Archive for the ‘security’ Category

Microsoft Security Essentials for XP alternatives?

Friday, January 10th, 2014

It was widely reported this week that Microsoft will be ending updates (including definitions) for MS Security Essentials for Windows XP when they end support of XP itself.

This is a problem for me. I have been recommending MSE to friends and family for years – it’s non-intrusive, it generally works, it’s never broken any software for me, and it doesn’t constantly produce false or exaggerated  warnings over things like “tracking” cookies.

Sadly, anti-virus software in general is awful. The marketing of AV requires long lists of checkbox features. Every single one of these features takes just a little more resources or risks software conflicts.

In business environments, I have used many of the familiar brands over the years – now that I think about it, I’ve directly worked with most of the common paid software brands at one time or another – though, some of these were a decade ago, and the experiences are irrelevant to the current versions of the packages. I have also tried many of the common free AV options for home users.

Universally, they have had their annoyances and/or huge limitations. I remember the time an AV program deleted (not quarantined!) a contact database file that happened to have a magic string that looked like a virus. Or the time a business AV package sent me literally thousands of emails warning me about something or other (it was too stupid a package to recognize that it had already emailed me the exact issue seconds ago). Or the AV feature that inserted itself as a HTTP proxy and thereby broke the instant messenger and some websites. Or incredibly resource intensive AV, bundled by the PC OEM, that brought brand new computers to a crawl.

This post has drifted a bit… I am currently testing Immunet on one of my daily use computers. Immunet was recently purchased by SourceFire, and uses the ClamAV antivirus definitions (and I think engine) that is community run (and powers many open source anti-virus systems). This isn’t a recommendation, merely a mention of another option that is a little under the radar.

 

Problems installing the RDP Patch in Windows XP?

Friday, March 16th, 2012

If you’re in IT, and you are responsible for some Windows computers, you should have heard of the upcoming critical security issue with Remote Desktop.  If not, read about it here or here or any number of articles on other tech sites in the last week.

We have several clients using RDP and Terminal Server in various configurations. Usually, we’ve set them up behind firewalls that block by IP address or custom ports that make them a little less vulnerable. We’ve begun the process of making sure that the Windows Updates are current on these machines, especially those that have Remote Desktop enabled and connected to the Internet on the standard port of 3389.

Today, I ran into a machine that just could not run Windows Updates for some reason, and hadn’t for about 3 months. I tried many potential solutions, in which I won’t go into detail.

This post is not about fixing Windows Updates. This is about installing the critical security patch for WinXP SP3 for the RDP issue before the exploits begin.

The work around in my case was to manually install the patch.

This is Microsoft’s official security bulletin, Microsoft Security Bulletin MS12-020 – Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387). If you read to the bottom, you see links to pages specific to various vulnerable Microsoft OSs. This is the one for Windows XP – Security Update for Windows XP (KB2621440).  On that page is a download link to get the patch! Just download and run it.

Sure, the right thing to do is fix Windows Update on this particular computer; however, installing just this patch is far, far better than nothing.

Automatic Upgrade Feature of WordPress Without FTP

Saturday, September 5th, 2009

I was intrigued by the automatic update feature of recent (2.7+?) versions of WordPress because I hate upgrades as much as the next guy.  Unfortunately, it didn’t work for all 3 WordPress installs for which I am responsible.

There’s a new security issue for WordPress, so I spent some time trying to figure out how to get the update feature to work.  When I attempted the update in the WordPress Admin section, it requested my FTP login settings.  Well, I don’t use FTP for maintaining these blogs.

Fortunately, it turns out that WordPress will only require FTP permissions if the file permissions are configured in a compatible manner.

This post cleared it up:

http://robspencer.net/auto-update-wordpress-without-ftp/

The gist is to set the owner of the WordPress files to the same user as the process that runs Apache.  Running a basic chown command did the trick!

Now I just have to research to make sure that this makes sense from a security standpoint…

FidoListens.ca? Who are you?

Friday, July 3rd, 2009

I care about email security and transparency of email content a lot.  I deal with it all the time as a contractor who produces a email newsletters for local retailers.  I’m also the guy who teaches end users (including family) to be extremely skeptical about all the email they receive because 90% of it is fake, SPAM, and scams.

So, I get peeved when larger firms do email communications wrong.

Today I received an email invite from a company claiming to do work for Fido.  I think it’s cringe-worthy.

My first step in my research was a quick glance at the Fido homepage – no mention of a new survey program, though, I didn’t really expect to find one.

Looking strictly at the email itself then, here are some tidbits:

Subject line:  Invitation to Join the Fido Listens Panel

OK so far.

From: Fido Listens Team <fidolistens@itracks.com>

Who is iTracks.com? I’ve certainly never heard of them.  Definitely a yellow caution flag.

The email copy talks about a survey and some prizes for participating in Fido’s latest customer feedback thing.

A lot of scams offer prizes or financial incentives.   Can you get two yellow caution flags?  Or maybe just upgrade to a larger one.

The survey link goes to  https://surveys.itracks.com/survey/RogersFido_4?ID=xxxxxxx.

Well,  iTracks.com hosts the survey.  Their homepage looks legitimate at least.  Funny, I was expecting iTracks.com to be an online MP3 store.

And a support email address of support@fidolistens.ca.

Wait, now what is fidolistens.ca? More on Fido Listens later on.

And a contact mail address of Ipsos Reid, a well respected research firm based in Vancouver.

Ah! I’ve heard of them. Actually, I know people who have worked there. Of course, anyone can write an email with someone else’s legitimate mail address.

So, let’s review. Yes, I am a Fido cellphone user.  But who is iTracks.com?  Do I really believe that they got my email address from Fido? Who is FidoListens.ca?  And is IPSOS really involved?

fidolistens.ca?  At least this was somewhat comforting.  The vanity domain of fidolistens.ca forwards to https://iaf.ipsos.ca…, i.e. a page belonging to IPSOS and transparently hosted by them on their own domain.

In the end, I feel comfortable doing a survey that is hosted by IPSOS.  But that’s only because I know that IPSOS Reid is a legitimate firm.  A little over a year ago I ranted about another Fido survey attempt in my blog post, How to Properly Use 3rd Party Web Services, I didn’t feel comfortable with the firm conducting that survey.

If you are using a 3rd party firm for surveys or anything that is customer related, please make it easy to verify that it’s legitimate.  At Papaya Polls, we offer to host our pages under your own subdomain.  It works great and it is very confidence inspiring.  I would have zero hesitation in doing a survey which had a web address of http://fidolistens.fido.ca or http://surveys.fido.ca.

Anyway, enough ranting.  Time to enjoy the sun.

Yikes! “Removal from Google’s Index”

Tuesday, February 3rd, 2009

I hate it when people with vacuous business models try to sap my web reputation and waste my time.

Earlier this week, Google sent me a friendly note with the subject line: “Removal from Google’s Index.” My first thought was that it was a scam or a phishing attempt.  But no, after examining the links carefully and doing a couple web searches, it turned out to be legit.

A blog we host was running WordPress version 1.5.  It’s not an active blog. It’s up  for posterity, so we didn’t really care that it was several versions out of date.  Unfortunately, that version of WordPress, and everything prior to 2.5.1 (I think), is exploitable.

In our case, it had been hacked to have hidden text links for run-of-the-mill spam links such as porn, pharmaceuticals, etc. In fact, the links appear to have changed a few times over the week or more that it had been compromised. Google noticed, and told us to get rid of the spam links or else it would be booted out of it’s search results.

So, upgrade WordPress we did. Overall, cleaning up the mess wasn’t too bad.  It could have been worse.

The moral of this story?  Do backups. Check for upgrades of software every once in a while (yeah right). And make sure that one or more of these email addresses work: contact@yourdomain.com, info@yourdomain.com, support@yourdomain.com, webmaster@yourdomain.com.  These are the addresses to which Google addressed the email.

My wish?  That WordPress and other common web applications had a single line in their FAQ that said in 100% unambiguous language what was the minimum version of software that was free of exploits.  I looked for several minutes to see if this blog, running WordPress 2.5.1 was ‘safe’.  In the end, I couldn’t tell, so I decided to upgrade to 2.7 while I had all the files handy.