February 24th, 2010 by Hescominsoon

The blame here is not online banking but the operating system(Windows) faulty design and the users lack of proper security education.  ANY business no matter how small needs to have a security audit done:

1. To make sure your machines aren’t infected

2. To get educated on how windows computers are vulnerable by design

3.  To learn how to protect yourself from online fraud and other threats

4.  To ensure proper recovery and mitigation procedures are in place BEFORE this kind of damage takes place

As the economy sputters along more and more single person, home-based businesses are going to have this happen.  It’s all too easy for a machine to get infected and with this new generation of malware once you are infected…it’s too late to recover.  Listen to my podcast for more information.

McCarthy said she never would have done online banking for her business if she had understood how precarious it was for her business.

via N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss — Krebs on Security.

February 18th, 2010 by Hescominsoon

It’s very simple.  Yahoo is abandoning their search.  All of their search results are going to come from Bing.  How bad is Bing?  I can search Microsoft’s site with Google faster, with more accuracy, and more relevance than Bing can hope for.

January 19th, 2010 by Hescominsoon

Full Disclosure: Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack.

If you honestly believed Vista or 7 was a total rewrite because Microsoft said so this issue blows that straight out of the water. This is code from back in the nt.x days.  This allows anyone to elevate themselves to kernel level without any kind of notification.  Vista and 7 were not supposed to have any dos or 16 bit code left in them…guess what?  It’s still there.  The workarounds are easy for experienced administrators.  I will be implementing the recommended configuration of not allowing the execution of 16 bit code.  Luckily 64 bit versions appear to not be affected.

January 19th, 2010 by Hescominsoon

Computer Security Research – McAfee Labs Blog.

This is an expansion of the most recent IE exploit.  Now comes the analysis.

Allowing a system level file for windows(in this case a dll) be executable without any kind of security context is a really bad idea.  That’s really all  Activex is but there are several other DLL’s inside of IE that allow other DLL’s to be executed.  In this case it was mshtml.dll.  Mshtml.dll was the source of hte exploit and now a further analysis of the malware shows it uses it’s own dll to leverage this vulnerability.

ECC HIGHLY reccomends you do one of two things:

1.  Simply don’t use IE at all

2.  If you can’t(or won’t) at least get your security setup to wholesale blacklist dll’s at the firewall.  This will break some sites that are coded for IE.  Many of these sites will work under Firefox as well.

January 15th, 2010 by Hescominsoon

This was an exploit form back in ie6.  It is present in all version up to 8.  mshtml.dll once again has a major issue that allows remote sites to take over your machine.  If you are running ie6, ie7, or ie8 you are vulnerable.  HOWEVER if you have DEP turned on for ie 7 or 8 then the threat is reduced but not eliminated.  This is also why you NEVER surf on a server.  Frankly I am going to extend Microsoft’s advice.  Raise ALL security levels to high except trusted sites…leave it at medium(for windows updates) then never launch IE again.  I am being dead serious.

VIDEO OF EXPLOIT IN ACTION.  Blow the video up to full screen then watch for a list that shows up at around 1 minute.  Notice how notepad is running nicely.  At around 1 minute 50 seconds the “hacker” issues a kill command followed by a number.  That number is the notepad.  watch as notepad goes boom..no warning..no notifications.  This person has full control of your system..all because of a badly designed OS and browser.  Notice the users on the right.  Those are system processes..processes even the administrator does not have direct access to.  I have said it over and over having a web browser tied so closely to the kernel is a bad idea.  As long as IE exists in it’s current form Windows will NEVER be remotely secure.

Here’s the backstory.  Apparently some Chinese folks(possibly the gov’t) started using this unknown security hole in IE to start trying to get into various activists that are opposed to the vast range of Chinese gov’t controls.  They targeted Google because this is where these targeted activists had their mail.  Google detected this activity and began a backtrace.  They found out that multiple large companies had also been attacked using this issue.  The story is continuing to unfold.  The only fix available right now is to put all of your IE settings up to high.  This has the effect of making IE unusable on the internet.

My recommendation:  Use either google chrome or firefox.  Don’t bother with IE anymore…at all.  There’s so many links with full information I am not going to embed them into this post.  The list follows.

*UPDATE* there are quite a few programs that idiotically use IE to operate.  Now various exploit writers and researchers are hitting these as well.  Many other programs are now falling over after being hit either with IE exploits or ones similar that are now being found in a rash of other software.

Google’s Initial Response disclosure of what was targeted and revelations of other companies hit

Microsoft’s confirmation and advisory.

Other companies also hit.

(This list will continue to grow)

Mcafee has multiple postings:

1 2 3(twitter feed) 4

*UPDATE*  Itworld has much the same opinion of IE as I have had for a long time.

January 7th, 2010 by Hescominsoon

{ED7BA470-8E54-465E-825C-99712043E01C}

{00C6D95F-329C-409a-81D7-C46C66EA7F33}

{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}

{025A5937-A6BE-4686-A844-36FE4BEC8B6D}

{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}

{1206F5F1-0569-412C-8FEC-3204630DFB70}

{15eae92e-f17a-4431-9f28-805e482dafd4}

{17cd9488-1228-4b2f-88ce-4298e93e0966}

{1D2680C9-0E2A-469d-B787-065558BC7D43}

{1FA9085F-25A2-489B-85D4-86326EEDCD87}

{208D2C60-3AEA-1069-A2D7-08002B30309D}

{20D04FE0-3AEA-1069-A2D8-08002B30309D}

{2227A280-3AEA-1069-A2DE-08002B30309D}

{241D7C96-F8BF-4F85-B01F-E2B043341A4B}

{4026492F-2F69-46B8-B9BF-5654FC07E423}

{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}

{78F3955E-3B90-4184-BD14-5397C15F1EFC}

via The Other 16 “GodModes” For Windows 7 – Tom’s Hardware.

here is how you activate them:

Step 1: Right click.

Step 2: Click create folder.

Step 3: Name your sparkly, new folder this, “<whatever you want>.{ED7BA470-8E54-465E-825C-99712043E01C}” and press enter.

so you could clal this ultimate shortcut number 1.(guid) or whatever you wanted it to be..:)

This is not for you  XP folks but it is for Vista.

January 5th, 2010 by Hescominsoon

Want a good way to access all the control panel options in Windows 7 in one easy location? Simply make a folder on your desktop and rename it GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and you are all set. This handy tip was brought to you by [H] reader Edward Cabarles. Here is what your folder should look like after you rename it:News ImageFYI: This trick does NOT work on Windows Vista

via [H]ard|OCP – Windows 7 Tip of the Day: God Mode.

December 1st, 2009 by Hescominsoon

Channelweb Connect: SMB Channel Voice: SMB Storage Challenges – Two Nice MS Utilities.

The Search Server Express is one thing i like.  It allows you to have your server index by content everything on your server including PDF’s.  This is one i am going to look into for all of my clients.

November 30th, 2009 by Hescominsoon

Microsoft looking into Windows ‘black screen of death’ problem.

I have not run into this with any of my clients.  Will keep a lookout though and will update this if things change.

*UPDATE*  The black screens are caused by the machines already being infected with malware BEFORE the security updates are installed.

November 29th, 2009 by Hescominsoon

Windows 7 – Performance Improvements.

Wayne gets overenthusiastic though saying it’s faster than XP.  There’s no way that’s true as i have run both on my notebook and my quad core desktop.  XP is still quicker than 7 but ANYTHING is faster than vista.