Archive for November, 2009
Microsoft Confirms Internet Explorer 6 and 7 Vulnerability
by Don Fosen on Nov.24, 2009, under Security Updates
Microsoft has confirmed that there is a bug in IE 6 and 7 that allows a Web site based hacker to take control of a PC and install malicious code. Internet Explorer 8 is not affected. I highly recommend that if you must use Internet Explorer that you upgrade to IE 8. I personally prefer Firefox which although not perfect is much more secure.
Additional information:
Microsoft Security Advisory (977981)
Microsoft confirms IE6, IE7 zero-day bug
Microsoft Warns of IE Vulnerability
Phone System Hackers Leave Small Businesses With Big Bills
by Don Fosen on Nov.11, 2009, under Security Updates
Hackers are expanding their attacks to phone systems across the nation. They will dial in, often with automated programs, and attempt to access the administrative interface of the phone system. They will then give themselves the capability of dialing international numbers. Many VOIP (voice over Internet protocol) based phone systems are also vulnerable through their Internet connections.
How do you protect your phone system? Here are some things to do:
- Make sure default passwords are changed
- Put a good firewall solution in front of any VOIP solutions
- Review phone bills carefully for any odd calling patterns
- Have a qualified vendor conduct periodic security reviews
Additional Information:
Pirate attack leaves phone system plundered
New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks
A Techie Talks About Getting Hacked
Small Business Cyber-Threat
by Don Fosen on Nov.05, 2009, under Security Updates
Cyberthieves are breaking into computers used at small businesses that are used to interact with online bank accounts and intercepting login information. They then login into the bank account and create fraudulent ACH transfers or add fake employees to payroll. Unfortunately banks are all too often allowing these things to happen even when proper documentation has been provided. Several organizations have lost hundreds of thousands of dollars. The most frequent way the thieves gain access to the computer is through sending a fake email with links that when clicked allows the thief to install a key logger. A key logging program captures all of the input that a user enters and transmits it to the cyberthief.
As always, the best way to prevent this happening to you is to be very careful what email you open and links you click on. Make sure you have good anti-virus software installed and it is current and that you have installed the latest Windows Updates. Also, if it is possible, consider keeping a separate computer that is used for nothing but accessing critical information like online bank accounts.
Additional information:
FBI warns of $100M cyber-threat to small business
Keylogger Definition
Conficker Turns One, 7 Million Infections and Counting!
by Don Fosen on Nov.03, 2009, under Microsoft, Security Updates
The Conficker worm has been around for a year now and is currently infecting an estimated seven million computers. Although we are still not sure exactly Conficker does, it has the insidious capability of spreading itself through a network once it has compromised one computer in the network. Microsoft has issued patches but apparently not everybody has applied them, especially in large corporate environments. This is one of the reasons we stress how important it is to keep up on Windows Updates.
Additional Information:
After one year, Conficker infects 7M computers
Microsoft: Worms are most prevalent security problem
Computer Worm definition
