[SecurityRatty] tag: tip

Its hard enough staying safe online when sober!

Tue, 18 Nov 2008 14:18:34 +0000

My fav tip is #4. What a great idea.

5 Ways to Keep Your Drunken Self Away From the Internet

Here are a few methods for keeping your drunken alter-ego away from the computer. Hopefully, you’ll have a tougher time getting around these than you did getting around Gmail’s math quiz.

Kentucky Gambling Domains Case Stayed by Court of Appeals

Mon, 17 Nov 2008 04:08:40 +0000

As reported on Poker News, the Kentucky Court of Appeals has granted a stay of a lower court's order to seize 141 gambling-related domain names. That order was made in a case brought by the state under its "gambling devices" statute, a law intended for things like slot machines. The motion to stay came from the Interactive Media Entertainment & Gaming Association, which is affiliated with the domains playersonly.com, sportsbook.com, sportsinteraction.com, mysportsbook.com and linesmaker.com. Several other outside groups have joined the battle, including the Interactive Gaming Council, the Poker Players Alliance, the Electronic Frontier Foundation, the Center for Democracy and Technology, domain registrar Network Solutions, and the Kentucky office of the American Civil Liberties Union. Hat tip to Domain Name News.

More great advice from Trend Micro

Sun, 09 Nov 2008 12:21:34 +0000

The first tip is so often overlooked.
Just because you have a security product installed, dont assume its working correctly.
Make sure its set up for updates and will run at startup.

clipped from newsletters.trendmicro.com

Security Spotlight: Top 20 Tips to Stay Protected Online

Always keep your security software working and up-to-date. Especially if you use a laptop on unprotected wireless networks in airports, cafes and other locations.

Interesting ... On Compliance

Mon, 03 Nov 2008 12:57:00 +0000

Treat this as a prequel for my upcoming blog post called "Tales From 'A Compliance-First' World" (link TBA).

I am learning that many people really, really, really hate to be told that "they are not compliant" (when they are not, of course!) and such hatred goes down to a very curious level indeed ... almost all the way down to the good ole "scanless PCI" joke level.

So, here is an ultimate "how to make enemies and alienate people?" tip: tell them "YOU ARE NOT COMPLIANT!"

Get a Windows Server on the Fly in the Amazon Cloud

Fri, 24 Oct 2008 08:26:49 +0000

Amazon's EC2 (Elastic Compute Cloud) was cool enough with its initial platform. Now it is offering Windows support on the EC2 platform. Thanks to Jesper's Blog for the tip. Like a lot about the EC2, this turns out to be really convenient for developers. Did you ever want to develop or test a Windows Web app on a real server, not just your test desktop, and not have to get a real server to do it? Now you can just virtualize up a Windows server in the cloud and it's yours: A virtual server running Windows Server 2003, SQL Server and all the .NET stuff preinstalled. A security white paper from Amazon describes the configuration of the Windows system images available and their differences from a standard Windows Server installation. Setup from the user's standpoint looks really easy; Jesper said it took him 5 minutes. A Security Configuration Wizard walks you through an attack surface reduction process, which helps you to turn off services that are not needed and restrict communications channels that should not be permitted. In the end you can save the image and spin off new ones to meet your new standards as necessary. EC2 is a great development for developers and a great way for Amazon to leverage all the work it has put into building its infrastructure. I see a lot of opportunities available.

Outsourcing Infrastructure Management

Fri, 17 Oct 2008 12:30:15 +0000

Have you experienced this? You call [fill in the blank] tech support and reach “Bob Smith” whose accent doesn’t quite match the name. If you’re like me, you wonder two things: is his name really Bob Smith? And if it’s not, why is he lying?

Is it supposed to make me feel better about getting my problem fixed if I’m talking to someone in the Midwest versus someone in Bangalore? (Please no hate mail – I’m from the Midwest.) Honestly, I just want my computer to stop showing me a blue screen of death.

But apparently, I might be in the minority. According to the Black Book of Outsourcing (yes, outsourcing has a black book), reverse outsourcing is on the rise with “India’s leading service providers opening offices on Main Street, USA” to be closer to customers (mainly North American) and draw from the “local talent pools”.

The one area of outsourcing bucking this trend – infrastructure management. Co-writer Scott Wilson says that infrastructure management is largely automated, low touch and does not involve a lot of interaction.

Speaking as a vendor of infrastructure management tools, that’s a bunch of malarkey. Perhaps at a very low level this is true (i.e., is the device responding), but that’s just the tip of the iceberg when it comes to monitoring performance, availability and SLAs for today’s networks, systems and applications.

Certainly as vendors, we try to put as much automation as possible into our toolsets – helping our customers to simplify IT management wherever possible, enabling them to be proactive by setting up “intelligent” alarms and thresholds that warn of problems before they become showstoppers and reacting at a speed in this increasingly virtual world that simply is not possible for human manual interaction.

But infrastructure management doesn’t happen in a vacuum and you can bet when something goes wrong which affects some mission-critical app state-side, that there is a LOT of communication and interaction. And it takes a lot of work and setup to get to a level of automation where the alerting is proactive and intelligent and customized for each business.

One of the main points of tools like ours is to automate where possible in order to free up the valuable time of the sysadmins, network engineers, IT managers, etc to do the higher order work – which is how they’ll get to the next level of infrastructure management. Beyond “is it up”, infrastructure management should be providing answers to questions like: “is it always up”, “is it doing what I expected it to do” and “will it still be working as expected as my company grows”.

Windows Server 2008 SP2, Vista SP2 on the Way

Mon, 13 Oct 2008 02:59:08 +0000

Hat tip to Tweaking With Vishal for the reference to Neowin where franzon has found a KB article with very preliminary references to Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2. There isn't a lot of information in the KB article:

Beta Information
This article discusses a beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this beta product. For information about how to obtain support for a beta release, see the documentation that is included with the beta product files, or check the Web location where you downloaded the release.
INTRODUCTION

This Microsoft Knowledge Base article will be updated with more information about Windows Server 2008 Service Pack 2 (SP2) and Windows Vista Service Pack 2 (SP2) when the information becomes available. Currently, the product release notes and related information about Windows Server 2008 SP2 and Windows Vista SP2 are not available.

But it does indicate, in case there was any question, that these two service packs are being worked on.

A Diverse Portfolio of Fake Security Software - Part Seven

Tue, 30 Sep 2008 12:35:15 +0000

In case you haven't heard - Microsoft and the Washington state are suing a U.S based -- naturally -- "scareware" vendor Branch Software :

"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."

Sadly, Branch Software is the tip of the iceberg on the top of the affiliates participating in different affiliation based programs, which similar to IBSOFTWARE CYPRUS and Interactivebrands, which I've been tracking down for a while, are the aggregators of scareware that popped up on the radars due to their extensive portfolios. These three companies offering software bundles or plain simple fake software, are somewhere in between the food chain of this ecosystem, with the real vendors paying out the commissions on a per installation basis slowly starting to issue invitation codes that they've distributed only across invite-only forums/sections of particular forums.

Behind these brands is everyone that is participating in the franchise and is putting personal efforts into monetizing the high payout rates that the fake security software vendor is paying for successful installation. These high payout rates -- with the financing naturally coming straight from other criminal activities online -- are in fact so high, that I can easily say that the last two quarters we've witnesses the largest increase of such domains ever, and they're only heating up since the typosquatting possibilities are countless and they seem to know that as well.

It's important to point out that their business model of acquiring traffic is outsourced to all the affiliates that do the blackhat SEO, SQL injections, web sessions hijacking of malware infected hosts in order to monetize, so basically, you have an affiliates network whose actions are directly driving the growth into all these areas. Throwing money into the underground marketplace as a "financial injection", is proving itself as a growth factor, and incentive for innovation on behalf of all the participants.

Here are some of the most recent fake security software domains, a "deja vu" moment with a known RBN domain from a "previous life" that is also parked at one of the servers, and evidence that typosquatting for fraudulent purposes is still pretty active with a dozen of Norton Antivirus related domains, some of which have already started issuing "fake security notices" by brandjacking the vendor for traffic acquisition purposes.

Antivirus-Alert .com (203.117.111.47) where pepato .org a domain that was used in the Wired.com and History.com IFRAME injections, which back in March was also hosted at Hostfresh (58.65.238.59).

softload2008name .com (78.157.143.250)
softload2008nm .com
softload2008n .com
softload2008jq .com

microantivir-2009 .com (91.208.0.223)
scanner.microantivir-2009 .com
microantivir2009 .com
microantivirus-2009 .com
microantivirus2009 .com

ms-scan .com (91.208.0.228)
msscanner .com
ms-scanner .com

Personalantispy .com (93.190.139.197)
freepcsecure .com
quickinstallpack .com
quickdownloadpro .com
advancedcleaner .com
performanceoptimizer .com
internetanonymizer .com

ieprogramming .com (92.62.101.83)
uptodatepage .com
fileliveupdate .com
qwertypages .com
sharedupdates .com
ierenewals .com

norton-antivirus-alert .com
norton-anti-virus-2007 .com
norton-antivirus-2007 .com
norton-antivirus2007 .com
nortonantivirus2007 .com
norton-antivirus-2008 .com
nortonantivirus2008 .com
nortonantivirus2008freedownload .com
norton-antivirus-2009 .com
nortonantivirus2009 .com
norton-antivirus-2010 .com
nortonantivirus2010 .com
nortonantivirus360 .com
nortonantivirus8 .com
nortonantivirusa .com
nortonantivirusactivation .com
norton-antivirus-alert .com
nortonantivirusalerts .com
norton--anti-virus .com
norton-anti-virus .com
norton-antivirus .com
nortonanti-virus .com
nortonantivirus.com
nortonantiviruscom .com
nortonantiviruscorporate .com
nortonantiviruscorporateedition .com
nortonantiviruscoupon .com
nortonantivirusdefinition .com
nortonantivirusdefinitions .com
nortonantivirusdirect .com

Fake Antivirus Inc. is not going away as long as the affiliate based model remains active. If the real vendors were greedy enough not to share the revenues with others, they would have been the one popping up on the radar, compared to the situation where it's the affiliate network's participations greed that's increasing their visibility online.

Related posts:
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software
Cybersquatting Symantec's Norton AntiVirus
Cybersquatting Security Vendors for Fraudulent Purposes
Fake Porn Sites Serving Malware - Part Three
Fake Porn Sites Serving Malware - Part Two
Fake Porn Sites Serving Malware
EstDomains and Intercage VS Cybercrime
Fake Security Software Domains Serving Exploits
Localized Fake Security Software
Got Your XPShield Up and Running?
Fake PestPatrol Security Software
RBN's Fake Security Software
Lazy Summer Days at UkrTeleGroup Ltd
Geolocating Malicious ISPs
The Malicious ISPs You Rarely See in Any Report

U.S. Olympic Committee Trying to Take Chicago2016.com Away from Grad Student

Fri, 19 Sep 2008 15:03:00 +0000

In 2004 graduate student Stephen Frayne Jr. bought the domain name Chicago2016.com. Now the U.S. Olympic committee and the Chicago group organizing an Olympic bid for that year want it from him. They have filed through arbitration processes to have the domain turned over. The committee is currently using chicago2016.org as its domain, but that's not good enough. "We certainly see Chicago2016.com as the logical default domain for our site, and we believe having someone else control it is misleading for people seeking information about Chicago's bid," said Patrick Sandusky, a spokesperson for Chicago 2016. The Chicago Tribune article on this story describes "Chicago 2016" as "a moniker protected by trademark." I did a trademark search and there are several with that string in it, none of which were filed before 2006. Frayne launched the site to be, he claims, a forum for public discussion of Chicago's bid. He also owns Tokyo2016, another city bidding for that Olympiad, and is also being pursued for that domain. My own opinion: There are no trademarks in "Chicago 2016" that the committee can reasonably claim ownership of. Obviously it just hasn't offered Frayne enough money for the domain yet. Hat tip to DomainNameNews.

Sprint May Launch WiMax in Baltimore 6-October

Fri, 19 Sep 2008 05:30:46 +0000

DSLReports has a tip that Sprint will launch its WiMax service in its first commercially available market on 6-Oct-2008: The site for the service should go live on 26-Sept, allowing sign ups. Pricing will likely be sub-$50. Speeds will likely be advertised as 2 to 4 Mbps with higher bursts. Long-time market watcher Karl Bode writes that backhaul issues appear to be sorted out, with Sprint having signed a number of new deals to ensure that their high-bandwidth WiMax sites can be fed with enough bites.

Baltimore is one of what I believe are still three test markets that will go into commercial availability, albeit as much as a year after initial plans, and then months delayed after revised plans were announced. Still 2 to 4 Mbps is far above the level that current cell technology can achieve as a consistent range.