Are you worried about your identity?

So after the fiasco of the other day, I decided I will talk about security and why you should worry about new websites that you have never heard of.   People are not worrying about there identity and keeping there identity safe.   You see whenever someone signs up to a service without thinking about their password being stored or even used maliciously.   You see when most people don’t use more than one or two passwords for all there accounts and then you use the same password with a new website.  Are you asking for your identity to be stolen?  In one of my previous blog posts I talked about not having any privacy on the internet.

So How can you protect your privacy?

When ever I come across a site that I don’t know about and I want to protect my account from being compromised I find out what I can from several places:

  1. [ad#ad2-right]Google — Yes this is quite common to use to find out about what people are saying asking the keywords like is it a scam or what people are saying about the site?  This can be very useful to make sure I don’t get scammed by a company for instants the Nationwide marketing scam.  Although this is really important when you get things that sound questionable.  This can be very useful with regards to keep your wallet safe.
  2. Whois Network — If there is a site you’ve not heard about and have a question about it you can always do a whois lookup.   This is a great resource for finding out how long the site has been up and who owns it?  The problem with this is most people who have a website aren’t worried about security and privacy.   So you make sure this site isn’t a phish site or to make sure the site isn’t being used improperly.
  3. Sitetiki —  a good site to do some research.   It’s a wiki like Wikipedia but for websites and if they are good or bad.  It also has a spammer list for people to watch and make sure not to go to.  These sites are usually redirect spam sites uses for email.

What about Personal privacy?

With this I also want to talk about security online to prevent people from gaining access to your accounts online by guessing the password.  Some sites also like to phish for your account information and use the information gained to take control over your account so here are some useful links to help protect your account information:

  • [ad#cricket-right-ez]Roboform — This is good for generating a really good random password and remembering it.  This will keep people from guessing the password and also make it easy to come up with another good password.  This will also fill out the required site forms that usually use to sign into website.
  • A good VPN Service —  If your like me and you have to use free wifi from time to time and want to make sure you have privacy on the net.  This is good for security on any open wifi network and you don’t want to have anyone watch you while your browse online.  In case someone is interested what VPN’s are used for here is the link to let people understand it better.
  • Perfect Paper Passwords — This is coming from Security now Episode 115 and he talks about this to better help people make the best possible passwords.  Listen to it and it will help you understand more about security.

These are just a few ways to prevent people from gaining access to an account.   After doing some research on this and thinking about this in bigger detail.   I would like to make a public apologies about the fiasco yesterday and what happened.  In all truthfulness everything didn’t seem right with the doings of the going on with website.   I also was worried about the twitter spam it was sending out as you started the service.   I didn’t know until later that it was a real person trying to make a product twitter users could really use.   I have learned from my experience and I will work harder next time and not be so quick to act next time.   If I was the company that bought that site, I’d also offer a job to both of them for being intuitiveness on coming up with a really good product.

BREAKING NEWS : Microsoft issues 961509

Microsoft as issued an new security advisory about the possible way someone might be able to take your sensitive information using an invalid digital signature:
[ad#ad2-right-1]

Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method could allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.

[via Windows Technet]

Although Microsoft has stated in the advisory most companies are using the SHA-1 algorithm.  Some are still using the MD5 and should stop using it immediately.   Microsoft says there is none in the wild but you can be bet on it someone will do it sooner or later.  Certificate Authorities should stop using MD5 and go to a much stronger better Algorithm. This is what Microsoft is saying and they aren’t providing much information for the end-user on how to prevent from using MD5 certificates on your system. You can remove the MD5 certificate manually if you are a system administor and want to protect the computers at the office.  Please don’t do this unless you know what your doing, you could very well break your system if you did something like this.

Uncovering a Virus/Trojan

Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:
[ad#ad2-right]

Rene Van Belzen

I can’t wait to read part two of this article. I always wondered how you’d know you’re infected if a virus don’t want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can’t plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I’ve done to figure out if they may or may not have a virus/Trojan.

Now if this is a client’s computer and you don’t want to be rude to the client, there are a few indications of user error and installing a virus.   This is relatively simple, all you do is do a quick inventory of all the start menu programs.  You’d want to look for any P2P file sharing program, If they have Firefox Installed, and if they are using Window Mail and not Thunderbird.   You see 80% to 90% of virus downloaded are installed by the End USER.  They either downloading a game and installing a virus with [ad#ad2-left]a game, or not protecting themselves by using Internet Explorer or Using Windows Mail.  That is usually my first step due to the fact, I’ve got to be diplomatic about finding out about security ways.  Also make sure they are up to date on there Window updates, unless they are using a really old system then you will have to work even harder.  Also you can suspect a virus if the client is talking about having problem with a program recently although this isn’t always true it sometimes is the case due to the fact hackers don’t have a big chance to test these viruses/Trojans out before they set them into the wild.  So there are always going to be unplanned problems associated with them.

After the first initial search of desktop, you should really know the likely hood of a possible virus getting on the system and later we will talk about counter measures to prevent virus attacks in the future.   There are a few places a hacker likes to put commands.   Hackers love to put in the Registry to run a program every time Windows starts.  It usually in:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\

Usually 50% to 70% of virus like to make sure the program to runs.  This is a flaw in Windows because hackers can edit this without much effort but there isn’t many places a hacker can go to make sure a program is set to run when you boot.   So this is also a benifit to finding those little programs.

Now just like the Regisitry, Hackers also like to put programs in a few areas on the hard drive.   This is also kinda hard to hide because most of the time these are consider important to the system but if you know what to look for you can pretty much figure out if it is truelly a system file.  These areas of the hard drive are:

  • C:\WINDOWS\System32[ad#ad2-right]
  • C:\WINDOWS
  • %programfiles%\common files\microsoft shared
  • %windir%\temp\

These are just a few but if you look hard enough it can be found most of the time.   Most of the time I use the registry to tell me where these programs are so I can do a further check of the program.  Some of this is not needed with some of the programs that I recommend but this is for those who want to be a through job and make sure the virus is gone.

On my next post we will talk about some good tools for the trade to help get rid of a virus/Trojan.  This little step here is used to  better help identify a virus and also give you chance to google each name on the list of registry and the hard drive  to see if you can identify the virus.

Inside understanding of win32.netsky.q

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:
[ad#ad2-left]

  • Delivery Error
  • Delivery Failure
  • Delivery
  • Mail Delivery failure
  • Mail Delivery System
  • Mail System
  • Delivery
  • Delivered Message
  • Error
  • Status
  • Failure
  • Failed
  • Unknown Exception
  • Delivery Failed
  • Deliver Mail
  • Server Error
  • Delivery Bot

And with each message there is the reciepts email address at the end.  This worm seems to be spreading like wildfire today.   It is because people have not install

Microsoft Security Bulletin (MS01-020)

[ad#ad2-right]Now how do you get rid of it.  It seems that most of Anti-Virus software would get it done.  All you would need to do is scan for this virus with the latest updated virus databases and will go away.   According E-Trust Anti-Virus they say they can remove it.   This is a really old virus, according to my sources this was first seen in 2004.   In order to prevent this in the future I’d suggest installing a free anti-virus and using it.    This is one smart little worm according to CA IT.

If you have quite a few Desktops in your Office and want to update all of them to the newest patch all in one swoop, I’d suggest downloading Clone of Autopatcher and making an ISO image so you can go around to each computer and install the patches quickly and easily.  Prevent yourself from getting that virus and some others in the future.   This is a friendly tip for all those hard working IT workers.

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

[ad#ad2-right]

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”


[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

[ad#ad2-left]What’s this program name, it is call the K-lite Mega Codec pack. In this Pack you will be able to play almost everything without having to go download another program. This is done by people who want you to have all the latest codecs installed so you don’t have to go by a program you’ll only going to use once a month.

Once you’ve done that, you’ll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I’ll always go to the site and check for example Adobe. If it says I need to update my flash I’ll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I’d check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don’t forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.