This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Free trial of VIPRE Antivirus Business

Discover first hand, the benefits of this security solution for your company.
VIPRE Antivirus Business is the cost-effective and easy-to-manage business virus protection for small- and medium-sized businesses. It's easy to set up and use via an intuitive management console. It's the business antivirus built with IT administrators in mind. Try VIPRE free for 30 days to see how this security solution can benefit your organization.

This offer is intended for business use only. 

IE Zero Day and Increase in Global Malware Indicators

A look at the last 30 days of web searches for common malware infection indicators shows that the Internet Explorer Zero Day vulnerability has been in the wild since possibly September 12, 2012, or possibly as far back as September 8.

On September 11, the indicator search volume was at 67 on a sliding scale.  As of September 16, 2012 (the last day Google provides search data for at this time), the search volume had increased to 94.

The search volume had peaked on September 2, and was on a fairly steady decline since, with the exception of a brief spike in search activity on September 8.

IE Zero Day Exploit in the Wild

There is an IE exploit in the wild which affects IE 7, 8, and 9.

For more information, see the SANS ISC post.

How Not to Redact a Document

In case you didn't know, Zynga and EA have been in a legal battle over copying each others' games.

Zynga has posted publicly an answer to EA's accusations as well as a demand for jury trial.  Also posted was a counterclaim with redacted sections.



However, Zynga's legal team did a very poor job of redacting the documents.  Instead of removing the redacted text, they simply set its background to black.  The original redacted text can be revealed by highlighting the text.


It's very important that document redaction methods be properly reviewed by the IT staff prior to release.  Without proper review of methods, sensitive information could be revealed, which could possibly cost an organization millions.

Related Reading:
A Primer On Electronic Document Security

Zombie Alert - How to Survive the Coming Zombie Apocalypse

Every day I come across interesting "personal security" stuff that just doesn't fit with the theme of this blog.

In response to this, I have started a blog called "How to Survive the Coming Zombie Apocalypse".  My goal is to make this a humorous, yet useful resource for personal security, preparedness, and self defense.

I hope you enjoy the blog, as I have great plans for it.

The Anonymous Lies Keep Building - GoDaddy and Apple


UPDATE 9/11/2012: Anonymous Own3r is a fraud.  The GoDaddy outage was caused by an internal router issue, and not a hacking or denial of service attack. 

EDITOR'S NOTE: As of writing this article, "Anonymous Own3r" has not provided proof that he/she was responsible for this attack.

Earlier this year I wrote about an Anonymous plan to take down the internet through a massive Denial of Service attack against the root DNS servers, and how to take steps to avoid being affected.  However, this attack never impacted anyone.

Today a member of the group Anonymous, who goes by "Anonymous Own3r" claimed responsibility for knocking GoDaddy's DNS servers offline.  According to the hacker fraudster, he/she acted alone in this attack, and it was not assisted by the Anonymous collective.  However, no explanation has yet been posted as to how he/she took down GoDaddy's DNS servers further investigation reveals that Anonymous Own3r is a fraud, and was not responsible.

This revelation comes on the same day that it was revealed that leaked Apple device IDs were from a US company BlueToad, instead of the FBI, as Anonymous has claimed.

According to Netcraft.com the GoDaddy outage lasted approximately 3.25 hours, and affected eight out of GoDaddy's ten hosting locations.


While the percentage of the Internet affected by this attack is not clear, what is clear is that the thousands of web sites and email servers hosted by GoDaddy went dark today during business hours, wreaking havoc on businesses relying on GoDaddy for their web and email presence.

Does your Disaster Recovery Plan and Business Continuity Plan include massive outages by your hosting provider?  If not, now would be a good time to add it, especially if your organization relies on web and email for your critical business functions.

Related Reading:
Solution Brief: Disaster Recovery
Pre-Testing Disaster Recovery and Business Continuity Plans
Recent Lessons in Disaster Recovery

Mission Critical (FREE Subscription!)

How to Choose the Right Antivirus and Firewall

Anti-virus and Firewall are very important protection for all systems, home or business.

If you don't have a budget to purchase software, there are some excellent free programs available.  Please note that I am only going to be discussing Windows in this post, as Mac or Linux AV is a completely different subject worthy of a future blog post.

The first product you should consider is ZoneAlarm Antivirus+Firewall.  This lightweight combination is perfect to maximize protection while minimizing performance impact.
However, if you do not want a combination Antivirus+Firewall, it's perfectly acceptable to use ZoneAlarm's standalone firewall product with another antivirus product...but I strongly recommend at a minimum using ZoneAlarm's firewall, as I have yet to find a comparable firewall product for free.

If you're looking for an alternative to ZoneAlarm's antivirus, there are many available.
First on the list is AVG (which you can download directly here)
Second is Microsoft Security Essentials, which requires a legitimately licensed copy of Windows
Third is ClamWin, an open source antivirus program which is extremely lightweight but does not feature an on-access scanner.

If you have a budget to afford antivirus at home, or need to protect your business, VIPRE has written a guide on choosing the right antivirus solution for your business.




By the way, if you'd like to support this blog, feel free to make a purchase through our Software Catalog.

Learnist: Share What you Know

Today I received a perk from Klout.com for an invitation to join "Learnist".

While I'm under no obligation to actually write about the perk, I really wanted to share this with everyone.

I have to say, I'm very impressed.

It's a massive community of learning and sharing...all at your own pace, with no pressure to pass tests or earn certificates.

I've setup a "Cyber Security Tips and Tricks" board, and began adding my own how-to articles, as well as other useful resources online.

I encourage you to look into the site, and request an invite!

Using Google Insights to Track Computer Virus Outbreaks


Google.org currently maintains "Google Flu Trends" which works by looking at search keywords as indicators of flu activity.

I've been doing some thinking recently, and why not apply the same to computer virus outbreaks?


I'm still trying to refine the search keywords, but there's a good article on CNet which might provide some starter info.

Based upon the article, I've created the following string for insights. Note that Insights treats + as a logical OR...

"computer virus infection" + "computer slow" + "computer crashes" + "program opens slow" + "annoying popups" + "is symantec.com down" + "is mcafee.com down" + "is trendmicro.com down" + "can't update antivirus"
It's important to note however, that using the above search string along will not produce the "global infection map" we're looking for.  This only looks at English-language searches, and does not include searches in other languages.  We can however use this string to create a nice map showing infection trends in the United States over the past year.

Since most infections result in searches such as "why is my computer slow", here is a multi-lingual search string:
computer slow + ordinateur lent + ordenador lento + bilgisayar yavaş + コンピューターが遅い + 느린 컴퓨터 + 计算机速度慢 + computer langsom + 電腦速度慢 + компьютер медленно + powolny komputer + بطء جهاز الكمبيوتر

If the above string is accurate enough to indicate that the user is infected with a virus, then we can view global infection trends for home users.

We can try to validate this data by looking at October 2008 through February 2009, when Conficker was infecting the most computer systems.  Conficker started infecting computers in November, 2008, and in January 2009 reached a peak of possibly 15 million infections.



More importantly, we can use the data for the past 30 days to monitor for spikes in activity, which would indicate a possible malware infection is spreading in the wild.

We can also use this data to create a rather interesting global history of malware infections.

Why Wikipedia should never be used as a Technical Reference

There's been a lot of talk about Wikipedia lately over at Slashdot, with regard to Wikipedia shifting from using primary to secondary sources.

When I'm researching a technical issue, and a Wikipedia result is returned, I immediately skip over it.

I used to be able to trust Wikipedia as a "landing page" to find a brief overview of what I'm looking for, then locate additional information.  But not anymore.  There is an ever-growing trend on Wikipedia to create a "leaner" Wikipedia by simplifying articles, combining articles, and deleting articles.

First case in point is the Wikipedia page for "Microsoft Macro Assembler".  As of this blog post, this is a very small page with "History", "Object module formats supported by MASM", "Some third-party tools that support MASM", and "Assemblers compatible with MASM" as the main content sections.

Strangely missing is the details on the actual MASM assembly language.  There's no link to another wiki page.  There may be a few references at the bottom to the language, but nothing in the article itself.

I considered adding to the article, but then I noticed in the history that there used to be a rather excellent overview of the MASM assembly language, but someone deleted it with the following reason:
major cleanup; remove poorly written and messy "MASM assembly language details" section which discusses specific aspects of MASM and is best suited for a user's guide
 
I was really hoping this was a one-off occurrence, but the more I look through Wikipedia, the more saddened I am that the entire community has turned into one large bickering and arguing festival over what needs to be deleted.


Having Fun with the EICAR Test File

For those not familiar with it, the EICAR Test File is a text file commonly used for verifying Antivirus software is properly working.  More info can be found on EICAR.org

I stumbled upon an interesting bugtraq post from 2003 which I felt was worth sharing.  The post disassembles the EICAR test file and looks at how it works.

Interesting read, especially if you're interested in programming.