GuruNews, Volume 8 Number 26, 7-24-08

Kevin-PC Gurus microdome at seidata.com
Thu Jul 24 22:04:32 EDT 2008 

Welcome to GuruNews



Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.

 

You can interact with the PC Guru team via our Web site, located at http://www.thepcgurus.com.  On our site you can post your computer questions, comments and rants on the forums, e-mail the PC Guru

team members and chat one on one in our nightly IRC chat beginning around 8:00 PM EDT.  You can also subscribe to our RSS feeds so you can get the latest news and forum updates from the PC Guru Web site directly on your computer.

 

If you're new to the Newsletter you can read back issues at Team member JP Durbin's website at http://www.jpdurbin.net.  There are links to all the old 84 Online issues as well as the new GuruNews missives.

 

The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region.  Visit http://www.whascrusade.org to make donations online.

 

USS Rover's list of streaming computer shows is now available for download in Excel, Open Office and Linux ready formats from http://www.vegassellers.com/ussrover/showlist.html. 

 

To subscribe to this newsletter just drop by www.thepcgurus.com and sign up!

 

Vol. 8, No. 26                 

7-24-08

 

1 New warnings     

2 Panic, but relax while doing so         

3 COPA, Digging Google, Spammer escapes, an Apple a day does no good

4 Firefox fix

5 Cryptic Spam

 

The web has always been a dangerous place, with misleading pop-up ads, email viruses and zero byte web bugs.  But the most malicious attacks upon your PC come from "drive-by" downloads, which are disguised as a normal part of a website that downloads into your Internet cache, where they secretly install malware on your computer.

 

These downloads typically generate local pop-ups, install unwanted software, steal passwords and credit card information, hijack your browser's start page or use your email account to spew spam.

 

A few years ago you were fairly safe from drive-bys if you didn't visit unsavory web pages, such as Warez and adult sites.  Presently this is a different story entirely, due to the rise in popularity of scripting languages such as JSP, ASP and PHP that depend on relational databases based on SQL.

 

In today's cyber-world nearly every site uses one of these scripting languages, including everything from banking websites to social networking destinations.  All of those credit card transactions on your list?  Stored in a database.  All of your web mail messages?  Stored in a database.  Shopping cart?  Another database.

 

They're everywhere, and if they aren't secured correctly they are vulnerable to something called an SQL injection attack, in which a hacker inputs SQL queries into a log in field instead of a user name and password.  If coded correctly, the attacker gains full direct access to all the information in the database.

 

After they've feasted on all the personal data on that site they can add code to the displayed scripting pages to inject code onto user's PCs to gather more and carry out other nefarious acts.  This has become extremely common, and an article on yesterday's El Reg (http://tinyurl.com/572wp3) describes the stunning numbers that demonstrate just how much a threat this hack is.

 

Security firm Sophos, one of the most respected security research groups around, claims they detect 16, 173 malicious site per day, or one every five seconds.  They go on to state that nine in ten are legitimate websites.

 

Newspapers, credit reporting firms, government websites, blogs, you name it and it can be turned into a malicious spyware vector in minutes.

 

Firewalls won't protect you from these things because they come in as part of a page you've requested.  Antivirus programs offer some protection but the malware changes so frequently that even a program like Kaspersky, which posts updates almost hourly, can't keep up.  Not even vigilance on your part can offer much protection since most of these infections apparently come from trusted sites.

 

Just as an example, MySpace is exceedingly compromised.  I often call that site MySpyware, and a researcher from Sunbelt Software proved me correct by surfing around on MySpace for an hour and monitoring new files coming onto his system, mostly from banner ads.

 

The article is from the Washington Post and is available at http://tinyurl.com/yu79aa.  You can read the entire ugly list of malware he received at http://tinyurl.com/5jlj28 but it included such winners as Vundo, WinFixer and PurityScan.  These and many of the others are very hard to clean and often require professional help, leading to an expense to the innocent surfer.

 

Speaking as one of the aforementioned professionals, customers often get angry with me when they pick up a machine that I've cleaned, only to bring it back a week or two later after they've reinfected it.  Believe me, if there was some magical setting or software to block this stuff your friendly neighborhood tech would install it for you but it simply doesn't exist.

 

There's really no answer other than to sell your PC and buy a Wii.  All you can do is watch for unusual network activity (email me for instructions for putting the network icon in your System Tray if it isn't there), install a good Antivirus program that gets frequent updates, install a software firewall even if you use a router (just ask a geek type before you block anything you aren't familiar with), install several passive spyware scanners like Ad-Aware, Spybot and MalwareBytes, use a filter like Spyware Blaster, never use a debit card online and watch your credit card and bank statements closely.

 

If you still use dial-up or have a modem hooked up to use as a fax take a close look at the phone bills for unusual phone numbers that might indicate a rogue dialer and be suspicious of any sudden computer slowdowns.

 

Time to go to school folks.  If you're going to keep yourself safe you're going to need to learn a lot about how Windows and the Internet work and what to flag as unusual.

 

Please don't kill the messenger ;)

 

Kevin Mefford, Editor

pcguru at microdome.net

 

 



 

Terry Wise

www.ratland.com

 

 

Tech News of the Week
 

A federal court on Tuesday upheld a ban on the Child Online Protection
Act, saying it's too vague, overly broad and unnecessary.  Years of
law school and decades on the bench for something we geeks have known
all along?

http://www.informationweek.com/newsletters/daily/showArticle.jhtml?articleID=209401134

Google is reportedly ready to purchase the Digg Web site for $200
million.  Dig it:

http://www.sci-tech-today.com/news/Google-Rumored-Ready-to-Buy-Digg/story.xhtml?story_id=11300DT7UTPT

Edward "Eddie" Davidson, a notorious e-mail spammer who was sentenced
to jail time in April, has escaped from a federal prison camp in
Florence, Colorado.  Depending on where he goes, he could be shot on
sight:

http://blogs.zdnet.com/security/?p=1543

There is growing unease about Apple CEO Steve Jobs' health.  If you
live in the public sphere, where does your private life end and your
public life begin?  According to EE Times, there are six reasons why
Jobs' health is not a private matter:

http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=209401048

Copy us on the good stuff

 

Matthew Dattilo

thepcgurus at gmail.com 

www.mattstodayinhistory.com

 

 

Download of the Week
 

A few weeks ago, FireFox3 set a record for the most downloads in a 24 hour period ever.  While FF3 doesn't offer too many changes other than those related to enhanced browser security, there is one new feature that you may or may not want to change.  That feature is called "MaxRichURL" and amounts to additional information added to the browser history in the Address Bar drop-down menu.  I didn't care for it so I looked for a fix.  The most common fix available from a Google search amounts to eliminating everything in that drop-down history (unacceptable).  Guess what, the fix was right under our noses in the FireFox add-ons!

 

The add-on is called "Oldbar 1.2" and makes the URL drop-down look like it did in FireFox2.  Get it here:

 

http://tinyurl.com/2ba79x 

 

 

Carlita Lupino

Cards57 at gmail.com

 

 

Email Question of the Week
 

Q:  I am getting returns from e-mails that I have not sent.  Someone has
stolen my e-mail address.  Is there anything that I can do about it?

 

A:  I doubt anyone has stolen your email address.  Odds are someone
who has you in their address book is infested with something that's
trying to email people in the address book and spoofing the From field
with other entries in there.  I get those all the time since I seem to
be in a lot of address books ;)


Lately I've been getting mostly foreign language bounces, mostly
Russian and some language that I think may be Korean.  For now I
wouldn't worry about it, the problem appears to be cyclic and will
likely die down in a couple of weeks.



Otherwise about the only thing I can suggest is to change your
email address, but if I'm correct the problem will just follow you
when your infected friend adds your new address to their address book.



Hope that helps and keep us posted...

 

Kevin Mefford

pcguru at microdome.net

 

 

Contact info and legal stuff
 

If you have tech support questions or ideas and/or submissions for our newsletter please submit them by visiting www.thepcgurus.com and click on the "Email the Team" icon. 

  

Copyright 2001-2008 The PC Gurus, all rights reserved.  Publication, rebroadcast or storage is prohibited without prior consent, however you may freely forward this publication to friends as long as A) it is forwarded in its entirety and B) no fee is charged.

 

Information provided in this publication is provided "as is" without warranty of any kind, either expressed or implied.  Although the information provided is known to work on most systems, it may not work on ALL systems.  Make use of any information supplied at your own risk.

 

The PC Gurus are a group of volunteers who provide support for the PC, Mac and Linux users in the Kentuckiana region.

 

To unsubscribe from this newsletter visit http://thepcgurus.com/mailman/listinfo/newsletter_thepcgurus.com or send an email to microdome at seidata.com with the words "unsubscribe newsletter" (without the quotes) at the top of the body of the message.

 

 

      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://thepcgurus.com/pipermail/newsletter_thepcgurus.com/attachments/20080724/01cde3cb/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 36765 bytes
Desc: not available
Url : http://thepcgurus.com/pipermail/newsletter_thepcgurus.com/attachments/20080724/01cde3cb/attachment.jpe

More information about the newsletter mailing list