Computer Tips -Tech Info

Category: Computers

  • Seller Beware…

    This is a cautionary tale about bank fraud for anyone that sells things. (online or otherwise). A man sold a car online, the buyer sent a check for several thousand more than the buying price. He claimed it was to cover extra shipping costs and for the seller to just wire him the excess which turned out to be $5000. He felt a bit suspicious of the check and inquired a couple times if the check was ok, the teller confirmed that the check was fine.

    (more…)

  • Pretty, shiny usb drive is all it takes to compromise security….

    Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.

    (more…)

  • Cross browser javascript vulnerability

    It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”

    (more…)

  • Microsoft June Patch Cycle heads up

    It’s about that time again folks…. Monthly Microsoft patch cycle – June patches will be released on the 13th (next Tuesday) and it looks like a big batch. There should be 12 patches this time and at least one of the Windows updates is Critical and at least one of the Office updates is critical. It’s widely expected that an update will be released for the Word vulnerability that’s been talked about previously here. Also, there will be a change in the ActiveX behavior in Internet Explorer. That change had been scheduled to come out a few months back, but was postponed.

    (more…)

  • Report Phishing Emails/sites

    By the way, the castlecops dos has reminded me of something that I hope I’ve mentioned before, but will mention again. They have a page castlecops.com/pirt where you can either copy/paste an entire phishing email or provide them with a link of a phishing site. Very useful interface for reporting phishing. Anyway, it’s being added to the “Useful links” area.

  • The Great Cyberwar

    It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages they kept coming, so a few sites decided that if they could “blacklist” the places that these messages were coming from, they could help people deal with the mass of messages. So they did, and the people sending the unwanted messages were a bit frustrated and improved their distribution a bit, taking over virus infected pcs for sending their messages. The defenders matched and started blacklisting dialup addresses as mail sources. It was frustrating for those doing legitimate mail servers on a dynamic internet address, but there were legitimate ways to fix the problem. But the senders of the messages got mad.

    (more…)

  • Bad malware storms brewing

    ADTMAG.com has an interesting article talking of the convergance of spyware and more sophisticated phishing attacks. They talk about the convergance of viruses and spam engines that happened in 2003 as a real shift in the dynamic of WHERE junk mail was coming from. Today botnets account for about 90% of the spam online, and of course, the botnets are the zombie armies that can be (and are being) utilized to bully web pages off the net, or extort large amounts of $$ due to denial of service attacks.

    (more…)

  • The “secure software” dilemma

    It’s quite a dilemma when a software product is billed as more secure than another…. several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment “I thought firefox was supposed to be secure.” I think there’s a misunderstanding when it comes to software. I think the misunderstanding is that one piece of software can be secure and another not. Out of the box. Let’s take a stab at clarifying…. Security is not a product, it’s not a feature, it’s a way of doing things. Along those lines….

    (more…)

  • Windows Vista Beta download

    Yes, this is legitimate and officially sanctioned. Microsoft is releasing the beta version of Vista Ultimate for download. This page gives details on the download. It is also possible to request a dvd. (The download is a dvd iso – a bit over 3 GB). It will expire June 1, 2007 (I assume Vista will be out by then…) It should be able to upgrade an existing XP install or do a fresh install (PLEASE DO NOT DO THIS WITH YOUR MAIN DESKTOP WITHOUT SERIOUS BACKUP FIRST.) It will be unable to roll back to the previous OS (fresh wipe and install would be required.)

    (more…)