Archive for the 'Computer Security' Category

 

Bogus Microsoft scams

The methods of spammers or computer criminals can be convincing especially when they pretend to be calling on the phone from Microsoft.

I’ve had these types of calls myself. They claim to be from Microsoft calling to inform the user the PC is infected by a virus. They offer to do a remote inspection to confirm the threat and either seek an IP address (the address of your PC on the internet) or direct the user to a spoofed Microsoft website to download a tool so the caller can take over the machine remotely.

If they want an IP address you could give them DOCEP’s DNS server address at 203.33.230.200. If they ask you to visit a Microsoft website and you are using IE8 you can see in the URL area that the main domain (microsoft.com) will be in bold, while the rest of the URL is greyed out.

But this is a lot to remember on the spot. Best to remember that Microsoft will never make an unsolicited call to you for any reason, especially if it involves remotely accessing your PC and eventually asking for money. Just as winning a lottery that you never entered in the first place is highly unlikely, so will be a friendly suppport call from a Microsoft engineer on another continent be unlikely.

 
 
 

How secure is your password?

I seen a password on a computer recently that comprised 3 letters of the alphabet. Can you guess which three? This was a computer in a small business that did payroll, banking, and was the main MYOB retail server. Geesh. Anyway….

So, for those who want to know just how secure their passwords are you can use this password checker. It’s gives a rating between poor, to good and best. It is a non-recordable password tester from Microsoft.

 
 
 

Internet Explorer Patch MS08-078

This out of band patch is now available through Windows updates.

Here’s the patch direct link (closed).

 
 
 

DEP – Blocking unwanted programs in Vista

The UAC (User Account Control) prompt in Windows Vista is a security tool to prevent unauthorized access to the system. The problem I find in the field is that there will always be a percentage of users who will click “continue” = (please allow this malicious code to run on my PC because I really don’t know any better). It may also be difficult to manage the security of a computer when it is accessed by multiple users, and you need a secure computer on your network or in the office. There is a solution to this problem. It is a fiddly, requires familiarity with the mouse and navigation in Vista, but if you want to lock down Vista and prevent malicious code from running DEP is your answer.Data Execution Prevention has been around since Windows Server 2003 and monitors the way programs use system memory.

If the program attempts to access memory in an unsafe fashion, DEP closes it down. If the program has a valid ActiveX Control it should execute correctly. If it will not install or run and you know this program is safe you can add it to the DEP allowed list. The computer needs to be restarted after DEP changes. Not every program that is blocked by DEP is malicious or spyware but if DEP is monitoring the program it can detect attempts to execute code from protected memory areas, and help to mitigate the threat of attacks. If DEP closes the program you know is safe, try checking for a DEP capable version of the program or contact the vendor before changing DEP settings.

To access DEP settings and add or remove programs from the allow list:

· Go to start

· Right click computer

· Select properties

· Select advanced system settings

· Note the UAC prompt and continue

· Select the advanced tab

· Select the performance tab > settings

· Select data execution prevention

· DEP is turned on for essential Windows programs and services only by default – choose to turn on DEP for all programs

· Restart the computer

· If a new third party program does not run and is blocked by DEP specifically you can add it to the list by (A) turning off DEP, restart PC, install new program, turn on DEP and add the exe of the program to the DEP list, restart PC.

We turn on DEP on request or for some security scenarios on our new computers. A program blocked by DEP does not always notify you. DEP is not for everyone but is highly effective if you need advanced security.

 
 
 

3 ways to recognize email scams

I get those emails that look like they come from my bank asking me to confirm my account details, or even threatening to suspend my account if I do not click this link NOW! I could say these emails are very good imitations complete with logo and contact details, legal disclaimer etc, except I have never received an email of any description from my bank. Banks send letters for notices and such.

I am used to dealing with these emails like everyone else with an email address but the email I received the other day was different. It made sense in a way. We use certificates on servers to enable secure access, so why not banks? The email informed me the bank was changing over to a certificate based system for login to internet banking. A link invited me to download a customer certificate – all in the name of better security. The certificate would recognise my computer by way of the certificate.

Aside from knowing banks do not, (1) would not send an email for such a big security change, there was was the spelling (2) mistakes. Server was spelt serve for example. Banks have and use spell and grammar checkers. I get spelling mistakes on school newsletters and even the education department letters, but never on a bank letter or legal documents.

Then I closed the email, right clicked it and selected message options (Outlook 2007). Scrolling down past the delivery path of my own ISP and its spam filters, I see the return address (3) is xhjkgs@excite.com. The return path / originating path could also be blank. Real emails have real addresses.

In my case the scam targetted ANZ bank customers so i rang 131314 and reported it to bank security.