January 2013 - Posts
Microsoft Office 2013 has just been released to general public. Several links are noted below:
OFFICE 2013 - HOME PAGE & PRODUCTS PAGE
http://office.microsoft.com/en-us/
http://office.microsoft.com/en-us/products/
OFFICE 2013 - SECURITY IMPROVEMENTS
http://technet.microsoft.com/en-us/library/cc179050.aspx
http://www.infoworld.com/t/office-software/office-2013-shifts-security-focus-devices-identities-198196
OFFICE 2013 - NEW OFFICE 365 HOME PREMIUM OFFERING
http://office.microsoft.com/en-us/buy-microsoft-office-and-microsoft-office-365-online-FX102886268.aspx
OFFICE 2013 - CORPORATE VERSION
http://office.microsoft.com/en-us/professional-plus/
OFFICE 2013 - FAQ
http://office.microsoft.com/en-us/products/office-frequently-asked-questions-FX102926087.aspx
OFFICE 2013 - EARLY PRODUCT REVIEWS
http://www.techrepublic.com/blog/window-on-windows/microsoft-office-2013-is-now-available/7193
http://www.itpro.co.uk/645322/microsoft-office-2013-is-it-worth-the-upgrade
http://www.pcworld.com/article/2026564/microsoft-office-2013-is-here-hands-on-impressions-and-buying-advice.html
http://www.windowsitpro.com/article/paul-thurrotts-wininfo/microsoft-launches-office-2013-office-365-home-premium-145164
QUOTE: Microsoft may have made minimal visual changes to the user interface but Office 2013 is the first such suite to support touchscreen interaction. The standout feature is the inclusion of gesture support and an on-screen keyboard you can actually type on. This will sit well with organisations looking to deploy tablets as more than mere document viewers.
Microsoft Word 2013 Reader Mode is a joy to use. The Reader Mode displays the document in a clean and simple manner, removing all of the application's toolbars and presenting the text as if it was printed on a sheet of paper. For those users that have to proof sheets of pages, Reader Mode is without doubt the best way to do it.
Microsoft has saved perhaps the biggest new function in Office 2013 for Excel. This comes in the form of Flash Fill. The feature aims to analyse a column of data and predict values for empty cells with the user simply clicking the Flash Fill button.
Microsoft's SkyDrive service is just as good as other public cloud offerings such as Google Drive, and could prove to be a valuable repository for users who are constantly on the move.
Microsoft Office 365 Home Premium provides a single Office license for an entire household. With aggressive pricing, Office 365 Home Premium also provides additional benefits, such as extra SkyDrive storage, Skype world calling minutes, and free upgrades for the lifetime of the subscription.
New themes for Windows 8 have been released
http://www.neowin.net/news/microsoft-releases-new-windows-8-themes
http://blogs.windows.com/windows/b/windowsexperience/archive/2013/01/28/new-theme-roundup.aspx
QUOTE: We all love to personalise our PCs, from simple wallpaper changes to the most extreme of case mods. To give Windows 8 users a little bit more choice when personalising the OS, Microsoft is releasing new themes and wallpapers for you to download through the Windows Store.
In a cross promotional move with the Xbox 360, Microsoft has created a Halo 4 theme, bringing the “Halo 4 heroes to your Windows desktop.” And it doesn’t stop there, with the popular GTGraphics theme getting a sequel in the form of GTGraphics2. But for the more chilled, relaxed and altogether outdoorsy person, the Garden Life 2, African Wildlife, Ancient Egypt and Thailand themes should satisfy your tastes for all things beautiful, natural and manmade, in the world.
Microsoft has not forgot about the users who haven’t yet moved to Windows 8, or who simply prefer to tweak their desktops from time to time, providing new wallpapers to hopefully satisfy their personalization needs.
More details can be found here:
Windows all versions - Home Page for Themes
http://windows.microsoft.com/en-US/windows/themes
Windows 8 - Home Page for Theme Releases
http://windows.microsoft.com/en-US/windows/themes?T1=allwin8
Windows all versions - New Wallpaper Releases
http://windows.microsoft.com/en-US/windows/wallpaper?T1=new
I remember this attack and thankfully we had fortified all servers at work in advance with the key security patches. Also, there was not a dangerous payload, other than lost down time for corporations. This attack, Blaster, and other similar worms illustrated the danger of not patching. Corporate servers could get infected simply by being on the Internet with an open port and unpatched software. This particular exploit caused folks to become more proactive in Patch Management, as it created a major Internet and business disruption. I believe it is also still running today on a few unpatched servers.
http://www.f-secure.com/weblog/archives/00002491.html
QUOTE: F-Secure warns the computer users about new Internet worm known as Slammer. The worm generates massive amounts of network packets, overloading internet servers. This slows down all internet functions such as sending e-mail or surfing the net. The worm was first detected in the Internet on January 25, 2003 around 5:30 GMT. After this the worm quickly spread worldwide to generate one of the biggest attacks against internet ever. According to reports, several large web sites and mail servers became unavailable.
Slammer infects only Windows 2000 servers running Microsoft SQL Server, and is therefore not a threat to the end user machines. However, its functions are still visible to the end users by the way it blocks the network traffic. The worm uses UDP port 1434 to exploit a buffer overflow in MS SQL server. The worm is extremely small, only 376 bytes in size. It has no other functionality than to spread further, but the spreading process is so aggressive that the worm generates extreme loads. As the worm does not infect any files, an infected machine can be cleaned simply by rebooting the machine. However, if the machine is connected to the network without applying SP2 or SP3 patches for MS SQL Server, it will soon get reinfected.
PC magazine offers safety tips and avoiding questionable email or websites will also help protect against attacks
http://securitywatch.pcmag.com/none/307129-if-you-can-t-disable-java-what-can-you-do
QUOTE: Java is under attack. Not only from the black hats who are crafting drive-by-downloads, malicious attachments, and other attacks that exploit the vulnerabilities in the technology, but also from the white hats who argue that users shouldn't be using it at all. Even after Oracle patched the latest batch of zero-day vulnerabilities in Java, the Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) recommended users turn Java off. Much like Adobe's Flash, Java is a popular target because of its tremendously large installed base. If you really don't use websites that require Java, go ahead and dump it. We even have a nice set of instructions on how to disable Java within your browser.
Then, there are the rest of us who actually use Java on a regular basis."I doubt that anyone who pays attention to security advice is running Java, IE 6/7/8, et. al. because they want to—we run these things because we have to, and the decision is out of our control," security guru Jack Daniel wrote on Uncommon Sense Security. Users can adopt a two-browser system. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox. Then, enable Java in an alternative browser such as Chrome, IE9, Safari, etc., and browse only to sites that need Java and never for general Web surfing. "It is best to enable Java in one browser and only use that browser for websites that will not function without it," said Wisniewski.
Stricter terms for the DMCA law went into affect today and prevents changes to cell phone carrier defaults embedded in the device (unless vendor offers capabilites as noted below)
http://www.nbcnews.com/technology/technolog/unlocking-cellphones-becomes-illegal-saturday-1C8086503
QUOTE: The clock to unlock a new mobile phone is running out.In October 2012, the Librarian of Congress, who determines exemptions to a strict anti-hacking law called the Digital Millennium Copyright Act (DMCA), decided that unlocking mobile phones would no longer be allowed. But the librarian provided a 90-day window during which people could still buy a phone and unlock it. That window closes on Jan. 26.
Unlocking a phone frees it from restrictions that keep the device from working on more than one carrier's network, allowing it run on other networks that use the same wireless standard. This can be useful to international travelers who need their phones to work on different networks. Other people just like the freedom of being able to switch carriers as they please.
The new rule against unlocking phones won't be a problem for everybody, though. For example, Verizon's iPhone 5 comes out of the box already unlocked, and AT&T will unlock a phone once it is out of contract. You can also pay full-price for a phone, not the discounted price that comes with a two-year service contract, to receive the device unlocked from the get-go. Apple sells an unlocked iPhone 5 starting at $649, and Google sells its Nexus 4 unlocked for $300. [See also: Can I Get a Smartphone Without a Contract?]
Note that unlocking is different from "jailbreaking," which opens the phone up for running additional software and remains legal, although it can be risky, for smartphones.
SPAM attacks have declined as malware writers are using new approaches (e.g., malicious web sites, mobile phones, etc). Still, there is danger in processing email as approximately 2/3 of all email traffic is spam or malware based. Some excellent analytical reports by Kaspersky below:
http://www.kaspersky.com/about/news/spam/2013/Spam_in_2012_Continued_Decline_Sees_Spam_Levels_Hit_5_year_Low
QUOTE: According to Kaspersky Lab data, the share of spam in email traffic decreased steadily throughout 2012 to hit a five-year low. The average for the year stood at 72.1% - 8.2 percentage points less than in 2011. Such a prolonged and substantial decrease in spam levels is unprecedented.
The main reason behind the decrease in spam volume is the overall heightened level of anti-spam protection. Spam filters are now in place on just about every email system, even free ones. Also, many email providers have introduced mandatory DKIM signature policies (digital signatures that verify the domain from which emails are sent). Another factor behind the falling levels of spam is inexpensive advertising on legal platforms. With the emergence of Web 2.0, advertising opportunities on the Internet have skyrocketed: banners, context-based advertising, and ads on social networks and blogs. In spite of the drop in the overall percentage of spam in mail traffic, the proportion of emails with malicious attachments fell only slightly to 3.4%. .
Kaspersky - full Spam Report for 2012
http://www.securelist.com/en/analysis/204792276/Kaspersky_Security_Bulletin_Spam_Evolution_2012
Many popular exploits add new "zero day" vulnerabilites as they emerge (unpatched by vendor). However, the base architecture of the kit contains numerous older exploits and especially those which can provide the easiest avenues for compromised access. It is important to patch Windows, Adobe, Java, and all software installed on the PC. The article illustrates value of staying up-to-date on security patches both corporately and at home.
http://securitywatch.pcmag.com/none/307373-zero-day-not-required-diy-hacker-kits-target-older-bugs
QUOTE: Contrary to popular perception, most malware attacks aren't targeting zero-day vulnerabilities or exotic flaws. In fact, nearly 60 percent of vulnerabilities used by popular exploit kits are more than two years old, according to a new study from Solutionary. Solutionary's Security Engineering Research Team reviewed 26 common exploit kits and found that old vulnerabilities are still being targeted, according to the Q4 SERT Quarterly Threat Report, released Tuesday. SERT found exploit code dating as far back as 2004, which was "evidence that old vulnerabilities continue to prove fruitful for cyber-criminals," the company said. It also is a sign that the number of newly discovered and disclosed vulnerabilities has declined since 2010.
Exploit kits make it easy for cyber-criminals to craft malware campaigns without having a lot of technical know-how and skills. With these "do-it-yourself" toolkits, criminals can hack into sites, infect computers with malware, and collect information from compromised users. The creators regularly update the kits with new attacks and features to help criminals make more money. Exploit kits frequently target vulnerabilities in Adobe Flash and Reader, Java, Internet Explorer, and other popular software. "Organizations should not only address zero-day vulnerabilities, but also address missing patches to ensure past vulnerabilities have been remediated," the researchers wrote.
PC Magazine shares research into how network printers can be manipulated, taken offline, or compromised using special network attack techniques
http://securitywatch.pcmag.com/none/307308-your-network-printer-is-wide-open-to-attack
QUOTE: ViaForensics researcher Sebastian Guerrero recently released a report in which he describes a number of ways attackers could turn your boring, humdrum printer against you. According to his findings, potential vulnerabilities range from having to reset your printer (annoying) to the breach of encrypted documents (terrifying).
The research focuses on the HP-designed JetDirect software, which is used by a number of companies' printers to easily connect to networks. Part of what JetDirect does is add printer language commands to documents which control certain aspects of the print job, such as formatting the page. "These values are parsed and interpreted by the printer," wrote Guerrero, whose work was translated from Spanish on viaForensics' website. "So that if we introduce a value not expected or desired, it may cause the printer to cease to be functional."
Taking a printer down is not the same as stealing the crown jewels, but it could easily cause havoc inside of an office. Moreover, removing the ability to create hardcopies of critical documents could force victims to use less secure means to transmit documents—perhaps over email—which would be easier to intercept than a physical document. We've discussed before how true security means more than simply locking down gateways. The new reality is that any network-connected device is a potential vulnerability; whether it's a network printer, or a VOIP phone. The future of security will likely be a holistic one, which seeks to protect everything connected to a network.
NextWeb shares an interesting new product which allows the Android operating system to run within Windows.
http://thenextweb.com/apps/2013/01/25/windowsandroid-goes-above-and-beyond-bluestacks-lets-you-run-android-4-0-natively-on-your-pc/
QUOTE: WindowsAndroid is a very cool tool from the Beijing-based startup SocketeQ that lets you run Android 4.0 (Ice Cream Sandwich) as a native application on your on Windows Vista, Windows 7, or Windows 8 machine. The creators tell us they have a deep background in virtualization, operating system, and graphics technologies, and have been working on the project for years. Essentially, WindowsAndroid allows you not only to execute Android apps on your Windows computer, but also use the browser, not to mention every other component of the operating system.
Here’s the official feature list, typos and all:
* Current ported Android version is 4.0.3r1, new version is being developed.
* Can run on Windows Vista, Windows 7 and Windows 8.
* Has exactly the same user experience with the original Android2.
* Integrated with Windows’ applications, such as Flash, Windows Media Player, etc.
* Supports any UI resolution, such as 1920×1080
* Supports windowing mode or full-screen mode, window scaling in windowing mode, and switching between windowing mode and full screen mode.
* Supports IO devices such as mouse, keyboard, remote control.
* Supports Ethernet, pppoe
This popular data gathering application may pickup some items which are marked as private. Wise advice is offered in this article by Facecrooks Security to avoid posting anything that is sensitive in nature.
http://facecrooks.com/Internet-Safety-Privacy/Private-Facebook-Statuses-Exposed-By-Storify.html
QUOTE: Storify is a popular online curation tool that gathers pictures, status updates, videos and more into one convenient place. However, Julie Pippert, founder of Artful Media Group, discovered a loophole in the service that allows private Facebook statuses to be made public via the tool. The app can pull private Facebook statuses from groups despite privacy settings. It displays the text of the post next to a picture of the user, completely compromising the privacy of many users who most likely thought their content was safe from prying eyes. Storify obtains this seemingly private information through a process similar to copy and paste and screen grab functions.
Facebook released a statement to Mashable saying that the app isn’t obtaining any data from Facebook through its API. This Storify problem serves as only the latest reminder that nothing is really private or hidden on the web. If you don’t want something getting out there, don’t post it on the Internet, plain and simple. It doesn’t matter what barriers your content lie behind; there’s a good chance it could get out anyway. Be more thoughtful and careful about what you post and you don’t have to worry about it.
Privacy safeguards are important for all Facebook users with the new Graph search facility
http://facecrooks.com/Internet-Safety-Privacy/How-Will-Graph-Search-Affect-Your-Facebook-Privacy.html
https://www.facebook.com/about/graphsearch/privacy
QUOTE: Facebook introduced “Graph Search” on Tuesday, a new search technology that allows users to search and filter through content that has already been shared by their friends. For instance, if you wanted to know the best deli on a certain block in Manhattan, you could search through your friends’ posts and tags to see if they had ever been there, reviewed it or Liked it. In short, anything you’ve shared on Facebook will become searchable by whoever you allow to see your profile. Of course, this raised a lot of questions about the security and privacy of users’ content. Facebook released the video shown below to help explain how Graph Search would affect user privacy, and they have a full page dedicated to Graph Search and Privacy:
Twitter users should be careful in using their credentials to authenticate outside of the environment and especially keep track on any installed applications
http://securitywatch.pcmag.com/none/307241-twitter-bug-changes-application-security-levels-on-twitter
http://blog.ioactive.com/2013/01/you-can-not-trust-social-media-twitter-vulnerable.html
QUOTE: Many Web applications allow users to sign in using their Twitter and Facebook accounts instead of creating yet another account. It is convenient for users and application developers can access user data stored on the social networking site. Cesar Cerrudo, a security researcher with IOActive, stumbled across a flaw in which these applications could wind up with higher levels of access than they should have.
In a post on the IOActive Labs Research blog, Cerrudo described how he was testing a Web application (still under development) which allowed users to sign in with Twitter or Facebook. At the "Sign in" page, Cerrudo saw that the application would be able to view his public tweets, post on his account, see his followers, follow new people, and make changes to the profile. The page also explicitly stated the application would not have access to his Direct Messages or his password.
RECOMMENDATION: You should periodically audit the list of applications that have permission to access your Twitter and Facebook accounts to make sure there are no unexpected surprises. Check to make sure all the applications that are authorized are applications you added, and still need. Drop any that you don't use anymore. Also, check the permission levels to make sure the settings are appropriate.
AV Comparatives recently tested browsers in how well they prevent phishing attacks:
http://securitywatch.pcmag.com/none/306686-best-browser-for-blocking-fraud-opera
http://www.av-comparatives.org/comparativesreviews/anti-phishing-test
QUOTE: In the movies, hackers work hard breaking into electronic networks to steal passwords. In the real world, they just politely ask for your credentials using a phishing website designed to look exactly like a valid financial website. If you log in to the fake website, you compromise your own security. Fortunately, most popular browsers include some degree of antiphishing protection. Unfortunately, their effectiveness varies widely. AV-Comparatives just released the results of a test examining how well popular browsers detect and block these frauds.
My own antiphishing tests use Internet Explorer 8, because the test system I use runs Windows XP. IE8 has averaged around 65 percent detection in my recent tests. The Microsoft engineer who "owns" phishing protection wishes I would use IE9, as its SmartScreen Filter is even more accurate. AV-Comparatives used IE9, and it definitely scored better, with 82 percent detection.
However, Opera beat out IE9 significantly, with 94 percent detection. Because Norton Internet Security consistently does well at detecting frauds, I compare each suite's detection rate with Norton's detection of the same sample set. In recent tests Norton has averaged 94 percent detection, the same as what Opera alone achieved in the AV-Comparatives test. I'm impressed, Opera! The other browsers lagged behind significantly. Chrome detected 72 percent, Safari got 66 percent, and Firefox only detected 55 percent.
The first eight security bulletins for 2013 have been released. It includes Windows, IE, Office XML, dot-Net, and server based products as well.
More details can be found in links below:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
https://isc.sans.edu/diary/Microsoft+January+2013+Black+Tuesday+Update+-+Overview/14854
Recent releases are noted below
https://isc.sans.edu/diary/Sysinternals+Updates/14926
QUOTE: Microsoft has released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced:
Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.
Procdump v5.12: This Procdump update fixes a bug introduced in v5.11 where it doesn’t save information required by the !runaway debugger command.
SDelete v1.61: SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments.
LATEST ROLLUP OF ENTIRE SUITE BELOW:
http://technet.microsoft.com/en-us/sysinternals/bb842062
Abine's DoNotTrackMe provides free and easy-to-use capabilities to improve user privacy and PC performance.
http://facecrooks.com/Internet-Safety-Privacy/Introducing-DoNotTrackMe-DNTMe-for-online-privacy-made-easy.html
QUOTE: DNTMe stops more than 50 additional trackers, so it protects you from more than 200 companies and 630 tracking technologies. We also removed the option to set advertiser opt-out cookies, a self-regulatory attempt at an opt-out method. They’re confusing to consumers because they involve downloading more cookies to get less tracking, something that’s difficult or impossible to verify and that our users rejected.
A new look. We kept the features our users liked–such as a simple, easy-to-see browser icon that shows how many trackers are trying to mine your information on the site you’re visiting, an all-time count of trackers blocked, and blocking social button tracking—and gave a little facelift to everything else. A new chart visually displays how many trackers you’ve blocked since you started using DNTMe, and you can share your number from within DNTMe (don’t worry: these share buttons aren’t the kind that track you!). The layout is cleaner and easier to read, but if you’re a creature of habit, you can return to the old look in your settings.
Abine's DoNotTrackMe Product Page & Latest Download
https://www.abine.com/dntdetail.php
A special out-of-band update that ISC rates as "PATCH NOW" has been released. Encourage all users to stay on latest version of Internet Explorer for best levels of security protection
https://isc.sans.edu/diary/January+2013+Microsoft+Out+of+Cycle+Patch/14941
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
http://support.microsoft.com/kb/2799329
QUOTE: Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.
This article documents the growing trend of highly advanced and targeted Cyber-Espionage malware
http://redtape.nbcnews.com/_news/2013/01/14/16507760-red-october-is-latest-super-cyberspy-virus-firm-says
QUOTE: A Russian computer security firm says it has uncovered a new, far-ranging cyberspying campaign that targets government secrets. The firm, Kaspersky Labs, has tantalizing named the malicious software behind the attack "Red October," a nod to the famous Tom Clancy novel. Red October has been attempting to steal critical, secret documents since at least 2007, Kaspersky said in a report posted to its website Monday. It's designed to defeat a common encryption scheme that's used by NATO and government agencies, Kaspersky says. It's also capable of stealing data from mobile phones, and has a "resurrection" module that allows the program to reinstall itself even if detected and removed.
Red October infections aren't widespread, the firm says -- only "several hundred" have been found so far. But the virus isn't designed for high infection rates, but rather to spy on specific, high-value targets, it said. The highest infection rates were in Russia, Kazakhstan and Azerbaijan, Kaspersky said, suggesting Eastern Europe and former Soviet republics were the main targets of the virus writers. There were a handful of infections in Belgium, the U.S., and Switzerland, however, hinting that the virus writers might not be driven by geopolitics
Informative mobile and website password techniques are shared:
https://blog.lookout.com/blog/2013/01/11/how-to-create-a-secure-password/
QUOTE: Here are a few tips we pulled together to help. Keep in mind, this alone won’t keep you secure — but its a step in the right direction.
Specific to mobile phones:
1.Make sure your phone has a password-protected lock-screen. Password (alphanumeric) is the strongest on Android, but numeric PINs are better than nothing.
2.Say yes to two-step authentication if its offered. Many mobile banking websites or apps will send a code to your mobile phone that is then entered when you access the account or app.
3.Set your phone to automatically lock on sleep mode if it is idle for a few minutes.
4.Encrypt the data on your phone so that its protected from snooping when powered off. iOS devices automatically encrypt and Android users can configure it in “Settings.”
5.Turning off “Make passwords visible” is a good idea so that potential snoopers can’t easily read your password as you type it.
For Internet passwords (which are now often accessed on your phone):
1.As much as possible, the passwords that you use on the Internet should be different from all the other ones you use. Reusing passwords across multiple accounts creates a single point of failure.
2.Use different email addresses for different accounts. Have a separate “junk” email address for spam or free sites that that require login.
3.Don’t use dictionary terms unless you are stringing them together in some sort of unlikely phrase. JennaSurfsHamBoatsForChristmas > jenna123. (Neither of these are my passwords BTW). This XKCD comic offers a witty take on why this is the case.
4.The longer and more uncertain/uncommon the combination of letters, numbers and symbols, the more computational power needed to crack the password. Therefore, the most secure passwords are random but don’t have to be unmemorable. Thieves already account for simple letter / number substitutions, like using 3 instead of E, or $ instead of S. So P@$$w0rd is really just as safe as the normal way.
Neowin shares latest status for the upcoming IE 10 release for Windows 7
http://www.neowin.net/news/microsofts-ie10-launch-looks-imminent
QUOTE: In November, Microsoft released a "preview version" of Internet Explorer 10 for Windows 7 to the general public. However, Microsoft has also allowed select users to test updated builds of the web browser via their Connect program. Now, it appears that Microsoft has given those testers their final pre-release builds. ZDNet.com reports that Microsoft has informed them the current build of IE10 for Windows 7 they can download and test is supposed to be the final one before the official version is released to the public. Microsoft reportedly told the testers: While there is still no RTW (release to web) date to announce at this time, please make sure you are filing prompt feedback if any issues are found."
More Posts
Next page »