Tag Archive | "security"

Beware of Fake Apple Invoices


It appears that fake Apple invoices are turning up in your inbox.

The invoices appear to be legitimate Apple “receipts” that iTunes users are familiar with seeing after purchasing music or apps. Most of us would be shocked by the price that appears to have been charged on our credit card. We will immediately want to click the link to view or report a problem – don’t. The links take you to fake IRS pages and ask you to download browsers (malware).

fake apple invoice

Fake Apple Invoice

Take a close look at the invoice and notice the mistakes and/or odd words/actions. A legitimate invoice will have your name/email and address listed, and should have the last 4 digits of your credit card in the upper right of the invoice.

Don’t click any links. Delete the message, or if you prefer, call Apple or your Credit Card company.

Source: Fake Apple invoices lead to Blackhole exploit kit that drains your bank account | Naked Security.

Posted in Featured, Information, Quick TipsComments (0)

Windows 7′s ‘GodMode’


Apparently, if you really want to, you can enter a “GodMode” in Windows7 which will allow you to all the system controls by opening one folder.

The article goes on to say:

The trick is also said to work in Windows Vista, although some are warning that although it works fine in 32-bit versions of Vista, it can cause 64-bit versions of that operating system to crash.

Check out the full story on CNET’s site @

Understanding Windows 7’s ‘GodMode’ | Beyond Binary – CNET News.

Posted in Operating Systems, Quick TipsComments (0)

Sources for Computer Virus News Alerts


If your concerned about security and need to know the latest information about possible virus and malware threats, then take a quick look at the following list.  The data from these sites is updated regularly and can help you keep ahead of an outbreak or attack.

McAfee Virus Information

See the latest virus information on McAfee’s virus alert page. Use the dropdown to select among malware, hoaxes, jokes, or view all.  You can also sign up for email alerts too.

image

Symantec/Norton’s Threat Explorer

Get a breakdown of vulnerabilities, threats, and risks at Symantec’s Threat Explorer.  Plus see what popular “applications” are currently vulnerable to attacks so you can get them patched.

image

Trend Micro’s Threat Encyclopedia

See the latest that Trend Micro has identified as a threat at the Threat Encyclopedia.

image

SophosLabs Blog

Read what the industry experts at Sophos have to say about what’s going on with recent threats at the SophosLabs Blog.  Subscribe to their RSS feed and signup for email notifications too.

image

Microsoft Security Bulletins

Only for those running Windows – get the latest on Microsoft vulnerabilities at their Security Bulletin Search page.  Don’t forget to signup for automatic security notifications.

image

Security Focus

The Security Focus Vulnerabilities page allows you to search for vulnerabilities by vendor. Get even more granular by drilling down into titles and software versions. Get your Security Focus newsletters too.

image

Computer Associates – Vulnerability Information Center

Find newly discovered vulnerabilities and alerts from the Vulnerability Information Center at CA. From there branch off to virus and spyware news.

image

I’m sure there are a few more reputable sources for this kind of information. Please post your favorites in the comments.

Posted in Anti-virus, InternetComments (1)

Beware of Unscrupulous Computer Repair Shops


private_data

I recently came across about an interesting article that I wanted to share.  It relates to computer repair shops and how an undercover operation by a news organization exposed some of their shady practices.

The article as originally published on pcpro.co.uk and explains how software to automatically turn on the built in webcam and record every keystroke mouse click was used to expose these shops and their bad practices.

Here is an excerpt from the article:

He also begins searching our hard drive until he finds log-in details for our Facebook and Hotmail accounts. With a cackle he removes a memory stick from around his neck, plugs it in and then copies them across.

He also discovers our holiday photos and copies those of our researcher in her bikini. The spy software takes a snapshot of the files on his memory stick.

The PCPRO article goes on to  explain how the techs opened a folder named “Private” and began pursuing documents and photos and even begins copying them for personal use.

With a cackle he removes a memory stick from around his neck, plugs it in and then copies them across.

Most worryingly, when he discovers log-in details for our online bank account, he logs onto the bank’s website and attempts to break into the account. He only fails because the details we created were false.

The real message behind the article is simple.  Be aware of what is on you computer and take measures to protect sensitive data.  The simplest way is to encrypt sensitive files and folders.  Use products like TrueCrypt or the small utility I wrote about called Easy File Locker to make sure those files are hidden and unreadable by anybody.

It’s a little bit of extra work, but will certainly put you at ease if you ever need to hand over you computer to a technician for repair.

P.S. Not all technician are searching through your files and photos.  The article does go on to report on how one company’s technician fixed the problem without violating anyone’s privacy.

Posted in Hardware, Quick TipsComments (2)

Paranoid About Your Sensitive Files – This Utility May Help You Sleep At Night


Most of us have file on our computer that should not and are not for public consumption.  However, that bank account file, password file, confidential report, or sensitive exposé newspaper article that is for your eyes only, has to live somewhere.  How do you keep these file from being opened, read, or even visible to anybody?  Encrypting the data is one way, but that can be cumbersome and even confusing to some of us.

Easy File Locker (Windows Only)

Easy File Locker is a small utility that can help you protect your sensitive files. Easy File Locker allow you to select files or folders and decide what kind of permissions to set.  You can choose to allow read, write, delete, and even decide whether you want the file to appear in a file listing (meaning it won’t show up in explorer or by doing a directory listing using the DOS Command Prompt). You can even set a password to prevent users from opening the utility where you can view the files.

Easy File Locker is free and easy to install. Simply download from Easy File Locker and run through the install wizard.

easy file locker setup
Once installed, you need to run the application to open the interface and choose to start protecting files.
Add files or folders to protect by clicking on the “plus” signs in the toolbar.

easy file locker ready

easy file locker settings

Select the type of protection and click on the “OK” button.

easy file locker set password
Don’t forget to set a password before exiting the program. This give you an added level of protection by not allowing anybody to open and modify the permissions of the files you are protecting.

Once files are protected, users will get a permission denied message if they try to modify the file when they access levels are restricted.
A very nice feature of Easy File Locker is that it also stops access to file even when the computer is booted into safe mode.

easy file locker delete file via explorer

easy file locker delete file denied

Even files access from the Command Prompt is protected.

easy file locker dos denied

The system is not foolproof of course. You do have to remember to set a password, and if you forget it, then I’m not sure you have any options but to recreate the files from scratch (that is if you have not hidden them and can remember all of the file you tried to protect).  The same can be said for encryption tools like TrueCrypt, so don’t let that discourage you.

For those of us who have a few files that need to be kept from prying eyes, Easy File Locker is the perfect little utility.

Posted in Software ToolsComments (2)

Download Free Laptop Tracking Software


Laptop Tracking Software Prey is Free and Open Source

I’m certain that at least a few of you have been victim to a stolen laptop.  With reports indicating that a laptop is stolen every 53 seconds and that 12,000 laptops a week are are lost in US airports (source Fast Company), it almost seems inevitable that we will suffer from this loss.

preySince these reports also indicate that only about 3% of these laptops are ever recovered, you may wonder if there is anything that can be done to help increase the odds of yours being recovered.  Of course there are many laptop tracking solutions available to report on your laptop’s location. One such solution is software based Prey.

Prey is free, Open Source software available for Windows, Mac, and Linux. Prey works by sending your information about your laptop at scheduled intervals to an email address you configure.

Prey can also be configured to only send the information when you have determined that the laptop has been lost or stolen.  You achieve this by configuring Prey to check for the existence of a URL before it sends the information (see their FAQ for more on this).

Of course, Prey requires that the laptop have an active Internet connection, so you can’t guarantee that you’ll recover the laptop, or even that Prey will report anything if it can’t get to the Internet. But as pointed by the developers of Prey, most thieves like to look around at the data on the laptop before completely wiping the hard drive, and that leaves some room for a short window for Prey to do it’s magic.

Prey is definitely worth a look.

Posted in Internet, Software ToolsComments (2)

Greeting Card Virus


A computer virus has been circulating as a “Greeting Card” email message. The message title contains the words “Greeting Card”, “E-Greeting”, “Christmas Card”, “Online Greeting”, “Greeting for you” or some variance thereof. When the link is followed to view the greeting card, the computer then becomes infected with a virus or trojan (see below for more about what this is) by running ecard.exe.

Please don’t click on any links one of these emails.  Especially if you do not know the person that supposedly sent you the greeting card.  Once again, if you receive an email that meets the above criteria, please delete it.

greeting_card_email

As a matter of principle, I don’t believe in sending E-Cards as they (the companies that provide the e-greeting service) can be used to collect and sell “valid” email addresses to other companies.  Please take a look at my 9 Tips to Less Spam post for more info on how to avoid getting spam like this.

Cleanup Info

Symantec has some info on how to cleanup the trojan.  Basically disable system restore, update your virus definitions, do a full virus scan, and cleanup the registry.

Trojan Info

A trojan is a malicious program that collects information about your Internet activity and send that info to other websites where the information is collected.  Some are very sneaky and collect keystrokes, password and bank login information.  Bottom line is, don’t get a trojan.

Posted in Anti-virus, Internet, Software Tools, Web BrowsingComments (4)

How Good Is Your Password?


Instantly Check Your Password Strength and Complexity

Online passwords are now just a part of our daily life. Many of us don’t really consider how important it is to have a strong password or what it takes to make a strong password. Most of our online activities require us to provide a password in order to use them. A weak password can really cause a lot of trouble if it gets cracked or guessed. The weaker the password, the easier it is for automated programs to crack your password with a “brute force attack”.  Here is a easy, visual way to check your password strength.

The Password Meter offers a password tester. You can quickly see if your password’s complexity is too low and what you can do to make it stronger.

password_meter

Enter your password in the password field and immediately get feedback as you type every letter, number or symbol. As you progress to a more complex password, the items in the Additions Pane will start to turn colors and you’ll see the symbols start to change as well.

password_meter_additions

The Password Meter calculates your password score by adding points from the Additions items and Subtracting points from the Deductions items. It is pretty hard to get all of the deductions to zero, but it’s fun trying. I was able to get a perfect score with the following xBc1$3Dy4=.

password_meter_deductions

Give it a try at http://www.thepasswordmeter.com.

Posted in Internet, Quick Tips, Software Tools, Web BrowsingComments (4)

Use A Master Password The Right Way


Use SuperGenPass to Safely Use A Master Password

Password management can be a pain and there a few things we should not be doing to keep our information safe.  For one, you should not be using the same password for every site.  If someone sees or gets your password on one of those sites you could be compromising all of your online accounts.  But, having to remember a different password for each site is not easy and you’ll most likely need to keep a document or file around to record all your passwords.

supuergenpass_website

A great tool called SuperGenPass can make your password management a bit easier.  SuperGenPass does not require you to install any software on your computer.  It is a simple bookmarklet that you drag into your browser’s bookmark toolbar.  You can put it on as many browsers as you like and on multiple computers.

How Does SuperGenPass Work?

supergenpass_window SuperGenPass works on the simple principle of “master password” + “mathematical equation” = “new secure password”.  Most of us can think of a “master password” we would like to use.  A password we know we will remember.  SuperGenPass lets you use that password to generate a random secure password for every site you log on to – yet have every site’s password be different.  So your password for amazon.com and your password for yahoo.com are completely different but were generated by the same “master password”.  All you have to do is click on the bookmarklet from your browser and it does the rest.  It even puts the generated password in the password field so you don’t have to cut and paste.  And since you can install the bookmarklet on any computer and any browser, you can access your account info from anywhere.

SuperGenPass doesn’t store any of your information or passwords.  Even your “master password” is not kept online or stored.

Check it out for yourself at SuperGenPass.com

Posted in Internet, Web BrowsingComments (1)

USB Thumb Drives Can Pose a Threat To Your Machine


Have you ever found a USB stick in the lobby of a hotel?  Perhaps there are two or three in a pile or on a display that asks you to “take one”.  Maybe you work at a company and someone has dropped of a pamphlet or flier for a product and left a USB thumb drive behind with “literature” about the product.

Bad guys do this kind of thing all the time.  Security experts will tell you that it is an easy way to get infected with a virus, or have a trojan program spread to your or your company’s network.

This exploit works by utilizing the AutoRun feature that is triggered by inserting a thumb drive in an available USB port (Windows only).  Those drives that have programs on them are told to run via a configuration file that has been placed at the top level of the drive’s file system.OLYMPUS DIGITAL CAMERA

Let’s look at how this might work:

  • The executable program that the bad guys want to have run is placed on the thumb drive (say the file is called “install_bad_software.exe”).
  • A file is created called “Autorun.inf” with a few lines of text indicating which file to run.
  • The USB thumb drives are distributed in various ways – i.e. left at company or hotel lobbies.
  • Once you place the USB thumb drive into your PC, the file is executed and you are well on your way to installing malicious software.

Here is an example of an Autorun.inf file.  They can be quite simple.

[AutoRun]
shellexecute=install_bad_software.exe

Another trick that is used is to direct you to a website that will install a virus or trojan.

[AutoRun]
shellexecute=http://bad-software-install.com

Prevention

You can prevent AutoRun from kicking off any programs by simply holding down the <SHIFT> key while inserting the drive in your computer.

Just beware of those “free”, flashy looking USB drives that you may find lying around. They could be dangerous. Just remember to use the <SHIFT> key when inserting.

Photo by inya.

Posted in Hardware, Quick TipsComments (3)

Related Sites