Computer Security Weblog

Well Happy 4th of July to all the folks here in the US.  Hope everyone has a safe one today.  Just a little warning.  The Storm Worm still lives and as expected, a wave of e-mails trying to get you to download an executable called fireworks.exe.  Just remember, do not click on links or attachments in unsolicited e-mails.  Click here for the Internet Storm Center story relating to this subject.

Happy 4th everyone!!

Read this story on usatoday.com basically backing up why bad guys can take advantage of millions of web surfers out there.  Click here for the usatoday story.  I guess I should not complain because this reinforces why I feel that I have job security.  Anyway, here are the scary stats.  If you get one thing out of this posting, please use a patched browser.  Patching is one of the simplest things to do but so many don’t do it for one reason or another.

here is an excerpt from a story linked from the usatoday.com article.  This is from the website securitywatch.eweek.com:

While many of us will spend the better part of our adult lives sitting at computers, and more specifically keeping our eyes trained on the cyber-crime ecosystem, can we really expect people who do not to constantly remember to go download new software releases?

According to the researchers, “at most 83.3 percent of Firefox users, 65.3 percent of Safari users, 56.1 percent of Opera users and 47.6 percent of Internet Explorer users were using the latest, most secure browser version on any day between January 2007 [and] June 2008.”

The Firefox number is actually quite surprising. The idea that less than 50 percent of the estimated 577 million people using IE are not on current versions really is not. Firefox users tend to be more technically savvy, as many have specifically sought out the browsers for themselves. Most of the people using IE have it installed on their machines by default.

Based on this information, it’s no wonder why the criminal attacker is so successful.  I’m thinking about downloading Opera and testing it as another more secure browser.  I use Firefox along with add on’s to improve my security.  No way can you be 100 % secure.  There will always be those zero-day attacks that no patching can help.  Responding quickly to vulnerabilities is the reason why I use the Ubuntu operating system.

That is it for this post.  Lots of fireworks going off tonight, so the high price of gas hasn’t slowed too many folks from buying fireworks.  Sure has affected me and my 4th of July spending habits.  Have a great Thursday and stay safe.

A story hitting close to home for me. Lawrence, Kansas is the home of my beloved Kansas University Jayhawks. I just heard on the news that several residents of Lawrence have been called over this past few days telling them they either have a problem with a VISA credit card account or their bank account an the KU Credit Union. Click here for a link to an online story. This scam has been around in parts of the country but this one is a bit closer to home.

Attackers can setup a call center on their PC or one that they control, then call random residents that is targeted to a certain location. I guess the attacker asks for personal identifiable information like credit card number or account number. Then those who fall for it, have had money transferred out of their account. With these call centers that attackers use, they can spoof the number that is making the call just like a phisher in e-mail can appear to be coming from PayPal.com for example.

This is just another social engineering scam that attackers are starting to use because people have been warned over and over about these phishing e-mails appearing to be coming from banks and credit card companies.

Create your own “need to know” basis where you refuse to give up information from any unsolicited e-mail, phone call, or SMS messages (text messages on mobile phones) because these are known attack vectors. If you think it is true, hang up and call your bank or credit card company directly.

Rock Chalk Jayhawk and hope not too many of the citizens of Lawrence have fallen for this scam. Take care and stay safe this weekend.

I wrote this post last December and thought I would update it a bit since SP 3 was released by Microsoft.  So here is my updated posting on ‘Sometimes, You Need to Reload’.

Sometimes, you run across a PC that has been so mucked up that trying to clean the machine would not guarantee that all the malicious bad stuff can be removed. So you decide you have to reload your machine from scratch, then update all the software. What steps should you take before you actually delete the hard drive. Here are steps I take when I reload my PC’s. It’s not a bad thing to reload. I do it at least once a year.

Here are the steps in the order that I use and then we’ll go over them .

1. Backup your files that you want. Pictures, documents, browser shortcuts, iTunes songs, etc.  Also go out to Microsoft’s website and download the SP3 service pack ISO Image.  Once downloaded, burn the image to CD so after you’ve completed the step 5, you then will insert this image CD in and this will patch your XP operating system and make the updates you will go and get from Microsoft a bit quicker.  Click here for the Windows XP Service Pack 3 - ISO-9660 CD Image.

2. Take an inventory of what applications you have downloaded. AOL’s Instant Messenger, Adobe Reader, etc.

3. Gather all your restore CD’s that you got when you purchased your PC.

4. Review steps 1 through 3 and double check the details of each step.

5. Start the reload process.

6. After step 5 is done, then insert your MS XP SP3 CD that you created.  When the window pops up, just click Install.  After this has completed, then there is the process of going out to Microsoft’s site and download all the updates.

7. Take the files that you backed up, transfer them to your PC. Keep this CD full of all your valuable data.

8. From step 2, you will need to go and download all those applications that you or your kids use.

9. This step is optional, but after backing up, and you either purchase imaging software, or use some of the freeware out there, you can take an image of your clean system before you release it to all the rest of the members of your family. This will save you many hours next time you want to do a reload. Instead of going all the way back to your original restore disks that came with your PC, you can just copy your image back to your hard drive and you can do it in less than an hour.

10. YOU ARE DONE!

Now let’s cover these in a little more detail.  Backing up files means any pictures, documents, favorites from browsers, and don’t forget your iTunes songs.  A good starting point is to back up your My Documents.  This should get your documents that you may have created with any Microsoft Office products, and your iTunes songs.  If you’ve saved pictures in the My Pictures folder, this is also included in your My Documents folder.  If you have other applications and they save files such as your tax preparation programs or others like that, just make sure you are getting all your files.  One easy way I save my browser Favorites this way.  I use Firefox as my browser of choice.  In Firefox, click on your Bookmarks>Organize Bookmarks and this will open up another window titled Bookmarks Manager.  From there you just click on File>Export and then you choose the location that you want to save this back up file.  I pick the Desktop so it is easy to find.  Then I open up my e-mail and attach it to an e-mail I send to myself.

Next, we’ll inventory what programs we’ve downloaded and use.  This includes your Adobe Reader, AOL’s AIM, Yahoo Messenger, and it may also include your firewall, spyware removal and anti-virus programs.  Take a look at your Add/Remove programs to see what all is installed and that could help you not miss something.  If  you want to, prior to your reload, just download all those setup programs and write them to a CD.  Then when you are all done reloading, you can install your firewall, anti-virus, and anti-spyware programs so you can get those installed before connecting to the Internet.

Step 3 we really don’t need to go over too much.  When you bought your PC, the manufacturer also gave you restore disks so if something were to happen, you could reload your PC.  Get these all gathered up and ready.  We’ll even cover step 4 in this paragraph also.  Double check steps 1 and 2 and make sure you are ready.

OK, step 5 is the actual reload.  Just follow your manufacturers instructions.  Now after that, you can run your setup programs for your firewall, anti-virus, and anti-spyware and get those installed.  Then connect your PC to the Internet and download your current signature files and then you will be ready to go through the Microsoft Update process.  This is Step  6.   This process may need to run several times.  It just depends on how long ago you bought your PC.

That leads us to Step 7.  You can now take all those files you backed up and move them back to your PC’s hard drive.  This step is pretty easy to do.  To get those browser favorites back on your PC, just open up Firefox and go to that Bookmarks Manager where you backed them up, but instead of exporting them, you will import them.  So you’ll have to go get that e-mail you sent yourself with the attached file and download it to your Desktop.  Then you can import them from there.  Pretty simple.  It is here where I would suggest that you back those favorites up every once in awhile and e-mail them to yourself.  Then you can go and get them if ever something goes wrong.

Wow, we are already on Step 8.  This is where we go get all those other applications like your Adobe Reader and any other software you may have downloaded.  If you did this prior to your restore, you can get all those setup programs that you downloaded and wrote to a CD.  Then you have all those applications installed quickly and your machine is almost ready to go.

Now Step 9, I throw you a suggestion.  From this point, your system should be about as clean as it will ever be until you reload your machine again.  So if you want to save a lot of time the next time your machine, you can purchase an imaging program like Symantec’s Ghost.  I don’t personally use it but it would allow you to restore from this point if sometime in the future your PC gets hosed again, you won’t have to go through all these steps.

Step 10….YOU DID IT!  It really isn’t hard, but it is time consuming.  This is actually a process that I go through at least once a year.  Reloading your PC shouldn’t be a huge process.  Anyone can do it but it takes some time.  So next time you have to do this, go check out the price that the Geek Squad charges, then do it yourself and take the money you save and take your family out to dinner.

Everyone have a safe 4th of July celebration and take care.

A little vacation is a really good thing.  But I’m back now and since I haven’t posted too much this month, thought I could inform you of a couple of things.  Attackers go to where the numbers are.  And with Wimbledon Tennis coming up, the ATP site was attacked with those nasty injectioin attacks.  Be careful out there folks.  It’s a scary world we live in.

Thought I might tell you that Adobe has an update to the PDF reader that almost everyone has so open the reader up and click on Help, then select the Check for Update option.  If you aren’t patched, patch now.  Attackers depend on you not updating your software.

It’s getting hotter and more humid in the middle of the heartland of America.  Stay cool, stay safe, and have a safe celebration with the 4th of July coming next week!

Hey, if you haven’t taken the plunge and started browsing the Internet with Microsoft’s Internet Explorer, this may be a good time. Starting tomorrow, Firefox 3.0 is being released to the masses. Some of us have been using the beta version of Firefox 3.0. Now is as good any time to try something new. We’ve talked about Firefox and using the NoScript add on for a more secure Internet experience.

Click here to read about and download the new version of Firefox Tuesday! Rock on!!

We’ve talked about all the legitimate sites that have been hacked lately and I read this story with all the statistics from a security company ScanSafe.  The article is from the online website vnunet.com.  Click here for the link to this story.  I found it interesting but then I easily entertained.

Stay safe and patch patch patch if you aren’t already.  Try FireFox browser and use the NoScript add on.  It’s awesome.

Adobe Flash Player made a lot of headlines last week.  Well the injections of sites exploiting the Flash Player has increased to over 800,000.  Doing a Google search on com/b.js has 825,000 pages indexed.  It is being hosted on many domains, some have been noted in this blog and others.  After all the shakeout, it was determined that the current Flash Player (9.0.124.0) is not vulnerable.  So as I’ve stated in the past, patch, patch, patch.  This time it’s the Adobe Flash Player.

Click here to check which version of Adobe Flash Player is installed on your PC.  If it is not the current version listed above, then download and install it now.  Stay safe as we are now over the hump for the week. Can’t wait till the weekend!  Rock Chalk Jayhawk!!!

The Microsoft Security Response Center (MSRC) has posted an entry to alert people of a security issue (advisory 953818) for users using Safari on the Windows platforms. I’ve written in the past about Apple distributing the Safari browser to Windows users, first as an “update” and later as new software, but still defaulted to install. With this information, it was really only a matter of time before something nasty would take advantage of it.

From how I read it, the blended threat takes advantage of something Safari asks Windows to do. Currently the advice is “Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.” In other words if you are using Safari on Windows, change the default download location.

A vulnerability has been reported in Adobe Flash Player versions 9.0.124.0 and older, which is the current version available for download now. Adobe has not yet released a patch nor an official advisory. Symantec has also said that this vulnerability is currently being exploited by the bad guys as we speak. Soon they will have an update out but at this point, it is up to you to protect yourself. Don’t click on unsolicited links or attachments in spam e-mail. Your behavior can go a long way in protecting yourself when on the Internet.

Stay safe and have a great Wednesday!

UPDATE Wednesday, May 28, 2008 16:30 CST

Well as the day went on, it was found that current release of Adobe Flash Player ( 9.0.124.0) is not vulnerable to the attacks that are ongoing at this time. Here is a list of the nasty sites serving up the exploits. WARNING!! Do not visit these sites no matter what!!

tongji123.org
bb.wudiliuliang.com
user1.12-26.net
user1.12-27.net
ageofconans.net
lkjrc.cn
psp1111.cn
zuoyouweinan.com
user1.isee080.net
guccime.net
woai117.cn
wuqing17173.cn
dota11.cn
play0nlnie.com
0novel.com

UPDATE: 053008

Well this story has more turns in it than a NASCAR event.  Some are even right turns.  First we thought all versions of Adobe Flash Player were vulnerable.  Then we are told that the current version is OK and not vulnerable.  Then, Adobe doesn’t come right out and say it and Symantec is saying that these exploits are working so just be careful out there.  Seems that the bad guys are using these in new SQL injection attacks.  Have a great Friday!!