, in empathy for the researcher, who was critiqued extensively. Maybe a more appropriate name for the group is the "Malware Seeding Research Center" ;-)
As in most things there are no absolutes and the link below discusses public disclosure. For example, vendors need to invest more in security and improve their timeframe for patching. Bill Gate's 2002 TWC directive has made a positive difference for Microsoft (and continous improvement is always needed). The security function is one of safety and I favor all practices that keep potentially malicious code out of the hands of the bad guys:
Security Researchers and Public Disclosure - Pros and Cons
http://msmvps.com/blogs/harrywaldron/archive/2010/06/26/security-researchers-and-public-disclosure-pros-and-cons.aspx
While Windows 2000 has enjoyed a decade long support process by Microsoft, in a few days it will be completely unsupported like Windows 98 is today. Corporate and home users who have not migrated to operating systems supported by Microsoft should convert quickly. It's important to note that vendors who support Windows 2000 will likely phase out their current support as well. For example, anti-virus vendors may no longer create signature file updates for the Windows 2000 environment.
Windows 2000 support ends on July 13, 2010
http://support.microsoft.com/lifecycle
http://support.microsoft.com/win2000
QUOTE: Ned here again. If you’ve been under a rock for the past year, here it is one more time:
Windows 2000 support ends on July 13, 2010
That is just a week from now. For more info on how to upgrade, migrate, and otherwise remove the last traces of Win2000 from your environment, make sure you head here immediately. Other major milestones on July 13th include:
Windows Server 2003 enters extended support
Windows XP SP2 (i.e. without SP3 installed) support ends
Windows Services for UNIX 2.0 support ends
For more info on what mainstream, extended, and end of support policies mean, make sure you review:
http://support.microsoft.com/gp/lifepolicy
http://blogs.technet.com/b/lifecycle/archive/2010/06/17/top-10-questions-about-the-end-of-support.aspx
The ISC reports this development, which continues to illustrate the need to be cautious in trusting others. An unsolicited phone call and following these instructions could lead to a real virus (e.g., Fake AV) being installed on your computer. Security Awareness should certainly be emphasized and taught as noted in the last quoted paragraph.
Bogus Support Organizations use Live Operators to Install Malware
http://isc.sans.edu/diary.html?storyid=9139
http://www.pcpro.co.uk/news/security/359233/the-unstoppable-tech-support-scam
http://www.pcpro.co.uk/news/security/356833/pensioner-targeted-by-fake-virus-phone-scam
QUOTE: Drew, one of our readers, wrote us let us know about a new scam being used to spread malware - - well, ok, not so new, but certainly new to me and becoming more popular, enough that it should be on your radar.
Picture this - you're surfing away, and your phone rings. A person claiming to be from a support company or in some cases a "Registered Microsoft Support Partner" (note that Microsoft does not use this term, it's a made-up designation) tells you that you have a virus, and that for a few hundred in your favourite currency, they'll clean your computer for you.
After digging a bit, some of these scams seem to be run from locations in India (but most likely not all of them), but when they call your phone, they'll most likely have an area code in your country. They also take advantage of VOIP services to keep their costs low and profits high.
There is no good protection against things like this except for user education in security awareness. Especially in corporations, this should be an ongoing effort, and things like phishing, vishing, fake antivirus and the like should be presented to your user community for what they are as frequently as possible.
I've upgraded to this new beta release to explore the security and new features.
Firefox 4.0 BETA release
http://www.mozilla.com/en-US/firefox/4.0b1/releasenotes/
QUOTE: These are the release notes for the first version of the Firefox 4 Beta, based on the Gecko 2.0 Web platform. Please read below for more detailed information about what's new in this version of the beta release, as well as the known issues.
- Tabs are now on top by default on Windows only - OSX and Linux will be changing when the theme has been modified to support the change.
- On Windows Vista and Windows 7 the menu bar has been replaced with the Firefox button.
- You can search for and switch to already open tabs in the Smart Location Bar
- New Addons Manager and extension management API (UI will be changed before final release)
- Significant API improvements are available for JS-ctypes, a foreign function interface for extensions.
- The stop and reload buttons have been merged into a single button on Windows, Mac and Linux.
- The Bookmarks Toolbar has been replaced with a Bookmarks Button by default (you can switch it back if you'd like).
- Crash protection for Windows, Linux, and Mac when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins.
- CSS Transitions are partially supported.
- Full WebGL support is included but disabled by default at this time.
- Core Animation rendering model for plugins on Mac OS X. Plugins which also support this rendering model can now draw faster and more efficiently.
- Native support for the HD HTML5 WebM video format.
- An experimental Direct2D rendering backend is available on Windows, turned off by default.
- Web developers can use Websockets for a low complexity, low latency, bidirectional communications API.
- Web developers can update the URL field without reloading the page using HTML History APIs.
- More responsive page rendering using lazy frame construction.
- Link history lookup is done asynchronously to provide better responsiveness during pageload.
- CSS :visited selectors have been changed to block websites from being able to check a user's browsing history.
- New HTML5 parser.
- Support for more HTML5 form controls.
The ie8protects.com link redirects you to the home page for Internet Explorer 8 ... The content and tab based navigation on the revised pages have improved considerably from past visits.
IE8 Home Page
http://www.microsoft.com/windows/internet-explorer/
IE8 Features
http://www.microsoft.com/windows/internet-explorer/features/features.aspx
IE8 Security and Privacy
http://www.microsoft.com/windows/internet-explorer/features/safer.aspx
More Posts
Next page »