protonic.blog

As a former National Security Agency (NSA) director, Retired Gen. Michael Hayden has seen first hand the realities of cyber-warfare.

During his keynote speech at the Black Hat security conference in Las Vegas, Hayden discussed those realities, underscoring the importance of clearly defining what cyber-war really is.

The question of what constitutes a cyber-attack and how the nation should respond has become an open topic of discussion during the Obama administration, which declared cyber-security a national security priority in 2009. But between reports of targeted attacks against smart grids and the disclosure of documents about the war in Afghanistan on WikiLeaks show, the line between cyber-espionage, attacks and other activities can sometimes be difficult to draw.

Click here to read more about this frightening threat.

People are still not understanding that their lives on social networks affects their ability to get a job and keep the job. Just because we CAN say anything doesn’t mean we SHOULD.
Click here to read more.

For many people, a search engine is their window on the world. The search engine not only knows the web pages you visit, but also the blogs you read, where your friends are, and possibly even what you friends and family look like if you use sites like Picassa and Photobucket.

However, search engines may even know what you want.

Click here to read more.

Microsoft is releasing its third “platform preview” of Internet Explorer 9, which will give web developers and designers a preview of the new technologies coming in the next version of its browser. It will be available for download on the IE9 Test Drive site, but Internet Explorer Platform Preview requires that you have Windows Vista or Windows 7 installed on your computer..

Click here to try the demos.

Are you becoming more impatient with traffic jams and slow Internet speeds?

Click here to read about this disturbing trend.

Macintosh computers are not as popular as Windows, but you might want to consider adding a Mac to your life.

Click here to read what happened to this Mac user who decided to use his wife’s Windows computer to log into his company’s bank account.

If you have copied any sensitive documents lately there is a possibility that those documents still exist on the hard drive inside the copier you used. A CBS News team bought up some used copiers; they reported all kinds of personal data stored within. The Federal Trade Commission has verified that this is a real problem for businesses.

Click here to read about the five common mistakes businesses make that compromise printer security:

Security researchers at Matousec.com have come up with an ingenious attack that can bypass every Windows security product tested and allow malicious code to make its way to your computer. As you can see the list is very long!

Click here for more information.

Gadget site uncovers simple way to force other users to follow you, even big movie and TV stars, but Twitter staffers rush out a fix to the weakness in the system. MORE

“According to various reports, in the past few days a number of websites created using WordPress have been hacked.” MORE

The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data. MORE

Barnaby Jack, a security researcher plans to give the talk, entitled Jackpotting Automated Teller Machines, at the Black Hat Las Vegas conference, held July 28 and 29, 2010.

Click here for more information.

Mr Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also reveal a “multi-platform ATM rootkit,” and will discuss things that the ATM industry can do to protect itself from such attacks. Jack doesn’t say which ATMs he plans to discuss, but it could be any major vendor, according to Black Hat Director Jeff Moss. “He’s got a living room full of a lot of different brands of ATMs, and they all seem to suffer from one or the other problem,” he said.

ATMs haven’t received a lot of serious scrutiny by security researchers, so Jack’s talk will break new ground.

There are more than 28 new victims of identity theft every minute! Even worse, cases of identity theft have continued to increase dramatically year after year since 2001.

An identity thief can use your stolen identity to receive medical treatment, rent a car, lease an apartment, apply for a job…they could even commit a crime in your name!

Never post your IP address in a public place because once a hacker knows your Internet Protocol (IP) address e.g. 122.453.002.03) they can begin hacking you.

Always run your firewall and antivirus programs first. Your firewall and antivirus programs should always be running before your computer connects to the Internet. If for some reason you want to turn these programs off, make sure you have first disconnected from the Internet. It is also a very good idea to enable automatic software updates in these programs so they stay up-to-date.

When you are not using your computer, disconnect it from the Internet. One of the worst things that can happen is when a hacker breaks into your computer and you don’t even know it. To prevent unknown attacks, your computer should be disconnected from the Internet when not in use.

There are various ways to disconnect from the Internet, you could: shut down the computer, put the computer in Windows’ Standby mode (Start/Shutdown/Standby), break the Windows’ Internet connection, or power down your modem or unplug your LAN cable. Some firewalls come with a blocking function which blocks all incoming and outgoing connections to the Internet.

Using a firewall in addition to anti-virus software helps keep your computer safe from viruses AND hackers.

With the ever increasing popularity of wireless internet connections, individuals are now often connecting to unsecured Wi-Fi networks to access the Internet instead of paying for their own accounts. The person with the unsecured wi-fi connection is at risk and so is the person suing that connection.

The most effective defensive strategy against all types of hacking is to simply ensure you are never connected to a wireless network that does not have a password protection. If you are setting up your own network, enable the password protection and keep the password information in a secure place. You will need this information at a later date if you decide to access the connection with more computers in your home.

Oops, they did it again. McAfee released an update to its antivirus definitions for corporate customers that mistakenly deleted a crucial Windows XP file, sending systems into a reboot loop and requiring tedious manual repairs. It’s not the first strike for the company, either. MORE

Dictionary - With Dictionary as a part of Mac OS X (10.4 and later) there is a feature that not too many Mac users know about.

When you are in any Mac native applications you can hover your mouse above a word and press Ctrl-Cmd-D on your keyboard. You will get the Dictionary description for that word. Just move your mouse over to any other word and the Dictionary description for that word is displayed instantly.

You do not need to have the Dictionary open at all.

A few applications where this works are; Safari, Mail.app, MacJournal, TextEdit, Text Wrangler, Comic Life, iWeb, etc. Unfortunately it doesn’t work with any of the Mozilla applications, including Firefox, Camino and Flock.

Invert Screen

Another function that not too many Mac users know is Invert screen. Just press Ctrl-Option-Cmd-8 on your keyboard and see your Mac invert its colors.

Slow Motion

When you want to minimize a window, click on the yellow button in the top left corner. The window quickly goes down to the right end of your dock using either scaled or genie effect.

If you hold down the Shift key while clicking the window will minimize in a slow motion, approximately five times slower than the normal speed.

Text Clipping

If you want to save a chunk of text from the document you are viewing at the moment, for example a web page. Simply select the text, click on it and drag it to the desktop.

If you want to include the text somewhere, say in an email, you simply click the file on desktop and drag it into your composed email.

Screen Capturing

There are a few ways to capture the screen on a Mac.

You can capture the whole screen by pressing Cmd-Shift-3 on your keyboard and the screen will be captured in a PNG file and saved on your desktop as something like Picture 1.png. As of Mac OS X Snow Leopard (10.6) this file is names

You can also capture a selection, just press Cmd-Shift-4 on your keyboard and you will see a small cross hair selector on your screen.

Select the area you want to capture and let go, the file will be saved on your desktop, again something like Picture 1.png. As of Mac OS X Leopard (10.5) you also get the information on the picture size (in pixels) which changes as you move the crosshair.

You can also capture the active window. Simply follow the steps above and once you see the cross hair, press the space bar and you will get a camera icon. Hover the camera above any window and the window will get the gray overlay indicating it’s in hot-spot. You can even capture the window that is in the background, as long as a part of it visible and allows you enough room to hover the camera icon over it. Click on it and the window will be captured. The file will be placed on your desktop as Photo 1.png

However, if you’d like to capture the screen (or part of it) to the clipboard rather than to desktop, simply hold the Control key down while capturing, i.e. Shift-Ctrl-Cmd-4.

This is very handy when you need to paste the screen capture right into an email or other document.

Have you been receiving emails with this header lately?
Facebook Password Reset Confirmation! Your Support.
If so, then be sure to DELETE it right away as its a password scam specifically attacking Facebook users.

I can’t even remember the first time “I” got this email but it immediately struck me as odd. You know why? ANYTHING that talks about “passwords” is already fishy right? And this email even ask you to download something… DOUBLE FISHY!

Here’s the content of this Facebook email scam so you get familiar with it.

If you click on the document attached to the SPAM email, you open the door of your Facebook account to hackers whose sole objective is to STEAL passwords from Facebook users’ profiles, giving them access to loads of private and personal stuff on you AND your Facebook friends.

When I first got this message, I just deleted it but I started to receive like 5-10 DAILY so I zapped it with an anti-virus program. It worked but now I am getting it again and it has a different “From:” information this time. If before it the email was from “Facebook Security”, now it’s from “Facebook Messages Center”. But yes, it’s still the same bad trick so do beware!

===
Infected with malware already or want to know what to do in such an event?
Find out what you can do to uninstall malware from your PC.

The Consumerist, an online shopper’s blog, recently published a good how-to article on how to spot fake reviews for products online. Among the the things to watch out for, the site points out that variations of a certain reviewer’s name and “glowing” reviews of the product can raise a red flag. Check out the article at this link for more items to watch out for: Spot Fake Online Reviews.

World Wide Web inventor Sir Tim Berners-Lee plans to establish “web science.”

British prime minister Gordon Brown is promising £30 million to fund the establishment of a UK-based “Institute of Web Science” to be jointly run by two of the UK’s leading research universities.

Click here for more information.

The Transport Layer is a network service that provides end-to-end communications between two parties, while hiding the details of the communications network.

There is a defect in the system that allows individuals to obtain false intermediate certificates for SSL encrypted trust connections.

Click here for more information.

Websense Security Labs™ ThreatSeeker™ Network has discovered a new wave of email attacks targeting the Skype Email Toolbar this Monday. Until now, the amount of the spam is not large, but we believe it will increase. MORE

We’ve received many questions here at protonic.com about which browser is better: Mozilla Firefox or Google Chrome. Both browsers have their own unique features and advantages, but Google Chrome in particular has gotten a lot of buzz lately due to some really neat features that Google’s team has put into it. Firefox is catching up though, and the browser “feature war” is getting tough. Personally, I’ve always used Firefox as my primary browser, and I would switch to Chrome full time, but there are still a few websites that I frequently use that simply don’t work right in Chrome.

Lifehacker recently published a helpful article on the rundown of each browser’s performance and features right here that is worth checking out: click here to view it.

Notepad is a nice little program to view plain text files. Now, there are a lots of Notepad replacements that are very good and they also have great features.

Click here to read more.

Websense Security Lab™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO. MORE

A word of caution to Facebook users: be careful when clicking links on Facebook, even if they’re on your friend’s page or your favorite superstar’s page. MORE

Websense® Security Labs™ ThreatSeeker™ Network has been monitoring the latest WordPress injection attack for over 2 weeks and has found over 250,000 injections occurring in the past half month. Moreover, over 37,000 URLs in the wild are still being injected according to our observations. As the following chart shows, the daily stats go up and down a few times and always end up higher, so we believe the hackers are still continuing their attack. MORE

The advisory has been issued regarding an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In the advisory, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed last week.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Click here to read more.

Here is yet another rogue security program that imitates a system scan and reports many false system security threats. Once installed, it will redirect its victims to vs-codec-pro.net where they will be asked to pay for a full version of the program to remove those security issues or infections.

Click here for removal instructions and more details about this fake program.

Websense has a great blog that details how a hacker can use your personal information to damage other systems or hurt you financially. Here is a quote:

Recent hacker activity highlights how insecure we are in the online world. Black hats keep focusing on collecting passwords in many different ways. Instead of breaking the computer security system or brute-forcing pass phrases, they use a variety of easier techniques to get our credentials. The ways they make us give up sensitive information include setting up fake mailing lists, forums, and social network sites to harvest logon details. Then, using this information there is a good chance that the attacker can sign in to valuable sites like social networks or even online banks with the same user name and password.

Websense Security Labs™ ThreatSeeker™ Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks. MORE

Sometimes you may want to use a smaller file such as a .jpg instead of a bitmap on your computer. To convert a huge bitmap file BMP to a JPG):

1. Open the folder (My Documents, My Pictures) where you saved the bitmap image.

2. Right click on the image and then click Open With. Click the Paint program.

3. On the Paint toolbar, click File to open the menu.

4. Click  Save As.

5. Expand the File As Type box and click on the line JPEG filter.

6. Click the Save button.

7. Close the Paint program.

8. Go back to folder with the original image and delete it.
How to make a Thumbnail photo from a Large Photo File:

1. Locate the photo file in your My Pictures folder.

2. Right click on the photo file.

3. Select OPEN WITH, then PAINT.

4. On the Paint toolbar, click on the word IMAGE to open the menu.

5. Click STRETCH / SKEW.

6. In the STRETCH box change the Horizonal and Vertical % to 10.

7. Click OK.

8. On the Toolbar, click on FILE to open the menu.

9. Click SAVE AS.

10. Give the photo a new name so you won’t overwrite the original photo.

11. Click the SAVE button.

12. Close Paint .
TO make an image appear as your desktop background (wallpaper):

1. Open the folder containing your image.

2. Click on the image you want to use.

3. Right click on the displayed image to open the menu.

4. Click on the words Set as Wallpaper.

5. Close the open folders.

Your desktop will display your image as wallpaper.

Websense Security Labs™ ThreatSeeker™ Network has detected that the ninemsn support Web site (ninemsn.com.au) has been compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections, and the injected code is hidden deep within the ninemsn ad engine, served on request. The injected code leads to a site that has also been compromised by Gumblar. The compromised code is hidden specifically within the “Women’s Weekly” banner script. Other ad banners are not affected. MORE

Websense Security Labs™ ThreatSeeker™ Network has discovered a follow up attack on Zeus campaign targeting government departments. Its research shows that once again the campaign is targeting workers from government and military departments globally. MORE

When you purchase a new computer, there are certain steps you should take before connecting the computer to the Internet.

This following web site offers valuable information for new computer users and it covers a wide variety of operating systems: Click here to learn about this procedure.

“Canonical announced a few hours ago the immediate availability of a new Linux kernel security update for the following Ubuntu distributions: 6.06 LTS (Dapper Drake), 8.04 LTS (Hardy Heron), 8.10 (Intrepid Ibex), 9.04 (Jaunty Jackalope) and 9.10 (Karmic Koala).” MORE

“Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the program in an effort to increase their reach.” MORE

Websense Security Labs™ ThreatSeeker™ Network has detected that the the Web site of Bollywood Hungama (Bollywoodhungama.com) has been compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections, and there are multiple injections at the site’s path level. While the main page was injected, the malicious code has been removed. A number of pages at the path level, however, still remain injected. The injected code leads to a site that has also been compromised by Gumblar. At this time, the malicious code isn’t available or reachable, but this could change at any time. MORE

Websense Security Labs™ ThreatSeeker™ Network has discovered a new Zeus campaign (a banking data stealing Trojan) which is now targeting government departments. Our research shows that the campaign has especially targeted workers from government and military departments in the UK and US: we found most victims’ email addresses end with .gov. MORE

Twitter says it has identified a scheme that uses compromised file-sharing sites to steal login info. Scammers were then able to use the data to gain access to Twitter and other sites. The main problem: 73% of people share the passwords which they use for online banking, with at least one nonfinancial website. MORE

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location. MORE

To have a fighting chance against today’s rampant security threats, end users have to be informed and proactive. Here are some practical guidelines you can follow to minimize the risk of infection and attack. MORE

This nice article from TechRepublic provides great advise on practical steps we can all take to stay safe online. I do not necessarily agree with the author’s opinion  concerning free spyware scanners. I think there are plenty of great free products available.

And while on the topic of free … why not try running Linux? Chances are most (if not all) our malware worries would just go away. Running Linux from a USB flash drive for casual computing (i.e., web browsing, reading email, word processing and spreadsheet work) is even more secure. There are ways for us to stay safe. The article points some and I wanted to mention others. I wish you happy cyber-trails!

Websense Security Labs™ ThreatSeeker™ Network has discovered a new malicious spam campaign that spoofs Google job application responses. The messages look very well written and are so believable that they are probably scrapes from actual Google job application responses. Typically, spam has grammatical errors or spelling mistakes that make the messages obviously unofficial and act as red flags. The text of these messages, however, has no such mistakes, making them much more believable–especially if the target really has applied for a job with Google. MORE

Here are some sites that may provide you with inspiration, help you with projects, and increase your productivity:

http://spellcheck.net/

Copy and paste text into site for a quick online spell check

http://www.5min.com/

Five minute videos that teach a specific skill.

http://www.monkeysee.com/

Another interesting how-to site

http://www.theweek.com/home

A general information site about popular topics in the news.

http://www.howstuffworks.com/

The dependable how stuff works site is a nice resource for projects.

http://www.instructables.com/

Another site for creative people

http://www.wikihow.com/Main-Page

Probably the most popular how-to site!

http://www.shvoong.com/

This site with the unusual name is a site for summaries and reviews about a variety of subjects.

Websense Security Labs™ ThreatSeeker™ Network has discovered that the home page of the Oklahoma Tax Commission Web site has been compromised with malicious script code. The heavily obfuscated code has been injected at the bottom of the page. MORE

Websense Security Labs™ ThreatSeeker™ Network has discovered that search terms related to the forthcoming Apple Tablet announcment have already become the latest target for Blackhat SEO poisoning attacks. MORE

Microsoft warns that a malicious hacker could exploit this vulnerability to run arbitrary code in kernel mode. MORE

Websense® Security Labs™ has reports that emails linking to malicious web-based exploit code that utilizes the vulnerability CVE-2010-0249 have been sent to organizations in a targeted manner since December 2009, and the attack is still on-going. This same vulnerability was used to target Google, Adobe, and approximately 30 other companies in mid-December 2009. MORE

Microsoft confirmed that it plans to release an out-of-band security update to address a zero-day vulnerability in Internet Explorer. The update is undergoing testing now. MORE

PDF stands for Portable Document Format and creating these types of files is useful because when opened, PDF files will look exactly the same for all users no matter what hardware or operating system the computer is using. This would not be the case if the document was provided using other common formats such as Microsoft Word.

In order to open a PDF document, Adobe Reader must be installed. The current version is version 9. It is free software and it can be downloaded here.

In order to create a PDF document, the document must be first created in a separate application, like Microsoft Word, and then printed to PDF. To print to PDF we must install a PDF Printer. There are lots of different options to choose from when deciding on a PDF printer.

Cute PDF Writer can be downloaded here.

Once installed, in order to create a PDF document you simply click on File – Print and Choose the CutePDF printer rather than your printer. Choose what name you wish to call your PDF and then determine where you want to save the file. Click Save.

Websense Security Labs™ ThreatSeeker™ Network has discovered that a popular video called “Paignton Ice Skating for Cars” has been targeted by both SEO poisoning attacks as well as Web spam. MORE

Websense Security Labs™ ThreatSeeker™ Network has discovered several spam messages on Facebook that trick the user into visiting BINSSERVICESONLINE(dot)INFO. When the link in the message is clicked, the Web site redirects the user to an online scam site similar to the one we published in the blog Google Scam Kits in mid-December. The use of Facebook to distribute links that lead to Google scam kits is fairly new, and is sure to trick some users into buying the kits. MORE