Windows Steady State

If you use Window XP or Windows Vista, Microsoft has a tool that could be useful to some people. It’s meant more for shared computers, or for any PC that’s at greater risk of infection.

tools What it does is fairly simple. Every time you reboot the PC, Steady State will restore it to how it was before. So no matter how many viruses, spyware and adware you end up accidentally installing. it becomes fresh and anew.

You need to install it and set it up correctly, and for most people it might be a good idea to get some advice from someone who’s IT savvy, just to make sure you take full advantage of this great tool.

Best of all is that it’s free, as long as you have a genuine Windows XP or Vista license.

While you should still be responsible with how you use a computer, what you download and which web sites you visit, this tool is great tool for certain people.

More info and a download link here.

5 July 2008 | Filed Under Backups, Security, Software | Leave a Comment 

Google Calendar Phishing

password Here’s a new spin in phishing attacks. The idea is to trick people into providing confidential data. This new technique is aimed at Gmail users. Here’s how it works:

VERIFY YOUR ACCOUNT (…)

This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account. (…)

You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username:

* Password:

It’s an attempt to get you to provide your username and password. If you see anything like that simply delete it.

5 July 2008 | Filed Under Fraud, Identity Theft, Scams | Leave a Comment 

Don’t use old browsers

A new report has concluded that 637 million people are using out of date web browsers. This is bad.

expired Old web browsers have security flaws and vulnerabilities. You’re meant to update your web browser to the latest version because the developers have worked hard to patch it and fix up security holes. And in almost every case an upgrade is completely free. Why would anyone choose to use an old browser?

There are no legal obligations to upgrade a web browser but with this many people ignoring the very simple task of upgrading maybe it’s time for something to change. Now’s a good time to check for updates (the option is often in the Tools menu of the browser you’re using right now).

The report is here.

5 July 2008 | Filed Under Software, Statistics | Leave a Comment 

New Fraud Statistics

Sometimes it’s hard to believe these statistics, the numbers are so large. The Australian Bureau of Statistics has finished their first survey of personal fraud. Their findings are that 800,000 Australians fell victim to fraud in some way.

453,100 of those lost money, for a total of $977 million. That’s a lot of people and a lot of money for a rather small population.

329,000 Australians lost money after responding to lottery scams and other phishing related scams.

A lot of people keep falling for scams. The best thing you can do is help them become aware of what scams and fraud tricks are being used. Remember that you can always subscribe to Fraudo.com by email or with an RSS reader.

1 July 2008 | Filed Under Fraud, News/Media, Scams, Statistics | Leave a Comment 

SMS Death Threat Scam

There’s a new scam being sent by SMS, similar to an email one sent recently. The SMS reads:

Someone paid me to kill you. If you want me to spare you, I’ll give you two days to pay $5000. If you inform the police or anybody, you will die, I am monitoring you.

The SMS also includes payment details and an email address.

This is a scam, do not contact the sender or send any money. The Australian Police has issued a warning about this. They also mention that money being paid by victims is being transferred to Thailand.

Let friends and family know about this scam so that they don’t fall victim to it.

1 July 2008 | Filed Under Fraud, Scams | Leave a Comment 

e-books

Like any other thing on the internet that can be downloaded, e-books present their own risks.

books If you need to download an unknown program or plugin to access the e-book then consider if it’s really necessary. Sometimes things you download carry malicious code which often ends up installing spyware on your computer.

One such example is a browser plug-in from bitroad.net. It promises to help download free e-books. In the background it installs malware.

E-books represent a large shift in technology for distributing media. Formats will continue to change, new tools will continue to be developed, and new opportunities will be found to distribute malware on the side.

So always take care what you download or install (in general, the less you install on a computer the better it’ll work). And invest in a good anti-virus package that also scans for spyware.

23 June 2008 | Filed Under General, Malware | Leave a Comment 

Bluetooth Patching

blue background Microsoft has just released June’s lot of Windows patches for XP and Vista. Among the latest patches is one to fix a vulnerability in the Bluetooth stack.

If your computer uses Windows XP or Vista and it has Bluetooth then you need this patch. If your computer doesn’t automatically download and install patches you’ll need to go to Internet Explorer, go to the Tools menu and select Windows Update. Until then you should turn off Bluetooth, otherwise someone could take control of your computer.

Bluetooth has always had security problems from the start. There have been a few fixes along the way but overall it’s an insecure technology.

Technical details about this patch here.

11 June 2008 | Filed Under Security, Software | Leave a Comment 

Plastic Container Hoax

There is an email being circulated that warns people on the dangers of plastic containers. It provides a pseudo-scientific explanation on how plastic containers can cause cancer, and references some medical sources.

It’s a hoax. People start these emails for fun just to see it forwarded to millions of people. There’s no financial gain to be made from these hoaxes, no harm done either. And to you this should be an important reminder not to believe everything you read on the internet.

plastic water bottle Here is some of the text from the email (to help Google index this page and to help more people find this article):

Dear Friends, Gentle reminder, is never to late to change our bad habits of having everything fast. Avoid warming food in microwave using plastic containers. This may endangers your lives.

Cancer Update please see below ! Hopkins
This information is being circulated at Walter Reed Army Medical Center as well.
Please circulate to all you know; Cancer update
Johns Hopkins - Cancer News from Johns Hopkins

No plastic containers in micro
No water bottles in freezer
No plastic wrap in microwave…

A dioxin chemical causes cancer, especially breast cancer.

Dioxins are highly poisonous to the cells of our bodies. Don’t freeze your plastic bottles with water in them as this releases dioxins from the plastic.

Recently, Edward Fujimoto, Wellness Program Manager at Castle Hospital , was on a TV program to explain this health hazard. He talked about dioxins and how bad they are for us.

He said that we should not be heating our food in the microwave using plastic containers..

This especially applies to foods that contain fat.

He said that the combination of fat, high heat, and plastics releases dioxin into the food and ultimately into the cells of the body…

Instead, he recommends using glass, such as Corning Ware, Pyrex or ceramic containers for heating food… You get the same results, only without the dioxin. So such things as TV dinners, instant ramen and soups, etc., should be removed from the container and heated in something else

Paper isn’t bad but you don’t know what is in the paper. It’s just safer to use tempered glass, Corning Ware, etc.

He reminded us that a while ago, some of the fast food restaurants moved away from the foam containers to paper. The dioxin problem is one of the reasons

Also, he pointed out that plastic wrap, such as Saran, is just as dangerous when placed over foods to be cooked in the microwave. As the food is nuked, the high heat causes poisonous toxins to actually melt out of the plastic wrap and drip into the food.

Cover food with a paper towel instead.

Now onto the explanation about this hoax:

At the beginning of the hoax email it states that this research comes from John Hopkins. John Hopkins Bloomberg School of Public Health is a medical school in USA. They have nothing to do with this email or the information contained within it. In fact they’ve published a statement that says,

These messages, frequently titled “Johns Hopkins Cancer News” or “Johns Hopkins Cancer Update,” are falsely attributed to Johns Hopkins and we do not endorse their content.

Freezing water does not cause the release of chemicals from plastic bottles.

Read the full notice here. And in case you’re still thinking “what if the email is right, what if…”, John Hopkins Bloomberg School of Publish Health also adds:

This is an urban legend. There are no dioxins in plastics. In addition, freezing actually works against the release of chemicals. Chemicals do not diffuse as readily in cold temperatures, which would limit chemical release if there were dioxins in plastic, and we don’t think there are.

microwave oven Read the rest of this quote, and much more scientific information about why this is a hoax, here. Note that microwaving some types of plastics can be hazardous, read the medical article for accurate information. The above Q&A was published in 2004. This hoax email has been going since 2002.

So the next time you receive one of these emails, instead of forwarding it to 10 people thinking you’re doing them and yourself a favour, let the sender know it’s a hoax and refer them to this article for reference.

10 June 2008 | Filed Under General, hoax | Leave a Comment 

Advanced Fee Fraud on LinkedIn

The Advanced Fee Fraud is also known as a 419 scam. This is an old and still very popular scam whereby someone who is either a foreigner or is posing as a foreigner asks a stranger for help transferring large amounts of money. They promise a large compensation in return, and ask for some money to get things started. It sounds simple and a lot of people fall for this.

business card LinkedIn is a social networking site, much like FaceBook and MySpace. LinkedIn is mostly used by professionals, i.e. adults with bank accounts and who have money. This would make a good target for a scammer.

It’s been reported that these advanced fee frauds have been appearing on LinkedIn recently. Users of the service are being too trusting of the community and scammers are taking advantage of this.

If you use any social networking site please be aware of people trying to scam money using these ploys. Read up on how this scam works and let other people know about it.

8 June 2008 | Filed Under Fraud, Scams | Leave a Comment 

Malware in Resumes

cubicles Recruitment companies receive a lot of resumes in Word format, as you’d expect. But it seems that there’s a growing trend of these Word files being infected with some type of malware. Often there is automated software at recruitment companies to forward the resumes to their clients without scanning them for malware.

Hackers have caught onto this and are targeting these companies. They’ve been sending resumes (probably not their own) with backdoor trojans embedded in the document. This gives them a chance to gain access to these networks.

If your work involves receiving many Word documents from the general public put in place a plan to screen these for known malware, and to limit the damage they can do if a new (unknown) trojan gets through. Most security specialists can help with this.

5 June 2008 | Filed Under General, Malware, Security | Leave a Comment 

Tracking Mobile Phones

It’s no secret that mobile phones can be tracked by phone companies. The technology has existed for years and there are usually privacy laws in place so the facility isn’t abused.

A new system has been designed to track mobile phones in a defined area such as a shopping centre. It works by tracking the unique IMEI number that every GSM phone transmits.

phoneThey can’t track your name or phone number using this, but they can work out your shopping habits such as which shops you walk into. If they were extra smart they would link your name, when you pay for something with a credit card, to your phone’s ID. But they haven’t done this yet.

It’s already been installed in two US shopping centres (one of them is Gunwharf Quays in Portsmouth).

Apart from marketing and security data this provides to its operators it’s a privacy issue to regular people. Read the full article here.

3 June 2008 | Filed Under Privacy | Leave a Comment 

Safari Threat

Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?

A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.

So what’s the flaw?

It’s being called Carpet Bombing. Here’s how it works.

safari elephants A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.

The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.

Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.

So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?

We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.

Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx

Further info here, here and here.

3 June 2008 | Filed Under Antivirus, Malware, News/Media | Leave a Comment 

Privacy of Olympic tickets

6.8 million Olympic tickets have been printed and will be carried by people attending Olympic events in China this year. What’s different this year is that each ticket will contain a tiny microchip.

This chip will contain visitor’s photo, passport details, address, email address, and phone number. (Photo and passport data will only be on tickets for the opening and closing ceremonies).

US passportThat’s a lot of information recorded on the actual ticket itself. Usually tickets just have a serial number, or sometimes even a person’s name.

Chinese Olympic organisers have their reasons, they want to protect the events against known protestors.

Another perspective is that this is a privacy risk for people purchasing and carrying the tickets. A visitor carrying one of these tickets has no control over:

There isn’t anything you can really do other than choose whether or not to attend. If you wish to attend and purchase a ticket just be aware that this private information will be written on the ticket and will be readable by anyone with the correct equipment.

2 June 2008 | Filed Under Privacy | Leave a Comment 

Adobe Flash Flaw

newspapers This week everyone’s been talking about a new flaw in Flash that can be exploited to run malicious code on your computer. After a few days of media frenzy Adobe has released a fix for it.

If you use Windows then download the update (this includes users of FireFox, Opera and Internet Explorer). Link here.

The fixed version is 9.0.124.0. If you’re keen you can read more about the vulnerability here.

30 May 2008 | Filed Under News/Media, Security, Software | Leave a Comment 

CSS Exploit

CSS is a web design technology that almost every web site today is using. It controls things like colour, fonts, and most of the design on every web page.

design A flaw has been discovered that can allow web site creators to know if you’ve been to a particular site. An example has been presented that lets web site owners know if you visit Digg, Del.icio.us, Reddit, and Facebook without having to ask.

This is more of a privacy concern rather than a security risk. The following tips will avoid it but it’s a little impractical to do:

It’s a documented bug in the CSS standard that might not get fixed for a while.

30 May 2008 | Filed Under Privacy | Leave a Comment 

Mac OS X Update

Image courtesy of Apple Apple has released a major update to Mac OS X. If you use a Mac you should first make a good backup of your computer then apply this update.

It patches over 40 security vulnerabilities (don’t let anyone tell you Macs are completely safe and invulnerable). The latest version is 10.5.3.

30 May 2008 | Filed Under Software | Leave a Comment