Google Joins the IE-6 Must Die Campaign

http://www.computerworld.com/s/article/9150138/Google_joins_the_kill_IE6_campaign

ComputerWorld is reporting that starting on March 1, 2010, Google Docs and Google Sites will no longer support Internet Explorer 6.  Considering that IE6 is 9 years old, it’s not surprising.  There have been two versions of Internet Explorer in the past 9 years, alongside offerings from Mozilla, Apple, and even Google themselves.  Corporations have NO excuses for not updating their applications and services to support the later versions of Internet Explorer (or the alternative browsers). 

If you are a web-developer, I strongly urge you to drop support for Internet Explorer 6 in your sites.  Redirect the visitor to a page that says something to the effect of "The browser that you are currently using is old, outdated, and insecure.  Here are some links to the latest browsers which are supported on this site."  In fact, I would suggest following Google’s lead and dropping support for Firefox 2.x, Apple 2.x, Google 3.x, or earlier browsers.

Here are some links for coding the version detection into your websites. 

http://www.mozilla.org/docs/web-developer/sniffer/browser_type_oo.html This page is geared mainly for older browsers to show the page in an optimized format.  You can easily modify the code to redirect the user to another page that recommends they upgrade.  (instead of (ie5up), you could use (! ie7up)).

http://www.quirksmode.org/js/detect.html The code in this site parses the browser’s information for the version number.  You can modify their example inside of the "You are using…." box to create your redirection (if browser < IE7, Firefox 3, Chrome 4, then redirect here.).  This script does not detect Safari–due to how Apple formats their browser identification string, but you could probably add it in fairly easily (you just need to know the internal version number of Safari 4 which is any number greater than 528.18.  It’s 530.17 on Mac, 530.17 on Windows (4.0.1) but 528.18 on their iPhone, so I would just use the lower value because there are no "versions" on the Mac or Windows that contains that number (source http://en.wikipedia.org/wiki/Safari_version_history )).

Personally, I prefer the second route to the first one.  I may include it in my blog at some point (redirecting people to this post or another page).  However on the first page, they actually discuss the >= or in your case < (use gte for >= and lt for < in your if statements).

Have a great day and if you’re using one of these older browsers, then you may want to switch things up.  http://www.microsoft.com/windows/internet-explorer/default.aspx http://www.getfirefox.com or http://www.apple.com/safari

Patrick.

Microsoft Releases Out of Band Update for Internet Explorer

If you haven’t heard this already, there was an incident where Google and about 20 other companies were hacked last month.  It allegedly is tied into the Chinese Government.  Because of this, a few things have taken place.

Google is threatening to pull their Search engine out of China (at the very least they are threatening to stop censoring search results at the request of the Government) and they threatened to delay the release of their new phone in China.

People were throwing blame around at different companies and different applications for this hack.  It turned out that the hack was done on Internet Explorer 6.x—due to an unannounced vulnerability.

Microsoft is reported to be releasing an out-of-band update today for this vulnerability.  They also recommend the following steps to mitigate it:

  • If you are running Internet Explorer 6, it’s time to upgrade. 
  • Regardless of whether you are planning on upgrading, you should set your Internet Zone to “High”
  • Internet Explorer 7 and 8 users (on Vista or Windows 7) should enable “Protected Mode”.
  • All users should enable Data Execution Prevention (DEP) on their computers.  DEP prevents the computer from executing code which is stored in memory that is supposed to only contain non-executable code.
  • You should be running in non-Administrative accounts (or have UAC enabled) to restrict the rights of an infected user.  This is something that everyone has been preaching since the dawn of Windows XP.

There are people who are trying to tweak this vulnerability to work in Internet Explorer 7 and 8 on Vista and Windows 7.  One of the people claims that DEP won’t mitigate this, if the application doesn’t “opt-in” to it.  I’m not sure if he is referring to Internet Explorer (which you will opt-in by enabling DEP) or the malicious code.  Also I’ve read that some systems (namely netbooks and older CPU’s) do not have “Hardware DEP”, so enabling it doesn’t actually work. ***I can’t verify this***

So, what should you do???

First and foremost you need to get updates.  This is regardless of whether you use Internet Explorer or not.  It’s better safe than sorry—especially since some programs do not follow the rules about default browsers.

This is a good time to try out Firefox with the No-Script addon and also Google Chrome.  I would even suggest Apple Safari, but I haven’t used it very much to know what it’s limitations are.

Some people would say this is the time to remove Windows, and switch to another Operating System (namely Linux) or buy a Macintosh.  While I love Linux, I don’t think that is the best solution in this case (although I would encourage people to try a Live CD out).  And I definitely cannot recommend spending $1,000+ on a new computer—just to get a Macintosh.

The short end of the stick is this.  Update your computer after 10:00 am PST today.  I would recommend an alternative browser.  However, since this potentially affects Outlook, Outlook Express, Windows Mail, Windows Live Mail, and anything else that uses Internet Explorer, you NEED to update the computer.

On a side note, Microsoft is also releasing an advisory about a Kernel vulnerability.  This requires the attacker to be able to log into your computer from your computer (meaning not from the Internet).  It remains to be seen if they will have a patch for this today or not.

Have a great day:)
Patrick.

How to protect yourself against the Chinese Google hack – Computerworld Blogs

How to protect yourself against the Chinese Google hack – Computerworld Blogs

By now you probably have heard about the “Google Hack”.  If not, here’s a recap.  Earlier in the week, Google announced on their blog that they were hacked in November (along with other companies in the Financial, Technology, and utility sectors).  They posted that the hacking came from China, and in their case was limited to the Gmail accounts of Chinese bloggers and Chinese activists.

Google also announced that due to this attack, along with their feelings on censorship and freedom, they are no longer going to censor results in China—in other words, no more Google in China. 

A lot of speculations where floating around about how the hackers were able to get the information.  People were blaming Adobe (because of the flaws in their products).  Well, it turns out that it’s Internet Explorer that’s being exploited.

This article goes into detail about how to limit your chances of being hacked through this vulnerability, and is especially important because the exploit is being “sold” in Hacking tookits.

One idea that wasn’t mentioned is using Firefox or Chrome to surf the web.  Also, if you’re running Vista or Windows 7, you need to have UAC enabled (as much as it sucks in Vista).  If you’re running XP or 2000 then you need to have a Non-Administrator account, and be using that for your daily actions.  Only use your “Computer Administrator” or “Administrator” accounts when YOU are intentionally installing something.

You NEED to read the linked blog post, as the author goes into great detail about how to check to see if you’re protected, and enable it if not.

Have a great day:)
Patrick.

Underground Services Let Virus Writers Check Their Work | Threat Level | Wired.com

Underground Services Let Virus Writers Check Their Work | Threat Level | Wired.com

I ran across this post yesterday and decided that it’s definitely worth linking to.  People ask me “Which antivirus is the best?”  And “What do you think about <insert antivirus name>?”  At some point in my answer, I try to remind them that the virus writers are checking their work against those same antivirus programs that you are using.

This means, like a software developer, they won’t release their work until it’s of a high “quality”.  In the case of a software developer, it’s how bug-free the program is.  In the case of a virus creator, it’s how FEW antivirus programs catch their work. 

The problem is, that sites like the ones listed in this article (not VirusTotal or Jotti) aren’t helping any.  Where VirusTotal and Jotti will submit the file to the antivirus companies, the other sites absolutely guarantee that no antivirus company will see the file (from them).

Are they legal?  I’m not entirely sure. Should they be legal? Yes.  As much as I hate saying that, they should.  It would be nice if they were regulated in a fashion that required them to submit the files, but they should be legal (because in order to make them illegal, you also hit the “good” sites).

Take a look at this article.  It will open your eyes a little more about how effective your antivirus is, and why.

Have a great day:)
Patrick.

Adobe Reader, Acrobat Under Zero-Day Attack – DarkReading

Adobe Reader, Acrobat Under Zero-Day Attack – DarkReading

Another vulnerability has struck users of Adobe Reader and Adobe Acrobat.  This affects versions 8 and 9 (and possibly earlier versions as well).  While researchers and officials at Adobe are not saying exactly what the vulnerability is, there are reports that it lies in how Acrobat/Reader handles Javascript.

Javascript is found in a lot of places (you’re seeing examples of it on this website in fact).  However, the vulnerability only lies in how Adobe uses Javascript (so you don’t have to disable it in browsers or other programs—as of yet).  To say that Javascript is Java is the same as saying “vbscript is Visual Basic”.  It’s not exactly true.  Javascript is a subset of Java—in that they share some common traits.  But, at best, it’s an extremely scaled down version (read as limited) of Java.

How this vulnerability is being used right now:

Currently, the people who are using this vulnerability are sending out pdf files to “victims” using Social Engineering tactics.  E-mails will possibly be marked as “urgent” or “High Importance”.  The English in the e-mails may not be perfect.  It’s not clear if the vulnerability will scan your address book and use your contacts to further the infection.  If you open the pdf file, it will trigger the vulnerability, which will cause Acrobat to crash.  The pdf file may, or may not download a “payload” which could be a virus, trojan, or other malware.  The reports indicate that the vulnerability is used to install a keylogger and to data mine your computer.  (Data mining is a fancy way of saying “look for anything they think is valuable, and send a copy of it back to them.”)

What to do about this:

Adobe and the security researchers recommend that you disable Javascript in Adobe Reader.  You don’t have to disable it anywhere else (has this been emphasized enough yet?) though.  To disable it in Adobe, click on Edit –> Preferences –> Select the Javascript Category.  Uncheck the option that says “Enable Acrobat Javascript”.  Click OK.

Note, this will definitely break some pdf files that you have, if they are using JavaScript.  Personally, I have pdf files from my college, that use JavaScript to verify my credentials.  In weighing the risks, I’ve decided that it’s better to break them (and then enable JavaScript on a need to do basis), rather than risk infection.

Adobe also says that they will release a patch on or around January 12, 2010 to fix this. 

What problems lie ahead:

The biggest problem that lies ahead is this.  When Adobe releases their patch, people will instinctively re-enable JavaScript in Acrobat/Reader.  Which means that while they’re protected against the current (KNOWN) threats, they are leaving themselves open to attacks from future and unknown threats.

Adobe should disable JavaScript by default, and look for a better means of rendering pdf’s.  PDF writers need to find a better means of securing and rendering their pdf files.  And users need to leave JavaScript disabled (only enabling it when absolutely necessary).

On another note, this is a good time to bring up the issue of Digital Signatures and encrypting your e-mails.  If you have a digital signature, use it.  If you don’t have one, then get one.  They’re not expensive.  Let your recipients know that if they receive an attachment from you, that doesn’t have this signature, delete the e-mail, and request that you resend it with the signature.

Yes, this will create a little hassle for you and them.  But, I ask you this. Is it better to be hassled by this, or better to have your name associated with spreading a virus?

Have a great day:)
Patrick.

Attack exploits just-patched Mac security bug • The Register

 

Attack exploits just-patched Mac security bug • The Register

Now, you may be wondering why I’m publishing a blog post on Mac OS security issues.  I’m not a Mac user, and really have no desire to become one.  Not that the OS is a bad thing—it’s not from what I’ve seen, but it’s not something that interests me.  Especially not when I have to pay upwards of $1,000 to use it (since I have to buy a Macintosh to use it legally).

The reason I’m publishing this is three-fold.  1) It shows that Mac OS is just as insecure as Windows, Linux, Solaris, OS/2 (IBM’s ancient OS) or any other operating system out there.  2)  Because this affects Windows computers as well as Mac Computers (and possibly Linux computers, although the author didn’t mention that). 3) It illustrates that no matter how secure your Operating System is, it’s only as secure as the applications that are running on it.

This vulnerability is in Java (which is made by Sun Microsystems) and existed on all operating systems.  Why?  Because Java is a “Platform independent” system.  It’s designed to run in a Virtual Machine, which can be installed on any operating system.  The flaw in Java accesses the Operating System based on it’s “Java Runtime Environment” which is basically it’s hook into the OS. 

If you are a user (anyone who isn’t programming in Java) then my suggestion is to download the latest updates for Java Runtime Environment from http://www.java.com or if you’re prompted for an automatic update from Java, do it.  On Mac and potentially Linux systems, you may have to get the update through your respective Automatic Update systems (since Apple had to create the update for Mac OS X).

The most important thing is this.  If you don’t need the older versions of Java (in other words, you aren’t developing or running version specific programs) you need to uninstall ALL previous versions of the JRE.  This has to be done manually via your Add/Remove Programs.  In Linux or Mac OS X, this may be done for you (but if not, you need to do it also).

The other important thing to remember is this also. As I mentioned above, it doesn’t matter how secure your Operating System is.  There are bugs in most applications (Java, Adobe, QuickTime, etc) that are the equivalent of chinks in the armor.  They hook into the Operating System in order to do their work.  If there’s a bug in the application, and it is able to take advantage of one of those hooks, then guess what?  You’re PWND (owned). 

So, no matter what your Operating System is—or how secure it’s manufacturer or other security people say it is, make sure you update it EVERY time there’s one available, and make sure you update your applications whenever there are some available.  It’s your data… Actually, let me say it like this: It’s your INFORMATION.  Do what you must to protect it at all costs.

Have a great day:)
Patrick.

New Security Vulnerability affects Windows Vista, Server 2008 and RC version of Windows 7

By now, you’ve probably heard about this.  There is a vulnerability which affects the “SMBv2” service in Windows Vista, Windows Server 2008, and the Release Candidate version of Windows 7.  Microsoft says that the RTM version of Windows 7 is unaffected and that they are working on a patch.

You’re probably thinking “What’s SMB?” and “Am I affected?”  The SMB is the Server Message Block component in Microsoft Windows.  It’s function includes the systems that allow you to share files and printers over your local network.  If you use any Linux computers in your network, this is the system that “SAMBA” uses to share and access folders with your Windows computers.

If you’re running Windows Vista, Windows Server 2008 (not the R2 version that just released to manufacturing) or the release candidate of Windows 7, then you’re probably affected by this.  You need to worry because the person who discovered the vulnerability didn’t send it to Microsoft—they released it as a Zero-Day.  This means that there is a good chance that people are creating worms and other malware to use this.

What can happen? 

According to Microsoft and some researchers, in most cases your computer will do a BSOD “Blue Screen Of Death” and restart.  However the possibility exists that the attacker can install and run programs on your computer—thus turning it into a botnet or stealing information from you.

This is also one time that running older versions of Windows (meaning Windows 2000 or XP) is better.  Both of those versions of Windows use the SMBv1 service, which apparently isn’t affected by this.

So, what can I do?

At this time you have two main options.  The first is to go into your registry and disable the SMBv2 service.  The second is to go into your firewall and block ports 139 and 445 which are the two ports that the SMB service uses.  Blocking the ports on your computer will break a few things—including File and Printer Sharing.  I’ve inquired in the Microsoft Security forums for Windows Vista about whether blocking the port on your router or modem (assuming you’re on a broadband connection that uses NAT (the 192.168.x.x IP address)) will mitigate this vulnerability.  When I have an answer, I will post an update.

More information about this can be found at http://www.microsoft.com/technet/security/advisory/975497.mspx

Have a great day:)
Patrick.

Vulnerabilities in WordPress Blogging brings up some interesting questions that aren’t totally related to blogging.

On September 5, the developers at WordPress pushed out a security update.  Apparently there is a worm going around that’s hacking into WordPress blogs and altering their perma-links to install malware and creating hidden user accounts.  From what I’m reading, there are a lot of people who aren’t upgrading to the latest (protected) version 3.8.4.

In normal circles, when the developers release an update for their software, the users update almost immediately.  In this case, some people are one, two or even more versions behind the latest update.  Why?  And why does this relate to non-blogging issues?

The reason that the bloggers are behind is because they are afraid that the updates will break their plug-ins on the blog.  This is roughly the same argument of “I won’t upgrade firefox, because my add-ons may not work afterwards.”  Now, I understand that the addon’s only “break” if you upgrade from version to version (for example Firefox v2 to v3).  But the argument is the same and the reasoning is equally flawed.

WordPress users may have a good argument in that they’ll have to do a little extra work to upgrade.  Meaning they will have to find out if the plug-in is updated, and either install the update or disable the plug-in.  And it may have an effect on some part of their blog that they depend on.  Regardless of this, it’s not a valid argument.

If your plug-ins are such that you absolutely can’t live without them, chances are that within a few days of the upgrade, the developer will have released a compatible update.  And if not, then you should look for plug-ins that perform the same functions and are updated regularly.  Also, in the grand scheme of things (the “big picture” if you will), which is more time-consuming? 

1.  Disabling a few plug-ins and either updating them or installing new ones to replace them

2.  Exporting all of your content to an xml file, uninstalling WordPress completely (and cleaning up the server so there’s no traces of it left), reinstalling the latest version of WordPress, and finally importing all of your content back in (after you’ve reconfigured your database, users, themes, and plug-ins).

As it stands right now, if you haven’t been hacked or caught by the worm, Option 1 is the option you really need to do.  If you’ve already been hacked, or you wait until your “plug-ins” work, you’ll have to do Option 2.

I’m lucky in two senses.  I’m on Blogger, which doesn’t use WordPress.  And my sister blog is hosted on wordpress.com which was updated almost immediately.  I am looking at hosting on a WordPress capable site.  So, how the updating is handled will be one major consideration that I have.

So, if you’re reading this and have a blog that’s hosted somewhere OTHER than wordpress.com (and uses WordPress), I strongly encourage you to update it immediately (if you haven’t already).  And I would like to know your opinion on the updates.  Are you upgrading?  If not, why are you waiting?

Have a great day everyone (and Happy Labor Day to everyone in the US) 🙂

Patrick.

Scams, Slams, and Spams—Windows Live Messenger Block Checking Sites

I’m writing this post because I received an e-mail from “Status Checker” today.  One of my friends used their “Who’s Blocking You” feature to check their Windows Live Messenger lists.  I’m sure you’ve seen these e-mails and IM’s.

Immediately, I sent my friend an e-mail reply suggesting that they change their password.  Why?  Because they just gave it to someone they don’t even know (a third party), with no guarantee that the site/owners/operators won’t use the login information to spam people with “Acai Berry” links or other Messenger garbage.  Not even counting the fact that my friend just gave them complete access to their e-mail account.

If you get e-mails or IM’s with supposed “Block Checking” capabilities, ignore them.  They’re fakes.  How do I know this?  I’m basing it upon the theory that a majority of the users of Windows Live Messenger haven’t changed their default privacy settings.  My understanding is that the “Block Checker” will check to see if your “friend” is online.  If so, then they will check to see if your “friend” is online on your Messenger.  If not, they’ve blocked you.  If they show up offline in both places, they haven’t blocked you.  If they show up online in both places, they haven’t blocked you.

Now, I could be wrong about their methods.  Maybe they have a secret way of bypassing the Privacy settings, or they are able to access your friends Messenger List somehow.  But, I doubt that.  I think it’s just a simple check to see whether your friend is online or not.

Why is it fake?  Because here is the default privacy setting for Windows Live Messenger.

MSNBlockList

You’ll note two things here (aside from my pathetic attempt at redacting):  1)  The check mark in “Only people on my Allow List can see my status and send me messages” and 2) the only item you can read in my “Bock list’” is “All Others”.  This means that if the status checker is not on my allow list (which it isn’t), it can’t (or shouldn’t be able to) tell you whether I’m online or not.  Thus, it can’t tell you if I’ve blocked you or not.

Typically, if you’ve been blocked by someone, you’ll know it.  Either you’ve gotten into a fight with them, or you’ve done something and they told you they were going to block you.  Also, if it’s someone that you haven’t talked to in years, should you really care if they blocked you or not?  I would say “No” because it’s not like either of you has made the effort to talk. (This doesn’t include the “I never see them online, so I never try—but I send them e-mails” group)

My point is, if you really want to know if someone has blocked you, send them an offline message.  If you can’t, then either they don’t have the latest versions of Windows Live Messenger (which probably means they don’t even use it anymore), there is some issue preventing you from sending it, or they have you blocked.  Don’t waste your time with these checkers.  9/10 times, they aren’t going to give you an accurate result.

If you use a “Status Checker” or “Block Checker”, you’re most likely 1) opening your account up to be used as a spamming tool 2) risking your e-mails and personal information being used without your knowledge or leaked to the web (Sarah Palin’s Yahoo account anyone?) or 3) If your messenger or e-mail account is used to spam people, you’re risking getting blocked for real.

Have a great day:)
Patrick.

What Is A Rootkit?

What Is A Rootkit?

If you’ve heard of the Sony/BMG fiasco with rootkits installed on some of their CD’s, or you’ve seen things like “Anti Rootkit” in your anti-virus program and are wondering what that is, this article explains the concept.

I discuss the history of rootkits, some popular ones, and what exactly it is.  Plus I touch on how to detect and remove them.

For a little more information on the removal of rootkits, please check out the link at the end of my article.  I’ve added it here as well.

Free Anti-Rootkit Applications for Windows.

Have a great day:)
Patrick.