Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm

[tweetmeme source=”franscomputerservices” only_single=false]
Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm (InsideWindowsLive)

A particularly malicious worm (a self-replicating computer virus) is currently trying to spread itself through many of the world’s largest instant messaging and social networks, including Windows Live Messenger 2009. We’re very serious about protecting our customers, and are pursuing multiple avenues to help stop its progress. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process.

It is spreading in Windows Live Messenger 2009 so Microsoft has disabled live/active links in messages.

Windows Live Messenger 2011 is not impacted so if you use Messenger, I would strongly recommend upgrading to Windows Live Messenger 2011.

If you suspect that you are infected, download and run a quick scan with Microsoft’s Malicious Software Removal Tool (MRT). If you find anything, run a deep scan after the quick scan.

Thanks to Corrine through Scot’s Newsletter Forums and her blog, Security Garden, for calling this information to our attention.

Advertisements

Facebook – the wrong social compact

[tweetmeme source=”franscomputerservices” only_single=false]The wrong social compact (that sub title is on page 2) … what an excellent article — THE WHOLE ARTICLE on this Facebook mess: Chris Saad: “Facebook’s Claims About Data Portability Are False”.

ReadWriteWeb is doing a great job on covering this whole privacy, security, breaking of faith by facebook with its users and the twisting of words by it’s founder.

Marshall Kirkpatrick’s The Half Truths of Mark Zuckerberg is another excellent example of calling out the BS.

Thank you Chris Saad and Marshall Kirkpatrick!

And thanks to Leo Laporte for his continued understanding of this mess and talking about it on his shows (twit.tv/twig42 (for one), and backing up his understanding with action.

Funny how Google hasn’t caught up with it all as yet, because when you click on Leo’s link on Facebook — every 10 seconds you receive a popup telling you to sign in to continue – over and over — while you try to view the page that is actually still there apparently, or maybe Leo just kept his professional page only. Leo had several personnas on Facebook from what he said on the show. He had apparently already deleted his personal Facebook page before they did TWig 42.

There are many alternatives for a business presence in things like LinkedIn, Twitter, your professional website and blogs and of course search engines.

Race Conditions aka TOCTOU and now KHOBE

[tweetmeme source=”franscomputerservices” only_single=false]There is a ‘supposedly new’ threat on the horizon for Windows XP users, and more so on multi-core systems called KHOBE (Kernel HOok Bypassing Engine).

Although this is a threat, it is not a new threat — in fact, this type of thing has been a threat to computing since 1998 when it was written about in PDF format: RaceConditions.pdf, and in 1996 in this PDF: racecond.pdf and many times since then in articles online about TOCTOU (noted below in this posting).

It definitely sounds pretty bad when it is reported that this ‘new’ KHOBE can bypass EVERY Windows security product in an article by the respected Adrian Kingsley-Hughes at ZDNet Blogs and as reported and tested by MATOUSEC here. And it certainly isn’t a non-issue…

However, let’s look at this objectively. First this is not the first, last or only situation that has or will arise. Race Conditions as noted above have been created by TOCTOU (Time of check to time of use) situations since the dawn of computing and yes, they are not easy to test for in all situations/hardware prior to release of software/Operating Systems, but these types of conditions have been a potential threat for a very long time in all kinds of software.

A time-of-check-to-time-of-use bug (TOCTTOU − pronounced “TOCK too”) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.

Before Windows was capable of true multi-tasking/multi-threading, it was possible to create these conditions on UNIX machines as noted in this 2001 article at InformationWorld.

So, why the fuss now? Windows 7 is basically claimed to be immune — by its omission in the ‘affected Windows Operating Systems’ list. Apparently only Windows XP (ONLY about 60% of Windows users –eeek! — per Adrian Kingsley-Hughes article above), or earlier Windows OSes are affected and in this particular case, and then only by security software that use the KHOBE (Kernel HOok Bypassing Engine).

Graham Cluely at his Sophos Blog notes,

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

In addition, Paul Ducklin’s Sophos blog notes,

The security panic of the week is the widely-reported story of a “vulnerability” called KHOBE. One news headline goes so far as to announce that this “new attack bypasses virtually all AV protection”.

I disagree.

The sample “attack”, which claims to be an 8.0 earthquake for desktop security software, describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

Much more in his blog entry. All of these links are must read if you wish to understand as much as is possible what the real threat is.

So, given all this, is the game over on security software because this is now disclosed to be possible (READ: it was always possible) — at least till they figure out how to prevent Race Conditions in security software?

Hardly. But due to the release of the information, this situation may make life interesting security-wise for Windows XP users (earlier Windows OSes like Win2K, Win98, WinME, WinNT shouldn’t even be on the net at this point for many reasons, the least of which is this situation).

So, if you are a Windows user what can you do in the meantime?

  • Keep your systems up to date
  • Make sure you have a hardware NAT or SPI Firewall/Router on your local network, and a software firewall in place and working properly and updated (if it’s a third party firewall – Windows Firewall is updated with your Windows Updates)
  • Keep your browsers up to date
  • Keep your browser plugins (Adobe products, Apple products, Java, etc.) and extensions (like Firefox’s AdBlock Plus, etc.) up to date
  • Keep all Internet facing programs (Adobe, Microsoft, etc.) up to date
  • Run your CCleaner (or other Temporary Files/Temporary Internet Files cleaner program) frequently (I actually run mine several times a day) – Fully close any browsers before running your ‘cleaner’ and then re-open it as needed after you run the ‘cleaner’
  • Make sure your antivirus software is updating as it should and doing its scheduled scans
  • Update and Run any cleaner software and secondary anti-malware programs (like Malwarebytes Anti-malware) at least once a week or more often and immediately if something seems odd on your computer
  • Don’t open suspicious emails, even from known senders
  • Be careful where you go on the Internet. Even some legitimate sites have been hacked
  • Be careful about links and friends on Facebook (if you haven’t deactivated your account yet), Twitter, LinkedIn, and other Web 2.0/dynamic Social Networking sites.

In short, do what you should always be doing to keep yourself safe. Because this isn’t over. It was always a possibility whether we were aware or not, and it will likely be a possibility for a long time to come.

You might also consider installing a preventative program like BillP’s WinPatrol on your system to make you aware of potential changes to your system. *See EDIT below for a note from BillP about WinPatrol and kernel hooks.

And as I noted earlier, the focus of this issue, at this time, is apparently Windows XP, but any operating system is vulnerable to this type of attack and always has been — and that is not likely going to change any time soon.

EDIT: Added the following comment from BillP who developed WinPatrol:

* Thanks! I’m honored by the mention.
It’s a great topic and mentioning WinPatrol is appropriate since I don’t use any kernel hooking to detect changes. Thumbs Up!

Bill

Facebook account deactivated today

[tweetmeme source=”franscomputerservices” only_single=false]

Well, today is the day.

As much as I love Facebook, and enjoy the ability to keep in contact with family and friends easily, I have deactivated my account today in protest of their stance on privacy and the apparent lack of concern for their users by changing to the opposite stance on user privacy. It has been one step, after another over the last year or so. Desensitizing users to the changes they have made by doing it slowly.

Facebook sees dollar signs where we users are concerned. They have deluded themselves into thinking that with all the family and/friends connectios, and simplicity of keeping in contact with our Facebook friends, that we won’t be able to stop, that we are now hooked…”we have you now” in Darth Vader’s voice.

Is it true?

Not in my case at least. I let my friends and family know what I was doing. They support and understand. Will any of them do the same thing? I hope so…

We need to stand together to disallow Facebook a pass on the changes from supposed concern for users and user’s security and privacy to what it is today … where they are saying we don’t care about privacy by default. That we only see the connections we can make to other sites?!?! Facebook is saying proudly that they are the next MySpace … “now we control all these users and connections, and you as users have no privacy. Privacy is dead.”

Can we prove them wrong?

===

Edit: added some links to help make your decision:

With Facebook’s security and privacy standards under fire from all sides, suffice it to say that this is not a good time for one of the company’s investors to fall for a Facebook phishing scam. (Facebook phishing scam snares company board member – CNET – May 10, 2010 8:42 AM PDT )

Comparing Facebook’s latest product modifications to deadly natural disasters is probably a little bit inappropriate, but the psychological reaction doesn’t seem all that different. The social network modified its policies for handling user data once again as part of its F8 conference and release of the Open Graph API, and ever since it became clear that more information is being set as public by default and more is being shared with third parties, concerned Facebook users have been on jittery alert, perhaps prone to overreaction, concerned that something even bigger may be about to change. (Understanding Facebook’s privacy aftershocks – CNET May 6, 2010 3:51 PM PDT)

Criticism of Facebook (Wikipedia.com)

Four senators are adding their voices to criticism that Facebook Inc. doesn’t do enough to give its 400 million users easier ways to protect their privacy online. (Senators turn up the heat on Facebook privacy issues – SFGATE.com – April 28, 2010)

More links on my blog post, Bye, Bye, Facebook, Bye, Bye… AND ALL OVER THE WEB! Just do a search on facebook privacy issues on any search engine and read it and weep.

Bye, Bye, Facebook, Bye, Bye

[tweetmeme source=”franscomputerservices” only_single=false]

***NOTICE***

BYE, BYE, FACEBOOK, BYE, BYE

This notice is to my friends and family on Facebook

After this weekend (only to give friends and family a chance to know what happened, I will be deactivating my Facebook account, and may ultimately be deleting it in the very near future if A LOT OF THINGS don’t change in the way that Facebook is ‘doing business.’

Facebook has a lot of gall to say Facebook users are not unhappy with their recent changes to Facebook privacy policy changes. I know many who are VERY unhappy with these changes, IF they even realize the changes being made.

To help folks realize what changes are being made, here are some links to do your own research:

Six Things You Need to Know About Facebook Connections (EFF)

Facebook security flaw makes private chats public (Network World)

Consumer groups hammer Facebook privacy violations in federal complaint (Macworld UK) – Facebook privacy violations stemming from recent feature changes

More EFF links over the last week or two on Facebook:

Facebook’s Eroding Privacy Policy: A Timeline

A Handy Facebook-to-English Translator

How to Opt Out of Facebook’s Instant Personalization

If you plan on maintaining your Facebook Account, you also might like to read the following article at ZDNet Blogs:

Contemplating FaceBook Hara-Kiri