Tuesday, 18 October 2005

If you have the MSN Toolbar on IE6, go grab the new beta Phishing Filter (shouldn't that be PHilter?) and install it.

The Phishing Filter Add-in offers access to the beta version of a new dynamic online service, updated several times an hour to warn you and help protect your personal information from these fraudulent websites by:  

  • Scanning websites you visit and warning you if they are potentially suspicious.
  • Dynamically checking the web sites you visit with up to the hour online information via an online service run by Microsoft and blocking you from sharing personal information if a site is a known phishing website. 

I only get, ohhhhh... maybe 50 phishes a day (seriously), so I checked my email from tonight, chose one of the several PayPal phishes that arrived this evening (most of which still had live web sites associated with them) and found the new add-in for the MSN Search Toolbar did the job quite well. It caught the page and blocked my ability to enter info into the form fields (click the image to view full size):

Phish Blocked by MSN Search Toolbar Phishing Filter



Add/Read: Comments [1]
IT Security | Tech
Tuesday, 18 October 2005 21:16:36 (Pacific Standard Time, UTC-08:00)
#  Trackback
SharePoint Portal Server (SPS) 2003 Service Pack 2 is now available to be downloaded. It contains a significant number of important security fixes and enhancements as well as changes to improve performance and stability. Several previously released fixes and those from the previous service pack for SPS are included in this release.

Windows SharePoint Services (WSS) Service Pack 2 was also recently released. It is also a roll-up of the previous service pack and previously released (post-SP1) fixes, plus it includes some new fixes.

Finally, Version 1.7 of the WSS Administrator Guide has been updated to reflect changes in WSS SP2



Add/Read: Comments [0]
Office 2003 | SharePoint | Tech
Tuesday, 18 October 2005 20:16:46 (Pacific Standard Time, UTC-08:00)
#  Trackback

Now this is both interesting and kind of nifty... Microsoft Labs has published and posted a download for "Virtual WiFi," which allows a wireless card use to connect to more than one WiFi network at a time with a single wireless card.

VirtualWiFi is a virtualization architecture for wireless LAN (WLAN) cards. It abstracts a single WLAN card to appear as multiple virtual WLAN cards to the user. The user can then configure each virtual card to connect to a different wireless network. Therefore, VirtualWiFi allows a user to simultaneously connect his machine to multiple wireless networks using just one WLAN card. This new functionality introduced by VirtualWiFi enables many new applications, which were not possible earlier using a single WLAN card. For example,

  • With VirtualWiFi, you can connect to a guest's machine or play games over an ad hoc network, while surfing the web via an infrastructure network.
  • You can use VirtualWiFi to connect your ad hoc network, which may contain many nodes, to the Internet using only one node.
  • VirtualWiFi can help make your home infrastructure network elastic by extending its access to nodes that are out of range of your home WiFi Access Point.
  • Other possible uses are listed on the Virtual WiFi web pages at Microsoft Research
  • There are some limitations in this release. For example, the current version of VirtualWiFi does not support networks using WEP or 802.1X. Also - be sure to review and follow the install/uninstall instructions carefully and note that this is not production grade software (when they say Microsoft Labs, they actually mean it's, well, experimental).

    Installation (and uninstallation) of the app/service and drivers are done at the command prompt, after making some other manual changes (seriously, read the instructions before you start).

    Wwfinstall

    Here's a screen shot snippet from my system after setting up the multiple connections. Shown are two connections created via Virtual WiFi: My infrastructure (IS) network (SSID=hughes), plus an ad-hoc (AH) network connection (SSID=TEST).

    Vwfconnections
    It works. It's very manual and not for beginners (you have to disable the wireless auto configuration in Windows and manually install the service, set up connections, etc), but it's an interesting technological idea with some interesting possible uses.



    Add/Read: Comments [0]
    Tech
    Tuesday, 18 October 2005 19:47:38 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Monday, 17 October 2005

    Correction posted: SANS updated their post to reflect the fact that it was in fact MS05-012 that had been exploited. That's good news, but get patched before it's here...

    If you think you can wait to apply patches til it's convenient, think again. According to an update from the Handler's Diary at SANS, the first instances of code exploiting MS05-051 have been detected in the wild on the Internet:

    Trend Micro reports that they spotted a POC for MS05-051 in the wild. They found it included  as a new exploit in other malware. We don't have any details yet beyond what can be found in at Trend Micro. If you find a copy of this malware, please forward it.

    Trend Micro states that the malware was written in Visual Basic, which usually indicates some low skilled bot-kid. Kind of odd to see it surface this way, but having it included as a new warhead in existing malware matches past patterns.

    Trend Micros virus statistics do not report any "captures" of this exploit in the wild. Not exactly sure if this is just a lab sample, or if it was actually seen in the "wild".

    We will update this diary as we learn more.



    Add/Read: Comments [0]
    IT Security | Tech
    Monday, 17 October 2005 19:02:17 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Friday, 14 October 2005

    Rich Claussen has the low-down on a new pact between Microsoft and the government of Nigeria to combat fraud:

    Not well publicized is how this came to be. Unknown to most, Microsoft's Chief Software Architect, Bill Gates, received the following (condensed) email from the government of Nigeria soliciting his and his company's assistance.

    FIRST, I MUST SOLICIT YOUR STRICTEST CONFIDENCE IN THIS TRANSACTION. THIS IS BY VIRTUE OF ITS NATURE AS BEING UTTERLY CONFIDENTIAL AND 'TOP SECRET'. I AM SURE AND HAVE CONFIDENCE OF YOUR ABILITY AND RELIABILITY TO PROSECUTE A TRANSACTION OF THIS GREAT MAGNITUDE INVOLVING A PENDING TRANSACTION REQUIRING MAXIIMUM CONFIDENCE.

    Read more on Rich's blog here. Nice sense of humor there, man.

    Seriously though - Read the news about the *actual* agreement (for real) between the company and the country here.



    Add/Read: Comments [0]
    Humor | IT Security | Tech
    Friday, 14 October 2005 20:14:01 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Microsoft on Tuesday released nine security patches that are intended to alleviate 14 problems in various versions of the Windows operating system. Today the company issued an advisory to its enterprise customers via email that the MS05-051 patch, which is considered to be the most critical of the bunch, may cause problems on some computers where it is applied. However, Microsoft if still strongly encouraging everyone to apply the patch and has published a knowledge base article describing the issue with the patch and explaining how to resolve the associated problem, should it come up.

    On a computer that is running Microsoft Windows XP, Microsoft Windows 2000 Server, or Windows Server 2003, one or more problems may occur after you install the critical update that is discussed in Microsoft Security Bulletin MS05-051. These problems include the following:
    The Windows Installer service may not start.
    The Windows Firewall Service may not start.
    The Network Connections folder is empty.
    The Windows Update Web site may incorrectly recommend that you change the Userdata persistence setting in Microsoft Internet Explorer.
    Active Server Pages (ASP) pages that are running on Microsoft Internet Information Services (IIS) return an “HTTP 500 – Internal Server Error” error message.
    The Microsoft COM+ EventSystem service will not start.
    COM+ applications will not start.
    The computers node in the Microsoft Component Services Microsoft Management Console (MMC) tree will not expand.
    Authenticated users cannot log on, and a blank screen appears after the users apply the October Security Updates.

    For a complete description and resolution instructions, read KB article 909444.



    Add/Read: Comments [1]
    IT Security | Tech
    Friday, 14 October 2005 20:07:35 (Pacific Standard Time, UTC-08:00)
    #  Trackback