Presentations Using Zoom and Mouse...

October 2009

Two sites that may help with presentations or screen captures are:
Mousepose: http://boinx.com/mousepose/overview/
&
SteerMouse: http://plentycom.jp/en/steermouse/

For help with soon click the title link.
http://www.apple.com/pro/tips/zoom_demos.html
http://www.apple.com/accessibility/macosx/vision.html
Good luck with your presentations.

Windows 7...Anyone??? Seriously Anyone???

October 2009

Tomorrow’s our big day – Windows 7 officially launches and hits General Availability (or GA as we have acronyms for everything). That means Windows 7 will be available for purchase worldwide! I thought I’d take a moment to highlight some things to look out for as Windows 7 becomes available in stores and online around the world.

We have big events happening in many countries, including: Japan, UK, Germany, France, China and more. Plus we’re hosting a launch party in New York City tomorrow, which will be hosted by our own CEO Steve Ballmer. Even if you’re not in New York, you can still attend online. (Thanks B LeBlanc)

OK, Here's the situation...(Jazzy Jeff & Fresh Prince)

October 2009

Hijacked Web sites attack visitors. Here is the scenario: Attackers compromise a major brand’s Web site. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. The issue goes unnoticed until it is exposed publicly. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says a senior director of product management at Symantec Corp. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. But word can get out, leaving the Web site’s customers feeling betrayed, and seriously damaging a brand’s reputation. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. “They’re co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware,” says the chief marketing officer at MarkMonitor. But because the business’s Web site isn’t directly affected, the administrators of most infected Web sites don’t even know it’s happening.

The New iMac...

October 2009

Apple on Tuesday announced updates to its iMac line of all-in-one desktops, including a 24-inch iMac that is priced the same as the company's previous-generation 20-inch model.
The new iMac line starts with the 20-inch iMac for only $1,199 with a 2.66 GHz Intel Core 2 Duo processor, 2GB of 1066 MHz DDR3 memory, a 320GB Serial ATA hard drive and NVIDIA GeForce 9400M integrated graphics.
The 24-inch iMac features a 1920-by-1200 pixel widescreen display that offers 30 percent more screen real estate than the 20-inch model, and starts at just $1,499 -- the same price as the previous generation 20-inch model. (thanks appleinsider)

Other changes include the capacity of the hard drive included standard, which moves from 250GB to 320GB on the entry level model, doubles to 640GB on the two mid-priced machines, and jumps to 1TB for the top of the line iMac. 1TB upgrade options are available for all computers in the line-up.

The new iMacs do away with the FireWire 400 port, as has been the trend with Apple’s latest releases. It does still provide FireWire 800 connectivity, along with four USB 2.0 ports. The Mini-DVI port has been replaced with a Mini DisplayPort, as is also now standard on Mac machines, and the optical digital audio out/in and headphone/microphone are still included. (thanks D.Etherington)

The World's Nastiest Trojan...

October 2009

World’s nastiest trojan fools AV software. One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus (AV) programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said. Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process. A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 percent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs. Of Zeus-infected machines, about 31 per cent do not run AV at all and 14 percent run AV that is out of date. The remaining 55 percent had AV programs that were up to date.

Hijacking Windows System Restore!!!

October 2009

Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits, and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials. According to a Microsoft anti-virus researcher, five generations of the Win32/Dogrobot malware family have perfected the novel rootkit technique to hijack System Restore on Windows — effectively allowing the malicious file to survive even after the compromised machine is reverted to its previous clean state. At the Virus Bulletin 2009 conference in Geneva, he provided a look at the techniques used by Dogrobot, which is directly linked to the lucrative underground trading of online gaming assets like passwords and virtual property. According to data presented by Feng, the Dogrobot family has caused more than USD$1.2 billion in losses to Chinese Internet cafes. He explained that earlier Dogrobot used disk-level I/O file manipulation to penetrate System Restore but, as the malware evolved, it started using a “backdoor” that already exists in the System Restore functionality. A third generation introduced extensive unhooking code to thwart the protection offered by security programs and avoid removal. Along the way, he discovered that newer variants were tweaked to get around security software and strengthen the code’s ability to maintain persistent stealth on compromised Windows computers. In China, Internet cafes are very popular among the online gaming crowd where the use of USB sticks with account credentials is the norm. Dogrobot takes advantage of this, abusing the USB AutoRun functionality on older machines to propagate. He explained that the malware author has found success exploiting zero-day ActiveX vulnerabilities and other flaws in Windows OS and third-party software — especially RealPlayer and WebThunder. The attackers also use ARP cache poisoning to send malicious ARP packets to instruct other machines within the same LAN to download Dogrobot samples.

Hackers Breach Payroll!!!

October 2009

Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information. Morrestown, New Jersey-based PayChoice provides direct payroll processing services and licenses its online employee payroll management product to at least 240 other payroll processing firms, serving 125,000 organizations. Last Wednesday, a number of PayChoice customers received an e-mail warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to onlineemployer.com, the portal for PayChoice’s online payroll service. The supposed plug-in was instead malicious software designed to steal the victim’s user names and passwords. In a statement e-mailed to Security Fix, PayChoice said the company discovered on September 23 that its online systems had been breached. The company said it immediately shut down the onlineemployer.com site and instituted fresh security measures to protect client information, such as requiring users to change their passwords. If successful, PayChoice said, the malicious sites downloaded a Trojan horse program called TrojanDownloader:Win32/Bredolab.X, which according to Microsoft is a malware program that tries to download additional malicious files and disable security software on the infected PC. According to a blogger and security expert who writes the Unixwiz blog and who had several customers who received the malicious e-mails, the malware used in the attack is poorly detected by most anti-virus products on the market today. A PayChoice spokesperson said the company was still investigating the extent of the breach, noting that PayChoice has hired two outside computer forensic experts, and that it is actively working with federal law enforcement investigators.

Don't Hack PayPal!!!

October 2009

Man banished from PayPal for showing how to hack PayPal. PayPal suspended the account of a white-hat hacker on October 6, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor. “Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items that show the personal information of third parties in violation of applicable law,” company representatives wrote in an email sent to the white-hat hacker. “Please understand that this is a security measure meant to help protect you and your account.” The email, sent from an unmonitored PayPal address, makes no mention of the item that violates the PayPal policy. The suspension effectively freezes more than $500 in the account until the white-hat hacker submits a signed affidavit swearing he has removed the PayPal logos from his site. Since 2002, the white-hat hacker has included a yellow donate button on the download page for a hacking tool he calls SSLSniff, and more recently he released a program called SSLStrip, which also includes the button. But it was only after someone published counterfeit SSL certificate on October 5 that PayPal took action against the account. “This is not something I had anything to do with, and they responded by suspending my account,” the white-hat hacker told The Register. “I’ve been the one trying to warn them of this in the first place.” The account suspension is troubling because it penalizes an independent security researcher whose discoveries have already yielded important insights into secure sockets layer, one of the web’s oldest and most relied upon measures for preventing man-in-the-middle attacks.

Indian Paramilitary???

October 2009

More than 150,000 Indian paramilitary troops ready to fight terrorists if they attack IT outsourcing firms. Software exporters have bolstered security due to concerns that militants might target their headquarters as symbols of the country’s economic success and to deter foreign investors. India’s nerve center of the nation’s $60 billion outsourcing industry that runs services from software coding to managing computer networks and call centers are the recent targets of Pakistani and Bangladeshi terrorists. But Indian CISF (Central Industrial Security Force) is waiting for the terror operators. The CISF has 112,000 personnel manning nearly 300 public spaces, and will recruit about 10,000 every year, a CISF spokesman said. The CISF will first consider applications from critical sectors such as software and oil and gas, including Reliance Industries’ Jamnagar refinery complex, the world’s largest. Paramilitary troops in combat fatigues will reassure foreign investors, although some experts say that it will extend the CISF’s manpower resources and that the government should instead better train police and allow more private security firms.

Social Networking Threats...

October 2009

SSE 2009: Geographically targeted attacks could be future of social network threats. Just as social networks such as Facebook are seeing advertisement targeted depending on users’ settings and geographical location, so could malware and other threats be targeted specifically, said a senior security researcher at Kaspersky Lab, Romania, at the ISSE 2009 conference on October 7. He told the audience that messages on social networks could read along the lines of “a bomb has just gone off in xxx”, where the location is filled in on a city near the user based on geographical IP information. The researcher said it is only a matter of time before these targeted attacks will become automated. The same logic of fooling victims by using geographical information is being used by Nigerian phishing scammers that use translation software to target potential victims in their own language. In the ISSE 2009 presentation, the researcher demonstrated the increasing popularity, and importance placed on, social networks and how this makes them attractive to cybercriminals. Recently, Facebook reached over 300 million users world wide, and with such a wide user base, social networks become more and more attractive to malware writers and cybercriminals. According to Kaspersky figures, there were 43 000 samples of social networking malware at the end of 2008 and the number more than doubled every year. A particular trait of social networking malware is that it tends to exploit the human factor luring users to infect their own computers.

Adobe's Reader Under Attack....

October 2009

Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user’s computer, the software maker warned. Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company’s previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file. “Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,” the security site warned. “Failed attempts will likely result in denial-of-service conditions.” The bug is presently being exploited in “limited targeted attacks,” Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems. Those using Windows Vista with a feature known as data execution prevention enabled are safe from the exploit. Users on other platforms can insulate themselves from the current attack by disabling java_script from running inside the application, but Adobe warned it’s possible to design an exploit that works around that measure.

FBI Said Emails Are Fraudulent...Watch Out!!!

October 2009

On October 5, 2009, the FBI’s cyber investigations unit released warnings to the public concerning three fraudulent emails currently making the rounds on the Internet. The first email, which has been circulating since August 15, 2009, is titled “New Patterns in Al-Qaeda Financing” and has the subject title “Intelligence Bulletin No. 267.” It has also an attachment, “bulletin.exe” that if opened, may contain files which are harmful to the recipient’s computer or may try to obtain user credentials. The second fraudulent email purportedly comes from the Department of Homeland Security and the FBI’s counterterrorism division and has as a subject line “New DHS Report.” It also has been circulating since August 15, 2009 and claims to contain via an attachment an audio speech by “Usama Bin Laden.” If opened, the attachment, “audio.exe” contains malicious software that will try to obtain information from the recipient’s computer. The final email claims to be a report from the FBI’s “Weapons of Mass Destruction Directorate.” It contains an attachment, “reports.exe” that, if opened, could execute trojan software related to ‘W32.Waledac” that is designed to steal user authentication credentials or send out spam. The public is advised not to click on these emails or anything similar as they are hoaxes.

Google Yahoo Hotmail Passwords Leaked!!!

October 2009

Passwords for Google, Yahoo and Hotmail accounts illegally leaked online. Documents seen by CNET UK suggest thousands of usernames and passwords for Hotmail, Google and Yahoo accounts have been illegally posted to the Internet. Login credentials for accounts ending with yahoo.com, hotmail.com, gmail.com, msn.com, live.com andhotmail.fr were seen. Users of these services are strongly encouraged to immediately change their passwords. Usernames and passwords for Google’s Gmail service could also provide hackers with access to users’ YouTube, Blogger, Google Docs and Google Talk accounts, as these services are all owned by Google and often work under a single login ID. CNET UK contacted Google, which acknowledged the leaked details and blames phishing attacks rather than insecurities within Google’s system. “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts,” a Google spokesperson told CNET UK. “As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.” CNET UK also contacted Yahoo; a spokesperson confirmed, “We are aware and are investigating.” Reports of leaked Hotmail account details first appeared on Neowin. Microsoft later confirmed the news, and announced that “as a result of our investigation we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.”