• No More Dragons: the 26th Chaos Communication Congress Ends

    Updated: 2009-12-30 20:34:23
    With a dazzling laser show, the 26th Chaos Communication Congress (26c3) in Berlin, the last big security conference of 2009, has ended. If you haven’t been here, you might have missed fewer of the sessions than people on site, thanks to the worldwide availablility of live streams (and recordings). What you did miss was meeting [...]

  • Fake Alert Uses McAfee-like Domain Name to Attract Victims

    Updated: 2009-12-30 20:05:39
    Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee: mcafeevirusremover.com. With DAT release 5835 (December 17) McAfee detects the HTML code for the domain as FakeAlert-KW!htm and the associated Trojan [...]

  • The top ten Clu-blogs of 2009

    Updated: 2009-12-30 07:33:02
    2010 is looming large, which can only mean one thing - it's time to break my holiday sabbatical and compile my annual list of the most popular Clu-blog posts of the year. Yep, fill your glasses, put another log on the fire, and prepare to find out what were the most read posts on this blog [...]

  • Dragons Everywhere: The 26th Chaos Communication Congress, Part 2

    Updated: 2009-12-29 13:29:49
    Day 2 and Night 2 of the 26th Chaos Communication Congress is over, so it’s time for a short update on what you are missing here. This year the Congress is organized as a distributed event: Many local Hacker Spaces have joined the network at Berlin Conference Center, giving access to resources and talks to visitors. [...]

  • Here Be Dragons: The 26th Chaos Communication Congress, Part 1

    Updated: 2009-12-29 13:07:44
    Although most people enjoy the days between Christmas and New Year’s Eve with their families, hackers, geeks, security enthusiasts, and privacy activists meet in Berlin for the world’s oldest and Europe’s biggest annual Hacker Conference. Now in its 26th year (I was a 13-year-old kid, trying to figure out what to with a Sharp [...]

  • 2010 Predictions: the Year of a Major Social Networking Security Breach?

    Updated: 2009-12-29 06:34:51
    With the New Year just days away, it’s time for McAfee Labs 2010 Threat Predictions. What should you be wary of in the coming year? Social networks. Sites such as Twitter and Facebook have changed the way we communicate, interact, and share on the web. As user bases for the top online social destinations reach [...]

  • Use Facebook Apps? Time for a Password Change

    Updated: 2009-12-28 18:45:18
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Use Facebook Apps Time for a Password Change By Roger on December 28, 2009 1:45 PM No Comments No TrackBacks RockYou was hacked a couple of weeks ago and over 35 million passwords were stolen . RockYou may have your password if you've played any of their Social Networking Applications on sites like Facebook or MySpace . Their applications include Slideshow Uploadphoto Photofx Glittertext Funnotes Countdown Superhug Myspace layouts Stickers Superwall Pieces of flair Speedracing Likeness Hugme Birthday cards Pieces of flair seems like one I've seen my friends using . Depending on the application , RockYou may have had your Facebook or Webmail password . RockYou recommends that you change passwords for any online service where you've used the same password disclosed to . them In the last day , I've seen a massive spike in the number

  • Do you have backups?

    Updated: 2009-12-28 07:15:13
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Do you have backups By Roger on December 28, 2009 2:15 AM 1 Comment No TrackBacks You dont have backups unless you have successfully recovered from them . Sometimes you just have to learn lessons the hardway if you dont take the time to learn them from others . I've heard a lot of commercials lately pushing Mozy or Carbonite that pretty much guarantee that everyone has a hard drive failure at some point . This month the hard drive in my Dell Optiplex 755 at work gave up the ghost . Two weeks short of its end of lease . Very frustrating . But it was about to get more . frustrating The enterprise desktop backup product we use is configured to backup the user profile , c : data and c : lotus . Unfortunately Vista is not a standard supported operating system at work , and the backup admin made a mistake when he configured the backup

  • Antivirus Exclusions

    Updated: 2009-12-27 06:37:25
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Antivirus Exclusions By Roger on December 27, 2009 1:37 AM No Comments No TrackBacks For many years Microsoft has had an exclusion list of files and folder that antivirus should not scan . I've seen similar knowledgebase articles from antivirus venders . For some reason this became blogworthy over at TrendMicro . That has set off the usual echo chamber of anti-Microsoft handwringing . wait a second an echo chamber of handwringing exactly how loud is that Stop mixing metaphors A lot of people have the knee-jerk reaction oh no the virus writers will start putting their viruses there . The TrendMicro blog entry isn't as worried about the exclusions as he is about the public knowledge of the exclusions . Now , although it actually makes sense to stop checking we are concerned by the fact that this was released publicly . I laughed

  • s_client

    Updated: 2009-12-25 17:52:31
    If you’re working with SSL (whether websites or otherwise), it sometimes helps to be able to send text and commands directly to the server, but it’s not as easy as just telnetting to the server like with non-SSL servers. That’s where s_client comes in. It’s part of the openSSL suite, so you’ll find [...]

  • (Not So) Happy Holidays from Koobface

    Updated: 2009-12-24 23:39:50
    Koobface has been busy. Activities associated with the worm have increased during the month of December. Often the activity is sending traffic to compromised servers to obtain more servers. Other times it uses those compromised servers to proxy users to malicious domains that distribute more malware or take control of the infected machines. This morning we [...]

  • Libya Partner Visited Great Worth Company

    Updated: 2009-12-23 04:12:08
    Great Worth partner in Libya, visited our Guangzhou office in order to expand Kingsoft software market share in Libya.

  • sVirt Stronger Security for Linux Virtualization

    Updated: 2009-12-22 22:24:23
    By Bryan Jacobson, Linux Technology Center. While Virtualization offers many benefits, there can also be increased security risks. For example, consider a system running two hundred virtual images. All two hundred images are at risk if a flaw in the hypervisor (or configuration) allows any virtual guest to “break out” into the host environment [...]

  • Hacker’s Holiday: a Viral Video!

    Updated: 2009-12-21 17:23:29
    Ketchup stains. Klingons. Exploding monitors. They’re all part of our fiendishly clever new music video, “Hacker’s Holiday.” Pity poor Tiny Tim. He gets a shiny new PC for Christmas and doesn’t bother to protect it. Well, you can guess the rest. A few short days later (12 days maybe?) his PC is ready for the [...]

  • Check Your Friends! Facebook IMs May Lead To Trouble

    Updated: 2009-12-21 15:27:43
    I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a [...]

  • Brittany Murphy Searching Dangers

    Updated: 2009-12-21 14:00:51
    Sadly, actress Brittany Murphy passed away over the weekend. With her unfortunate passing will come the inevitable web searches that lead Internet users to some potentially unsafe sights. This has been a well established trend throughout 2009. It is a sad reflection that malware authors and scammers will use these events as lures to distribute [...]

  • Systems Security Seven for Dec. 18

    Updated: 2009-12-18 23:29:31
    Steve Hanna has written an excellent cloud security overview article A Security Analysis of Cloud Computing which talks about how trusted computing can help solve some of the cloud security problems. Privacy concerns for the ages, is anonymity sufficient? Facebook and Google: Contrasts in Privacy Is privacy an illusion or a social contract? Blakley’s blog post [...]

  • Twitter website struck by 'Iranian Cyber Army' hackers

    Updated: 2009-12-18 09:57:56
    A hacking group calling itself the "Iranian Cyber Army" pulled off a coup for about an hour earlier today, redirecting visitors to the Twitter website to a page containing a green flag and Arabic writing: Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have [...]

  • Conficker Again in the News, Part 2

    Updated: 2009-12-17 18:26:24
    Yesterday, my colleague Dave Marcus quoted for you the new graphs and stats posted by Shadowserver. Indeed, since November 2008, W32/Conficker (alias Downup, Downadup, Kido) has frequently made headlines. This computer worm has five main variants, which have appeared during the last year. Wikipedia lists the dates:  A variant: First appeared 21 November 2008 B [...]

  • Create Your Rescue Disk Using Kingsoft Internet Security - Part I

    Updated: 2009-12-17 08:55:00
    Kingsoft Internet Security 9+ support removing virus in NTFS, FAT 16 AND FAT 32 formats.

  • Mozilla Firefox 3.5.6

    Updated: 2009-12-16 05:47:12
    Another Christmas gift from a software vender. Mozilla has released updates for Firefox. The current version is now 3.5.6 and 3.0.16. Their security advisories are here. There are three updates rated as critical.

  • A Few Rules of Thumb

    Updated: 2009-12-15 22:03:28
    The internet is full of unsavory characters who want to steal your personal information and/or money. This has been widely accepted for quite some time. Recently, some good articles have appeared online regarding what to do if you think you’re being scammed, especially by pop-up ads that look like anti-virus software (http://www.fbi.gov/pressrel/pressrel09/popup121109.htm, http://voices.washingtonpost.com/securityfix/2009/09/what_to_do_when_rogue_anti-vir.html). While [...]

  • Putting my feet up...

    Updated: 2009-12-15 10:45:35
    There is a rule at Sophos about taking holidays. Alongside the normal rules like "You can only carry five vacation days over into the next year" and "Don't spend your holiday working for McAfee" there is also a rule which says "Don't take your blog on holiday with you - it could probably do with a [...]

  • Facebook Google Indexing Tempest in a Teapot

    Updated: 2009-12-15 05:13:18
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Facebook Google Indexing Tempest in a Teapot By Roger on December 15, 2009 12:13 AM 2 Comments No TrackBacks Earlier today I started getting status updates from friends that read If you don't know , as of today , Facebook will automatically index all your publicly available info on Google , which allows everyone to view it . To change this option , go to Settings Privacy Settings Search then UN-CLICK the box that says Allow indexing' . Facebook kept this one quiet . Copy and paste onto your status for all on your news . feed Facebook's chain letter detection kicked in not sure if that was an automatic or manual process to deter future exact duplicates of that status update . This made people all the more suspicious about why Facebook would be blocking their attempts to warn about Facebook . privacy If you did wander over to the

  • GuardianEdge Announces Hardware Based Encryption Support

    Updated: 2009-12-12 19:21:18
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for GuardianEdge Announces Hardware Based Encryption Support By Roger on December 12, 2009 2:21 PM No Comments No TrackBacks GuardianEdge put out a press release this week announcing Encrypted Drive Manager . This software will allow you to managed hardware encrypted hard drives as well as drives encrypted with GuardianEdge Hard Disk all from one platform . This will be released in Q2 2010. When I was evaluating GuardianEdge in 2007 they talked about these features so its nice to see it finally soon to be making it to . market Hardware based encryption may finally be ready to ignite . The Trusted Computing Group has been working on standards so its not such a mishmash . Performing the encryption on hardware keeps the encryption keys out of memory so it isn't vulnerable to cold boot attacks . There isn't a CPU performance penalty as

  • Systems Security Seven for Dec. 11

    Updated: 2009-12-11 22:16:58
    Here are seven links that are worth the time that it takes to read them if you are interested in systems security. The Evil Maid attacks again: ITPro article: Researchers break into Windows encryption feature, the original research behind the attack, article about Microsoft’s response. Two Trusted Computing articles: “openSUSE is now the first operating system to offer full [...]

  • Advance Notice: Kingsoft Office 2010 Can Be FREE Update from Kingsoft Office 2009

    Updated: 2009-12-11 14:56:39
    KSOffice launched the lucky draw for the coming of Christmas. The gifts include: 10% Off up for Kingsoft Internet Security 9 & Kingsoft Office 2009! Moreover, you can get the Kingsoft Office 2009 FREE Upgrade to Kingsoft Office 2010!

  • Facebook non-privacy settings

    Updated: 2009-12-10 18:00:43
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Facebook non-privacy settings By Roger on December 10, 2009 1:00 PM No Comments No TrackBacks Facebook has rolled out new security settings this week . It seems designed to confuse and lead people into sharing more info than . ever If you are one of the 20 of Facebook users who as adjusted their privacy settings previously than Facebook will make your old settings the default but encourage you to change it . For everyone else the default security permission is Everyone . In an effort to be more like twitter they want your status updates available to everyone , not your friends , not friends of friends , not your networks , not even just authenticated users . Every anonymous Internet user including search engines will be able to read your status updates . Like twitter data , anything you post could be mirrored permanently

  • Facebook privacy settings: What you need to know

    Updated: 2009-12-10 11:27:05
    Facebook is making big changes to its privacy settings that may mean millions of people begin to expose information that they previously considered to be restricted to only their Facebook friends to the entire internet. This YouTube video explains more. Facebook is recommending that users adopt a series of new privacy settings that would reveal their personal [...]

  • Egypt Partner Visited Great Worth for Expanding Kingsoft business

    Updated: 2009-12-10 00:53:37
    On Dec, 2009, Mr. Eyad M. El-Sharif, CEO of CNS company, Egypt , visited Great Worth Guangzhou office in order to expand Kingsoft software market share in Egypt.

  • Sarah Palin hacker suspect had spyware-infected PC

    Updated: 2009-12-09 15:20:25
    The 21-year-old student accused of hacking into Vice Presidential hopeful Sarah Palin's Yahoo account was working on a spyware-infected computer, according to his legal team. David Kernell was mid-way through a student party in September 2008, when the FBI swooped on his apartment in the city of Knoxville, Tennessee. The son of state democratic representative [...]

  • Adobe Flash and Air Updates

    Updated: 2009-12-09 02:05:15
    As you've no doubt read other places, Adobe has released updates for Flash and AIR. The security bulletin can be read here, the software can be downloaded from adobe.com. I've found a bunch of our users have installed Adobe Air. Either they downloaded Adobe Reader 9 with AIR on their own or someone has screwed up the Ghost load. I'm leaning toward investigating how to deploy AIR updates rather than just emailing the users needing the AIR update. It sure would be nice if the Enterprise distribution page included the file version. I either have to download and unpack the MSI to see if it is the new version or use another tool to check the modified file date on the webserver. Using http://headerviewer.com/ I see the last modified date is November 16th so it looks like I'll be waiting a bit for the MSI version to be released.

  • Google’s new DNS service

    Updated: 2009-12-09 00:13:56
    If you haven’t heard yet, Google has opened up their own public DNS servers. Many people I know would love to use them rather than their ISP’s DNS servers for various reasons – mostly due to lack of availability. I’ve been using OpenDNS’s resolvers for the last year or so now, so this service isn’t [...]

  • Staying PCI DSS Compliant

    Updated: 2009-12-08 19:21:05
    It’s been talked about in the past about how important it is to become PCI DSS compliant. For some industries it’s an absolute must. Without it, they can’t conduct business. We’ve covered some of the latest updates to PCI as well. One of the most overlooked aspects of becoming PCI DSS compliant though is actually [...]

  • Danger lies in bogus emails claiming to be from DHL and Facebook

    Updated: 2009-12-08 11:12:37
    Malicious hackers are posing as DHL and social networking site Facebook in their latest attempts to infect computers with malware. Today we are seeing widespread spam campaigns being cannoned around the world, posing as messages from the companies. However, files attached to the emails carry Trojan horses that can allow cybercriminals to comandeer your computer [...]

Last Months Items