icon tact

News from around the world:

- Microsoft plans to release seven security bulletins on Patch Day on February 14

- Interesting stats on victims of Nyxem (CAIDA)

- Email Scammer claims to have secretly extracted money from Fidelity's funds (Sophos)

- Google Desktop Warning (the Register)

- Apple OS X exploits (the Register)

Microsoft has released the latest security updates. Called Patch Day, Microsoft is doing a better job of posting updates on a more regular basis. Oh, and before we begin, make sure you are reading this in IE, since Firefox is not supported for Windows Update. Hmmm....

This month's security updates affect Microsoft Windows, Windows Media Player, Microsoft Office, and Internet Explorer, a component of Windows.

To update your home computer, go to the Microsoft Update Web site to scan your computer for the needed updates. If you have PowerPoint 2000, go to Office Update to get the security update for Office.

Interested in getting the Microsoft Security Newsletter delivered to your inbox. Click HERE for info.

You may also want to try Microsoft's AntiSpyware called Windows Defender (Beta 2).

Stay safe...

Not to be outdone by Windows, Apple is pushing out several security patches for both Intel- and PowerPC-based Macs. The update affects OS X systems and incorporates a number of fixes and improvements for the OS itself, along with a number of compatibility tweaks for third-party and Apple-branded applications. It also includes Apple's most recent security updates. The new version is 10.4.5.

For info on this update, visit HERE.

Get the PowerPC update HERE.

Get the Intel update HERE.

I've added a links section on the right for parents and teens to use as a references for helping stay safe on the net. One link in particular is NetSmartz which provides some great info for all ages.

Stay safe...

At your home office, make sure you have set a WEP security passcode on your wireless router. The router is the device that connects between your cable modem or DSL and your computer. Some common terms you'll need to be familiar with when setting up a wireless router include:

SSID
Service Set Identifier (SSID) is the name designated for a specific wireless local area network (WLAN). The SSID's typically come from the factory with a default setting of "default". The SSID can be easily changed to connect to an existing wireless network or to establish a new wireless network. Usually you'll want to name this something unique. If you are connecting to a wireless network, the SSID is the name you'll see in the "View Available Wireless Networks" screen.

Channel
Indicates the channel setting for the wireless router. Most default to 6. The Channel can be changed to fit the channel setting for an existing wireless network or to customize the wireless network. Most of the time you can just leave this as 6.

WEP
Wired Equivalent Protocol (WEP) is a wireless security protocol for Wireless Local Area Networks (WLAN). WEP provides security by encrypting the data that is sent over the WLAN. Most routers support 2 levels of WEP Encryption: 64Bit encryption and 128Bit encryption. WEP is disabled by default. The WEP setting can be changed to fit an existing wireless network or to customize your wireless network. You should enable this.

Key Type
The Key Types are typically HEX (Hexadecimal) and ASCII (American Standard Code for Information Interchange.) The Key Type can be changed to fit an existing wireless network or to customize your wireless network. You can leave this as is.

KEYS
Keys 1-4 allow you to easily change wireless encryption settings to maintain a secure network. Simply select the specific key to be used for encrypting wireless data on the network. Most of the time you'll just need to add a ten character sequence here. This is the same code you'll need to enter on your computer when accessing this network.

Stay safe...

Here a few links of note for security related issues:

- Report: FedEx ExpressPay can be exploited for cash - Security Focus

- AutoComplete is bad for business - About.com

- A MySpace cheat sheet for parents - WIRED

- AOL sues phishing organization - PC World, Sophos

- Index of Phishing emails continues to grow - Fraud Watch International

Stay safe...

Apple is serious about security. With the recent news about exploits being targeted at the once bullet proof image the Mac has held, Apple is taking a stand by actively engaging the enemy.

From Sophos Labs...

Apple has issued a new security update which fixes a number of flaws in the Mac OS X operating system that could be exploited by malicious hackers or malware. The vulnerabilities, if left unpatched, could allow hackers to run dangerous code on innocent unprotected computers.

The security update affects the following Mac OS X components:

apache_mod_php
automount
Bom
Directory Services
iChat
IPSec
LaunchServices
LibSystem
loginwindow
OpenSSH
rsync
Safari
Syndication

Amongst the fixes is an update to the Safari web browser which was found to be vulnerable to malicious shell scripts. Additionally the iChat instant messaging system has been updated to warn of potentially malicious file types being transmitted. The update to iChat has been issued in the wake of the discovery of the OSX/Leap-A worm last month.

Get update info HERE.

If you are a Mac user, how serious are you about keeping your system up to date with the latest news of exploit threats. I'd like to hear from you.

Stay safe...

Sorry for the delay posting to aegis, but I've just battled a bout with Strep. I'm on the recovery side now.

Anyway, on to news that we can all relate to. Our debit cards are thought to be fairly secure because you need to use a secret PIN during the transaction (this is not necessarily true if you also have a Visa/MasterCard logo on it and have the choice of credit or debit). Some hackers have upset the balance by breaking in the the PIN Vault on several large banks. What some are calling a mass theft of PIN's, many banks have been reissuing debit cards after being targeted by the hackers.

Read the article HERE.

From Microsoft:

As part of Microsoft's routine, monthly security update cycle we released two new security updates on March 14, 2006:

- MS06-011 - addresses a vulnerability in Microsoft Windows

- MS06-012 - addresses a vulnerability in Microsoft Office

How to get the updates

To get the updates for your home computer or laptop go to the Microsoft Update Website now. To manually download the updates, go to Microsoft Update. After your computer has been scanned to see which updates it needs, click the Custom button to find and choose the update you want to install. We recommend you install all Critical updates immediately.

NOTE: If you have Office 2000, get the Office update for your home computer or laptop from the Office Update Website.

We recommend that you get the updates delivered automatically to your PC. When your computer is on and connected to the Internet, the most current security updates are automatically downloaded and installed. See how to use Automatic Updates: Windows XP, Windows 2000, Windows Me.

Bluetooth devices are quite prevalent today. From cell phones to pda's. What is bluetooth and why should you care?

Bluetooth is an industrial specification for wireless personal area networks (PANs). Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.

The name Bluetooth was born from the 10th century king of Denmark, King Harold Bluetooth who engaged in diplomacy which led warring parties to negotiate with each other. The inventors of the Bluetooth technology thought this a fitting name for their technology which allowed different devices to talk to each other (from Wikipedia).

The folks at F-Secure, an internet security firm, recently developed a device for monitoring other bluetooth devices in the vicinity. The embedded device announces itself as a Bluetooth phone in discoverable mode. It detects Bluetooth devices within a one hundred meter range and creates a list of the device names found. It also accepts all file transfers and scans them for known mobile viruses.

They discovered some interesting statistics after scanning from their CeBIT conference booth for a week. At any given time they saw more than 100 Bluetooth devices wandering within range. Grand total: 12500 unique devices that a) had Bluetooth, b) had it enabled, c) had it visible. Unbelievable.

What this means for the casual user is that if a malicious bluetooth device is near and you are "open" to discovery, you will potentially be exposed to virus attacks or other maladies. This works by a discovery mechanism where Bluetooth products poll the local area to determine if another such device is nearby. Hackers are taking advantage of this feature for "Bluejacking," or secretly connecting to another user's device and sending bogus messages or rendering the product inoperable.

Bluejacking is a fairly simple; in fact, users often regularly send non-malicious images and text messages to one another. Bluesnarfing, which is more difficult, relies on the same technique but focuses on accessing information stored on the device.

Once hackers have data, such as user contact lists or e-mail address books, they can steal confidential information, delete important data, make long distance calls from the device, or use the information to launch denial of service attacks against other systems.

How to turn off discovery mode? Each device has a "switch" to turn off discovery mode. If you don't need to detect other devices, turn it off.

This post contains information from Technology News.

Stay safe...

So you are sitting in your favorite coffee shop, laptop running, checking email and surfing the web. Now imagine you are on the set of ALIAS. You peak out from the top of your laptop to see who might be spying on you or trying to get your data. Since most free wireless hotspots do not require an encryption key to connect, one layer of protection is already removed. By connecting, you become part of a local area network. Without the proper protection, other users on the wireless network can easily connect to your laptop and grab information at will.

How do you protect yourself when the wireless connection is open? For starters, disable file sharing. To disable file sharing in Windows 9x/Me, go to the control panel, select Networks. In the Networks dialog box, click on the sharing button, and uncheck the file and printer sharing boxes. Click apply, and reboot. In Windows XP, open the control panel, and select Network Connections. In network connections, right click on the wireless adapter, and select Properties. On the General tab, scroll the list of items the adapter uses and uncheck File and Printer Sharing for Microsoft networks.

Next, install a personal firewall. Fortunately for Windows XP users, a firewall is installed already called Windows Internet Connection Firewall, or ICF. The ICF is easy to set up, and requires little configuration for most users. You can enable the ICF either by running Windows XP's Network Setup Wizard or manually on an individual connection. If you're already connected to the Web, right click on My Network Places, and select Properties. Right click on the icon for the connection you want to protect. On most broadband connections, it would be "enabled" and be the name of your network card. From the right click menu, select Properties and click on the advanced tab from the dialog box that appears. At the top of the dialog box, find the checkbox that say's "Protect my computer or network".

To get a more advanced firewall, try ZoneAlarm which has a free version.

Stay safe...

Just the other day a friend asked me which was better: WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) for wireless security at home . If you have ever attempted to connect to a wi-fi hotspot and you had to enter a password to connect, it most likely has one of these security modes turned on. It's a good idea to have one of these modes enabled on your router at home if you have one too. Otherwise you are providing your neighbors with free internet access and opening your home network up to unscrupulous attacks. I recently found the Wi-Fi Alliance website and it has some great info, though more technical than most will enjoy.

In 1999, several industry leaders came together to form a global, non-profit organization with the goal of driving the adoption of a single worldwide-accepted standard for high-speed wireless local area networking. We are that organization. We are known as the Wi-Fi Alliance. - from their website

Hold on tight: its gettin' techie around here.

Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems. Wi-Fi Protected Access is designed to run on existing hardware as a software upgrade. Wi-Fi Protected Access is derived from the upcoming IEEE 802.11i standard and will be forward-compatible with it. Wi-Fi Protected Access, when properly installed, will provide wireless LAN users with a high level of assurance that their data will remain protected and that only authorized network users can access the network.

Wi-Fi Protected Access is useful for both large business deployment and for more casual home use.

Security requirements vary depending on the amount of network traffic and the level of secrecy required for the information being exchanged and the applications being used. While professional users typically require enterprise-quality security to allow secure conduct of confidential business, the security requirements of casual low-volume home users, using their network to print or share files, surf the Internet or exchange email with friends and family, tend to be less stringent. Wi-Fi Protected Access is designed to meet these different requirements by running in two different modes – enterprise and home mode. In enterprise mode, a network server and sophisticated authentication mechanisms are utilized and automatically distribute special encryption keys, called master keys.

In a home environment, where there are no network servers, Wi-Fi Protected Access runs in a special mode, which allows the use of manually entered keys or passwords instead. This mode, also called Pre-Shared Key (PSK), is designed to be easy to set up for the home user. All the home user needs to do is enter a password (also called a master key) into their access point or home wireless gateway and each PC that is on the Wi-Fi wireless network. After entering the password, Wi-Fi Protected Access automatically takes over. First, it keeps out eavesdroppers and other unauthorized users by requiring all devices to have the matching password. Second, the password kicks off the encryption process, which in Wi-Fi Protected Access is called Temporal Key Integrity Protocol (TKIP). This is where the mechanics of Wi-Fi Protected Access are substantially different from WEP, where the same static encryption key is used over and over again. TKIP takes the original master key only as a starting point and derives its encryption keys mathematically from this master key. TKIP then regularly changes and rotates the encryption keys so that the same encryption key is never used twice. This all happens in the background automatically, invisible to the user. Together, these features make Wi-Fi Protected Access a far stronger security solution than WEP.

While no security mechanism can be considered “absolutely secure,â€? the protection given by Wi-Fi Protected Access in PSK mode is strong enough to prevent most attacks, even sophisticated ones. As such, Wi-Fi Protected Access offers a pragmatic, economical security mechanism for most home users. It is worth mentioning that telecommuters and other professionals, while they may be physically working from home, may have more stringent enterprise-class security requirements, which may be more than Wi-Fi Protected Access in home mode can offer.

It is recommended that these users consult with their IT administrator for details. A useful benefit of Wi-Fi Protected Access is that it is designed to be software upgradeable for existing Wi-Fi CERTIFIED products, which means that in most cases, existing products will not need to be replaced. So, if you are already using Wi-Fi CERTIFIED products, your product vendor may be able to send you the appropriate software upgrade. If you are looking for new Wi-Fi products, look for products that are both Wi-Fi CERTIFIED (displaying the Wi-Fi logo) and include Wi-Fi Protected Access.

In summary, Wi-Fi Protected Access is designed to meet the requirements of both large business users and the typical home user. The PSK home mode of operation of Wi-Fi Protected Access offers greatly strengthened security over WEP, and has been specifically designed for home users.

This information gathered from the Wi-Fi Alliance website. Get the PDF here.

Here's a little test for you. Which of the following do you feel is safer?

1a. Sending a check through the mail
- or -
1b. Paying a bill online

2a. Giving out your credit card over the phone while placing an order
- or -
2b. Putting your credit card number on a order form and mailing it

3a. Performing a wire transfer online between your bank accounts
- or -
3b. Calling a bank customer service rep to do a transfer between your banks accounts
- or -
3c. Using the banks automated phone system to punch in your account numbers and amounts to do a transfer between accounts

4a. Unsubscribing from a spam email to stop the sender
- or -
4b. Deleting an spam email outright without unsubscribing

5a. Getting an oil change done at Walmart
- or -
5b. Doing an oil change yourself on your driveway

I hope you've enjoyed this little test. When you have something to compare against, it makes you think a little more about your options.

Stay safe...

Microsoft issued it's April security updates earlier this week. If you haven't downloaded them yet, you can check them out HERE. On another note, Microsoft has come up with a new, integrated approach to updating Microsoft products, both the OS (Windows) and Office. It's called "Microsoft Update" of all things. It appears that when you go to the Windows update site, you will be redirected to Microsoft Update. It looks very similar to Windows update, but it checks for more than just Windows operating system updates and security patches. In the past, you would have to go to the Office site and look for updates there. They've made it pretty simple to use now. Congrats to Microsoft.

Stay safe...

A few days ago, my Firefox browser was automatically updated with the latest version (1.5.0.2). I'm just getting around to checking it for what's changed. I have really grown to love Firefox and I get frustrated when a site is not compatible with it. From the Mozilla website, here is an overview of the changes made in the new version, which includes 5 critical security fixes.

Firefox 1.5.0.2 provides native support for Macintosh with Intel Core processors, and stability and security enhancements that are part of our ongoing program to provide a safer Internet experience for our users. We recommend that all Firefox users upgrade to this latest version.

* Universal Binary support for Mac OS X which provides native support for Macintosh with Intel Core processors. Firefox supports the enhancements to performance introduced by the new MacIntel chipsets.
* Improvements to product stability.
* Several security fixes.

If you are using version 1.5 already, you should have been prompted that the install was performed and you may have had to restart Firefox.

Stay safe...

From SecurityFocus:

Community Web site MySpace announced this week that the company had hired Hemanshu Nigam, a security investigator at Microsoft and a former prosecutor, to strengthen what many have claimed are lax protections against cyberstalkers and online predators.

The Fox Interactive Media subsidiary, criticized for failing to police the site for profiles of underage members and members that may pose a risk to its 68 million users, has tasked Nigam with enforcing site defenses and protections against predations.

"We are fortunate to have him join MySpace, help us educate the public and protect our members' safety and privacy," Chris DeWolfe, CEO of MySpace, said in a statement. "MySpace has always been committed to an industry leading role in Internet safety and will continue to partner with all stakeholders including parents, educators, law enforcement and safety groups."

While at Microsoft, Nigam helped investigate a variety of major virus incidents, including helping track down the author of Sasser and starting up a bounty program following the MSBlast epidemic. Prior to his work at Microsoft, Nigam was a trial attorney in the United States Department of Justice, Criminal Division, in Washington, D.C., specializing in federal cases involving child pornography, child predators, and child trafficking.

Nigam will start May 1, 2006.

Stay safe...

Computer passwords are a way of life these days, and most of us have dozens of accounts, each with a different (or potentially different) password. There are costs in forgetting any of these passwords, ranging from the personal inconvenience of being unable to read useful news articles to the business problem of being unable to buy or sell products.

Read the article HERE.

From Sophos.

Time to update your Windows and Office installations. May has some specific vulnerabilities that Microsoft recommends that users update. HERE is a link to the security page.

If you have a Mac (which I don't), go HERE for a primer on keeping your Mac updated.

Stay safe...

Microsoft releases the following patch updates:

• MS06-052 - addresses a vulnerability in Microsoft Windows
• MS06-053 - addresses a vulnerability in Microsoft Windows
• MS06-054 - addresses a vulnerability in Microsoft Office
• MS06-040 - addresses a vulnerability in Microsoft Windows
• MS06-042 - addresses a vulnerability in Internet Explorer, a component of Windows

So I'm trying to decide if 54 vulnerabilities so far this year is a little or a lot. Is this number declining?

To update your PC, click HERE.

Not to be outdone, Apple has its own security updates section HERE.