Mozilla Firefox latest version taken offline

Firefox logoMozilla’s latest version of the popular alternative to Microsoft’s Internet Explorer has been taken offline for download due to a vulnerability found in the browser that could allow an attacker to gain access to your pc.

“The latest version of Mozilla’s Firefox browser has been taken offline after a security vulnerability was discovered.

Users who had upgraded to version 16 were advised to downgrade to the previous safe release until Firefox developers released a fix.

The vulnerability allowed “a malicious site to potentially determine which websites users have visited”, Mozilla said.

The non-profit company said that only a “limited number of users are affected”.

The download had been taken offline within a day of its initial release, the organisation’s UK spokesman said.

Some users were upgraded automatically to the new version, but are now being advised to uninstall the updates.”

Those using the latest version 16 of the browser are advised to downgrade to the previous version HERE or in my mind use an alternative as in Internet Explorer.

I will say that these days no browser is safe and issues like these are common place, we as the user just need to make sure we keep our Windows version and all software up to date and safe surf.

 

Full article from BBC News HERE

US House passes the Cispa Cyber-security bill

Cyber SecurityThe US House of Representatives passed the un-welcome Cyber-Security Bill yesterday, I do see that the White House wanted to veto this but didn’t. This topic is a hot one not only in computing circles but in that of privacy advocacy groups also.

“The US House of Representatives has passed a cyber-security bill amid a veto threat from President Barack Obama. The Cyber Intelligence Sharing and Protection Act (Cispa), would allow the government to access web users’ private data on suspicion of a cyber threat.

It would also allow easier information-sharing between security agencies and private web firms.

Advocacy groups claim that it is aimed at file-sharers rather than hackers.

They also raised concerns about the transparency of the act.”

I agree with the advocacy groups in the above quote in that this is a dangerous president to make as while Law Makers will state that this will only be used for cyber-threats. I personally just don’t believe them 100%. As soon as this is a law, then there is scope for someone to twist the rules and use the key to accessing a persons data when there are no cyber or terrorist threat.

We are in the UK going through the very same at present with The Houses of Parliament and Lords debating a snooping law that would allow the Security Services (Mi5 and SIS) to albeit with due cause to access a persons digital data. It comes to you having to step back a bit once of the creators of the modern internet and fellow Brit, Tim Berners-Lee has also spoken out against the UK Gov going down this route.

Although this debate is not new to the UK as back in 2009 the then in power Labour government debated the same.

 

Do please let me know your thoughts on this topic.

 

Read the full article at BBC News HERE

Microsoft Free eBook on Security and Privacy for Office 2010 Users

imageThese days security is on almost everyone’s mind, especially if you work in industry or for a Government agency (I work in the UK Health Service “NHS”)or even a security conscious home user.

With all the sensitive documents you may have to create be they industrial ideas or research work, at times we overlook the security aspect of a Word or Excel file, it may contain very sensitive or secret data.

So to help secure our documents Microsoft Press have released for FREE yes FREE to download the fantastic book by Mitch Tullock (a well respected Microsoft MVP in Windows Administration) on Security and Privacy for Microsoft Office 2010 Users.

“Take control—and put the built-in security and privacy features in Microsoft Office to work! Whether downloading documents, publishing a presentation, or collaborating online—this guide offers concise, how-to guidance and best practices to help protect your documents and your ideas.

• Get practical, proactive guidance for using the security and privacy management features in Office 2010 and Office 365

• Walk through everyday scenarios, and discover everyday techniques that help you take charge

• Understand common risks and learn best practices you can apply right away”

The book covers many aspects of “Why should you care” to “Encrypting a Document”, the chapters are laid out clear and simple that anyone who uses Office 2010 should be able to follow.

image image

The book has great images (samples above) to go along with the steps for each topic, I’m a great fan of using images to help describe a step by step guide. I think this book is a well worth download for any user of Office 2010, be you a corporate or home user.

Read the rest of the article and download the free eBook at Microsoft Press HERE

Microsoft Security Report highlights Conficker Worm alive and well

The Conficker worm malware infection has been a real pest for a while now and Microsoft have released their latest security report (July – December 2011) highlighting how many times this malware variant was detected worldwide.

image

“Microsoft Corp. today released the Microsoft Security Intelligence Report volume 12 (.pdf file), which found that the Conficker worm was detected approximately 220 million times worldwide in the past two and a half years, making it one of the biggest ongoing threats to enterprises. The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.

According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and 8 percent of infections exploited vulnerabilities for which a security update exists.

“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”

As I will always stat is that you need to use an Antivirus application, it can be any of the major brands free solutions, but do use one (Microsoft have released the updated Security Essentials 4.0 this week, and you can download it HERE) and keep it updated. Keep your Windows OS fully up to date and be weary on what sites you are viewing and downloading from, if in doubt, check a sites reputation with the likes of WOT.

 

Read the full article at Microsoft News Centre HERE

Old Hard Drive’s and left over data

Hard DriveSome new information out today from the UK Information Commissioner’s Office (ICO) in that they found out of the Hard Disks that they tested, about 11% still held data on them and a lot of this data was personal/private information about a person. This data if pieced together from other data on a Hard Drive about a person, could actually help a criminal create a bogus identification (ID).

“One in 10 second-hand hard drives still contain the original user’s personal information, suggests an investigation by the UK’s Information Commissioner’s Office (ICO).

It purchased devices from auction sites such as eBay and computer fairs.

Of the 200 hard disks collected, 11% contained personal information.

At least two of the drives had enough information to enable someone to steal the former owners’ identities, the watchdog said”

Read full article at BBC Technology News HERE and the Information Commissioners Office (ICO) information on data issues and destruction HERE

My Suggestions

However we do have a few options here, in that you can securely erase any deleted or specific folder locations on your daily production/used PC or if you are selling your PC or are RMAing you can erase the whole Hard Disk Drive (HDD) so that  no data can be recovered by conventional data recovery means.

Disposing of or Dead HDD

If you have a dead HDD or are just disposing of a HDD then you can do two things depending on if you can access the HDD, if you cannot access then HDD then I would get a good power drill and tungsten bit and drill through the HDD, this should damage the platters that hold the data. Warning is that this is a potential dangerous task, so use any protective clothing you can (goggles, protective gloves etc. or get someone else who is handy with tools to do this.

If you have access to the HD then you can use a drive erasing tool such as Secure Erase to erase the HDD securely, but do note that the best erase methods as in “7 pass secure erase” will take some hours to run its course, depending on size of HDD, plus these methods need a little bit of tech knowledge as you will need to either know command line or how to create a boot disk.

Some may say you can also if you have access to a high powered magnet, run it over the HDD and this will corrupt the data, but not everyone has access to these magnets. (thought I would throw this one in as a random)

Current PC you are still using

At times we all have personal or sensitive data we delete and think that it’s gone, but sadly the normal delete in Windows does not securely delete this data, it can be recovered (if not overwritten by new data, as deleted data is only flagged as delete and not actually deleted) by a wide range of free Data Recovery Software.

So what you can use to securely delete the deleted data is something like CCleaner as it has a secure delete option build in, just needs to be setup. Start by downloading and installing CCleaner from Majorgeeks (do also have a video guide on the site on how to use all the functions of CCleaner) or Piriform.

Once installed and run, click Options > Settings and in the Secure Deletion settings click “secure file deletion (slower) and choose at least “7 Passes” option, the “35 Passes” option will take many more hours than 7 Passes to complete.

    • 7 Passes is the U.S. DoD 5220 method
    • 35 passes is the Peter Gutmann method

CCleaner SE01

Then once set to the option you want, just click Cleaner menu option and Run, then this will securely deletewipe any files you have deleted as well as removing Internet History, Temp files etc, so do watch the Majorgeeks video guide to help with settings.

You can also with CCleaner if you add the old or due to be sold as 2nd hand HDD as a slave option in a Desktop PC, then run the Drive Wiper option in CCleaner, found by clicking Tools > Drive Wiper and once chosen an option Wipe.

CCleaner SE02

There are other applications both free and retail that can securely erase data, and I have only covered a few methods, so please feel free in the comments section to tell us your own methods or applications used.

WARNING – Secure data deletion is permanent so be very sure that the data you want erased is not needed. Always create backups of your data on external devices just in case of accidental deletion as well as hardware failure.

Apple developing a fix tool for the Flashback Trojan

Mac MalwareAs I reported last week Apple OSX and likely more than 600K users have been affected by a Trojan (a Trojan is a form of Malware). Apple are working on a fix tool to allow users to remove this Trojan.

“Apple has said it is developing a tool to “detect and remove” a Trojan that is said to have infected more than half a million Mac computers.

It said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware.

In a message posted on Apple’s website’s support section, the company said it had fixed a “Java security flaw for systems running OS X v10.7 and Mac OS X v10.6″.

It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.”

While this is a great to hear from Apple, it now shows something that has long been known in tech circles that Apple and in some respect neither is Linux Operating Systems (OS) immune from malware that has plagued Microsoft Windows for many years, these other OS’s are becoming popular now so malware writers are targeting them.

In part its due to Microsoft’s newer Windows versions (Windows 7 and 8) as well as Internet Explorer becoming more secure, they are by no means immune as in the main its the user that is the major cause of malware on a PC.

Read full article at BBC Technology News HERE

UPDATE 13/04/2012

The fix is available now and KB Article HERE and download HERE

Tech Support Phone Scams

Scam AlertToday I was reminded of the scams that can go around and the tech support one is one of the most commonly used ones and is sadly still used today!

So things to look out for….

Do not  trust unsolicited calls, do not province any personal information.                                                                                                                             

Here are some of the organizations that cybercriminals claim to be from:

  • Windows Helpdesk
  • Windows Service Center
  • Microsoft Tech Support
  • Microsoft Support
  • Windows Technical Department Support Group
  • Microsoft Research and Development Team (Microsoft R & D Team)

More information HERE

Microsoft to start Automatic Updates for IE in Windows XP, Vista and 7

ie_logoIn January of 2012 Microsoft will start pushing out updates for the aforementioned Windows Operating System versions, who’s users may have an older version of Internet Explorer (IE), this update will move you to the latest for your Windows version as XP cannot run IE9, so likely if you are running IE6 you will update to IE8.

Those users or corporate customers who have run the tool to deny any update in IE will have this option respected and you should not be updated to the latest version.

Today we are sharing our plan to automatically upgrade Windows customers to the latest version of Internet Explorer available for their PC. This is an important step in helping to move the Web forward. We will start in January for customers in Australia and Brazil who have turned on automatic updating via Windows Update. Similar to our release of IE9 earlier this year, we will take a measured approach, scaling up over time.

As always, when upgrading from one version of Internet Explorer to the next through Windows Update, the user’s home page, search provider, and default browser remains unchanged.

Good for Consumers, Developers and Enterprises

The Web overall is better – and safer – when more people run the most up-to-date browser. Our goal is to make sure that Windows customers have the most up-to-date and safest browsing experience possible, with the best protections against malicious software such as malware.

For consumers, the safety benefits are one of the key reasons that the industry has been moving towards automatic updates as the norm. This is increasingly important since the biggest online threat these days is socially engineered malware, which typically targets outdated software like Web browsers. The latest Microsoft Security Intelligence Report, which is based on data from over 600 million systems in over 100 countries, is good reading to give you a sense of risks that stem from outdated software.

We want to make updating to the best protection possible as fast and simple as we can for Windows customers. IE is how millions of Windows customers connect to the Web, so keeping that part of Windows updated at all times is critical to keeping them safe online. With automatic updates enabled through Windows Update, customers can receive IE9 and future versions of Internet Explorer seamlessly without any “update fatigue” issues.

I have to agree with many of the points raised in the post and the quotes from other sources in that keep your browser or even PC and all its software up to date is the best security option you can use, anything out of date is a risk.

Full information HERE from Ryan Gavin, General Manager, Internet Explorer Business and Marketing and Microsoft.

Can you spot a Phishing website?

Privacy 001Are you a Phishing Ninja or a Phishing Pole?  well in this day and cyber-age it has become a very major issue in that criminal gangs now find it much easier to try and steal your personal information to allow access to your Bank account etc. than to come rob your home.

Phishing is one such way that they try this and at times if you are unsuspecting or a novice to the perils of the internet age this can be very difficult to know if a website is real or not.

OpenDNS have a quick test to see if you can spot the Phishing (fake) from the Real website of many a company you may use. Click the link below to take the test.

OpenDNS Phishing Quiz

Here is my result below, yeah I’m a sneeky silent Ninja!! 

me_ninja

but then I do have knowledge of what Phishing websites look like and how to tell them apart from genuine sites, a few tips are below.

  • Your bank, Financial, Shopping sites will not send you emails asking for you to verify or re-enter your username or password.
  • Companies like Microsoft will not email you to say your PC is not up to date or has malware/virus.
  • Check the website address in and email by hovering over it with your mouse and if its not the same as your normal websites then its not real, and if its in the form of an IP address (123.123.123.123) as an example then defiantly do not click.
  • Check the email address that sent you this email, is it actually from the company or not, as an example this is one I was sent from the US Internal Revenue Service (IRS) today.

phish1

Note that the email address in the senders position is not the same as the one to reply too, which looks genuine but is not, so if you do get one of these emails but are a non-US citizen then delete, if you are a US citizen its worth letting the actual phishing side of the IRS know and email is HERE on this page.

So best practice is to double check any emails that are asking for finance details and user name and passwords via phone, in person or to the actual companies fraud, phishing customer service dept.

More info on how to spot a Phishing attempt from Microsoft HERE

Anonymous vs Sony

hackerI maybe completely wrong but I have some suspicions on this latest spat between Sony and the hacker collective “anonymous” in that its a bit co-incidental that anonymous have gained the blame, is this an easy scapegoat do to their past history?

“Online vigilante group Anonymous has denied being behind an attack that led to the theft of personal data from around 77 million PlayStation users.

The secretive “hacker collective” had earlier been singled-out by Sony as the possible guilty party.

But a posting on Anonymous’ blog said: “Let’s be clear, we are legion, but it wasn’t us. You are incompetent Sony.”

The electronics giant has offered compensation to users who suffer fraud as a result of the theft.

Earlier this week, Sony sent a letter to the US Congress accusing Anonymous of being involved in the attack.”

I have seen in the past 6 months companies loosing what is supposed to be secure data left right and center, Epsilon is one notable one that I have had emails from companies that use this marketing company that my email address was potentially taken in a hack on their servers, this should really not happen if measures are in place and up to date. Yes you will never stop the concerted hacker from penetrating your servers in time, but we just seem to be of late seeing companies leaking data too much and I’m happy to see the Information Commissioners Office (ICO) investigating HERE if Sony have broken what is quite tough data protection laws we have in the UK.

Full article at BBC Technology News HERE