DON'T PRESS F1!!!

There have been reports of attacks on computers from the internet via Internet Explorer...

===================================

"Microsoft is investigating new public reports of a vulnerability...on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer..."

Affected Software

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2

http://www.microsoft.com/technet/security/advisory/981169.mspx

----------------------------------------------------------------------

"On Friday 2/26/2010, an issue was posted publicly that...an attacker...could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box....

"Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge (for computer security related issues) using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Customers outside of the United States can visit http://support.microsoft.com/international to find local support information."

http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

-----------------------------------------------------------------------

"...Windows 2000 and Windows XP are impacted...Windows 2003 Server is also impacted...With this issue, it is possible for a malicious web page to display a dialog box which will trigger the execution of arbitrary code when the user presses the F1 key. The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key. Platforms are affected regardless of the Internet Explorer version installed."

http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx

Dec. 15th only, free IObit Security 360 PRO

I received an e-mail message that a free 1-year-license for IObit Security 360 PRO anti-spyware/malware will be available December 15th...

===========================================================

Download IObit Security 360 PRO free to Protect Windows 7

IObit will give IObit Security 360 PRO away for celebration of Christmas on December 15, 2009

IObit.com / December 14, 2009 – In celebration of Christmas 2009, IObit will give IObit Security 360 PRO away to all users for Windows 7 protection. It is normally sold for $29.95. Visit: http://db.iobit.com/license-free/christmas-gift-is360.php

“Malware and spyware are two of the biggest privacy and security threats that computer users face these days. This ranges from harmless tracking cookies that track a computer user’s activity on the Internet to trojans and worms that steal, modify or delete data.” says Hugo, president of IObit, “A good anti-spyware product should therefore be an integral part of a user’s PC defense system.”

IObit Security 360 PRO is an advanced malware and spyware removal utility that detects, removes the deepest infections, and protects your PC from various of potential spyware, adware, trojans, keyloggers, bots, worms, and hijackers. Certified by Microsoft, IObit Security 360 PRO is fully compatible with Windows 7.

“We would like to take this opportunity to give IObit Security 360 PRO away freely to express our deep gratitude for the consistent and great support of our users.” says Hugo, “We will keep up improving the anti-malware technology to provide users with higher quality security product for maximum security of computer.”

Visit the following page to get the free 1-year license of IObit Security 360 PRO:

http://db.iobit.com/license-free/christmas-gift-is360.php

****************************************************

About IObit Security 360 PRO: IObit Security 360 PRO works on Windows 7/ Vista/ XP/ 2000 (32bit or 64bit), multi-language supported. For more information and to download a copy, visit: http://www.iobit.com/security360pro.html

HACKING EXPOSED: Network Security Secrets & Solutions

HACKING EXPOSED: Network Security Secrets & Solutions, 6th Edition" is 720 pages, and over two pounds, full of information. And I found, as stated in the forward: "...Its goal is education..."

It is full of all kinds of knowledge.

Table of contents

Part I: Casing the Establishment

Chapter 1. Footprinting

Chapter 2. Scanning

Chapter 3. Enumeration

Part II: System Hacking

Chapter 4. Hacking Windows

Chapter 5. Hacking Unix

Part III: Infrastructure Hacking

Chapter 6. Remote Connectivity and VoIP Hacking

Chapter 7. Network Devices

Chapter 8. Wireless Hacking

Chapter 9. Hacking Hardware

Part IV: Application and Data Hacking

Chapter 10. Hacking Code

Chapter 11. Web Hacking

Chapter 12. Hacking the Internet User

Part V: Appendixes

Appendix A. Ports

Appendix B. Top 14 Security Vulnerabilities

Appendix C. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Some of the new material includes:

the "Hacking Hardware" chapter (about physical locks, access cards, RFID, laptop security, USB, U3, Bluetooth, firmware, hard drives)...

Windows hacks (covering Terminal Services, Kerberos sniffing, man-in-the-middle attacks, Metasploit, device driver exploits, new password cracking tools)...

and UNIX hacks (such as THC Hydra, Solaris input validation attacks, dangling pointer attacks, DNS cache poisoning, UNIX Trojans, and kernel rootkits).

Some of the tactics and strategies that attackers use to gather information to prepare targets for attacks are noted, like: culling IP addresses, wardialing (it can still be effective), and spoofing e-mail messages (pretending to be support and administrative personnel).

To defend against attacks, you must understand the enemy. Preparing against access is better than trying to make repairs after a system has been. (Once someone has been inside you don't know what was left in the system, and where it was left at.) Instructions on how to perform network reconnaissance show how a network, and connected devices(firewalls/routers/etcetera), can be diagrammed. And there is a section regarding how to identify potential probing activities, and attacks.

This book can be used as a checklist of things that can sometimes be unintentionally available, but are: (web) cameras, and remote administration services...and the Microsoft Windows Remote Desktop Web Connection. Misconfigurations exist, and so do exploits that target them.

In Chapter 4, "Hacking Windows", there's a great reminder about proper password management. I've noticed that people seem to be better at it, but it's good to review best practices.

In the book the authors point towards many other sources of information and reference. There are suggestions of other books to enlighten and educate about how some prepare to access a network. And other websites and software that will allow you to test the openess of a network (hardware and services) and website.

(After going through the book, I remembered how there are instances where administrators and content managers are given more consideration than support and security managers and personnel...until there's a problem.)

If you are responsible in any way for a network or website, get this book. If there is anyone that works for you that is responsible for a network or website, get this book for their library!

The website of the book is http://www.hackingexposed.com

On the McGraw-Hill website, go to http://www.mhprofessional.com/c/pressroom/pressroom.php?pressnid=152

TCP/IP not secure in Windows 2000 and XP

As usual, when it comes to computing, we go forward and not backward...

Over the past week I have disposed of many electronic devices because...they are old. They worked, but no longer in "supported" scenarios: with current operating systems, with current connections (parallel printer/serial ports), etcetera.

And now, I read that "Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution". Per Microsoft: "An update for Windows XP will not be made available...Microsoft has decided not to patch Windows 2000 for the TCP/IP vulnerability..."

I am not surprised, and expect this attitude...until I remember that netbooks are being released with Windows XP as the operating system! And I had been seriously considering getting one...

For other computers, in regards to their hardware and software, it's time to evaluate whether Windows Vista (or 7) will be compatible. (As well as some version of Linux...)

Facebook allows advertisers to use your picture

It is my opinion that we should expect that there are no absolutes in regards to safety and security...at all. With that in mind, the story about pictures in Facebook accounts being used for advertisements (Facebook now lets advertisers use your picture) doesn't surprise me. As we've discussed many times, things are noted in "Terms of Service" and "End-User License Agreements" that people don't read and/or understand.

To "opt out" of the Facebook ads:

go to Settings, then Account Settings...

on the My Account tab, in the Privacy section, choose "manage"...

go to News Feed and Wall, then the Facebook Ads tab...

and for Appearance in Facebook Ads, change it to "no one".

motion detection with webcam

During our latest show on Ustream, Andy mentioned he liked the motion detection software that had been available with some Logitech webcams. It's available, but only as a Windows Vista Gadget...

Motion Detector Gadget
Keep a watchful eye—even when you're not around. This Gadget acts like a motion detection sonar, triggering a recording whenever it senses movement within the field of view of your QuickCam. Recording stops when the motion stops, and an .AVI file is saved in a location you specify. The videos are even time & date stamped to help you keep track of what happened, when.

Also, take a look at the QuickCapture Gadget:
"...three-in-one Gadget...QuickPicture enables you to take snapshots with a single click; QuickCapture helps you to record, store and email videos; and QuickView shows you a live feed from your Logitech QuickCam. Use the QuickCapture Gadget to compose and preview your video communications, watch remote rooms and hallways in real time, or even create a "security" monitor by setting the time-delay recording function."

traffic cameras broadcast video at all times

(Just a reminder that no one should be surprised that privacy can be at a minimum...)

Some photo enforcement cameras (used to catch speeders) are streaming video. Do you know where the video is going to, and who has access to it?...

CameraFRAUD.com is reporting that Redflex Traffic Systems can scan license plates of every vehicle that passes the cameras.

Some agencies are using vehicles that can scan the license plates of cars ahead of them. After scanning, the license can be compared against databases to determine if the vehicle is being sought for...

bags and wallets/billfolds block radio waves

I was surfing around and stumbled across the Oakley Vertical Computer Bag 3.0:
"...If you have a Bluetooth-enabled PDA or mobile phone, the accessory pocket uses RF shielding to help prevent unwanted access by nosey jerks."

With so many cards (identification/access/etcetera) having RFID in them, also take a look at:
a RFID Blocking Passport Billfold...
a RFID Blocking Wallet...

and Mobile Edge has a couple of wallets.

digital cameras are traceable

(This should be of no big surprise to anyone.)

Digital photos can be traced back to you...digital cameras leave a telltale fingerprint buried in the pixels of every image they capture. Forensic scientists can use this fingerprint to tell what camera model was used to take a shot...

Pure Networks Security Scan

I tried the Pure Networks Security Scan on one of my computers...some of my results are below. You must enable Active Scripting to run test...

------------------------------------------------

Pure Networks Security Scan

Redirected Websites
"...File and Printer Sharing settings...you might have problems due to the guest account being disabled. This can cause problems if you are trying to connect to shares on this computer from older Windows systems like Microsoft Windows 98 or Windows ME. It can also cause problems if you don't have exactly the same user names and passwords on all of your PCs."

Software Firewall
"The 'Microsoft Windows Firewall' firewall is enabled on your system...to get file and printer sharing working between computers, you need to open some ports in the software firewall...If you are interested in easily sharing files and printers on your network, download the free version of Network Magic - it takes care of everything for you. If you are having problems getting the most out of your network, download the free version of Network Magic. It will even show you a Network Map and tell you which PCs have a firewall installed and which ones don't."

[I DID NOT FIND A "FREE" VERSION ON THEIR WEBSITE...maybe they mean that there are some free features available in the trial version... - SLICK]

Antivirus Software
"No enabled antivirus software was found."

Windows Update Not Automatic
"Windows Update is not set to automatically download and install updates."

Internet Connection
"Not connected to the Internet."

Dynamic IP Address
"Your computer is configured to automatically receive an IP address...The IP address that this computer is using is..."

Router Present
"Found router (make, model, and IP address)...We found a hardware firewall inside the...router which is protecting your network."

Router Password
"Your router has the default password set. The password for your router is currently set to the well-known factory default. All routers from a given manufacturer ship with a well-known default password. Having a default password is a bad thing because hackers can then use this to access your router..."

[The router doesn't belong to me...I am not the subscriber of the internet service provider...it is a DSL router... - SLICK]

Multiple Router Check
"Your router is connected normally to the Internet. You are connected normally to the Internet through one router."

Router Firmware Version
"Firmware version...is possibly out of date."

Default Network Name (SSID)
"Your network name...has been changed from the factory default. Your wireless network name (SSID) has been changed from the router's factory default SSID. Excellent work. Having your SSID set to the factory default can be bad for two reasons: 1) if your network isn't encrypted, other users are more likely to connect to your network unexpectedly and 2) if you use your computer outside of your home, it is more likely to unexpectedly connect to other networks using that same default SSID."

Signal Strength
"Your wireless network signal strength is 'good'..."

Secure Wireless Connection
"You are connected to a secure, encrypted wireless network...using the 802.11 WEP standard. The wireless network you're connected to is using an encryption method called WEP."

Wireless Network Name (SSID) Conflict
"Your wireless network is the only one in range with the network name..."

Wireless Encryption
"You have 802.11 WEP enabled, but your router supports 802.11 WPA encryption which is stronger encryption. Your router is correctly configured to use an encryption method called WEP...Your router also supports the more secure WPA encryption method. WEP has a number of security flaws that make it easy for hackers to crack. We recommend you consult your router vendor's manual about configuring your wireless router to use WPA instead. (Note that there are some devices that support WEP but not WPA, so you should check all devices that connect wirelessly to your network to verify they support WPA.)

[See my statement below about my experience with modifying Qwest DSL modems... - SLICK]

Network Magic Wireless Protection Compatible
"Your router is fully compatible with Network Magic Wireless Protection. Your...router is on the list of routers that are fully supported by Network Magic Wireless Protection..."

MAC Address Filtering
"Your router is not using MAC address filtering...We recommend that you enable MAC address filtering..."

SSID Broadcast
"Your router is broadcasting its SSID."

-------------------------------------------

I've had trouble attempting to configure Qwest DSL modems: changes I made, that I consider to be simple, had disabled wireless internet access. So, I refuse to try to make any adjustments for this Qwest DSL subscriber unless: I have a full day to devote to it, and I have a Qwest technical support person on the phone with me.

WPA2 secure, but not completely

Wi-Fi Protected Access (WPA) was the latest version of encryption...more secure than that which came before it (Wired Equivalent Privacy/WEP). As has been, that which can be "locked" can be "broken into"; there are no absolutes in security. A presentation about this issue will be given at a conference in Japan: "Gone in 900 Seconds, Some Crypto Issues with WPA" - Erik Tews...

First, I suggest you consider updating:
your operating system...
any software you use related to (wired and wireless) networking...
and your hardware (routers, network cards, etcetera).

The weak portion of WPA is the Temporal Key Integrity Protocol (TKIP), not the Advanced Encryption System (AES). If you can, in your wireless router, consider (only using AES and) disabling TKIP.

------------------------------------------------

Links to more information:

The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2

Battered, but not broken: understanding the WPA crack

free encryption software

TrueCrypt is encryption software: it can keep your files from being accessed unless the correct password/keyfile(s), or encryption keys, are used.

TrueCrypt will hide operating systems, also!

BEFORE USING THE SOFTWARE, I strongly recommend you at least browse through the TrueCrypt User’s Guide. It is included in the download, and available to you after you execute the file you downloaded. It is best that, before you use TrueCrypt, you become familiar with: some of the terms, what the software will do and how it will perform, and where you can refer to if you have a question. The Beginner's Tutorial chapter can be viewed at http://www.truecrypt.org/docs/tutorial.php

[One of those terms you will need to be familiar with: a TrueCrypt volume is also known as a "container", a file that contains the encrypted files.]

After you download the setup file (from http://www.truecrypt.org/downloads.php), and execute it, you are offered to: "install" it, or to "extract" it. If you choose "extract", you can save the files to a folder...and carry and use it on an external drive. This is a version of "traveler" mode (which can also be used if TrueCrypt is installed to an operating system).

The User's Guide states that there are two ways to run TrueCrypt in ‘traveler’ mode:
1) After you unpack the binary distribution archive (what you downloaded), you can directly run TrueCrypt.exe.
2) You can use the Traveler Disk Setup facility to prepare a special "traveler" disk, and launch TrueCrypt from there.

You will need to create a TrueCrypt file container on the USB flash drive (see the Beginner’s Tutorial), so...

Before you use TrueCrypt on a USB flash drive, know that:
1) If you encrypt the entire USB flash drive, you will not be able run TrueCrypt from the USB flash drive.
2) Before you choose the size for the TrueCrypt container on a USB drive, if you leave enough space on the USB flash drive for TrueCrypt (not IN the "container" file - along WITH the "container" file), you will be able to run TrueCrypt from the USB flash drive (see the Traveler Mode chapter in the User's Guide).

It is not difficult to use...do not fear trying it to see if it will work for your security needs.

erase it forever

We've discussed how to prepare hard disks before you:
sell your computer...
give it to someone...
or dispose of the hard drive.

Using software is the most cost effective way for most consumers to do it. But if you need to erase hard drives completely, and somewhat often, you may want to consider a degausser.

I found two that Fujitsu produce.

SEM has Magnetic Media Degaussers...one that caught my interest is the Mag EraSURE P3M for "hard disk drives and other magnetic media".

"...the SEM Model ME-P3M...is desgined to
degauss...Hard Drives and/or Magnetic tapes...The unit is operated by a
MANUAL HAND CRANK..."


The Mobile Mag EraSURE degausser is available, as well (and I'm unable to determine what the difference is between it and the P3M (other than style of the crank handle and the metal cover over where the media is placed).

Cost for mobile/portable versions of degaussers seem to be double and triple that over those not intended to be moved...as much as $40,000.

Blogged with the Flock Browser

password manager

Wayne called and suggested KeePass (http://keepass.info/): "...a free/open-source password manager or safe which helps you to manage your passwords...You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database..."

A lover of portable software (that which will run from a USB drive), I found KeePass Password Safe Portable (http://portableapps.com/apps/utilities/keepass_portable)

routers with firewalls

Charlie wanted suggestions for a router with firewall. I found a few models:
Netgear WGT624 108 Mbps Wireless Firewall Router
TRENDNet 54Mbps Wireless Firewall Router, 802.11g, b
Netgear ProSafe FVG318 Wireless Router/Firewall/VPN
and Linksys Etherfast Cable/DSL Firewall Router BEFSX41, 4-port, VPN, DMZ, SPI