ONE-CLICK FIX-IT

In the absence of a patch, Microsoft is recommending that affected Windows customers use this one-click Fix-It tool to unregister the problematic “hcp://” protocol.

This can also be manually done by following these simple directions:

1. Click Start, and then click Run.
2. Type regedit, and then click OK.
3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
4. Right-click the HCP key, and then click Delete.

Impact of Workaround: Unregistering the HCP protocol will break all local, legitimate help links that use hcp://.  For example, links in Control Panel may no longer work.

via Windows XP zero-day under attack; Use Microsofts “fix-it” workaround | ZDNet.

via Adobe reports critical flaw in Flash, Acrobat | Security – CNET News.

via Defective McAfee update causes worldwide meltdown of XP PCs | Ed Bott’s Microsoft Report | ZDNet.com.

Researchers from Symantec are reporting on an ongoing targeted malware campaign using a FIFA World Cup 2010 theme, in an attempt to trick end users into executing a malicious PDF file, exploiting a recently patched flaw in Adobe Reader.More details on the campaign:The attackers have downloaded Greenlife’s PDF document, and changed it to include malicious code. They then attempted to email the malicious PDF to a user in a major international organization that brings together governments from all over the world. We should emphasize that downloading the PDF from the Greenlife website is perfectly safe at the time of writing this blog.The attack makes use of a recently patched vulnerability in Adobe Reader – CVE-2010-0188. The patch for this critical rated vulnerability was released by Adobe on February 16, 2010. Since then we have observed a large number of targeted attacks attempting to exploit this vulnerability. Proof-of-Concept exploit code is available in the Internet which is contributing to the large number of observed attacks. The exploit makes use of a flaw in the TIFF file parsing in Adobe Reader. In particular, a stack overflow is caused by inserting a TIFF image into the PDF with a specially crafted “DotRange” tag.

According to recent reports, malicious PDF files not only comprised 80 percent of all exploits for 2009, but also, represent the preferred infection vector for targeted attacks in general, for the first time ever surpassing the use of malicious Microsoft Office files.

Users should not just update their Adobe products, or perhaps even consider an alternative PDF reader, if truly paranoid. They should take a comprehensive approach when dealing with all the 3rd party applications and browser plugins, currently installed.

via FIFA World Cup themed malware campaign spreads malicious PDF files | Zero Day | ZDNet.com.

Scammers are taking advantage of every hot news story out. Do a search for an issue and the results may contain poisoned links that lead to malware. The malware could be in the form of rogue antivirus software, which looks like a professional looking antivirus program and warns you of non-existent infections. The fake apps then push you to buy a license for the software to clean up the fake malware it finds. Once you’ve clicked on that link, look out. Some of the things the downloaded malware will do is steal passwords and logins by recording your keystrokes. It can install programs that will turn your computer into  bot to be used in future infections of other computers. It could be used to hold your data for ransom, where the owner of the malware charges you in order to receive the removal information. In many instances,  you’re reformatting your hard drive and reinstalling your programs.

So, how do you really know that the link you’re clicking on is safe? My preference is to install W.O.T. (Web of Trust) in your browser. When you do a search, W.O.T. will place a circle next to the link and it will be Green for safe, Yellow for caution, and Red for stay-away. The other thing you can do with W.O.T. is to right-click on a link on a website and choose View WOT Scorecard. That will take you to a page that shows you the ratings of the page before you actually visit it. The latest browsers are trying to help keep you safe as well, with built-in phishing and malware protection so it’s recommended that you update your browsers to the most recent versions. You can find the latest version of Firefox here, Internet Explorer here, and Google Chrome here.

Now and in the future, it’s really important to be careful about your browsing. Make sure the links you click on are going to be good for you.

State and federal laws regarding access to networks

Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompass connecting to a wireless network without explicit permission, even if the Wi-Fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime. But if you decide to hop onto the nearest unencrypted Wi-Fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café’s Wi-Fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.

The federal law that covers unauthorized access is Title 18 U.S.C. Section 1030, which prohibits intentionally accessing a computer without authorization or exceeding authorized access. But it applies to “protected computers,” which are defined as those used by the U.S. government, by a financial institution, or used in or affecting interstate or foreign commerce. In addition to fines and imprisonment, penalties include forfeiture of any personal property used to commit the crime or derived from proceeds traceable to any violation. You can read the text of that section here.

In a recent case regarding unauthorized access, a high profile lawsuit was filed against a school district in Pennsylvania by students who alleged that district personnel activated their school-issued laptops in their homes and spied on them with the laptops’ webcams. The FBI is investigating to determine whether any criminal laws were broken. Because the school district owned the computers, there is controversy over whether they had the right to remotely access them without the permission of the users.

via 10 ways you might be breaking the law with your computer: UPDATED | 10 Things | TechRepublic.com.

The alert came from Microsoft’s (NASDAQ: MSFT) Malware Protection Center (MMPC) on Wednesday.

“One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software,” Microsoft said in a post on the MMPC’s Threat Research & Response Blog. “So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials.”

The masquerading rogue security tool goes by the name Security Essentials 2010, which is very similar to the actual name of Microsoft’s suite, though the real suite does not have a date in its name.

Users who encounter the fake will see a bogus malware detection scanner that reports many files on a PC are infected with various types of malware, including Trojans and adware, replete with what looks like a legit “system warning.”

Users infected with the Trojan, known as Win32/Fakeinit, will be presented with a screen informing them that the software is just a “trial version” and that “removal and real-time protection features are disabled.”

The solution, the fake software informs users, is to “activate [the] full version.”

That’s not a good idea, however.

“Fakeinit’s downloader not only installs the fake scanner component — it also monitors other running processes and attempts to terminate the ones it doesn’t like, claiming that they are infected,” Microsoft’s blog entry cautions.

The bogus anti-malware product also makes changes to the user’s registry to lower security settings, and to prevent users from deleting the “Your System Is Infected” background that it displays in order to raise the user’s anxiety level.

According to the blog post, Fakeinit also downloads a second Trojan that installs the Alureon rootkit — another piece of malware that Microsoft warned a week ago was the source of many Windows XP machines exhibiting blue screens and constant reboots.

Additionally, the malware cuts off access to a list of URLs popular with users, including Ask.com, Amazon.com, Craigslist.com and many others, according to Microsoft.

Aside from some minor grammatical errors in the text — a common tipoff that a piece of software is actually malware — what gives away the real purpose of the bogus software are the statements identifying it as a “trial version” and requests to activate the full product.

The actual Microsoft Security Essentials suite is available without charge from Microsoft.com.

via Trojan Pretends to Be Microsoft Security Suite – www.esecurityplanet.com.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals.

If your laptop computer’s webcam could talk about what it sees, what would it say?

Students of a Pennsylvania school district are hauling educators to court over allegations that administrators remotely activated the webcams on school-issued laptops and used that remote access to spy on students and their family members. (Techmeme)

The civil suit (PDF) was filed last week against the Lower Merion School District in Ardmore, PA, its board of directors and the Superintendent. It alleges violations of the electronic Communications Privacy Act, The Computer Fraud Abuse Act, the Stored Communications Act, the Civil Rights Act, the Fourth Amendment of the U.S. Constitution, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania Common Law. In part, the suit reads:

Unbeknownst to Plaintiffs and the members of the Class, and without their authorization, Defendants have been spying on the activities of Plaintiffs and Class members by Defendants’ indiscriminant use of and ability to remotely activate the webcams incorporated into each laptop issued to students by the School District, This continuing surveillance of Plaintiffs’ and the Class members’ home use of the laptop issued by the School District, including the indiscriminant remote activation of the webcams incorporated into each laptop, was accomplished without the knowledge or consent of the Plaintiffs or the members of the class.

The suit notes that there are about 1,800 students in the district’s two high schools and that students were each assigned a laptop computer that was purchased, in part, through state and federal grants secured over the past few years. The suit also notes that all of the written documentation that accompanied the laptop made no reference to the district’s ability to remotely activate the embedded webcam.

The issue came to light in November when an assistant principal informed a student about improper behavior in his home and produced a photograph captured from the laptop’s webcam as proof. The suit did not specify the type of activity the student was engaged in.

Because the webcam would capture images of anything in its range, including the actions of other household members and their guests, the plaintiffs in the case extend to family members, as well as the students themselves.

Sam Diaz

Sam Diaz is a senior editor at ZDNet. See his full profile and disclosure of his industry affiliations.

via When webcams go bad: Students sue school officials for remote spying | Between the Lines | ZDNet.com.

By ASHLEE VANCE

Published: January 20, 2010

Back at the dawn of the Web, the most popular account password was “12345.”

The New York Times

Today, it’s one digit longer but hardly safer: “123456.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

via Simple Passwords Remain Popular, Despite Risk of Hacking – NYTimes.com.

There are several password generation programs available that will make and remember random passwords for different sites and needs. I highly recommend them. The one I use is Roboform. You can read my blog entry about it here: Now What Was That Password Again?

via Microsoft urges Windows XP users to ditch old Flash version.