You are currently browsing the category archive for the ‘How-to’ category.

Microsoft’s Security Response Center (MSRC) announced that there are limited and targeted attacks of booby-trapped Microsoft PowerPoint files being used to download malware into unsuspecting users.

Microsoft call this infected file as Win32/Apptom.gen and the rating given is severe. I do recall that occasionally, I will receive jokes in PowerPoint format and I believe, this is the most common way for hackers to exploit by spreading the malware via  emails attached with jokes in PowerPoint. 

While waiting for the patch to be available, one can use Microsoft Office Isolate Conversion Environment to open any .PPS or .PPT files. Essentially, what it does is, it will forced all the files (in the vulnerable older format) to be converted to XML-based file format before it is open.

Download the FileFormatConverts.exe from the MOICE link and then execute the association command as shown below.




Panda security recently launched the “Protect our kids on the Web” campaign to increase awarness and keep children safe by taking the right precautions.

The campaign has a video introduction by Penny Sherstobitoff, Panda Security’s chief operating officer.

The URL:

Update 21 March: Twitter


The Electronic Frontier Foundation (EFF) sponsored website called Surveillance Self-Defense Project is a good resource on getting information of what you can do to protect yourself from security threat in general or even from government snooping.

The approach expounded on the site is about managing your risk from the various threats.

The three-pronged approach to threats, are:

  • Static data (on your hard drive)
  • Dynamic data (data being transmitted on the wire)
  • Data stored by 3rd party (your ISP, SNS, email account etc)

If you are in a hurry, jump straight to the Defensive Technology section where you can get more details on Internet basics, encryption basics, VPN, and malware etc.

sandbox01One tool that look extremely promising to provide additional protection when you surf the Internet, has to be this one.

What basically it does is to partition off the browser from the other parts of the computer, thus, if you unintentionally downloaded a malware or virus, it will not harm the integrity of the entire system.

Upon finish installation, it may default to Microsoft’s Internet Explorer, so if your choice is Firefox, you need to poke around to change the default.

sandbox042You can further tweak the sandbox to run only with minimal rights by selecting the Drop Rights option.

A more complicated solution that require more setup and tweaking is using Microsoft VirtualPC or VMWare virtualization tool, but, it’s not practical for non-techies, so, Sandboxie is a straight forward tool that you can quickly install and setup.

Came across this Trusteer tool after reading an excellent Byron Acohido recent blog about Internet banking security.

Trusteer have a solution call Rapport, that it claims will secure end-to-end connectivity between the client browser and banking portal or any website. 

“Rapport builds a “secure pipe” inside the desktop which hides credentials and communication with the Website from malware and fraudulent Websites.”

 trusteer04The free version comes with certain limitation, like the amount of sites you can protect. And currently it does not support Google Chrome.

Initial installation and testing seems to work well but you may want to tweak the default Security Policy, since a few options is not enable for your own sensitive websites.

During installation, you can opt to participate in sending events to Trusteer’s central server.  And base on the analysis the central server can send commands to the Rapport client to counter the attack, sound like a version of botnet’s command & control concept, how flawless it will work? I really wonder.

“The central service runs extensive tests to determine whether the activity is fraudulent. In an event of fraudulent activity the central service instructs Rapport to more aggressively block the threat.”

Rapport works with the assumption that the desktop is inherently unsafe, so, whether this approach is the panacea of our headaches with Internet security, the jury is still out.

Although the tool concept sound great, it’s still not for the faint hearted or those who are not-so-techie, like, it uses CAPTCHA to stop a service and sometimes you see errors pop-up and may even slow down a little when you log-in, but overall, it’s another useful tool to add.

Let me know your user experience.

Update (04 March): Found a video that claimed that Rapport can be circumvented with a trojan, it shows the key strokes were being captured. The link points to an URL in Russia, so, becareful if you want to view it.


July 2018
« Apr    

Blog Stats

  • 1,702 hits