You are currently browsing the monthly archive for February 2009.

ceop-uk1Not to worry, the controversial advertisement on the right that appear in London’s Metro newspaper is actually part of a campaign to educate parents of the danger of the Internet & how to safeguard their children from the dangers.

“Yes, the advertisement is meant to be tongue-in-cheek. But it has provoked a lot of interest,” said Hannah Bickers, spokesperson of The Child Exploitation and Online Protection (CEOP) Centre.

The eye-catching and informative website that CEOP is promoting is co-funded by EU’s Safer Internet Plus programme. 

The FAQ has information on grooming, mobiles, gaming, social networking & chat, which can be useful for parents to keep up with the growing complexity of the Internet.

“The 2009 edition has a particular focus on youngsters’ safety on social networking sites,” according to the EU’s site. Safer Internet Day is celebrated on every Feb 10 in Europe.

http://www.thinkuknow.co.uk/parents

meetyourmsgr021Hey, guess what? Lauren-Ashley, a cute “friend” of mine sent me an email invitation to join her in a social network site call MeetYourMessenger (MYM), cool.

But to read this unread message I have to login to the website which is conveniently provided with a URL link in the same email, hmm….since when I subscribed to this SNS?

Relying on this ruse on unsuspecting users in order to grow a site is one insidious method to ramp up the numbers. Or this is social engineering, a method commonly used by hackers or criminals pretending to be someone in order to get more information from their victims.

The real motive behind MYM is unclear but one speculation is they will harvest your personal details and use them for perhaps other illegal activities, NOT cool.

Btw, do not click on the “unsubscribe” link, just thrash this email away, better still, report it as a phishing email in your Hotmail account.

The company is registered in Denmark since 2006, so, is Denmark a safe heaven where questionable companies can use to operate such websites? One blogger has been warning readers of MYM since July ’07 too.

meetyourmsgr01

sandbox01One tool that look extremely promising to provide additional protection when you surf the Internet, has to be this one.

What basically it does is to partition off the browser from the other parts of the computer, thus, if you unintentionally downloaded a malware or virus, it will not harm the integrity of the entire system.

Upon finish installation, it may default to Microsoft’s Internet Explorer, so if your choice is Firefox, you need to poke around to change the default.

sandbox042You can further tweak the sandbox to run only with minimal rights by selecting the Drop Rights option.

A more complicated solution that require more setup and tweaking is using Microsoft VirtualPC or VMWare virtualization tool, but, it’s not practical for non-techies, so, Sandboxie is a straight forward tool that you can quickly install and setup.

Hackers are exploiting a bug in Microsoft Excel which was first detected in Japan by Symantec where a trojan is downloaded if the infected Excel file is open.

excel

The trojan is called “Trojan.Mdropper.AC” by Symantec, uses a weak encryption to make detection harder by some antivirus software. The actual motive of the trojan is still unknown.

Products affected are:

  • Microsoft Office 2000/2002/2003/2007
  • Microsoft Office 2004/2008 for Mac
  • Microsoft Exel Viewer 
  • Open XML File Format Converter for Mac

If the trojan failed to execute properly, it will crash the Excel application according to this SecurityFocus write up. And one condition for the attack to be successful will require administrative rights during execution.

As of now there is no patch for this Excel bug, however, Microsoft advised some workarounds. One of them is to use Microsoft Office Isolated Conversion Environment (MOICE) or to use Microsoft Office File Block policy.

In addition to that, make sure your antivirus software is up-to-date and when browsing the Internet, use an account that do not have administrative rights.

Update 03/26: Users of Forefront Client Security and Windows Live OneCare safety scanner can now detect this trojan with the name  Exploit:Win32/Evenex.gen.

According to an iDefense security advisory, there is a bug in Adobe Flash player version 10.0.12.36 and later that allows hacker to gain control of your PC.

download01Adobe updated it’s security bulletin on the same subject and listed additional software ie Flex 3, Air 1.5  & Flash CS3/4 are also affected by the bug.

The latest security bug is the second in less than a week, to hit Adobe. The Acrobat Reader bug announced earlier will only have a patch much later, scheduled to release on 11 March.

Latest update, Secunia’s blog warned that disabling Javascript as recommended will not stop the exploitation of the Reader bug. A home brew patch is available though, this is however an unsupported patch by Adobe, so caveat emptor!

According to Adobe, Flash is used by 99% of Internet users.

“Adobe ® Flash ® Player is the world’s most pervasive software platform, used by over 2 million professionals and reaching 99.0% of Internet-enabled desktops in mature markets as well as a wide range of devices.”

Thus, it will be even more challenging to update all those out dated versions, especially when majority of them are still running Flash version 9. Even, WordPress uses Flash as part of the tool to upload files.

flashversion1

Categories

February 2009
S M T W T F S
    Mar »
1234567
891011121314
15161718192021
22232425262728

Blog Stats

  • 1,681 hits