Wednesday, February 28, 2007
So what is Secondlife?
Second Life is a 3-D virtual world entirely built and owned by its residents. Since opening to the public in 2003, it has grown explosively and today is inhabited by a total of 4,100,944 people from around the globe. It comes in English, Japanese, Korean and German at the moment. The currency is called Linden (so you transact in Linden dollars)
What can i do in it?
Unlike flat chat programs, Secondlife allows you to create virtual you-yourhome-yourlife and thereon meet people, do businesses and virtually anything you would do in this life of yours in the virtual world (now im considering to signup, for some non-sexual reason of course! :P)
Here people like you and i, can express our "lives" in a virtual space.
How do i get started?
Well, simply register, the first account or land you create is free, this is the basic membership. Subsequently, to create more lands, you need to pay a small fee ranging from USD6-9, fair enough :). By registering you get to own more lands and get weekly allowances @ Linden 200 (L$200) Once registered, you choose the way you look through an avatar (not too many choices tho). Then proceed to the on screen instructions. Then download a small 30MB plus client for Windows XP (may work with Vista), MacOS X and Linux i686 (Alpha)
So, i would suggest get right into the action by registering, click https://secure-web4.secondlife.com/join/
Please note the client software requires high end video cards, something over 32MB normally should do, so please test it out and you MUST checkout their system requirements here http://secure-web4.secondlife.com/corporate/sysreqs.php
The downside is this website seem rather slow, when i tried to register, took me ages.
So if you bump into "highsecurity bing" thats me! Not sure what i will do now...
Oh, don't forget to read the Community Standards - https://secure-web4.secondlife.com/corporate/cs.php before you start to paint the town. :)
Saturday, February 24, 2007
What is pharming?
In simplest term, pharming is the process of attacking a person's computer so that the computer "goes" to a website that is not the actual one by modifying important name to ip resolution methods such as dns, host files and others. (Wiki: http://en.wikipedia.org/wiki/Pharming)
How does it affect me?
It could lead you to a website that may look and feel like the original one (example, pharmed Public Bank Online http://www.pbebank.com) to my own little webserver on my funky Vista OS. Only ones imagination is left to what more damages this can present.
What is drive by pharming?
Now, like pharming, drive by pharming is an attempt to log in to your edge devices (like your TMNet router, your Netscreen, Zycel, Cisco routers) by using a dictionary of known common passwords that a script within a website can run. Once accessed, the information on this router like DNS etc, can be modified to suite the attackers DNS which effectively leave you to a PHARMING Attack.
How to find out/mitigate?
While it may be quite difficult to know if your computer has been pharmed with malicious internet addresses, its easy to know if the website you've accessed is legit or not. Example, gmail would have an SSL Certificate which will not prompt your browser for validity unlike a fake SSL Gmail cert will create an alert on your browser. End of the day, its your concious actions to access/not access these sites.
Also, be sure to have updated Antivirus software, run Internet Explorer 7 or Firefox 2 or Opera 9 which are intelligent enough to prompt if a certificate is invalid or a particular link looks suspicious. Vista for one does not allow access to the host file or overwriting it either.
Use strong passwords on edge devices, routers, modems, wireless-use strong AES, your Windows OS!!!!.
Get professional help if you are in doubt.
Is this for real and do-able? (No Frank, not the do-able we always do ratings on)
Yea, sure, checkout how 80 of Cisco devices can be pharmed, read this article
Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer.
The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 260, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.
Symantec's article on this issue: http://securityresponse.symantec.com/avcenter/security/Content/2007.02.22.html
Thursday, February 22, 2007
Solution? Run WinDVD as an administrator, register..done.
To fix this, run Firefox as an administrator, install the plug-in, close Firefox and run as normal again. Remember to close and reopen firefox to make sense out of User Account Control.
User account control info: http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx
Note: The attack can be automated and a pop-up appears encouraging users to download an Antispyware program.
Microsoft IM tool carries ads for fake security product.
Microsoft's MSN Messenger, recently renamed MSN Live Messenger, was found last week to be carrying banner advertising for the WinFixer rogue anti-spyware product.
WinFixer, also known as ErrorSafe, uses fake warnings of malware infections to trick users into installing its software. Like many such rogue applications, installation may be limited to a low-grade malware scanner which blackmails victims into paying for a 'full version' to remove non-existent infections; more insidious rogue products also include downloader trojans to bring further unwanted adware and spyware onto compromised machines.
It is thought the advertising was sneaked past the MSN Messenger screening process by replacing a clean advertising stream. While some of the ads required the user to click on them to activate the attack, others are thought to have been capable of launching without user interaction. Microsoft has issued an official apology for the breach and has removed the ads from the Messenger product.
Internet Explorer expert Sandi Hardmeier has more details and screenshots at the SpywareSucks blog, here.
Anyway, there's a cool tool that can fix ads for good!!!... http://apatch.ikhost.com/index.php
A-Patch for MSN build (8.0.0812) features are as follows:
:: Contact List - 30
Remove Windows Live Logo
Remove "Messenger" Title
Remove Display Picture Container
Remove Personal Message Bar
Remove E-mail Button
Remove Sharing Folders Button
Remove My MSN Space Button
Remove Windows Live Today Button
Remove Make a Phone Call Button
Remove Yellow Information Bar
Change Display Picture Link
Remove Contacts Personal Message
Remove Toast Display Picture
Remove Gleam Notification
Add Always On Top Button
Remove Search Bar
Remove Display Picture in Sign-In Window
Remove Bottom Links in Sign-In Window
Remove Windows Live ID Branding
Disable MSN Spaces Contact Card Integration
Remove Color Button
Disable Song Links
Remove Emoticons from Nicknames
Remove Contact Manager Bar
-- Move Contact Manager Bar to the Bottom
-- Remove Extra Padding from the Contact Manager Bar
-- Remove "Add a Contact" Button from the Contact Manager Bar
-- Remove "Manage your Contacts" Button from the Contact Manager Bar
-- Remove Contact Search Field from the Contact Manager Bar
:: Instant Message - 34
Remove Windows Live Logo
Remove Invite Button
Remove Send Files Button
Remove Web Cam Button
Remove Call Button
Remove Activities Button
Remove Games Button
Remove Block Button
Remove Color Button
Remove Search Button
Remove My Display Picture Container
Remove Font Button
Remove Emoticons Button
Remove Voice Clip Button
Remove Backgrounds Button
Remove Winks Button
Remove Packs Button
Remove Nudge Button
Remove What's Hot Section
Remove Formatting Toolbar Separator
Change Ink Tabs to Text
Add Custom Games
Remove Contact's Personal Messange and E-mail (To: Bar)
Remove Web Cam Icon from Avatar/DP Containers
Remove Nudge Delay
Disable Nudge Shake
Remove Send Button
Add Send Button to Handwriting Tab
Remove Status Information Bar Remove "Get a Webcam" Link Add Always On Top Button
Remove User Is Writing Message
Remove Convert Tab
Remove "says" Text
I am pretty fond of the conventional 32bit chunky software at least, you can't inject to XSS the bugger!.
Here's an excerpt from Eweek (http://www.eweek.com/article2/0,1895,1744115,00.asp) and please update your Google Desktop at http://desktop.google.com
Web search powerhouse Google has acknowledged—and patched—a security vulnerability in its desktop search utility that opens the doors for man-in-the-middle data leak attacks.
The Google fix was issued after a pair of Rice University graduate students discovered that two different attack scenarios could be used to exploit the Google Desktop vulnerability.
The students, Seth J. Fogarty and Seth Nielson, made the discoveries during a security audit of the search tool. The audit was part of a final project in the students' Computer Systems Security course.
Google, through a spokesman, confirmed the students' findings. "We were made aware of this vulnerability with the Google Desktop Search software and have since fixed the problem so that all current and future users are secure," the spokesman said.
Google is pushing out the fix with the tool's auto-update mechanism.
Fogarty and Nielson worked closely with Google since November to patch the hole before releasing details (PDF file) on the Internet.
Wednesday, February 21, 2007
1. Internet Explorer
Comment on item 1:
Well, yea, that would be quite true, this is because, IE is the most used browser and therefore people looking for fame from exploiting it from all angles. I think, its a good thing, eventually, would make it more secured than any other browser. Oh, and to those who say Firefox is secured, erm, i don't think so, there's one zero day attack for Firefox unpatched until the date of this article.
Nonetheless, running IE 7 with protected mode enabled in Vista seem to be more secured according to the huge writeup from MS Website. To me, it offers lower priviledged object access and code execution but breaks some links and features of the world wide fun.
Bottom line, i like IE7, its feature rich and is fast. Firefox takes too darn long to load sometimes.
Comment on item 2:
Phishing is really fun to do especially if there are people who just don't know how to differentiate between the good, the bad and the evil. Hopefully, IE7's antiphishing feature and your add on products can help. Best is to be conscious of your actions.
Comment on item 3:
Oh well, that can never be off the top 3. . agree!!!
Thursday, February 15, 2007
Some of the topics include;
One of the topics, which i am personally interested in is Vulnerability Assessment. There's a decent article on that site that one can benefit..here's a summary of the article.
The intention of this paper is to provide basic information to those who have recently entered the security field, provide some insight as to why a vulnerability assessment is necessary provide an overview of the vulnerability assessment process from discovery to baseline standardization, provide some assistance to those who want to perform a vulnerability assessment but do not know where to start.
Thursday, February 8, 2007
Hidden Utilities XP allows access to nearly 100 hidden utilities that are not normally accessible to the average user. System information, diagnostics, repair tools and more in both Windows and Command Line utilities are now easily opened. Hidden Utilities XP includes easy access to 53 Windows tools and 43 Command Line utilities.
This http://camtech2000.net/Pages/Downloads.html page has a huge list of cool tools and toy for your average computer use :).
- Top attacks
- Vulnerability risk index
- Top scanned service (what type of ports/protocols are being probed)
- Top threat sources by country
- Botnets (a collection of tools to automate computer attacks)
- Phishing (tricking/obfuscating information to make you reveal/expose sensitive info or just spin you off in a fake site)
- Global Activity Maps (this is the image above)
Microsoft is a baby in the security field, they may have some products (Like MS ISA) that are already a little more matured but i would definately suggest doing some research and choose what's best for you.
I do think however, in the near future, Microsoft's AV will pose a real challenge to the rest as it bucks up and learn from "mistakes" and shortcomings. Till then, make the best choice, not anything less.
I personally use Kaspersky and Trend Micro and i've been very happy with them. I also have a Windows 2000 machine that has no antivirus and has only 3 infections (from Adwares) from the past 6 months :). All i had installed was constant patches and use a little caution when doing my thang.
Microsoft's own antivirus software, Live OneCare, is unable to fully protect Vista users against viruses, and one of security firm McAfee's antivirus software packages also fails to protect users, according to independent research released Friday.
Security news site Virus Bulletin, backed by a team of security researchers based in Oxfordshire, U.K., tested 15 antivirus software packages used by businesses and designed specifically for Vista, Microsoft's newest operating system. The packages were released to businesses two months ago.
The researchers tested whether each of the antivirus products would stop a set of viruses known to be currently circulating. In order to be awarded a pass, the software had to detect all the viruses with no false positives.
But out of the 15, four failed: Microsoft Live OneCare 1.5; McAfee VirusScan Enterprise version 8.1i; G DATA AntiVirusKit 2007 v17.0.6353; and Norman VirusControl v5.90. The other 11, including software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec, detected all the viruses.
"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "In these days of hourly updates, it's always a surprise and a disappointment to see major products missing them (viruses). Vista cannot fend off today's malware without help from security products. It certainly looks like people upgrading to the new platform are going to need additional security solutions."
Joe Telafici, vice president of operations for McAfee's Avert Labs, told ZDNet UK that, in his opinion, Virus Bulletin had not used its latest antivirus updates, causing the failure. He said McAfee would issue further results with the updated software.
Microsoft pledged to improve Live OneCare. "We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare," a company representative told ZDNet UK.
On the subject of Vista, the Microsoft representative added: "It's important to remember that no software is 100 percent secure. Microsoft is working to keep the number of security vulnerabilities that ship in our products to a minimum, through our Security Development Lifecycle process, and that work is paying off. The release of Windows Vista is the first Microsoft operating system to use the Security Development Lifecycle from start to finish and was tested more, prior to shipping, than any previous version of Windows."
Richard Thurston of ZDNet UK reported from London.
Tuesday, February 6, 2007
There's a security bug with Microsoft Office. Those using Microsoft Office products like Office 2000, XP, 2003 (2004-MAC) are advised to see the workaround below. The vulnerability cannot be exploited on Office 2007 or on Works 2004, 2005, or 2006. Please read and be secure. There's no fix (zeroday vulnerability) for this problem yet. So the rule of thumb is that do not open files from untrusted/peculiar sources/websites/email with attached MS Office files (including Excel, Word, Powerpoint, etc..)
Since Internet Explorer is integrated with Office suite of product, this type of attack is possible via websites too (which includes in line emails etc).
Do not open or save Office files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Office file.
Antivirus products can detect this vulnerability depending on your provider's responses. Microsoft Live OneCare does identify this issue and prevents such an attack.
More information at: http://www.microsoft.com/technet/security/advisory/932553.mspx
Here's an excerpt from MS Website:
Microsoft Security Advisory (932553)
Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac
In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.
While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.
Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.
Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
So, you love GoogleMap dont ya? Great! Me too, but i am not much fan of using the fat application that comes with it, so if you are as "lean", then check out www.wikimapia.com. It's an awsome combination of Wiki+GoogleEarth, just by using your browser, no applications or shmoo needed.
You could do searches of places, cities and countries. Its updated by people like you and me so most likely that little "kampung' (Malay for rural area) that you go back during school breaks might just turn up in WikiMapia. Give it a shot :)
PS That movie, CRANK, good one, they use googlemaps too.
Sunday, February 4, 2007
In human as possible, it makes it possible to put read-info-caches into drives outside the Operating System's (OS) drive so that your OS can read/write other things. The way its done, is secured (using AES--http://en.wikipedia.org/wiki/AES) and only stores read only data there. Its safe against possible drive-knockout (accidental removal) thus your data is safe too.
There's a pretty good standard requirements that you have to meet to enable/use Readyboost. So, make sure that USB drive (must be flash based) is fast enough for read/write operations.
And last note, if you already have a fast machine, forget this, enjoy your Vista!
From MS site:
Windows ReadyBoost introduces a new concept in add-on system memory. You can use nonvolatile flash memory devices, such as universal serial bus (USB) flash drives, to improve performance without having to add memory "under the hood." The flash memory device serves as an additional memory cache—that is, memory that the computer can access much more quickly than it can access data on the hard disk drive.
Saturday, February 3, 2007
So you were browsing, ump, say https://www.verisign.com and suddenly your browser address bar turned green, should i
1. Panic, close browser and format my computer
2. Read the certificate information on that address bar.
If you choose 1, good, you're paranoid but that's not the correct answer, the answer is, Internet Explorer now has turned out its new feature where certain websites with certain certificates (new ones) will display a green address bar on top like above (click image to view
These days, SSL certificates are easy to create and no one can guarantee the content of the people who purchase these certificates. Hopefully, with this new induction of new certificate IDENTIFICATION by IE, people will start trusting more on the sites that has been "verified". But alas, there's phishing attacks and script injections to knock even those out of proportion.
Anyway, surf safe.