IE8 and Reliability

Developing technologies that work reliably on their own and as part of the computing ecosystem is core to our mission and is an important part of our commitment to Trustworthy Computing. Our customers and partners expect technologies and services they can depend on anytime, anywhere, and on any device. We focus on constant improvements to the dependability of our technologies and services.

For Internet Explorer, reliability means that the browser should always start quickly, perform well, connect to the Internet, and show Web sites without crashing or hanging. Most users want their browser to work, recover smoothly after a crash, and display the Web correctly. Users are not as concerned with what causes the problem, whether that be a poorly functioning add-on or poorly performing website. As part of our ongoing commitment to improve reliability, we have done a great deal of work in IE8 to make the browser more robust in all of these areas: performance, recovery and display.

Source:
http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx

Posted in Internet, Software, Windows | No Comments

Malware In E-Mail As Fake Invoices And E-Tickets

McAfee is reporting new examples of malware distributed through e-mail in the form of UPS invoices and airline e-tickets.

The threats seem to be variants of a new downloader the company had reported on (Generic Downloader.ab, MTIS08-131-A).

The UPS version says that your last shipment could not be delivered because the address was wrong, and asks you to print out the attached invoice and bring it in to the local office to collect your package. The “invoice” of course is a malware program. The e-ticket version says that an account has been created for you and your credit card charged for the tickets. The attached invoice and e-ticket is, of course, a malicious program. One of them may have a Microsoft Word document icon.

Of course, you should always be leery of unsolicited e-mails, especially those with attachments. Keep your anti-malware up to date and it will likely block any such e-mails.

Source:
http://blogs.pcmag.com/securitywatch/2008/07/malware_in_email_as_fake_invoi.php

Posted in Internet, Privacy, Security | No Comments

Beware Fake Malware Cleaner Programs

Chinese hackers are sending out malware masquerading as the Trend Micro Virus Clean Tool, according to Trend. The example in the linked Trend blog is in Chinese, so perhaps the threat is only real in China (and Taiwan). But the example is instructive.

The threat arrives as an e-mail which looks like it came from Trend Micro and the malware comes as an attachment to it. The use of an attachment is by itself unusual, as malware distribution has largely moved to using links to hijacked web sites where the malware is hosted. The Trend blog says the attachment is named iClean20.EXE, but the screen shot of the e-mail shows it as a .RAR file which probably itself contains iClean20.EXE.

iClean20.EXE uses a clever trick: It drops 2 files, one of which is the genuine Trend Virus Clean Tool, and the other the malware, detected by Trend as BKDR_POISON.GO. By pointing the user to the actually cleaning tool they may distract them from the malware. BKDR_POISON.GO opens a random port and allows a remote user to execute commands on the affected system.

Source:
http://blogs.pcmag.com/securitywatch/2008/07/beware_fake_malware_cleaner_pr.php

Posted in Internet, Privacy, Security, Software | No Comments

Adeona: An open source laptop tracking system

Adeona is an open source internet-based laptop tracking system that is free to use. It’s available for Linux, OSX, and Windows XP/Vista. After installation, Adeona will submit at random intervals, anonymously encrypted updates on the computer’s location to servers on the Internet, specifically to OpenDHT, a free storage service. The information is kept on the servers for one week. If your laptop becomes lost or stolen, you can use the retrieval tool to access information about where your laptop was last used: the external IP address, internal IP address, and nearby routers. If your laptop is a Mac, you can also download isightcapture to grab a picture of the thief. Adeona is designed to protect against common criminals who may not have much technological knowledge, and does not have any protections against events such as disk wipes. The open source nature of Adeona’s system means that there’s ample opportunity to improve upon the release or add extensions. Here’s one user who really likes what he sees.

Source:
http://www.hackaday.com/2008/07/26/adeona-an-open-source-laptop-tracking-system/

Posted in Hardware, Internet, Networking, Privacy, Security | No Comments

Fortify Your Internet Security Settings Now

The Web became a substantially more dangerous place this week, thanks largely to the publication of instructions that show cyber criminals how to exploit a pervasive, critical flaw in the Internet infrastructure.

While Internet service providers and corporations can mitigate the danger by updating the software that powers vulnerable components of their networks, data released yesterday indicates that only about half of the world’s online population is currently protected by these updates.

At issue is a basic design flaw in the domain name system. DNS is the communications standard that acts as a kind of telephone book for the Internet, translating human-friendly Web site names like example.com into numeric addresses that are easier for networking equipment to handle and route.

When people type a Web site name into their Internet browser, the process of routing of that name to Internet address is generally handled through DNS servers managed by Internet service providers and corporations.

But according to research released this month, most of those DNS servers are vulnerable to a security flaw that allows miscreants to silently alter the virtual road maps that those systems rely on to route traffic. As a result, a cyber criminal could trivially rewrite those records so that when customers of a vulnerable ISP or network provider try to visit a particular Web site, they are instead taken to a counterfeit site created by the bad guys.

Source:
http://blog.washingtonpost.com/securityfix/2008/07/the_web_just_became_a_much_mor.html

Posted in Internet, Privacy, Security | No Comments