by Tregaron on February 12, 2010
“A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by Windows XP users who applied the latest round of Microsoft patches. It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches. Researcher Patrick W. Barnes, investigating the issue, has isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components. Barnes identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity.”
Patrick’s Article
(Patrick’s site is currently being “slashdot-alanched” and is unavailable.)
Tdss-rootkit information
If this is true and you experience this crash after updating you will need to take steps to clean this infection off your computer. This post will be updated as information develops.
by Matt on February 11, 2010
If Tuesday’s security updates from Microsoft have crippled your Windows XP computer with the notorious Blue Screen of Death (BSOD), please follow the follow procedures to fix your computer:
1. Boot from your Windows XP CD or DVD and start the recovery console (see this Microsoft article for help with this step)
Once you are in the Repair Screen..
2. Type this command: CHDIR $NtUninstallKB978262 $\spuninst
3. Type this command: BATCH spuninst.txt
4. Type this command: systemroot
5. Repeat steps 2 – 4 for each of the following updates:
- KB978262
- KB971468
- KB978037
- KB975713
- KB978251
- KB978706
- KB977165
- KB975560
- KB977914
6. When complete, type this command: exit
Your computer should restart and everything should be back to normal.
Source:
BLUE SCREEN, UNABLE TO BOOT AFTER WINDOWS XP UPDATE TODAY
by Matt on February 10, 2010
Microsoft has issued four critical and eight important updates that address several vulnerabilities in Windows and Office.
The 4 critical updates are:
- MS10-006: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
This security update resolves two vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
- MS10-007: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
- MS10-008: Cumulative Security Update of ActiveX Kill Bits (978262)
This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
- MS10-013: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
This security update resolves a vulnerability in Microsoft DirectShow which could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The 8 important updates are:
- MS10-009: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
This security update resolves four vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
- MS10-003: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
This security update resolves a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- MS10-004: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
This security update resolves six vulnerabilities in Microsoft Office PowerPoint which could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
-
MS10-010: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
This security update resolves a vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V which could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
- MS10-011: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
This security update resolves vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
- MS10-012: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
- MS10-014: Vulnerability in Kerberos Could Allow Denial of Service (977290)
This security update resolves a vulnerability in Microsoft Windows which could allow a denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
- MS10-015: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
For more details please visit:
Microsoft Security Bulletin Summary for February 2010
by Matt on January 27, 2010
Apple introduced the iPad today. The iPad is a game-changing, innovative device, that brings together many technologies to provide you with the hands-down best way to experience the web and all of your favorite applications.
The Apple iPad features a 9.7-inch LED-backlit IPS high-resolution display which makes it perfect for web browsing, watching movies, or viewing photos.
The iPad will be available in the near future./
iPad pricing:
$499 Wi-Fi only 16 GB
$599 Wi-Fi only 32 GB
$699 Wi-Fi only 64 GB
Add 3G for only $130 more.
Data plans use AT&T’s 3G network:
250MB data plan is $14.99/mo.
Unlimited data is $29.99 /mo.
Please use the following links to find out more information:
Video of the New Apple iPad
Apple iPad Features
140,000 Applications Available from the Apple Store
by Matt on January 3, 2010
Kids’ Top 100 Searches of 2009
- YouTube, Google, and Facebook top the list
- Sex and Porn round out the top 5
- Kids spend most of their time searching for music related topics (30%), then TV/movie related topics (12%).
- The most popular celebrity kids searched for was Michael Jackson. Taylor Swift came in second.
- Team Jacob won over Team Edward, with Taylor Lautner coming in at #80 and Robert Pattinson being nonexistent in the top 100.
- Other top celebs on kids’ list of searches include Miley Cyrus, Lady Gaga, Justin Bieber, Selena Gomez, Lil Wayne, Megan Fox, Eminem, Beyonce, Britney Spears, Demi Lovato, Black Eyed Peas, Jonas Brothers, Rihanna, and Chris Brown.
- Kids are searching for shopping sites like eBay, Walmart, Target, and Best Buy.
Top Searches of 2009 – Boys vs. Girls
- YouTube, Google, and Facebook show up in the top three of both boys’ and girls’ search terms.
- Boys’ #4 search term was Sex while girls’ #4 search term was Taylor Swift. Girls were still interested in Sex, though, with the term coming it at #5.
- Boys’ most popular celebrity search term was Michael Jackson.
- Boys’ top 25 search terms were mainly comprised of social networking sites, various websites, shopping sites, inappropriate terms, and games.
- Girls’ top 25 search terms were main comprised of social networking sites, as well as music and entertainment/celebrity terms.
- Both boys’ and girls’ most popular search terms were related to music, though it was higher in terms of percentages for girls at 42% compared to boys at 22%.
- Boys search more adult topics compared to girls (13% vs. 2%).
Top Searches of 2009 – By Age Group
- Youtube, Facebook, and Google comprise the top 3 search terms for kids.
- Sex comes in at #4 for teens and tweens while porn comes in #4 for kids 7 and under.
- Taylor Swift was the top searched for term among teens. For tweens and kids 7 and under, it was Michael Jackson.
- Teens and tweens spend most of their search time online on music related subjects (34% and 27%).
- Kids under the age of seven spend most of their search time online on games (23%).
- Kids under the age of seven are conducting searches for P2P sites like Limewire and Mininova.
…
by Matt on December 31, 2009
2010 Security Suites: The Best and Worst
The anti-malware scores for Norton Internet Security 2010 blew away the competition, and the software has shored up two notorious (if less important) traditional weak spots for Norton. Parental control now comes from the full-featured OnlineFamily.Norton, and the new spam filter component is quite accurate (a huge improvement). It remains our Editors’ Choice, although one of the not-yet-released suites could still knock it off the pedestal.
…
Please see also:
AV-Comparatives Rates Anti-Malware Performance
by Matt on December 23, 2009
OnlineFamily.Norton surveyed a whole lot of parents and put a great deal of thought into the core features needed to provide a robust communication-based tool that aims to bring you and your family closer together as you work to manage your online lifestyles.
Key features of OnlineFamily.Norton include:
Personal Profiles
Your child is unique. You can manage, update, and adjust each profile based on their individual ages, tastes, and interests. This way OnlineFamily.Norton can grow with your children.
Web Monitoring
With OnlineFamily.Norton, you can view the sites that your children visit. This lets you know if they’ve been exposed to inappropriate or potentially harmful material. You can also block sites or types of sites that you think are inappropriate.
Chat Monitoring
With chat monitoring, you can ensure that your child’s friends online are people you know and trust.
Social Network Monitoring
You can learn how your child represents him or herself online, view the social networking sites that they belong to, and see which sites they visit most.
Time Limits
Tailor your child’s time allowance for computer use. You can set the total time limits for specific hours, or days of the week. So you can set curfews for school days vs. weekends.
Custom Alerts
Which alerts do you want? You decide which activities are most important to you, and which you don’t need to know about right away. So your alerts are tailored to your priorities.
Get Started With OnlineFamily.Norton
by Matt on December 16, 2009
1. The next time you order checks, have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name. Your bank will know.
2. Do not sign the back of your credit cards. Instead put “PHOTO ID REQUIRED”.
3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the “For” line. Instead, just put the last four numbers.
4. Don’t list any telephone number. You can always write it on the check at the time of the transaction. If you have a PO Box, use that instead of your home address or your work address.
5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Store in a secure place and refresh it when you change cards.
Please read this an other tips at:
Security Awareness Tip
by Matt on December 9, 2009
Microsoft has issued three critical and three important updates that address several vulnerabilities in Windows and Office.
The 3 critical updates are:
- MS09-071: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.
- MS09-072: This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; this vulnerability has been described in Microsoft Security Advisory 973882 and Microsoft Security Bulletin MS09-035.
- MS09-074: This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The three important updates are:
- MS09-069: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
- MS09-070: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
- MS09-073: This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.Office.
For more details please visit:
Microsoft Security Bulletin Summary for December 2009
by Matt on December 9, 2009
Security updates available for Adobe Flash Player
Platform: All Platforms
Summary
Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.
Affected software versions
Adobe Flash Player 10.0.32.18 and earlier versions
Adobe AIR 1.5.2 and earlier versions
To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution
Adobe Flash Player
Adobe recommends all users of Adobe Flash Player 10.0.32.18 and earlier versions upgrade to the newest version 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted.
Adobe AIR
Adobe recommends all users of Adobe AIR version 1.5.2 and earlier update to the newest version 1.5.3 by downloading it from the Adobe AIR Download Center.
Severity rating
Adobe categorizes these as critical issues and recommends affected users update their installations to the newest versions.
