Category: Microsoft

Everything about Microsoft

The Seriousness of the Twitter Vulnerability?

Paul

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

Are You and Your Friends Fine — Virus Spam

Paul

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

virusspam

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

fakesvideo

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called “save.exe” and I have talked about [intlink id=”2991″ type=”post” target=”_blank”]flash player fake updates[/intlink].  I have seen other blogs talking about dirty bomb news report leads to malware.  I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.

Free Syncronization and Backup programs

Paul

So I talked about finding some free backup utilities on the Mike Tech Show Listener Roundtable Show # 234.

I said I would publish some good free ones programs to backup your system files and I think I have done it.  Here’s are some great ones that I recommend for anyone who doesn’t want to pay for a backup program:

Allway Sync —  Works with Windows Vista/XP.  It supports : Hard Drives, Removable Hard Drives, Network Drives, Amazon S3, FTP Server, Offsitebox.com, and WEBDAV Folder.  This program is also quite portable and can be used on more than one computer with the portable version.[ad#text-broadband2]

ViceVersaWindows 98, Me, 2000, XP, Vista. Vice Verse FREE will compare files in two folders (source and target) and synchronize file differences.  There isn’t much else you can do with this but It does look to be good for small backups and older system.

Acebackups — is a powerful tool to create completely secure backups of your data. Store your data on any local storage device, on CD, DVD or on your remote FTP server!

The one I have been using that is the most useful for me is Allway Sync.  I have it set up to use my [intlink id=”3059″ type=”post”]A600 Cricket Modem w/the 4 Gig Mini SD card[/intlink] to back up my [intlink id=”2646″ type=”post”]Roboform[/intlink] Passwords.  I could buy the Roboform portable version and use this to keep backup’s on my hard drive.  Allway Sync also has a portable version for multiple computers.   I think this is the most versatile, for the needs of backup.  Something that I have done is backing up my important data to a portable Harddrive, Flash drive and backing up to a ftp server to make sure I don’t loose any data.  I have it set up to have redundancy.  You should always have more than one backup.

In the coming Miketechshow Listener Round Table Discussion, we will be talking about backing up and the need to back.  I encourage everyone to join on that discussion.  I would like to know what you do with how you back up and if you back up.  I’ll post the time and Date when I find out!!

Malicious Spammers target Bank of America

Paul

I’ve saw two different security firms talking about Bank of America and I wanted to share with you:

Fake Bank Of America SitePicture from F-secure

[ad#cricket-right-ez]The two sites are F-secure and Pandalabs who are talking about Bank of America and how they try to get you to install malware.  With Adobe having just sent out the new updates last month it looks like spammers are using this to get people to install Malware.

It is also been known to be floating around in Facebook this spam.  So if you get a link going to a site you don’t know about to see a video and it says you need a codec or the Adobe update you should turn right around and leave site. You should always type in the url of Your Bank and not go there through links.

From what they are saying it monitors Network traffic and Steals ICQ, POP3, and IMAP passwords.  If you find network traffic going to Hong Kong IP, then it is time to check to make sure all your Virus definitions are up to date and you’ve installed an Anti-virus and Firewall.  I would encourage  users to report it to Phishtank so that any other unsuspecting user or person going to that site will be warned.

Is Google the ultimate news source?

Paul

As you know We had a big problem Monday Night and All day Tuesday. If you are a regular reader of this blog, you would of noticed either a 503 or lag. It was due to an article that I released late Monday night about the PIFTS.EXE and the so call conspiracy.

At the time, I was wondering and quite disturbed about what Norton Symantec was doing to the forums. So I blogged about this and wouldn’t you know my site was Held Hostage by Google. I kid you not, I had so many people come to my site in under an hour it wasn’t even funny.

[ad#cricket-right-ez]So I sit here, asking a really good question is Google the News? I don’t know exactly when but according to Wikipedia Google was formed in 1998. The Google Motto is Don’t Be Evil, and I guess it makes them look like a news source. When did they get past the news site? I would hazard a guess that it was in late 2004 they started when they when Google gave people the first chance to own the stock on August 19, 2004, when Google became a publicly held company.

I got hit hard by Slashdot, Reddit.com, and Google.  In truthfulness, It was more of searches and people coming from Google than anywhere else. I would say Google was the 90% and and Slashdot and Redidit was 8% and the rest was from other websites for this one article. Now don’t get me wrong the 2% of people was my normal amount of people for the day. So you can imagine how many people actually came to my site over this fiasco.

I call this a fiasco because basically it was one that really made me worry about the server going down. People seemed to try to find out about this program and some of them didn’t even do any more research than to come to my site? Although I do know a little, I have always considered myself to be a BLUE COLLAR Tech Blogger. So you can just call me “The Blue Collar Tech Blogger” when it comes to things like this. I will never proclaim I know everything and I am still learning every day I blog I learn something new.

So this leaves me with a question on how did Blogs become the news also?  Did we step into the roll of news?  I know there are many blogs out there that are telling the news and are almost as if they are the news.  Is that where this has become Web 2.0?  I throw these questions out to see what type of comment.  I just thought this was a good topic for today to talk about.