Paul's Tech Talk

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

Bulletin 1: Critical (Remote Code Execution), Windows

Bulletin 2: Critical (Remote Code Execution), Windows

Bulletin 3: Critical (Remote Code Execution), Windows

Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server

Bulletin 5: Important (Elevation of Privilege), ISA Server

Bulletin 6: Important (Remote Code Execution), Office

[ad]It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c. It also seems they will be Patching the Virtual PC and Server and ISA Server. Microsoft will also be patching 2007 Microsoft Office System Service Pack 1. They will also Be Releasing 14 different patches for non Critical status.

The Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get [intlink id="2883" type="post"]Autopatcher[/intlink] updated to the lastest updates and schedule a time next week for you to test and install these updates. I would recommend updating your [intlink id="2205" type="page"]anti-virus and Firewall[/intlink] software if you have any, if not it is time to get them and install them.

Post a Comment | in

Arstechnica,

July,

Friday

Jun122009

The Frustrations of Wordrpess 2.8

Author:

Paul Sylvester | Date:

Friday, June 12, 2009 at 2:56PM |

Photo By Nicholas Wang

Wordpress 2.8 was released Yesterday morning, and by Yesterday afternoon people were complaining about it. Some of the issues seemed to steam from a minor template change in 2.8 to prevent people from editing or using Plugins.

Now I have talked about [intlink id="3171" type="post"]backing up important data[/intlink], that includes your website.   You will never know when that back up software will be valueable and when you need to restore it.

Just like everyone else I have had problems with my ability to update my blog or update my Advertising. Although unlike others who have a lot of widgets on the sidebar for there users, mine are html and not a plugin version.   Although I didn't have as much problems as others, I did however have problems with the Back up process.   I used Wordpress Database Backup and I had the file that it gave me but the PHPMyAdmin would not restore the database that I was given from the plugin.   So in the process of trying to fix my database, I had a few hours of downtime on my blog. If your a regular visitor you might of seen the message "Database Error" when you visted my site. I have since then fixed the problem With the help of my support team to get my website back up and running.

[ad]I know the Wordpress Database Backup plugin is good for 99% of people but I am going to assume that with the difficulties of this restore with the PHPMyAdmin, I will be looking for some other PHP Database editor that will work just as good as that one. Until then I will be doing a Manual back up of my Database because that way I know of having a working copy of my Database in case of a problem down the road. If someone has a good Plugin or an Alternative to PHPMyAdmin by all means leave me a comment and I'll check it out or you can [intlink id="995" type="page"]email me[/intlink] and let me know.

I still love Wordpress because of it not being open source and more transportable onto other servers unlike Blogger, but there will always be those bumps in the road.   I will always advise people to backup before doing anything major from a system upgrade to a website upgrade.   I hope others have not had this problem as I have but mine might of been just the luck of the draw with all the problems, you know what they say "When it rains, it pours" but there is a silver lining to this. I have learned more about website backups then I previously did.

Post a Comment | in

2.8,

Backup,

Thursday

Apr092009

Microsoft released April Patch list for Patch Tuesday

Author:

Paul Sylvester | Date:

Thursday, April 9, 2009 at 2:18PM |

To see what systems are affected please see the bulletin for further details. Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8. It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution. There also seems to be a remote code execution for DirectX 9.0A, B, and C. This however doesn't affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

[ad#cricket-right-ez]

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed. There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday. There are going to be at least 8 Different patches for Windows XP, and some For Vista. Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack. This will be needed to patch on the server side as soon as possible. Then there is the Excel Remote Code execution that needs to be fixed. It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get [intlink id="2883" type="post"]Autopatcher[/intlink] ready for this update because this will be quite a big update. You should also update your [intlink id="2205" type="page"]anti-virus software and Firewall[/intlink].

Post a Comment | in

Autopatcher,

MSDTC,

Thursday

Mar262009

What will happen on April 1? Conficker discussion!

Author:

Paul Sylvester | Date:

Thursday, March 26, 2009 at 11:04AM |

I saw that F-secure has posted what a Question and Answer on the Conficker Worm. I wanted to talk about this a little myself:

Q: I heard something really bad is going to happen on the Internet on April 1st! Will it?
A: No, not really.

Q: Seriously, the Conficker worm is going to do something bad on April 1st, right?
A: The Conficker aka Downadup worm is going to change it's operation a bit, but that's unlikely to cause anything visible on April 1st.

[Via F-secure Website]

[ad#cricket-right-ez]I am like everyone else, I really don't know what will happen it is always going t to be media exposure when it comes to Worms, Viruses, or Trojans. Virus Writers whoever "THEY" are, will always want to update there infected systems to keep the virus(Also worms, and Trojans) on peoples systems. This is the way of security firms will always have to predict them, keep up with them, or just follow them. This will never change because as virus writers want to find even more ways to infect systems that is the necessity of Anti-virus Software.

I don't know what will happen on April 1, you most likely will be fine if not you won't know it until you try to update your system or update your anti-virus software. One way you can find out if your infected is by trying to serf to security vendors like F-secure, Norton, and Kasperky. If you Can't get to those sites then you most likely have a Virus or Worm, and it could be this worm!!

Make the worm harder to detect -- This is a common practice they want to be able to hide the worm for as long a possible. So they will always tweak it to make it that much hard to detect and remove.

Make the Worm easier to infect systems -- This is another common practice, because without having systems there is no need for a Command and Control server. The worm could do things such as Denial of Service, Or send out spam, or steal sensitive information. This is the nature of why people make viruses, Trojans, or Worms.

Easily update the virus software -- as with any software the virus writers will come up with easier ways of updating the software, because the security will do whatever they can to prevent the update. This is also the nature of why there will always be updating of the code. They will put in more ways to keep the virus, worm or Trojan from being blocked. Like the Conflicker has some Peer to Peer functionality, so if one company blocks the update another way it could get the update is Peer to Peer. So you can't block it very easily.

So what will happen April 1? Who knows it could be a normal day, or it could be the biggest [intlink id="3208" type="post"]April Fools joke[/intlink] ever. That is why I put that in my last blog post. With so much Media Frenzy the security firms don't know what the Worm will do when it updates, all they can do is wait. So let's take a deep breath and relax, there's nothing we can do just yet!!

Post a Comment | in

Windows Vista,

botnet,

worm

Tuesday

Mar102009

Thinking back to PIFTS.EXE.

Author:

Paul Sylvester | Date:

Tuesday, March 10, 2009 at 9:36PM |

Thinking to this very incident looks to something out of the movie "Lemony Snicket's A Series of Unfortunate Events". I won't go into much detail but here is what I want answers to about the PIFTS.EXE. You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn't right.

[ad#cricket-right-ez]The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn't prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a 'scapegoat' so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton's defense there seems to be a lot of information that they have to sort through. I'll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here's some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn't they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.

Now with that said let's talk about Why it took almost a whole day for them to release a public statement about what happened. I might be wrong but if I was a stockholder, I'd of demanded them to send that out ASAP instead of waiting 20 to 24 hours. Although I'm not trying to make any more conspiracy theories, I do think the Streisand effect came into effect and people are feeling like Norton did something they shouldn't have. In which case, Norton probably made "A fail whale" attempt of making it better when they started to delete the post.

I've been watching the Norton forums trying to make sense of all this, and I do know that Norton have lost people's faith in them and people are removing their product off there systems if Norton doesn't start answering questions that need to be answered.

Norton has released the information of PIFTS.EXE and what it does. Although I am sure people are going to argue about what it does or doesn't. I wanted to post this for people to check out and consider for yourself.

Post a Comment | in

Norton,

Use,

Win,

XP,

Saturday

Mar072009

How do you like your Cricket USB Modem?

Author:

Paul Sylvester | Date:

Saturday, March 7, 2009 at 4:04PM |

Lately I talked about the A600 USB 3G modem and Now I want to hear from the Readers? You see I can't do my best reviewing these with comments from the readers, that being you.

Click the picture to send me email, just remember to replace "AT" with "@".

So I want to hear what you think about either the USB UM100 Modem or the A600 USB 3g Modem? Here a re a few things to answer when you write your email.

Something will go to the people who email me? I want to publish some of these comments on my blog for all to read. I want to hear if what I am publishing helps you? I will even give your credit as to who wrote it. If you have a site or something you want to promote by all means add that to your testimonial. Here's the basic questions that should be talked about:

Which one did you buy? (Cricket USB A600 or Cricket USB UM100)

Did you Upgrade from the Cricket USB UM100 to the Cricket USB A600?

Are you using it for travel or Primary internet?

Is it for business or Pleasure?

Are you happy with your choice?

Do you recommend the Modem to friends and family?

Any Situation you can think of where this has been helpful?

I am going to be asking for comments from Cricket about this also and I will be publishing this later on this month but before I do that you will have your chance to tell the company what you think of their Broadband solution. Please keep these comments family friendly, if you cuss and I publish it, be advised I will edit the cussing to be family friendly.

3 Comments | in

A600,

Use,

XP,

um100,

way

Wednesday

Mar042009

Microsoft Releases the Patch Information for March

Author:

Paul Sylvester | Date:

Wednesday, March 4, 2009 at 8:07AM |

Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) -- This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (Kb949031) -- This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. (affected System : Microsoft Office)

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Kb949030) -- This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (Kb933103) -- This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

These Four are all Critical and should be applied the week of March 11, 2009. Their are Seven Patches coming out, but these are the main focus. According to Microsoft they have released MS08-014, MS08-015, MS08-016 and MS08-017 to better help you find out which ones are affected.

Now is the time to get AutoPatcher ready and make sure it is up to date on any patches that might of came out this month that you didn't know about. Also consider downloading the new version of Anti-virus and Firewall software while you are it. In case you come accross a rogue virus and need to disinfect it!! Some of these patches for this month is due to the EXCEL vulnerability that is out right now and is in the wild, so that should be your top priority once Tuesday come around. Remember hackers will start exploiting these patches on Wensday and you will be racing against the clock. One last bit of information for the Mac Users you should also apply these patches they are vulnerable to according to Microsoft. I'll update as more information becomes available!!

Post a Comment | in

Anti-virus,

Autopatcher,

Downloads,

Email,

Mac OSX,

Microsoft,

Security,

The,

Win,

XP,

Tuesday

Mar032009

Cracking and Warez sites are Host of Trouble!!

Author:

Paul Sylvester | Date:

Tuesday, March 3, 2009 at 5:39AM |

It is nothing to laugh at and should be understood that gamers have no freedom right now. That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan. It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: "Crack Sites Distribute VIRUX and FakeAV"

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

No-CD Crack (This is good for those who want to play the game without the CD)

Key Gen Cracks (This is used for pirated version of a game)

Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)

And should not be Downloaded or USED!! I don't say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus. I encourage all the gamers out there, that don't want to loose their games to not download any more of these types of cracks. It seems the virus writers are wanting to infect systems and slow you down. You don't want to slowed down do you? Please consider getting a Firewall and a Free Anti-virus software to better protect your system.

2 Comments | in

Anti-virus,

Cracking,

FAKEAV,

Games,

Internet,

Key Gen,

Microsoft,

NO-CD,

Security,

TDSS,

US,

Virux,

Vulnebilities,

Vundo,

Win,

XP,

gamers,

start,

virus removal,

virut,

vitro

Thursday

Feb262009

Time to update Adobe Flash Player 10.0.22.87

Author:

Paul Sylvester | Date:

Thursday, February 26, 2009 at 10:03AM |

Adobe has issued a patch for some of the exploits in the wild. This should be installed on any system that isn't up to the date with Adobe's player. If you want to check your systems version you can go here and it will tell you what your version is and what the current version is.

If it doesn't look like this:

[ad#ad2-right]Then your on the wrong website. According to Adobe this fixes CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521.

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)

[Via Adobe Website]

Check Version of Adobe Player

Update to Flash 9 Player

Download Flash Player

Although this is due to the problem with the exploits in the Windows environment, this however won't stop virus writers from using this exploit for the Macintosh and Linux Distro's. This should be updated on there system also.

Post a Comment | in

Adobe,

arbitrary code execution,

Windows Vista,

adobe flash player,

adobe flash player 10,

adobe website,

attacker,

denial of service dos,

flash player 10,

information disclosure,

Thursday

Feb192009

PolyMorphic Win32:Vitro Most Viraulent Virus

Author:

Paul Sylvester | Date:

Thursday, February 19, 2009 at 5:09AM |

This seems to be an virus that is getting some people hit hard. I wanted to blog about this because of the nature of Virus and Trojans. I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies. I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it. It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

[via Avast Forums]

After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.

2 Comments | in

ATI,

Anti-Virus,

Avast,

Avg,

Back,

Back up,

Bad,

CES,

Call,

Codec,

EA,

Event,

Facebook,

Firewall,

HP,

Html,

IDE,

Inc,

LAN,

Make,

Movies,

NIN,

Online Movies,

Open,

Operating system,

Player,

Spam,

Tech-linkblog,

Tor,

UPS,

Window,

Windows Vista,

adobe flash,

adobe flash player,

anti virus protection,

anything,

backups,

building,

com,

dll,

download,

exe,

executable files,

guess,

href,

mean,

reason,

right,

risk,

running processes,

time,

viruses,

vitro,

way,

win32,

windows directory

Sunday

Feb082009

ThePirateBay might be blocked in the US

Author:

Paul Sylvester | Date:

Sunday, February 8, 2009 at 9:37AM |

I was looking around on Google and thought I just for giggles check out the Piratebay complaints. I tried going to the site and here's what Popups:

[ad#ad2-right]I tried on OpenVPN and my Local ISP, It keeps saying that. I then tried on my Cricket Modem and it tells me the connection has been interrupted, like something stops the connection in the first place. I can ping it and I can Tracert the Site but I can't even view it. I would like to know if Anyone else is having this problem also. Although I've not checked Thepiratebay.org complaints for quite some time because I've been so busy with my website. If you want to watch your favorite shows check out these sites like Hulu, CBS, NBC, ABC, ABC FAMILY and TNT.TV for free. I am just curious as to what happened and does this have anything to do with Net Neutrality? Anyway I wanted to talk about this and see what people are saying. Anyone know what is going on? Let's talk about this and help everyone by saying what you know. I don't know if Thepiratebay.org is down but I do wonder if someone is preventing people from getting to the website. I'll update when I have more information.

Post a Comment | in

AlwaysVPN,

CBS,

Connect,

Good,

Hulu,

LOG,

NBC,

Net Neutrality,

OpenVPN,

Review,

Sites,

Tech-linkblog,

ThePiratebay,

UPS,

VPN,

Wiki,

ad2,

first,

going,

local isp,

modem,

place,

quite some time,

say,

something,

tnt tv

Tuesday

Feb032009

Offline Update 5.0, Clone of Autopatcher to Some!!

Author:

Paul Sylvester | Date:

Tuesday, February 3, 2009 at 3:51AM |

Offline updater 5.0 has been released a couple months ago and I just realized it now. This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft. The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

[ad#ad2-right]I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections. This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install. You can take a DVD and update on the fly within Mins. DVD being Cheap or buying them in bulk helps saves time and money for the company. Less time spent downloading the updates and more time actually getting work done. As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm. This would help install the updates that it prevented you from doing in the first place. I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again. You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Q: How can I create the offline update CD images automate, for example via a "scheduled job"?
A: Create a new batch file in the "cmd", eg "DownloadUpdatesAndCreateISOImage.cmd". Add the desired calls of

"DownloadUpdates.cmd" and "CreateISOImage.cmd" with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a "time-controlled contract" for the new script "DownloadUpdatesAndCreateISOImage.cmd" to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ's Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning. You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

This is nice if you have clients who use the Microsoft Office Suites also. Some Malware will often try to infect people's systems through a office script or some other vector. So this will also prevent infections or hackers from getting onto the system by updating this also. You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:

Offline update 5.0 Download site

Official Site for Offline Update (Translated into English)

Post a Comment | in

DVD,

Downloads,

Hackers,

Hard,

Job,

Trojan,

UP,

Updates,

Use,

computer virus infections,

Win,

cmd,

day,

fly,

necessary parameters,

offline update,

patches,

people,

target,

tech,

time and money,

way,

windows 2000,

windows server,

worm

Wednesday

Dec172008

Microsoft released KB960714 to fix THE IE Problem

Author:

Paul Sylvester | Date:

Wednesday, December 17, 2008 at 1:23PM |

[ad#ad2-right]This is the update to fix the IE Vulnerability and if you have any questions please make sure to check my other post about this little update. This was sent out today and should be patch ASAP, on all systems. If you want to patch the easy way, I suggest downloading Clone to Autopatcher. This seems to help make an ISO file on a DVD so you don't have to update a system the old way.

Post a Comment | in

ASAP,

Autopatcher,

Clone,

DVD,

ISO,

KB960714,

Microsoft,

today,

vulnerability,

way

Tuesday

Dec162008

Microsoft to Release KB961051 on the Dec 17, 2008

Author:

Paul Sylvester | Date:

Tuesday, December 16, 2008 at 8:01PM |

According to McAfee and I will quote:

December 16, 2008: Microsoft has announced an out-of-cycle patch release for a critical, remote-code-execution, vulnerability in Microsoft Internet Explorer (CVE-2008-4844). The patch, to be released on December 17, will address the vulnerability across multiple versions on Internet Explorer running on supported Windows platforms.

[via McAfee Threat Center]

[ad#ad2-right]From what I am understanding it will be KB961051 and will be a critical update on all Windows platforms. Microsoft issued a security advisory for this on there Technet support website. This will probably be put online sometime tomorrow and will be available to download after 10am PST although this is just a rumor because when I go to that article they talk about the work around and how to fix it temporary until they release the patch. This is releated to the IE Vulnerability that is in the wild and has been causing havok on the internet.

Post a Comment | in

Dec,

Online,

PST,

Rumor,

center,

cve,

havok,

mcafee,

threat,

work

Thursday

Dec112008

WordPress 2.7 is available.

Author:

Paul Sylvester | Date:

Thursday, December 11, 2008 at 10:20AM |

Having installed the latest update, I must say this new dashboard is quite good. I love the new dashboard. So lets take a quick look at what you can do:

Click Image to View it in full screen!!

After I installed it, this is what it was like. I then decided to change it around to show you what it looks like now. You have the option of changing the right row and also the windows to where you want. Like this:

Click Image to view it full screen.

As you can see you can change so much stuff on the dashboard it is like having your own very wordpress operating system on your system. You can customize what you want where you want. I like this new look. I'd thought I show you the Wordpress 2.7 Dashboard and show just how nice this looks. I want to hear everyone thoughts on this new dashboard do you like it or hate it?

[ad#ad2-right]My Opinion is this is so nice and easy for the blogger and people who use the Podpress, it makes it even easier and quicker. Oh and you can now use Google Gears to speed up the dashboard so you don't have to wait for the page to load. You can also use it offline and post it online when you get a signal. That is my understanding of Google Gears although I've not tested that part out. I am almost sure you could do that with Wordpress.

Post a Comment | in

Blogger,

Dashboard,

Gears,

Image,

Show,

Wordpress,

click,

customize,

everyone,

look,

option,

page,

screen,

signal,

stuff,

view,

wordpress

Tuesday

Dec092008

The Important Windows patches Released Today

Author:

Paul Sylvester | Date:

Tuesday, December 9, 2008 at 12:25PM |

As many of you know we talked about the Non-critical patches that Microsoft will release today. IF you want to read those please go and check it out. I'll be talking about the REALLY important ones that Microsoft has kept tight until now. These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot. I'd wanted to let people know about what people coin "Exploit Wednesday". I really don't know if this is a Myth or actually does exist but I'd figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible. Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don't want to have any problems with these updates. I don't suggest testing it more than a couple days. Here are some good Virtual Machine software to try out yourself:

Hyper-V (Microsoft Product)

VMware Virtual Machine

Virtual PC 2007 (Microsoft product)

Virtual Box - Sun Microsystems (FREE)

Kaffe Virtual Machine (Haven't Tried this one)

Here is the list of updates that are critical that Microsoft released today. Each one of these are quite important and should be considered installed when you get a chance.

[ad#ad2-left]Microsoft Security Bulletin MS08-073 - Critical
Cumulative Security Update for Internet Explorer (KB958215)

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

[ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

KB952069
(not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

These are just ones that I found and wanted to let you know, the others have been explained on the other article. So check them all out and I suggest installing them quickly as possible.

Post a Comment | in

Cumulative,

Exploit,

Explorer,

GDI,

Help,

Kaffe,

Player,

Remote,

Rights,

To,

VMWare,

could allow remote code execution,

chance,

coin,

couple days,

critical updates,

cumulative security update,

hyper,

internet explorer,

internet explorer users,

list,

lot,

machine software,

man,

microsoft product,

microsoft security bulletin,

myth,

new accounts,

patches,

search,

step,

success,

sun microsystems,

thos,

tip,

tip of the iceberg,

using internet,

view,

web page

Sunday

Dec072008

Upcoming Patch Tuesday

Author:

Paul Sylvester | Date:

Sunday, December 7, 2008 at 8:22PM |

[ad#ad2-right]I wanted to get prepared for the updates for this Tuesday and I thought I'd go through them and list what Microsoft said about each. These are what's been said on Technet and I am sure there will be more. Each one of these don't look to serious but I will post Tuesday if there is anything I've missed on this post. As you might know this is not set in stone but just the direction of Microsoft for this Months Release.

KB955839

Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Install this update to resolve an issue that is caused by revised daylight saving time laws in many countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2008. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

[ad#ad2-left]KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

KB890830

Windows Malicious Software Removal Tool

Microsoft released the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. After you download the Microsoft Malicious Software Removal Tool, it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

[ad#ad2-right]KB905866

Update for Windows Mail Junk E-mail Filter [November 2008] (KB905866)

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

I am sure there are going to be others but right now this looks like the normal things Microsoft sends out. I am sure they are keeping a tight lid on the really serious stuff until last second so I'll have to report the really important stuff Tuesday.

1 Comment | in

ATI,

Call,

Direct,

Don,

Malicious Software Removal tool,

ICal,

IDE,

Junk,

Mail,

Micro,

Mydoom,

Server,

Tool,

application compatibility,

Win,

XP,

compatibility,

compatibility issues,

computer clock,

conten,

daylight saving time,

item,

malicious software removal,

man,

message,

microsoft malicious software,

microsoft malicious software removal,

microsoft malicious software removal tool,

microsoft windows malicious software,

microsoft windows malicious software removal tool,

month,

move,

windows malicious software removal,

removal,

removal tool,

report,

stone,

technet,

time laws,

windows server

Sunday

Dec072008

Facebook : Beware Spam for breakfast. (Virus)

Author:

Paul Sylvester | Date:

Sunday, December 7, 2008 at 3:45AM |

Net-Worm.Win32.Koobface.b,

In today's society, we've been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

[ad#ad2-right]

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user's friends via the site.

"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites," said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. "So, the likelihood of a user clicking on a link like this is very high."

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they'll say you need and if you've already installed this list of codecs then you know they'll not telling the truth and you can quickly get away from the site laughing.

[ad#ad2-left]What's this program name, it is call the K-lite Mega Codec pack. In this Pack you will be able to play almost everything without having to go download another program. This is done by people who want you to have all the latest codecs installed so you don't have to go by a program you'll only going to use once a month.

Once you've done that, you'll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I'll always go to the site and check for example Adobe. If it says I need to update my flash I'll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I'd check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don't forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.

Post a Comment | in

Alexander Gostev,

Anti-spyware,

App,

Aug,

Begin,

Blog,

Book,

Browser,

Call,

Clicking,

Codec,

Data,

Dec,

Don,

Easy,

Facebook,

Fake,

Friend,

GE,

Good,

IDE,

KY,

Kaspersky,

Koobface,

LOG,

Lab,

Links,

Make,

Manual,

Might,

NETWORKING,

Name,

Player,

Security,

Sites,

Social,

Social Networking,

Software,

Someone,

Spam,

Tab,

The,

Thinking,

Times,

US,

Updates,

Via,

Via Channel,

Visit,

Win,

ad2,

amp,

check,

com,

download,

end,

example,

going,

k lite mega codec pack,

kaspersky lab,

lick,

likelihood,

link,

list,

man,

mean,

message,

month,

org,

pack,

page,

people,

place,

program,

right,

ru,

say,

security provider,

site,

social group,

social networking sites,

test,

threat,

today,

truth,

two ways,

type,

ua,

user,

way,

web,

while

Friday

Dec052008

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

Author:

Paul Sylvester | Date:

Friday, December 5, 2008 at 5:45PM |

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox's Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

[ad#ad2-right]So having seen this I thought I'd come up with ways around this to better protect yourself. One way to prevent this from getting your sensitive data is to get a program like Sandboxie. You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer. I'd also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening. It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free to download and try. It will encrypt your passwords so if they don't know the master password then they are out of luck. Roboform is also good for coming up with some strong passwords. Just some suggestions to prevent from people seeing your sensitive data, you don't want anyone to get that data.

Post a Comment | in

Age,

Anti,

Anti-Virus,

Anti-spyware,

Anti-virus,

App,

BOX,

Bitdefender,

Chrome,

ChromeInject,

Computer,

Data,

Detect,

Detected,

EST,

Event,

Explorer,

FIREFOX,

GE,

IE,

Install,

Internet,

KEY,

Live,

Malware,

Mozilla,

NIN,

New,

Password,

Plugin,

Protection,

Red,

Sandboxie,

Secure,

Spy,

The,

Trojan,

US,

Use,

Via,

Ways,

ad2,

check,

com,

end,

folder,

page,

pws,

right,

ru,

search,

spyware,

start,

test,

thought,

time,

troj,

type,

war,

way,

web,

web passwords,

work

Friday

Dec052008

Are you patched, Secunia Says NO

Author:

Paul Sylvester | Date:

Friday, December 5, 2008 at 9:03AM |