Conficker Tips – from Windowssecrets.com

How to update your PC and remove Conficker from WindowsSecrets.com

The following steps should prevent infection by Conficker and eliminate the worm, if your PC has it. One positive side effect is that you’ll enjoy a computer with up-to-date patches:

  • Step 1. Attempt to run Microsoft Update. The Conficker worm can infect vulnerable computers merely by connecting to them remotely via the Internet. For this reason, you should first try to patch Windows before removing Conficker, lest your machine quickly become infected again. It’s particularly important to install Microsoft patch 958644 (security bulletin MS08-067). This patch closes a hole in Windows’ Remote Procedure Call, which Conficker exploits.If you can’t find Microsoft Update (or the more limited Windows Update) on your PC’s Start menu, visit the Microsoft Update page on the Web. Internet Explorer is required.Microsoft Update might complete successfully, or you might not be able to access Microsoft.com at all. In either case, do Step 2.

  • Step 2. Attempt to update your third-party security software. Having the latest antivirus signatures will help eradicate Conficker and other malware that may be lurking on your PC. Use your security software’s menu to manually update to the latest defenses.Have no security software? Read the WS Security Baseline, which summarizes the products that are currently rated the highest by respected reviewers.• If your updated security software deems your PC to be cleaned up, but you couldn’t previously access Microsoft.com, go back to Step 1 and run Microsoft Update.• If you couldn’t access your security vendor’s site at all, do Step 3.• If you finished both Steps 1 and 2 successfully, you should be able to skip Step 3 and do Step 4.

  • Step 3 (optional). Run a standalone Conficker removal tool, if need be. The Conficker Working Group — a coalition of Microsoft, Cisco, SRI, F-Secure, Kaspersky, and many other security vendors — maintains a list of certified detection and repair tools, any of which should remove Conficker. (My thanks to Susan Bradley for her help with this tip.)Unfortunately, most the links in the Working Group’s list are inaccessible on a Conficker-infected PC. A victim can’t even reach the Working Group’s site, because it has in its URL the string conficker, which triggers the worm’s blocking behavior.As I mentioned earlier, security firm BitDefender has set up a new domain from which users can download free Conficker disinfectant utilities. This site, BDTools.net, is not currently blocked by the worm, to the best of my knowledge. The site offers three options: (a) a free online scan; (b) a free, downloadable Single PC Removal Tool for individual users; and (c) a free Network Removal Tool, an .exe file that IT admins can use to disinfect an entire LAN.BDTools.net: Visit BitDefender’s download site.If you can’t access BDTools.net or any other security site from your PC, find a machine that isn’t infected (such as a public-access workstation at a library). Don’t use a search engine to look for removal tools, some of which are bogus. Instead, download a removal tool from the Working Group’s certified list onto a USB drive, and then use that drive to run the software on the infected PC.

    • After removing Conficker, if you couldn’t previously complete Steps 1 and 2 successfully, go back now and finish those steps to update Windows and your security software.

    It’s best to strengthen your defenses before April 1 rather than waiting to see what bad things might happen.

    Read the entire article here

Goldstar – 1/2 Price Tickets to Some Great Events

If you live in or near, or are planning on visiting one of the following cities – Boston, Chicago, D.C. Metro, Las Vegas, Los Angeles, New York, San Diego, San Francisco – and would like to attend an event for 1/2 price, check out Goldstar.

Goldstar works with more than 3,200 venues and producers across the country, and offers the world’s largest selection of half price tickets. Some of the items they offer tickets to are: theater, comedy, sports, music, performing arts and even things like wine tastings, sushi making classes and rodeos. Since not every event sells out, instead of letting seats go empty, venues list them with Goldstar to sell to their members.

Some of the Venues Goldstar Works With:

STAPLES Center – Los Angeles
Madison Square Garden -New York
Cirque du Soleil – National Tour Dodger Stadium Los Angeles
Nokia Theatre Times Square -New York
Ahmanson Theatre -Los Angeles
AT&T Park -San Francisco
Verizon Center – Washington, D.C.
Arena Stage -Washington, D.C.
Steppenwolf Theatre -Chicago
Boston Symphony Hall -Boston

If you find an event you are interested in, you’ll have to sign up for a free membership in order to purchase. By being a member, you get emails with events coming up in your area, events you may not have even been aware of. We’ve seen a couple of plays, and though the seats weren’t front row, they were still very nice seats and the plays were top notch.

https://www.goldstar.com/signup

Do I Give It Away, or Do I Sell It?

Craigslist, Freecycle or Both?

By now, most people have heard of Craigslist. Craigslist is a local online classifieds list for more than 550 cities in over 50 countries worldwide. It is community moderated, and largely free. You can find jobs, housing, goods, services, romance, local activities, advice – just about anything really.  When you go to Craigslist, you choose the location that you want to search for an item  in or sell an item in. Craigslist takes the newspaper’s classified ads and puts it online. It’s great when you have something to sell or are looking for used items to purchase.

Freecycle is quite a bit different. Freecycle is a grassroots and entirely nonprofit movement of people who are giving (& getting) stuff for free in their own towns. It’s all about reuse and keeping good stuff out of landfills. You can find a group closest to you by starting here. With Freecyle, you sign up with a group (it’s all free). Members in that group then list items they are offering or items they are wanting.  For example, when going through the garden shed the other day, there were gardening tools I hadn’t used in quite a while and probably would never use again. I listed them individually on Freecycle and within a couple of hours, I had people offering to come pick up those items. I even had someone pick up a lawn mower that didn’t work any longer.

When to use one or the other? When cleaning out a closet, garage or shed, there are usually items that wouldn’t sell for much yet are still in pretty good condition. There probably isn’t enough to put a garage sale together with, but you would like them to go to people who will use and appreciate them. For things like this, I’d use Freecycle. If I had larger items, appliances, cars, and such that had some value to them, I’d list those on Craigslist. Think about it this way. If the item is something that you normally try to sell in the classified ads of your newspaper, use Craigslist. If the item is something that is too good to throw away but isn’t worth much money, use Freecycle. It’s very likely that when doing your Spring cleaning that you’ll find that you end up using both.

If you know of any other sites that do pretty much the same thing, I’d love to know about them.

Who Knows What About You Online?

I was reading an article yesterday about an individual who was inspired to find out what information about him was online. He searched for his own e-mail address on the search engine Pipl. What he found shocked him. He came across a list that he was on that not only contained his email address, but his password. “That isn’t just my password for Comcast, it’s my password for everything that is not tied to my credit card,” he said in an interview. (Link to Article)

As we get more into social networking, we slowly put more and more pieces of ourselves online. Specialized search engines are making it easier than ever to pull that information together into a highly detailed (and potentially invasive) profile of our virtual lives. The new people-tracking utilities build a highly detailed list about you just from information that you yourself put online.  (People Search Engines: They Know Your Dark Secrets)

I did a search for myself and found some interesting things. On one site, not only did it list my name and address, it allowed me to click a link to get an instant map to my house. On another site, it listed my name and also listed the names of my parents and siblings. For $2.00 I could get detailed information about any one of them. I saw my birthday listed and my wish list from Amazon so if someone were looking for information about my interests, there they’d be. You can imagine how that information could be used. Other sites list which schools you’ve attended, what groups you belong to.

Fortunately, you can take steps to limit the information these sites may collect. One way to grab control is to turn the tables and use the new services to search for information on yourself.

For instance, Spokeo lets you see a limited amount of data without subscribing, Pipl and CVGadget are totally free, and Rapleaf offers an open tool to manage your Internet footprint. A couple of other sites to search for your information on are ZabaSearch, Google, Peoplesearchnow.

Many of the services work the way a standard search engine does: If the content disappears from the Web, it also disappears from the search results. That means you need to visit the individual sites connected to your e-mail address and adjust the privacy settings within each one.

Most well-known sites give you the option of making your data private.

People search engines glean their material about you from many well-known sites,including Amazon.com, social networking sites such as Facebook.

You’ll usually need to go within each individual site’s account configuration pages and look for the privacy options to adjust to suit your comfort level.

Here are some places to visit:

  • Amazon: Wish Lists are made public by default. To change that setting, go to this page and select the option to sign in. You can then view any Wish Lists associated with your account and designate them as private.
  • Facebook: Once signed in, look under the ‘Settings’ tab at the top of the page to find the privacy control panel. Click the Profile option to set parameters regarding who can view your content.
  • MySpace: Click the My Account button at the top of the page after logging in, then click Privacy to adjust your settings. Bear in mind that your age and location are typically displayed publicly even if your profile is set as private, as was the case in one of the examples cited in “They Know Your Dark Secrets…And Tell Anyone.” (People Search Engines: Slam the Door).

If you decide to rethink your level of privacy, the most important first step is to search yourself or your family members so that you’ll know exactly which sites’ privacy settings you need to reconfigure.

Ultimately, the power is in your hands. Switch off autopilot and take control.

Yahoo! News – Stolen-data trove offers look inside a botnet by AP: Yahoo! Tech

It’s scary to think how much and what kind of information is getting out from your computer. It’s so important to have updated anti-virus software and firewalls on your computer. Click the link at the bottom of this article to read the entire article. It’s well worth it.

SAN FRANCISCO – Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.

Victims don’t see where their stolen data end up. But sometimes security researchers do, stumbling across stolen-data troves that offer a glimpse of what identity theft looks like from criminals’ perspective.

Researchers from U.K.-based security firm Prevx found one such trove, a Web site used as a stash house for data from 160,000 infected computers before it was shut down this month.

The find offers a case study on just how much data criminals are stealing every day, from the utterly inconsequential to the alarmingly private.

It also shows the difficulty in shuttering criminals’ ID-theft beachheads: The Web site that Prevx found, which was operating on a server in Ukraine, was still online for nearly a month after security researchers alerted the Internet service provider and law-enforcement authorities. The site was sucking up data from 5,000 newly infected computers each day.

The victims in the Prevx find are mostly everyday people handing over their passwords for Facebook and banking sites, along with their love notes and other e-mails. But more dangerous personal information is there, too, including Social Security numbers and other account information from one bank’s infected computer.

via Yahoo! News – Stolen-data trove offers look inside a botnet by AP: Yahoo! Tech.

Verizon Network Extender Boosts Cell Phone Signals at Home – Mobiledia

Verizon Wireless began selling a device at the end of January that boosts cell phone signals within a home, making it easier for people to drop a home phone line and rely solely on wireless.

These devices are known as “femtocells.” Once Verizon’s Network Extender is connected to a broadband Internet line, it acts as a miniature cellular tower, listening for signals from a subscriber’s cell phone up to 5,000 square feet.

Verizon Wireless, the country’s largest carrier, is following in the footsteps of Sprint, which started selling a femtocell under the Airave brand last year.

Sprint’s Airave costs $100, but the company charges an extra $5 per month for use. Verizon Wireless is not charging a monthly fee. Both Verizon Wireless and Sprint femtocells are made by Samsung and relay voice and low-speed data connections.

AT&T is currently testing femtocells in employees’ homes. Plans to conduct customer trials will begin in the second quarter. The AT&T unit will relay fast 3G data connections.

“Our new Network Extender device will bring the full benefit of the Verizon Wireless voice network to the small but important segment of customers who may experience a weaker signal in their homes because of geographic or structural conditions,” said Jack Plating, Chief Operating Officer of Verizon Wireless. “For those who have wanted to sign up for Verizon Wireless service but hesitated because of reception problems unique to their home location, this is the answer.”

T-Mobile has chosen a different technological standard to expand indoor coverage. It offers Wi-Fi routers and handhelds that can make calls over Wi-Fi in addition to regular wireless calls.

via Verizon Network Extender Boosts Cell Phone Signals at Home – Mobiledia.

Reduce the Size Your Digital Pictures in Windows XP

We’ve all done it, taken lots of digital pictures, copied them to our computers and emailed them to our friends and family, only to have it take forever to mail or to get comments from them letting us know that the pictures either were too big to view, or that they were so big that they locked up the computer.  Microsoft PowerToys add fun and functionality to the Windows experience. What are they? PowerToys are additional programs that developers work on after a product has been released. One of the programs is an Image resizer. Go to the link above, scroll down until you find Image Resizer on the right column. Click on that link to download it. Once you download and install the program, it adds an option to the right-click menu to resize images. To use it, go to the folder in Windows Explorer that contains your pictures. Right-click on a picture and choose “Resize Pictures”. An option window opens and allows you to choose the size of the picture and a few other options. Most people are using the 1024×768 resolution on their monitors so you’d be safe using this setting most of the time. 800×600 works well too. You can see in this example (http://www.askbillfirst.com/images/PictureResizer.jpg) that picture IMG_4062 resized from 2.2 mb in size to a fraction on that (132 kb). You can select multiple images and resize them at the same time. I haven’t notice any loss in picture quality and sending pictures in a much smaller size is appreciated by all. The other benefit of this is that I end up with a much smaller file on my computer which saves me hard disk space for other things. Vista doesn’t have the same PowerToys but a nice, free image resizer can be downloaded from http://www.vso-software.fr/products/image_resizer/. You can watch their YouTube video on the same page to see how it works. It’s similar.

Report: Obama helicopter security breached – White House- msnbc.com

What’s important to take away from this story is that the use of peer-to-peer file-sharing opened this person’s computer up to the world and basically said, “come take a look at my files, even the private ones”.

A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama’s helicopter, NBC affiliate WPXI in Pittsburgh reported Saturday.

Employees of Tiversa, a Cranberry Township, Pa.-based security company that specializes in peer-to-peer technology, reportedly found engineering and communications information about Marine One at an IP address in Tehran, Iran.

Bob Boback, CEO of Tiversa, told WPXI-TV: “We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter.”

The company was able to trace the file back to its original source.

“What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” Boback said.

Tiversa also found sensitive financial information about the cost of the helicopter on that same computer, WPXI-TV reported.

Someone from the company most likely downloaded a file-sharing program, typically used to exchange music, not realizing the potential problems, Boback said.

“When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive,” Boback said.

Retired Gen. Wesley Clark, an adviser to Tiversa, said the company discovered exactly which computer the information came from. “I’m sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.”

Boback said the government was notified immediately.

Iran is not the only country that appears to be accessing this type of information through file-sharing programs, Boback told the station.

“We’ve noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence,” Boback said.

Clark told WPXI that he doesn’t know how sensitive this information is, but he said other military information has been found on the Internet in the past and should be monitored more closely.

Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again.

via Report: Obama helicopter security breached – White House- msnbc.com.

Follow

Get every new post delivered to your Inbox.

Join 200 other followers