In case you missed the earlier stories, MaximumPC readers and many others have been concerned about how easy it was for malware to change UAC levels and subvert the new and allegedly improved User Account Control in Windows 7.
To find out what's changing - and who deserves the credit - join us after the jump.
Today, we live in a world of rapidly diminishing privacy. If you use your employer's email system, it is possible that every message you send or receive is logged and intercepted without your knowledge. This may have unintended or even disastrous consequences if an intercepted email message contains sensitive personal information. Unless your email goes through Secure Socket Layer (SSL) protected connections, your email is vulnerable to what is known in the IT security field as man-in-the-middle attacks, where an attacker can intercept your message as it flies to its intended recipient.
Email is sent in a format that is easily readable if an attacker can grab and reconstruct enough pieces (packets) from the data transmission with packet sniffing software. Technologies like deep packet inspection make it theoretically possible that any given message that goes over the internet can be sniffed and read by third parties who have the right software and know-how. (the feds, your ISP, etc.) While no one may have a real reason to spy on you, relying solely on security through obscurity has always been a poor policy to live by. Because of this, encryption is the only real option you can trust. We teach you how to put your emails in a lockbox before sending them off to their destinations.
So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:
Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.
To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.
It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.
When it comes to PC security, you already know the drill: Don't download unknown attachments, avoid clicking on suspicious links, log directly into your online accounts rather than follow a hyperlink, and so forth. These methods work well when dealing with virtual threats, but what happens when miscreants start meshing their malware tricks into the real world?
That's exactly what's going on in North Dakota, where some hybrid car owners have fell victim to fake parking citations left on the windshield. The citations read "PARKING VIOLATION. This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to ______," where the blank is filled in with a malicious website. Those who go the website are instructed to download a toolbar to view photos of the ticketed car, but it instead installs a Trojan along with a bogus security alert instructing victims to install a fake antivirus scanner.
On January 31, you may have thought the entire internet had fallen prey to what would have ranked as the fastest spreading worm in the history of the web. That's because for about an hour on Saturday morning, all Google search results were flagged with a warning saying "This site may harm your computer," including Google.com. Clicking a marked site would bring up yet another warning.
So what exactly happened? Well, it wasn't a worm, and the internet wasn't under attack (no more than usual, anyway). Instead, Google said it ultimately boiled down to human error.
"Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs," Google explained on its blog. "Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes."
Google initially said it gets its list of malicious URLs from StopBadware.org, which StopBadware.org said isn't true. After several updates, Google's final statement says it "works with a non-profit called StopBadware.org to come up with criteria for maintaining this list," but that fault untimately fell on Google.
Hard drive encryption sounds like an intimating concept, mostly because it is. The thought of taking your precious files, then using a mathematical formula to convert them into random noise before scattering them back across your disk is a hard sell. The harsh reality is, mobile computing is on the rise, and so is laptop theft. Depending on who you ask, anywhere from 500,000 to over 1,000,000 laptops are lost or stolen in the US each year. In some cases, the data on the hard drive is often more valuable than the machine itself.
To determine if disk encryption is something you should be considering, simply ask yourself if your PC contains anything you wouldn’t want posted publically on the internet. If the answer to this is yes (and I assume for most of us it is) then encryption is worth considering.
The good news is, you no longer need to be a member of the CIA to lock down your machine with government level encryption.In fact, one of the most highly regarded and powerful encryption tools available is both free, and open source (our favorite combination!) True Crypt allows you to protect either all your data, or only what you choose. You can mask your boot drive and sensitive documents, while leaving your games or other non generic data in the clear. While no encryption process is without risk, True Crypt is designed to put your mind at ease, and takes no chances with your data. The process can be reversed at any time even without being able to boot into windows.
So if your ready to get started click the jump to learn step by step how to protect your data.
With the New England Patriots having been unceremoniously knocked out of playoff contention in unprecedented fashion with an 11-5 record, most of you are probably so disgusted that you won't even bother to watch the Super Bowl. But for the rest of you, and particularly those of you planning to attend and watch the Cardinals finish off their storybook playoff run with one final (and one very shocking) victory over the Pittsburgh Steelers (that's right, I'm calling the Cardinals on this one) in person, Microsoft will be helping to keep you safe during the ensuing pandemonium.
NFL security VP Milton Ahlerich said earlier that Raymond James Stadium in Tampa will be "one of the safest locations you can possibly be" during the Super Bowl, which shows how confident he is in Microsoft's Surface. Security will be using Surface to coordinate security forces, giving them a display of a Microsoft Virtual Earth map of the entire region, along with the ability to quickly zoom and display a 3D image of the city with realtime resource tracking.
"We’re thrilled to be a part of the Super Bowl activities and supporting our long term customers here in Tampa," said Robert Wolf, President and CEO of E•SPONDER. "Our goal remains to provide the region’s first responders with easy-to-use, real-time collaboration tools to help protect the fans attending events throughout Super Bowl week and the game itself."
Google's rap sheet when it comes to goofy exploits gives us pause to wonder if the company might be spending too much time concentrating on Cloud computing and not enough on security fundamentals. Back in July of last year, a SecurTeam blog exposed a Google Calendar flaw which made it possible to expose any Gmail user's real name with minimal effort. More recently, an exploit in Gmail allowing hackers to redirect your email was discovered. Now someone has stumbled onto an interesting vulnerability in Google's Chrome browser.
When you visit a site with an http password protected directory -- or try logging into your router, such as 192.168.1.1 for Linksys owners -- an Authentication Required pop-up appears asking for your for your login credentials. Your password should look something like ••••••••, but according to NeoBlog user tekmosis, if you let Chrome save your credentials to auto-fill the form, the next time you log in, copying and pasting the hidden password into a plain text application will reveal the actual ASCII characters.
We put tekmosis' discovered exploit to the test and as it turns out, you don't even need to have Chrome save anything. We tried logging into our router, typed our password, and it was immediately revealed when we copied/pasted it into Notepad.
While it might take a little work on the part of a hacker to take advantage of this vulnerability, it's one that should never have existed in the first place. You could make an argument that all exploits should never have existed, but this one just seems like a particularly glaring oversight.
It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”
It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.
Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.
Google's Android OS was supposed to pave the way for an iPhone killer, but instead of decimating the iPhone, Android-users are instead finding their contacts being wiped out. The culprit isn't Android itself, but an Android application called MemoryUp users claim is responsible for erasing their contacts, installing adware, and even freezing their phone.
"Doesn’t work at all erased my phone numbers and froze my phone," one user complained. "Do not download. Destroyed my memory card/system delete. Then my email was spammed. TMobile can’t stop you from downloading this! So don’t!," added another user.
The app, created by Peter Liu, claims to keep Android smartphones running faster and efficiently by monitoring system use and freeing up resources when needed. But some users contend the program is nothing more than a scam. Buyer beware.