AskBillFirst - Non-Tech Speak Technology Blog

Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed | Sucuri

wjimenez275 — Thu, 12 Jul 2012 16:58:41 +0000

Have you noticed an increase in spam from those you know with yahoo, hotmail, aol or gmail accounts? There’s a reason for that. Apparently, there was a massive leak of Yahoo passwords and since many people use the same passwords for several sites, it was easy to hijack those accounts. From the link in this article, you can check if your email has been hijacked and is being used to send spam. Whether it is or isn’t, you should consider changing your password. Also, take a look at the password list. Notice how many people are using simple, easy to guess passwords. Check out my post on creating strong passwords - Maybe My Password Isn’t As Strong As I Thought It Was

We recently heard that a massive leak of Yahoo passwords has been floating on the interwebs for a few days. According to Ars Technica, the dump is from Yahoo Voice and the data was released in clear-text yes, clear text in 2012. It seems they were not storing the passwords securely.We got access to the dump and we can confirm that this leak is valid. We can not however confirm it is from Yahoo, the password analysis does not have many “Yahoo’s” in it we’ll explain later.That said, we recommend all Yahoo users to change their passwords ASAP! Specially on other services that you are reusing the same passwords. Better safe than sorry.

*You can check here if your account was part of the leak: http://labs.sucuri.net/?yahooleak

via Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed | Sucuri.

An Easy Way to Stay Safer on the Web, with OpenDNS

wjimenez275 — Sun, 29 Apr 2012 23:30:45 +0000

Since this post is going to be a little technical, I’m going to start by defining some of the things that will be discussed.

DNS – Short for Domain Name System (or Service or Server), an internet service that translates domain names into IP addresses. Because domain names are alphabetic, such as askbillfirst.com, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.askbillfirst.com might translate to 208.109.14.108.

Domain Name – A name that identifies one or more IP addresses. For example, the domain name microsoft.com represents about a dozen IP addresses. Domain names are used in URLs to identify particular web pages.

URL – Abbreviation of Uniform Resource Locator, the global address of documents and other resources on the World Wide Web (www).

When you access the internet and type in a URL, the name you entered is sent to servers that translate the letters you typed into the corresponding IP address for that site. Generally, those servers are set by your internet provider. There is no filtering involved with these servers. Therefore, any website that you attempt to go to will pass back to you whatever it has on it, both the good and the bad.

Now, there is a way to set up your computer, or your network router, to protect you from visiting sites that may cause you problems. One company that allows you to filter web content, protects you from phishing sites, and other things is OpenDNS. OpenDNS is used for content filtering. It filters content based on categories of sites, such as gambling, pornography, social networking, humor, and more. These sites may not be malicious, but they could be considered unacceptable types of content. OpenDNS is often used in place of parental control software.

To set this program up you’ll need to modify your network adapter settings. If you use both wired and wireless connections, you’ll need to modify both adapters. If you want to set this up so it protects everyone on your network, you can make the settings in the router and they will filter to everyone on the network.

You can find the instructions for OpenDNS here.

These settings will work on both PC’s and Mac’s whether you set it at the pc level or the router level.

Do not use this in place of a good anti-virus, but use it along with a good anti-virus for an easy way to stay safer on the web.

UPDATE – Laura from OpenDNS informed me that “ OpenDNS actually works as a security filter as well. It protects you from phishing websites, as well as blocking Malware like the Conficker virus. We’re seeing a lot of users — both home and business — choose OpenDNS specifically for the security it provides.” Thank you Laura for that update.

Internet Explorer Compatibility with Chrome

wjimenez275 — Thu, 02 Feb 2012 15:19:41 +0000

If you use Chrome as your primary browser, you may have run into an internet page that works best under Internet Explorer, or actually requires Internet Explorer. I ran into this the other day when I was helping someone with a problem they were having in Yahoo Mail, in which the right-click copy/paste function wouldn’t work in Chrome but worked fine in IE. In researching it, I found that this problem has existed for quite a while. A day or so later, I was logging onto a site and it wouldn’t load, only to find out that Chrome wasn’t a supported browser.

The answer to these problems is a Chrome extension that works wonderfully - http://www.ietab.net/home (you’ll also see the link to the Firefox Add-In on this page). With this tool, you right-click on the page to have it rendered in Internet Explorer. When you right click, you’ll see a menu option for “IE Tab Options. Under IE Tab Options, you can set which version of IE you want to emulate, from versions 7 to 9.

Email: Spam, Virus or Clean?

wjimenez275 — Sat, 28 Jan 2012 01:00:34 +0000

Not sure if you’ve noticed, but there are a lot of emails being received that have a few lines of gibberish followed by a hyperlink, and often times a nice motivational quote. Many times, these emails are coming from someone you know. How are these emails getting past the spam and virus filters you have in place? Why isn’t your antivirus program stopping them?

Well, first, most of these emails are coming through as plain text, with no formatting like HTML emails have. Spam filters usually are looking for key words, phrases, or graphics. With these emails, often times there aren’t any “key” words that will trigger the filter. As for the virus, there usually aren’t any attachments, just a hyperlink, again, nothing that will trigger the filter.

The following is a sample of a text based email with normal words and a hyperlink. Also note that it’s not addressed to me but I received it anyway so it must have gone out to a group. Click on the examples that follow to see them full screen. They will open in a new window so when you’re ready to move back to the article, just close the image window.

It’s a lot more difficult getting an HTML formatted email through spam filters but some do get through. The following is an example for comparison sake between an HTML format and Text Only format:

And then there is the email trying to convince you that it’s okay to open the attachment to print or verify the information they’re telling you about in the email. In this case, the email is stating that I paid property tax on property in King County, where ever that is. Since I don’t remember doing that, maybe I should print the document to see what they’re talking about. Well, wouldn’t you? Except for the fact that none of the reference numbers match up, from the payment confirmation to the reference number to the number on the attachment, none match. Notice also that the attachment is zipped. This is a common method of hiding a virus to get it past the filters.

Well, I didn’t open it. It forwarded it on to scan@virustotal.com and in less than 5 minutes, I received the following report. Note that virustotal scanned the file against 40 some antivirus engines and most came back with no virus found…but 4 of them did find something. That was good enough for me. I deleted the email.

I hope this helps clarify those emails you’ve been getting.

Oh, and by-the-way, if you get an email similar to the ones above from a friend, have them change their email program’s password as it’s possible that their email program has been hijacked.

25 “Worst Passwords” of 2011 Revealed – Yahoo! Finance

wjimenez275 — Wed, 23 Nov 2011 06:38:37 +0000

25 “Worst Passwords” of 2011 Revealed – Yahoo! Finance.

If you see your password below, STOP!

Do not finish reading this post and immediately go change your password — before you forget. You will probably make changes in several places since passwords tend to be reused for multiple accounts.

1. password

2. 123456

3.12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passw0rd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

Users report Microsoft Security Essentials removes Google Chrome

wjimenez275 — Fri, 30 Sep 2011 19:07:51 +0000

By Ed Bott | September 30, 2011, 9:14am PDT – Full Article from ZDNet

Summary: Hundreds of users on Google Chrome Help forum this morning reported that Microsoft security products were identifying Chrome as a password-stealing Trojan and removing it. Update: Microsoft acknowledged the issue, posted a fix.

UPDATE, 10:00 AM PDT: Microsoft has identified the problem as being caused by a faulty definition file. This text has been added to the relevant page at the company’s Malware Protection Center:

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update.

PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain Web sites. It allows limited backdoor access and control and may terminate certain security-related processes.

UPDATE 2, 11:15 AM PDT: A Microsoft spokesperson provides the following response via e-mail:

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue – we released an updated signature (1.113.672.0) at 9:57 am PDT – but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.

The response does not provide any guidance for Forefront customers who have been affected by this issue. I’ve also asked for clarification on the “approximately 3,000 customers” figure. If a Forefront installation covering hundreds or thousands of users is counted as a single customer, the actual number of affected PCs could be considerably higher.

Maybe My Password Isn’t As Strong As I Thought It Was

wjimenez275 — Thu, 25 Aug 2011 05:16:35 +0000

For years, we in the computer industry, have been telling people to create cryptic passwords that include upper and lowercase letters, numbers, and special characters. We’ve been saying that if you replace certain characters with others, such as @ instead of “a”, or 3 instead of “E”, or ! instead of l, that chances of getting your password stolen are remote. Well, it would be remote, but with today’s technology, someone trying to break that password would have it figured out in 3 days with 1000 guesses/second, which is probably faster than you trying to remember what the password actually is.

A far better and safer way to create passwords is to string words together. Four random words, such as dogsbakewoodseat, would take 550 years with 1000 guesses/second to break, and would be much easier to remember if you use words that have meaning to you. The reason isn’t so much in the letters you use but is a combination of length as well as content. Most cryptic passwords are shorter than 8 characters because they’re hard enough to remember as is without them being longer. By using the word combination, you can make your passwords long and still be easy to remember.

I still recommend you using a different password for every site so with all of those passwords to try to remember you may want to use a password manager. I recommend RoboForm which allows you to save your passwords to your computer, or to the internet where they’re available just by clicking, when you need to log-in to a site.

If you want to see how safe some of your passwords are, or passwords similar to what you use, try them here, and see how long it would take someone to hack your password.

Fake Antivirus Industry Down, But Not Out — Krebs on Security

wjimenez275 — Thu, 04 Aug 2011 15:58:01 +0000

Fake Antivirus Industry Down, But Not Out — Krebs on Security.

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.

During the past few weeks, some top fake AV promotion programs either disappeared or complained of difficulty in processing credit card transactions for would-be scareware victims: Fake AV brands either ceased operating or alerted affiliates that they may not be paid for current and future installations.

On July 2, BestAV, one of the larger fake AV distribution networks, told affiliates that unforeseen circumstances had conspired to ruin the moneymaking program for everyone.

Google: Your Computer Appears to Be Infected

wjimenez275 — Wed, 20 Jul 2011 03:01:13 +0000

From KrebsOnSecurity

Google last week began warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software.

Google security engineer Damian Menscher said he discovered the monster network of hacked machines while conducting routine maintenance at a Google data center. Menscher said when Google takes a data center off-line, search traffic directed to that center is temporarily stopped. Unexpectedly, Menscher found that a data center recently taken off-line was still receiving thousands of requests per second.

Menscher dug further and discovered the source of the traffic: more than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines. Ironically, the traffic wasn’t search traffic at all: The malware instructed host PCs to periodically ping a specific Google Internet address to check whether the systems were online.

For the rest of the article, please click here

NOTE: Unlike the scareware and fake anti-virus programs that “popup” on your screen, this is a banner notice at the top of your search results. Use your own anti-virus programs to scan your computer as well as programs such as SuperAntiSpyware and Malwarebytes

Windows AntiVirus 2011 or Fake AntiVirus

wjimenez275 — Mon, 13 Jun 2011 00:15:18 +0000

There have been a lot of fake antivirus infections lately. I’m getting several calls a week from people telling me that while they were searching the internet, windows started popping up all over their screen telling them they have viruses, trojans, etc. I used to spend hours cleaning computers with various antivirus programs, but then found that I could do it much quicker by using the following method.

When this problem comes up, I ask what the user has or hasn’t clicked on. What they say next is what determines my next course of action. The way these programs work is that they “offer” to clean up your computer if you buy their software. If you choose not to buy their software, and try to click out of the windows by clicking cancel or the red x to close the window, you’re faced with more windows because these options have been set up to download the fake antivirus program and install it on your computer.

So, what to do when one of these programs shows up on your computer? Don’t panic and start clicking things. Recognize that even though it may look like a legitimate Windows warning, if you have a virus, your own antivirus program will pop up telling you so. What you need to do is to press CTRL-ALT-DEL to bring up the Task Manager and then end the browser process. Once you’ve ended the browser this way, you can safely reopen the browser and continue your surfing.

If, however, you have clicked an option and these windows are just continually taking over your screen, reboot your computer. Just as it starts to come up and you see the opening text on the screen, start pressing the F8 key until you get a menu on the screen. Choose to boot into Safe Mode. The screen will look different from what you’re used to, but that’s okay. Once you are at the desktop, click your start button, bottom left of the screen. Go to Programs, Accessories, System Tools, System Restore. When System Restore comes up, choose to restore your computer to a point prior to when you experienced the problem. This could be earlier that day or even a day or two past.

This will not remove any files or data you have worked on or created in that time period, but will restore your Windows system back to a healthy state. Your computer will reboot once and tell you whether it was restored successfully or not. If it was successful, run a virus scan with your antivirus program, but you should be all set at this point.