Computer Tips -Tech Info

It turns out that Windows 98 is just too hard for Microsoft to support with a security patch for MS06-15 now. The official support period ends in July, but they’ve announced that this one won’t be getting a patch as the changes would be just too substantial. Some of the mitigation suggestions involve using restricted zones settings to limit ActiveX and Active Scripting. (Of course, installing something other than Windows 95/98/ME might be considered a mitigating factor as well.)

   Send article as PDF   

Ethereal has quite a reputation for itself, I’ve used it in analyzing traffic on the home network and experimenting with virtual images… anyway, it’s a packet sniffer and network protocol analyzer and it now has a new name and new home…. wireshark.org. Apparently the lead developer did not own the rights to the name ethereal and is transfering to a new job, the old company keeps the ethereal name. He said in the explanation that he is NOT going through a namechange like that again for the project and is in the process of trademarking and will ask for input shortly as to how the development team wants to hold the trademark.

Read the rest of this entry »

For anybody that didn’t notice, the World Cup has gotten underway in Germany. (For those that haven’t heard – every 4 years there’s a world football championship (here in the US we call it soccer).) The US National team is scheduled to play the Czech Republic Monday (the US side is in a tough group this time around.) Anyway, currently Germany/Costa Rica are tied 1-1 and I just tried out Google’s World cup results search. Just searching for world cup at Google yields current match scores and gives info on what match is up next. I was impressed that the update was within about a minute of Costa Rica’s equalizer goal….

Read the rest of this entry »

This is a cautionary tale about bank fraud for anyone that sells things. (online or otherwise). A man sold a car online, the buyer sent a check for several thousand more than the buying price. He claimed it was to cover extra shipping costs and for the seller to just wire him the excess which turned out to be $5000. He felt a bit suspicious of the check and inquired a couple times if the check was ok, the teller confirmed that the check was fine.

Read the rest of this entry »

The Official Google blog passes along the release of the Google Video Player for Mac. I’m impressed at the universal binary which means it should work on either PPC or Intel architecture. Here’s the download page.
Read the rest of this entry »

Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.

Read the rest of this entry »

It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”

Read the rest of this entry »

It’s about that time again folks…. Monthly Microsoft patch cycle – June patches will be released on the 13th (next Tuesday) and it looks like a big batch. There should be 12 patches this time and at least one of the Windows updates is Critical and at least one of the Office updates is critical. It’s widely expected that an update will be released for the Word vulnerability that’s been talked about previously here. Also, there will be a change in the ActiveX behavior in Internet Explorer. That change had been scheduled to come out a few months back, but was postponed.

Read the rest of this entry »

By the way, the castlecops dos has reminded me of something that I hope I’ve mentioned before, but will mention again. They have a page castlecops.com/pirt where you can either copy/paste an entire phishing email or provide them with a link of a phishing site. Very useful interface for reporting phishing. Anyway, it’s being added to the “Useful links” area.

   Send article as PDF   

It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were “asking for it”. Where to start. Let’s see, back in the day there were some that sent out messages to other peoples computers and even when people tried to stop getting the messages they kept coming, so a few sites decided that if they could “blacklist” the places that these messages were coming from, they could help people deal with the mass of messages. So they did, and the people sending the unwanted messages were a bit frustrated and improved their distribution a bit, taking over virus infected pcs for sending their messages. The defenders matched and started blacklisting dialup addresses as mail sources. It was frustrating for those doing legitimate mail servers on a dynamic internet address, but there were legitimate ways to fix the problem. But the senders of the messages got mad.

Read the rest of this entry »