Paul's Tech Talk

secure-spyware-scannerv3.com ([intlink id="3607" type="post"]Personal Antivirus Scareware Site[/intlink])

secure-antispyware-scanv3.com ([intlink id="3607" type="post"]Personal Antivirus Scareware Site[/intlink])

best-virus-scanner.com ([intlink id="3607" type="post"]Personal Antivirus Scareware Site[/intlink])

homeantispywarescan.com ([intlink id="3607" type="post"]Personal Antivirus Scareware Site[/intlink])

livetimeprotectionscan.com ([intlink id="3607" type="post"]Personal Antivirus Scareware Site[/intlink])

beeves.info ([intlink id="4217" type="post"]Internet Antivirus Pro Scareware[/intlink])

securitytoolworks.com (New Rogue Total Security Antivirus)

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don't have any more hidden malware.

I recommend :

Do a Full System with One of these Free Antivirus Software:

[ad#SUPERAntiSpyware]

Post a Comment | in

Anti-virus,

Antivirtus,

Fake,

How-to,

fraud,

removal

Wednesday

Apr292009

Adobe PDF Zero Day Warnings : Experts agree

Author:

Paul Sylvester | Date:

Wednesday, April 29, 2009 at 6:44AM |

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

F-secure

Graham Cluely's Blog

Sans Internet Storm

[ad#cricket-right-ez]As you can see this seems to be one of those Adobe problems we had in the past with [intlink id="2963" type="post"]Javascript[/intlink]. They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF'S again. Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails. I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems. This will most likely mean that even Macintoshes could be used to [intlink id="2173" type="post"]create even more botnets[/intlink] and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves. This also goes for Linux users but I have not heard of anything in the wild yet.

Don't forget to install some [intlink id="2205" type="page"]free Anti-virus and Free Firewalls[/intlink] to help protect your system from becoming a botnet.

Post a Comment | in

Adobe,

Anti-virus,

Apple,

Linux,

Mac,

Mac OSX,

Macintosh,

Microsoft,

OS X,

PDF,

Security,

Ubuntu,

XP,

Friday

Apr032009

Hackers Jump onto Power Point Exploits : KB969136

Author:

Paul Sylvester | Date:

Friday, April 3, 2009 at 11:23AM |

In my Previous post, we talked about Microsoft [intlink id="3280" type="post"]Advisory for KB969136[/intlink] and the exploit was in the wild. It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

[ad#cricket-right-ez]Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for attackers to use such as nude pictures, Earth Hour, or Celebrities without Makeup, users who don't normally use PPT should check the files out before you load them. You also should remember to save them to a file and [intlink id="2205" type="page"]scan them with your Anti-virus software[/intlink], also it wouldn't hurt to have a firewall software. It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn't become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

This would be a good time to remind IT staff and anyone who might use Power Point that they should not open anything they aren't expecting and even then they should verify with your IT staff that it is safe until Microsoft issues a patch for this. I expect that if this become widely used it will be released out of Cycle or even In May's Patch Tuesday. According to Microsoft you could install Microsoft Office Isolated Conversion Environment (MOICE) but requires Office 2003 and Office 2007 systems. Find out how you can use this work around at Microsoft's Advisory of KB969136 for further instructions.

Post a Comment | in

Email,

PPT,

Thursday

Apr022009

Microsoft issues Advisory KB969136 (Zero Day Exploit in the Wild)

Author:

Paul Sylvester | Date:

Thursday, April 2, 2009 at 7:54PM |

Well, this had to happen sooner or later. It looks like Powerpoint can be exploited with a Remote Code Execution. So Microsoft today has issued an Advisory for KB969136.

In there post they say:
[ad#cricket-right-ez]

At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
[Via Microsoft Blog]

Microsoft has even added a diagram on how an attacker could implement this into an email.

So what do you need to know:

If you receive a Power Point presentation from someone you aren't expecting either scan it good with a[intlink id="2205" type="page"] free anti-virus[/intlink]. There are no major workarounds to this because Microsoft is telling people not to open the Power Point files directly. I tend to agree you should however know if you are expecting something from someone by either emailing them back or if it's an office situation pick up that phone for the time being. I am sure Microsoft will issue this patch in the coming months probably May or June at the earliest. I don't think it will be April Patch Tuesday, they could however make this an out of cycle if enough hackers start to use this.

According to Micrsoft the Windows Live One care picks this up as Win32 Exploit so I am sure other [intlink id="2205" type="page"]Anti-virus Software will do the same[/intlink]. Just for the time being you will want to scan any presentations that come your way. I will update the blog as more information becomes available!!

Post a Comment | in

Tuesday

Feb172009

Zero Day For IE7 Being used in the wild.

Author:

Paul Sylvester | Date:

Tuesday, February 17, 2009 at 6:10AM |

It looks like IE7 patches are being used right now in the wild. According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while. Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats. The Good news is this isn't as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access. I still like the Autopatcher because it will do the job with very little input from the user. It also makes it easier for people to patch big systems. You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP. So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.

Post a Comment | in

Auto,

Autopatcher,

Big,

Blog,

Event,

Good,

Image,

Job,

Micro,

On,

Peak,

Software,

Someone,

URI,

free anti virus software,

agent,

botnet,

botnets,

company,

conten,

cve,

date,

end,

href,

internet access,

internet explorer,

isp,

patch release,

people,

security patch,

success,

track,

virus removal,

vulnerability

Saturday

Jan242009

Brace for Impact, Brace for Botnet! (Conflicker Worm)

Author:

Paul Sylvester | Date:

Saturday, January 24, 2009 at 10:16AM |

The Worm that has infected 6% of Personal Computers is starting to build into something totally different. According to some Researchers, they are saying this has to happen soon. And I'll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

[ad#ad2-right]Although this sounds like it has stopped, I don't think so I am sure the worm will get even bigger. I don't think it has been curbed we might have a rest period before the Worms tries again.

"Why is it taking so long?" asked Huger. "That's what we're all asking." He couldn't recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question? What isn't being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction. I believe it will be using a newer exploit so that it can infect even more computers. I also think it will be a botnet and so does others.

But he also pointed out that the clock is ticking. "If they don't hurry up and do it, someone else will," he said, explaining that hackers must fend off not only security researchers, but also other criminals, who would like nothing better than to pinch a ready-to-use botnet.

[Via PcWorld]

So they are going to use this Downadup Worm soon, I am counting on it. Somethings for IT professionals to prevent more infections are to make sure you have patched the latest security holes before they exploit that. Like my favorite program, the Clone of Autopatcher, which you can create a month by month patch DVD to install on all important systems. IT professionals must not start getting relax, because of people saying it is on the downfall. In nature there are always going to be periods of rest before growth. So I am sure something will happen rather quickly, and probably in the next week or two.

Post a Comment | in

Autopatcher,

Clock,

Clone,

botnet,

security researchers,

worms

Wednesday

Jan212009

Security Researchers warn of potential flaws in Windows

Author:

Paul Sylvester | Date:

Wednesday, January 21, 2009 at 6:38AM |

I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.

[ad#ad2-right]

Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]

According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.

So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.

Although Microsoft did patch those holes this month. I grow to wonder just how much these hackers keeping the IT professionals on there toes. I hope people updated their system to prevent another worm because you don't want the worm like Downadup Do you? I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.

Post a Comment | in

2008,

bugs,

holes,

storms,

worm

Wednesday

Jan142009

Admins are shaking in there boots due to the Ms 09-001 Patch

Author:

Paul Sylvester | Date:

Wednesday, January 14, 2009 at 1:02PM |

I have to talk about this because this is a big deal. According to Techworld and I'll quote:

"This one scares me - a lot," says Eric Schultze, CTO of Shavlik Technologies. "It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials."

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 - 067 that still people haven't patched their systems. According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don't need any credentials. The virus does not need to know any passwords or user names to gain access. Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most companies don't patch there system as quickly as Microsoft would like them to. You see most companies have quite a few computers depending on the size of the company it could be quite a lot. So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don't they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems. Some use really special programs or have a network going that is vital. Even the smallest update to the system could bring the network or the program down. Most companies liketo test it out on test machine for a while to make sure that the patch doesn't prevent the business from doing business. Here are a few articles that prove why companies do not want to just install patches automatically:

Windows patch is flawed (Dated March 31, 2005 8:31 AM PST)

Stealth Windows update prevents XP repair (Dated Sept 27, 2007)

Patch Tuesday security update causes problems with IE for some (Dated Dec 18, 2007)

Some companies are using older systems like Windows ME or some older Windows Operating systesm. Although there isn't anything we can do about those because Microsoft has stopped supporting them with updates and all. I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don't have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way. I've recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves? How do we update all of the systems we are responsible for? There are no easy answers to this.

Post a Comment | in

Flash,

cto,

sasser,

shavlik technologies,

test machine,

user names,

vector,

windows updates

Friday

Dec122008

What is a Virus and Why do I have one

Author:

Paul Sylvester | Date:

Friday, December 12, 2008 at 7:04PM |

After seeing more and more the updates coming from the net. I wanted to talk about what a Computer Virus or Trojan is and how you get it. So how did you could of gotten a Virus in the first place. So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you? Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit. [ad#ad2-right]

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit. Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems. You see if they can get on one system they can then find ways to get on other systems.

In the Old days, you'd ask

How Did I Get This Virus, Anyway?

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don't care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent (and easiest) mode of transport.

[via PcWorld] (Dated Oct 13, 2000 11:00 pm)

That was before hackers wanted to infect for more personal gains. There is a list of things that hackers want to get when they Infect a system and it is usually very few things. In the Old days they wanted the fame but now they want money and to take control over the internet. They usually want to infect for Money or to have computers become botnets. Now We aren't talking about the Movie, I Robot. Once a system becomes a bot it doesn't think for itself but follows a line of command from the Command and Control center. So lets say we have several hundred bots on one net, and the hacker blacked mailed a server saying if they didn't pay up they'd get DoS attacked. With enough bots going to one site at one time can slow or even bring down a site, that is how A hacker sometimes uses a virus or trojan to get into a system.

Viruses & Trojans try to Avoid detection

So you have a virus, it wouldn't do a virus any good to be detected right after getting onto a system. More and more, viruses are trying to avoid being seen and heard. Most hackers who program are wanting to infect more than one system so they have to make really sure that you don't find out your infected. So with that said there are several ways and I won't try to explain them because I think the link talks about it better than I could. It however will give people something to think about.

In the next few days there will be another post on How you will be able to figure out if you have a virus. I had to talk about this first so people could understand how to figure out if you have in the next post. So stay tuned for more

2 Comments | in

2008,

Computer virus,

Control,

Dated,

Disk,

Linux,

Trojan,

Via,

Zero,

attack,

computer application,

computer threat,

download,

fame,

hacker,

infect,

list,

mail attachment,

mail attachments,

microsoft apple,

mode,

money,

place,

site,

term,

time,

Tuesday

Dec092008

The Important Windows patches Released Today

Author:

Paul Sylvester | Date:

Tuesday, December 9, 2008 at 12:25PM |

As many of you know we talked about the Non-critical patches that Microsoft will release today. IF you want to read those please go and check it out. I'll be talking about the REALLY important ones that Microsoft has kept tight until now. These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot. I'd wanted to let people know about what people coin "Exploit Wednesday". I really don't know if this is a Myth or actually does exist but I'd figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible. Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don't want to have any problems with these updates. I don't suggest testing it more than a couple days. Here are some good Virtual Machine software to try out yourself:

Hyper-V (Microsoft Product)

VMware Virtual Machine

Virtual PC 2007 (Microsoft product)

Virtual Box - Sun Microsystems (FREE)

Kaffe Virtual Machine (Haven't Tried this one)

Here is the list of updates that are critical that Microsoft released today. Each one of these are quite important and should be considered installed when you get a chance.

[ad#ad2-left]Microsoft Security Bulletin MS08-073 - Critical
Cumulative Security Update for Internet Explorer (KB958215)

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

[ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

KB952069
(not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

These are just ones that I found and wanted to let you know, the others have been explained on the other article. So check them all out and I suggest installing them quickly as possible.

Post a Comment | in

2008,

Cumulative,

Explorer,

GDI,

Google,

Help,

Kaffe,

Player,

Remote,

Rights,

To,

Update,

VMWare,

could allow remote code execution,

chance,

coin,

couple days,

critical updates,

cumulative security update,

hyper,

internet explorer,

internet explorer users,

list,

lot,

machine software,

man,

microsoft product,

microsoft security bulletin,

myth,

new accounts,

patches,

problem,

search,

step,

success,

sun microsystems,

thos,

tip,

tip of the iceberg,

using internet,

view,

web page

Wednesday

Dec032008

Apple's Immunity, Botnet sanctuary.

Author:

Paul Sylvester | Date:

Wednesday, December 3, 2008 at 11:51AM |

But is Apple projecting a false sense of security just to save face? Many experts repeatedly warn that all operating systems are susceptible to viruses, and as the Mac becomes more popular OS X will inevitably become a bigger target for malicious attacks.
[via Pcworld]

Having said that I feel the notion that Apple is trying to keep there reputation as a virus free system. I can only hope that they stay that way. Which as much as I know, Apple will most like start to be the main source for botnets, because of the lack of security.

[ad#ad2-right]According to reports on this blog, people are worried Apple stance on it being the safest and having so much immunity to viruses. Apple in the past has stated they have mislead people with there firewall. Yet Apple takes down that suggestion of having an Anti-virus(Quietly).

[ad#digg-left]Everything I've seen suggest that virus writers and Malware writers will MOST likely start targeting the Mac OS X, they know Apple sense of security is Vulnerable to attack and they will exploit it more and more. So what does that mean for Apple, it just means that soon every hacker who has a botnet will want a piece of the Apple Pie and is right now.

[ad#ad2-left]As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer - probably a Russian - with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.

[via Techworld]

Which looks like it has already begun. So what can Mac users do, get an Anti-virus and maybe Apple will have to start backing down from the Virus commercials and actually admit it. Sooner or later someone will have to challenge Apple to get them to start admitting to it.

Post a Comment | in

AT&T,

Anti-Virus,

Apple,

Big,

Blog,

Challenge,

Commercial,

Down,

EA,

EST,

False,

Firewall,

Free,

Hack,

IE,

James,

LOG,

Left,

Mac,

Mac OS,

Macs,

OS X,

OsX,

Russia,

Sooner,

The,

Trojan,

URI,

Use,

Wal,

Writer,

XPert,

ace,

ad2,

air,

botnet,

com,

face,

false sense of security,

feature,

hacker,

hop,

immunity,

knowledge,

lack,

look,

man,

mean,

mislead,

notion,

past,

people,

piece,

point,

program,

programmer,

programming features,

rep,

report,

reputation,

ru,

sanctuary,

sense,

source,

start,

target,

time,

troj,

ua,

unit,

user,

virus writers,

viruses,

war,

way,

world

Tuesday

Nov252008

Some program Vulnebilities Detected!!

Author:

Paul Sylvester | Date:

Tuesday, November 25, 2008 at 9:23AM |

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I've found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets "you easily create, sign and distribute configuration profiles using a web browser". A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program's files folder.

Streamripper Multiple Buffer Overflows
Streamripper "records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows." Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure. if I find any others I'll let you know!!!

Post a Comment | in

Address Bar,

Age,

Amaya,

Browser,

Buffer,

Chrome,

Google,

IPhone,

Live,

Make,

Multiple,

NULL,

Nation,

Ones,

Other,

Red,

Root,

Runs,

Secunia,

Security,

Sites,

Stack,

Team,

The,

Tor,

Traversal,

Turn,

URI,

URI Obfuscation,

URL,

US,

Unix,

Use,

Vulnebilities,

Win,

Window,

XP,

bar,

browser functionality,

code,

config,

direction,

directory traversal,

file,

folder,

form,

fun,

link,

lt,

man,

mp3 streams,

null character,

obfuscation,

order,

overflow vulnerability,

person,

phone,

rate,

ru,

search,

security team,

shoutcast,

sign,

site,

stack overflow,

status,

str,

streamripper,

tip,

track,

user,

web,

wind,

Thursday

Nov202008

Vista has a new Vulnebility!

Author:

Paul Sylvester | Date:

Thursday, November 20, 2008 at 11:41AM |

According to Techworld.com, Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit. The talk from them is quite intriguing. I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

[ad#ad2-left]Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista's next service pack. Microsoft released a beta version of Vista's second service pack to testers last month. Vista's Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista. Now we all know that Microsoft will release a patch quicker than 6 months away. According to this article, people are already looking for the exploit and want to know more about it. I would be willing to bet they will have a patch out sooner than later. Probably January or Febuary, which will be a big deal because no one will expect it. I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch. So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

Post a Comment | in

22 october,

Anti,

Beta,

Better,

Big,

CAT,

Computer,

Computer virus,

Control,

Deal,

Device,

Firewall,

GE,

Hack,

Hackers,

How-to,

IE,

IO Control,

January,

Jun,

June,

Left,

Mac,

New,

Oct,

Phion,

Root,

Small,

Sue,

The,

Turn,

US,

Unterleitner,

Use,

Via,

Vice,

Wal,

Will,

Win,

Window,

ad2,

com,

due,

febuary,

hacker,

infect,

issue,

kernel,

look,

lt,

month,

pack,

piece,

problem,

quote,

rootkit,

ru,

service pack 2,

service pack microsoft,

start,

talk,

tech,

try,

ua,

version,

vulnerability,

war,

way,

wind,

world

Sunday

Nov022008

Windows update is getting a revision!

Author:

Paul Sylvester | Date:

Sunday, November 2, 2008 at 2:09PM |

[ad#ad2-right]According to Computer World, dated Oct 31, 2008 and I'll quote:

"Over the next couple of months, we'll be rolling out another infrastructure update to the Windows Update agent (client code)," said an unidentified Microsoft employee on the Windows Update team's official blog. "This update makes it possible for users to install more than 80 updates at the same time."

[via Computer World]

Now if your like me and have several computers who need to be updated at a given schedule, you sometimes worry about these updates that come along that might just break your system. I have been using a program call Offline Updater, which does what Autopatcher does really nicely. So why is Microsoft sending out this patch? Two reasons, one they want you to be able to update your operating System without hurting your system integrity.

Now lets talk about the integrity of having to reboot your system. You see, every time you reboot the system, it causes the system hardware some strain. It is something like having starting up a car, sooner or later you will have the starter go out, because of to much start up.

[ad#ad2-left]Second reason for this is, basically the update software needs to be update yet again for any security flaws or features that might be exploitable. I am sure there are some and Microsoft probably knows about that we do not. So that is the second reason, which it is the most obvious reason yet to push out another revision of the Windows update.

What about stopping the update from effecting your system. The only way that I know of is to prevent Windows from checking for updates. Which is simple:

Windows XP Version:

[Category View and Classic View]

<Start> / Control Panel / Security / Click Windows Updates

For Windows Vista:

<Orb> / Control Panel/ Security Center/ Windows Update / click "change Settings"

With both ways, you will be able to control four ways to handle Windows updating and they are:

Automatic - Will download all necessary updates and install them without your permission or knowledge. Note some of the updates will automatically reboot your system. Most commonly they are set to do this every day in the 12am to 4 am period of time. So when you wake up you would see an log in screen.

Download updates but let me choice which ones to install and when - This is most commonly used by people who don't want to bother having to check manually. It will check and download, then it will let you know.

Check for updates but don't Download them - This is like the previous one but this will only tell you. The rest of the decision is in your hands not the computer. This is good for people who have limited system resources, like Hard drive space. It still reminds you like the previous one but won't download any updates.

Never check for updates - This is used for people who don't want to be bothered with updates and have a way to update manually. This is commonly used by businesses who have several systems on and don't want to risk an update causing trouble or weigh down the companies internet by downloading updates un-necessarily. This option is not to be messed with because it leaves your system with quite a lot of vulnerabilities. You do this one if you have a set schedule to update each and everyone system. (Extremely Dangerous to do)

With what I talked about, I am hoping you find this useful and to share your discoveries with other people who might want to be able to change how Windows updates are handled on other systems. If you have comments or questions, please post them in the comment section and someone will be more than glad to help you out.

Post a Comment | in

ATI,

Blog,

Call,

Common,

Down,

Flaw,

Help,

IE,

Install,

Internet,

MMO,

Make,

Other,

R Us,

Red,

Security,

Someone,

Team,

The,

Times,

Tips,

Tweaks,

US,

Update,

Updated,

Updater,

Updates,

Use,

Via,

WIndows,

Ways,

Window,

Windows,

Windows Vista,

Windows XP,

XP,

agent,

boot,

category view,

center,

change,

change settings,

check,

checking,

click,

client,

code,

com,

comment,

control panel,

couple,

day,

end,

gain,

lot,

lt,

man,

microsoft employee,

mind,

month,

necessary updates,

need,

permission,

question,

quote,

risk,

share,

source,

start,

strain,

system hardware,

system integrity,

talk,

time,

user,

view,

wind

Wednesday

Oct292008

Microsoft Releases MS08-062 to the Public a Month Early!

Author:

Paul Sylvester | Date:

Wednesday, October 29, 2008 at 5:49AM |

Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (KB953155)

This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

[ad]

This update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses this vulnerability by changing the way that memory is allocated within the Internet Printing Protocol (IPP) service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

[via Microsoft Bulletin]

Now from what I understand, if you have a Network attached printer on your system this would make you more vulnerable to someone taking control over your system. So this patch is supposed to fix that. I am recommending to all to update this and fix this update ASAP. I do not know if you don't have one what that would do so just install this update, because you will undoubtedly still be runing the Internet Printer Protocol even if you don't have a printer.

Post a Comment | in

ASAP,

ATI,

Account,

Info,

NIN,

New,

The,

US,

Update,

could allow remote code execution,

Will,

XP,

change,

code,

complete control,

execution,

form,

internet printer protocol,

internet printing protocol,

internet protocol,

internet service,

microsoft windows 2000,

month,

net,

network,

new accounts,

printing service,

public,

quest,

section,

stand,

subsection,

view,

vulnerability,

way,

wind,

windows internet

Wednesday

Oct032007

Digg exchange gang busted !

Author:

Paul Sylvester | Date:

Wednesday, October 3, 2007 at 5:16AM |

I was just surfing the DigitalPoint Forums today as usual when i saw something going on there. Some people starting frequent threads with titles similar to “Selling DiggBoss Points”, “DiggBoss Invites for free”. Find all of them here . I had a quick look at it what is this DiggBoss actually ? I took a invite from a guy there who sent me a link through PM to a site with URL http://www.diggboss.com. I was confused initially, but after I registered and logged in there, i was shocked to see whats happening. So many people, almost 100+ trading diggs and stumbles there. All they do is, look at the stories listed there and digg them. It works in this way - when a person diggs one story he gets one diggpoint. He can increase his diggPoints this way. When he has enough diggpoints, he can submit his own story and it will be listed there to be dugg by the other members. The system was working perfectly for both digg and stumbles. Not only this, i also find many people collecting diggpoints and selling them there for prices like 5$ for 30 DiggPoints. I thought of giving it a try to see whether it really works or not. I made a sample story and submitted it to digg. Find it by clicking here. purchased around 100 digg points from a guy there. I then added this story to the diggboss campaign, and the system showed they will trade me 50 diggs for 100 diggpoints. I submitted and waited for a few hours. WoW ! 50 diggs and it got the ball rolling. One after the other, it broke around 121 diggs and made to homepage for a few mins (the story was a bit funny, so it gots some natural diggs later). It made me around 1200 unique hits to my site.

But i was really shocked to see how these social networking sites are exploited. Not only this, i can also see people exchanging diggs openly on webmaster forums like DigitalPoint. See the following link -

Check this google search results

Its really disappointing to see exploitation of such social networks!. I guess digg must take serious action to stop this stuff.

Perhaps digg could easily see the above story and ban all those who dugg it, But the big problem is that, the gang was only used to get the ball rolling !.

I knew digg has it's flaws but that shows you how many flaws they actually do have! : ( I wonder how many are actually done by those people!!

Post a Comment | in

Digg,