George Guninski is a famous researcher. He has lots of notes which loads tons of Dynamic Link Libraries or DLL. The DLL can be very tricky, especially when you want to use it and the program for it to run is not loaded yet, and thus a possibility of a malware attack can make your computing really nerve wracking.

The DLL can have malicious versions, and when the application loads it, there are lots of directory attacks which are being controlled. You can be trick that it’s the program you need for your computer. This time a Safe DLL Search Mode is launched by Microsoft to protect its customers.

Many users of iTunes discovered that the bug attaches itself to Windows, despite of it having lots of security measures. The best way to deal with it is to have a file, on which you can just look for the Dynamic Link Libraries which will help you control the malware invading. Unfortunately it is still annoying when you discover that some applications can be really a pain, especially when you need the apps up and running for a deadline. Windows Vista and Windows 7, even if it is already high tech, are still vulnerable to this attacks, and sometimes may seem to be really unbearable.

There are lots of requirements so an attack can be executed, it is usually from current directory to a WebDav share.  When you browse to perform a remote share, and then you started downloading the document from your Windows Explorer, a real attack can set in. The malware usually starts working from the WebDav link. Firewalls can protect the computer at some point, but the attacks is usually in the inside not the outside. Thus making your computer under attack.

The attack is possible because of errors in the programming of lots of applications, but not from Windows, and there are lots of them counting to 100, the known CEO of Acros Ergos affirmed, and the only way to solve it is to fix the apps, because the Windows is okay.

Related posts:

1. Facing Microsoft and DLL Loading Issue
2. Your Employees can Protect You
3. AES Sets the Standard for Encryption

•    Designing a super computer better than the best in the market.
•    Software which is user friendly, that people from the Amazon forest can use it.
•    An app that will solve wars and eventually  be an instrument of peace globally.

How I would like these things to be true, but sadly, we would have to make do with an Intel-exclusive antivirus, according to one analyst.

There are  many people which is  into the industries of security and semi-conductors, and the teaming up of McAfee and Intel will rock the silicon valley.

The leaks that there might be a partnership going on at Intel and MacAfee is not true, there is however an anti-virus written especially for Intel to protect it from various attacks in the internet.

Intel is conceptualizing internet security directly to the microprocessor, which will make the Intel group ahead of its colleagues like the Via and the AMD. There was a serious conference meeting, and Nathan Brookwodd was still Intel is definitely moving to secure its peripherals safe from hackers, so as to protect its client.

Considering the consumer retail market, Intel will have a giant leap forward, because it can offer an anti-virus market and at the same time an “Intel Inside” first class brand.

Looking forward to the anti- virus program of McAfee teaming up with Intel is competitive, as Alex Eckelberry affirmed, the Chief Executive of Sunbelt Software.

If the teaming is a true the anti-virus developers are looking forward to having the Intel and McAfee partnership really jell, and see that the marketing dollars will keep on coming, and lots of the directors from IT will be looking forward how an anti-virus performance will escalate.

There is a saying that one cannot be really sure until it happens, and so it is important for Intel to release an official statement. Up to this moment, there is no news yet of a possibility of them teaming up with McAfee, but definitely many people will be awaiting the news and Intel is very discreet about it.  Though the partnership will really do a lot of good both for Intel and McAfee, anti-virus programmers might end up teaming up with other processors to enhance anti-virus programs experience. We will never know, till the day happens.

Related posts:

1. To Hire or Not to Hire a Hacker
2. Protecting yourself from Internet Identity Thieves
3. Facing Microsoft and DLL Loading Issue

Decades passed about DLL issues, it had been that long, until eventually an advisory was given to all Windows enthusiasts.

This is how it happens, if you press F5 and you somehow press a data file for the current directory which has the virus attack, it doesn’t need to be in the directory, but it can attached itself in any sharing of networks. Too bad for Windows user, because the virus can spread not only from passing from directory to directory, where you can easily detect it, but it attaches itself from the internet server through WebDav. Reminder, the virus data file may also be in the internet server, and thus the infection of virus can escalate web wide.

Windows decided to do something about it by changing the location of the DLL, and did a lot of software mechanism to avoid the crashing of Windows. Currently DLL is not totally removed and just sent to the next of the bottom list of being attacked, because removing DLL can definitely caused incompatibilities. It will happen that an error in applications occur but not a Windows error.  Despite of it however,  Windows service is affected.

There are lots of advice given by the advisory from Windows, which will be useful. The web developers should follow DLL security practices which is explained in detail via MSDN, and it had to be followed strictly. Web administrators, and IT internet security officers  should check daily all the port of TCP at 139 and 149, this is in the firewall, and if there is an extreme need do not use a WebClient.

Windows will be updated to ensure that Microsoft Issues are resolved, and which will allow IT or Web administrators get into the registry key, to make it sure that DLL is doing fine.  They are also encouraging developers to be able to stop downloading DLLS from a directory which is current and shared. The registry key can be utilized and it can be found in MSKB 2264107.

Unfortunately, Microsoft couldn’t detect the problem, and Microsoft is doing its best to be cooperatively working with the web internet security team and application vendors to solve the problem once and for all.

Related posts:

1. Microsoft Gets Four-Peat Updates
2. Adobe Flaws – Protect your Operating System
3. AES Sets the Standard for Encryption

Weakest Link: Human Nature

If you have a co-worker who are at his wits end to finish a task and had to download sensitive information in behalf of the company and asks for your help, definitely you will help him.

It is our greatest strength and our weakest link as well. A DEFCON Hacker Convention had made a study on how to hack an information, it is usually by just asking. The accurateness is almost 100%.

Ordinarily, a colleague who needs help we have to lend a hand. Unfortunately some unscrupulous information predators, can do it by just making a phone call, and steal your company ideas just like that, and the rest is history.

So how do you protect sensitive information from prying eyes and robbers.

What can protect your sensitive data:

a. Firewalls restricting full access. Only people who are identified as authorized personnel can have full access.

b. Audit Logs regularly without specific time frame. Auditors should  include in their training how to check on logs by employees, and who are authorized to do so. Unauthorized logging should be questioned and examined, especially when an identification number shouldn’t be there.

c. Intrusion detecting systems which you can invest on.  This innovation will definitely protect you from prying eyes

d. antimalware software filters which can gather information from your computer siphoning every bit and dot of your ideas.

The trade off for lack of controls is business impact and cost effectiveness. Training people can be costly, especially when the turn over is not controlled.

Prevent the Inevitable

There should be somebody assigned to help solve the problem, this is the only person where a solution can be asked for. He will be the person personally responsible for any given data, and thus the people should know he or she is the focal person for specific problems when the need arises.

There should be stringent policy and employees should be educated. Let them be aware of potential attacks and thus keeping information predators at bay. Train help desk personel never to give passwords online as this can be easily harvested. Educating and policy is your best defence against information predators.

Related posts:

1. KNOWING BETTER WILL SAVED YOUR FROM SCAMMERS
2. Adobe Flaws – Protect your Operating System
3. HITECH Act Combats Information Theft

There are lots of Facebook fans who had fallen prey in Facebook, as people had been scamming for money and information. It is becoming a real.

1.  Uncanny link is sent from a friend, a company asks for  personal information, and mysterious charges show up on a credit  card — or, in this case, a mobile phone bill.

2. Never give your mobile phone to strangers, this can be very dangerous.

The real fact is our information in the internet world is collated and used for commercial purposes.

Here are some things to keep in mind.

1. Markets is Bullish and protects the rights of the consumers

Much as we wanted the real thing, it is not so. As sellers and traders are bent on hitting their targets to cash in earnings and profits.  There are possibilities of financial power, which can redound to good or evil. Unfortunately we have to learn it slowly.

Users of the internet especially facebook users should be wary about internet predators who are phishing out information to get details about your personal data, and even get credit cards information to entice.

Some would even pretend as investors to steal from you huge sums of money.

iTunes and Apple knows how to keep the security without slowing down internet usage. Facebook should monitor application users especially those predators who are fishing out details from other people and entice them to join the band wagon of hoodlums and robbers. Facebook has the responsibility to monitor their application users, which is the same with other social networking sites.

Freedom of Speech Has Exceptions

Unfortunately Craiglist, though considered as an important advertising site, it has recently included child trafficking. It has to be regulated by the world wide web.

Website owners and administrators ought to be responsible and has to be prosecuted in whatever place they are if they allow such horrendous activities as child trafficking.

SCAMS ELIMINATION

Craiglist should be also be regulated, if facebook can do it, craiglist should do too.

As much as craiglist getting lots of added on adverts daily, it has to regulate its users, especially those who are selling products which can be harmful to the users. Craiglist administrators should be responsible to not allow dangerous things advertised in their products, like child trafficking.

Related posts:

1. HITECH Act Combats Information Theft
2. The Kins – a Better Option for the Best Person: You
3. Protecting yourself from Internet Identity Thieves

Related posts:

1. Facebook Applications undergo Developer Registration
2. Vacation
3. The Kins – a Better Option for the Best Person: You

Microsoft has just released four updates. Three of these answer to five vulnerabilities that may well be considered as Critical, depending on its user’s platform. So now, we can expect that even Windows 2000 has been duly updated and made stronger against all known glitches.

The first is update is on MS10-042 – Vulnerability in Help and Support Center. Before, this feature could allow remote code execution, and is therefore highly exploited. Accordingly, Windows XP and Windows Server 2003 are affected.

Second is on MS10-043, or the Vulnerability in Canonical Display Driver Could Allow Remote Code Execution. This was aired out two months ago. This vulnerability affects only 64-bit versions of Windows 7 and Windows Server 2008 R2. With this, Microsoft assumes that the Canonical Display Driver is difficult to exploit, and only inconsistent exploit code my likely ensue.

Thirdly, there is the update on MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution. With this update, two vulnerabilities that affect ActiveX controls in Access 2003 and Access 2007 can now be fixed. Prior to this, users have been exploited in two ways – if they open a malicious file locally, or if they happen to manipulate controls placed on a web page.

The fourth update is on MS10-045, addressing Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution. This is the most interesting of the four updates, albeit MS10-042 is famous and publicly-exploited. This addressed the vulnerability of Outlook XP (2002), 2003 and 2007 to remote code execution. Most likely, we could have encountered a specially-crafted message to the user containing an attachment. Opening such attachment is just like unlocking Pandora’s Box. Outlook 2010 is not affected by this vulnerability.

Users are encouraged to apply these updates as soon as possible. However, it has been foreseen that 3rd party e-mail security products might find its way to blocking these updates soon.

Related posts:

1. Adobe Flaws – Protect your Operating System
2. The Kins – a Better Option for the Best Person: You
3. Good News for Publisher-Lovers of Linux

Ten years, after, the internet has grown more complex than ever. Theoretically, the whole world is now wrapped inside the Web, and possibly, the identities of half of this world’s population might already be an open book for the whole world to see. Now, if what you got in your personal life page is extremely confidential, would you consider the internet mayhem issues as a major cause of alarm?

This is what Lincoln Medical and Mental Health Center felt just a few weeks ago. This New York-based health care provider lost a CD in transit via forex, and soon after, the provider had to inform 130,000 individuals that their records were potentially lost. If by chance an identity thief gets hold of the lost CD, vital personal information including diagnostic information, Social Security numbers, dates of birth, and others can be illegally manipulated and used.

Before, such case is not a big problem. But February last year, the HITECH Act was signed into law, and thereafter, such simple loss of CD had become a big issue.

The HITECH Act stipulates that lost or stolen unencrypted records must be notified to Health and Human Services, and would consequently be posted in the HHS wall of shame – a list that contains public roster of breaches involving more than 500 individuals. Now, a surprisingly large number of cases have been posted in the wall of shame – a clear proof that the HITECH Act is being implemented, and institutions have shamefully abided by this law.

This policy might be exaggerated, but there is a grain of wisdom in being extra careful with public documents. We never can tell the full power of the internet as a source not just of the truth, but also of fraud. And we can’t also be assured of our safety therein. The HITECH Act simply guarantees that all data lost are duly accounted, and if by chance something wrong happens with our electronic data, we got a reliable fallback.

Related posts:

1. Protecting yourself from Internet Identity Thieves
2. Internet Security – Chinese Style
3. Caffeine Web – The Fast Google Search

Good thing there is the process of encryption.

Encryption is the ability to store and transmit information that is seemingly senseless in the eyes of those not concerned. This may be considered similar to the jargons and cryptic messages that are relevant to a certain group only. Thanks to experience, the process of encryption has become much stronger than, thus giving unruly hackers a harder time in plotting their next move.

Today, the standard for symmetric encryption is the Advanced Encryption Standard, or AES. This system ensures that data can only be sent using a symmetric cipher, meaning, the sender and receiver use the same key for encryption and decryption.

So how was the AES developed into becoming the de facto standard that it is now?

AES traces its roots back in 1977, when Data Encryption Standard (DES) was the commonly used encryption system. This algorithm-based standard was developed by IBM and enhanced by the National Security Agency. DES was deemed to be unbreakable. However, as the years passed, experts have learned to break the DES, and in the late 1990s, the DES could not offer anymore the protection it once was capable of.

Although developers have introduced the Triple DES – a system three times stronger than its predecessor – new systems emerged. It was 1997 when NIST introduced a competition: Rijndael, the algorithm of Belgian cryptograhers Joan Daemen and Vincent Rijmen. Moreover, in 2001, the FIPS 197 was introduced.

Despite all competitors, AES remained unsurpassed. This system was even further improved using Rijndael’s algorithm, ensuring the security AES is famous for. With Rijndael’s design, AES becomes stronger than ever, as its inventors have foreseen all possible attacks against the system, such as saturations or “square” attacks, Gilbert-Minier attacks, interpolation attacks, and related-key attacks.

The related-key attack is considered the most dangerous, yet with the power of AES, this attack becomes practically useless. Usually, attacks focus on weaknesses in implementations, and not on the algorithm, and the AES, in its totality, remains impenetrable.

Related posts:

1. Protecting yourself from Internet Identity Thieves
2. Caffeine Web – The Fast Google Search
3. Internet Safety Tips for Professionals

Looking at my friends’ and strangers’ profile pictures is amusing in itself. Add on the funny fact that these guys would love to hide their real faces with masks, make-ups, silhouettes, and quirky obscure poses that seem to highlight their generically similar hair strands and not their unique faces. Funny, isn’t it? But if these profile pictures become the passport for you to logging in Facebook, your fun might just leave you famished for being disallowed over and over again.

Logging on to Facebook is never a problem, more so in other countries. However, if you get the chance to log on to Facebook in countries with stricter logging policies, you might be in for a big problem.

This is the case in Japan, wherein you have to undergo a tedious process of authenticating your account before you accessing Facebook. The process in Japan would force you to identify a series of faces you’ve tagged as friends via multiple choice format. What’s pissing here? Consider the following what ifs:

What if the people featured in the process are friends that you haven’t met for a long time. People get older (or sometimes, thanks to cosmetic surgery, younger looking and prettier than ever), so how on earth would you be able to identify faces you’ve last met in flesh a decade ago?

What if you haven’t actually met the person featured? How would you be able to guess the face of somebody whom you only recall via two-dimensional screen shot?

What if the featured persons conceal their facial identities through all sorts of make up, costumes, poses, et al? I’ve got Facebook buddies who have hidden their identity with a picture of somebody else?

So, no thanks to Facebook’s tagged pictures application, opening my account in Japan has become one disappointing strategy. But then, it’s a multiple choice test, so I might still hit some right answers by virtue of probability.

Related posts:

1. Is There Really Something to Worry About Facebook?
2. Facebook Applications undergo Developer Registration
3. To Hire or Not to Hire a Hacker