New Windows XP Vulnerability – How To Fix It

There’s a new vulnerability in Windows XP concerning parts of the Help and Support system. It was found by a Google researcher who posted the flaw just five days after talking with Microsoft about it. Evidently Microsoft wasn’t addressing the issue fast enough for him, raising a bit of a backlash from the community for not giving Microsoft time to respond.

Whatever the case, the exploit is now in the wild and XP machines are vulnerable to drive-by attacks on evil web sites.

It affects Windows XP’s Help and Support functions. Anything using the HCP protocol (hcp:// URI’s) is subject to unauthorized commands.

The easiest way to fix it is to go to Microsoft’s ‘Fix it’ page. You can fix it and, if you don’t like what happens, unfix it from the same site. Pretty cool.

This can also be manually done by following these simple directions:

1. Click Start, and then Run.
2. Enter regedit, and click OK.
3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
4. Right-click and Export the ‘Selected Branch’ to be on the safe side.
5. Right-click the HCP key, and then click Delete.

I read that it may cause some problems in your Control Panel, but I’ve tried most of the links and everything seems to be working on my XP computer.

[Editor's Note: This vulnerability was fixed in this month's Windows Update (July 13th), so make sure your computer is set to update Windows automatically or open your IE browser and go to Tools/Windows Update to download the security patch].
————————
HOSB RSS Feed

Senate Wants To Grant Emergency Internet Power

Here they go again. For the third time recently the U.S. Senate, this time in the form of Senator ??Joe Lieberman (I-CT) is proposing a bill that would grant the President the power to seize control of or even shut down parts of the Internet in the event of a cybersecurity emergency.

Previous attempts by Jay Rockefeller (D-WV) and Olympia Snowe (R-ME) didn’t get too far. But Lieberman’s new attempt has been endorsed by Rockefeller and co-sponsored by Snowe according to a cnet article.

Now there’s bipartisanship for you… A Democrat, Independent and Republican all wanting more power for the government – power over the private parts of Internet. Read more.
————————
HOSB RSS Feed

CT Latest To Attack Amazon Through Affiliates

Connecticut is not quite there yet, but they’re considering it. They’re the latest in a growing number of states attempting to force Amazon.com and other large Internet retailers to collect state sales tax due to a “nexus” in their states composed of affiliate marketers.

Connecticut, like several other states, is trying to find its way around a 1992 U.S. Supreme Court decision that held a state cannot force businesses to collect sales taxes unless they have a physical presence within that state.

So, the poor Connectcuttian(?) sitting in his home office that puts an affiliate link on his web site means that Amazon has a physical presence in their state? Read more.
————————
HOSB RSS Feed

New Bot Infecting Routers And DSL Modems

There’s a new bot on the net called “Chuck Norris” trying to infect your router or DSL modem. If it’s successful it redirects your browser to a malicious web page that tries to install a virus, then looks for other vulnerabilities on your network.

It can also steal non-encrypted (non-SSL connections) private information and be used to attack other systems like most botnets.

This bot is new, but the attack method is not. It finds routers using default passwords or uses a basic password guessing program to install itself. Because it’s on your router, your anti-virus software can’t see it.

The solution is relatively simple. If you think your router or modem has been infected, just unplug the power source for 30 seconds or so and it should remove the bot from the RAM.

Next, make sure you have a strong password on your router. Look up how to access your router or modem’s interface in the manual that came with it or do a search on the web with the make and model for instructions on how to change the password.

Your router is like the front door to your computer(s). Using the default password is like leaving your front door unlocked..
————————
HOSB RSS Feed

Can Google Mobile Search Help Local Businesses?

Google has announced that it is adding location oriented suggestions in it’s Mobile searches. This is in regular Google search, not just Google Maps.

It is, according to Google,

an improvement to Google.com search suggestions offered on Android powered devices and iPhone. Now, Google will offer suggestions based on the phone’s current or last location, making the suggestions more relevant.

From the comments on Google’s Mobile blog the effort has started off with spotty results, but the idea its that eventually you will just have to start typing a search into google.com on you mobile phone and search suggestions will load based on your location.

This will be an advantage for local businesses because potential customers don’t always know to use Google Maps to find your business, although you have to turn on “Save recent locations” and “Allow use of device location” under the Settings link on the google.com home page to use the new feature.

The point is, that with advancing technology it will become even easier for people to find your business using their mobile phones..
————————
HOSB RSS Feed

Video – How To Avoid Adobe PDF Reader Vulnerability

PDF files usually seem harmless. People don’t think twice about opening a PDF, even if it’s an email attachment,  or reading one online.

Adobe has acknowledged a vulnerability in its Adobe Reader/Acrobat that allows hackers to hijack data from compromised computers. They are investigating the problem but haven’t come up with a patch yet.

You have two options: disable Javascript in Adobe Reader or use an alternate reader. The video below shows you how to do either option…

The alternate readers described in the video are:

Sumatra PDF

MuPDF Firefox Plugin

Further reading:

Adobe confirms PDF zero-day attacks.

How to mitigate Adobe PDF malware attacks

[Author's Note 1/18/2010] Adobe released a fix for Adobe Reader/Acrobat Jan 15th. If your software hasn’t automatically updated then go here for directions on how to update..
————————
HOSB RSS Feed

Heavy Hitters Moving Into Mobile

Mobile phone usage is growing fast, especially smart phones, and some big names are moving into the field.

First, Google is buying AdMob for 750 million dollars.

AdMob is one of the top sellers of banner ads on iPhone applications and Web pages that can be retrieved from mobile phones. The acquisition could help establish Google as an early leader in the small but rapidly expanding mobile phone advertising business. [NY Times]

Advertising sales on mobile phones was a paltry 160 million dollars last year compared for $22 billion for online ads, and the “experts” projections for future ad spending differ radically, but everyone’s in agreement that it has no place to go but up and Google is positioning themselves to be in the lead. Read more.
————————
HOSB RSS Feed

Patches From Adobe And MS Coming Tuesday

On Tuesday, October 13, 2009 both Microsoft and Adobe will be releasing patches to close vulnerabilities.

Microsoft will be releasing a massive patch on its regularly scheduled ‘patch Tuesday’. This will include a patch discovered two weeks ago that I mentioned in a post on the New Vista Exploit. Microsoft decided to wait for its normal patch schedule to release the fix rather than coming out with a special patch.

The whole patch download (13 bulletins covering 34 security vulnerabilities) will cover products that include Microsoft Windows, Internet Explorer, Microsoft Office, Silverlight, Microsoft Forefront, Developer Tools, and SQL Server.

Also on Tuesday Adobe will release a patch to plug a flaw in its PDF Reader/Acrobat software is being exploited by malicious attackers as part of their quarterly update schedule.

The vulnerability affects Adobe Reader and Acrobat version 9.1.3 and earlier..
————————
HOSB RSS Feed

Next Page »