Consumer Security on the web, information to assist you in practicing safe computing

Stay away from these.

206.161.120.20 Xp-antispyware2009. com
206.161.120.21 Xp-antispyware-2009. com
ICANN Registrar: ONLINENIC, INC.

206.161.120.22 Xpantispyware-2009. com
206.161.120.23 Xpas2009. com
ICANN Registrar: REGTIME LTD.

206.161.120.24 Xp-as-2009. com
ICANN Registrar: BIZCN.COM, INC.

XpAntispyware2009 was one of the domains suspended by DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM.
http://whois.domaintools.com/xpantispyware2009.com

Certifiedbug, September 14, 2008:
Directi continues to suspend malware sites

{ 0 comments }

Scheduled October bulletin release day, Tuesday, Oct. 14, 2008.

The Microsoft Security Response Center (MSRC)

Preliminary information, subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

• Four Microsoft Security Bulletins rated as Critical, six rated Important, and one rated Moderate. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

We also want to announce the availability of the Exploitability Index in upcoming security bulletin summaries and the official release of Microsoft Active Protections Program, which were both announced at Black Hat in August. The Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins while the Microsoft Active Protections Program provides vulnerability information to security software providers in advance of Microsoft’s monthly security bulletin releases. Both the Exploitability Index and Microsoft Active Protection Program provide additional support to customers and partners to defend against emerging online threats.

As always, we’ll be holding the October edition of the monthly security bulletin webcast on Wednesday, Oct. 15, 2008 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374639&Culture=en-US

Update 1: Microsoft Security Advisory 951306

{ 0 comments }

Opera 9.60 fixes two vulnerabilities.

Advisory 901:

Specially crafted addresses can execute arbitrary code
Severity: Extremely Severe
Problem Description
If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.

Advisory 902:

Java applets can be used to read sensitive information
Severity: Highly Severe
Problem Description
Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.

Download Opera 9.60 for Windows.

{ 0 comments }

Google aims to save you from sending an email you may regret in the morning.

When you enable Mail Goggles, it will check that you’re really sure you want to send that late night Friday email. And what better way to check than by making you solve a few simple math problems after you click send to verify you’re in the right state of mind?

Mail Goggles is active late night on the weekend by default, but once enabled you can adjust the General settings. Anyone who burns the midnight oil and is feeling testy at the boss might want to set Googles to cover the work week. Just to avoid a feeling of self-loathing and “OMG I can’t believe I sent that” the next day.

http://gmailblog.blogspot.com/2008/10/new-in-labs-stop-sending-mail-you-later.html

June 28, 2007-CIO:
Web Rage: Why It Happens, What It Costs You, How to Stop

{ 0 comments }

Finally NoScript 1.8.2.1 is out, featuring the announced new anti-clickjacking countermeasures enabled by default, independent from IFRAME and plugin content blocking settings.

http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/

Certifiedbug, October 7, 2008.
Adobe issues workaround for “Clickjacking” issue

{ 0 comments }

Vulnerability identifier: APSA08-08.

Customers:

To prevent this potential issue, customers can change their Flash Player settings as follows:

1. Access the Global Privacy Settings panel of the Adobe Flash Player Settings Manager at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager02.html
2. Select the “Always deny” button.
3. Select ‘Confirm’ in the resulting dialog.
4. Note that you will no longer be asked to allow or deny camera and / or microphone access after changing this setting. Customers who wish to allow certain sites access to their camera and / or microphone can selectively allow access to certain sites via the Website Privacy Settings panel of the Settings Manager at the following URL: http://www.adobe.com/support/documentation/en/flashplayer/help/settings_manager06.html.

Adobe is working to address the issue in an upcoming Flash Player update, scheduled for release before the end of October. Further details will be published on the Adobe Security Bulletin page at http://www.adobe.com/support/security.

Certifiedbug, August 19, 2008.
Adobe Flash ads launch Clipboard hijack attack by Rogues

{ 0 comments }

Gadi Evron’s Time for self reflection after the downfall of Atrivo-Intercage.

{ 0 comments }

A new twist in the works.

ArtistDirect’s Picast offers peer-assisted video delivery, and subsidiary MediaDefender, acquired by ArtistDirect in 2005, is designed to prevent alleged copyright infringement using peer-to-peer distribution.
Apprantly having used tactics such as flooding peer-to-peer networks with decoy files.

Arstechnica, Revision3 CEO: Blackout caused by MediaDefender attack
Wired: MediaDefender Defends Revision3 SYN Attack

Then there was Miivi.com, a video sharing site MediaDefender launched in February 2007.
File-sharing news site TorrentFreak alleged that Miivi.com was created to trap users uploading copyrighted content.
http://torrentfreak.com/anti-piracy-gang-launches-their-own-video-download-site-to-trap-people/

What is PiCast: http://picast.artistdirect.com/home.html

PiCast starts off with your existing Central Server or Content Delivery Network (CDN), so as to retain the stability, security, and control of a centralized infrastructure. However, once there are more than 2 simultaneous users, PiCast begins to coordinate a distributed ‘peer-cast’ environment, where each individual user is enabled as a peer, and begins to act as an additional source of the stream.

Ryan Lawler: MediaDefender Backs P2P Player PiCast

Certifiedbug, August 17, 2008. Spammers pose as MediaDefender

{ 0 comments }

Trend Micro, October 2, 2008. Rogue AV Tactics Continue to Threaten

October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals we have been documenting on this blog.

Fake BSOD (actually a screensaver) now sports a specific mention of the problem — an unregistered version of a certain AV product.

Now even the fake reboot screen (also a screensaver) has text

The bogus reboot screen poses as Microsoft’s Security Center and recommends you activate your anti virus protection software, (which happens to be AntiVirus 2009).

Certifiedbug, September 29, 2008.
Microsoft and Washington State’s lawsuits reveal ’scareware’ defendants

Microsoft also filed five “John Does” lawsuits. Nameless defendents until discovery reveals the identities of the individuals responsible for marketing the scareware, aka ‘rogues’.
The actual products are well known in the security community and forums that help victims of malware infections.

Antivirus 2009

Microsoft® Malware Protection Center, October 2, 2008.
Rogue Antivirus - A Closer Look at Win32/Antivirusxp
Subratam Biswas and Scott Wu.

Fake security applications have always been good at confusing end-users. Win32/Antivirusxp is no difference in that aspect, and with names such as Antivirus2008, XPAntivirus, Windows Antivirus, Antivirus 2008 XP, confusion is hard to avoid.

{ 0 comments }