Tag Archives: Security

Windows Defender

Microsoft used to have a beta version of Microsoft Antispyware that worked quite well. When I moved to Windows x64, I stopped using it because it wasn’t compatible. Now Microsoft has released Windows Defender, essentially beta 2 of the antispyware software.

Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it’s detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.

I don’t really need to use antispyware software but a lot of people I know need to. So you should probably upgrade to this latest version. It updates itself automatically, can run nightly scans, etc, etc. Just make sure you have a legal version of Windows as this can only be downloaded after you’ve passed the  Genuine Advantage test.

Lord of War

I just finished watching the moviesmovie Lord of War. I must say, I quite enjoyed it. Nicholas Cage portraits an arms dealer and the story is told from his perspective, recounting past events. It’s entertaining and has a morale to the story. The credits show the top 5 arms dealers in the world, which incidentally happen to be the 5 permanent members of the UN security council. Hmmm.

This film charts the rise and fall of Yuri Orlov, from his early days in the early 1980s in Little Odessa, selling guns to mobsters in his local neighbourhood, through to his ascension through the decade of excess and indulgence into the early 90s, where he forms a business partnership with an African warlord and his psychotic son. The film also charts his relationship through the years with his younger brother, his marriage to a famous model, his relentless pursuit by a determined federal agent and his inner demons that sway between his drive for success and the immorality of what he does.

I highly recommend watching this movie, it’s worth the $5 of rental, or maybe even the price of the DVD.

[rate 4.5]

2GB Swiss Army Knife

Swissbit bumps their knives to 2GB – Engadget

Now this is a cool swiss knife. I want one. Probably pretty expensive though and just another one of those things that ends up in my nightstand drawer and then keeps me from opening it when it gets stuck behind the ledge and that really pisses me off and… well… it is shiny.

They’re including the usual scissors, knife, nail file, and screw driver on the rubyRED and retroALOX versions, while the rubyRED version — which is looking a tad chubby these days — also adds a ballpoint pen and an LED light for extra geek cred. You can even pop out the drive part for flying, since the TSA isn’t so hot on knives these days, or just make a run for it at the security gate and see how far you get.

The Windows MetaFile Backdoor?

Steve Gibson, well-known security expert, has taken a closer look at the recent Windows MetaFile (WMF) vulnerability that has since been fixed by Microsoft. Expecting to find another Microsoft “coding error” he instead found something that seemed to be deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution “backdoor”. In the Security Now! podcasts he says several times that this was no coding mistake or bug but rather an intentional feature of Windows. So maybe some of those “Microsoft is evil” folks out there were right because if this is true, Microsoft has had a way to remotely execute arbitrary code in your machine without your knowledge.

WMF Exploit Fix

Turns out that there’s been a pretty gross exploit discovered in all versions of Windows that allows a corrupted image file to run arbitraty code on the user’s system. In other words, that nude picture of Jessica Alba may be deleting your harddrive and charging tattoos to your credit card! See the link below for a fix.

Security Now! Notes for Episode #20
It would seem that we can be pretty certain that Microsoft will have this WMF vulnerability mess cleaned up shortly. Microsoft’s cryptographically signed and authentic (though perhaps not final), security update addressing this vulnerability has prematurely leaked onto the Internet.

As expected, Ilfak’s WMF vulnerability suppression patch, and his WMF vulnerability testing utility, both interact smoothly and seamlessly with Microsoft’s forthcoming official security update. Ilfak’s code can be left running while installing Microsoft’s security update, then safely removed forever once the system has rebooted from the update.

Also, Ilfak’s vulnerability tester properly recognizes the system’s true WMF vulnerability condition under every combination of patch installations (either Ilfak’s, Microsoft’s, both, or neither). So, you may use Ilfak’s solutions with confidence while Microsoft completes their extensive compatibility and regression testing for this forthcoming security update. Once the update is ready, install Microsoft’s update, then safely remove Ilfak’s patcher.

Terrorists clone phones

Canadian telecom service provider Rogers Communications has been the victim of numerous number-cloning operations by the terrorist group Hezbollah — in which even the phone number of CEO Ted Rogers was “borrowed� — but steadfastly refused to address consumer complaints about the problem, insisting that customers were liable for outsized bills. However, all that changed after aggrieved consumer (and law professor) Susan Drummond — who was stuck with a bill for over $10,000 for calls to countries such as Libya, Pakistan, Russia and Syria — recorded comments made by a Rogers security exec, who admitted that the company had suffered cloning problems at the hands of Hezbollah going back as far as 1997. Drummond took the company to small-claims court, publicized the incident, and eventually received a public apology from CEO Rogers himself. At least we think it was Rogers. After all, it could have been Sheik Hassan Nasrallah running up the CEO’s bill one more time.cellphone

More.

Mini-golf courses are terrorist targets

Local officials said Thursday they were shocked to learn that Emerald Hills Golfland, a three-acre theme park with two miniature golf courses, had been placed on a Homeland Security watch list.

“The moment we realized it was on the list, it was taken off,” said San Jose police officer Rubens Dalaison, who handles “critical infrastructure assessment” for the department. “I myself took it off.”Funny

Why do people still use IE?

Here’s another reason why:

Unpatched IE Flaw Is Worse Than Expected

By Larry Loeb

November 28, 2005

Last week was shortened by the Thanksgiving holiday, and it seemed the malware guys took it off as well. There was not much going on of recent origin, and the biggest blip on the security radar was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared.The realization caused Secunia to issue a rare “Extremely Critical” advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code.