Security – Page 26 – Paul's Tech Talk

Sites that you need not Visit:

PaulNovember 2, 2008

[ad#ad2-right]I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw. So I did some research and found some sites that you should not go to, or download from. These sites have been know to spread the fake anti-virus malware software. So I wanted to warn people of some common websites that have been known to have viruses on them:

hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.

hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.

hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube, When you go to this site they say you need a special to play a video clip. Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.

hxxp://0scanner.com/—censored—/ — This site usually tries to send you the “Adware.FakeAntiVirus.L” virus. Another site trying to install malware. [ad#ad2-left]

If you want to check your system, here are some places to go to get a free Anti-virus check:

Panda Security Active Scan

Trend Micro House Call

Kaspersky Labs Free Virus Scan

Symantec Free Antivirus Scan

Bitdefender Free Online Scanner

F-Secure Online Scanner

If you have any other ways sites that we should avoid by all means comment about it. I would love to hear sites that you know are bad!!

Windows update is getting a revision!

PaulNovember 2, 2008

[ad#ad2-right]According to Computer World, dated Oct 31, 2008 and I’ll quote:

“Over the next couple of months, we’ll be rolling out another infrastructure update to the Windows Update agent (client code),” said an unidentified Microsoft employee on the Windows Update team’s official blog. “This update makes it possible for users to install more than 80 updates at the same time.”

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain. It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

[ad#ad2-left]Second reason for this is, basically the update software needs to be update yet again for any security flaws or features that might be exploitable. I am sure there are some and Microsoft probably knows about that we do not. So that is the second reason, which it is the most obvious reason yet to push out another revision of the Windows update.

What about stopping the update from effecting your system. The only way that I know of is to prevent Windows from checking for updates. Which is simple:

Windows XP Version:

[Category View and Classic View]

<Start> / Control Panel / Security / Click Windows Updates

For Windows Vista:

<Orb> / Control Panel/ Security Center/ Windows Update / click “change Settings”

With both ways, you will be able to control four ways to handle Windows updating and they are:

Automatic – Will download all necessary updates and install them without your permission or knowledge. Note some of the updates will automatically reboot your system. Most commonly they are set to do this every day in the 12am to 4 am period of time. So when you wake up you would see an log in screen.

[ad#ad2-right]

Download updates but let me choice which ones to install and when – This is most commonly used by people who don’t want to bother having to check manually. It will check and download, then it will let you know.

Check for updates but don’t Download them – This is like the previous one but this will only tell you. The rest of the decision is in your hands not the computer. This is good for people who have limited system resources, like Hard drive space. It still reminds you like the previous one but won’t download any updates.

Never check for updates – This is used for people who don’t want to be bothered with updates and have a way to update manually. This is commonly used by businesses who have several systems on and don’t want to risk an update causing trouble or weigh down the companies internet by downloading updates un-necessarily. This option is not to be messed with because it leaves your system with quite a lot of vulnerabilities. You do this one if you have a set schedule to update each and everyone system. (Extremely Dangerous to do)

With what I talked about, I am hoping you find this useful and to share your discoveries with other people who might want to be able to change how Windows updates are handled on other systems. If you have comments or questions, please post them in the comment section and someone will be more than glad to help you out.

Microsoft Releases MS08-062 to the Public a Month Early!

PaulOctober 29, 2008

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

[ad]

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don’t have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don’t have a printer.

Microsoft reveals “Microsoft Azure”

PaulOctober 27, 2008

Windows Azure is part of a set of new and existing technologies behind the Azure Services Platform, a development and execution platform that runs end-user and corporate software on Microsoft’s own servers, accessible over the web. It joins Google’s App Engine and Amazon’s EC2 in an increasingly competitive market.

[Via ZDnet]

[ad]

Although, There isn’t much more they have said I am quite curious how they will interegrate this into the cloud computing. According to Microsoft, it won’t run on the company server but Microsoft Datacenter. Now this I can see is a big security problem. Because most companies use what they call an Intranet and not the internet. So that leaves questions on if companies are going to use this system or not. Are you ready to let your information float somewhere over the inernet tht is SENSITIVE and CONFIDENTIAL? These are the questions that Microsoft will have to Answer, before any company will use this on there systems.

Microsoft Windows Server Service Vulnerability (MS08-067)

PaulOctober 23, 2008

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This issue is caused by an error in the Server service that does not properly handle specially crafted RPC requests, which could be exploited by attackers to crash an affected system or execute arbitrary code via a specially crafted request.

On Windows Vista and Windows Server 2008, the vulnerability is only exploitable by authenticated users.

Note: This vulnerability is being exploited in targeted attacks.

[via FrSirt]

[ad]

This was just discovered and needs to let people know. I will do more research on it and maybe come up with a way to fix the problem. According to my sources there is a patch that will fix the problem!!

*UPDATE*
According to Microsoft:

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.
[Via Microsoft Security Bulletin]