Security – Page 18 – Paul's Tech Talk

Scareware sites to pop up with Swine flu epidemic

PaulApril 27, 2009

This was to be expected when it comes to something that most people are worried about:

I’m sure it won’t be long before purveyors of rogue anti-virus products begin using search engine optimization techniques around the term “swine flu” to drive people to sites that try to scare people into buying the worthless software.

[Via Security Fix]

[ad#cricket-right-ez]

I am sure myself that this will undoubtedly start showing up in SEO routines. This will most likely be like the Pifts.exe [intlink id=”3114″ type=”post”]scareware that popped up after the scare[/intlink].

This is just a matter of time before someone tries to either sale you something or trick you into watching a video that supposed to be helpful. The Video will most likely try telling you need to [intlink id=”2991″ type=”post”]install a fake codec or update Flash[/intlink].

Your best advice is if you get to a site that wants you to install something just to hit the back button or close down your browser. Never install software from a site you just game to without doing a little research.

I would also assume that there would be [intlink id=”2970″ type=”post”]scareware sites that will pop up in search engines[/intlink] to scare you into buying fake anti-virus software, claiming you have a virus. You can bet in no time flat that there will be some kinda of search term that will want to scare the user into buying something that really isn’t. I would always recommend the [intlink id=”2205″ type=”page”]free versions of Anti-virus[/intlink], if you can’t afford the paid. This way you are safer then if you didn’t have any anti-virus. I’d Also recommend a [intlink id=”2205″ type=”page”]Free Firewalls[/intlink] also to help protect your computer from contacting any malicious site without your knowledge.

Be on the lookout for sites that do this, you can also discuss sites you have seen that have done this in my Forums this way you can help other users out and prevent people from being scammed.

Microsoft released April Patch list for Patch Tuesday

PaulApril 9, 2009

To see what systems are affected please see the bulletin for further details. Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8. It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution. There also seems to be a remote code execution for DirectX 9.0A, B, and C. This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

[ad#cricket-right-ez]

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed. There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday. There are going to be at least 8 Different patches for Windows XP, and some For Vista. Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack. This will be needed to patch on the server side as soon as possible. Then there is the Excel Remote Code execution that needs to be fixed. It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] ready for this update because this will be quite a big update. You should also update your [intlink id=”2205″ type=”page”]anti-virus software and Firewall[/intlink].

Electric Company fear Mongering gone wrong!!

PaulApril 9, 2009

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

[ad#cricket-right-ez]This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

One email stated that The power systems we have in place today are ran by Knobs and Switches. Mostly built int he 70’s and 80’s, these power stations are mostly ran by manual intervention. The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet.

Since this particular email comes from a very trusted source, I am inclinded to believe this person. Is it possible that there ARE computers in power stations that are connected to the Internet? Yes, I am quite sure there are. However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

[Via Sans Internet Storm]

I agree with what Sans is saying but I don’t think there is anything to worry about, for the fact that I think that the computers that control electricity are not hard wired to be online. This is meaning that if someone virus or worm gets on those computers there is no way these viruses or worms could talk back to command and control. This is my Theory and I don’t work from the electric but I do think this is the most plausible way they are preventing this type of attack. The First Tier, just like tech support, is for Corporate and technicians to talk to eat other over the intranet. The 2nd Tier, this is the important computers that would control Electric process. I don’t know this for sure but I think the 2nd tier would be used to isolate the computers from being accessed externally. Like I said before I don’t work for the electric company and this is all theory on how the electric has this set up!! So you can take it with a grain of salt or come up with your own ideas.

The Seriousness of the Twitter Vulnerability?

PaulMarch 25, 2009

The main question is how much do you want to know about this? Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye. For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used. No telling what other vulnerabilities lay for the client side twitter programs. Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer. Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

Are You and Your Friends Fine — Virus Spam

PaulMarch 22, 2009

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan. It blocked it, but the file that it is downloaded called “save.exe” and I have talked about [intlink id=”2991″ type=”post” target=”_blank”]flash player fake updates[/intlink]. I have seen other blogs talking about dirty bomb news report leads to malware. I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links. It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans. You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.