Elamb Cybersecurity

Blog

  • Surfing with an Admin account or How to Get Owned

    Martin McKeay over at mckeay.net is has good methods of securing his home network:

    I'm a strong believer in the 'rule of least privileges' as my wife and children well know; at least once a week I get called over to the kids computer to log in as administrator and install some program for them. The kids have gotten used to it, but my wife hasn't and she's forgotten that I gave her the adminstrator password.

    The reason it is a great idea to use the least priveleges possible and not go surfing the net with Admin priviledges is that if you (or anyone on your computer with admin priviledges) hit an exploit site that downloads something on your system, it will do so with your administrator permissions. 

    It is best to surf the web with an account that does not have permission to download anything from the web, with elevated security features on Internet Explorer (cookies and java scripts turned off).  In fact, just use and patched version of Firefox. 

    More Security on Internet Explorer

    You can increase security feature of IE by going to Tools | Internet Options | Security tab.  Adjust the trust you have for the Internet by adjusting the level on the slider in the “Security Level for this Zone Area.” 

    If you surf the web with an administrator account without a firewall not only will you more than likely get hit with a trojan and worms you will give the masters of these products elevated priviledges to your system as they will install code in the C:\Windows\System32 – also known as root. From root a criminal hacker can do practically anything they want with your computer (including install a keylogger that copies everything you type and send the data back to some IRC room on the Internet.)

    In layman's terms, they will OWN your ass.  

    If your really paranoid: 

    Customize your selected security levels by clicking the “Custom Level” button inthe “Security Level for this Zone Area.”  Disable Active X, and Java to completely destroy the ability of malicious mobile code to affect Internet Explorer (unless its already on your system).  This will impare your ability to expirience anything beyond text.

     

  • Cleaning Internet Explorer

    IE 6.0 and below suck. Honestly, it is updated a few times every other
    month with SERIOUS security issues.  Those security issues are
    constantly exploited by spyware and spam.  It really is ridiculous
    how much business Microsoft has given to spammers.

    Switching to FireFox, or Opera

    FireFox is the Shiznit!

    CLEAN IE, DOWN AND DIRTY:

    1)  Get Rid of Cookies.
    Do a search on your entire computer for cookies just as you would search for ANY file.  Type in “cookie” in the search app
    2)  ADD/REMOVE SpyWares
    Next uninstall the blatant crap on your system: Go to Add/Remove
    Programs | look for applications like “search” or “accelerator” or
    “optimizer”.  Don't just arbitrarily remove stuff, only remove
    stuff you know it crap.  If you not sure, google it.
    3)  Get the TOOLS
     Next download “adaware”  its free on majorgeeks.com
     Another good one is CWShredder and Hijackthis (use with great
    caution.  In fact, don't use it without reading up on it.)
    4) USE SAFEMODE
    Boot into safemode and use all your new found tools.
    Safemode only runs your essential processes.
    Get to safemode by rebooting and hitting “F8” like crazy as computer starts to come up.

    This should clean your system unless you have some very special Trojans
    or RootKits on your system.  If the problem is really bad you can
    always back up your important data and reload Windows from scratch.

  • RIAA Sued for Hacking

    A 41-year old disabled single mother has counter-sued the RIAA for
    Oregon RICO violations, fraud, invasion of privacy, abuse of process,
    electronic trespass, violation of the Computer Fraud and Abuse Act, and
    negligent misrepresentation.

    read more | digg story

  • Who Is Listening to Your Internet Phone?

    The FCC is about to introduce new regulations that will give law-enforcement agencies the ability to tap Internet-based voice calls to help thwart terrorism. However, some security experts worry that this would make it easier for hackers to gain illegal access to calls made through Voice over Internet Protocol (VoIP) services.

    read more | digg story

  • CEO of Microsoft Smoking Crack!

    Microsoft CEO, Steve Ballmer, says he will “CRUSH GOOGLE” the search engine and its brilliant Ad system.

    Hey, Steve.  Get off the pipe!  MSN search sucks. 
    Altavista is better than MSN.  Here is a suggestion from some
    stupid nameless blog, Write better search code.  Beat Yahoo's
    search engine, then come after Google.  The Internet is Google's
    house they are slam dunking on you all day.  They've done
    things with Firefox and NOW:

    On Tuesday, Google may strike back at Redmond's heart: Microsoft Office.

    Google and Sun Microsystems will hold a press conference
    on Tuesday at which they're expected to announce a collaboration to
    bring StarOffice productivity applications to Google users.

    If you can say that Microsoft has an Arch enemy I guess it
    would be a combination of Sun Microsystems, Google, and Mozilla. 

    In 2001 Baller named the following:

    1. Linux – The rock: invading Microsoft territory from below.
    2. Unix – The hard place: unyielding in the enterprise space above.
    3. Oracle – The database giant that won't give ground.
    4. Sun – Big, powerful Unix boxes stymie Windows 2000.
    5. AOL – Still the king.

    In 2005 it would be:

         1.   Linux – Still going

         2.   Unix (OSX on x86?) – Still going

         3.   Oracle

         4.   Mozilla – the viral spread of Firefox on inferior IE

         5.   Google – Undisputed Search Engine, Internet Kings

         6.   Sun
    read more | digg story

  • Spyware Stats To Pay Attention To

    In early 2005 Webroot Software released its State of Spyware Report which was conducted by Webroot and Earthlink. In the survey over 4.6 million computer systems were scanned during 2004 and the results have shown how threatening spyware has become.

    It was suggested that more than 90 percent of all computers with internet connections are infected with spyware. During the first quarter of 2005 approximately 88 percent of systems scanned with Webroot’s SpyAudit software had some sort of unwanted application detected.

    On corporate computers over 55 percent of PCs had unwanted programs, excluding cookies because they are thought not to be as intrusive or detrimental. The corporate computers averaged 7.2 non-cookie spyware infections per computer.

    In 2004 the last quarter yielded 19 percent of consumer and business computers with keyloggers and in the first quarter of 2005 that number had dropped to 7 percent, according to systems scanned with Webroot’s software. In both the last quarter of 2004 and first quarter of 2005 19 percent of consumer PCs and 7 percent of business PCs had Trojans.

    Another daunting piece of information gather through online research by Phileas is that 4,294 sites were found to have some type of spyware. This information has proven that in a short amount of time spyware has skyrocketed into the top internet threat. As the internet become a rapidly growing medium used by millions online threats such as spyware can thrive and spread a quick rate, infecting and damaging nearly all user unless protective measures are taken.

    Mitch Johnson is a successful freelance author that writes regularly for http://www.1st-in-spyware.com/ , a site that focuses exclusively on spyware removal software, as well as tips on how to prevent spyware from popping up on your computer. This site articles on has spyware guard, http://www.easy-spyware-killer.info/ as well as spyware scanner, http://www.easy-remove-spyware.info/

  • Anatomy of A PayPal Identity Theft Scam – The 7 Warning Signs

    Paypal is becoming the online payment processor of choice for many users. Paypal allows virtually anyone to except credit card payments. Paypal is also a great way to send and receive electronic payments. Unfortunate fame has it's price and in the case of Paypal that means scam artists preying on the Paypal members

    The Most common Paypal Scam Involves E-Mail, You will receive an E-mail from Someone claiming to be Paypal requesting you Verify your Information. That is Warning Sign 1 Paypal will never send you an E-Mail Requesting Your Personal Information

    Often this E_mail will be sent to an E-Mail Address that is not the same one that Paypal has on File. That is Warning Sign 2

    The Third Warning Sign is forged Headers (From Address). This is often hard to detect without knowledge of the Internet. Many Spam filters are now setup to block E-mail that has forged headers. Ask your E-mail provider how you can block Forged Headers.

    The Fourth Warning Sign is the Greeting says something like Dear Paypal user or Paypal Member. Paypal knows who you are they will use the name you registered with.

    The Fifth Warning Sign is the threat. The E_mail will threaten to suspend your account if you don't take immediate action.

    The Sixth Warning Sign is a Non Secure Page. If you do click on the link in the E-Mail you will not be on a secure Page, No Https in the URL and no little Padlock in the lower left hand corner of your browser.

    Bad Grammar or Misspelled words in the

    If you receive an E-mail from Paypal with even 1 of these warning signs more likely then not it is a scam. Forward the E-Mail to Paypal and ask for assistance if you have any doubts.

    Don't let these modern day thieves keep you from go about your every day life. Life is a risk the key of course is to do all you can to protect yourself and still enjoy life.

    About The Author:
    Mike Makler has been Marketing Online Since 2001 When he Built an Organization of over 100,000 Members

    Get Mike's Newsletter:
    http://ewguru.com/newsletter

    More Articles by Mike:
    http://ewguru.com/tips

    Permission Based E_Mail Marketing Methods
    http://ewguru.com/hbiz/amazingoffer.html

  • Computer Security 101: Proactive Security

    Another university accepted ethical hacking.  Lately it seems every other month educational institutions are teaching security hacking.  I think this is good.  It is important to learn many kinds of Wire-Fu. 

    Oct. 3–NEW HAVEN, Conn. — The computer lab tucked into a corridor at Jennings Hall at Southern Connecticut State University may not look it, but it's sick.

    Viruses run rampant. Firewalls are frowned on. Here, hacking is not only encouraged, it's a course requirement.

    “Last week, I went onto a computer in the back room. Their homework was to figure out what I did and log into my fake account,” said Lisa Lancor, an associate professor of computer science.

     

    University of Calgary hacker course 

    University of Glamorgan – Certified security Testing Associate and Professional and Certified Forensic Investigation Analyst

     Internation Counsel of e-Commerce Consultants – Certified Ethical Hacker CEH – Certification

  • White hat, gray hat, black hat

    Hackers secure their computers better than the rest of the computing community. Government and industry can learn from their hacking techniques and protection skills to improve information technology security, experts say.

    read more | digg story

  • Updating Your Windows Operating System is very Easy!

    Many everyday Internet Users do not know why they must keep their computer Operating Systems Up-To-Date – and many don’t even know what an Operating System is!

    From “ignorance is bliss” to “surprise attack and disaster” – how many thousands of Internet users have experienced this frustration and grief?

    This raises the obvious question: “Why haven't they prepared to avoid it?”

    The startling fact is that there are many long term Internet users who have never even considered updating their Operating Systems and protective Safe-ware.

    Perhaps the complexity of it all contributes to what might be described as User apathy – or indifference and a lack of enthusiasm toward the following:

    * The news of yet another vulnerability or patch process.

    * The potential damage to computer, personal information and reputation – i.e. the “It can't happen to me” attitude.

    * Their own abilities – i.e. “I’m too old, too dumb, too whatever – to learn how to fix a computer without breaking something.”

    * Updating – i.e. “My computer came with an anti-virus program, so why does it need to be updated now?”

    The sad fact is that the lack of confidence people have in their ability to build a defense often leads to a reluctance to even accept the reality of Cyber Threats.

    Some of the lesser-experienced Internet users rationalize their lack of action with pessimism, even defeatism. Human nature often supports these excuses with defensive attitudes and mis-beliefs like:

    * False sense of disaster support – “My nephew, neighbor, son or whoever, is a computer whizz. They’ll be able to fix the problem if anything ever happens.”

    * Scepticism – “All this talk about viruses is just so the “news people” will have information for publishing, and so the software manufactureres can scare people into buying more of their products.”

    * Ignorance (of the extent of deception, skills and sophistication that the malicious hackers have attained).

    * Disbelief (that personal computer might be infected and used by others to spread malicious viruses and worms). “My computer seems to be working ok – a little slow, maybe, but it is getting pretty old.”

    * Overwhemed (too many choices with firewalls, anti-virus, anti-spam, anti-spyware, Trojan removers). “Why do I need all of these and which ones should I use?” or “Do I really need to update my Operating System, my anti virus, spam, spyware stuff?”…I’ll just never learn how to do all of this.

    * Expense (How much will all this cost and is it really necessary?)

    * Fatalism – “Hey, if it’s going to happen, it will, and I’ll just junk my computer and get another one. Mine’s getting kind of old, anyway.”

    Here, then, are the Shocking facts about updating PC Operating Systems.

    There are many unaware Internet users who have been online for years, but lack in these ares:

    * They don’t know what “Updating” really means.

    * They have never responded to the popup message associated with the icon in the Task tray that announces new Windows Updates.

    * They have never clicked on the Windows Update icon in the Program Start menu.

    * They have never visited the Microsoft Windows Update web page at http://windowsupdate.microsoft.com/.

    * They have never updated their PC Operating Systems.

    Even if they have been able to navigate to the Microsoft Update webpage, many just throw up their hands in despair at the overwhelming number of choices and unknowns, such as:

    * Choosing what to update from the long list of options.

    * Waiting for Windows to check the registry for available updates.

    * Deciphering the Update descriptions (and instructions).

    * Selecting or Removing the necessary options.

    * Starting the download.

    And oftentimes, many people have never even used the Windows Help information to find out how to update their computer Operating Systems.

    How many self taught or untrained computer users are going to persevere through all of the hassle described above? Is it any wonder so many computers become infected? The criminal Hackers building their bot and zombie armies have nearly an open and undefended playing field; many are using it every day to steal money and identities.

    So, what is the solution to this problem?

    If individuals with computer “understanding” would help and assist others with less knowledge, there would probably be less of a problem.

    Nearly everyone who has faithfully kept their PC Operating Systems and Safe-ware up to date surely has family members and friends who could benefit from an hour or so of basic instructions. This would make it much more difficult for the criminal Hackers to compromise another persons computer.

    Hacker's would eventually be faced with a growing number of adequately protected computers, educated Users and hopefully would finally give-up trying!