Robert L. Santuci Jr.'s Blog

                          OUCH!
                     November 2009
      SANS Institute Security Newsletter for Computer Users
***********************************************************************
* Keep an Eye on Window's Security Icons * OS X Security Enhancements
* Software Patches and Updates
***********************************************************************

* Keep an Eye on Window's Security Icons. The icons in the Notification
area (located on the Taskbar usually near the lower right corner of your
desktop) provide important information about the security of your
computer. Pay particular attention to the icons for Windows Update,
Windows Security Center, and your security software.

Heads-up! If you see only a few icons or none at all, odds are they've
been hidden. Unhide them:
http://www.techf5.com/archives/unhide-view-hidden-icons-on-taskbar/

- - Windows Update. A yellow shield with a black exclamation point in the
middle near the lower right corner of your desktop in the Notification
area. This icon comes and goes. It appears when Windows Update is busy
downloading or installing critical security updates intended to patch
security holes and help keep your computer safe. When you touch the icon
with your cursor, a bubble message tells you what Auto-Update is doing.
It may be busy downloading updates. Avoid logging off or shutting down
your system until the download and installation are complete. If it has
finished downloading updates, it may be waiting for the nod from you to
install them. Click on the icon and tell it to go ahead. Or your
computer may need to be restarted in order to complete the installation.
The sooner you restart your system, the sooner the updates will take
effect.

Heads-up! The Auto-Update icon won't appear if Automatic Updating is
turned off. Make sure Auto-Update is turned on and has the recommended
settings:
http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off

If it's been some time since updates have been applied to your computer,
Automatic Updates will do its best to get your system caught up, and
you'll be seeing a lot of that yellow shield icon for a while. Keep
touching it with your cursor whenever it appears, and when prompted, do
your part to keep the update process going. Also, if you cannot get
Auto-Update to turn on or think something has gone wrong, call the help
line provided by the maker of your computer, your Internet Service
Provider (ISP), or a computer consultant.

Heads-up! Sometimes when you select Shut Down, your computer will ask
you if you want to "Install updates and shut down", or will just tell
you it's going to install updates. It's very important that you let your
computer go ahead with installing updates. Do not shut it off manually.
Updating could take an hour or more. It pays to be patient. Also,
Microsoft will NEVER send you an email telling you to click on a link
to get software updates. If you get such an email, it's bogus.

- - Windows Security Center. A red shield with a white X in the middle
near the lower right corner of your desktop in the Notification area.
This icon comes and goes. (You may also see a balloon message.) Whenever
the icon appears, that's your queue to find out what's gone wrong. Click
on the icon or the balloon to open the Security Center, which tells you
the status of the (software) firewall, Automatic Updates, and your Virus
Protection. When all is well, you will see three green bands. A yellow
band means that an adjustment is needed; follow the onscreen
instructions. If you see a red band, an essential security system is not
working. Avoid using your computer until it is working. Your best course
of action is to call the help line provided by the maker of your
computer, your Internet Service Provider (ISP), or a computer
consultant.

Heads-up! A common cause of Windows Security Center alerts is that your
security software is not working or is out-of-date. Read the explanation
for the alert, and then click on "Recommendations." Chances are it is
time to renew your subscription. If your subscription is not current,
your computer will be vulnerable to malware (viruses and worms). Do not
wait for it to expire.

- - Your Security Software. This icon should appear on the Taskbar at all
times. Every brand of security software has its own icon or icons, many
of which are round or shaped like a shield. Identify the icon for your
security software by touching the unfamiliar icons at right end of the
Taskbar, near the lower right corner of your desktop in the
Notifications area. A small pop-up or balloon will tell what you have.
Common security software brands include Symantec, Norton, McAfee,
Kaspersky, Sophos, Panda and BitDefender. Security software icons often
signal an alert by changing color, flashing, or popping up a message.
Pay attention to any change in the icon's appearance. It may be good
news-that your security software has been updated successfully or has
blocked a threat to your system-or that it's time to get out your credit
card and renew your subscription.

Heads-up! If you can't find an icon for security software, your system
may not be protected against malware (viruses and worms). Play it safe
by not using your computer until you are sure that your security
software is working and up-to-date. Also, while many PC's come with
security software pre-installed, these are often limited-time trial
versions that expire after 30-90 days. Security trialware generally lets
you know in no uncertain terms that it is expiring, so send money!

* Quick Checklist
- - Make security icons visible on the Taskbar. Keep an eye on them.
- - Enable Automatic Updates. When prompted, do your part to get them
installed and working.
- - Use good-quality security software, keep it updated, and do not let
it expire.

***********************************************************************
* OS X Security Enhancements

- - Users of OS 10.5 and 10.6 can set Software Update to download
important updates in the background without your intervention. Once the
updates have finished downloading, OS X will notify you onscreen that
new updates are ready to be installed. Don't delay installing updates.
Some Mac users have not gotten used to idea that updating your software
is no longer optional. From a security standpoint, it's essential. Also,
if you are running OS 10.4 or earlier, make sure that Software Update
is checking for updates once a week, as Apple recommends. Go to System
Preferences, click on the Software Update icon, and schedule a check.
http://support.apple.com/kb/HT1338

- - Changes in the newest version of OS X, Snow Leopard, broke some
security software-an unwelcome surprise not only for users but also for
security software manufacturers-and rekindled the debate about whether
or not Macs need security software in the first place. Not long after
Snow Leopard hit the street, Apple added malware protection, dubbed
xProtect, via an update. The feature pops up a window warning users who
try to install applications known to be malicious that the file will
damage their computer and should be moved to the Trash.

***********************************************************************
* Patches and Updates

Windows & PC Office: http://update.microsoft.com and
http://www.microsoft.com/security/updates/bulletins/200910.aspx

OS X: http://support.apple.com/kb/HT1338

Mac Office:
http://www.microsoft.com/mac/help.mspx?CTT=PageView&clr=99-0-0&ep=7&target=ffe35357-8f25-4df8-a0a3-c258526c64ea1033

iPhone/iPod: http://docs.info.apple.com/article.html?artnum=305744

iPod: http://support.apple.com/kb/HT1483

Windows Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

OS X Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Flash Player: http://get.adobe.com/flashplayer/

Firefox: http://www.mozilla.com/en-US/firefox/update/

Safari: http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

Opera: http://www.opera.com/

Chrome: http://googlechromeupdate.com/updates.html

Java: http://www.java.com/en/download/manual.jsp

iTunes: http://www.tuaw.com/2009/09/22/itunes-9-0-1-now-in-software-update/

Symantec: http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713

Norton:
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95

McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Kaspersky: http://www.kaspersky.com/avupdates

Sophos: https://secure.sophos.com/support/updates/

Panda: http://www.pandasecurity.com/homeusers/downloads/clients/

BitDefender: http://www.bitdefender.com/site/view/Desktop-Products-Updates.html

Microsoft Security Essentials:
http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx

***********************************************************************
Copyright 2009, SANS Institute (http://www.sans.org)
Editorial Board: Bill Wyman, Walt Scrivens, Barbara Rietveld, Alan Paller.
Email: OUCH@sans.org
Download the formatted version of the OUCH! at
https://www.sans.org/newsletters/ouch Permission is hereby granted for
any person to redistribute this in whole or in part to any other persons
as long as the distribution is not being made as part of any commercial
service or as part of a promotion or marketing effort for any commercial
service or product. We request that redistributions include attribution
for the source of the material.

Couple of Quotes:

Let no one ever come to you without leaving better and happier. - Mother Teresa

We all have a choice in every difficult situation in our life. We can become either bitter or better. - Corina Zalace

==============================================================

Microsoft is working on a set of free open-source content-management application and set of reusable components

for it that is codenamed “Orchard.”

The company is slated to share details about its plans for Orchard at TechEd Europe next week.

Free Microsoft open-source content management app to get its debut next week

==============================================================

You may have heard of denial-of-service attacks launched against websites, but you can also be a victim of these

attacks. Denial-of-service attacks can be difficult to distinguish from common network activity, but there are some

indications that an attack is in progress.

Understanding Denial-of-Service Attacks

==============================================================

A great blog entry by Marc Middleton of GrowingBolder.com fame about his class reunion.

Reconnecting at My 40th High School Reunion on growingbolder.com

==============================================================

Posted using  Windows Live Writer

Several quotes that caught my eye:

"Nothing will ever be attempted if all possible objections must first be overcome."
-- Samuel Johnson

"The fewer the facts, the stronger the opinion."
-- Arnold H. Glasgow

"If at first you do succeed, try to hide your astonishment."
-- Harry F. Banks

=========================================================

Visual Studio and .NET Framework Content Survey

The purpose of this survey is to learn how our customers use Visual Studio
and .NET Framework Library documentation, how satisfied you are with it,
and how it can be improved.

=========================================================

Are Judges Cracking Down On Data Breach Corporate Victims?

A second federal judge has, this week, pushed back against a settlement
involving a major data breach, potentially signaling more dire times for
retailers whose data gets snatched courtesy of inadequate security.

=========================================================

What to do After the Breach?

There is no shortage of advice of ways to try and prevent a data breach.
But if it happens to you, do you have a plan of precisely what to do next?
Very few retailers do.

=========================================================

10 common network security design flaws

Network security is arguably one of the most critical functions of IT -
yet I frequently see organizations that have overlooked easily implemented
security design practices. Here are a few common mistakes that could
compromise your network defenses and put company assets at risk.

=========================================================

Posted using Windows Live Writer Blog

AliCommerce is a Pirated Version of BV Commerce

Posted using Windows Live Writer Blog

Great advice on avoiding social engineering and phishing attacks.

Avoiding Social Engineering and Phishing Attacks

And I hope this makes its way to Florida!

Photos: Star Trek, the exhibition

Posted using Windows Live Writer Blog

Using the My Web Pages Starter Kit I’ve put the final touches on the 2.0 version of Art by Barbara Koepsell website!

This is just in time for her latest show titled “Beauty of Transparency”. It will be held at the
SANFORD WELCOME CENTER, 6-9 pm, starting on Friday October 23, 2009. This features the artists'
paintings of either watercolor, acrylic or ink. She will have 2 pictures there, one of which was
just displayed on the cover of THE PEN WOMAN national magazine. . . TI LEAVES.

The center is located at 230 East First Street, Sanford, FL and all the artwork will be there
through to the end of the year. There will be live music, foods and strolling up the street to
see the stores and restaurants of Sanford.

Before long, the 3.0 version of Art by Barbara Koepsell will be unveiled – built using DotNetNuke!

This blog entry written using Windows Live Writer Blog

                                 OUCH!
         SANS Institute Security Newsletter for Computer Users
Volume 6, Number 10                                        October 2009
************************************************************************
In This Issue
1. You and Your Browser - 2.  Software Patches and Updates -  3. On the
Weird Side of Browsers
************************************************************************
A formatted version of the OUCH! newsletter can be found at
https://www.sans.org/newsletters/ouch. You can subscribe to OUCH! on the
same site. Send your comments to OUCH@sans.org.
************************************************************************
1. You and Your Browser
- - What exactly is a browser anyway?
Let's start with what it's not. A browser is not Google, not a search
engine, not AOL, and not broadband. A browser is software that you use
to see and hear what's available on the World Wide Web. (You can use a
browser for other things, too, but let's stay with their more common
uses for now.) Browsers take you to websites and webpages where you can
read and send email, see images and movies, and listen to music. You can
also download and upload files using your browser. Your browser allows
you to navigate to information resources that are organized as URL's
(Uniform Resource Locators) or web addresses. The major web browsers are
Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Google
Chrome, and Opera.

- - Why do I need a browser to connect to the Internet?  Why can't my
computer just do it?
You need a browser to connect to the Internet because browsing is only
one of many things that a computer can do. A browser is software that
directs your computer to the Internet, interprets your requests, and
translates them into the language used by all of the computers on World
Wide Web. Your computer is simply hardware -- a machine that will follow
instructions. Software supplies the instructions.

- - OK, so just HOW does my browser connect to the Internet?
Strictly speaking, it's your computer and its operating system that
connect to the Internet, either by a wired or a wireless connection,
such as Ethernet, Cable Internet or DSL (Digital Subscriber Line), or
by Wi-Fi or wireless broadband. Your browser communicates with the
operating system, and the operating system communicates with the
Internet.

- - Why is there such a choice of browsers?  What's the difference?
A browser, like all software, is a product, produced and marketed by
people who want you to use it. Objective: To gain market share. It is
estimated that 1.7 billion people are using the Internet worldwide in
2009. If you make a better browser, the world will beat a path to your
website and download it, and your customer base could number in the
hundreds of millions quickly. Anatomically speaking, all web browsers
are about the same. They differ from one another in their "look and
feel"-when, where, and how you click to make something happen. It's
largely a matter of taste. All of the major browsers can use plug-in's
and add-on's, like Flash Player for movies and Acrobat Reader for
opening PDF files.

- - My computer came with a browser on it.  Why would I want another one?
Microsoft includes Internet Explorer with Windows for the same reason
that Apple includes Safari in OS X--so you will use it and they can
command a greater share of the market. Web browsing is what most people
do on a computer most of the time, and competition among browser makers
is stiff.  Back in 1990's the Mozilla Foundation produced the earliest
browser, called "Mosaic," and later "Netscape."  Today, Firefox is
considered by some to be faster and more secure than Internet Explorer
and Safari, while Google's Chrome and the Opera browser are attempts to
provide a new look and feel for the browsing experience.

- -  What exactly do people mean when they talk about web-based malware?
Malware is a catch-all term for thousands of varieties of computer
viruses and worms. While viruses and worms are not new-we have all heard
about computers getting infected by email and email attachments-websites
emerged in 2009 as the primary vehicle for spreading of malware.
Browsers create a two-way communications channel between your computer
and a website. If the site is infected or "dirty," malware may enter
your computer without warning in a matter of seconds. That's web-based
malware.

- - Why isn't my anti-virus or anti-spyware program enough to protect my
computer from web-based malware?
There are two reasons. Anti-virus and anti-spyware work pretty much like
vaccines. Just as no single vaccine can protect you against every strain
of flu, no security program can protect your computer against every kind
of malware. And just as new strains of flu emerge season after season,
so too new kinds of computer viruses-as well as variants of old
ones--crop up on a daily basis. Even if you have effective security
software, the Bad Guys are always cooking up ways to beat it, like
tricking you into downloading malware voluntarily by browsing to a dirty
website or clicking on a rigged link that promises you something you
want and delivers something else you don't want.

- - What DOES protect my computer from malware and other threats on the Web?
You are your first line of defense-you need to be aware of threats posed
by browsing. But don't make the mistake of thinking that you can tell
which websites are clean and dirty by how they look, who appears to own
or run them, how often you have visited them without incident, or based
on a recommendation from a friend or co-worker. What was a safe website
or webpage yesterday may have been hacked overnight and now contain
malware. Remember: You browse at your own risk. Your second line of
defense is good-quality security software-including anti-virus,
anti-spyware, and a two-way software firewall-and a hardware firewall.
Third, use key scrambling or anti-keylogging software that encrypts your
keystrokes and helps prevent Bad Guys from getting a hold of sensitive
information you enter on your computer. Fourth, keep your software
updated and patched. (See Updates and Patches below.) If you suspect
that your computer may be infected, call the support line of the
manufacturer of your security software or of your computer, your ISP
(Internet Service Provider) or contact your local computer support
personnel or a computer consultant.

- - What should I look for when I am shopping for the right protection
against malware?
Read reviews that compare the effectiveness, reliability, and
ease-of-use of security software products. Get recommendations by
calling the support line of the manufacturer of your computer or your
Internet Service Provider, or by talking with your local computer
support personnel or a computer consultant knowledgeable about security.
Many good-quality security software suites cost less than $100, so this
is not a big budget item. Concentrate on quality, not on a $10 or $20
price difference. When considering freeware, keep in mind that if you
have a problem, support may be hard to come by or simply non-existent.

More information: http://www.internetworldstats.com/stats.htm
http://www.learnthenet.com/english/html/12browser.htm
http://safeweb.norton.com/dirtysites
http://www.pcmag.com/products/0,,tqs=1226769170B6C28F5A627C1DBAEA45495542EA9E,00.asp?action=defaultadvancedquery&cid=25442&sid=25442&gridtitle=Recent%20Product%20Reviews&googlequery=q%3D%26mt823%3D21142%26sort%3Decho%26dir%3Ddesc&stpdinglp=1
http://www.qfxsoftware.com/

************************************************************************
2. Patches and Updates
Microsoft and Apple:
Windows: http://www.microsoft.com/security/updates/bulletins/200909.aspx

OS X: http://support.apple.com/kb/HT1338 and
http://www.appleinsider.com/articles/09/09/10/apple_releases_mac_os_x_10_6_1_security_updates_more.html

iPhone/iPod: http://docs.info.apple.com/article.html?artnum=305744

iPod: http://support.apple.com/kb/HT1483

Other software products:
Windows Acrobat Reader
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

OS X Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Adobe Flash Player:
http://get.adobe.com/flashplayer/

Firefox: http://www.mozilla.com/en-US/firefox/update/

Safari:
http://www.apple.com/downloads/macosx/apple/application_updates/safari.html

Opera: http://www.opera.com/

Google Chrome: http://googlechromeupdate.com/updates.html

Java: http://www.java.com/en/download/manual.jsp

iTunes:
http://www.tuaw.com/2009/09/22/itunes-9-0-1-now-in-software-update/
http://www.apple.com/itunes/download/

iWork & iWork.com:
http://theappleblog.com/2009/09/29/iwork-09-iwork-com-updated/

Symantec:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713

Norton:
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95

McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Kaspersky: http://www.kaspersky.com/avupdates

Sophos: https://secure.sophos.com/support/updates/

Panda: http://www.pandasecurity.com/homeusers/downloads/clients/

BitDefender:
http://www.bitdefender.com/site/view/Desktop-Products-Updates.html

************************************************************************
3. On the Weird Side of Browsers . . .
http://www.youtube.com/watch?v=sGyoA92ubzs
http://www.youtube.com/watch?v=o4MwTvtyrUQ
http://www.youtube.com/watch?v=5535Ts-iOP0

************************************************************************
Copyright 2009, SANS Institute (http://www.sans.org)
Editorial Board: Bill Wyman, Alan Reichert, Walt Scrivens, Barbara
Rietveld, Alan Paller.

Permission is hereby granted for any person to redistribute this in
whole or in part to any other persons as long as the distribution is not
being made as part of any commercial service or as part of a promotion
or marketing effort for any commercial service or product. We request
that redistributions include attribution for the source of the material.
Readers are invited to subscribe for free at
https://www.sans.org/newsletters/ouch

PhotoSketch – from the Creators

PhotoSketch- Internet Image Montage

PhotoSketch – from ZDNet.com

PhotoSketch- better than sliced bread, Photoshop

PhotoSketch – from Gizmodo.com

PhotoSketch- This Is a Photoshop and It Blew My Mind

Posted using Windows Live Writer

A Weapon Against SQL Injection

The single most common database security inquiry I get is "What's this whole stored procedure parameter thing and how does it help with SQL injection?"

Tech Insight: Beating Bots And Scareware On A Budget

Free tools, like the Squid Web caching proxy, can add extra layers of protection for your users

Posted using Windows Live Writer

Social networking sites are becoming a more popular attack vector for cybercriminals because people trust those they believe to be friends.

Posted using Windows Live Writer