On retreat

I will be away on retreat until Sunday the 5th of March. I will try to post important security information if possible, but otherwise, expect the blog to get back up to speed when I return. Thanks!

Secunia - Advisories - Trend Micro Products AntiVirus Library Buffer Overflow

Secunia - Advisories - Trend Micro Products AntiVirus Library Buffer Overflow

If you use any Trend Micro products such as PC-cillin or ScanMail be sure to get a "highly critical" patch from Trend Micro's site to fix a buffer overflow flaw which could be used to exploit your system.

More information can be found on Trend Micro's site.

Program of the Week - Copernic Desktop Search

There are several desktop search programs out there from Microsoft, Google, and others. The one I like to use is the Copernic desktop search. It does a lot that the others don't, like index my Thunderbird e-mail, it takes up less space than Google Desktop search and doesn't search the private information on my desktop like some of the others do as well. A desktop search program helps find those forgotten files on your computer much better than the Windows Search function. Copernic is free.

CNN.com - Tips for protecting your identity - Feb 24, 2005

CNN.com - Tips for protecting your identity - Feb 24, 2005

In light of the recent theft of persinal information from ChoicePoint, here is some good advice if you think you may have become a victim of identity theft.

Microsoft Patches "Blue Screen Of Death" In Windows XP SP2

InformationWeek > Windows Security > Microsoft Patches "Blue Screen Of Death" In Windows XP SP2 > February 23, 2005

The Blue Screen of Death or the "BOD" refers to the blue screen that appears on your PC along with the message about a fatal error requiring your computer to shut down. This patch is designed to deal with some of the things that might cause that problem. If you don't have automatic update set up on your PC, you can download the patch on the Windows Update site.

Cyber Security: A Survival Guide

Techlearning > > Cyber Security: A Survival Guide > February 15, 2005

This is a really good guide for evaluating computer security in your workplace - particularly in a school or university. Look at the various scenarios put forward and see how you might respond and how your response can improve or detract from your organization's overall security.

Spyware Snags Blogger Users

Spyware Snags Blogger Users
I would hate to be the unwilling instrument of contributing to someone eses misfortune, but it appears that some of the blogs on blogspot attempt to download spyware upon those who visit their sites. I can certainly say that I have not put any spyware on this site and would advise people not to click on the "next blog" button as that has been known to lead to spyware problems. When I finally get the new website up, I will probably move this blog to a different location so as to completely immunize my faithful reader[s] from this threat.

Paris Hilton worm spreads

Paris Hilton worm spreads | Tech News on ZDNet

I had wanted to avoid mentioning Paris Hilton on this blog but apparently the theft of her private information off of her blackberry has led to an attempt to use that theft to inflict more damage. Of course, you should not open any attachments that purport to contain x-rated pictures of anyone. Moreover, let me say in regards to this, that Paris is totally innocent in this matter. It is not her fault that someone decided to break the law and steal her personal information, unfortunately she is having to bear the price for someone else's malfeasance.

CNN.com - Virus alert: Don't open FBI e-mail - Feb 22, 2005

CNN.com - Virus alert: Don't open FBI e-mail - Feb 22, 2005

THIS IS A WARNING!! Do not open up any e-mail purporting to be coming from the FBI, they contain a virus! The FBI does not send out unsolicitied e-mails.

Teen's Extortion Plot Spims Out of Control

Teen's Extortion Plot Spims Out of Control

Ooops! A New York teen was arrested after he sent 1.5 instant messages to MySpace.com subscribers and then threatened the operators of MySpace to inform other spammers how to do the same unless they met his demands. MySpace agreeed to met with the man who found himself quickly arrested for violating the CAN-SPAM Act and other offenses. He now risks up to 18 years in prison. I, for one, don't feel sorry for him.

New Sober Worm Spreading Quickly

PCWorld.com - New Sober Worm Spreading Quickly
Yet another virus threat spreads across the internet. Do not download suspicious attachments and keep your anti-virus software up to date. For further information about the nature of this new version of Sobor see the article.

A parent's primer to computer slang

A parent's primer to computer slang

Microsoft has put this out as a means of helping parents understand the new slang used by their tech savy children.

I'm always impressed by humanity's creativity when it comes to language both as a means of communication as well as a means of concealing communication from others. Language has always been connected with self identity as seen most prominantly in the role establishing a written language had upon the rise of national identity movements in Europe. The creativity demonstrated in the development of "Leet" as demonstrated in this article is really no different.

SC Magazine

SC Magazine
Phishing, faking websites and e-mails to get private information, continues to be a serious problem and, according to this article, is likely to continue although there are suggested solutions for those willing to take the time and effort to implement them both on the part of the computer user and on the part of the banks, etc whose sights are being spoofed. Such as one time passwords and other identity verification techniques.

How Serious Is That Security Flaw?

PCWorld.com - How Serious Is That Security Flaw?

Microsoft and Symantec, the makers of the Norton line of anti-virus software, are getting together to create a system called the Common Vulnerability Scoring System for rating the severity of software holes. I think it's a good idea for many of these companies to get together to work on a common problem. The issue will be whether or not it increases the response time to these issues or not.

Google Book Effort Draws French Ire

BetaNews | Google Book Effort Draws French Ire

The president of the National Library of France is worried that Google's decision to place books onto the web will lead to a dominance of American culture at the expense of the rest of the world - chiefly France. I'm not sure that what Google is doing is really problematic and there is no reason why France couldn't do the same with its libraries. Some countries obviously do not have the resources necessary to do the same and it might be helpful to assist these countries make their intellectual resources better known - perhaps the United Nations could do this. Still, I don't think that there can be any doubt that American culture currently dominates the internet for good or for ill.

Secunia - Advisories - Microsoft Internet Explorer Popup Title Bar Spoofing Weakness

Secunia - Advisories - Microsoft Internet Explorer Popup Title Bar Spoofing Weakness

A problem with Internet Explorer under SP2 could allow a popup to be spoofed if there is a long host name and someone could be tricked into imputing private information in these popup windows thinking that they were going to a legitimate sight. The advice is to avoid entering important information into such popups if they came from untrusted links.

Hacking Attacks Rarely Made Public

Technology News Article | Reuters.com

Another sign that the problem with malware may be even bigger. Few companies that suffer security breaches are likely to come forward for fear of damaging their public appearance. Such computer computer violations are likely to continue if the criminals don't fear prosecution.

Can Screen Keyboards Foil Fraudsters?

BetaNews | Can Screen Keyboards Foil Fraudsters?

Citibank has developed new technology in the fight against phishing by using a on screen keyboard for the entry of passwords and identification rather than having them entered via your regular keyboard. It is hoped that in this way, any trojans that might be present on a machine would be unable pick up your keystrokes and therefore your passwords. However, as the article notes, you could still be infected with a trojan and your other data would still be vulnerable. Therefore this is an interesting development, but not a cure. Still it is good to see companies like Citibank working on the problem.

Anonymizer - Anonymous Web Surfing, Anti Spyware, Anonymous Proxy, & Identity Protection

Anonymizer - Anonymous Web Surfing, Anti Spyware, Anonymous Proxy, & Identity Protection

This site offers an interesting "privacy test" that can give you some idea as to what information about yourself that you are broadcasting as you search the web. I turned out pretty clean as far as my setup, which made me feel better. Of course, they also want to sell you software which I can neither recommend or reject only say that if you are interested in such privacy software, it would be better to check reviews on sites such as cnet.com first.

Gartner takes Microsoft to task

Gartner takes Microsoft to task | CNET News.com

A good, because it agrees with me, article about the need for Microsoft to put out a better product so that anti-virus and anti-spyware programs are less necessary. However, there are two things working against this - Microsoft's domination of the PC world removes an important motivation for producing a better product and anti-virus makers are making too much money off of Window's deficiencies.

Program of the Week - HijackThis! and reminder

Despite all the precautious you take and all the software you download, some malware may find its way through your defenses and onto your computer. If your computer is acting up and you don't know why, HijackThis! is the program for you. HijackThis will provide a print out of the programs and processes running on your computer so that you can see what is going on. Many times fixes will require removing unwanted programs from your registry - unless you really know what you are doing, leave the registry alone and provide a copy of the Hijack This report to a good computer techie for advice on how to bring your computer back to normal. For example, you can post a copy of your HijackThis! log to Bleeping Computer for advice before you act. If you do change your registry, always save a copy of it beforehand, just in case.

Remember that tomorrow the address is becoming http://isidorescorner.blogspot.com/ change your bookmarks and rss feeds!

Web Site[s] of the Week - MajorGeeks and BetaNews

This is a special two-fer edition. Major Geeks and BetaNews offer recently released free software and shareware. They also offer news about recent events in the world of computers. Major Geeks is a bit on the irreverent side and will occasionally have links to amusing sites in its "Way Off Base" section. If you are looking for new software or just want to see if there are any updates to your favorite programs, these two sites are great places to go. Major Geeks also notes updates to commonly used anti-virus and anti-spyware programs.

Microsoft Warns of New Security Threat

PCWorld.com - Microsoft Warns of New Security Threat

As if things weren't bad enough, Microsoft is announcing the creation of another baddie to plaque our computers called "rootkits" that are developed to steal information and control computers and are undetectable by almost everything - including anti-virus and spyware removal programs. No wonder that many people are just pulling the plug on much of this new technology rather than deal with all the headaches. No word on when Bill Gates might decide to use some of his billions to build a more secure computer.

Secunia - Virus Information - Mydoom.AS

Secunia - Virus Information - Mydoom.AS

Another version of the Mydoom virus is on the loose with a Medium security risk. Watch out for strange attachments.

The curse of the secret question

The curse of the secret question - Computerworld

The secret question is designed to be a backup in case you forget your password, but as this article notes, the answer to the secret question is often much easer for a baddie to discern. Making the answer to the secret question extremely difficult for someone else to determine can defeat the secret questions purpose. The author asserts that we may be seeing the end of passwords as a viable security option, I'm not sure what might take their place in the future but I'm sure the struggle between computer security and those seeking to break that security will continue.

Protecting your computer from spyware

Protecting your computer from spyware

Microsoft offers this helpful video about spyware and protecting yourself from it. Of course, it doesn't urge the use of a non-IE browser or its own culpability in making Windows susceptible to spyware, but other than that it does give some helpful safety advice.

Virus Information - Mydoom.bb

Secunia - Virus Information - Mydoom.bb

The return of the MyDoom virus has been announced by Secunia. As in previous versions, it appears as an e-mail attachment. The infected e-mail ttempts to present itself as a warning regarding a possible problem on the victim's computer that can only be fixed by downloading the attached file. If you haven't been infected, don't unexpected attachments. If you believe you have been infected, you can go the McAfee site via the Secunia link for help on cleaning your computer.

Microsoft Updates Media Player to Thwart Spyware Threat

Yahoo! News - Microsoft Updates Media Player to Thwart Spyware Threat

If you wish to get this important update, you need to go through the link in the article as Windows Media is not updating itself automatically. If you do use the Windows Media Player, even occasionally, you need to get this update to protect yourself from spyware and viruses.

Viruses and Famous People: an Effective Formula for Spreading Malware - USA

Kansas City infoZine - Viruses and Famous People: an Effective Formula for Spreading Malware - USA

I have to admit that I have never gotten any of these false e-mail attachments, though I am certainly counting my blessings as I could certainly understand someone letting their curiousity get the better of them. Another case of "if it's too good to be true, it probably is". One thing I find interesting is the use of the term "social engineering techniques" in place of better words like "deceitful" or "fraudulent". I have seen that term used before by a former "social engineer" [i.e. con artist] but it seems to me that using such a relatively innocuous term lessens one's ability to be appropriately cautious.

Reversal: Next IE update divorced from Windows

Reversal: Next IE update divorced from Windows | CNET News.com

While not mentioning it, one can only wonder whether the growing interest in Mozilla's Firefox has led Microsoft to put forward their next version of Internet Explorer earlier than originally intended. It is also interesting to see that Bill Gates is getting so concerned with computer security as Microsoft has to a good degree responsible for many computer security problems for failing to issue a better product. Let us hope that on both fronts we are truly seeing a change of heart.

Security breach at ChoicePoint exposes U.S. consumers - Feb. 15, 2005

Security breach at ChoicePoint exposes U.S. consumers - Feb. 15, 2005

The dangers of identity theft are real and go beyond the need to protect yourself from internet phishers. The really scary part of this is that there may be more people affected than the 30,000 plus citizens of California and that we have no idea whether CheckPoint will even bother to warn them. Keep an eye on your credit accounts and credit ratings to make sure that there aren't any suspicious transactions.

Program of the Week - SpywareBlaster

SpywareBlaster

While it is always good to have a spyware removal program or two on your computer, it's better to keep that spyware from ever taking hold to begin with. Spyware Blaster works with IE and Mozilla to prevent spyware, adware, and browser hijackers from infecting your computer. Just install the program, set it up to block out the bad guys and relax knowing that it is helping to keep your computer clean. Keep it updated to keep its protection up to date.

Moving blog page

It has come to my attention that the blog address of Isidore's Corner - http://isdorescorner.blogspot.com/ should really be http://isidorescorner.blogspot.com/

So, I will be changing the address of the blog next Sunday. This should give everyone time to update their links and RSS feeds. Sorry for any inconvenience.

Colleges ending use of Social Security numbers on IDs

Colleges ending use of Social Security numbers on IDs

The use of a social security number on all sorts of identification from driver's licenses to library cards is dangerous in an age of rampant identity theft. One area of particular concern is the practice of many colleges and universities to make social security numbers a student's ID number. Several schools have reported their computer's broken into and social security numbers stolen and the relative ease for someone with a bad intent to acquire a social security number or numbers on a university campus should encourage all schools to move away from using these numbers except when required by law. Since many states use one's social security number as a driver's license number, this should be changed as well.

Free Expression Can Be Costly When Bloggers Bad-Mouth Jobs (washingtonpost.com)

Free Expression Can Be Costly When Bloggers Bad-Mouth Jobs (washingtonpost.com)

Since blogging is just developing, businesses are playing catch up in terms of rules and guidelines for their employees and their blogging. On the one hand, there are speech freedoms - on the other hand their is a businesses desire that an employees negative attitudes not become public information spread throughout the internet. There have been several individuals fired for what they posted on their blogs or "dooced" as the new lingo defines it.

Therefore, it is important for anyone who is contemplating blogging to check with their employers regarding blogging policies - especially if it comes to mentioning anything even remotely connected to work. Some people have been fired for writing about their place of employment, even when it was written anonymously and when all names were changed. Understandably, your co-workers are not happy if you write negative things about them in a public forum.

What will this mean for the future of blogging? I am afraid that it might turn into simple commenting on other news stories or upon events very distant from the life of the blogger. What will it mean for Isidore's Corner and Friary Notes? I expect that Isidore's Corner won't have many problems as it has very little connection with my life as a friar or any future ministry. Friary Notes, may have to become either a whole lot more personal or a whole lot more impersonal. Once again, morality plays catch up to technology.

Experts predict Firefox spyware will show up this year

NewsForge | Experts predict Firefox spyware will show up this year

Firefox has proved relatively unaffected by spyware both due to its inherent pop-up blocking ability as well due to the fact that much fewer people use it when compared to Internet Explorer. However, everal spyware experts are predicting that as it grows in popularity, Firefox will be targeted more by spyware writers. So, while it is still a good idea to move away from IE to another browser, remember that no browser is perfect and that you always need to be security conscious by having spyware protection and detection programs like Spybot, Ad-aware, and Microsoft's anti-spyware program.

Free Online Tax Filing--While It Lasts

PCWorld.com - Free Online Tax Filing--While It Lasts

For all those who are still need to file their taxes, but don't want to pay someone to file for you, you can file online for free - but only if you go through the IRS Web site. Read the article for more information on how ththis might benefit you.

Web Site of the Week - Shields UP!

As part of a complete computer security program, it is important that you don't surf the web unless you have a software firewall and, if possible, a hardware firewall. But how do you know if your protection is working? That is where Shields UP! comes in, it will safely test your computer against common methods of cracking its security and give advice on how to make yourself more secure.

Symantec Closes Open Door for Viruses

BetaNews | Symantec Closes Open Door for Viruses

Symantac has issued a critical patch for is virus prevention software that all those who use its products including the Norton AntiVirus software should download immediately. Apparently, the unpatched flaw could allow harmful websites or infected email to be opened rather than quarantined. See the linked article for more details.

Trojan attacks Microsoft's anti-spyware

Trojan attacks Microsoft's anti-spyware | Tech News on ZDNet

In a sign that virus writers are taking Microsoft's Anti-Spyware software seriously, this is the first known virus that attempts to disable Microsoft's program when it attacks your system. All the more reason to be sure to check for spyware with a couple of different programs.

Exploit Targets MSN Messenger Hole

PCWorld.com - Exploit Targets MSN Messenger Hole

As I mentioned yesterday, once the XP fixes are posted the tools designed to take advantage of those who haven't downloaded the fixes begins. This is the first of what could be many postings of programs designed to attack the flaws on an unpatched computer using Windows XP, I expect more to follow. Be sure to go to Windows Update and download the newest patches.

"How Computer Viruses Work"

Howstuffworks "How Computer Viruses Work"

This is a very good article about the nature and history of Computer Viruses and what it has to say is shocking to say the least. I especially recommend the sub article on the "Slammer" virus. It makes you amazed and frightened at the capacity of human ingenuity.

Microsoft Updates

The updates for Windows XP and Microsoft Office 2003 are up and ready to be downloaded. Be sure to update your software quckly as the bad guys use the updates to learn about new weaknesses in XP to exploit. So, don't be surprised if the next big virus or worm targets some hole that these updates were designed to fix. Virus writers are counting on their victims to forget about or neglect updating their software. When you download these updates, you will need to restart your computer for them to take effect, so be sure you save any work you are doing and before you begin updating your software. Again, you will need to use Internet Explorer to download the fixes.

Phishers target Microsoft security initiative

Phishers target Microsoft security initiative

Microsoft's desire to ensure that people are only running legally obtained copies of their software is serving as fodder for more phishing as bogus individuals e-mail the unsuspecting asking for information to "ensure" that their software is legitimate. If you receive any e-mail from someone purporting to be from Microsoft asking for personal information such as Social Security numbers, Credit Card Numbers, etc. Ignore it, it is Not from Microsoft.

Secunia - Advisories - Mozilla / Firefox / Camino IDN Spoofing Security Issue

Secunia - Advisories - Mozilla / Firefox / Camino IDN Spoofing Security Issue

I harp a lot about the problems with IE, so lest it be thought that I never say anything positive, let this be the first time. This is a warning regarding a flaw in most browsers, including the Firefox browser that I have and continue to recommend highly. It does not, on the other hand, affect the Internet Explorer browser.

There is a fix for the Mozilla browser, but currently no fix for Firefox 1.0.

The bug allows phishing websites to spoof addresses so that they appear to be legitimate sites. You can get more information at this web address. You can test to see if your browser is affected at this address.

Again, this does not affect Internet Explorer but does affect many other browsers.

Why Does Windows Still Suck?

Why Does Windows Still Suck? / Why do PC users put up with so many viruses and worms? Why isn't everyone on a Mac?

If you are a windows user this article will probably iritate you, as it should. If you are a mac user, you may think to yourself, "that's what I keep telling everyone." If you are a Linux user, you may think to yourself, "what about us". In any case, this editorial is very thought provoking both about the state of computer security and the responsibility Microsoft has to get its act together and the responsibility we pc users have to demand better.

Program of the Week

Many viruses attempt to attach themselves into your computer's registry [as do many helpful programs as well] so that whenever you boot up your computer they can do their worst. WinPatrol helps to protect your computer by alerting you whenever a program is trying to modify your registry, then you can either accept the change - if you know that you have recently downloaded that particular program - or refuse if you don't know what the program is.

WinPatrol also lets you look over all the programs that are currently on your registry and remove ones that you don't want and to look at any processes that are currently active. Thus, it helps evem more to keep your computer safe.

While the basic version is free, the "plus" version is a one time fee of $19.95. This is worth the price both for supporting the author of the program as well as for the added benefits. In the Plus version, you can learn what each program in your registry is doing and whether it is safe or not.

Before removing anything from your registry, make a backup of the registry and make certain that the program is something that should/can be removed safely. WinPatrol helps you make this decision.

MSN Messenger Worm Spreads - Bropia.F

PCWorld.com - MSN Messenger Worm Spreads

If you use MSN Messenger, keep an eye out. Trend Micro recommends that you block file transfers to protect yourself and don't download suspicious files.

Are You Responsible for Internet Security?

PCWorld.com - Are You Responsible for Internet Security?

Ah, the perennial debate - who's responsible for protecting your computer? Is the customer responsible for continual vigilence to protect themselves via anti-virus programs, firewalls, anti-spyware programs, anti-phishing programs from every new problem that comes down the pipe? Or should the software industry, i.e. Microsoft, work harder to ensure that such problems don't arise in the first place?

Microsoft Readies 13 Windows Fixes

BetaNews | Microsoft Readies 13 Windows Fixes

Next tuesday, Microsoft will be releasing 13 fixes from its Windows Update site. Keep a look out and be sure to download them when they are available if you are using a Windows operating system like Windows XP. You need to use Internet Explorer to download these.

Web site of the week

There is a whole lot of information, articles and warnings about viruses, worms, trojans and other security problems with odd names like Bropia.E, Sobor.J and Bagal.BL. Panda Software has put together an excellent site summarizing the current virus situation and providing imformation on all sorts of computer nasties. They also offer good information about virus warning hoaxes and even offer a free online scanner to check your pc for virus problems.

Study:Spam costing companies $22 billion a year - Feb 3, 2005

Study:Spam costing companies $22 billion a year - Feb 3, 2005

The shocking part of this article, besides the shear amount of the economic loss, is that only 14 percent of the people who receive spam read it and only four percent actually buy anything. Yet, the tremendous amount of spam sent out over the internet means that even with such a poor response rate spammers will continue to flood e-mail boxes for their own economic benefit and to the detriment of the rest of us.

"What's a troll and a zombie?"

"What's a troll and a zombie?" from Ask Dave Taylor!

This is a good simple article explaining the terms "troll", "zombie" and "daemon" that appear often in computer secuirty articles and on this blog.

The Password Is Fayleyure

The Password Is Fayleyure

This is a very interesting article about the security (or lack of) provided by strong passwords. Strong passwords are those composed of several random letters, numbers, and/or typographical symbols. In essence the article asserts that modern technology makes even those passwords easier to crack and so a different way of looking at security should be attempted.

Warning of new worm - the Bobax.H

There are new reports of an e-mail worm that tries to get people to download it onto their computers by claiming to be pictures of a dead Saddam Hussein. This worm, like many others, can be devastating to your computer and to others if you get infected. There is a patch available from Microsoft which was released ten months ago so if you haven't updated your computer in a while, it would be a good idea to do so. You can also link to the patch directly from the site link above.

Zombie trick expected to send spam sky-high

Zombie trick expected to send spam sky-high | CNET News.com

This is a very interesting article about the threat that spam poses both to the computer that receives it as well as to all of the rest of us. Computers infected with virus that turn them into spam generating machines are overloading the e-mail network. The best solution, make sure that you and everyone you know is protected with anti-virus software, anti-spyware and adware programs, and a firewall.

New IM virus - Bropia.F

Secunia - Virus Information - Bropia.F

This is a warning concerning a new virus that spreads through MSN Messager and has been reported as a medium security risk by several anti-virus sites. Avoid downloading files sent by unknown individuals.

Abduction Game Isn't Child's Play

ABC News: Abduction Game Isn't Child's Play

This is an interesting and disturbing story in the sense that while this site usually focusses on the problems of computer viruses and worms, there are much more serious problems involving computers out there. Fortunately, just as there are many who are on our side fighting to protect our computer security, there are also many who are fighting to defend the most vulnerable against computer criminals.

Microsoft Launches New MSN Search

BetaNews | Microsoft Launches New MSN Search

Microsoft is hoping to take a greater share of the search engine market away from its chief competitors Google and Yahoo. However, they will take a bit of a diffferent tack by providing basic answers via information from Microsoft Encarta rather than links - sometimes you just want a question answered, not advise to go to another page. For me, the more competition in this area the better.