Microsoft fix kills Windows Gadgets

Posted by on Jul 12, 2012 in Tech Talk | 0 comments

Microsoft has warned that a Gadgets feature included in Vista and later versions of Windows could allow attackers to hijack end-user machines and has taken the unusual step of issuing a temporary update that allows it to be completely disabled.

“An attacker who successfully exploited a Gadget vulnerability could run arbitrary code in the context of the current user,” company officials said in an advisory issued Tuesday. “If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system.” To be successful, they added, “An attacker would have to convince a user to install and enable a vulnerable Gadget.”

Microsoft added the Gadgets feature and an accompanying Sidebar to Windows Vista in hopes of matching the success Apple had with a similar feature called Dashboard, which is included in Mac OS X. It allows end users to add clocks, stock tickers, and other small apps to their desktops. A few weeks ago, Microsoft pulled the plug on its official Gadgets gallery. The page now includes a warning that says, “Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time.”

An accompanying Fix-it, which users are free to use or ignore, is described as a “workaround” and completely disables the Windows Sidebar and Gadgets.

Microsoft didn’t elaborate on the vulnerability or its long-term plans for Gadgets. Tuesday’s advisory thanked “Mickey Shkatov and Toby Kohlenberg for working with us on Gadget vulnerabilities.” The researchers are scheduled to deliver a presentation on July 26 at the Black Hat security conference in Las Vegas titled “We Have You by the Gadgets.”

HP Switches Shipped w/Malware

Posted by on Apr 12, 2012 in Tech Talk | 0 comments

HP is warning customers that some of its ProCurve switches were shipped recently with compact flash cards infected with malware. The company said that a number of software versions in the ProCurve 5400 switch were affected, and that PCs could be become infected by the malware under some conditions.

HP did not provide details on which piece of malware was included on the switches or what the program is capable of doing. However, the company is encouraging customers to address the issue immediately. They suggest that customers either use a software script that will remove the malware from the flash card or opt for a hardware replacement through which HP will ship out a new module to replace the infected one.

“A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system’s integrity,” HP said in its advisory.

The list of software versions affected by the malware infection are:

  • J9532A 5412zl-92GG-PoE+ / 2XG SFP+ v2 Switch
  • J9533A 5406zl-44G-PoE+ / 2XG SFP+ v2 Switch
  • J9539A 5406zl-44G-PoE+ / 4G SFP v2 Switch
  • J9540A 5412zl-92G-PoE+ / 4G SFP v2 Switch
  • J9642A HP E5406 zl Switch with Premium Software
  • J9643A HP E5412 zl Switch with Premium Software
  • J8697A HP E5406 zl Switch Chassis
  • J8698A HP E5412 zl Switch Chassis
  • J8699A – HP 5406-48G zl Switch
  • J8700A – HP 5412-96G zl Switch
  • J9447A – HP 5406-44G-PoE+-4SFP zl Switch
  • J9448A – HP 5412-92G-PoE+-4SFP zl Switch
  • J8726A Management Module in the 5400 series zl switch with the following serial numbers:
    • ID116AS04P through ID116AS0HR
    • ID117AS00H through ID126AS0FB

HP warned customers that re-using the infected compact flash card from the switch in a desktop PC could result in the PC becoming infected by the malware, as well. The problem of hardware being shipped with malware already on it is not a new one. It’s been happening for several years now and malware has shown up in devices from digital picture frames to USB drives to CDs.

Detect Phishing Attacks

Posted by on Dec 20, 2011 in Tech Talk | 0 comments

To help better protect you, our valuable customers, I would like to point this post back to an article on Make Us Of’s web site. They have a good article on methods to detect what are called “Phishing” attacks. This is a method where in a “hacker” tries to obtain your personal information via a spoof. Here is the opening part of the article, to read the whole article, please follow the link below.

“The internet is one of the best tools known to mankind to do basically whatever you want. But Facebook, Twitter, Gmail, Dropbox, Paypal, eBay, bank portals, and so many more sites have twins that are actually phish.

A “phish” is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account information is called phishing. While it’s very easy to spot some sites as a phish, others aren’t nearly as easy.

Here are four different anti-phishing methods you can use so that you don’t fall victim to phishing.”


Click here to read the full article

Debunking Some Common Myths

Posted by on Oct 26, 2011 in Tech Talk | 0 comments

There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself.


How are these myths established?

There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true.

Why is it important to know the truth?

While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits. If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack.

What are some common myths, and what is the truth behind them?

  • Myth: Anti-virus software and firewalls are 100% effective.
    Truth: Anti-virus software and firewalls are important elements to protecting your information (see Understanding Anti-Virus Software and Understanding Firewalls for more information). However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.
  • Myth: Once software is installed on your computer, you do not have to worry about it anymore.
    Truth: Vendors may release updated versions of software to address problems or fix vulnerabilities (see Understanding Patches for more information). You should install the updates as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.
  • Myth: There is nothing important on your machine, so you do not need to protect it.
    Truth: Your opinion about what is important may differ from an attacker’s opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people (see Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information).
  • Myth: Attackers only target people with money.
    Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage (see Preventing and Responding to Identity Theft for more information).
  • Myth: When computers slow down, it means that they are old and should be replaced.
    Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, it may be compromised by malware or spyware, or you may be experiencing a denial-of-service attack (see Recognizing and Avoiding Spyware and Understanding Denial-of-Service Attacks for more information).

Easy SEO: Update your copyright notice

Posted by on Mar 11, 2011 in Tech Talk | 0 comments

Here’s a quick and easy SEO trick for you.

We all know that Google indexes freshly updated content on your Web site. Since it’s the New Year, take a moment and check if your Web site copyright notices are updated. Not only do you get that piece of mind from an updated copyright notice, but you’ve just updated each page of your Web site since each page should have the footer.

For those of you using PHP, here’s the code to insert into your footer, if it isn’t already there.

© Copyright < ?php echo date(“Y”) ?>

Easy, huh?