Wiz's Computer and Website Security Blog

If you are a website owner, and are thinking about adding another domain name, Dotster.com
is having a one day sale on all new domain registrations of the TLDs: .com, .net, .org, .biz and .us. For the 24 hour period beginning tomorrow, February 28, at 12:01 AM, through 11:59 PM, PST, all new Registrations are only $7.00 for one year! The regular price for these TLD registrations is $14.95/yr. That represents a savings of $7.95 bubba, and that ain't hay! Heck, at that price I'll grab a couple of new domain names and park them on my home page, or add them on to my BlueHost account, since they allow up to 5 additional domains to be hosted under one account, for free.

To grab your $7.00 domain go to Dotster.com
on Feb 28 and use the coupon code: 7domain, when you place the order.

I have more information about Dotster Domain Registratrar on my website. I also have a complete webpage about BlueHost, here.

Dotster is also offering coupon code discounts on a second year of web hosting (7hosting), and on their in-house website design services. Visit Dotster.com
before March 1, 2007, for the details.

Posted by Wiz at 2:10 PM | Permalink

back to top ^

Mozilla.org has released Firefox 2.0.0.2, on February 23, 2007.

If you are not already using Firefox to browse the Internet, what are you waiting for?

What's New in Firefox 2.0.0.2

* Release Date: February 23, 2007
* Security Update: The following list of security issues have been fixed.
* Windows Vista Support: Many enhancements and fixes for Windows Vista are included along with the following caveats.
* New Languages: Beta releases for several new languages are now available for testing.
* Permissions Bug Fixed: In the German (de) locale on Windows and Linux, resolved a problem with certain files tagged as read-only.

Mozilla provides Firefox 2 for Windows, Linux, and Mac OS X in a variety of languages. You can get the latest version of Firefox 2 here.

Mozilla Firefox 2.0.0.2 Release Notes

Fixed in Firefox 2.0.0.2
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Get Firefox here

Known Issues

This list covers some of the known problems with Firefox 2. Please read this before reporting any new bugs.

All Systems

* Window bounces and shakes. There have been reports in Bugzilla and MozillaZine forums of windows either bouncing or shaking when no items are in the toolbar and in other cases. As a workaround, there are some instructions at MozillaZine that can help resolve this problem.
* Some firewall software may silently block Firefox from running. This often happens immediately after Firefox has been installed or updated from a previous version. There are configuration instructions available for most popular firewall programs to help you ensure that Firefox is allowed to connect to the Internet.
* Dictionaries for several locales can't be packaged with the builds, and must be manually downloaded by right-clicking in a text area and selecting "Add Dictionaries..." from the shortcut menu. New dictionaries are regularly being added to Mozilla Add-ons, so if you don't see the particular dictionary you need, check back later.
* When trying to print web pages with text areas, if the text area contains a misspelled word and spell checking is enabled, all the following content of the text area will not be printed. You can right-click in the text area and uncheck "Spell check this field" to turn off spell checking temporarily while you print.
* Access key definitions provided by web pages can now be triggered using Alt+Shift+key on Windows, Ctrl+key on Mac OS X, and Ctrl+Shift+key on Unix.
* The Session Restore functionality provided in Firefox 2 will restore connections to services which use session cookies to maintain login state such as GMail. It is recommended that users with concerns about the privacy implications of this behavior change the value of browser.sessionstore.resume_from_crash to false.
* The option for "Shrink to fit" has been removed in Firefox 2. If you wish to change this from the value you had set in your previous version of Firefox, change the value of browser.enable_automatic_image_resizing.
* To install Firefox on a multi-user system in a location in which users do not have write privileges, Firefox must be run at least once by a privileged user.
* Software Update will not work if Firefox is installed to a location on your disk to which you do not have write access, since Software Update needs to replace or create files in this location.
* Some financial institutions use port 563 for secure logins, which results in an error message. If you encounter this error, make sure that network.security.ports.banned.override includes 563 in the comma-separated list of banned network ports to override.

Windows & Windows Vista

* Clicking links in some applications (e.g. some instant messaging programs) might not open them in Firefox, even if you have set it as your default browser. To workaround this problem, go to Start -> Default Programs -> Set default programs for this computer, expand custom, select the radio button next to the app you want to set as the system wide default app (e.g. Firefox, etc.), and apply.
* Using the context menu (right-clicking on the Firefox icon) to start in Safe Mode, doesn't work. As a workaround, use the "Mozilla Firefox (Safe Mode)" menu item that appears in the Start Menu instead.
* A Windows Media Player (WMP) plugin is not provided with Windows Vista. As a workaround, in order to view Windows Media content, you can follow these instructions. Note that after installing you may have to get a security update and apply it before you can see the content in the browser.
* Vista Parental Controls are not completely honored. In particular, file downloads do not honor Vista's parental control settings. This will be addressed in an upcoming Firefox release.
* When migrating from Internet Explorer 7 to Firefox, cookies and saved form history are not imported.

Mac OS X

* The "Close Other Tabs" action on the shortcut menu of a tab can fail with an error when more than 20 tabs are open.
* Some users have reported problems viewing Macromedia Flash content on Intel Mac computers. To work around this problem, users can remove or move the PowerPC version of "Flash Player Enabler.plugin from /Library/Internet Plug-Ins.
* After installing a new plug-in, Firefox may continue to display information for the older version of the plug-in in about:plugins. If this happens, quit Firefox, delete the "pluginreg.dat" file from your profile folder, and relaunch Firefox.
* Java does not run on Intel Core processors under Rosetta.
* There is no Talkback on Intel-based Macs when running natively or under Rosetta. The Apple Crash report program should launch in the event of application crashes.

Get Firefox here

Posted by Wiz at 1:31 AM | Permalink

back to top ^

Three flawed Windows security and driver updates were released on Patch Tuesday, February 13, and continued through Friday, February 16, 2007. The first one involves a defective "signed" VIA IDE driver update that places most computers into endless reboot cycles. The second involves installing an unnecessary Alps Pointing Device driver, on computers that don't have such a device. The third is a patch for PowerPoint that fails to fix the stated vulnerabilities it is meant to address.

The flawed VIA Primary IDE driver only appeared under optional Hardware Updates, if you ran manual updates, using the Custom Option. I first became aware of the problem on Friday, February 16, when I performed Windows Updates for a client, at his office. The first and second machines to receive updates had the VIA Primary IDE Driver listed under Hardware Updates, so I installed it and rebooted, and rebooted, and rebooted... After the third time I realized that there was a problem with that driver and I used F8 to get to the boot menu, where I selected "Last Known Good Configuration," which succeeded in getting back into Windows. From there I right-clicked on My Computer, selected Properties, then Hardware, then Device Manager > IDE ATA ATAPI Controllers, then rolled-back the VIA Primary Channel IDE driver update to the previous driver, rebooted, and all was well again.

Another one of the Hardware updates seems to have placed an unwanted and unneeded Alps Touchpad/Pointing device driver and icon on the computers that did not have an Alps Touchpad attached to them. Using Device Manager > Mice/Pointing Devices I rolled-back the driver and the touchpad icon and other pointer problems were resolved, after a reboot.

The third problem was just announced via Microsoft Technet, in this security re-release notice: http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx

Microsoft Security Bulletin MS06-058
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Published: October 10, 2006 | Updated: February 21, 2007

Recommendation: Customers should apply the update immediately

Security Update Replacement: This bulletin replaces a prior security update.

Why did Microsoft minor revise this bulletin on February 13, 2006?

Further investigation of CVE-2006-3877 as originally revealed that the update was not effective in removing the vulnerability from affected systems. The Microsoft Security bulletin, MS07-015 has been issued to properly address CVE-2006-3877 and customers should apply the updates in this bulletin immediately.

More information and links to download hotfixes are in the extended entry -->

Affected Software:
• Microsoft Office 2000 Service Pack 3 — Download the update (KB923093)
• Microsoft PowerPoint 2000
• Microsoft Office XP Service Pack 3 — Download the update (KB923092)
• Microsoft PowerPoint 2002
• Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
• Microsoft Office PowerPoint 2003
• Microsoft Office 2004 for Mac
• Microsoft PowerPoint 2004 for Mac - Download the update (KB924999)
• Microsoft Office v. X for Mac
• Microsoft PowerPoint v. X for Mac - Download the update (KB924998)

Full disclosure and details are on this Microsoft Security Bulletin page: http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx

Posted by Wiz at 3:40 PM | Permalink

back to top ^

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

2007-02-21

Keylogger
+ Ghostlogger
+ Perfect Keylogger
++ ZKeyLog

Malware
++ InetLoader
++ MBS.Sexxxpassport
++ MicroBillingSystem
+ Smitfraud-C. (3)
+ Vcodec.eMedia

Spyware
+ Win32.Bancos.zm

Trojan
++ Dropper.Mondo
++ Fake.IKEA-Bill
++ Nurech
++ Nurech.A
++ Nurech.shell.explorer.exe
+ Pinfi.Parite
+ Prorat-D
+ Psyme
++ Tibiabot
++ Win32.Agent.yr
++ Win32.Banbra.fu
++ Win32.Delf.apv
++ Win32.Nilage.abh
+ Win32.Pakes
++ Win32.ProAgent.21
+ Win32.Tactslay
+ Zlob.GoldCodec (2)
+ Zlob.KeyGenerator
+ Zlob.QualityCodec
+ Zlob.SiteTicket
+ Zlob.VideoActiveXObject
+ Zlob.VideoBox

Total: 359510 fingerprints in 60549 rules for 2679 products.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

Viruses, spyware, adware, keyloggers, browser/search hijackers and rootkits all have one thing in common; they require administrator privileges to install themselves into the operating system, or to write to the Local_Machine branch of the Windows Registry. By running with reduced privileges, as a Limited or Power User you are protected against virtually all malware threats that need to install to function. Furthermore, if you run with reduced user privileges your choice of updates will be more limited that if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users, or log onto an Administrator account and re-apply the updates and immunizations. I have posted more information about running with reduced user privileges, here and here.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Posted by Wiz at 11:04 AM | Permalink

back to top ^

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge.

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated. Users of the free version should check for and install the new definitions manually.

Current Definition File:

SE1R154 19.02.2007

Updated definitions:
====================
Adware.BHO(generic)
Dialer +2
FakeAlert
PurityScan
Softomate Toolbar
Win32.Backdoor.Agent +3
Win32.Backdoor.IRCBot +6
Win32.Backdoor.SDBot +3
Win32.Bagle.B +6
Win32.Generic.Worm +4
Win32.Harnig.Trojan +3
Win32.Trojan.Agent +7
Win32.Trojan.Downloader +3
Win32.Trojan.MatrixHasYou +13
Win32.Trojan.Small +2
Win32.TrojanClicker
Win32.TrojanDownloader.Adload +9
Win32.TrojanDownloader.Agent +4
Win32.TrojanDownloader.Banload +8
Win32.TrojanDownloader.Small +12
Win32.TrojanDownloader.VB
Win32.TrojanDropper +6
Win32.TrojanProxy.Agent.dl
Win32.Trojan-PSW.Lineage +40
Win32.TrojanPWS.LdPinch +2
Win32.TrojanPWS.OnlineGames +15
Win32.TrojanPWS.QQPass +23
Win32.TrojanPWS.WOW +6
Win32.TrojanSpy.Banker +24
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Goldun +2
Win32.Worm.Viking +10
WinAD

MD5 checksum is 898a8135ed5461b2caa4030a578d4e8a

You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.de.edgesuite.net/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

See all security program update notices in this catagory

Posted by Wiz at 2:01 AM | Permalink

back to top ^

From AVG Anti Virus: NEWS:

Just a quick note to folks who are using AVG Free anti virus. If you are using version 7.1 it has ceased being supported, effective February 18, 2007. The product will continue to function, but there will be no more virus definition, or program updates. All users of AVG Free are asked to upgrade to the new free version, AVG Free 7.5, available here.

To reiterate, the new version 7.5 is still FREE. If you heard otherwise you were misled. One cause of confusion might be the popup message that has been appearing to users of AVG Free 7.1. It takes you to the AVG commercial website where you are urged to purchase a license for two years for AVG Professional. This is just their way of trying to convert free users into paying customers. There is a link on that sales page to the sister website where the free version can be downloaded.

Important upgrade information
If you were using AVG Free 7.1 and download v7.5, here is how you should perform the installation. Leave AVG 7.1 in place and double click on the setup file for version 7.5. Accept the terms and default install path, clicking on Next until you get to the screen that offers installation options. Choose the "Repair" option and proceed following the prompts to completion. This will keep all of your custom or user settings or vaulted files in place and will upgrade the files to v7.5. If you are worried about over-installing the old version, feel free to uninstall version 7.1, reboot, then install v7.5.

After you upgrade to version 7.5 run a check for updates to the definition files or engine itself. If you have a software firewall you will probably have to allow the AVG updater to connect to the Internet, because the file CRC has changed from the previous allowed version.

One difference I have discovered between version 7.1 and 7.5 is that although not officially supported, version 7.1 would function on Windows Server operating systems, whereas version 7.5 won't allow you to upgrade or install it onto a server edition. You must purchase a license for the server edition if you want to protect a Server O.S. PC.

Posted by Wiz at 4:52 PM | Permalink

back to top ^

The following anti virus and anti spyware programs were updated during this lat week:

Program - - - - - - Date Updated
1. AVG anti-virus: 01/06/07
2. Norton anti-virus: 01/03/07
3. McAfee anti-virus: 01/03/07
4. Lavasoft AdAware SE: 01/04/07
5. Spybot Search and Destroy: 01/05/07
6. Microsoft Windows Defender: 01/05/07

All of the above have manual means of checking for and downloading updates and you are urged to use them regularly. I occasionally post the actual contents of the updates to Spybot and Ad-Aware, so watch for more details soon.

Posted by Wiz at 7:10 PM | Permalink

back to top ^

On January 1, 2007, Apple Inc. received a documented report about a highly critical vulnerability in it's QuickTime Player software. Since QuickTime is a component of Apple iTunes, iTunes installations are also affected by this vulnerability. There is publicly available proof-of-concept code that exploits this vulnerability. More information about the vulnerability can be found here.

On January 23, 2007 Apple Inc. issued a patched update to it's QuickTime Player, here, on the Apple website. However, that downloadable update is only for Mac operating systems. Windows users are instructed to use the Apple Software Update Tool to download the appropriate patched version for Windows, which was supposed to have been installed when they installed QuickTime, or iTunes onto their computers. Unfortunately, this is a selectable option that may not have been selected by all users.

The instructions for Windows users who did not choose to install that software update tool is to uninstall QuickTime and download the latest version, then run the update tool to see if they have obtained the latest version. If the version you downloaded is vulnerable you would be at tremendous risk by using it online, so download it, then immediately check for updates. Another thing to know is that the software updater itself had to be updated in January, 2007, so if you already had it installed you had better check to see if it needs to be updated, before trying to download the patched version of QuickTime. If that sounds confusing, remember that Apple computers and products are touted as being simpler to use than PC's and their software.

Another thing, if you obtained the QuickTime Player with iTunes software, you may need to update it as well.

Regarding iTunes software, there are some serious compatibility issues between iTunes and the new Windows Vista operating system. One problem has to do with permissions granted to the product to run on a Vista equipped PC. Apple has released this information and a patch to address that particular problem. The following issues remain unfixed at this time, but both Apple and Microsoft are working hard to resolve them as soon as feasible.

Some currently known compatibility issues with iTunes 7.0.2 and earlier versions include:

• iTunes Store purchases may not play when upgrading to Windows Vista from Windows 2000 or XP.


• iPod models with the "Enable Disk Use" option turned off may be unable to update or restore iPod software, and make changes to iPod settings.


• iPod models configured to Auto Sync and have the "Enable Disk Use" option turned off may require being ejected and reconnected to resync.


• Ejecting an iPod from the Windows System Tray using the "Safely Remove Hardware" feature may corrupt your iPod. To always safely eject an iPod, choose Eject iPod from the Controls menu within iTunes.


• Cover Flow animation may be slower than expected.


• Contacts and calendars will not sync with iPod.

Posted by Wiz at 5:31 PM | Permalink

back to top ^