Rss

Archives for : vulnerability

Are you still using PC Anywhere?

lock icon

A Breach is coming your way

Why? Have you ignored the requests from Symantec about ceasing useage of this product because of Symantec’s code breach? If you are unaware…read it from a trustworthy news source.

It’s simple…Symantec had its code stolen. The thieves tried to extort money out of Symantec and Symantec got caught trying to initiate a sting. So the code base for PC Anywhere is about to be made public.

That means that any hacker with a knowledge of compilers can, and will, create a tool to gain entry into your home or work systems. It means that your data is at risk of being compromised. It means that your credit card information and other vital information that could embarass you, that you keep on your computer, is likely to be stolen.

Do you need an alternative to PC Anywhere? You should’ve said so. I’ll cover that aspect tomorrow.

Hackers expose Grindr members intimate images

An app that has been used to target gay and bisexual men and their smart phones has had its userbase hacked. The hackers gained access to and exposed images of some of the site’s users.

While that’s bad…what makes it worse is that many of these members had very intimate images of themselves maintained on the Grindr system. This will no doubt create a problem for many of the site’s members.

Here is a reminder — if you must take adult oriented images of yourself, please remember how easy it is to hack a phone and share those images. Once an image is released on to the Internet, it will exist forever.

So please keep anything you do not want shared with the world, stored on a system that is secured and if possible have the images of yourself encrypted so that even if bad apples gain access to your system, they will have a very hard time decrypting your images and ruining your reputation.

Two Facebook search boxes are worse than one

FaceBook resource site, AllFacebook.com is announcing today that Facebook itself is denying testing a web search tool and additional search box on your page. The “search box” which looks like this:

Facebook fake search box from AllFacebook.com

Facebook fake search box from AllFacebook.com

 

So now the question is…what is this and what can you do about it?

Well Facebook has a tool created in cooperation with McAfee that can help you locate, isolate, and remove any malware that may be on your system.

http://www.mcafee.com/US/

If you have questions..just ask.

Today’s security tip of the day…

Today’s tip comes from the fine folks at SANS.org—

I have long hated Outlook’s preview pane but…it can be useful to a degree if you configure it properly. First things first…if your version of Outlook has the capability, turn off HTML emails and force them into plain text.

If you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it.
Disable the Reading Pane and Enable Auto Preview:
1.Open Outlook.
2.Choose View -> Reading Pane -> Off
3.Choose View -> AutoPreview
4.Now you can see what is Junk, and which ones may have an HTML payload.

Could it be true? A Mac OS trojan?


Sophos’ Naked Security blog is reporting that they have discovered a Mac OS X backdoor trojan.

Now in plain English…people have flocked to Macs in part because they feel like they are safer and to a degree that is correct. There are fewer viruses, malware, and junk written for the Mac OS in part because the Mac OS X is based on the Unix platform.

That means that it is that much harder for writers of these tricks have to get the same payoff they would get on the Windows OS.

Now the difference between a Mac and a Windows PC is now only software. Mac’s are made on Intel chips, with the same integrated products that may be on your personal Windows computer right now. In fact…check our Franken-macs and see how some innovative users are finding ways to install the Mac OS X operating system on to their home made computers.

So why is it harder to build a virus/trojan/malware/or junk for a Mac? Well in part, think about who you are using your Windows computer as. You are running it as the system administrator most of the time. You are not running this as a plain user which has no installation or administration rights. This means that a piece of software that can load on to a Windows system is pretty much guaranteed on installing itself with Administrator privileges and thus it can run without your knowledge or permission.

Microsoft tried to correct this with a clunky User Access Control (UAC for short) but so many people complained because it wasn’t convenient enough and that it balked at everything they tried to do. Well imagine how that would have happened in a plain user scenario. The user would not be allowed to install anything so they probably would never be pushed to grant permission for an image to load or for a javascript to run.

But running your Windows PC as an Admin means you will likely never know that software with bad intent has landed on your machine. So where does that leave you?

Yup…wishing you had a Mac. But now Mac users are having to think a little harder and find a tool that will help protect their system. Most rely on just the MAC/Unix OS to protect them and their data but a trojan, which is a piece of software pretending to be something useful, can gain a foothold on your system and begin chipping away at your Mac’s known insecurity levels.

So what’s a Mac user to do? Well there are many Mac anti-virus programs available. Many are available for free.

My research has indicated that iAntivirus would be the best bet because it’s definitions and routines are meant solely for the Mac OS and will not include any Windows information.

There are other freebie anti-virus tools for you as well: ClamAV, Avast, BitDefender, and others. Norton/Symantec makes what my research shows as the weakest protection for your Mac.

What about the guys who are getting credit for uncovering this trojan, Sophos? Well they are useful to the consumer but they are expensive and they are designed to be a business/enterprise anti-virus that home users can use. So you should ask yourself…do I need enterprise level protection in my daily activities?

Plus you should do your own research. Don’t take my word on everything…read some for yourself and because your own expert and advocate.

You can find all of these anti-virus tools on CNet’s Download.com

Download.com’s AV list