Wednesday, February 28, 2007

One life ain't enough? Try secondlife.com

Whilst browsing for stuff on news.com, i bumped into one of the many links there that poses as an ad (and now appeared in a news) called SecondLife. I haven't really signed on or registered but in essence it looks pretty darn cool, great idea this one.

So what is Secondlife?
Second Life is a 3-D virtual world entirely built and owned by its residents. Since opening to the public in 2003, it has grown explosively and today is inhabited by a total of 4,100,944 people from around the globe. It comes in English, Japanese, Korean and German at the moment. The currency is called Linden (so you transact in Linden dollars)

What can i do in it?
Unlike flat chat programs, Secondlife allows you to create virtual you-yourhome-yourlife and thereon meet people, do businesses and virtually anything you would do in this life of yours in the virtual world (now im considering to signup, for some non-sexual reason of course! :P)

Here people like you and i, can express our "lives" in a virtual space.

How do i get started?
Well, simply register, the first account or land you create is free, this is the basic membership. Subsequently, to create more lands, you need to pay a small fee ranging from USD6-9, fair enough :). By registering you get to own more lands and get weekly allowances @ Linden 200 (L$200) Once registered, you choose the way you look through an avatar (not too many choices tho). Then proceed to the on screen instructions. Then download a small 30MB plus client for Windows XP (may work with Vista), MacOS X and Linux i686 (Alpha)

So, i would suggest get right into the action by registering, click https://secure-web4.secondlife.com/join/

Please note the client software requires high end video cards, something over 32MB normally should do, so please test it out and you MUST checkout their system requirements here http://secure-web4.secondlife.com/corporate/sysreqs.php

The downside is this website seem rather slow, when i tried to register, took me ages.

So if you bump into "highsecurity bing" thats me! Not sure what i will do now...

Oh, don't forget to read the Community Standards - https://secure-web4.secondlife.com/corporate/cs.php before you start to paint the town. :)

Saturday, February 24, 2007

Pharming and Drive By Pharming

We've heard of phising, and many are familiar with this term, now what is Pharming and how does it affect you and i?

What is pharming?
In simplest term, pharming is the process of attacking a person's computer so that the computer "goes" to a website that is not the actual one by modifying important name to ip resolution methods such as dns, host files and others. (Wiki: http://en.wikipedia.org/wiki/Pharming)

How does it affect me?
It could lead you to a website that may look and feel like the original one (example, pharmed Public Bank Online http://www.pbebank.com) to my own little webserver on my funky Vista OS. Only ones imagination is left to what more damages this can present.

What is drive by pharming?
Now, like pharming, drive by pharming is an attempt to log in to your edge devices (like your TMNet router, your Netscreen, Zycel, Cisco routers) by using a dictionary of known common passwords that a script within a website can run. Once accessed, the information on this router like DNS etc, can be modified to suite the attackers DNS which effectively leave you to a PHARMING Attack.

How to find out/mitigate?
While it may be quite difficult to know if your computer has been pharmed with malicious internet addresses, its easy to know if the website you've accessed is legit or not. Example, gmail would have an SSL Certificate which will not prompt your browser for validity unlike a fake SSL Gmail cert will create an alert on your browser. End of the day, its your concious actions to access/not access these sites.

Also, be sure to have updated Antivirus software, run Internet Explorer 7 or Firefox 2 or Opera 9 which are intelligent enough to prompt if a certificate is invalid or a particular link looks suspicious. Vista for one does not allow access to the host file or overwriting it either.

Use strong passwords on edge devices, routers, modems, wireless-use strong AES, your Windows OS!!!!.

Get professional help if you are in doubt.

Is this for real and do-able? (No Frank, not the do-able we always do ratings on)
Yea, sure, checkout how 80 of Cisco devices can be pharmed, read this article
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011588

Symantec Antivirus 2006 has critical vulnerability

If you use and run Symantec Antivirus 2006 and Symantec Internet Security 2006, there's a problem with a control that could lead to remote control of your computer. Please update your software.

Synopsis:
Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer.

The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 260, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.

Symantec's article on this issue: http://securityresponse.symantec.com/avcenter/security/Content/2007.02.22.html

Thursday, February 22, 2007

WinDVD registration on Vista

If you use WinDVD 8 (any version to that matter), you could have problems entering the serial key to register and WinDVD would prompt an "internal error". Well, this and as per the article before this, is because of Vista's UAC.

Solution? Run WinDVD as an administrator, register..done.

Automatically Installing Plug-ins on Firefox on Vista

If you use Vista (all editions), you may not be able to install plugins and it will be noted as "failed". This is due to the Vista's User Account Control disallows installation of programs without administrative rights.

To fix this, run Firefox as an administrator, install the plug-in, close Firefox and run as normal again. Remember to close and reopen firefox to make sense out of User Account Control.

User account control info: http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx

MSN Messenger Displays Fake Spyware AD (and find out how remove MSN / Live Messenger ADS, etc too)

Earlier article to this, we talked about new exploitations, and here, another potentially large exploit if successful. Imagine, if MSN messenger (installed and used by millions) carry dangerous attack routines/payloads and misguiding/fake information within its advertisement. Sigh.

Note: The attack can be automated and a pop-up appears encouraging users to download an Antispyware program.


Article Excerpt

Microsoft IM tool carries ads for fake security product.

Microsoft's MSN Messenger, recently renamed MSN Live Messenger, was found last week to be carrying banner advertising for the WinFixer rogue anti-spyware product.

WinFixer, also known as ErrorSafe, uses fake warnings of malware infections to trick users into installing its software. Like many such rogue applications, installation may be limited to a low-grade malware scanner which blackmails victims into paying for a 'full version' to remove non-existent infections; more insidious rogue products also include downloader trojans to bring further unwanted adware and spyware onto compromised machines.

It is thought the advertising was sneaked past the MSN Messenger screening process by replacing a clean advertising stream. While some of the ads required the user to click on them to activate the attack, others are thought to have been capable of launching without user interaction. Microsoft has issued an official apology for the breach and has removed the ads from the Messenger product.

Internet Explorer expert Sandi Hardmeier has more details and screenshots at the SpywareSucks blog, here.


Anyway, there's a cool tool that can fix ads for good!!!... http://apatch.ikhost.com/index.php

A-Patch for MSN build (8.0.0812) features are as follows:

:: Contact List - 30

Remove Windows Live Logo
Remove "Messenger" Title
Remove Display Picture Container
Remove Personal Message Bar
Remove E-mail Button
Remove Sharing Folders Button
Remove My MSN Space Button
Remove Windows Live Today Button
Remove Make a Phone Call Button
Remove Yellow Information Bar
Change Display Picture Link
Remove Contacts Personal Message
Remove Toast Display Picture
Remove Gleam Notification
Remove Advertisement
Add Always On Top Button
Remove Search Bar
Remove Display Picture in Sign-In Window
Remove Bottom Links in Sign-In Window
Remove Windows Live ID Branding
Disable MSN Spaces Contact Card Integration
Remove Color Button
Disable Song Links
Remove Emoticons from Nicknames
Remove Contact Manager Bar
-- Move Contact Manager Bar to the Bottom
-- Remove Extra Padding from the Contact Manager Bar
-- Remove "Add a Contact" Button from the Contact Manager Bar
-- Remove "Manage your Contacts" Button from the Contact Manager Bar
-- Remove Contact Search Field from the Contact Manager Bar

:: Instant Message - 34

Remove Windows Live Logo
Remove Invite Button
Remove Send Files Button
Remove Web Cam Button
Remove Call Button
Remove Activities Button
Remove Games Button
Remove Block Button
Remove Color Button
Remove Search Button
Remove My Display Picture Container
Remove Font Button
Remove Emoticons Button
Remove Voice Clip Button
Remove Backgrounds Button
Remove Winks Button
Remove Packs Button
Remove Nudge Button
Remove What's Hot Section
Remove Formatting Toolbar Separator
Change Ink Tabs to Text
Remove Advertisement
Add Custom Games
Remove Contact's Personal Messange and E-mail (To: Bar)
Remove Web Cam Icon from Avatar/DP Containers
Remove Nudge Delay
Disable Nudge Shake
Remove Send Button
Add Send Button to Handwriting Tab
Remove Status Information Bar Remove "Get a Webcam" Link Add Always On Top Button
Remove User Is Writing Message
Remove Convert Tab
Remove "says" Text

Google Desktop Vulnerability

I must say, the exploits using Web has just become overwhelming, really. Now you've got applications that interact websites, webapps and local desktops, it brings a whole new possibility in exploitation.

I am pretty fond of the conventional 32bit chunky software at least, you can't inject to XSS the bugger!.

Here's an excerpt from Eweek (http://www.eweek.com/article2/0,1895,1744115,00.asp) and please update your Google Desktop at http://desktop.google.com

Web search powerhouse Google has acknowledged—and patched—a security vulnerability in its desktop search utility that opens the doors for man-in-the-middle data leak attacks.

The Google fix was issued after a pair of Rice University graduate students discovered that two different attack scenarios could be used to exploit the Google Desktop vulnerability.

The students, Seth J. Fogarty and Seth Nielson, made the discoveries during a security audit of the search tool. The audit was part of a final project in the students' Computer Systems Security course.

Google, through a spokesman, confirmed the students' findings. "We were made aware of this vulnerability with the Google Desktop Search software and have since fixed the problem so that all current and future users are secure," the spokesman said.

Google is pushing out the fix with the tool's auto-update mechanism.

Fogarty and Nielson worked closely with Google since November to patch the hole before releasing details (PDF file) on the Internet.

Wednesday, February 21, 2007

The three biggest threats of 2007 (and my 10cents worth to it)

According to PcWorld, these are the 3 most wanted criminals for Internet haywire (http://www.pcworld.ca/news/column/e0ab1c3d0a010408001a024c9dab7bab/pg0.htm)

1. Internet Explorer
2. Phishing
3. Malware

Comment on item 1:
Well, yea, that would be quite true, this is because, IE is the most used browser and therefore people looking for fame from exploiting it from all angles. I think, its a good thing, eventually, would make it more secured than any other browser. Oh, and to those who say Firefox is secured, erm, i don't think so, there's one zero day attack for Firefox unpatched until the date of this article.

Nonetheless, running IE 7 with protected mode enabled in Vista seem to be more secured according to the huge writeup from MS Website. To me, it offers lower priviledged object access and code execution but breaks some links and features of the world wide fun.

Bottom line, i like IE7, its feature rich and is fast. Firefox takes too darn long to load sometimes.

Comment on item 2:
Phishing is really fun to do especially if there are people who just don't know how to differentiate between the good, the bad and the evil. Hopefully, IE7's antiphishing feature and your add on products can help. Best is to be conscious of your actions.

Comment on item 3:
Oh well, that can never be off the top 3. . agree!!!

All of Google's services in 2 pages

If you think google is just your regular search engine and email, boy are you in for a surprise, i got this link from Astalavista, i copied the "cheatsheet" detailing the services google offers. Hope you find more use of Google (and besides blogging and Youtube-ing too). Click on the image to enlarge or click http://www2.adelaider.com/google-cheat-sheet/?cheatsheet to access it via PDF.




Thursday, February 15, 2007

IT Security - Documentation and Guides

If you are looking for a single place to get most of Information Technology Security related whitepapers, documentation and opinions, try looking at www.securitydocs.com. It has reliable postings and a wide variety of topics that you can use to learn and if you are up for it, create documentation and post it for other's benefit.

Some of the topics include;
Security Basics
Application Security
Certifications
Enterprise Security
Exploits
Architecture
Firewall
Security Tools
Security Policies

One of the topics, which i am personally interested in is Vulnerability Assessment. There's a decent article on that site that one can benefit..here's a summary of the article.

The intention of this paper is to provide basic information to those who have recently entered the security field, provide some insight as to why a vulnerability assessment is necessary provide an overview of the vulnerability assessment process from discovery to baseline standardization, provide some assistance to those who want to perform a vulnerability assessment but do not know where to start.


Thursday, February 8, 2007

XP Tools (Hidden Utility XP)



Hidden Utilities XP allows access to nearly 100 hidden utilities that are not normally accessible to the average user. System information, diagnostics, repair tools and more in both Windows and Command Line utilities are now easily opened. Hidden Utilities XP includes easy access to 53 Windows tools and 43 Command Line utilities.
This http://camtech2000.net/Pages/Downloads.html page has a huge list of cool tools and toy for your average computer use :).

Vulnerability Watchdog


Ever wonder if there's a single place to view what's going on the blackhat market? E.g. What's the top attacks, what sort of vulnerabilities are there in the world and more? Well, i bumped into this site, looks pretty good. Check out http://atlas.arbor.net/

Some of the reports consist:

  1. Top attacks
  2. Vulnerability risk index
  3. Top scanned service (what type of ports/protocols are being probed)
  4. Top threat sources by country
  5. Botnets (a collection of tools to automate computer attacks)
  6. Phishing (tricking/obfuscating information to make you reveal/expose sensitive info or just spin you off in a fake site)
  7. Global Activity Maps (this is the image above)
Hope you benefit from this.
PS> You don't have to register, its a sales pitch :(

Microsoft's own antivirus fails to secure Vista

This is an interesting article i bumped infront of my PC while reading my daily tech updates. In short, you and i, in no condition whatsoever, should compromise security, even if the security comes from a giant software company.

Microsoft is a baby in the security field, they may have some products (Like MS ISA) that are already a little more matured but i would definately suggest doing some research and choose what's best for you.

I do think however, in the near future, Microsoft's AV will pose a real challenge to the rest as it bucks up and learn from "mistakes" and shortcomings. Till then, make the best choice, not anything less.

I personally use Kaspersky and Trend Micro and i've been very happy with them. I also have a Windows 2000 machine that has no antivirus and has only 3 infections (from Adwares) from the past 6 months :). All i had installed was constant patches and use a little caution when doing my thang.


SRC: http://news.com.com/Microsofts+own+antivirus+fails+to+secure+Vista/2100-7355_3-6156733.html?tag=newsmap
Microsoft's own antivirus software, Live OneCare, is unable to fully protect Vista users against viruses, and one of security firm McAfee's antivirus software packages also fails to protect users, according to independent research released Friday.

Security news site Virus Bulletin, backed by a team of security researchers based in Oxfordshire, U.K., tested 15 antivirus software packages used by businesses and designed specifically for Vista, Microsoft's newest operating system. The packages were released to businesses two months ago.

The researchers tested whether each of the antivirus products would stop a set of viruses known to be currently circulating. In order to be awarded a pass, the software had to detect all the viruses with no false positives.

But out of the 15, four failed: Microsoft Live OneCare 1.5; McAfee VirusScan Enterprise version 8.1i; G DATA AntiVirusKit 2007 v17.0.6353; and Norman VirusControl v5.90. The other 11, including software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec, detected all the viruses.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "In these days of hourly updates, it's always a surprise and a disappointment to see major products missing them (viruses). Vista cannot fend off today's malware without help from security products. It certainly looks like people upgrading to the new platform are going to need additional security solutions."

Joe Telafici, vice president of operations for McAfee's Avert Labs, told ZDNet UK that, in his opinion, Virus Bulletin had not used its latest antivirus updates, causing the failure. He said McAfee would issue further results with the updated software.

Microsoft pledged to improve Live OneCare. "We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare," a company representative told ZDNet UK.

On the subject of Vista, the Microsoft representative added: "It's important to remember that no software is 100 percent secure. Microsoft is working to keep the number of security vulnerabilities that ship in our products to a minimum, through our Security Development Lifecycle process, and that work is paying off. The release of Windows Vista is the first Microsoft operating system to use the Security Development Lifecycle from start to finish and was tested more, prior to shipping, than any previous version of Windows."
Richard Thurston of ZDNet UK reported from London.

Tuesday, February 6, 2007

Vulnerability in Microsoft Office Could Allow Remote Code Execution

Issue summary
There's a security bug with Microsoft Office. Those using Microsoft Office products like Office 2000, XP, 2003 (2004-MAC) are advised to see the workaround below. The vulnerability cannot be exploited on Office 2007 or on Works 2004, 2005, or 2006. Please read and be secure. There's no fix (zeroday vulnerability) for this problem yet. So the rule of thumb is that do not open files from untrusted/peculiar sources/websites/email with attached MS Office files (including Excel, Word, Powerpoint, etc..)

Since Internet Explorer is integrated with Office suite of product, this type of attack is possible via websites too (which includes in line emails etc).

Workaround:
Do not open or save Office files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Office file.

Antivirus products can detect this vulnerability depending on your provider's responses. Microsoft Live OneCare does identify this issue and prevents such an attack.

More information at: http://www.microsoft.com/technet/security/advisory/932553.mspx
Secunia: http://secunia.com/advisories/24008/

Here's an excerpt from MS Website:

Microsoft Security Advisory (932553)
Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac


In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.
Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.


International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

GoogleMaps Minus GoogleApps




So, you love GoogleMap dont ya? Great! Me too, but i am not much fan of using the fat application that comes with it, so if you are as "lean", then check out www.wikimapia.com. It's an awsome combination of Wiki+GoogleEarth, just by using your browser, no applications or shmoo needed.

You could do searches of places, cities and countries. Its updated by people like you and me so most likely that little "kampung' (Malay for rural area) that you go back during school breaks might just turn up in WikiMapia. Give it a shot :)

Enjoy.

PS That movie, CRANK, good one, they use googlemaps too.

Sunday, February 4, 2007

Vista's ReadyBoost


READYBOOST ACTIVATION

You've probably not heard of it, or do not know how it works, i didn't until about 3 months back, read this article from http://blogs.msdn.com/tomarcher/archive/2006/06/02/615199.aspx

In human as possible, it makes it possible to put read-info-caches into drives outside the Operating System's (OS) drive so that your OS can read/write other things. The way its done, is secured (using AES--http://en.wikipedia.org/wiki/AES) and only stores read only data there. Its safe against possible drive-knockout (accidental removal) thus your data is safe too.

There's a pretty good standard requirements that you have to meet to enable/use Readyboost. So, make sure that USB drive (must be flash based) is fast enough for read/write operations.

And last note, if you already have a fast machine, forget this, enjoy your Vista!

From MS site:

Windows ReadyBoost introduces a new concept in add-on system memory. You can use nonvolatile flash memory devices, such as universal serial bus (USB) flash drives, to improve performance without having to add memory "under the hood." The flash memory device serves as an additional memory cache—that is, memory that the computer can access much more quickly than it can access data on the hard disk drive.

Saturday, February 3, 2007

IE 7 Turns Green

Is Internet Explorer gonna' throw up? Looks all green...


So you were browsing, ump, say https://www.verisign.com and suddenly your browser address bar turned green, should i

1. Panic, close browser and format my computer
2. Read the certificate information on that address bar.

If you choose 1, good, you're paranoid but that's not the correct answer, the answer is, Internet Explorer now has turned out its new feature where certain websites with certain certificates (new ones) will display a green address bar on top like above (click image to view

These days, SSL certificates are easy to create and no one can guarantee the content of the people who purchase these certificates. Hopefully, with this new induction of new certificate IDENTIFICATION by IE, people will start trusting more on the sites that has been "verified". But alas, there's phishing attacks and script injections to knock even those out of proportion.

Anyway, surf safe.