Monday, December 31, 2012


ZERO DAY EXPLOIT OF MICROSOFT WINDOWS 6, 7, 8


Over the weekend Microsoft confirmed that they were working as fast as possible to fix a security hole affecting those 3 versions of Internet Explorer. If your PC becomes infected it could be taken over by the hacker. Other stories tell of security holes in Adobe Flash being used to infect computers using those browsers have been reported as well. Full story HERE.

'Nuff Said,
Brian

Friday, December 21, 2012



THERE'S A NEW BAT IN TOWN...






Nope, it's not Batman, but a very destructive Trojan designated "TROJ_BATWIPER.A". If you guessed that the "wiper" part of the name is bad, you are correct - in fact it is "Very, very, very BAD". You can get this Trojan either by directly downloading it [ed. - under another name of course], or, by getting infected by other malware which then opens the door for Troj_Batwiper.A to drop into your computer for a visit. 

The "visit" is worse than your Aunt Matilda's Christmas fruit cake, and if that it not enough to scare you [ed. - ANY fruitcake should scare you, in fact, there should be a law put in place where children under the age of six cannot be shown a fruitcake for fear of scarring their childhood and possibly the remainder of their life. But, I digress...]

Sometimes graphics are easier to explain what happens, so I'm borrowing Trend Micro's picture shown below:
[CREDIT: TREND MICRO]

There is no file recovery - you lose it all. While it's not running rampant through the Internet, it is out there and you face the possibility of getting it. Please read Trend Micro's "Threat Alert" HERE.

'Nuff Said,
Brian

Thursday, December 20, 2012




TIME TO CHECK YOUR COMPUTERS...









To make sure that your version of JAVA is no less than 7, provided you haven't un-installed it completely as I did many months ago.


Why?

Because Oracle will be giving JAVA 6 the boot, issuing one last security patch on February 19th 2013, and after that - no more support.

Stay ahead of the curve and upgrade to 7 - if you haven't done so already. Article? HERE.

'Nuff Said,
Brian

Wednesday, December 19, 2012



DO YOU OWN A SAMSUNG GALAXY ?
[IF SO, THIS POST IS FOR YOU]



There was a bug discovered and announced recently (this past weekend) about a bug in Samsung's Galaxy S III which could let someone (i.e. - hacker) get total control of your phone! Samsung is working to patch things up, but be aware, and read the article.


RECENT SECURITY NEWS






We've all read about "Bots" and/or "Botnet", and usually it applied to Windows based computers. Basically once a computer is infected with the Bot, it then joins the collective [ed. - anyone else thinking "BORG"?] Botnet, linking millions of computers together for some nefarious task.

The IDG News Service reported something new this week: The discovery of an Android phone botnet! Although I hear stories, read articles, and watch news reports about security and cell phones, many of the people I come in contact with on a daily basis seem unaware of the dangers. If you happen to have an Android based phone it wouldn't hurt to read this article HERE.

For anyone using Microsoft's free anti-virus "Microsoft Security Essentials" you should read this article. When it first came out it was actually a fairly decent A/V solution which continued last year, but this year it's not in the same ballpark.

Finally, I'll leave you with one more article to digest. This one predicts what 2013 will bring us as far as malware, ransomeware, etc. Hopefully Android users next year won't see another 300% increase in malware like they did this year.

'Nuff Said,
Brian

Tuesday, December 11, 2012



RANSOMWARE






By now most of you have heard, or read about Trojans that are called "Ransomware", like the infamous FBI screen currently infecting computers. They call it ransomware because they have kidnapped your computer under the pretense you have, or, are now doing something illegal on the web.

The only way to get access again, according to the ransomware screen is to pay the amount of money they are demanding. If you think about it, to some extent this beats a real kidnapping -
  • You don't have take out a loan to pay it.
  • No wiretaps or having to come up with enough food to feed all the police in your living room.
  • And you won't have to meet in some remote or seedy part of town not knowing for sure if you'll come back alive.

But some things don't change; you get the FBI screen and the ransom information on that screen while your mind begins to race...

"Did someone hack my wireless network and do something illegal?"

"I know the government needs money, but is this their alternative to raising taxes?"

and finally, those dark, grim thoughts...

"I hope they won't hurt my computer"

"What if I pay the ransom and find out after-the-fact that my PC is dead?"

"What about the Stockholm syndrome? Will it's memory be damaged?"

Now ransomware has taken it up a notch and actually speaks to you, in whatever language you speak! [ed. - Hmm, I wonder what happens if you're bilingual? Will it alternate languages after each word?] Now that is scary, and you should read Computer World's article about it HERE.

In the meantime, I hope you all realize if your computer does become kidnapped/ransomed, not to pay it. Call someone that can remove it from your PC, like.....SugarlandPC! [ed. - I don't know why, but that's the first name that popped into my head].

Surf safely -

'Nuff Said,
Brian

Tuesday, December 4, 2012



ANSWER ME THIS "BATMAN......"

 WHO IS GETS INFECTED MORE - CELL PHONE USERS, OR, PC USERS?



Ah, that tricky Riddler, always up for some Q & A with the caped crusader. Seriously though, if someone asked you who got more malware infections: cell phone users or PC users, what would you answer. I would think that instinctively most would answer "PC USERS", and quickly find out that their answer was not correct, but that it was the cell phone user who was most likely to get infected - not any cell phone user, but someone who used an Android OS phone would end up being the top pick. Surprised? Not me.

The latest security paper released by SOPHOS shows that 10% of all android-based phone users have been infected, compared to 6% of PC users in the US. This has to get your attention at some level because many of you have been infected recently by Malware on your Windows-based computer, and a large percentage of you have android cell phones. "So", you ask, "What's the worse thing that could happen to me if my cell phone gets infected?"

Here are just a few examples:
  • Apps that track your location
  • Apps that can listen in on your phone calls
  • Apps that can make your phone dial expensive phone numbers that charge per minute.
  • Apps that can steal your contact list
  • Apps that can do most of the above in one App
And here I stop, because the list is endless. IF you have an Android-based cell phone then pa-Leeeeze get some protection! What about iPhones? Yes, there are many iphone users out there, and except for different versions of the iPhone, there is only one iPhone to be hacked and APPLE keeps a tight fist on their APP store, trying to weed out the bad (no pun intended) apples. 

I read an article on how Android phones had captured the market and were THE number one cell phone purchased, with APPLE coming in second. I think the author of that story was a tad slanted towards Android Phones, because as all of know, everyone but APPLE make a bunch of different phones using the Android OS, whereas APPLE sells one phone, and no one else has the rights to market a build of their own.

So there you have it, with HTC, Samsung, Motorola, LG, Sony-Ericsson and others making 2, 3, or 4 different models using the Android system it's a no-brainer that Malware writers are going to choose that group to spend most of their time writing nefarious APPS that will end up filling their pockets with your hard earned dollars.

'Nuff Said,
Brian
Email

Wednesday, November 28, 2012




SECURITY NEWS








Did you know that there was a U.S. "Computer Emergency Readiness Team"? I didn't. What I do know is that I've read an article here and there where CERT was mentioned, so now we all know what that is, which leads me into a story about CERT finding a hard-coded "Backdoor" in Samsung printers that could be open to attack from some nefarious [ed. - you gotta love that word] people. Printers made after October 31, 2012 do not have this - according to Samsung. Read all about it HERE.

Hey! Those Romanians' are on their collective toes [and why I always want to type "Romulans" is beyond me] - Authorities have rounded up a cyber-gang that were responsible for a huge amount of world-wide theft. How huge?

"The criminal operation resulted in fraudulent transactions totaling more than $25 million that were performed with 500,000 credit cards, the agency said Tuesday."

Read about that, HERE.

Last, but not least - Stay on your toes! Update Malwarebytes and run a quick or full scan, keep Adobe Reader and Flash updated [ed. - where? Directly from their respective websites], and don't forget Java. Or, forget Java and just un-install it. Make sure your Anti-Virus is doing it's job as well, and if you haven't already, ditch the free AV products and actually buy a good one, and if you bought anti-virus software but let it expire, it's not doing you any good.

SHAMELESS PLUG TIME: Are you befuddled or intimidated about editing your digital pictures? Read the beginning of an ongoing series related to that on one of my other Blogs, HERE.

'Nuff Said,
Brian

Wednesday, November 21, 2012



DON'T BE THE TURKEY THIS WEEKEND













As "Black" Thursday/Friday loom above our heads, don't lose yours to fake emails which will lead you down the path of Malware infections, stolen credit card information, or worse.

Yes, this is probably one of the biggest holidays for the bad guys. They know you'll order something that has to be shipped and you may get one of many subject lines, like - "Order Cancelled Pending Credit Card Verification", or they could spoof (i.e. - fake) an email address, for example Amazon, and you'll see an email from Amazon with a subject line similar to the one above, or possibly - "Problem processing your order".

UPS is also a popular one to spoof, with subject lines like "We could not deliver your package, Tracking number DE469I0001FX" (and almost everyone should know by now that UPS tracking numbers start off with a 1Zxxxxxxxxx).

So now you've got my point, which was: "BE CAREFUL", Tis the season to fake emails....

AND SPEAKING OF TURKEYS...



The IRS was blamed for a massive data breach that exposed Social Security numbers of 3.8 million taxpayers plus credit card and bank account data, due to an outdated system. Apparently, social security numbers were never encrypted.

Read all about it, HERE.




And, speaking of Turkeys (again), have a safe but Happy Thanksgiving -

'Nuff Said
Brian

Oh... My last shopping for your Geek post is up on my other Blog now.

Tuesday, November 20, 2012



BRIEFLY....








FACEBOOK

Facebook is moving from http:// to https:// - "What's the difference?" you ask,  well http is your every day webpage, for instance I'm typing this on my http://www.securitynnnnnn page. When you browse Amazon and go to purchase something it takes you to a page that starts with https:// [your bank would do the same], the "s" stands for secure/security and once you are on an https page your data becomes encrypted, thus more secure.

It's a good move considering how many people around the world use Facebook, and it will especially help those who use Facebook over a wireless network. I wasn't sure if it was already in place, but I just took a few seconds to login and check - yep, already https.

GOOGLE DOCS

I read on Symantec's blog that they found malware that uses Google Docs to actually take over and control a server. Slick piece of work. I also read about this on several other sites I visit, and here's one with the details on PC World

'Nuff Said
Brian

Friday, November 16, 2012



BACK FROM MY ANNIVERSARY TRIP WITH,
SECURITY NEWS




Microsoft will release security patches for Windows 8 on Tuesday (or thereabouts). Many of you probably received them today (the 16th) as did I. Story HERE.

STOLEN OR LOST, WHAT'S THE DIFFERENCE WHEN IT HAS DATA ON 10,000 USERS?

A laptop was stolen from NASA which, according to Richard Keegan Jr. (associate deputy administrator at NASA) has some form of personal data on at LEAST 10,000 employees and/or contractors. I thought it was just the wind, but I guess it really was a giant "Oops" I heard when it took place.

FIRST CAME "RAT", NOW COMES - "SUPER RAT"

At some point this year I mentioned an article I had just read about a "RAT", known as "Remote Access Trojan", and according to the Security firm Trend Micro there is now a "Super RAT" romping across the Internet. While Super RAT tends to gnaw on Government and other Institution websites, it wouldn't be a stretch in the future to find out the big rodent is feeding on the little folk.  You can read more about him/it right HERE.

WHO IS SLOWER THAN DSL, BUT PAYS FOR CABLE INTERNET SPEED? It could be YOU...

As I mentioned (either here or on the Everythingandthebathwater Blog) Verizon will slow down your Internet speed if you are downloading or uploading things like music, games, or movies for others to then download them for free. If you're one of those who do, I would tend not to ignore a warning letter. More about this HERE.

'Nuff Said,
Brian

Sunday, November 11, 2012



SECURITY POSTINGS WILL RESUME THIS WEEK AFTER WE RETURN FROM OUR ANNIVERSARY GETAWAY -

Brian
&
Robin


Saturday, November 3, 2012

NOPE, YOU'RE CORRECT, IT'S "MALWAREBYTES". I LEFT OUT THE "E" DUE TO SPACE ISSUES

Friday, November 2, 2012

ATTACK OF
"THE INVISIBLES"






The invisibles are upon us, and have been for many years. They are silent, crafty, and sneak through your anti-virus program in front of your very eyes. One researcher has even named them "Zombie Browsers", and they don't come cheap.

Zoltan Balazs, spoke to a crowd at the "Hacker Halted" conference in Miami, as was astounded by what he found. According to Zoltan only 10 of these infected browser extensions had been known to exist, but this year they have found 49 new ones! "It's skyrocketing," Balazs noted, and he faulted the antivirus vendors for allegedly not addressing the issue at all, claiming that even after two years Anti-Virus companies had yet to act.

While Internet Explorer wasn't mentioned, he did name Safari, Firefox, and Chrome in regard to these extensions the mis-direct the user to a website which will add to their woes. Read the article by Ellen Messmer HERE.

'Nuff Said,
Brian

Thursday, November 1, 2012


INVASION OF THE COMPUTER SNATCHERS






In an article on PC World's website, John Mello Jr. wrote about the findings from Kindsight Security Labs in their 3rd quarter report, available in PDF form [PDF]. The short of it says that at least 13% of all networked homes in North America are infected, some of them with very critical infestations that could take over your computer or your online bank account.

MAP OF ZERO ACCESS BOTNET SPREADING ACROSS NORTH AMERICA

If you didn't download the PDF you can read the article by John HERE.

Monday, October 29, 2012



ANOTHER BREACH, MORE INFORMATION STOLEN






Over 350,000 Debit and/or Credit card numbers were stolen in what's called the "Biggest Data Breach of the Year", including over 3 million Social Security Numbers in South Carolina.

"The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens," South Carolina Governor Nikki Haley said in the statement. "We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected."

For more information, read the article HERE.


Sunday, October 28, 2012

SECURITY BEGINS WITH YOU


The other night Robin and I were watching TV when I threw a few idea's I had rolling around my brain [ed. - idea limit 3 while watching TV, 'nuff said] and after the 3rd one she said "You should write an article about that". We resumed watching "Person of Interest" (GREAT show BTW). I awoke this morning before dawn due to the resumption of rolling ideas and came in here to get this down on a file so I could get a good nights sleep tonight.

It's hard to miss the big hand pointing a finger at you, so it was probably the first thing you noticed on this blog post, the 2nd being the subject matter. It's easy to to buy Anti-Virus software, get infected, and blame the software, and just as easy to blame your email account (whether it be a Microsoft, Gmail, Yahoo, or AOL email), along with endless other online accounts that require a login name and password. IMHO, this is not outside the boundaries of what makes sense - as long as you have done your part in this security partnership, and that's exactly what it is - a partnership.



Whatever service you sign up for, that service has their own internal security and firewalls that cost more than your car; yet even they are vulnerable (as we've seen throughout this year). But on a personal level you should make things difficult for someone interested in hacking just your account.

THINGS TO AVOID DOING

  • Using the same password for all of your accounts. It's a pain in the butt, but buy a notebook pad and write the information down.
  • If the site allows it, don't use your email address as your login name. I know that many sites will only let you use your email address, but for the ones that will let you pick something else - do it.
  • If the site lets you pick a login name, don't use your name, or any other name that someone could link to who you really are.
  • Birth dates. Some sites require your birth date [ed. - this is where that pad full of logon's and passwords comes in handy], so pick a month, day, and year that isn't yours, but make sure to write that down on your pad should a question about your birth date comes up.
  • Social Networking sites have other things to fill in, like where you work, where did you go to high school, what State or zip code do you live in, etc. If it's required, fill them but make the information FAKE, FAKE, and....FAKE. Then write all of this down on your password pad. Should your account ever get hacked, the information obtained by the hacker will do them no good. They will be creating an information file on someone who doesn't exist.
  • How many email addresses do you have? Some have one, others have 2 - personal and work. Create several more. Why? It's a good practice to have an email address just for non-essentials.
Example: You're at a store and have just made a purchase and they ask for your email address, or, you see that a radio station has a contest you'd like to enter and it requires an email address. Use the non-essential email you just created, not your personal or work email address.

PUBLIC DOMAIN

Many companies you purchase products from will pledge to keep that information with them, and them only, while at the same time, many companies, services, and even magazines you subscribe to will sell that information to someone else, who will sell it to someone else, etc. And let's not forget those contests you entered like trying to win that new Dodge or Ford truck while ignoring the little, tiny fine print allowing them to use the information in any way they wanted to.

Because of this, there is a LOT of information about you floating around the Internet and all it takes is a Google, Bing, or Yahoo search to find it. The information may or may not come up on the first or second page, but if you dig deeper you'll find something - and what you find, may shock you! Think I'm kidding? Here is a recent example:

I was at a clients residence cleaning viruses, spyware, and Trojans off their computer and while I was doing this I handed them a document I'd written in regard to what steps they should take after having their computer's security breached, like changing passwords, how to make the password harder to crack, etc. I could see cold sweat running down this person's (now ash-white) face as they began to get overwhelmed with what they would have to do.

In a calm, soothing manner, I talked about each step and they understood the importance of it all, finally realizing they had to take on this challenge. Of course the usual questions about their infections like: Who? What? Why? were asked (and answered) and how much of their personal information did I think was on the Internet. "I couldn't tell you for sure", I said while pulling up google and typing the person's name in the search box and hitting ENTER. A bunch of links (along with paid advertisements) came up on the first page, but nothing relevant, and the same with the 3rd page; but on page 4 came a link with that person's name on it.

Clicking the link we were told that 57 people with the same name were found in the US. We saw that Texas had 14, and clicked on that to eliminate the other 43. Of the 14, 4 were in the Houston area and it also has the age of the each person next to it. Clicking on the name with the correct age brought us to another page with listed this person's company they worked at (2 companies ago), home address, 3 email addresses, and a map with directions to their house! Oh, and I almost forgot - it even had a picture of them, one that had been used years ago for an instant messaging program no longer used. Most of this information was either in the public domain, or legally purchased from some company on the web.

[End of the example]

While using the Internet makes things super easy, it comes with a price with regard to your personal information, and how super easy it is to find it. If I've just given you a chill down your spine then I've succeeded in conveying the delicate balance of good vs. evil and the Internet.

It's a nice Sunday morning, and after reading the paper, or going to church, it would be a good day to sit down with your spouse and write down every Internet site you use that requires a login name and password, then decide what you can do to make it more secure [ed. - here comes the example]:

Instead of a name, use a sentence or short phrase for a password that has at least one capitalized letter, and a number or other character to go along with it. You find at least two other posts I've written devoted to this subject, so I'll use my common password example of - itrainsinspain. Well now, that wasn't so hard to come up with was it? And I'll bet you can come up with many others (which you should use).

Now let's get a little tougher. You could make it: Itrainsinspain, itRainsinspain, or even ItRainsInSpain. Tougher? very well, let's get really tough! (remember you can use a number or other character like $ or ! as well) - it!Rains!in!spain$ [quite the difference from the very first example, and/or the name of your pet]. WHAT?? You want it even harder to break? Okay, here we go: Alpha/Numeric substitutions - i=1, s=$, and o=0 (zero). Taking our last password (it!Rains!in!spain$) we now have: 1t!Ra!n$!1n!$pa1n$, a password that would be suitable for very high security accounts like banking, stock portfolio, etc. AND - WRITE THEM DOWN ON YOUR PAD OF PASSWORDS!

It's easy to do, just go line-by-line and account-by-account. Line 1 might read,
Bank of America  Login Name: Forrest Tucker, Password: 1t!Ra!n$!1n!$pa1n$.

Next line:
Amazon   Login Name: openrange, Password: D0ntl00kunderthe$ta1r$

Tough? yes. A pain in the butt? yes, but remember, even though you may (or may not) be wearing a uniform, you are fighting in the Cyber war and you are responsible for holding up your end of the security line. Okay, now go do 15 push ups and take a nap -

'Nuff Said,and "Thank You" Robin
Brian

Thursday, October 25, 2012



PATCHING HOLES IN E-MAIL





Microsoft, Google, and Yahoo have strengthened/repaired a weakness in their email systems (I assume that means @hotmail, @msn, @windowslive, @gmail, and @yahoo accounts). This "Weakness" could allow an attacker to create a spoofed message that passes a mathematical security verification. Kinda medium-to-big sized weakness sez me.

Zachary Harris, a mathematician, gets credit for discovering it. He found it first with Gmail then discovered the problem wasn't limited to Google, but also Microsoft and Yahoo, all of whom appeared to have fixed the issue as of two days ago. The article, on PC WORLD, is worth a read and you can find it HERE.

BARNES & NOBLE

You may have heard about Barnes & Noble halting the use of pinpad devices because of breach of security. If you didn't - now you have!Pinpad devices are what you use when making a purchase with a debit or credit card. Apparently it's quite serious and I suggest you read the article about it HERE.

ADOBE SHOCKWAVE PLAYER

If you use Adobe's Shockwave player you may want to run an update on it from their website. They just patched six critical security holes, and it shouldn't take long to do it (the update). From Adobe:


"Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638," the company said in a security advisory accompanying the release on Tuesday. The new version is available for the Windows and Mac platforms.

And you can read the full article HERE.

That's about it for this post, except a reminder for you update and run a quick MALWAREBYTES scan if you haven't done so lately -

'Nuff Said,
Brian

Wednesday, October 24, 2012



EMAIL SCAMMERS
-
THEY NEVER WENT AWAY
AND THEY ARE INCREASING RAPIDLY


I think, somewhere down the list I mentioned email scams, but recently Anti-Virus/Security firms have said that email scams are on the rise and to keep alert [ed. - if it smells like a fish and looks like a fish it's probably a fish, 'nuff said]. In my own mailbox I've noticed an increase and yesterday when I got home and sat down to check my email I saw a virtual flood of email scams.

Why-what-who? Email scammers fake legitimate company names with (usually) an urgent subject line hoping you will open it, click on their link and then be re-routed to one of their servers which will have a home page just like the real place. The object? To get your logon ID, Password, and perhaps a credit card or social security number from you.

Here are just a few  From/Subject emails I saw in my mailbox yesterday -


AMEX - Alert - A payment was received

AMAZON - Your credit card was rejected

BANK OF AMERICA - Your account is overdrawn

BBB Complaint Dep- Case# 92998361

FACEBOOK - A friend of Bob wants to be added to your friend list too

LinkedIn - You have received a job offer

UPS - We were unable to deliver package 43422346979 to your address



From Kaspersky Labs


"Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users."



A recent article about this matter can be read HERE. Keep your eyes open out there -


'Nuff SAID,
Brian



Tuesday, October 23, 2012

A REPORT FROM TREND MICRO
VIA
PC MAGAZINE


Guess what the report was about?? I'll give you 3 tries and the first 2 don't count. What? "Android" you say? Yes, very astute of you Mr. Holmes!

To quote the very beginning of PC Magazine's Stephanie Mlot: 

"Android smartphone users, beware — malware on Google's mobile platform saw a nearly sixfold increase in the third quarter, according to Trend Micro.
The number of high risk and dangerous apps targeting Android users jumped from 30,000 in June to 175,000 in September, Trend Micro said in its third quarter security roundup."

CLICK ON CHART TO ENLARGE

IOS) to get some anti-virus protection for your smarphones and tablets. You can read the rest of Stephanie's article HERE.

I do have a minor, personal peeve. I like and use Norton/Symantec products (have been for over a decade), and when you install the product there are two boxes you can check/un-check: 1. Would you like to get emailed security alerts, and 2. Would you like to help Symantec by submitting blah-blah-blah. I've never clicked on that choice, but have always selected email security alerts, and I've yet to receive one. You can't knock a great product for someone dropping the ball on email alerts, but it would be nice to get them, rather than having to spend several hours viewing a half dozen websites to get the latest news and post it here for you to read. Okay, peeving over.....

'Nuff Said,
Brian

Wednesday, October 17, 2012


THE TOP 12 SPAMMING COUNTRIES



What country would you pick as the number one spammer in the world? What I might have answered 4 years ago is not what I would have suspected now, but as with everything - change occurs.

[Credit: Sophoslabs]

"India has surpassed the U.S. and taken the lead as the greatest spam-sending country in the world. One out of every six junk messages that litter users' e-mail inboxes are coming from India, according to a new report from SophosLabs."

Read the article HERE.



Tuesday, October 16, 2012



IS IT SAFE? IS IT SAFE? IS IT SAFE?
(NOPE)




Sorry, I couldn't resist using a shortened line from the film "The Marathon Man" for the title. Of course, this question is in regard to cyber-security. So here is this morning's news - Ripped from the headlines.....
From the "Seattle Times":

"Police in the small (population 8,400) northwest Washington town of Burlington say hackers have transferred $400,000 out of a city account."

"Authorities say the transfers took place between Tuesday night and Wednesday morning. The hacked Bank of America account has been frozen now."

Read the complete story on the Seattle Times website by going HERE and then review your own security and password strengths. Credits due: Associated Press and the Seattle Times.

'Nuff Said,
Brian

Monday, October 15, 2012



SICK-SICK-SICK






Boy, was I S-I-C-K last week (which accounts for the lack of Blog posts), hopefully it was a fairly light week, regarding viruses, but I worked Monday (on the basis I had bad allergies), then Tuesday (realizing by the afternoon my goose was cooked), and in bed until Sunday, so I'm playing catch up here.

BRIEFLY:
  • Firefox released Version 16
  • Firefox pulled Version 16 the next day
  • Firefox later released Version 16 after patching critical bugs - some of which could allow someone to takeover your computer
  • The U.S. Secretary of Defense said Thursday that "Future cyber attacks could rival 9-11, and cripple the U.S."
  • The Conficker "Worm" is still be tracked, still infecting computers, with apparently no end in sight.
  • In November AT&T will be sending out anti-piracy notices, initiating their new "SIX STRIKES AND YOUR OUT" policy.
'Nuff Said,
Brian

Tuesday, October 9, 2012


JUST BECAUSE AN ARTICLE SAYS MICROSOFT HAS RELEASED 20 PATCHES TODAY, INCLUDING A CRITICAL MS WORD PATCH,

DOESN'T MEAN YOU'LL GET THEM THAT DAY



I know this because I've gone through this before. I check the lower right corner of my taskbar where the icons are by the time, but I don't see any new updates waiting for me. Then, I go through Windows Update and after what seemed like 30 minutes, I get a message that there are no new critical updates for me.

What does this mean? It means that you may wake up Wednesday morning and find your PC rebooted after having Microsoft Updates installed - but don't hold your breath. The last one that came around didn't show up on my PC until Thursday night/Friday morning, and for some customers, not until the weekend.

Why is the Word flaw so critical? For many years I've discouraged users from using the view pane in Outlook because it's had a well known bug where if you're just previewing the message and the message has malicious code in it B-A-N-G, you're infected. What does Outlook have to do with Word? It uses word as it's default editor/viewer, so I'll be really happy if this does fix the problem which exists in Office versions 2003-2010.

The article did have a link to just the Word patch, which I just did, but you can wait for your updates to arrive soon in one package if you like, and I doubt I'll turn the viewing pane back on - after about 10 years I've figured out I really don't need it. The article can be found HERE.

'Nuff Said,
Brian

McAfee SECURITY SOFTWARE, SECURITY SUITES
[DON'T WORRY - VERY SHORT]


I suppose I was busy doing something other than reading a lot of Tech news in 2011, or maybe I read it and filed it in the "To Be Forgotten Bin", and you know that it's not my first, second, or third choice for Anti-Virus security, however an unrelated article caught my eye this morning about INTEL's announcement that they were going to lay-off at least 1000 McAfee employee's. Reading on, I read that Intel bought them in the first part of last year but due to the industry and economic decline they were forced to do this. I don't recall a time frame being mentioned - Heck! I don't even remember Intel buying them to begin with....

Monday, October 8, 2012


SUCKERS!

[A.K.A - IT DOESN'T PAY TO PLAY WITH SOME PROXIES]



SYMANTEC today said that "A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service", in an article in the Security section of Cnet.com

"Anyone who thought they were downloading Web proxy software was instead installing a Trojan horse [complete with backdoors] tied to a Russian black hat operation."

"Once a computer is compromised, it connects to a remote server......."

You'll find that interesting article HERE.

'Nuff Said,
Brian