Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Friday, July 31, 2009

Security Vulnerabilities near Apocalyptic Proportions

We’ve had a heck of a week in the security world. I really don’t know where to begin. Most people think of the Apocalypse as the end of the world but the origin of the term is the “disclosure to certain privileged persons of something hidden from the majority of humankind”. That’s what happen this week. Those who were paying attention were informed about a number of security flaws that hopefully have been corrected. If you haven’t taken advantage of these updates you should.

The first came from Microsoft with what’s called an “out of band” security update. If you think it sounds serious, you’re correct. If you don’t have automatic updates on your Windows machine, it’s time to run the Windows update program.

Microsoft Security Advisory 973882
Microsoft Security Bulletins MS09-034 and MS09-035


Also on Tuesday the folks at Mozilla admitted there’s a vulnerability in Firefox where “The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.” This could result in a phishing attack and not necessarily a huge issue. Mozilla has found and fixed this issue which will be rolled out in the next release.


On Thursday Adobe announced “Security updates available for Adobe Flash Player.“ This vulnerability could allow an attacker to take control of your machine if you’re running Windows, Mac OS and even Linux. More info at http://www.adobe.com/support/security/bulletins/apsb09-10.html. Adobe also recognizes that their Shockwave Player is affected by the recent Microsoft advisory so they recommend upgrading to the newest Shockwave Player at http://www.adobe.com/support/security/bulletins/apsb09-11.html


The fun really began at the BlackHat Security conference when three researchers acknowledged they provided Apple with details on how they could hack into and take control of someone's iPhone. They gave Apple two weeks to fix the problem before making the information public. Apple announced today they will be updating users the next time they plug their iPhones into their computers. Unfortunately, one of the vulnerabilities discovered affects more than just the iPhone. A large number of phones which accept SMS messaging may be at risk.


Before you want to go running for the hills I’ll share one last bit of news. Remember all the talk earlier this year about the Conficker virus? Well, stay-tuned this month to hear about the financial trojan called Clampi. This one may also get more attention then you think it deserves but there’s no doubt what the purpose of Clampi is. It’s all about the money.

Clampi banking trojan misdirects business wire transfers.”


Have a great weekend!


Labels: , , ,

Share on Facebook


Monday, July 27, 2009

Bill's Bit Readers Club Recommendation

Just about to be released, a couple of fun books that I’ve been looking forward to. They’re now available for pre-order on Amazon.


                    


"The World According to Twitter" is by emmy-nominated David Pogue. "Windows 7 Secrets" comes from Paul Thurrott and Rafael Rivera. I've had the honor of following each of the authors as they worked hard on their latest compilation and shared their experience with other friends on Twitter.

Pre-Order now and Save!


Full Disclosure: While I certainly support the authors, my affiliation with Amazon gets like 10–15 cents if you order either book via the links above.

Labels: , , ,

Share on Facebook


Sunday, July 26, 2009

Network Solutions Hackers Monitored Credit Cards

Washington Post author Brian Kreb reported Friday that “Network Solutions Hack Compromises 573,000 Credit, Debit Accounts”.

“Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months…
The payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009.”


I was surprised that within 3 minutes of mentioning the Post article on Twitter I was contacted by someone from Network Solutions. Their comments still didn’t really make me feel warm and fuzzy.

“At this point, we have no reports or other reasons to believe that any credit card account information has been misused. Under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely manner to the issuer.”


So, this means as long as you notice the invalid charge you won’t have to pay it. Contrary to popular belief, the credit card company doesn’t eat the charge, the merchant does. If someone purchases WinPatrol PLUS with an illegal credit card, I have to refund the money, not the credit card company.


Network Solutions has made a deal to provide one-year free monitoring of your credit card with TransUnion. Unfortunately, if you visit ConsumerAffairs.com you’ll see TransUnion doesn’t have one of the best reputations. Last year TransUnion settled in Pennslyvania in response to allegations TransUnion sold customer information.


What I find really scary is that this could happen to a company like Network Solutions. This is a company who has been an integral part of the internet backbone since 1985. Network Solutions hosts websites, controls domain names and originated the @ symbol to be used in Email addresses. If their eCommerce servers could be hacked what else could have been comprised?



Labels: , ,

Share on Facebook


Thursday, July 23, 2009

Would you believe Scotty has a cold?

Yesterday’s release of WinPatrol 16.1.2009 was a big success for Vista and Windows 7 users.  It was also welcomed by Windows XP users although many discovered one small problem.  It seems adding one of the new Vista/Windows 7 features called “Sound Sentry” I broke Scotty’s bark for the majority of users who still use Windows XP.


Over the years I’ve tried to make sure WinPatrol is “accessible” to all users. One way is to continue using standard window controls instead of some kind of slick more graphical interface.  This may also be one of the reasons I’ve been able to keep the size of WinPatrol tiny.  Sound Sentry is a feature which is available via the Windows accessibility interface. Visually challenged users can also take advantage of the Windows “Sounds” control panel applet to customize individual sounds for each kind of WinPatrol event.


Adding Sound Sentry was simple but I made a stupid mistake by not properly testing the effect of Sound Sentry on all versions of Windows.  The solution was also simple so I’ve already made the correction and it has been tested. 


Instead of immediately uploading a fix I thought it might make more sense to wait a few days just to see if any other problems show up.  If you’re missing Scotty’s bark he’ll be all better by the end of next week.

Share on Facebook


Wednesday, July 22, 2009

New WinPatrol Even More Windows 7 Friendly

Are you using Windows 7 or Vista? If so, you’ll probably want to take advantage of the newest release, WinPatrol 16.1.2009. Microsoft announced today that they have released Windows 7 to manufacturing (RTM) so I'm pleased WinPatrol is now set to work with the final set of Windows 7 features.

What’s New?

16.1.2009.0

  • Detects if other programs are monitoring HOSTs and some other system files to prevent conflicts.
  • Fixed rare bug where Scotty barked a few times for no reason.
  • Support for Accessibility Sound Sentry in Vista or greater.
  • Scotty icon used in new Windows 7 Taskbar.

  • Better handling of events that are blocked by User Account Control.

http://www.winpatrol.com/upgrade.html


Microsoft continues to take security seriously with their new operating system and WinPatrol complements their efforts well. While some functionally is redunant I still pride myself in filling in the gaps that I personally think are important. One example is WinPatrol’s monitoring of your AutoUpdate settings. While it may be the least of your worries, WinPatrol wants you to know about system configuration changes just as much as changes to your startup program list.



New web design
New web design for WinPatrol.com


Friends of Scotty will also notice a big change in the WinPatrol website. I’m not a professional web designer, nor can I afford one but I’ve spend a great deal of time in making sure folks get what they want with the least number of clicks. Expect more changes as I receive more feedback and review out web stats.


A special thanks to all my supporters who have helped with suggestions, moral support and especially for sharing their views of WinPatrol with others. When I travel I still run into folks who have never heard of WinPatrol so feel free to continue spreading the news.
Bill Pytlovany


Labels: , ,

Share on Facebook


Monday, July 20, 2009

We Have Your Password, and We Own You!

Every few months I like to write about passwords and backups just to remind everyone how important these issues can be. While I’d like to remind you again to review your backup policies, I really want to stress some common sense password protection.

I’m sure you all know enough not to use your kids or pets names for passwords but do you use different passwords for every different site you visit online? If not, you could be in real danger and you’re putting everyone else in danger too. STOP IT!


Last week an employee of Twitter had their account compromised and internal business documents were stolen. The documents were actually offered for sale on the internet. The Twitter server wasn’t “hacked”, it was accessed using the employees name and password. Seems the employee used the same password on another online site.


Someone Call Security

“First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system. If you've ever used the same password on more than one service, you've made the same mistake that lead to this theft”

Any time you sign up and provide a password, that information may be easily available to the owners and employees of that site. If you use the same password for an online forum as you do with PayPal you’re in danger. If you use the same password for multiple social networks you leave yourself open to a different kind of identity theft. Some one can impersonate you and spread malware to your friends and family.


Giving Away Your Password

There’s also the danger of freely giving away your Email and password that plenty are falling for. A number of sites offer to get you new followers on Twitter. The only conditio is they now own your account and can use it to broadcast advertisements. Unfortunately, too many people don’t read the conditions which typically look like the following…


Free Follower Scam conditions


Obviously a lot of folks slip pass this notice and are surprised when advertisements appear in front of their name. You might also notice they don’t say anything about not selling your Email address to the spam companies.


Every minuate hundreds fall for this scam.
I’m not sure how many followers make up a ton.


If you’ve fallen for these scams you’re not alone. You will want to create a brand new password. While you’re at it, create some more new passwords for other sites as well.


Labels: ,

Share on Facebook


Friday, July 17, 2009

Firefox 3.5.1 Fix for Vulnerability

Yesterday I wrote about a vulnerability recently discovered in the month old Firefox 3.5. The folks at Mozilla were quick to find a solution and have published a new build which is safe to use.


If you’re a Firefox users go to the following site to update your browser.

http://www.mozilla.com/en-US/firefox/firefox.html


If you followed the instructions to disable the JIT(Just-in-Time) compiler you’ll want to enable it again once you’ve installed version 3.5.1.

  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.contentsetting the value to true.

Labels: ,

Share on Facebook


Wednesday, July 15, 2009

Firefox 3.5 Finally Gets Attention

Last month the Mozilla folks were celebrating the release of Firefox 3.5 but for some reason nobody noticed. Last summer the release of Firefox 3 set a Guinness World Record for the most downloaded software in a 24 hour period.


Firefox 3.5


Even with over a weeks notice, downloads and enthusiasm for Firefox 3.5 just wasn’t the same. Maybe everyone was still tweeting about the election in Iran because the new release of Firefox certainly didn’t get the attention it deserved.


Yesterday Firefox 3.5 finally made it into the news and into the top tweets. Unfortunately, the news was a vulnerability was found in Firefox’s super fast JIT (Just-in-Time) JavaScript compiler


While some have recommend disabiling JavaScipt completely there is a solution that will temporarily disabled the JIT feature until Mozilla provides a patch.


According to the Mozilla Security Blog you just need to do the following…


  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to false.

You can watch for updates and check the Mozilla Blog at http://blog.mozilla.com to see when a fix is published. Once you receive the update, you’ll want to go back to the instructions above and set javascript.options.jit.content to True. That way you’ll still get the benefits of the faster JavaScript engine.

Update: A new version is now available to resolve this vulnerability. http://www.mozilla.com/en-US/firefox/firefox.html


Labels: ,

Share on Facebook


Monday, July 13, 2009

Microsoft Says you are Vulnerable to Attack

Another week, another security vulnerability found and exploited. I can’t stress enough how important it is to use a behavior based monitoring program like WinPatrol. These zero-day vulnerabilities can attack your computer without you doing anything you might consider dangerous. It can happen to anyone, and you can’t just blame it on your kids.


Todays’s Microsoft Security Advisory (973472) relates to components found in Microsoft Office and could allow remote code execution on your machine.

Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Brian Krebs at the Washington Post was quick to point out that in last weeks msvidctl.dll vulnerability Microsoft used the words “limited attacks”.

Our good friends at Microsoft have published a quick fix for this problem. If you’re using any of the applications below I recommend taking advantage of the Fix It link below and follow their instructions. If you do experience problems Microsoft does provide a “Disable Fit it” link

Microsoft FixIt
Click above to go to Microsoft Fix it page



  • Microsoft Office Small Business Accounting 2006
  • Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2003 Web Components
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition

Labels: , ,

Share on Facebook


Thursday, July 09, 2009

Google Copies Microsoft in New Chrome OS Announcement

I’ve already had a few folks question me on the announcement of the Google Chrome OS. “Is this going to kill Microsoft Windows?”, seems to be a common theme.

Chrome Start Button


There is one major thing that Google has copied from Microsoft; announcing a product that doesn’t exist yet. According to the official Google Blog

“…netbooks running Google Chrome OS will be available for consumers in the second half of 2010”

This is more typical of Microsoft marketing to announce the availability of a new OS to start trying to redirect the consumer market. I’ve seen whole companies and products dissolve just by a product announcement which was still under development for a year or two. Now that the Michael Jackson news cycle is slowing down Google took the opportunity to strike.


Google also saysGoogle Chrome OS is an open source project and will be available to use at no cost.” Most of the articles I’ve read seem to think this will put pressure on Microsoft to reduce the cost of the new Windows7 or even force them to provide free Windows XP on netbooks. It’s a nice thought but some of these folks must live on a different planet.


I have a lot of respect for Google. I wouldn’t be surprised if they haven’t shown all their cards yet but if I still had any MSFT stock I wouldn’t be selling it. The well publicized XO (One Laptop Per Child) machines had a nice open source OS called Sugar. This allowed the price of the laptops to be under $200. The cost of including Windows would have added too much to the cost but guess what? Even the poor kids in under developed countries wanted Windows and the OLPC project failed to meet expectations.


So far, there really isn’t much known about Chrome OS. The Chrome browser will apparently be integrated into the OS which should open up fun, useless questions for government regulators. Developers have been told to expect an open source programming interface later this year. Only a few hardware vendors have acknowledged they’ll be looking at Chrome OS. As of today, Acer, Adobe, ASUS, Freescale, Hewlett-Packard, Lenovo, Qualcomm, Texas Instruments, and Toshiba have admitted interest to the public.


Share on Facebook


Tuesday, July 07, 2009

Danger Streaming Michael Jackson Video

The timing couldn’t have better for the bad guys. Microsoft recently acknowledged a zero-day vulnerability in a Video ActiveX control. Today a temporary patch was released using their new “Fix It”.


Microsoft Fix It



This vulnerability only affects Windows XP and Windows Server 2003.  The attack can occur when attempting to stream video from a web page or an Email. While popular news organizations are safe I’ve already had unconfirmed reports of fake Michael Jackson videos that include malware packaged up using this known vulnerability.


The filename of the ActiveX control is msvidctrl.dll so if you’re asked to allow this ActiveX control to be installed you won’t want it. For more information Click Here. Meanwhile, if you’re using any version of Windows XP or Server 2003 click the link above and follow instructions from Microsoft.

Share on Facebook


Monday, July 06, 2009

The Art of Malware Detection

While most people start their day with coffee and their morning paper my day is a little different. Today it was Diet Pepsi and reading what’s happening with various security threats. Thanks to Lee at http://www.scamtypes.com/ I ran into an interesting article from our friends at ESET titled, Waledac, VirusTotal and some AV fallacies.


First, if you’ve never heard of VirusTotal you’ll want to check out http://www.virustotal.com/. It’s a great tool for malware researchers and anyone trying to clean up an infected machine. VirusTotal allows you to upload a file and have it analyzed by 40 known AV programs using their current signature files.


While detection and clean up by signature files is wonderful traditional methodology it’s not perfect. As ESET points out…

A VT report is a snapshot of a moment in time.
we use heuristic analysis and automated processes these days rather than wait for people to send us malware to analyse and insist that we write a signature for it


ESET like many companies figured out the first step in malware/virus detection is by monitoring the behavior of programs running on your system. It was refreshing to have another industry expert elaborate on this approach. The heuristic analysis still varys from application to application.


For over 10 years this has been the approached I’ve used with my own WinPatrol program. WinPatrol was designed to detect malware and virus’s that try to embed themselves in your system. Over the years I’ve added additional unique detections like File association changes and even configuration changes like Microsoft auto update settings. Now, most AV programs use multiple levels of detection. Discovering malware and alerting users isn’t as tough as it used to be.


The challenge these days is cleaning up and removing malware. The bad guys have come up with clever ways to maintain control of their victims. The first thing they do is try and shut down popular Anti Virus programs. Luckily, while WinPatrol has a good following I’ve only run into a few programs that try and shut Scotty down. The other way to control victims is by installing anywhere from three to thirty-some programs which keep restoring each other when their partners are removed. This is another area where WinPatrols manual multi-select removal process can be handy.


This year the bad guys have come up with even more ways to trick those programs which detect and remove malware. I won’t elaborate on new techniques that aren’t widely known yet but rest assure I’m not the only one waking up and thinking of new ways to fight them.

Share on Facebook