Computer Tips -Tech Info

Category: Security

  • Exploits a plenty – IE / Excel (Firefox?)

    There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?

    (more…)

  • Apple Mac OS X updates

    There are several issues fixed by a bundle of updates for OS X (for 10.4 up to 10.4.6). The new release is 10.4.7 There are a number of issues fixed in addition to at least 3 security related problems. Incidents.org has more details. I know many Mac users feel the “aura of invincibility”, but…. keeping your OS updated is important no matter what Operating system you use…. mac, windows, linux, bsd, etc.

    (more…)

  • All old scams are new again….

    Last week I got a notice of this warning…. it seems that scammers are sending out emails claiming to be from the FDIC (Federal Deposit Insurance Corp.) and the email claims that the government will no longer insure your bank deposits unless you validate certain information…

    (more…)

  • Google roundup…. 55 ways to have fun, ipv6 and schoolkids Social Security Numbers….

    There are a few Google related stories of the last few days to catch up. 1)55 Ways to have fun with Google is an e-book available for purchase on Amazon or Lulu.com, but it’s also avaiable as a free pdf download. (And it’s licensed so you can mix it up/etc…) It’s certainly not as deep as a Google Hacks overview would be, but covers some of the Google games out there and a few other interesting bits as well. It might be a good gift for those just getting their feet wet in Google searching…. 2) There are a couple stories about just how many IPv6 addresses that Google controls these days. From George Ou’s article ” (79 billion billion billion addresses)”…. They’ve been sold that many, really for the main purpose of being an ISP of some sort (maybe selling businesses IPv6 connectivity?)

    (more…)

  • Another wolf among us… and more spyware news

    Yes, it’s another wolf in sheeps clothing. This time around Sunbelt is reporting on “Trust cleaner”. Keep your eyes out for this one, among other things it plants an altered version of the Google page complete with links to dating, gambling, ringtones, pharmacy, home loans and spyware removers…….. (the fake site is at mswindowssearch.com – trustcleaner.com trustinbar.com are download sites for the pest….) If you’re in a position to block addresses…. read more for the list….

    (more…)

  • Another Microsoft Office Vulnerability

    Hot on the heels of the Microsoft Word patch there’s a new threat to Microsoft Office. This vulnerability is with Excel documents. According to the MS security response center blog, they’ve received one report of a system being attacked by a previously unknown vulnerability in Excel. The moral of the story is to be suspicious of any attachments, be they programs, or claim to be images, word documents, excel documents, fluffy bunnies or what…. If you weren’t expecting an attachment in email wait and find out if it’s legit through other channels.

    (more…)

  • Big Windows June update day

    Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities are considered remotely exploited or with little (or no) user interaction.) Sans has a good listing of the advisories. This month it is a bit much to track in one big whallop… but I’ll try to give a summary here.

    (more…)

  • Web 2.0 could lead to virus 2.0…

    The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..

    The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.

    (more…)

  • Another wolf in sheeps clothing to watch for

    Wolves in sheeps clothing are the label I give to those rogue antispyware, or antivirus programs that bring pests instead of protect against them, or are otherwise questionable in their tactics. Titan Shield seems to be a new threat on the block in this area, I haven’t seen it first hand yet, but it looks like it is one you’ll want to avoid *(You may want to block antispywarebox(dot)com and titanshield(dot)com if you’re in a position to do such things in your network.)

    (more…)