Computer Tips -Tech Info

The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some […]

There’s more on the WMF 0-day exploit… According to f-secure it’s being used to distribute the following nasties…. Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev.    Send article as PDF   

There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down, but now it’s being served […]

I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a “know your enemy” point of view. That’s a good concept to apply to computer security and network security. […]

Spyware Confidential has the top 10 tips to keep that new pc spyware free. Some good tips here and these should be on the checklist when setting up a new pc any time of the year… Paraphrased here….    Send article as PDF   

There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.    Send article as PDF   

F-Secure is warning about ads for a “leaked version” of Windows Messenger 8 beta. There is no public beta of this and it is a virus…. If you download and run BETA8WEBINSTALL.EXE from that site, you won’t get a new chat client. Instead, your existing MSN Messenger will start to send download links to everyone […]

I remember many years ago watching a Dr. Who episode where a very important key was “hidden” in a display of many other keys. Kind of like hiding a tree in a forest. This concept is “security by obscurity”. Generally this is considered a bad approach to security. It is a bad approach if this […]

There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way javascript is handled. So, for […]

I REALLY like secure shell (SSH) for remote access to linux machines. You can do more than just a “telnet” like remote shell with it. (Port forwarding.) However, the default configuraton for the openssh-server is sometimes a bit less tight than I would like. For that reason on a new install, I usually like to […]