Tuesday, October 30, 2007

Cyber Security Alert SA07-303A

As published by US-CERT, the Federal Trade Commission (FTC) has reported (again) spoofed e-mail messages appearing to be from the FTC and containing malicious code in the attachment. Think about it, do you really expect an email from the FTC? That being the case, why would you open it?

Following is how the FTC describes the spoofed email as follows:

"The spoof email includes a phony sender's address, making it appear the email is from "frauddep@ftc.gov" and also spoofs the return-path and reply-to fields to hide the email's true origin. While the email includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax."
Keep your anti-virus software updated and check out the excellent reference materials from US-CERT and copied below

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Webroot Spy Sweeper Is "Out of Favor"

It started earlier this month when an image of the Spy Sweeper installer was posted at the SunbeltBLOG showing the Ask Toolbar and Search Assistant pre-checked as an opt-in. The comments ensued.

Anyone who is familiar with the security forums has most likely seen the sections of the forums with update information on the various anti-virus, anti-malware, firewalls and other security software programs posted in those forums. This is done not for the vendors but rather to provide information to visitors of the sites about reputable software available for their use. Information is provided on both pay and free software programs, generally including a brief descripton of the software and a link to the product information and/or download site. In addition, as the software is updated, information on the latest signature files is provided.

As you can imagine, maintaining this information takes a lot of work. There is a "crew" of dedicated individuals who maintain the updates for a number of sites. There is no remuneration by the software vendors to these dedicated people. However, many sites have discontinued providing update information for Webroot Spy Sweeper. Some removed the software from the public view while other sites have discontinued posting updates at this time. Although there are others, examples are here, here, here, here, here, and here.

As Microsoft MVP, Donna Buenaventura points out at her security site, Calendar of Updates:
"Ask Toolbar and Ask Search Assistant is flagged as O at most security forums. O means open for debate
Example: http://www.castlecops.com/tk31882-Ask_Sear...istant_BHO.html"
Donna also provided links to information on the Ask Toolbar, see
Also noted from the MVPS Hosts File article: "Dealing with Unwanted Spyware and Parasites":

"Other Highly Rated Anti-Spyware Programs


UPDATE: Minutes after publishing, I see that Calendar of Updates has also decided not to continue publishing updates to Webroot Spy Sweeper:
"Due to the default (pre-checked) opt-in of the Ask Toolbar and Search Assistant, it has been determined that this site will no longer provide update information for Webroot Spy Sweeper software."



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, October 28, 2007

Windows Home Server House

Even if you are not considering Windows Home Server at this time, you will enjoy touring the Windows Home Server House with video stories of real people using Windows Home Server.

Click the image to visit the Windows Home Server House!


Windows Home Server is compatible with the following:
  • Windows XP Professional with Service Pack 2 (SP2)
  • Windows XP Media Center Edition 2005
  • Windows XP Tablet Edition with SP2
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
Information:
Updated to add the link to Blake Handler's collection at The Road to Know Where.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, October 27, 2007

Update on Microsoft Security Advisory 943521

Bill Sisk reported in The Microsoft Security Response Center (MSRC) blog that Security Advisory 943521 has been updated after they became aware of publicly disclosed exploit code being used in limited attacks on customers.

"Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected. However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector."

The reported attacks are limited, however, the normal warning applies regarding the not opening unsolicited attachments in emails, regardless of the sender. The additional caution of not visiting untrusted websites applies equally.

MSRC Blog Post: October 25th Update To Security Advisory 943521
Original SG post: Microsoft Security Advisory 943521 Released



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, October 26, 2007

Detect Changes to Windows Automatic Updates with WinPatrol

On September 13, 2007, Scott Dunn of Windows Secrets reported
"Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."
There has been a series of articles on numerous sites about mysterious changes to user Automatic Update settings, many of which are shown below as references. The most likely explanation to the changes in the AU settings is explained by Scott Dunn as attributable to Windows OneCare.

Well, instead of beating the drums, Bill Pytlovany took action. As of the WinPatrol update issued today, WinPatrol 12.2.2007 will alert you if changes are made to your Automatic Update settings. Bill explained the purpose of the update:
"Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.

Also included in this new version will be detection of a few other unique settings like the prefix inserted by your browser (http://). If you don’t include http:// when you type in an address, Windows automatically adds it. If I changed this setting to http://www.billp.com/ no matter what you typed into your browser you’d always come to me. Depending on what comes after it, I could display a fake look-alike phishing page and grab your eBay, or Paypal account number."

As a devoted WinPatrol fan, I installed the update, launched the Security Center and selected "Turn Automatic Updating on or off". As you can see from the screen copy below, WinPatrol notified me that a change was detected in Windows Auto Updates (AU), providing the opportunity to prevent the change or restore the previous settings.

For a change intentionally being made to AU, tell Scotty "No" and WinPatrol will leave your changes untouched. However, if some unknown force attempts to change the settings without your permission, merely click "Yes" to give Scotty permission to restore the original settings.

Way to go Bill!

There is so much more that WinPatrol can do to monitor your computer. The WinPatrol update today is frosting on the cake.


References:

27Oct07 Edit Note: Updated to add Windows Live OneCare Team Blog link.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Thursday, October 25, 2007

Microsoft Security Incident Report Available

Vinny Gullotto reported in the Microsoft Anti-Malware Team Blog that the January-June 2007 Security Incident Report is now available from the Microsoft Malware Protection Center. Before you read Vinny's report, let me familiarize you with some of the acronyms:
  • FCS: Forefront Client Security
  • MMPC: Microsoft Malware Protection Center
  • MSRC: Microsoft Security Response Center
  • MSRT: Microsoft Malicious Software Removal Tool
  • SIR: Security Incident Report
  • TwC: Trustworthy Computing
Changes have been made to the SIR, including new sections and a new look and feel. One statistic I found interesting is that 65% less "potentially unwanted software" and 60% less malware has been found on Windows Vista machines than Windows XP SP2.

References:

Webcasts:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 23, 2007

Setting Up a Home Network with Windows Vista

The day has finally arrived -- the kids have their own computer for school work, your spouse has a new laptop and you have a remodeled home office. As a result, you are ready to set up a home network. The problem is that you have no idea where to begin, let alone what is needed and how to make sure it is secure.

Microsoft has prepared a series of instructions that will go a long way in assisting you in getting the job done correctly, available from Windows Vista Help:
Should you need some extra assistance, Vista 4 Beginners has some additional tutorials that may come in handy:
While you're at Vista 4 Beginners, you may also want to learn How to setup a Bluetooth connection.

There is so much to learn, I suggest taking it one step at a time. Read all the instructions first, assemble the parts, read the instructions again and start slowly. If in doubt, read the instructions again. Good luck!

Edit 28Oct07:

After you have completed setting up your network, follow the instructions from the Vista Knowledgebase on how to create a Vista Network Map

Edit 01May08:

Added Joel Hruska's "The ABCs of securing your wireless network"as well as the earlier published Wireless Security Blackpaper. From Vista4Beginners are newly published tutorials on How to share a printer with other computers from your network, and How to install a network printer.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Daylight-saving Time Ends Soon. Is your PC updated?

In March, we all dealt with the first onslaught of changes resulting from the new law enacted in 2005, resulting in daylight saving time starting and ending on a different cycle in both the United States and Canada. In addition to companies using custom scheduling, time calculation or billing applications that are date dependent, this change impacted international companies that interact with servers in North America.

Of course we all know the effect daylight saving changes have on our sleep. At least when November 4 rolls around in the U.S. and Canada, we will get back that hour of sleep we lost in March. We have a lot of clocks in our house that I have to adjust but, what about the computer time? Since I use Automatic Updates, my computer is properly patched for the time change. To confirm that your computer is updated, visit the
Daylight Saving Time Help and Support Center.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, October 19, 2007

Firefox 2.0.0.8 Security Update, 18 October 2007

Mozilla released a security update for Firefox, including MFSA 2007-35 and MFSA 2007-29 which are identified as critical.

Release Notes, Firefox 2.0.0.8
If you have Firefox set to "ask" (Tools > Options > Advanced > Update), get the update now rather than waiting for it to be offered. It is as easy as 1, 2, 3:

1. Select Help > Check for updates


2. Click Download & Install Now


3. Click Restart Firefox Now


Since it is that simple, go ahead and update now.


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 18, 2007

Digital Camera Inventor Inducted to Consumer Electronics Hall of Fame

During the past summer I shared memories of a trip to visit family in Minnesota. For me, the ease of picture taking and sharing was both simplified as well as enhanced after I purchased a Kodak EASYSHARE V610 Dual Lens Digital Camera. Little did I know at the time that the first digital camera was actually invented 32 years ago.

In fact, at the time, I doubt Steve Sasson thought that the innovation that led to U.S. Patent 4,131,919 would be the beginning of the evolution of Eastman Kodak Company to the digital age. It is difficult to imagine the evolution from the first prototype, pictured at the left, to the powerful digital cameras available today.

Steve was recently inducted into the Consumer Electronics Hall of Fame for his contribution as an electrical engineer who invented the digital camera. Other founder/inventors inducted with Steve include
  • Paul Allen, who with Bill Gates, founded Microsoft
  • Amar Bose, founder and chairman of Bose Corp.
  • The German team of Karlheinz Brandenberg, Dieter Seitzer and Heinz Gerhauser, who developed the MP3 format.
Steve has continued in an innovative role at Kodak, including, for example, involvement in the development of Kodak EasyShare thermal printer docks and thermal printing. Earlier this year, Steve received the "Visionary" award from the Photographic Manufacturers and Distributors Association (PMDA). As a member of the Legal Division at Kodak, Steven continues his involvement in the intellectual property arena.

Although I suspect that innovations of this magnitude often take the creators by surprise, as Steve explains in "Plugged In" [Edit Note: Link updated. Kodak moved A Thousand Nerds to "Plugged In"]:

"We were looking at it as a distant possibility. Maybe a line from the technical report written at the time sums it up best:

"The camera described in this report represents a first attempt demonstrating a photographic system which may, with improvements in technology, substantially impact the way pictures will be taken in the future."

But in reality, we had no idea ..."

Perhaps "no idea", but vision and imagination. Congratulations!

This is a picture I took at an internal reception honoring Steve's induction to the CES Hall of Fame:



References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 17, 2007

Microsoft Office Tips & Tricks Sidebar Gadget

The people avidly watching the countdown to Windows Vista most likely remember the "Live Clock" gadget that so many bloggers and webmasters displayed on their sites. I had one in the sidebar here at Security Garden and enjoyed watching the days get closer to the official release of Windows Vista.

As posted in the Windows Experience Blog today, the creator of the "Live Clock" has an Office Tips & Tricks gadget that provides a different tip every day on the Microsoft Office system. I haven't seen a lot of gadgets that I feel worthwhile cluttering the sidebar with, but this is one I definitely plan on giving a try. It is available from LiveGadgets, and added to the Customizing Vista bookmarks.

Adding Congratulations for the MVP Award to the developer!




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 11, 2007

Microsoft Security Bulletin MS07-056 Revised

On 10 October 2007 Microsoft revised security bulletin MS07-056 - Security Update for Outlook Express and Windows Mail (941202) to add Windows XP Professional x64 Edition to the "Affected Software" section.

Important Note: This change only affects the bulletin text and does not affect the security update itself. No update files or detection logic were changed.

Customers who have already installed this update will not need to reapply it. When initially published, existing detection and deployment tools (EST, MBSA 2.0.1, SMS 2.0 with EST and SMS 2003) correctly offered this package for Windows XP Professional x64 Edition.

Within the bulletin the following additional changes were made: 1) Known Issues set to none 2) Corrected missing file information to the bulletin text for Outlook Express 6.0 Service Pack 1 on Windows 2000 Service pack 4 and Outlook Express 5.5 Service Pack 2 on Windows 2000 Service pack 4.

Reference:






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 10, 2007

Microsoft Security Advisory 943521 Released

This alert is to notify you that Microsoft has released Security Advisory 943521 – URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution - on 10 October 2007.

Summary

Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

Recommendations

Review Microsoft Security Advisory 943521 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services (http://support.microsoft.com/security) at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site (http://support.microsoft.com/common/international.aspx).

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

References:
  • Microsoft Security Advisory 943521 – URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 09, 2007

October 2007 Microsoft Security Bulletin Release

Microsoft has released the following six security bulletins, having withdrawn one bulletin from release:
  • MS07-055 addresses a vulnerability in Kodak Image Viewer, and is rated as a Critical bulletin.
  • MS07-056 addresses a vulnerability Outlook Express and Windows Mail, and is rated as a Critical bulletin for earlier versions of Windows and as an Important bulletin for Windows Vista.
  • MS07-057 is a Cumulative Security Update for Internet Explorer, and is rated as a Critical bulletin.
  • MS07-058 addresses a vulnerability in RPC, and is rated as an Important bulletin.
  • MS07-059 addresses a vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007, and is rated as an Important bulletin.
  • MS07-060 addresses a vulnerability in Microsoft Word, and is rated as a Critical bulletin for earlier versions and as an Important bulletin for more recent versions.
In addition to the bulletins mentioned above, Microsoft also re-released bulletin MS05-004. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it. Customers who have applied MS07-040 are unaffected by this detection update, as their systems are up-to-date from a .NET Framework security stance. Please refer to the bulletin revision history for more information.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, October 07, 2007

Matouse Rates Jetico "Excellent" -- Again

Matouse released the latest leak-test results today. Once again Jetico Personal Firewall 2.0.0.35 stays on top of the list with an Excellent rating.

Jetico offers a free version of their firewall for personal use as well as a pay version. In addition, Jetico Personal Firewall provides support for
Windows Vista, Windows Vista x64 edition, Windows Server 2003, Windows Server 2003 x64 edition, Windows XP, Windows XP x64 edition and Windows 2000.

Help is available at Smokey's Security Forum in the Official Jetico Inc. Personal Firewall Support Forums.

See the full results of the tests at Matouse, the news report copied below:
  • 2007-10-07: The following versions of firewalls have been tested:
    • Jetico Personal Firewall 2.0.0.35
    • Kaspersky Internet Security 7.0.0.125
    • Norton Internet Security 2008 15.0.0.60
    • Online Armor Personal Firewall 2.1.0.11
    • PC Tools Firewall Plus 3.0.0.36
    • ZoneAlarm Pro 7.0.408.000

    Jetico Personal Firewall 2.0.0.35 stays on its Excellent 9375 points.

    Kaspersky Internet Security 7.0.0.125 scores 8475 points, which is 100 points more than its previously tested version, a Very good result.

    Norton Internet Security 2008 15.0.0.60 still catches no leak-tests on its default settings, but it has a better protection on its highest security settings. Its new score is 3600 points, which is still a Very poor result, but better than 3100 points of its previous version.

    Online Armor Personal Firewall 2.1.0.11 made a big improvement. This version does not use user mode hooks to bypass leak-testing techniques any more and it also implements a new protection against some techniques that it did not cover before. The new version scores 9375 points, an Excellent anti-leak protection.

    PC Tools Firewall Plus 3.0.0.36 is also an improved version with better anti-leak protection than its previous version. However, this version of PC Tools implements a lot of user mode hooks to fight some leak-tests and thus its protection is easy to bypass. Its score is 5825 points, a Poor anti-leak protection, but still much better than 2625 points of its older version.

    Finally, ZoneAlarm Pro 7.0.408.000 is on its own with the same result as previously tested version, which means 8600 points and a Very good anti-leak protection.


Hat Tip, ren, Moderator @Smokey's.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, October 04, 2007

Windows Vista USB Cumulative Update

Microsoft KB Article 941600 is a cumulative update package addressing the issues described below that have affected USB components in Windows Vista.
  • KB 925528 - Stop errors occur on a Windows-based computer that has 2GB or more of RAM and is using an NVIDIA nForce USB controller
  • KB 929734 - You may experience problems after you resume a Windows Vista-based computer from sleep or from hibernation
  • KB 930568 - Error message when you try to put a Windows Vista-based computer to sleep or into hibernation: "STOP 0x000000FE BUGCODE_USB_DRIVER"
  • KB 929478 - After you use the Safely Remove Hardware option to remove a built-in optical drive from a portable Windows Vista-based computer, you may be unable to reconnect the drive
  • KB 930570 - Error message in the Usbhub.sys process when you wake a Windows Vista-based computer from sleep or from hibernation: "STOP 0x00000044"
  • KB 928631 - A USB device may no longer work correctly after Windows Vista resumes from sleep or from hibernation
  • KB 933433 - Recording quality is poor when you use a USB microphone on a Windows Vista-based computer that has 4 GB of RAM or more
  • KB 933442 - A USB composite device does not work after you disable and then enable the device in Device Manager on a computer that is running Windows Vista
  • KB 934633 - When you connect a USB multifunction printer device to a Windows Vista-based computer, a second instance of the printer object is created, and the first instance no longer works
  • KB 934796 - Error message on a Windows Vista-based computer that is running a USB composite device: "STOP 0x000000FE"
  • 933824 - The Safely Remove Hardware feature and the Windows Explorer "Eject" command do not work correctly with an Apple iPod that is connected to a Windows Vista-based computer
  • 935782 - A USB device takes a long time to resume from "selective suspend" mode on a Windows Vista-based computer that uses UHCI USB controllers
  • 935783 - When you resume a Windows Vista-based computer from sleep, you may experience unexpected behavior from a USB device

The following files are available for download from the Microsoft Download Center:

Windows Vista, 32-bit versions
DownloadDownload the 941600 package

Windows Vista, 64-bit versions
DownloadDownload the 941600 package






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

IE7 Re-Released for Windows XP

After reading Sandi's blog post yesterday -- posted while she is on Holiday -- I kept refreshing the IE Team Blog watching for the announcement of the re-release of IE7 for Windows XP. The announcement was finally made this morning {bold added in the quote}:

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users. With today’s “Installation and Availability Update,” Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users. If you are not already running IE7, you can get it now from the Internet Explorer home page on Microsoft.com, get a customized version from a third-party site, or, if you haven’t already received it via Automatic Updates, this version will be delivered to you as we described previously. If you are already running IE7, you will not be offered IE7 again by Automatic Updates.

Additionally, we’ve made minor changes to IE7 for Windows XP based on customer feedback:

  • The menu bar is now visible by default.
  • The Internet Explorer 7 online tour has updated how-to’s. Also, the “first-run” experience includes a new overview.
  • We’ve included a new MSI installer that simplifies deployment for IT administrators in enterprises. Learn more about it here.

Thanks,

Steve Reynolds
Program Manager"


Actually, I think this bears repeating: "Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users." With this change, even if you do not have WGA installed, there is no excuse now for Windows XP users not upgrade to IE7. Do it today to take advantage not only of the additional security features, but the other major improvements to Internet Explorer.

Before installing IE7, please see the instructions for Preparing for and Installing IE7.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Advance Notice: October 2007 MSRC Security Bulletin Release

On 09 October 2007 Microsoft is planning to release Seven new security bulletins. Here is a summary in order of severity:

Critical:

Security Bulletin 1

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement: The update will require a restart.

Affected Software: Windows.

Security Bulletin 2

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer and Enterprise Update Scan Tool can detect whether your computer system requires this update.

Restart Requirement: The update will not require a restart, except in certain situations and for Windows Vista.

Affected Software: Windows, Outlook Express, Windows Mail.

Security Bulletin 3

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Restart Requirement: The update will require a restart.

Affected Software: Windows, Internet Explorer.

Security Bulletin 6

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement: The update will not require a restart.

Affected Software: Office.

Important:

Security Bulletin 4

Impact of Vulnerability: Denial of Service

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement: The update will require a restart.

Affected Software: Windows.

Security Bulletin 5

Impact of Vulnerability: Spoofing

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement: The update will not require a restart.

Affected Software: Windows.

Security Bulletin 7

Impact of Vulnerability: Elevation of Privilege

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement: The update may require a restart.

Affected Software: Windows, Office.

Although Microsoft does not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until the bulletins are published on Tuesday.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, October 03, 2007

Internet Explorer Pop-Up Blocker Settings

In tracking down the Google cache for Jeff Davis' Favicon blog post, I also found his old writeup on pop-ups. Since the information is still useful, I have rescued it from the Google cache and copied it here for preservation.

on pop-ups

Date: Wednesday, 08 Mar 2006 15:35

I get a lot of e-mails from Internet Explorer users asking why they still get pop-ups even though they have turned on the Pop-up Blocker. Barring user error, there are three possible reasons discussed below.

Note: I will discuss several Pop-up Blocker settings. These settings can be accessed from Tools->Pop-up Blocker->Pop-up Blocker Settings.


Reason: You clicked (or otherwise initiated a user action) on the page and your Pop-up Blocker Filter Level is set to Medium.

Discussion: When we wrote the specification for the Pop-up Blocker feature, one of our primary goals was to allow pop-up windows that were legitimately useful to the user. The only piece of information we have by default is "did the user click something which ultimately was the cause of this attempted pop-up?" This works great most of the time: bank sites, stock trade sites, merchandise ordering sites, etc. It also gives the bad guys an opportunity if they can trick you into visiting their site and then into clicking on something. To mitigate this we did two things: 1) we limit the number of pop-up windows that can be opened as the result of any given user initiated action to one, and 2) we added the High setting. When you set your Filter Level to High, we block all new windows, even those that result from user actions.

Solution: Set your Filter Level to High; make use of the Allow List and the override key (CTRL) to allow desired pop-ups.


Reason: You have spyware or other malware installed, either with or without your knowledge.

Discussion: There are a huge number of software packages which, once installed, drive revenue to their creators by constantly spawning pop-up windows. Sometimes they are installed on your computer by exploiting known security holes, sometimes they come hidden in other software packages that (may or may not) perform other useful functions. If you experience an avalanche of pop-ups, especially if you have not even launched Internet Explorer yet, then this is probably your issue. If you are simply experiencing the occasional one-off pop-up while browsing the web, then one of the other reasons is the likely culprit.

Solution: Acquire and use reputable anti-spyware software. Microsoft has a Beta version of Windows Defender available for download here. A few minutes spent researching on the web should lead you to several other popular packages as well. Keep your computer up-to-date with regard to the latest security patches by visiting Microsoft Update on a regular basis and enabling automatic downloads of security patches.


Reason: The web site is making use of a Pop-up Blocker unaware Active X control that provides a mechanism for opening a new Internet Explorer window.

Discussion: Active X controls, when you get right down to it, are just COM objects running in the Internet Explorer process. They can do anything that any other program running on your computer can do. Any control installed on your computer, even ones that come pre-installed before you get your computer home, can be instantiated and run by any website. If the control exposes a method that opens a new Internet Explorer window, then malicious web sites can use it to open unwanted pop-ups. For application and web site compatibility reasons we cannot intercept and block these; the control must opt-in to Pop-up management. We are working with other teams and providers to patch these as they are brought to our attention.

Solution: Use Tools->Manage Add-ons to disable suspect controls. When you visit a web site and get unwanted pop-ups, open Manage Add-ons and see what controls are currently loaded by Internet Explorer. Through process of elimination, you should be able to disable controls that are being used to open Pop-ups. This may cause legitimate sites to stop working correctly and you will need to re-enable the control when you want to use it. (A balloon tip and blocked-control icon will appear on the status bar in Internet Explorer when a control is blocked. You can click the icon to quickly access Manage Add-ons and re-enable the control.)

Furthermore, do not install Active X controls from sites you do not trust 100%.

http://blogs.msdn.com/aggbug.aspx?PostID=546419

Author: "jeffdav"






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Missing Favicon in IE7?

As illustrated by the rose in the address bar for Security Garden, a favicon is a small image associated with a website. The rose I use is a miniature version of the rose avatar I use in the help forums.

I have had Jeff Davis' mini-FAQ on Favicons in IE7 saved in my RSS feed for many months. As I attempted to go to the source today, I discovered that in May Jeff Davis left Microsoft to pursue other opportunities. As a result, links to http://blogs.msdn.com/jeffdav/ returns "Defunct Blog".

Having retrieved the mini-FAQ from the Google cache, it is copy/pasted below for preservation purposes.

why doesn't the favicon for my site appear in IE7?

Date: Thursday, 01 Mar 2007 21:03

Today I have a mini-FAQ on Favicons.

Q: How do I make a favicon appear for my site in IE7?
A: There are two ways. The first is to put a file in the root of your domain called favicon.ico. The second is to use a <link> tag with the rel="shortcut icon" value and the href value set to the URL for the Icon you wish to display.

Q: How often does IE download the favicon?
A: IE will download the icon when a user first visits the site. The icon is stored in the Temporary Internet Files folder on the client machine. Additional metadata about the favicon is stored in the user's Url History database. If either store is cleared, or items relating to the favicon have naturally expired, then the icon will be downloaded again on the next visit. If more than one page (or site) shares the same favicon, it is only downloaded once. IE takes great pains to download the icon as few times as possible to reduce load on the server.

Q: I see the wrong favicon for some sites I visit. How do I fix this?
A: If the history database has become corrupted in some way, this can happen. The simplest solution is just to use Delete Browsing History (on the Tools menu) to clear the cache and the history store.

Q: I put a favicon.ico on my site as you described, but it still doesn't appear.
A: It must actually be a .ico (an Icon) file. Bitmaps, pngs, gifs, etc, will not work. IE7 will download your favicon to the Temporary Internet Files folder and call ExtractIcon() on the file. If this fails, we will show the default icon instead of your favicon.

Q: I verified that my favicon really is an icon, but it still doesn't appear.
A: Since IE loads your icon out of the Temporary Internet Files folder, it must be able to actually store it there. If you are setting the no-cache directive for the icon file, then IE will not be able to display your icon and will display the default icon instead. You can use Fiddler to verify.

Q: How do I create a different favicon for every page on my site?
A: Put a different tag on each page, pointing to a different icon.

Q: I changed my site's favicon to a different icon, but the old one still shows in IE. How do I force IE to update?
A: If you just put the favicon.ico file in the root of your domain, IE doesn't have any way of knowing if it changed. To force an update, you need to use a tag and point to a different filename than you previously used. The current filename is compared against the known filename stored in the Url History database. When IE sees the filename has changed, it will download your new icon. Alternatively, you can ask your users to clear their history and cache (Tools->Internet Options->Delete Browsing History), which will also force IE to download the new file.

That should cover most of the questions I've received about favicons in IE7. If you have more questions, feel free to ask.

Updated on Monday, 5th March to fix a spelling error and add some additional questions.

http://blogs.msdn.com/aggbug.aspx?PostID=1781537

Author: "jeffdav" Tags: "internet explorer, favicons"






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, October 02, 2007

Botmasters Take Heed – You Are Being Put On Notice

Active members of the security community as well as those who frequent such forums for education and help most likely vividly recall the DDoS (Distributed Denial of Service) attack on Castle Cops in February.

Most times, the perpetrators escape unscathed, but not always! Read about the arrest of the alleged perpetrator in Robin Laudanski's report at Castle Cops: Botmasters Take Heed – You Are Being Put On Notice.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...