OpenDNS

March 8, 2008 – 7:05 PM

I’ve been meaning to play with OpenDNS for months now but never got around to it until today. And so far, I really like it. You can check OpenDNS out here:

http://www.opendns.com/

Completely free. This is a fantastic service.

You can use the simple method by just pointing your DNS entries to their main DNS servers (208.67.222.222 and 208.67.220.220) on either your local computer or on your router – which will take care of all your internal computers in one shot. Or….you can sign up for an account (still free) and take advantage of some great additional features like domain blocking, content filtering, address bar shortcuts, and much more.

Get started here:
http://www.opendns.com/start/

Did I mention it’s all free?

Cryogenically frozen RAM bypasses all disk encryption methods

March 8, 2008 – 7:03 PM

Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it’s enough to give every security professional heart burn.

Full Story and Video:

http://blogs.zdnet.com/security/?p=900

Firefox 2.0.0.12

March 8, 2008 – 7:03 PM

The award-winning Web browser is better than ever. Browse the Web with confidence. Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. It’s easy to import your favorites and settings and get started.

Release Date:
February 7, 2008

Security and stability Update:
This release fixes a number of security and stability issues discovered in Firefox 2.0.0.11.

Earlier Changes:
For information about previous changes, please see the Firefox 2.0.0.11 Release Notes .

Firefox 2 Features: For an overview, please see Firefox 2 Features.

http://www.neowin.net/news/software/08/02/08/firefox-20012

Windows DNS Flaw Is Back

March 8, 2008 – 7:02 PM

Microsoft Corp. said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks.

The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect a victim to a malicious Web site.

Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and was then publicized at a recent hacker conference in New Zealand. “This is a variation of that previously reported vulnerability that manifests when certain client side settings are made,” said Mike Reavey, a group manager at Microsoft’s Security Response Center.

The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.

Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.

Here’s how the attack would work: When a Windows system is specially configured with its own DNS Suffix it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim’s own network.

WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.

To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk. And that’s where the problem lies: by looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.

Reavey says that this problem only affects customers whose domain names begin with a “third-level or deeper” domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.

Attackers who registered “wpad” domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge, something called a “man in the middle” attack.” An victim might think he was visiting his bank’s Web site, but in reality, he could be sent to a phishing site.

“It’s particularly insidious because a lot of people don’t realize that this is happening,” said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.

Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.

Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.

http://www.pcworld.com/article/id,140268/article.html?tk=nl_dnxnws

New Trojan Mimics Skype, Steals Login Credentials

March 8, 2008 – 7:02 PM

Security analysts are warning of another malicious software program masquerading as an installer file for Skype.

The program sends the victim’s Skype credentials, as well as any other logins or passwords stored in Internet Explorer, to another server, wrote Villu Arak, a Skype spokesman based in Tallinn, Estonia, on a Skype blog.

Skype, the VOIP (voice over Internet protocol) program owned by eBay Inc., is frequently targeted by malware writers because it is widely used. Other attacks have focused on sending links to malware via Skype’s chat function as well as worms.

This Trojan horse appears as an installer with Skype’s logo and the name “65404-SkypeDefenderSetup.exe.” Once the program is executed, users see a convincing Skype login interface, although the graphic for the “sign in” button is different from that of the genuine Skype application.

Login credentials can be entered, but none of the other menu functions work, said Chris Boyd, security research manager for FaceTime Communications Inc. Microsoft Corp.’s Internet Explorer can locally store passwords as a convenience for users as part of the browser’s “autocomplete” function, but it is possible for software to improperly access the information.

The Trojan has been spread through spam as well as through instant-message conversations with a link to the malware, Arak said.

“This piece of malware does not propagate itself,” Arak said. “Luckily, because the malware depends on the “human factor” to propagate, it is not widely spread. And we’ve received only a few complaints in customer support.”

One user complained last week on Skype’s forum of an infection, adding that his account was subsequently shut down.

“I was stupid,” the user wrote. “Please, please help.”

http://www.pcworld.com/article/id,138537/article.html?tk=nl_dnxnws