Wednesday, September 15, 2010
Blog coming alive again- Secondary Education is finished
If you noticed that my blog has died for the past 6-7 months, its because I was in my final year of secondary education education. Now, thats all the past. This blog is revived (for another 3 months)!
Saturday, September 11, 2010
Diversity? Can it be an improved security measure?
Diversity is a commonly given advice to investors. "Don't put all your eggs in the same basket." "Diversity is key to a investor's profile." "Diversity lowers the risk of investing."
But, can this principle be also applied to computer security? Antivirus software or suites are never perfect.
I know that there are extremely loyal (some people "fanboys") people that always stick to the same antivirus solution as they believe it works. I also hear a lot of stories where somebody has used an antivirus solution (Antivirus A) and changed to a different antivirus solution (Antivirus B) and discovered that they had a trojan. From that point on, the individual swore to themselves never to change from antivirus B ever again.
What I believe that the mere act of changing antiviruses was the important thing. By changing antivirus, the individual was able to detect malicious software present on your computer.
My recommendations
So my recommendation is for the individuals to
But, can this principle be also applied to computer security? Antivirus software or suites are never perfect.
I know that there are extremely loyal (some people "fanboys") people that always stick to the same antivirus solution as they believe it works. I also hear a lot of stories where somebody has used an antivirus solution (Antivirus A) and changed to a different antivirus solution (Antivirus B) and discovered that they had a trojan. From that point on, the individual swore to themselves never to change from antivirus B ever again.
What I believe that the mere act of changing antiviruses was the important thing. By changing antivirus, the individual was able to detect malicious software present on your computer.
My recommendations
So my recommendation is for the individuals to
- change antivirus from time to time (but not get overly obsessed).
- reconsider before renewing their antivirus subscription and instead consider another antivirus (after of course doing some research)
- run a free online scan from time to time (eg: Panda ActiveScan 2.0, Trend Micro Housecall, Kaspersky Online Scanner)
If you are using a free antivirus solution, are about to your antivirus/internet security subscription is about to expire, consider another free antivirus solution or a free antivirus trial (which is a good way to decide whether an antivirus solution is for you).
Recommended antiviruses/internet suites off the top of my head:
- AVG (there is a free for personal use version)
- Avast! (there is a free and a commercial version)
- Norton (Symantec) (apparently the programs don't lag your computer much these days)
- Microsoft Security Essentials (tried it, pretty simple interface, not sure about effectiveness)
- Eset (really fast antivirus! I've used the 2005 version before)
- Trend Micro (by the way, it was my first antivirus I ever used! Brilliant program back in the day... maybe it still is)
Thursday, September 9, 2010
LOL is that you in this picture? Koobface virus removal instructions for windows XP/ME
This is the message my friend got on his facebook. Its a facebook virus. I removed it for my friend and just wanted post some details for those interested. (BTW, I know the instructions are not formatted very well).
There is a virus that commonly affects facebook users called the "Koobface". It spams links and tries to trick people in downloading their "flash player update" called ''flash_player.exe". This is the mechanism that is used to infect individuals.
Removing the virus for Windows XP (print off instructions before proceeding)
Windows XP
From Microsoft Help Website, to do this:
2. Remove start up entries.
1. Click start --> run.
2. Type in "regedit" without quotes
3. Browse through the left hand pane:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>
Run
4. Delete the entry:
sysftray = "%Windows%\fbtre6.exe"
5. Close the regedit.
3. Remove the following files by using the windows search function. Press windows key +F. Input the following into the search input box.
5. Restart computer.
6. Run an antivirus of your choice. If no antivirus has been installed on the computer, use a free online virus scan. My recommendations:
Random Info That May Be Useful
McAfee: As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup. This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.
There is a virus that commonly affects facebook users called the "Koobface". It spams links and tries to trick people in downloading their "flash player update" called ''flash_player.exe". This is the mechanism that is used to infect individuals.
Removing the virus for Windows XP (print off instructions before proceeding)
Windows XP
- Disable system restore- This step is essential in enabling an antivirus to fully scan your computer.
2. Restart in safe mode.
- Click Start, right-click My Computer, and then click Properties.
- In the System Properties dialog box, click the System Restore tab.
- Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
- Click OK.
- When you receive the following message, click Yes to confirm that you want to turn off System Restore:After a few moments, the System Properties dialog box closes.
From Microsoft Help Website, to do this:
| 1. | You should print these instructions before continuing. They will not be available after you shut your computer down in step 2. |
| 2. | Click Start and then click Shut Down. |
| 3. | In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK. |
| 4. | As your computer restarts but before Windows launches, press F8. On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears. |
| 5. | Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER. |
2. Remove start up entries.
1. Click start --> run.
2. Type in "regedit" without quotes
3. Browse through the left hand pane:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>
Run
4. Delete the entry:
sysftray = "%Windows%\fbtre6.exe"
5. Close the regedit.
3. Remove the following files by using the windows search function. Press windows key +F. Input the following into the search input box.
- %Windows%\fmark2.dat
- %System Root%\5465465465463.BAT
5. Restart computer.
6. Run an antivirus of your choice. If no antivirus has been installed on the computer, use a free online virus scan. My recommendations:
Random Info That May Be Useful
McAfee: As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup. This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.
Friday, August 27, 2010
Stupidonkey.com: IQ test
I always wanted to know why people like to advertise online IQ tests through internet ads, so I tried one. It was from a site called stupidonkey.com.
Wow! Notice, the terms and conditions:
 |
| a screenshot of the website just before I submitted my information |
Did you enter valid information?
Yes, the information that I have entered is valid and I am 18 yeas or older or I have permission of my parents or guardian and I have checked if my mobile phone supports WAP and I have enabled WAP and I accept the costs of 17.50 AUD per week and I accept the terms and conditions.
Gosh! "I accept the costs of 17.50 AUD per week". That must be an extremely accurate IQ test. Also, an interesting thing is it charges weekly. Do people like taking IQ tests every week? Does IQ change that much in a short interval of time?
I had too much time on my hands.
Note: for people that got suck in, well, I guess its bad luck. I doubt you can get your money back, but the according to the provider's terms and conditions, you can cancel the service and stop paying weekly fees:
Provider allows the user the possibility to interrupt the flow of information received via the SMS service. We offer you information on the Sites that correspond with the Service and/or via the SMS service. Also, in the free welcome message from Provider you will find information on how to cancel the Service. Generally, information received via the SMS service can be interrupted by sending an SMS message with the word STOP. You can send this message to the abbreviated number (the short code) you used for entry. For example you can send the message STOP to the applicable short code and cancellation shall become effective immediately upon receipt of termination request. See for more details the Specific Terms, the landing page of the Site and/or click the flag for your country. Charges may still appear on your mobile phone bill the following month as carriers bill retrospectively. At its own discretion, Provider may, without prior notice to you, suspend or terminate use of the Service by you and destroy and remove Registered Information within the Service for any reason. You agree that Provider may erase or deactivate your account and all information connected with it as well as any lists or files contained by it without delay, and/or deny you further access to the Service.
Saturday, June 19, 2010
Quickcashkit.net automated agents
I accidently clicked an banner on a website and was sent to the site where I browsed around and eventually was brought to a site: Quickcashkit.net (Conclusion: I reckon its a scam. Its my opinion but I warn those interested to proceed with caution).
Anyway, when I was about to leave, a window popped up where I could chat with a (supposedly) live agent. I decided to play along and found out that it was an automated computer (too bad). Here is the log so you can see:
My guess is that the automated computer agent responds to words like "real person" and "credit card" and gives an automated response.
Anyway, when I was about to leave, a window popped up where I could chat with a (supposedly) live agent. I decided to play along and found out that it was an automated computer (too bad). Here is the log so you can see:
Summer Says:Hey Wait! Before you go, I should make you aware that there's now just 4 places left in your area (estimated to be gone in 2 minutes). If you CLICK HERE I have secured a position for you.
Summer Says:When you are ready just type 'Hi' to let me know you're there....
You:Hi
Summer Says:Hi thanks for visiting QuickCashKit.net today!
Summer Says:We now only have 3 positions left, one just went, so you must act fast, so would you like to get started earning money online?
Summer Says:Just CLICK HERE to go straight to the join page as I have secured your position for the next 5 minutes.
You:Do I have to enter my credit card
Summer Says:We only accept Visa, Mastercard, American Express, and Discovery card as payment.
You:Are you a real person
Summer Says:I am a live virtual agent
Summer Says:So do you want to take advantage of this great limited time offer?
You:credit card
Summer Says:We only accept Visa, Mastercard, American Express, and Discovery card as payment.
Summer Says:You will receive your own automated money making website which will earn you commission 24/7, so you dont need to know anything about the internet.
You:real person
Summer Says:I am a live virtual agent
Summer Says:So do you want to take advantage of this great limited time offer?
You:scam
Summer Says:This is definitely not a con or scam, this is a legitimate home business opportunity.
Summer Says:We will supply you with all the tools you need to make money online, all you need to do is follow the methods and apply the techniques.
You:real person
Summer Says:I am a live virtual agent
Summer Says:So do you want to take advantage of this great limited time offer?
My guess is that the automated computer agent responds to words like "real person" and "credit card" and gives an automated response.
Saturday, April 17, 2010
Types of attacks
From Microsoft Encyclopedia of Security (direct quote)
Types of attacks
Access attacks: The intruder tries to gain access to resources on your network by exploiting flaws in software such as buffer overflows and information leakage and by elevating the intruder’s privileges to execute arbitrary code.
Denial of service (DoS) attacks: The intruder tries to deny legitimate users access to resources on your network.
Reconnaissance attacks: The intruder ties to map your network services in order to exploit vulnerabilities detected.
Effects on systems being attacked
Active attacks: These involve trying to modify data either during transmission or while stored on the target system. Examples include inserting backdoors and Trojans, deleting or modifying log files, disrupting services or communication, and so on.
Passive attacks: The goal here is not to modify the target system but rather to capture data being transmitted by eavesdropping or by using a packet sniffer in order to obtain sensitive or confidential information such as passwords or credit card numbers. Passive attacks are also used for capturing information that can help the attacker create a map of the target network’s hosts and services, which
usually forms the preamble of an active attack.
Saturday, April 10, 2010
Salient Ads
I seem to be getting many emails from a company called Salient Ads. They are a email advertising company. It follows the format, where the email contains a link advertising a service with image promoting the service.
So if you receive any of these emails below, it probably is because a company you have given your email to has sold you out and I do not recommend you get caught up in the hype of the email. I do not know the sender and you probably don't too.
Example of spam emails
Email: College Loans (FinancialAid@largeperiod.com)
Subject: Education is expensive. Get a student loan now.
Message: Student loans help finance further study.
Email: LearnAccounting (AccountingSchools@chrismaspeace.com)
Subject: A Chance To Switch Careers
Do your own taxes and charge others
Email: GI Bill Express (MilitaryBenefits@mysnowballfight.com)
Subject: Legislative Alert for the Military
Message: Legislative Alert for the Military
Email: Cash Department (Loans@first9949.com)
Subject: Quick Loans! Up to $500 in 1hr! Approval in minutes!
Message: Up to $500 in hour..approval in minutes!
It supposedly not spam messages, because it states at the bottom of each email: "You are receiving this advertisment because you have opted-in to receive third-party marketing messages If you do not want to receive this type of emails from us, please unsubscribe here.
Salient Ads Ltd: 8171 Yonge Street Suite 136, Thornhill ON, L3T 2C6, Canada"
Salient Ads is an online marketing company and you can opt out there email service by clicking the link at the bottom of the email or by visiting their website.
So if you receive any of these emails below, it probably is because a company you have given your email to has sold you out and I do not recommend you get caught up in the hype of the email. I do not know the sender and you probably don't too.
Example of spam emails
Email: College Loans (FinancialAid@largeperiod.com)
Subject: Education is expensive. Get a student loan now.
Message: Student loans help finance further study.
Email: LearnAccounting (AccountingSchools@chrismaspeace.com)
Subject: A Chance To Switch Careers
Do your own taxes and charge others
Email: GI Bill Express (MilitaryBenefits@mysnowballfight.com)
Subject: Legislative Alert for the Military
Message: Legislative Alert for the Military
Email: Cash Department (Loans@first9949.com)
Subject: Quick Loans! Up to $500 in 1hr! Approval in minutes!
Message: Up to $500 in hour..approval in minutes!
It supposedly not spam messages, because it states at the bottom of each email: "You are receiving this advertisment because you have opted-in to receive third-party marketing messages If you do not want to receive this type of emails from us, please unsubscribe here.
Salient Ads Ltd: 8171 Yonge Street Suite 136, Thornhill ON, L3T 2C6, Canada"
Salient Ads is an online marketing company and you can opt out there email service by clicking the link at the bottom of the email or by visiting their website.
Subscribe to:
Posts (Atom)