Computer Security for Home and SB Users

Scan with Microsoft's Malicious Software Removal Tool

2010-11-28T20:49:00.007-06:00

One of the tools that comes with Windows operating systems is the Malicious Software Removal Tool. It updates with the monthly MS updates and it runs a quick scan once a month. However, it may be a good idea to actually add another layer of security and run a full scan from time to time.

So how do you run this tool? First, press the Windows logo key+R. This will bring up the following window.
You just type 'mrt' in the input box and hit the OK button. This will bring up the dialog box for the MRT.
Now you just click on the Next> button and you will be presented with the following dialog box.
You then select the Full Scan radio button and click on the Next> button to start the scan off. It may take some time to actually complete, but this will give you another layer of security for your home PC.

Now this will only find known software that Microsoft has added to the MRT so it isn't a silver bullet. Stay safe out there

Secunia's PSI Documentation

2010-11-21T08:20:00.003-06:00

I've written several times in the past about the security company Secunia and the tool that they have created called PSI (Personal Software Inspector). Here is a link from bleepingcomputer.com that helps users how to use PSI. This is a tool that helps the average user to keep up to date with all those 3rd party applications like Adobe, Java, iTunes, Safari, etc. I am testing a newer version of PSI that is in Beta. This new version will have many automated updates to help the average user get through the forest of 3rd party applications. When this beta version is released, I will let you know.

The reason why this is so important is that cyber criminals are exploiting these 3rd party applications to install the malicious software that infects so many people's PCs. Be safe out there.

Adobe Reader X Update

2010-11-21T07:55:00.004-06:00

OK, I jumped at the chance to download the new updated Adobe Reader that is introducing sandboxing. I haven't had too much of a chance to play with it yet, but one thing I've noticed right away is some settings I changed a long time ago. I've written about those setting changes in earlier blog posts and can be found here and here.

Once you changed these settings, any updates to Reader would carry those changes through the next version released. I did notice that on Adobe Reader X, these settings went back to their default value you so you will want to repeat the steps detailed in the previous blog posts related to disabling Javascript and disabling the setting under Trust Manager.

Stay safe out there.

Is that E-mail Actually from your Family Member or Friend?

2010-11-12T19:46:00.002-06:00

You get an e-mail from a family member or friend and they have sent it to several others in the TO line of the e-mail. And many times the SUBJECT line is blank or possibly contains RE:. To top it all off, they don't type anything in the body of the e-mail. You just see a link. No explanations, just the link. So should you click it? Probably not. If you do, most likely you will be directed to some sort of Canadian Pharmacy selling Viagra or Cialis. What you don't see will harm you in ways you won't like. Malware is installed that makes your PC now under the cyber attacker's control.

To stay safe, you must make the correct decisions from time to time. And the one thing you can't do is trust that that e-mail is really from your brother, sister, or your BFF. Always question situations like these. If you are really curious, call them and ask them if they sent you something and if they did, then let them know they need to explain what they are sending you next time.

My advice when it comes to electronic communications is , trust no one. You will be better off if you take that advice.

How to Stay Safer Online

2010-11-12T18:58:00.004-06:00

So to understand how you can protect yourself against the malicious attackers looking to install their malware on your PC, you have to know what programs attackers are exploiting. Keeping your software up to date with security patches is vital. The top applications that attackers are having success with when it comes to running exploits on your PC include the following:

Java Runtime Engine (JRE)
Adobe Reader/Acrobat
Adobe Flash Player

It is also important to know that these aren't the only things you need to update. Microsoft updates are important. If you don't already have them set to automatically download and install, you should do this. Updating applications like iTunes, QuickTime, Firefox, just to name a few.

It is also important to have some sort of anti-virus installed on your PC and it should be set up to scan on a regular schedule and keep the signatures up to date. I also recommend that you install a great malware removal tool called Malwarebytes Anti-malware. Download and install the free version. You can find it here.

Lastly, your actions can go a long ways in keeping malware off your PC. Knowing if you should click or not IS a really big deal. If something doesn't look right it probably isn't.

These are just a few steps you can take to keep malicious software from being installed on your PC. Protect your family and your financial health from the cyber attackers. Stay safe out there.

Microsoft Security Essentials

2010-10-04T21:33:00.002-05:00

In the past, I would advise people to use the free version of AVG Anti-virus software. I have now officially changed. Anytime anyone asks about AV, I will steer them in the direction Microsoft Security Essentials. You can find the Microsoft download page for Security Essentials here. I personally use it on all my Windows boxes.

Verizonwireless Down

2010-10-02T23:52:00.002-05:00

Appears that verizonwireless.com is down. Probably just temporary.
***UPDATE***
Probably due to this problem documented in the Internet Storm Center's post here. It is back up as of this morning.

MSN.com MSNBC.com Spreading Infections

2010-09-30T10:59:00.003-05:00

Seeing some installations of fake anti-virus coming from both MSN.com and MSNBC.com this morning. I would avoid these sites at this time.

VMWare Workstation - XP Guest, Fails to find Hard Drive

2010-09-15T19:47:00.003-05:00

I had got a new laptop and I was about to go to a class and had to get my laptop set up for the before leaving town. When I went to install my XP guest, I get this message. Setup did not find any hard disk drives installed in your computer. After some digging, I finally found a site that had a great video to give me exactly what to do. If you have this same problem, here is the link for you.

Click here for the answer you've been looking for.

Adobe Updates

2010-08-18T15:22:00.001-05:00

Time to update again. Adobe has a patch available now for Flash Player and Adobe Reader/Acrobat will have an update sometime tomorrow. It is critical that you patch these as attackers are using exploits against Adobe applications to install their malicious software.

Firewall Disabled?

2010-07-24T20:55:00.003-05:00

I work on plenty of Windows XP machines that have got malware installed on them. Sometimes after removing the malware, you have to go into services to enable to firewall to be turned back on. How do you do this? Go to START>RUN, then type in services.msc, then scroll down to Windows Firewall/Internet Connection Sharing. If you right mouse click you should be able to start the service back up.

Malwarebytes Rocks!

2010-07-19T05:44:00.003-05:00

You may have had malicious software installed on your PC and you have done searching and found references to Malwarebytes Anti-malware tool. Everything you read about it is true. I recommend it to all my friends. If you don't already, click here to download it and install it. There is a free version but if you are finding that you browse to somewhat risky places on the Internet, then maybe you should purchase the paid for version which gives you better protection.

Below I've listed instructions on how to use the tool.

After installing, double click on the Malwarebytes Anti-malware tool and you are
presented with the Malwarebytes dashboard.
Click on the Update tab (the third tab over). Click on the "Check for Updates" button to get the new signatures for MBAM. You need to do this step every time prior to running the tool.
After the update is complete, then click on the Scanner tab (this tab is the first you will see when opening MBAM). Select the default scanning option (Perform quick scan) and then click on the Scan button. MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is done scanning it will present you with a message box with an OK button. It will either tell you no malicious files found, or if it finds any malicious files, it will then allow you to view the results. Click the OK button.
If infected files are found, you will now be back at the main Scanner screen. At this point you should click on the Show Results button. A screen displaying all the malware that the program found will be displayed.
You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the infected files and registry keys. When removing the
files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. If the Quick Scan
option actually found any malicious software, I always recommend that after you have removed and rebooted if needed, then repeat these steps but select the Perform full scan option. For sure this process will take longer because you are scanning your entire PC.

Let me know if you have any questions.

CCleaner Documentation

2010-07-19T05:39:00.003-05:00

I enjoy using a tool called CCleaner. It is a great free utility that I may have suggested to you. If so, here is a link to documentation on how to use the tool CCleaner. If I haven't talked to you about it and are interested, click here to download it from CNet. Enjoy!

Click here for the documentation.

How To Identify an E-mail is Malicious

2010-07-14T04:26:00.004-05:00

At some point, you have either been faced with or you will be faced with receiving an e-mail from someone you know personally that looks a bit odd. What are some of the things that you can look for to make that decision to click a link or not? This is an example of an e-mail that was actually delivered to a friends inbox and the link in the e-mail was a malicious download. Take a close look at the recipients list, you can see in this example that they are listed in alphabetical order. This is an indication that the attacker is sending e-mails sequentially to all contacts in a hijacked e-mail account. Most times, the SUBJECT line is blank. Another clue is there will be no text in the body of the e-mail, just a link. Remember, if you ever have a question about the validity of an e-mail, it is better to error on caution and just delete it.

Help My E-mail Account Has Been Hijacked!

2010-07-14T04:19:00.004-05:00

Have you been told by someone you know that they think your e-mail account has been hacked? It seems like you see it more and more today where people get their e-mail accounts hijacked. E-mails are sent to everyone listed in the e-mail account's contact list that contains a link which is malicious. If any of your friends who open the e-mail from your hijacked e-mail account and they click on the link, more than likely their PC has just had some malicious payload installed on their PC. And so the cycle continues. So what do you do if your e-mail account has been hijacked? Here are some steps you can take to gain control back from the cybercriminal.

More than likely you logged into your personal e-mail account on a PC that had some sort of malicious software installed that was able to steal your login credentials for that account. If you only log into your account from your home PC, then your home PC has some sort of malicious software installed and it needs to be cleaned. Make sure you have an anti-virus product installed and that the virus signatures are current, then scan your PC and remove any malicious software that is found. If the scan comes back clean, I recommend downloading free version of Malwarebytes Anti-malware tool from http://malwarebytes.org/. Follow the instructions and remove any malicious software that is found.

Removing the malicious software is just the first step. You need to regain control of your e-mail account by doing the following steps.

1. Change the account password and make it a strong password.
2. Confirm that the "alternate e-mail address" is your other e-mail and not the criminal attacker's so that they won't be notified of the password change and other changes.
3. Change the answers to your security questions.
4. Change any other information that your e-mail account administrator would use to verify the account.
5. If all these efforts fail, open a new account, notify the e-mail administrator and your contacts, and close down the old account.

As always, the best protection from malicious software and other online attacks is to have a firewall and anti-virus software that is kept current. Also patching 3rd party applications like Adobe Reader/Flash, Java, as well as your Windows updates is critical to stay protected. Probably the best tool you have against is your "online behavior". Stay away from peer-to-peer sites where you can download "free" music and software, don't surf porn, and don't randomly click on links without checking into things. Your motto when online should be "trust no one". Combining all these will keep you protected against malicious software.

Adobe Reader Setting to Change

2010-04-22T21:42:00.001-05:00

So you need to know what the criminal attackers are exploiting so you can defend against it. Adobe Reader/Acrobat and Adobe Flash are at the top of the list. Earlier I wrote about turning off Javascript in Adobe Reader in this post. I come to you with another setting to change. Pull up your Adobe Reader and then go to Edit>Preferences:

Find the category Trust Manager and highlight it, then uncheck the box seen below in this image.

Trying to stay secure is always a moving target. Setting these options as I have mentioned will help protect against current attacks going on now in the wild.

Stay safe and have a great weekend.

Defending Against ZeuS Trojan

2010-04-17T18:39:00.000-05:00

If you are a small business, school districts, local governments, or local entities like community libraries, and you have someone who works for you who transacts business with your bank online, or possibly you use ACH, you had better listen up. Cybercriminals are looking for you and they want to steal you blind. If you have heard from your local financial institution warning you about ZeuS, you need to find yourself someone who can help you defend agasint this silent attack.

Brian Krebs has a great blog and has been writing about the folks behind the ZeuS kit that is stealing literally millions of dollars each year and it doesnt seem to be getting better. ZeuS has its sights on the smaller businesses who probably don't have the computer security staff to help them take steps to lower this risk.

I'm from the northeastern part of Kansas and can help you with a risk assessment to let you know if you are at risk to ZeuS. Contact me if you would like to talk. Have a great weekend and stay safe.

Criminal Hackers Poison Search Results

2010-02-28T23:14:00.000-06:00

So you ever hear news about a celebrity or a current news event, and you want to find out more information so you go do a Google search on the topic? Bad guys know this and will take advantage of tragedy to spread their malware. Check out this video to see how to keep yourself safe based on you inspecting the results you get back closely.

Adobe Reader Settings

2010-01-30T19:18:00.000-06:00

So you want an added layer of protection against the bad guys? Go now to your Adobe reader and open it up and go to HELP on the toolbar and then select Check for Updates... If there is an update, then do it!

After you get it updated, open the Adobe Reader application up again and on the toolbar go to Edit, then Preferences...

This will open another window where you need to look down at the left hand margin and select JavaScript, then uncheck the box Enable Acrobat JavaScript.

If you are like me, almost all will not be affected by having this option turned off. I am aware that the www.irs.gov has forms that do require you to have this enabled. Bad guys like to create malicious malformed PDF documents that are many times related to JavaScript. The good news is from this point on, when you update Adobe Reader, it will retain this setting. The only time you will ever need to change this setting is when you receive a PDF document who you absolutely trust the
person who is sending it to you.

How To: Documentation for using Secunia's PSI

2009-12-27T23:58:00.000-06:00

When I'm asked to clean up a machine that runs the Windows operating system, I normally install an application from Secunia called Personal Software Inspector (PSI). Below is the documentation that I give them on how to use PSI.

I have downloaded a program on your PC called Secunia Personal Software Inspector. It was downloaded from http://secunia.com/vulnerability_scanning/personal/ and it will help keep software on your PC up to date. This is important because vendors are always making security updates that will close vulnerabilities that hackers can use to take control of your PC. Many vendors have started to put an automated process similar to the Microsoft Automatic Updates in place because most people will never update their software on their own.

PSI will run when Windows starts up and initially will do a scan. Below is a screen shot of the PSI dashboard after scanning my PC. You will see in red the programs that are not current and in need of patching. In the “Solution” column, you can click on the blue icons and it will allow you to get the patch you need to be secure. Click all these icons to update your insecure software. After patching, PSI will rescan your system.

This is the screen showing your programs in need of patching. The Red bar in the graph shows you you need to take some action. Your goal is to have a Green bar that shows you are fully patched.

As you can see in the System Tray, if you hover your mouse over the PSI icon (the 3 red squiggly lines) it will tell you the status. Here it shows that you've just installed a more current version of a program.

Here is an example after you've clicked on the “Solution” icon, and it gives you a dialog box that allows you to get the patch you need and you can then install it.

After completing your patching, your scan should then show you that you have no insecure applications. This is your goal. It is just as easy as that. If you have any questions, just get a hold of me and I will try and help.

Heading to Las Vegas and DefCon

2009-07-28T04:44:00.000-05:00

In a couple of days I'll be off to DefCon 17 in Las Vegas, NV. If you aren't sure what DefCon is, it's a hacker conference. I attended my first DefCon in 2007. Got hooked, and I'll try and hit everyone in the future. This year appears to be chocked full of fabulous talks. Since it is Black Hat/DefCon time (both events held in Vegas), there will be a ton of news coming out this week. I'll try and have one more post before I head out.

Here is a reminder to all my friends who use the Windows operating system, today Microsoft will be releasing a patch which is out-of-band which means, it is not the normal second Tuesday Pat Tuesday patch. MS has patches released on the second Tuesday of every month. Only when a serious security issue arises, do they have these out-of-band pathces. So, make sure your Windows box gets it's updates tonight when you get home.

Take care and stay safe. Have a fabulous Tuesday.

Microsoft to Issue Out-of-Band Patch

2009-07-25T00:07:00.000-05:00

Next Tuesday, Microsoft has announced that they will be coming out with an out-of-band patch next week(072909). If you don't have updates downloaded automatically, you may want to start checking for update on Tuesday after you get home from work.

This will be only the third time that Microsoft has issued an out-of-band security patch in the past 25 months. This of course is due to the seriousness of the vulnerability that is currently being exploited by the bad guys out there in the Internet world. If you aren't familiar with Microsoft's schedule, they regularly schedule patches to be released on the second Tuesday of each month. This allows business to react, and prepare for their release.

Stay safe out there and have a fabulous weekend!!

Promise of Erin Andrews Video Leads to Malware

2009-07-22T04:31:00.000-05:00

If you don't know who Erin Andrews is, she is a reporter for ESPN. She is very attractive and she has been captured in a video in the nude, and the video has been posted on the Internet. Erin and her lawyer have promised to sue whoever may be distributing the video so it isn't easy to find.

However, the cyber criminals know that men will be men and they have put up fake sites that purportedly host the infamous video of Erin Andrews. And it doesn't matter if you are surfing on a MAC or a Windows PC, you will be owned if you try and visit these sites. You won't get to see the video, and on top of that, you have malicious software downloaded to your PC so my advice to all men out there, don't go looking. This is like a broken record how the attack is done. You click, and a fake video player is needed to view the video Andrews naked.

So stay safe out there. Your behavior on the Internet has a lot to do with if you run into the nasty stuff the cyber criminals are offering. Play it smart. Don't go looking for the Erin Andrews video. If you do, you probably won't get what you are looking for. Happy Hump Day and take care.

Firefox 3.5.1 Has Serious Vulnerability

2009-07-19T17:22:00.000-05:00

Well, Friday, the Firefox browser came out with a patch for a vulnerability that was announced last Monday. OK, I thought cool. They patch fast. Well, I mean the next day, it was announced that the newly released version of the Firefox browser has a serious vulnerability.

The Internet Storm Center has a write up on this you can read. Click here to read that post in the ISC Diary.

Hope your weekend was fabulous. Monday is just around the corner. Be on the watch for a patch for the Firefox browser soon. I'll let you know. Stay safe.

Another Reason to use Firefox Browser

2009-07-17T06:56:00.000-05:00

Last week and this week, Microsoft has had two pretty serious 0-day vulnerabilities that allowed an attacker to get the ability to run code on the target PC. Now with Patch Tuesday being this week, Microsoft was able to correct the DirectShow fix on Tuesday. However, the new one that I wrote about in the previous post is not. One wonders how long it will be before a patch is in place.

Now, proof there is another reason you really should be using the Firefox browser as your primary browser. Early this week, it was announced that Firefox had a serious 0-day. I have stated in the past, there really isn't a browser out there that doesn't have problems with security vulnerabilities. However, the key is, how quickly do they get patched. The window of opportunity for bad guys to take advantage of 0-day vulnerabilities in Firefox are just smaller. Today, if you are a Firefox user, make sure you get the update 3.5.1 that will correct the current problem.

If you don't use Firefox, try it. It is free and has some great addon's that you can use to protect yourself more. I personally use Noscript which I recommend you do too.

OK, have a fabulous Friday and stay safe out there.

Microsoft Announces ANOTHER 0-Day

2009-07-13T19:04:00.000-05:00

OK, the last post was an article on a 0-day vulnerability in the DirectShow ActiveX control. I pointed you to a work-around until they will patch the problem. Sounds like they will be patching it tomorrow (Patch Tuesday). On the heels of that announcement, Microsoft says there is another 0-day in their Office products. It works the same. Bad guys will compromise sites that re-direct you to their malicious site. If they can get you there, your PC will be compromised. Really bad stuff.

The Internet Storm Center has a great write up here on this problem and also gives a link for you to "Fix It" which is similar to the work-around for last week. If you use Internet Explorer you will really want to visit the ISC link and click on the "Fix It" link. Another work-around, is to use an alternative browser like FireFox. I recommend it.

Stay safe, and have a fabulous week. Happy Patch Tuesday for all you Microsoft users!

Microsoft Warning Users of Unpatched Flaw

2009-07-08T04:16:00.000-05:00

The folks from Redmond, Washington (MS) are warning folks that cyber criminals are targeting a previously unknown security vulnerability in Windows XP and Server 2003 to compromise PC's. Microsoft has instructions on how to protect yourself from this flaw.

Microsoft said that the vulnerability can be used to install malware on the victim PC if they can get you to browse to a hacked or booby trapped Web site that the criminal controls. The Internet Storm Center is warning folks to take action now due to a report that thousands of newly compromised Web sites have been seeded with the exploit code for this vulnerability. The ISC is also reporting that the exploit code has been posted to numerous Web sites in China. Symantec is reporting that one site that is now seeding this attack is the Russian Embassy in DC.

The flaw is in Internet Explorer versions 6 or 7. Seems that Internet Explorer 8 is not vulnerable to this attack.

Microsoft says that the problem lies in the DirectShow ActiveX Control. They are reportedly working on this to get a patch released soon. The normal Microsoft patch cycle is due to be released on the second Tuesday of July. Not really sure that they will be able to get a patch ready by this date so they are recommending to folks that they should consider disabling the feature because there doesn't seem to be any by-design uses for this ActiveX control in IE (Internet Explorer). Most folks out there use IE as their default browser so this is VERY important. To enable the Microsoft work around, click here, then click on the "Fix This Problem" icon.

Microsoft is also saying that "while Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we recommend that they also implement the workarounds as a defense-in-depth measure." To read more information on this topic, click here to view the Internet Storm Center post.

Stay safe out there and if you are on the vulnerable systems, take this action now. Have a fabulous rest of the week.

Beware of any Independence Day Links

2009-07-03T17:48:00.000-05:00

The folks over at the Internet Storm Center have some great suggestions.

Celebrate
Watch Fireworks
Enjoy the cook out food (This is my suggestion)

What not to do?

Don't click on links in e-mails
Don't surf to sites with Fourth of July, Independence Day or Fireworks as keywords.

The security company Websense is reporting that the subjects listed above are being seen in the subject lines of spam e-mails. They contain links that are supposed to be videos, however all it leads you to is malware that attacks your PC.

Click here to visit the folks over at ISC. They do great work.

Small Organizations Lack Computer Security Training

2009-07-03T13:52:00.000-05:00

It is becoming more apparent with stories like the Sisters of Charity Marian Clinic in Topeka, KS, and the Bullitt County, KY loss, that there is a huge hole where folks just don't know what to do or what not to do. Click here to read the Sisters of Charity story, and here to read the Bullitt County story. Combined, they have lost more than $500,000.

Smaller organizations don't have the funding to do much with Computer Security Awareness training and for sure they don't have the resources to watch for malicious activities on these networks. It is sad but true statement, and it is really taking a huge financial bite out of these organizations.

Computer security is not easy, but with some work, you can protect yourself from most of the malicious stuff out there on the Internet. Can you avoid it completely? Probably not. Especially if you use a PC with a Microsoft Windows operating system like XP, or Vista. I try and post helpful hints for those who don't have a lot of money to invest in computer security. Read through some of my past posts and watch for new content as I will continue to post new ideas to help you.

Stay safe this holiday weekend and have a FABULOUS celebration Saturday night.

Farrah and Michael Spam

2009-06-27T11:03:00.000-05:00

With the news of Farrah Fawcett and Michael Jackson's deaths on the same day this week, the spam campaigns that have followed are leading people to getting their PC's compromised. The criminal attackers out there love to take advantage of current events to spread their malicious software. It's a social engineering trick that preys on people's curiousity to know as much as they can about the events.

Along with these spamming e-mail campaigns, you will also need to be VERY careful when going to web sites on the topic of these deaths. Malicious web sites have popped up and the bad guys are using black hat search engine optimazation (SEO) to raise their malicious site's Google ranking so that their sites will come up in the top 10 web sites when you do a Google search. Only go to trusted sites if you are wanting to read more information on these current events.

Stay safe and have a FABULOUS weekend.

Twitter Followers Lead to Porn

2009-06-20T23:12:00.000-05:00

Here is the example of Twitter and the dangers that lie waiting in the Twitter world. Twitter, if you don't know, is a micro blogging site where you can post what you are doing in 140 characters or less. People can then follow what you do. Well since I'm in computer security, I follow several in the field of computer security. I logged on Saturday night, and noticed I had an additional follower. A closer look at this follower turned up interesting results.

First, here is the screen on Twitter showing who follows me. I see that this Ana Torres is following me. See the screen shot below.

So I clicked on the link on Ana's name. Here is what I saw.

Here you see that Ana states that if I want to see her pictures, I can click on the tinyurl listed above. So the curious guy that I am, I decided to check to see where that tinyurl led me to before actually going there. (Notice it says I must register first please, to see her pictures).

I did a preview of the tinyurl and found what the true url behind that tinyurl. I took that address and ran it through Trustedsource.org and found that the true web site behind the tinyurl is actually a porn site.

So be careful out there. Don't just click randomly on these url's trusting someone you do not know. In the next few days, Twitter will catch up with this follower of mine and they will be removed. So be aware that hot girls will not follow you if you are a computer security professional. LOL. Or any other type of Twitterer you are.

Have a great Sunday and stay safe.

Face to Face Computer Security Training

2009-06-20T21:23:00.000-05:00

One of the things I enjoy about what I do is that I get to teach people about how to protect themselves from the dangers out there in the Internet world. Well I'm about to start a new program where I will have quarterly meetings where I live. It will be local and it gives you an opportunity to listen to the topic for the evening, then have a semi-short question and answer session afterwards. I say this because I've done these in the past and you can't seem to get to all the questions that want to be asked.

The inaugural topic will be "What would a criminal hacker want with my PC?". Click here to read a post I made back in 2008. A common question I get asked is why do people write these malicious programs that infect the majority of the population. The answer is easy. It is all financial. Just think of that famous line from the movie "Jerry McGuire". SHOW ME THE MONEY!!!!

So if you are local to the Topeka Kansas area and would be interested in some great information, stay tuned. I'll be publishing more details in the coming weeks. I'll get it on the calendar and we'll see how this works.

Hope all are having a great weekend. Stay safe.

How to Avoid Fake Anti-virus - DON'T CLICK

2009-06-18T21:21:00.001-05:00

So have you been one who has been presented with a window that tells you that your PC is full of malware including worms, trojans, and keyloggers, OH MY!

This happens sometimes when you web searches using Google and Yahoo. Other instances, you may browse to a web site and BAM! you get that same message about malware infestations on your PC.

This appears to be a message window but it is actually an Internet Explorer window. You should not click on any button or the X to close this window. In this specific case, the criminal attacker disabled the user from going to the Start Bar and right clicking on the IE window to close it. However, you can just bring up the Task Manager and under the Applications tab, close the Internet Explorer application from there. Any other clicking on this window will get your PC infected.

Stay safe out there and the weekend is almost upon us. Have a fabulous weekend!!

Social Networking Sites - Be Careful

2009-06-18T20:51:00.000-05:00

Have you signed up on a social networking site? If you have, you've joined literally millions of others who are on FaceBook, MySpace, LinkedIn, and Twitter just to name a few. If you've signed up for any of these networks, you have probably wondered if there are security risks involved in participating in them. There risks associated with them and they are all related in one way or another.

First, the one common thread in all social networking sites is that you can associate (network) with friends and family, or work associates and share information with them. There is an inherent trust built in that if I allow you to be in my network, I trust you that it is really you and if you post anything, I'm assuming that it is you. Criminal hackers take advantage of this trust that is built in and if they can steal your login credentials to your account, they can pose as you and send all the friends in your network a message with a link that leads to a malicious web site. If successful, your friend's PC will have malicious code installed on their PC and this allows the criminal hacker to continue to take advantage of others as this process is repeated over and over with each friend who clicks on the malicious link.

Another risk of these social networking sites is what you actually post on these sites. One of the things you can do is share pictures with family and friends. You need to think twice before publishing certain pictures. One rule of thumb you should remember before you post anything on any web site is not to post anything that you don't want everyone to see. Even if you have posted a picture as "private", there have been instances in the past where the actual site you post pictures to has vulnerability in their systems which allowed "private" pictures to be stolen.

When you sign up for these sites, you can fill out a profile of personal information that you should limit what is available. For instance, you can add your birthday and you may choose to only put the month and day and drop the year of your birthday. Your birth date is one personally identifiable piece of information used in many things and you may want to exclude sharing the year of your birth. It is also a good idea not to post your phone number or your full address.

This one is specific to Twitter. First, what is Twitter? Twitter is a micro blogging system that allows you to share your status with anyone who follows you. These are called "tweets". These tweets are limited to 140 characters. Some folks who use Twitter like to share links to web sites that give you more information on a topic. Since links to web sites can be long, they use services that take a long web address, and shorten it. There are services like Tiny URL that do this. Criminal attackers have hacked high profile accounts that include CNN, the Obama campaign, and celebrities such as Brittney Spears. With control of these accounts, they can then abuse the trust issue mentioned earlier in this article and send out malicious links.

What can you do to protect yourself? Here are a few things.

Keep your home PC patched which includes Microsoft updates as well as Adobe, QuickTime, and iTunes, just to mention a few.

Think twice before posting any picture. A good rule of thumb is not to post anything that you wouldn't want everyone to see.

Limit what information you share in the profile section of social networking sites.

Trust no one. If a friend sends you a link, treat it like you have been trained with phishing e-mails. Don't click on unsolicited links.

Criminal Attacker Blamed for Topeka Health Clinic Loss

2009-06-13T23:30:00.000-05:00

I live in northeast Kansas. You read stories all the time of companies being the victims from some criminal attacker who is able to place a piece of malware on PC's and stealing money. Well, the headlines read that a Topeka health clinic, Sisters of Charity Marian Clinic, filed charges of a loss of $100,000 from their bank account. It is sad to read things like these, but in my line of work, it doesn't surprise me. Click here to read the Topeka newspaper story.

I'm sure that computer security awareness was not a part of the clinic's budget. They probably didn't have much of a budget at all for that matter for computer security. This could have happened a couple of different ways. It could have been an e-mail that came in that had either malicious links or attachments that someone from the clinic clicked on. This would be my guess as to how this happened. Or, it could have been just casual browsing on a legitimate website that had been hacked and malicious code injected that redirected them to a site which attacked the computer.

This computer was probably not patched. Probably Adobe Reader was an older version, or Microsoft patches that were not up to date. It doesn't matter what the vulnerable application was, it happened and it sucks that an organization that does what the Sisters of Charity Marian Clinic does, has to suffer such a loss.

Hopefully they can find out who was behind this, but the chances are, the responsible parties are located in a country that we have no way of getting to them. Possibly and eastern European country like Romania, or possibly Russia, or China will be where they were located. Hopefully the clinic will take computer security much more serious now. Knowing Topeka, there aren't a whole lot of options for the clinic to get the education they need so they will probably turn to the Geek Squad (I really hope not).

I guess the lesson learned is if you are doing financial transactions on a PC, you really need to make sure that patches are up to date, the machine is scanned often, and don't rely on just anti-virus alone. There are other options for you that will help protect these assets so things like this won't happen again also.

Stay safe out there, and have a great rest of the weekend.

June's Patch Tuesday

2009-06-09T05:15:00.000-05:00

It's patch Tuesday for all you Microsoft users. That accounts for most computer users. If you don't have your computer set to download your patches automatically, you ought to go do that right now. This month is a busy Patch Tuesday. Also today is the start of Adobe pushing out regular updates to their software. We'll see how this goes. Adobe has a horrible reputation at this point when it comes to having vulnerable software (Adobe Reader, Acrobat, etc.) that the bad guys are using regularly. Hopefully this is a start to making a bad situation better.

Have a great week!

Lessons Learned - Do Not Share Passwords

2009-06-06T15:25:00.000-05:00

Passwords are an amazing thing. They are the key to many things in our lives. To our bank accounts, retirement accounts, e-mail, FaceBook, LinkedIn, and Twitter just to name a few. Today I have a story about my son and his ex-girlfriend who just so happened to know his password to his gmail account and his FaceBook passwords. I didn't ask, but I'm assuming that they were probably the same.

Lessons Learned

Don't share passwords with anyone!

Don't use the same password for multiple accounts.

Don't rely on FaceBook to respond too quickly. Hacked accounts are common.

Today our lives are out there on the Internet with all the social networks. When accounts can be taken over by someone, things can start to go wrong quickly. Sometimes hackers take control of these accounts when they are able to compromise your PC due to you not keeping your PC software up to date. Or worse, some you know and loved but now you've parted ways. Sometimes not on the best of terms. That is when things can turn bad quickly. So protect yourself, my recommendation is not to share these passwords at all. Don't re-use the same password. Once a hacker steals your login credentials, they probably have many more of your accounts because if you are like most, you use the same user ID and password for multiple accounts.

OK, well have a super fabulous Saturday night and to the rest of the weekend also. Stay safe out there.

Trust No One - A Twitter Example

2009-06-03T22:33:00.000-05:00

I don't hide the fact that I'm a Kansas University Jayhawk fan. And after reading an article from the Lawrence Journal World where someone purporting to be Xavier Henry who opened a Twitter account. Last weekend, whoever this person was, posted a tweet about Carl Henry said something about having second thoughts about Xavier and CJ Henry coming to KU next year.

Well, father Carl contacted rivals.com and confirmed that both Xavier and CJ were enrolled at KU and will be attending KU in the Fall. Of course some took this to be gospel and so the Henry's are probably not big Twitter fans.

This should be a lesson about social networking sites like Twitter, FaceBook, etc, that you really don't know who is behind those accounts. Take my advice, trust no one.

Be careful out there and stay safe.

Apple Refuses to Patch Java

2009-05-30T22:19:00.000-05:00

So there was this Java issue that was reported to Sun. They fixed it back in December of 2008. Well the most recent security updates released by Apple for Mac users did not include this fix. So why? All the talk about Mac users being more secure in the commercials seems to have gone by the way side.

Apple has been asked and they are pulling that "Apple attitude" and it is coming out strong. So Mac users beware! You are vulnerable to this simple drive-by exploit. And so a researcher who has gotten fed up with the lack of cooperation from Apple, decided to post proof of concept code to Milw0rm last week. If they already haven't started, they are sure to show up soon. So what can Mac users do? Disable Java at this point until Apple decides to take security serious. Apple sucks for not fixing this problem like all the other vendors have.

Stay safe and have a happy Sunday.

Twitter Credentials Being Stolen

2009-05-30T19:01:00.000-05:00

So recently, some Twitter users were offered a link to Twittercut to gain more followers. It appeared to be coming from a known contact, and they promised you to accumulate more and more followers.

It seems that TwitterCut appeared to be the real Twitter login page. A phishing site for sure.

If a person were tricked into entering their login credentials, Twittercut continued to send the same message you got to all of your contacts. At this point, it appears that no malware is being installed on victim's PCs.

For sure, Twittercut has the login credentials to many Twitter accounts. Twittercut has been listed on services that blacklist malicious sites but was still active just a couple of days ago.

This attack takes advantage of the trust that is built on networks like Twitter, as well as FaceBook, MySpace, LinkedIn, and other social networks. Always beware of messages that are unsolicited. My motto is "trust no one".

Stay safe and have a fabulous rest of the weekend.

FaceBook Porn Star Name App - Be Careful

2009-05-25T11:05:00.000-05:00

So have you seen the application on FaceBook where you can figure out your porn star name? They way it works is you take your first pet's name, along with your mother's maiden name. I've not personally used this application, but I've also heard that another piece of the puzzle is the street you grew up on.

Now lets ask ourselves some questions. When you are setting up an account online, there are ways that you can recover your password if you forget it by setting up certain security questions. These security questions just happen to be your first pet's name, mother's maiden name, and the street you grew up on. So you have to ask the question, was this application written to harvest information that could possibly be used to break in to people's accounts? I can't be sure, but this shows us that you need to be very careful of information that you put out there on the Internet.

I would suggest that when you set up an online account, and they ask security questions, it is OK to lie. You would also definitely want to write these answers down so you would remember them. Now I know some accounts that are tied to financial accounts have started using other security questions that do not include the peices of information that apps like "what is your porn star name". If not, LIE!!! Just a little more information that will keep yourself more secure with online accounts that have this password recovery system in place.

Hope everyone is having a great Memorial Day holiday. Stay safe.

Facebook Links - Trust Them or Not?

2009-05-08T21:24:00.000-05:00

So you new to computers in general, or new to social networks like FaceBook? If so, listen up. One of the ways the bad guys take advantage of people is to take advantage of the trust factor that is built up with social networks.

How can this happen? Let's just say you happen to go to a website....say usatoday.com. And lets say you just happen to be unlucky and an ad that flashes up on the usatoday.com site happens to be one that the criminal bad guy has taken advantage of and planted a redirect that takes you to a site that runs the latest and greatest attacks on your computer. Could be a malformed PDF, Word, or Excel document. Next thing you know, your PC is being watched by the bad guy.

After a PC is has been infected with malicious software (Malware), some of the things bad guys try and steal are e-mail accounts, social network accounts, etc. Along with these of course, they also are looking for banking credentials, credit card credentials too. Now what? The bad guy has to keep spreading his malicious software around and take over more and more computers. This is how they continue to exist. Computers get cleaned from time to time so they are always looking to take advantage of people and tricking them to go places they really shouldn't go and take control of new computers.

With someone else's Facebook signon credentials, they can now send a message to all of your contacts with a link to a malicious website. Your friends trust you, so your friends click and BAM! They are now under the control of the bad guy and this scenario just continues to roll along. So, my advice to you is this when it comes to links sent from friends. DON'T CLICK ON THEM!!

Hang in there. Have fun, but be safe. Have a great weekend!

Friend's E-mail Account Hacked

2009-05-05T04:28:00.001-05:00

The other day, I received an e-mail from a friend with a subject line of "Look". The body of the e-mail was short and sweet. It said "* Hi! Click the link, there is something funny for you" followed by a link that looked innocent enough to me. The computer security person in me thought this was a bit strange so I did a little checking on the site that was referenced in my friends e-mail.

After some checking, I found that the site was considered malicious and was hosted in China. I responded back to my friend and said that the computer security person in me wondered if he really had sent this. No response. Another few days and I get another e-mail from him with the same link. At this point, I contact him and he says no he didn't send me or any of the other contacts he had in his address book that were included on this e-mail.

Lesson, my friend had his e-mail account hijacked. The attacker who had control was trying to take advantage of the trust between my friend and his contacts in his address book. I sent a response to all the others who received the e-mail warning them of the malicious link. I never heard back from anyone but I had done my part.

Be careful when you receive an e-mail from a friend with a link, and this is also true of the other social networks like FaceBook, MySpace, and LinkedIn. My motto in computer security is to trust no one. Don't just randomly click on links just because one of your friends sends you a link. Hijacked accounts will send out messagse with malicious links and take advantage of the trust that is built up on these types of networks.

Be careful out there and stay safe. Happy Tuesday!

Patch Tuesday Happens - Make Sure You Patch

2009-04-19T12:58:00.000-05:00

Well this past Tuesday, Microsoft pushed out 8 security patches that corrected at least 23 security vulnerabilities in Access, Word, Internet Explorer just to name a few. With all the talk in the national media about the April 1, Conficker Worm, this should make people check and verify that your updates have worked.

It is very important that patches happen, and the Conficker Worm should be your example. Microsoft came out late in October of 2008 with a patch (MS08-067). Many folks didn't update with this patch. Actually, millions of PC's didn't have the patch. So this allowed the criminal element behind Conficker to spread itself so fast and so successful.

So this is your reminder that patching is extremely important. Make sure your PC is set to download your Microsoft updates automatically. You can either select to install them automatically or notify you when updates are needing to be applied.

Another weekend is drawing to an end so lets get ready for the new week. Stay safe and be careful out there.

A Conficker Update

2009-04-12T18:23:00.001-05:00

I wrote on March 31 about my thoughts on what would happen on April 1 when the Conficker Worm was supposed to come to life and melt the Internet as we know it. All the major media outlets running stories on this major outbreak of malware on the Internet...like it just started. I say to this, welcome major media outlets. The Internet has been infected for a long time. Taking steps to protect yourself should be done in order to not have personal information about you stolen by cyber criminals.

Why all the hype? Probably the main responsibility for spreading the hype was all the security vendors such as AV vendors, and other companies dealing in computer security. Nothing really happened April 1. Now on Thursday of this past week, the Conficker Worm started to push payloads to the infected hosts out there on the Internet. Things that were seen included keyloggers, rootkit functionality, and rogue anti-virus or fake AV which has been common in the past 6 to 9 months.

If you patched your Windows OS when they came out with updates in October of 2008, and use strong passwords, and disable autorun, you are probably just fine. You must always be on the lookout for new attack vectors. The bad guys are out there and they want to gain financially at your expense. Learn to protect yourself. I have many posts in the past that should help you in taking the steps to stay safe.

Stay safe, hope your weekend was fabulous and bring on the new week!

Media Hype about Conficker

2009-03-31T18:39:00.000-05:00

The major media outlets are shouting from the mountain top about this horrible virus that will ruin the Internet as we know it. In my opinion, not much will happen April 1. Actually the USA only accounts for 5.8 % of all machines that are compromised. I don't normally watch CBS's 60 Minutes but I stopped when I heard the story about Conficker. If you saw the examples they showed, it is all true. You can get malware on your PC even if you have a firewall and AV.

What people should worry about is what happens after April 1. The criminals behind Conficker don't want the Internet to meltdown. This is how they make their money. And where are these attackers from? Most likely China, Russia, or some other Eastern European country.

Microsoft issued an out of band patch back on 10/23/08 that closed this vulnerability. Do you patch? If not, I preach it. Look up prior posts that I've written about on ways to make you more up to date with security patches. I recommend that you go to Secunia and download their client that helps you keep up to date on Microsoft, Adobe, and many other vendor software.

So when you wake up tomorrow, I'm sure that the Internet will still be there. You will be able to check your FaceBook, Twitter, etc. Not much will change. Just realize that the Internet is full of malware. They really know how to evade security software by morphing so that security vendors can't get a good signature of the virus. The Internet is already full of malware today. It will be full of it tomorrow. Learn to be more secure. Realize that it is a risk to be on the Internet. Learn to accept the risk and have fun.

Stay safe and have a fabulous April Fool's Day.

Holding Your Documents for Ransom

2009-03-22T17:08:00.000-05:00

Well we've talked several times over the recent past of the evolution of the rogue anti-virus malware that has been working like a charm. It basically is malware that says your PC has malware and you need to buy their product to clean them. Well those behind these types of attacks have now started a nasty twist. It isn't the first time. This has been done in the past.

They take all your documents in the "My Documents" folder (default doc folder for Windows) and encrypts the files. And for a fee, say $50 they will let you have your documents back. Pretty nasty trick I'd say.

Some of the things we've talked about in the past to combat these is to keep your applications such as your Windows updates current as well as RealPlayer, WinZip, WinAmp, QuickTime, Adobe Reader and Flash, as well as iTunes. Keeping these up to date will not allow the criminal attacker the ability to run code remotely on your PC. Check back on some of my previous posts that help you keep you PC humming along.

Posting this on Sunday and my KU Jayhawks rolled into the Sweet 16 in this year's March Madness tourney. Good luck next weekend guys and lets keep it rolling! ROCK CHALK JAYHAWK!!!

Bad Guys Use March Madness as Bait

2009-03-16T17:25:00.000-05:00

Leave it to the dirty rotten scoundrels who take advantage of people with current events. In the USA, March Madness is going on and many of you fill out brackets in the office pools. Not knowing all the teams that have been selected, you end up researching on the Internet. Showing up in some of the top Google searches as well as ASK.com are some malicious sites. These booby trapped sites will attack your PC by running exploits against vulnerable applications like PDF, Excel, flash, etc.

The folks over at Websense have the details posted on their site that you need to check out. Just click here to read that story. Trust no one. Be careful what you click on. It may not be what it appears to be.

Adobe Patches Version 9

2009-03-11T21:50:00.000-05:00

Adobe has released a patch for the Adobe Reader/Acrobat for their version 9 of the software. Coming soon are patches for versions 7 and 8. If you have version 9, go patch. Stay safe.

Why is MyWindows PC Slow?

2009-03-11T21:18:00.000-05:00

I'm often approached by friends and family that they have a PC that is running sluggish. So I thought I would publish a story that explains some of the reasons why this happens.

1) Probably the number one reason a Windows PC starts running slower is because some type of malware (malicious software) has been installed. More than likely you the user does not know this has happened. This is probably the top reason why Windows PC's start to run slower.

2) Another reason Windows PC's start to run slower is because when you purchased the PC, the amount of memory that was installed was not enough and as you purchase more applications to run, it just starts running slower due to lack of memory. You may want to visit www.crucial.com and see about purchasing more memory.

3) Many programs when you install them, have a service that starts up at boot up time. Many times they are not needed and you may want to review those applications that start up at boot time. Adobe, RealPlayer, and others can be eliminated from the start up. You can click this link I wrote on CCleaner. It has a handy tool that shows you what applications start up and gives you an easy way of deleting them.

4) As time goes by, you've installed and uninstalled many applications and sometimes the Windows Registry can get sort of frapped up. Once again, my previous reference to CCleaner, it has a tool that cleans up your registry. Click here for that posting.

5) Another reason that Windows PC's perform sluggish is due to a too intrusive of an Anti-Virus application. OK, I believe that Symantec's AV product is too labor intensive for home users. I personally use AVG's AV. Not as labor intense.

These are just a few reasons that slow Windows PC's. There are others but I consider these as the top ones that you can conentrate on. Stay safe and have a great rest of the week.

Obama Has My E-mail Address!

2009-03-02T17:49:00.000-06:00

OK, it really isn't the real President Obama. It is the work of social engineers who are trying to entice you into clicking on links that promise you money from the stimulus bill that was recently signed in to law. Here is my friendly reminder to NEVER click on unsolicited links or attachments. Don't be a fool.

Spammers are always trying to figure out ways to get people to click on there tricks. I actually have 3 identical e-mails from someone purporting to be the president and he has money for me.

Hope your week has started off good and I hear the warm weather is coming! Stay safe.

ID Theft Up in 2008

2009-03-01T15:51:00.000-06:00

That headline shouldn't be much of a shocker. The FTC has gathered statistical information on complaints received. Click here for the link to the original story from CNET. You can see each year it increases.

With data breaches like Heartland Payment Systems will add to those numbers in 2009 so protect yourself as much as you possibly can.

Kansas University Jayhawks put it the big hurt on the Missouri Tigers today. ROCK CHALK JAYHAWK!!!

Stay safe and have a great week this week!

Adobe, Microsoft, Facebook

2009-02-28T13:04:00.000-06:00

Well this week has been all about the Adobe Reader/Acrobat 0day vulnerability, but Adobe did release updates to Flash this week. Along with the 0day that Adobe has, word comes out that Microsoft has their own 0day vulnerability that is being seen in only targeted attacks.

Really the best defense against these types of attacks is YOU. You have to decide if you are going to click on either a link that takes you to a document either through e-mail or a web site. Trust no one is my best advice.

Now turning to Facebook. This past week there have been a couple of apps that folks fall for. Both attacks are types of social engineering that try to get you to enter your login credentials. Folks, if you are already logged on to Facebook or whatever other site you are on and you click something that prompts you to login, DON'T DO IT!! Something is wrong with that scenario.

OK, hope you all are having a fabulous weekend and snow sucks. Stay safe and Rock Chalk Jayhawk!!

Adobe Reader and Acrobat Being Exploited

2009-02-20T23:10:00.000-06:00

Thursday, the folks at Adobe announced that there was a vulnerability that is currently being exploited in all version 9 and earlier. The security group over at Shadowserver.org has been seeing targeted attacks that exploit this vulnerability that allows an attacker remote code execution. That sucks.

Brian Krebs from SecurityFix blog has a write up that you can read more details. Brian does a fabulous job keeping folks informed of computer security issues. Click here to read his post about the Adobe vulnerability. Adobe has a write up on their site too and you can click here to read that post.

As always you should never click on attachments or links in unsolicited e-mails. Stay safe and have a fabulous weekend.

More Scareware, Rogue Security Software

2009-02-14T17:01:00.000-06:00

The folks over at Silent Noise indicated there is yet another version of the fake anti-virus that has been plaguing folks for many months now. This version isn't being recognized by anti-virus very well at all at this point. It is called AntispyKnight. Click here to read about Silent Noise's write-up on this new.

Great game today by the Kansas University Jayhawks. They beat those nasty KSU Wildcats. Stay safe and have a fabulous rest of the weekend.

Spammers Ready to use Stimulus as Bait

2009-02-13T19:35:00.000-06:00

OK folks. I'm not going to bring politics into too much of my blog, but this stimulus bill absolutely sucks. Spending money we don't have. Well beware, spammers are already sending out spam for people to click here to get YOUR STIMULUS CHECK. OMG!!! Don't do it! But you know some will. If you are a reader of mine, just dump this just like you do the other spam that arrives in your e-mail inbox.

Hope all is well with everyone and all of you remember those you love on Valentine's Day. Rock Chalk Jayhawk. Hope we kick some Wildcat tail.

Heartland Payment Systems Breach Growing

2009-02-12T22:04:00.000-06:00

I wrote about the Heartland Payment Systems breach that was announced on January 20, 2009. Financial institutions all across North America have been contacting their customers in the past few weeks informing them that their credit card or debit card has been compromised due to this large breach. I personally know many folks affected where I live in the great Mid-west. They’ve got their letters telling them a new card is on its way.

I believe this breach will surpass the breach that TJMaxx had. Their final total was around 94 million cards that were compromised. This one, I believe, will surpass the 100 million total. There is a site that has been reporting what banks have contacted them stating that they have been affected by this breach. It is far from complete. Click here to see an update from the site bankinfosecurity.com.

Hope you have all had a great week. Friday is just around the corner. Have a fabulous weekend. And of course, Rock Chalk Jayhawk…Let’s kick the Wildcats behind Saturday!!

CCleaner A Good Tool for Your Toolbox

2009-02-08T23:42:00.000-06:00

OK, I have a tool for you to check out if you are a Windows user. The tool is called CCleaner. Click here for additional information. I'm going to give you some things I like about it. First of all, it is a free tool. I recommend you download it use it on a regular scheduled basis.

It combines a system cleaner that cleans your PC of unused temporary files from your PC. On top of that, it also has a great registry cleaner too. The reason you want to run this is that it allows you to keep your Windows system running faster and it also frees up hard drive space. It also has a nice section that helps you clean up all those tasks that happen when your system starts up. Seems like every application that you install with the default setup will always start up at boot time. You don't need to do this and this can slow your PC when your system tray is full of all these started applications.

Hope you all had a great weekend and of course ROCK CHALK JAYHAWK!!

Best Buy West Palm Beach - Breach

2009-02-06T21:54:00.000-06:00

Sucks to be a customer of the Best Buy store in West Palm Beach. Sounds like a former employee was skimming credit cards from Best Buy customers. Best Buy has an announcement on their website. They believe that approximately 4,000 people could be affected. The time frame of this breach was in November and December of 2008

Click here for Best Buy's announcement on their website.

Injection Attacks Continue - Update iwdown

2009-02-01T16:30:00.000-06:00

Well the Super Bowl is going to be starting in an hour and I'm ready to check those commercials out. I've watched the number of sites showing up that have been affected by hxxp://iwdown.com/inc/e.js that is hosted in China. A few days ago when I wrote my first post on this injection attack, the Google search results showed roughly 135,000 sites that been affected. Today, it is roughly 430,000. Now realize these numbers aren't exact, but it gives you an idea how things are progressing.

Hope your team wins tonight in the Super Bowl and hope your weekend has been great.

February = Malicious E-cards for Valentine's Day

2009-02-01T08:38:00.000-06:00

February is here and with it, love is in the air. As February 14 nears, expect to see some fake e-cards from people you don't know to show up in your inbox. They are already being seen by some security research companies. All you have to do is remember this easy statement. NEVER click on any attachments or links in unsolicited e-mails. Anymore today, you can't even trust e-mail from those you know because if they are hacked, expect everyone in their contact list to get malicious spam e-mails also.

Have a happy Super Bowl Day today. I'm cheering for the Cards. Always hanging with the underdogs. Stay safe.

Injection Attacks Continue

2009-01-29T21:29:00.000-06:00

In my line of work I come across websites that have been hacked and code is injected leading to a website loaded with malware ready to take advantage of people who don't patch their PC's. Today was the website executivehomemaker.com. Hidden inside this legitimate site is a redirect to hxxp://iwdown.com/inc/e.js. A site hosted in China.

This is just another in a long line of sites with vulnerabilities that allow the bad guys to take advantage of the casual surfers. They don't patch, they probably click on links in spam e-mails and on and on. My last search on the iwdown site shows 135,000 sites with these injections. Click here an see the search results.

Stay safe and have a fabulous weekend and ROCK CHALK JAYHAWK!

Asprox Botnet is Back!!

2009-01-24T23:36:00.000-06:00

The Asprox botnet has come back to life with malicious injections into legitimate websites. Click here to see the Google search on the malicious injection. The site hosting the malicious code is h!!p://www.wmpd.ru. Now let me warn you, DO NOT CLICK ON THESE LINKS!!! These websites in this search have a vulnerability that allows attackers to inject this code. They need to close the vulnerability or they will continue to have possible attacks on their websites.

It is a good idea to avoid these sites. If your PC is not patched with all the software you have installed, then your PC can fall victim to the attackers and your PC can then be in control of the attacker and their botnet.

Hope everyone is having a safe weekend and I hope it is warmer where you are than here in the state of Kansas.

Monster.com/USAJobs.gov sites Compromised

2009-01-24T00:36:00.000-06:00

Read on Internet Storm Center's website that Monster.com and USAJobs.gov had their databases compromised. Click here to read the details from ISC. Information from these databases was stolen. USAJobs.gov's database is administered by Monster. Click here for USAJobs.gov post detailing the information they know. Click here for Monster.com's post detailing the information they know.

So what are the dangers? Thing targeted spear phishing attacks to follow on the heels of this compromise. Those on Monster and USAJobs will now be in the cross hairs of malicious attackers. From the press releases, login credentials were also taken so if you are one of those who likes to use the same password for many things, as Joel Esler states in the ISC Diary posting, might be a good time to go change that password on yourbankhere.com. We've talked about not using the same password for everything, especially financial accounts.

Heartland Payment Systems - Data Breach

2009-01-23T13:24:00.000-06:00

This week on Tuesday, the busiest news day here in the United States, an
announcement was made by Heartland Payment Systems that they uncovered
malicious software in their processing system. They ONLY process about 100
million transactions each month so surely this isn't that big of a deal.

It is early on in the investigation, but this data breach may even
de-throne TJX and their 94 million cards compromised back in 2006-2007.
This company serves more than 250,000 businesses ranging from restaurants,
retailers, convenience stores including pay-at-the-pump, to payroll
systems.

According to the New York Times, the malicious code was introduced into the Heartland Payment System's infrastructure as early asMay 2008. And Heartland didn't actually take the matter seriously until late Fall of 2008. They were contacted by VISA and MasterCard twice before they took this seriously. Then they chose inauguration day to make its announcement. Precious!

I would suggest to everyone to monitor closely your credit card statements and bank accounts if you like to use your debit card. Report any fraudulent charges immediately to your card issuer. Just a couple of weeks ago, there was a report of small charges, as little as .25 cents run through many credit card accounts. Some theorize someone is trying to find out if illegally obtained credit card numbers will work before making larger charges.

From Heartland's own special website www.2008breach.com, they are saying that this may be the result of widespread global cyber fraud operation and that the US Secret Service and the US Department of Justice are involved in the investigation.

UPDATE: I do know that banks are currently contacting customers who may have had a credit or debit card compromised in this data breach.

Fake Antivirus Scenario

2009-01-19T21:09:00.000-06:00

So you do a search in your favorite search engine like Google, Yahoo, or others. You search on a topic of interest, then you click the link to see if it is something you were researching on.

But when you click on the link it does not take you to the site. It pops up a message that looks like this. It's kind of a scary message that says hey you have some bad stuff on your machine.

Now if you get this message, I would advise you not click on the OK or the Cancel buttons. Wouldn't even click on the X. Interesting thing is the bad guy has disabled the ability to go down to the START bar in Windows and right click the Windows Internet Explorer to close it. So here is my advice to close that Explorer window. Bring up the Task List (Cntl + Alt + Dlt) and then kill it from there.

Stay safe out there and Rock Chalk Jayhawk!!!!!

Huge Botnet Being Built by Downadup

2009-01-18T20:07:00.000-06:00

A huge number of PC's are being compromised because they lack the patch for MS08-067. This was one of those out of band patches Microsoft came out with in the 4th quarter of 2008. Patching your Windows PC is so very important. F-Secure, a security research firm has been tracking this over the past week. I'm linking you to a story out of ComputerWorld.com. Click here to read how this botnet is growing super fast.

Might want to check out the patches that are installed on your PC. Make sure that you have MS08-067 installed. Run your Microsoft update to see if you are up to date.

Hope you all are having a great weekend. Stay safe.

Twitter Security Does Not Equal 'happiness'

2009-01-08T21:37:00.000-06:00

If you have listened to the news lately, and you are a user of Twitter you have heard about a phishing attack that happened a few days ago, and then shortly after that. The story goes, there was an employee of Twitter who had a weak password and the 18 year old hacker used a dictionary attack on some Twitter accounts and just so happened to crack the password. Once the hacker knew what account they actually hacked, he realized that he was able to take control of anyone's Twitter account.

So, Bill O'Reilly, Brittney Spears, Barrack Obama, just to name a few, all had their Twitter account passwords reset and then they were under control of the bad guy. To make a long story short, the Twitter account that was hacked had a password that was a word from a dictionary. It happened to be 'happiness'. Any word that can be found in the dictionary is considered a weak password. So here is my lesson on creating passwords.

Steps in creating a strong password are as follows.
1) Make a passphrase that is more than 10 characters.
2) Use a combination of upper and lower case letters as well as numbers and special characters.
3) Don't use the same password for multiple accounts, especially financial accounts.

So you want examples? What about your favorite vacation spot? So you love to travel to Rocky Mountain National Park. So you could create a password that incorporates special characters, numbers, and upper and lower case letters. How is this for a password. iL0v3therock1es. There is a 15 character password that isn't too hard to remember. You can use all kinds of things like this to create you a strong password.

Don't be a twit. Use strong passwords. Have a great Friday tomorrow and I'm planning on a fabulous weekend!

Phone Scamming Bastards!

2009-01-05T15:20:00.000-06:00

I just got a call that when I answered was a recorded message that said something like "your warranty on your new vehicle is about to expire. Push 1 to talk to a warranty specialist, or push 2 to close your warranty out." So just for fun, I pushed 1. Then I get this real operator on the line who asks me the year and model of my car. So being a suspicious person, I said he should know what year and model my car is because he has the file in front of him. Then total silence....then I was disconnected.

The moral of this story is, ALWAYS be careful what you give out over the phone. I'm not really sure what type of information they were wanting or what they were wanting to sell me but the call was cut pretty short. It just so happens that I do have a car that is under warranty so it made me just a bit curious. Never give out information on the phone, especially to people claiming to be from your financial institution. If you question the caller, always hang up and call your institution.

Have a great week!

Cyber Attacks a Part of Arsenal

2009-01-03T20:34:00.000-06:00

I'm sure you've heard about the violence between Israel and Hamas. Cyber attacks are a part of a Hamas response. Websites in Israel have been attacked using defacements of websites and has escalated to denial of service attacks and more. If you remember last year, attacks using military and cyber warfare was used against Georgia also. Seems as this is becoming just another part of attacks on your enemies. Not only with military strikes, but also with cyber attacks.

Click here to read a short update from the guys and gals at the Internet Storm Center. They do a fabulous job and are a great resource to keep up with what is going on in computer security.

Rock Chalk Jayhawk! Go KU! The guys from Kansas University put it to the Volunteers of Tennesse today in Allen Field House.

Bot Activity Blocks Me from Computer Security Page

2009-01-01T17:35:00.000-06:00

Well this evening I was going through stories listed on one of my favorite sites for computer security news. I keep up daily on what is going on as a part of my job. Tonight, I find that they have blocked me because there has been too much "bot activity" and "script kiddie activity" from my IP range. Well, I'm in northeast Kansas near Kansas City and my service provider is Cox Communications. What does this tell me, well it tells me that there are a lot of folks here in my area within my IP range have compromised PC's.

Hey folks! Read my blog and maybe you can keep yourself better protected than you are right now. Here is a picture of the screen I get. Actually pretty funny because it is animated but it ticks me off that I am blocked. Wishing people would be more responsible. Well I'm out for now. Hopefully you all had a fabulous New Year and I've got to go to work tomorrow.

Fake AV - Stubborn to Rid from Your PC

2008-12-31T23:29:00.000-06:00

I've worked on a few of these fake AV's on friend's PC's. These run bogus scans and tells you that you have bunches of malware that is infecting your machine. It prevents you from going to websites to get cleaning software. Prevents your legitimate AV from updating. Turns your Automatic Updates off. Gives you the fake Microsoft Windows Security Shield and tells you that you need to activate whatever the current name of AV that is installed on your PC. Some give you fake BSOD (Blue Screen of Death). Popups take over your PC. Your browser is hijacked.

It goes by many different names. Total Protect 2009, eXPress Antivirus 2009, iSafe 2009 (Sounds like an Apple application), Antivirus 360, Perfect Defender 2009, and on and on and on. This is just some of the more recent fake AV's that have been plaguing PC's lately.

It's tough to remove this type of malware because it defends itself very well. The best thing is to not get the nasty stuff. The most common delivery method is social engineering. Tricking you into installing the malware yourself. Be wary of messages sent to you from friends on social networking sites like MySpace, FaceBook, etc. A very effective way of propagating itself is once it is installed on a PC, any user of these social networking sites sends messages to all the friends on you list trying to trick your friends into installing this malware.

Stay safe. My Kansas University Jayhawks rocked the Insight Bowl earlier tonight 42 to 21 against Minnesota. Hope you had a safe and happy New Year!

More and More Fake AV!

2008-12-30T20:52:00.000-06:00

Just recently, Microsoft built in to its malware removal tool a lot of the fake AV's that have been infecting so many PC's. And now of course we find even more fake AV's seemingly going strong. Click here to read a posting from the Internet Storm Center. Seems that the way they are infecting PC's is through a very effective way of social engineering.

Play it smart, don't just randomly click on things, and patch your software applications like, Adobe, all your Microsoft applications, etc. I've written previous posts that talks about the Secunia Tool that helps you keep up to date.

Stay safe, and have a Happy New Year! Rock Chalk Jayhawk. Insight Bowl on December 31.

Same Old Story - Malicous eCards

2008-12-25T17:34:00.000-06:00

Well, just a warning to all this holiday season that the bad guys are still using the malicious eCards sent via e-mail. Be warned, don't open them!! You can click here to read the story from the Internet Storm Center.

Hopefully all of you have been good boys and girls and Santa has rewarded you well this Christmas. Take care and have a safe holiday season.

Antivirus 2009 Really Sucks

2008-12-24T15:10:00.000-06:00

I have commented a few times about all the fake AV going around the Internet. It appears that it morphs and adds "enhancements" that defends itself well. Turning off Microsoft Automatic Updates, not allowing you to browse to sites that will help you clean your PC, etc.

Well I ran across another blog today written by Gary Warner. He has a nice detailed post going into the details of how the bad guys are taking advantage of Google searches to raise their ratings that when people click on these links, it infects your PC with fake AV.

Click here to learn more on how the bad guys take advantage of things we use everyday, Google, and use it to propagate their nasty malware. Hey Nancy, this may be how it got installed on your PC!

Stay safe, have a Merry Christmas and a happy and safe New Year!

Computer Security: Who is Responsible?

2008-12-21T18:49:00.000-06:00

Hey everyone. Hope all is well with you this weekend before Christmas. Thinking of topics to write on, I decided to give my opinion on responsibility when someone does not secure their PC and are hacked. Let's say that you are on your home PC and someone in your house either clicks on some link or attachment that causes the PC to be hacked (compromised), and now you have your banking credentials stolen by some individual. This individual now is allowed to make transfers from your account. Who's fault is it?

My opinion is that individual responsibility includes securing your PC at home. So when I hear a story about someone having this happen, I believe the individual really should have taken steps to secure their PC. Hey, everyone knows there are risks but who takes more responsibility? You or your bank? Well I say it is you. Owning a PC and connecting to the Internet you should know how to secure your PC for your own safety.

Computer security is so much more than just installing anti-virus and firewall. You need to know there are not so nice websites that can lead to your PC being hacked. You also need to be aware that random clicking on unsolicited links or attachments in e-mails will also get you in trouble.

Then you have organizations like the Geek Squad who really do no teaching but they are VERY willing to take your money when you mess your machine up with a bunch of crapware. You know, all that malicious software that causes your PC to run slowly and possibly be used in a botnet which really spells bad news.

So what do you do? You learn of sites that will teach you. There are a plethora of blogs and websites that talk about securing your PC. Mine and tons of others that are written by some of the brightest security people around (and I'm not including myself in that group). Take some steps to start to learn of all the threats. When I help people with their PC problems, I take that opportunity to teach them of things they should be doing to be more protected.

That is enough ranting for now. Get all that shopping done and actual save yourself some stress this Holiday season.

Examing A Spam E-mail

2008-12-18T21:49:00.000-06:00

Some days you get e-mails that are obviously spam e-mails. Just the little things you look at and can tell right away that it is not real. Above you can see a copy of the e-mail. Right away you know that the fake UPS e-mails are still going around. Now someone in SPAMMERVILLE should tell them UPS stands for United Parcel Service. Not United Postal Service. LOL

Have a great Thursday tomorrow!

Microsoft Has Early Gift for Christmas to All MS Users

2008-12-16T19:53:00.000-06:00

Microsoft has announced that they will be issuing an out of band patch December 17, 2008 that will patch the security vulnerability in all versions of Internet Explorer. So be watching for that patch to come down and get Internet Explorer patched. If you want to read additional details, click here for Microsoft's announcement.

Have a great Out of Band Patch Wednesday!

All Versions of Microsoft Internet Explorer Vulnerable

2008-12-16T05:24:00.000-06:00

Microsoft came out late last week and stated that there was a vulnerability in their Internet Explorer 7 browser. Over the weekend, the list continued to expand and now pretty much all versions of MSIE are vulnerable to an upatched problem (0 Day). If you've been waiting for a good time to try an alternative browser, why not try Firefox. Click here to download the latest version of Firefox and while you are at it, install the add-on called NoScript.

Have a fabulous Tuesday!

Defend Against the Zero Day Internet Explorer Vulnerability

2008-12-13T00:26:00.000-06:00

OK, if you haven't heard, Microsoft's Internet Explorer which is probably the most widely used browser in the world has a problem. There currently is a vulnerability that is being exploited by the bad guys and it affects most versions of IE. So Microsoft has some suggestions on how to mitigate the problem, but a common step to defend yourself is to use another browser. I suggest that you try Firefox and this would be a great time to do so.

After downloading the browser, then you can install a great tool that works with the Firefox browser called NoScript. Just Google it and you will find it. Install that tool and play with the settings. Trust me, it will take some getting used to but after you have your web sites you visit regularly setup, then it is a piece of cake. I've written previous posts about Firefox and NoScript so look back at those if you like.

If you really want to get wild and crazy, install Ubuntu on your PC at home and test drive it. The current version is 8.10. It installs great and after you get done, you will have a dual boot option of your normal Windows operating system, but you will also have a more secure OS in Ubuntu. Live on the wild side and test drive it today. Can't think of a better time to do so.

Have a great weekend and I will try to do the same.

Fake AV Still Going Strong!

2008-12-10T22:47:00.000-06:00

I assist people I know in cleaning their PC's. I've seen some really bad ones in my time. There is one constant this year. Fake AV. It continues to morph and change and continues its strong success. If you really want to get your geek on and read more about it, there is a guy, Dancho Danchev who has a blog and he has written extensively on the Fake AV attacks that have been going on for quite some time this year and it doesn't seem that it has lost much steam as of yet.

Patch, be careful when opening attachments, and don't just randomly click on links or attachments in unsolicited e-mails. Read the story I posted about Secunia's PSI tool to assist you in keeping your PC patched so the bad guys don't have such an easy time at your expense. Take care!

Microsoft Patch Tuesday an Early Present

2008-12-10T22:41:00.000-06:00

Hey if you didn't already know, Microsoft has given you a rather large update this December. Click here to read the Internet Storm Center's review of all the patches. A lot of red showing up meaning the patches are critical. They include OS, IE, Office, and so on. Patch, patch, patch!!

Keep Updated with Secunia's PSI

2008-12-10T22:33:00.000-06:00

So, do you want something that is almost the equivalent of the Easy Button to keep your PC's at home or your small business patched? Here is the answer. Click here to download Secunia's Personal Software Inspector tool. It does an audit of your PC to see what software you have installed and checks to see if there are any security updates that you don't have installed. If it finds any, it gives you this easy to use window with the link to update your software applications.

In a time where you really need to stay on top of things, this little application really does a nice job. So there is no excuse now. Keep up with all those Adobe, Java, Skype, AOL Instant Messenger, and more when you are need of a patch.

It is late Wednesday the day after Patch Tuesday and Microsoft had a large present for you this December so remember if you don't have your PC set to download those updates for you, go check and get your PC patched.

Have a great Thursday and Rock Chalk Jayhawk! Go KU!!

FaceBook Being Used to Spread Malware

2008-12-07T20:24:00.000-06:00

So you are signed up on Facebook.com and you get an e-mail stating that they can't believe what you did in this video. If the user clicks to view the video, a message pops up stating that they need to download some additional software to view the video. Once this has been clicked, malicious software (malware) is downloaded and run and your PC becomes the newest member of some bad guy's botnet.

This is a type of social engineering that makes you click on something and is sort of a trojan (something malicious posing as some useful application). Patching your machine is probably your best defense that you can do for yourself. One tool you can use that checks a wide variety of software on your PC is one from Secunia. Click here to scan your PC to see if you have any vulnerabilities that need patching.

Take care and have a fabulous Monday. I know I will.

Small Credit Unions Equal Compter Security Risk

2008-11-30T16:57:00.000-06:00

OK, it has been a long time since I've posted a story on my blog. I write about computer security. Today's story talks about a couple of small local credit unions here in my town of Topeka. Educational Employees Credit Union and Kansas Super Chief Credit Union sites had what is called a code injection attack on their websites. The site that their customers were re-directed to was hxxp://ytgw123.cn (Don't go to this site. It will attack you PC with exploits.) The attack happened somewhere around September 26th, 2008.

So how did this attack happen? First, the web sites were not coded securely which allowed the criminal attacker to inject this code into the online banking sites for these two credit unions. The attacker didn't actually access the credit union's customer accounts. However, if any of their customers innocently went to either credit union's website, they were re-directed to this malicious site. If not properly patched, these customers probably now have malicious code installed on their PC that could be a password stealer, keylogger, and is now a robot which means someone with bad intentions now controls your PC.

I've been told that the problem has been corrected but I have my doubts. Since I have an account at Educational Employees Credit Union, I will be watching this closely. The problem I see is that this was not reported and customers of EECU and KSCCU have spyware or malware installed on their PC and may not realize it.

Hopefully the company that is contracted to create and maintain these credit union's websites has found the actual vulnerability in their own code and closed this hole. From my experience in computer security, code developers are trained to write code quickly to add to a companies bottom line. They are not trained to code securely. I believe that this situation is so common and customers of these smaller banks and credit unions who have to contract with companies who develop and write code are putting the customers of these institutions in danger of criminal hackers stealing login credentials for their banks and credit union's accounts. I will be watching my credit union. Maybe you should too!

How to Avoid Fake AV

2008-09-20T23:34:00.000-05:00

Have you been one of the many who have had the rogue anti-virus installed on your PC and wondered how you got it? Actions you have taken may have installed this nasty piece of malware. Here are a few of the ways you may have had the fake AV installed on your machine.

Spammed email messages (ecards) that contain malicious links
Instant messaging applications where links are sent as messages
Private messages in social networking sites
As codecs for videos hosted on social networking sites
Downloaded by malware in a prior infection
Mass SEO poisoning involving several compromised Web sites

What happens from that point may vary, but the bad guys goal is to trick the user through a variety of system modifications and scary warning messages that something is wrong with their PCs. These scare tactics include showing fake Windows popup balloons, modifying the PC’s wallpaper to an alarming message, and performing an unsolicited system scan that yields worrying scan results.

These attacks were starting to pop up in August, and they have continued here in September. This basically tells me the attacks are pretty successful. Beware of the social engineering that actually tricks you into installing this rogue AV badware from the criminal attackers.

Stay safe and have a great weekend.

Fire Fighters Targeted in Phishing Scam

2008-09-13T15:55:00.000-05:00

The Boston Fire Fighters Credit Union was targeted in a social engineering scam purporting to take a survey and then they will credit your account with $99.99 after you complete it. Well, those malicious attackers hit paydirt it sounds like. Many fell for it and gave up their credentials for their accounts. Sounds like the Credit Union was notified and hopefully many of the folks who fell for it, aren't going to be out too much money if any.

Click here to read the full story. Remember my advise. If it sounds too good, it probably is. And last, never respond to unsolicited e-mails. Protect yourself and your financial health. Stay safe and we are thinking of those being affected by Ike.

Cleaner 2009 = Fake AV

2008-09-07T18:04:00.000-05:00

Hope the weekend has gone good for you. I've written about Antivirus 2009, now we are seeing another application calling itself Cleaner 2009. It performs system scans that shows false positives or exaggerated spyware results. Even though Cleaner 2009 attempts to look legitimate with its reviews, you don't really want it on your home or small business PC's. Do not fall for it. It is NOT a legitimate spyware removal tool, only a waste of time and, most of all, money.

Cleaner 2009 prompts users with multiple warning messages and popups that state Cleaner 2009 detected spyware on the machine. This is a poor attempt by Cleaner 2009 to get you to purchase the Cleaner 2009 program. Cleaner 2009 program may be difficult to remove manually. I've had a few machines that I have seen with the fake AV on it and it is a pesky thing to get rid of. Popular rogue anti-spyware programs like Cleaner 2009 are dressed up and renamed to confuse unsuspecting computer users.

Stay safe and have a fabulous weekend!

Are You Getting Obama Spam Like Me?

2008-09-04T21:42:00.000-05:00

Well I have this throw away e-mail address that I get a lot of "interesting" spam sent to me. I have been finding some rather unusual e-mail from Barrack, Michelle, and Joe too. When you look at the header information, it is being sent from the IP 70.42.50.186 which belongs to EHLO mta-inap4.bluestatedigital.com. It appears that the Obama campaign doesn't mind buying e-mail lists so they can spam to millions. The people who maintain these large e-mail lists are actively participating in not so nice ways of collecting these e-mail addresses.

I'm not an Obama fan. Not really that much of a McCain fan either. I do notice that I haven't got these types of e-mails from the RNC. And I find at the bottom of the e-mail, an unsubscribe link. I have always advised people to NEVER click on links in spam e-mails because you don't know what the person responsible will do with this information. Those with not so good intentions use the unsubscribe link to verify that they have a valid e-mail address and that address will be "verified" in a way that these people who market these list can sell for more.

Delete all spam e-mails that you get. Never, never, never click on any links or attachments from unsolicited e-mails.

Scammers/Spammers will use Hurricane Gustav

2008-08-31T18:35:00.000-05:00

People in general here in this great country of ours, The United States of America, are very giving and want to help those in need. When ever we experience a natural disaster like Hurricane Gustav, there are those who prey on our willingness to help. Those without a conscience will be there to take advantage of events like these.

When these events happen, the Internet Storm Center reports on domains that are being registered. A couple of days ago, they started seeing domains being registered relating to Gustav. Here are a few of those listed in the Internet Storm Center's latest post. Click here for the full Diary entry from the ISC.

boredatgustavus.net
contributegustav.org
contributiongustav.org
donategustav.org
donationgustav.org
gustav-hurricane.info
gustav-hurricane.net
gustav-hurricane.org
gustav-hurricane.us
gustav-relief.org
gustavassistance.org
gustavattorney.com
gustavcharities.com
gustavcharity.com
gustavclaims.net
gustavcontribution.org
gustavdonation.com
gustavfound.com
gustavhelpers.org
gustavhurricanerelief.com
gustavhurricanerelief.info
gustavhurricanerelief.net
gustavhurricanerelief.org
gustavlawsuit.com
gustavlawyer.com
gustavlegalrelief.com
gustavlegalrelief.info
gustavlouisiana.org
gustavmissing.com
gustavneworleans.com
gustavneworleans.org
gustavpictures.com
gustavrecovery.org
gustavrelief.info
gustavrelieffund.com
gustavrelieffund.org
gustavreliefvolunteers.com
gustavresponse.com
hannahrelief.org
hannainsuranceclaim.com
hannalawyer.com
hannarelief.org
helpgustavvictims.com
helpgustavvictims.net
helpgustavvictims.org
hurricanegustav08.com
hurricanegustave.info
hurricanegustavphotos.com
hurricanegustavrelief.info
hurricanegustavrelief.net
hurricanegustavrelief.org
hurricanegustavrepair.com
hurricanegustavresponse.info
hurricanegustavvictims.info
hurricanegustavvictims.org
hurricanehelp.us
hurricanelinks.info
hurricanelinks.org
hurricanerelo.com
hurricanerelo2ms.com
hurricanerelocate.com
hurricaneresponder.com
hurricaneseasonflorida.com
hurricanetrack.org
hurricanevolunteers.info
hurricanewatchnet.org
hurricanework.com
isurvivedhanna.com
lahurricanerelief.org
myhurricanephotos.com
netexashurricaneresponse.info
officialhurricanegustav2008.info
survivedgustav.com
survivedgustav.net

Some people may be registering these sites to sell in the next few days. Others may start to add "Donate Here" buttons. You need to beware of this type of scammers.

All our thoughts are with those in the Gulf Coast area. Monday is when they are scheduled to make land fall. Many have left. We all hope that this is not a repeat of Katrina. Stay safe and we'll have to see in the next 24 hours what will happen.

Internet Behavior Can Protect You

2008-08-26T22:14:00.000-05:00

We've talked about this in previous entries but it is always good to review how your behavior while surfing the Internet can go a long way in protecting yourself from the bad guys. The specifics we'll talk about in this entry will be porn, P2P, and free applications on the Internet.

Porn. It is a weakness that a lot of men have and probably some women too. You have to understand that bad guys know that they want as many targets as possible so they look to what can be used to spread their evil wares. Like anyone else, bad guys want to spread their keyloggers, file stealing applications, and bot software to be able to use your computer for their evil purposes. Since many have a weakness for pornography, this is a known target for bad guys to plant their traps. My advice? Stay away. Make sure all people in your household stay away also.

P2P. Also known as peer 2 peer software. It is known as file sharing software that can be used to spread software, music, videos, and pictures. All I have to say about P2P is that you need to be warned. Not only is it illegal, you may get more that you than you bargained for. Bad guys like attaching some of their evil software along for the ride. My advice? Don't use P2P unless it is a trusted source and if it is legal.

Lastly, we'll talk free applications. I am really careful about what applications that are free that I use. I've mentioned in previous entries that I use firewall, antispyware, and antivirus that are free. When you are making the decision to download a "free" application from the Internet, it is best to actually read the EULA. The EULA is end user license agreement. You may be agreeing to be tracked so adware popups can be sent to you or your e-mail address might be given to spammers so you get even more of the e-mail crap than you do today.

Your behavior on the Internet really may be your absolutely best protection. More than antivirus, or antispyware. Be smart and don't fall for the bad guys out there trying to take advantage of you in a financial way.

That is it for now. Stay safe and have a great week!

Internet Safety for Children

2008-08-26T22:09:00.000-05:00

I've been asked, what steps should I take to protect my kids when they are on the Internet. You read on the news about predators who use the Internet to take advantage of kids. It's true. We've all seen those NBC shows where they catch predators over and over again.

The Internet gives predators an anonymity where they can build trust and intimacy very quickly. It is natural for teens to use peer support in online chat rooms to seek help with their problems. The lowest of the low pedophile know this and goes to these areas online to look for their victims. They can claim to be anyone they want to because of this anonymity that the Internet gives them.

I've heard that 1 in 5 children who use chat rooms online have been approached by pedophiles over the Internet. I've mentioned in earlier posts to avoid pornography all together for security reasons. There is one estimate that puts 20% of all Internet porn involves kids. Kids have this trust that really can put them in danger if they agree to meet someone who they met online. Adding to the nervousness of parents is that only 1 in 10 teens would ask their parents' permission to actually go meet someone who they met online.

Here is a list of key things that parents can to to protect their children.

The most important thing I can tell parents is have the computer that kids will use in an open setting where you can monitor their online use. NEVER ALLOW A CHILD TO HAVE A PC IN THEIR ROOM WHICH GIVES THE CHILD A SENSE OF PRIVACY.

Talk to your kids and stress to them how to stay safe online. Have a written plan for them to read.
Actually teach your kids how to use the Internet. Not only for your kids safety, which is most important, kids are one of the biggest computer security risks. Due to their trusting nature, they will most likely click on links that host malicious software that can be installed on your computer.
Many ISP (Internet Service Provider like Comcast, Cox, etc.) provide parents with tools to control and monitor kids Internet use. If not, there are commercial software applications that can monitor and filter where kids can go online.
Tell kids about the benefits of the Internet as well as the dangerous that lurk in the world wide web.
Many kids are members of social networking sites like MySpace and Facebook. As a parent, you may want to sign up for your own account and monitor what they post on their own site. Kids tend to put TOO much information online that aides online predators in finding their victims. Also, what kids post today can haunt them later when they are looking for a job. More and more, companies do research on the Internet when deciding to hire an individual or not.
Supervise and monitor your kids online and assist them. If problems arise, report them to the appropriate authority.
For younger children, you find and bookmark web sites that you deem appropriate. Closely monitor younger kids.
Have your anti-virus and anti-spware software up to date with the current signatures and run them often.

Create an online contract for teens that you can both agree to. There are many great sites online that talk about your children's safety, so definitely look at more. There are examples of contracts that I've seen that you can copy or use as a guide to create your own unique contract.

Knowledge is power. Ignorance will put you and your family in danger. Read read read. Take care out there and we'll talk again soon.

Which Browser? Internet Explorer? Firefox?

2008-08-26T22:03:00.000-05:00

Which browser do you use when surfing the internet? Are you like most folks out there who use Microsoft Internet Explorer? The largest percentage of the population uses MSIE. I prefer to use Firefox. Firefox has gained in popularity over the past few years. Here are the reasons I use Firefox and not Internet Explorer.

Think about what the bad guy attacker thinks. If I write an exploit that takes advantage of a vulnerability, I want to hit the most largest possible target base. Simple math (I hated math by the way) and you go to the masses. I want the most targets so I write my exploit for MSIE. Simple. This is one reason why I use Firefox. I don't have that Apple mentality to think that there are no exploits written for Firefox. Trust me when I say this, there is no "safe" browser when it comes right down to it. Browsers are software and when software is written, it has bugs. So this is reason number one.

Reason number two. When bugs are discovered, Firefox has a smaller window from the time a vulnerability is discovered, to the time an update is deployed. Nothing against MSIE. I think Microsoft has come a long way from the days of old. It just seems that it takes longer for MSIE has a longer window from the time a vulnerability is discovered to the time it is patched.

Reason number three. If you are a user of MSIE, then you know with MSIE 7, you got tabbed browsing. I've been using Firefox for several years and it has had tabbed browsing for quite some time. I think there are many things that Firefox does that MSIE has moved in that same direction. Plus there are many plug ins that are awesome also. Many for security reasons.

Those are enough reasons for me to use Firefox. You ought to try it if you have never tried it. After downloading it and setting it as your default browser, browse the plug ins and see what is out there. I'll admit there are many I don't use. I have mentioned in previous posts that I do use a plug in from www.finjan.com. Be brave, try it for a couple of weeks. See if you can make yourself a smaller target out there in the wild wild west called the Internet.

If you are an Internet Explorer user, I say try Firefox and see how you like it. I believe as many in the Computer Security field do, that a change to the Firefox browser will keep you safer because you are now not wearing such a big target on your back. Take care and stay safe.

Just Say No to Debit Cards and Online Shopping

2008-08-25T11:45:00.000-05:00

As a security professional, I get notice sometimes that talks about computer security are given locally. Well I've been able to attend a couple of talks from a now former FBI agent. One of the things he has brought up is when shopping online, never use your debit card. It doesn't give you the same protections as when you use your credit card.

Noticed this article which emphasizes the same practice. It was in the South Bend Tribune. Click here to read the entire article.

Stay safe and have a fabulous week! Rock Chalk Jayhawk go KU!!

Have You Run into AV2009.exe?

2008-08-21T21:38:00.000-05:00

Seen this recently on some friend's PC and this is a tricky one to get rid of. One of the sites I've used to get assistance is bleepingcomputer.com. It is a very useful site when trying to remove some of the nasties that are out there today.

If you have run into this rogue Anti-virus piece of malware, click here for some removal instructions from bleepingcomputer. They also give screen shots and I have found it to be extremely helpful.

Here is a site where you too can get your geek on and read more about these fake AV malware types. Click here and here to read more.

People Really Do Click on Spam E-mails

2008-08-21T21:28:00.000-05:00

One of my responsibilities is teaching Security Awareness Training. We sound like a broken record at times, but we always say NEVER click on links OR attachments in unsolicited e-mails. I never really thought too many people clicked on these types of e-mails.

Read this article from ZDNet and was shocked. Click here to read the blog entry from ZDNet. And NEVER click on any type of spam e-mail.

Georgia.zip Malicious Attachment

2008-08-21T20:58:00.000-05:00

You see spam e-mails everyday. Sometimes something is slightly different. Saw the same attachment with the name of georgia.zip. It was password protected. You see if an attachment has a password, your anti-spam tools can't open it to examine it. I noticed that two different subject lines were used. One was "Journalist shot in Georgia" and the other one was kind of funny. "Brittney Spears confession: I am Anna Nicole Smith's baby's father". I submitted the file to VirusTotal.com and the AV engines didn't have good results. Only 5 of 36 AV engines detected the file as malicious. Today, I got another copy and submitted it and now 7 of 36 AV engines recognize it as malicious.

One copy of the spam was sent from an IP in Turkey. Not a place that would seem to be very friendly. So if you get this file, just trash the e-mail and don't open this file.

Stay safe and TGIF!!!

Protect Your Online Identity

2008-08-20T17:38:00.000-05:00

I attended DefCon 16 and one of the talks was titled, "Satan is on my friends list". Catchy title, huh! Anyway, I read a blog posting from Rich Mogull talking specifically about this talk. I didn't attend this particular session, but I've heard about this from another Security Podcast I listen to called Pauldotcom. There are known instances where someone signs up on some of these social networking sites and steals your identity.

If you think about it, if you are known in your community and you have built up a reputation, you don't want anyone to imitate your identity. A recommendation is to go out to sites like MySpace, FaceBook, LinkedIn, Twitter, and others I may not have mentioned, and sign up. You don't need to actually update the sites. Just get your name listed so nobody else can steal your online identity.

There are those with not so great intentions out there who will do this and take advantage of your reputation to possibly gain some information from unknowing people who think it's really you. So if you haven't already, go out and sign up. Protect yourself today.

Judge Lifts Gag Order on MIT Students - MBTA

2008-08-19T22:17:00.000-05:00

A judge has lifted the gag order on the 3 MIT students who were to present their talk on hacking the CharlieTickets. There appeared to be other problems with physical security too. I wish I could have heard these guys give their talk at DefCon in Vegas. Oh well.

This doesn't mean that the MBTA isn't going to try and go after these guys with criminal charges. I'm sure it will be drawn out for sure. Click here, and here for links to this story. Have a great Hump Day tomorrow!

MBTA - DefCon Talk from MIT Students

2008-08-18T10:40:00.000-05:00

I have attended DefCon the last two years. Most would find it lame and boring but those of us in the security end of the Internet look forward to all the information that can be learned over a weekend in Las Vegas. Last year, the Dateline NBC reporter was outed and it was really fun to watch. There are some great video shots on YouTube.

Sometimes vendors don't want you to release information. This year, there was a talk that was scheduled by three MIT students that was postponed due to a Federal court ordering them not to give the talk. The MBTA (Massachusetts Bay Transportation Authority).Those of us in attendance got to see their presentation slides that shows everything they did and what they observed.

OK, MBTA, you have a system that is broke. Hopefully you will do something about it. Come to think of it, all of the mass transit here in the US and probably abroad as well are broke too. For all of us, hopefully they will correct the problems that were discovered and will fix the broken system. Sometimes these vendors will do nothing. Kind of scary if you ask. me.

Stay safe and have a great week!