"Most people don't even know what a rootkit is"

The Sony rootkit was shipped on millions on music CDs from well-known artists such as Celine Dion, Neil Diamond and Ricky Martin.

When such audio CDs were played on a Windows computer, a Digital Restrictions Management component was installed and hidden by a tailor-made rootkit. The rootkit would not just hide Sony BMG's own software, but any program that would contain the characters $sys$ in its file name. The rootkit was so effective that at the time, most antivirus programs were not be able to scan the hidden files. As an end result, virus writers started releasing their malware with filenames that would cause the Sony rootkit to hide them automatically, if it was installed.

This was a huge deal, and Sony's reaction was a good example of how not to handle a PR crisis.



We originally found the rootkit in September 2005, but the news broke five years ago, on the first of November 2005, when Mark Russinovich went public with the case.



By far the best write-up on the whole incident was published in an article by MIT Technology Review, complete with comments from Mika Ståhlberg and Santeri Kangas from our labs.

Not all security vendors agreed immediately that Sony was wrong. Our two favorite quotes regarding the whole incident are here:

From The Inquirer:
If you want to find a trustworthy security vendor, I would recommend looking for ones that stood up on the Sony malware DRM infection issue and said 'this is bad' early and loudly. F-Secure comes to mind, but there are others. The ones that said 'grumble, mumble, maybe, sorta' a week later are not what you want to have protecting your machines.

From Bruce Schneier:
Perhaps the only security company that deserves praise is F-Secure, the first and the loudest critic of Sony's actions.

Then again, some people say that if you listen to Celine Dion, you deserve to get infected…

Facebook Clickjacking/Likejacking Removal

Clickjacking or Likejacking..

In Clickjacking once the link is clicked, the attack then tricks victims into making a series of additional clicks, which give the attackers the ability to spam the malicious content on the victims wall and then starts the same cycle with your Friends & Friends of Friends.

Clickjacking may start it attacks in many ways through social networking sites specially Facebook. It'll either try to attract the user with appealing one liners like 

"I have never seen someone like this", 

"OMG The World's Worst Mcdonald Customer (Shocking Video and music..see more..)" followed by a shortened link, 

"10 things a girl does before going on her first date" 

"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

"OMG This Guy Went A Little Too Far With His Revenge On His GirlFriend"

 " 101 Hottest Women in the World" with an image of Jessica Alba.....and many more...

If the message in a form of a facebook application then it'll try to trick you to click the Four letter Word "LIKE"..The danger starts after you click on the Like button and continue. These attackers usually create these facebook apps with an iframe which they layer invisible over the facebook site. Thats why it is also sometimes called iFraming or LikeJacking

These Clickjacker haven't done anything very dangerous but they can easily open backdoors for password stealing Trojans and other malwares. 

How to Know if i am Clickjacked

Keep checking your profile wall. If you see that messages with links are being sent out automatically from your profile to your friends then you can be sure that you are Clickjacked. Also check your "like" pages for applications and fanpages that you never joined. If not removed this Clickjacking may start collecting your personal and private information which leads to identity thefts.  

Clickjacks succeed because people tend to trust information given to them on social networking sites, especially if it appears to have won the approval of several friends. 

So the one and only advise to prevent this from happening: 

- Don't click on suspicious links, even if they've been sent or posted by friends," 

 - Users should  ignore requests from people they don't know. 

 - You should stay informed of Facebook's privacy settings and the changes they undergo

How to Remove Clickjacking Attacks

Step1: If you have already clicked on a link resulting in an addition to your "Likes and Interests" section of your profile, you can edit your "Likes and Interests" field by clicking "Edit My Profile" underneath your profile picture. Then, select "Likes and Interests" from the left column menu.

Step2: Delete the Page from NewsFeed..usually under Recent Activity.

Step3: Report it in Facebook Security Page: http://www.facebook.com/help/?page=420 

Step4: Search for Defensio Social Web Security in Facebook and join Defensio Fanpage. (You will have to Trust these applications and allow to access your private data.:-) Dont worry these are genuine apps)

The advantage of joining The Defensio Social Web Security is that everytime you make a mistake and click on an unwanted link it'll warn you and will ask you to remove it.

Step5: Run a scan using your anti-virus or download this tool and run a full scan.

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Step6: After running the scan follow the instructions and then restart the computer. Logon to your Facebook profile and send messages to your friends to avoid the mistake you did.

How to hide your Facebook friends list

Hide your Facebook Friend's List

Recently Chloe, a commenter on “How to Save Face: 6 Tips for Safer Facebooking“, asked, “How do I hide my friends to everyone?”

To hide your friends list on Facebook, you’ll need to do the following:

1. Go to the “Account” tab and select “Privacy Settings”

2. Under “Basic Directory Information” click “View Settings”

3. In the “See my friends” setting select “Customize”

4.Below “Make this visible to” select “Only Me”

You can also go to your “Profile” and click on the little pencil above your friends. You can select how many friends to show. But you can’t select 0.

To hide your list entirely you have to click “Change Visibility Settings” and end up at step 3 above.

Facebook makes it far too difficult to hide your friends. In the site’s defense, it’s not as hard to find as some of the site’s other opt-in features. And you’re probably not going on a social network to be anti-social. And if you need to hide your friends from even your friends, you’re adding the wrong people as friends.

But still, Facebook, c’mon! Put 0 as an option right on my profile. I may want to be social in different ways than the 550,000,000 other people on your site. Or maybe I want to protect my friends with intriguing politics. Or maybe I’m neurotic about the karma in connecting the wrong people. But give me the choice.

I admit it: I just can’t quit you, Facebook. But if you keep pushing me away, you’re eventually going to succeed. So every once in a while, surprise me! Error on the side of making it easy to control my privacy.

Read more @  http://safeandsavvy.f-secure.com/2010/10/27/how-to-hide-your-friends-list

How to Unlock any Blackberry Phone including New Security MEP4 9700 Bell...

Unlocking the Blackberry

Firefox Updates Fix 12 Vulnerabilities

Mozilla has released versions 3.6.11 and 3.5.14 of Firefox to address 12 vulnerabilities in nine updates.

Five of the updates are rated Critical, two High, one Moderate and one Low.

October 19, 2010

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Microsoft Issues Mega-Patch Batch

Another Mega-patch from Microsoft

Microsoft has released a very large set of updates to Windows, IE, Office. the .NET Framework and Microsoft server software.






16 updates address a total of 49 vulnerabilities, but only 5 of the vulnerabilities are rated Critical on any specific platform. Several of the vulnerabilities have already been publicly disclosed.
The four updates addressing a Critical vulnerability are as follows.

• MS10-071: Cumulative Security Update for Internet Explorer —10 vulnerabilities affecting all shipping versions of Internet Explorer are fixed in this update. The public beta of Internet Explorer 9 is not mentioned. Only two of the vulnerabilities are rated Critical on any configuration and one of those only on IE6 on Windows XP. The other Critical affects most versions of Windows critically and Microsoft's exploitability index rates it as likely to result in consistent exploit code. The other 8 vulnerabilities tend to have important mitigating factors. Two of them have already been disclosed publicly, but Microsoft rates those as unlikely to result in functioning exploit code.
• MS10-075: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution —The Microsoft Windows Media Player Network Sharing Service in Windows Vista and Windows 7 is vulnerable to a critical vulnerability which could be triggered across the network through a malicious packet. Interestingly, it is rated Critical on Windows 7 and only Important on Vista. The Media Player Network Sharing Service is not enabled by default in either version and—by default—access to home media devices is limited to the local subnet, so it shouldn't be remotely exploitable from the Internet.
• MS10-076: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution —The Embedded OpenType Font Engine on all versions of Windows (other than Server Core) is vulnerable to a remote code execution bug using a maliciously-crafted font. Microsoft says that ASLR makes the exploit much more difficult, if still possible.
• MS10-077: Vulnerability in .NET Framework Could Allow Remote Code Execution—On 64-bit systems the .NET Framework is vulnerable to a remote code execution vulnerability. It can allow a specially crafted .NET application to access memory in an unsafe manner.

The 10 updates with a maximum rating of Important are as follows:

• MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure—Windows SharePoint Services, Microsoft SharePoint Foundation, Microsoft SharePoint Server Microsoft Groove Server, and Microsoft Office Web Apps are vulnerable to two HTML sanitization vulnerabilities. These could result in information disclosure or cross-site scripting, but Microsoft says that functioning exploit code is unlikely.
• MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege—All versions of Windows are affected by at least 2 of 3 vulnerabilities, all of which have been publicly exposed already and one of which is being exploited in the wild. All 3 require that the attacker have valid logon credentials and be able to log on locally, making this a difficult problem to exploit.
• MS10-078: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege—Two vulnerabilities in Windows XP and Server 2003 could allow code execution in kernel mode, but the attacker must have valid logon credentials and be able to log on locally.
• MS10-079: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution—11 vulnerabilities affect Microsoft Word. Only Word 2002 is affected by all and only one - CVE-2010-3214 - affects more than a couple versions. But this one is a doozie. A stack overflow when handling a malicious Word document could lead to remote code execution.
• MS10-080: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution—Not to be outdone by Word, Excel gets 13 vulnerabilities disclosed in this update, affecting many versions including the Mac versions and viewers, but not Excel 2010.
• MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution—Almost all versions of Windows are affected by a heap overflow in the Common Control Library. The attack is committed through a 3rd party SVG (scalable vector graphics) viewer which must be installed on the system.
MS10-082: Vulnerability in Windows Media Player Could Allow Remote Code Execution—A specially-crafted web page could trigger a vulnerability in all versions of Windows Media Player.
• MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution —An error in how the Windows Shell and Wordpad validate COM object instantiation could lead to remote code execution.
• MS10-084: Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege—Windows XP and Server 2003 are vulnerable to an elevation of privilege vulnerability exists in the Remote Procedure Call Subsystem (RPCSS).
• MS10-085: Vulnerability in SChannel Could Allow Denial of Service —Windows Vista, Windows 7 and Windows Server 2008 are vulnerable to a denial of service vulnerability in the processing of IIS client certificates.

2 vulnerabilities have a maximum rating of Moderate:

• MS10-074: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution—MFC has an error in the processing of Window titles.
• MS10-086: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering—The Failover Cluster Manager user interface in Windows Server 2008 R2 has a tampering vulnerability in the handling of permissions on shared cluster disks.

Oracle Updates Java to Fix 29 Vulnerabilities

An update to Java from Oracle patches an ominous-looking set of vulnerabilities.

The new version Java 6 Update 22 (updates are also available for the 5.0 version of Java) fixes 29 vulnerabilities, 15 of which have a severity rating of 10.0 on the CVSSv2 scale, the highest possible score. This means that it doesn't get any more severe than these 15.

Beware the usual default selection of some other software you don't need or want, such as the Bing Toolbar or free McAfee scanner.

Take a look at the list of individual vulnerabilities on the list if you want to get a sense of just how serious this update is. CVSSv2 is a standard for rating characteristics and severity of vulnerabilities and it goes, in a sense, into too much detail.

Brian Krebs recently reported on how Java has become the top target for exploit writers, surpassing even Adobe products. Java is widely deployed on systems where the user has little or no knowledge that it's even there. Vulnerabilities in old versions allow drive-by compromise of the computer.

This latest set of vulnerabilities fits right in that tradition. Take CVE-2010-3563, called Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability by TippingPoint's Zero Day Initiative.

'This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page.' 

The description should say 'or a legitimate page that has been compromised by cross-site scripting or SQL injection or a compromised advertisement so as to include malicious script.

Patch now, or maybe just get rid of Java. I did this a while on one of my systems and it's mostly been OK, but there have been several instances where I have been seriously inconvenienced. Usually it's a site with some custom uploader written in Java.

What to Do If Hackers Steal Your Online Accounts

What to Do If Hackers Steal Your Online Accounts: "If your e-mail, Facebook or Twitter account has been broken into and taken over by crooks, here's what you can do to kick them out and regain control over your online life."

Complicated Mechanisms Explained in simple animations

Radial Engines

Radial engines are used in aircrafts having propeller connected to the shaft delivering power in order to produce thrust its basic mechanism is as follows

Steam engine Principle

Steam engine once used in locomotives was based on the reciprocating principle as shown below

Sewing Machine

Maltese Cross Mechanism

this type of mechanism is used in clocks to power the second hand movement.

Manual Transmission Mechanism

The mechanism also called as “stick shift” is used in cars to change gears mannually

Constant Velocity Joint

This mechanism is used in the front wheel drive cars

Torpedo-Boat destroyer System

This system is used to destroy fleet in naval military operations.

Rotary Engine

Also called as Wankel engine is a type of internal combustion engine has a unique design that converts pressure into rotating motion instead of reciprocating pistons

"

EasyBCD 2.0 Makes Dual-Booting Easier, Now Supports Windows 7 [Downloads]

EasyBCD 2.0 Makes Dual-Booting Easier, Now Supports Windows 7 [Downloads]: "

Windows only: Bootloader tweaking utility EasyBCD makes dual booting between Windows, Linux, and even OS X an easy task, and the latest version updates with support for Windows 7 and newer Ubuntu versions with grub2. More »

Intel set to overhaul desktop CPU range with new models, lower prices

This might be about as shocking as sunny weather in España, but Intel appears set to slash some prices and bump some speeds in its desktop CPU portfolio this quarter. According to DigiTimes and its beloved motherboard maker sources, the desktop dominator intends to introduce a six-core Core i7-970 chip, at a $885 bulk purchase price that should bring the hexacore entry price down from the i7-980X's $999 perch, along with a 2.8GHz i5-760 priced at $205, and -- intriguingly -- a quad-core i5-870S designed specifically for small form factor machines and costing an appropriately inflated $351 a piece. Finally, there's word of a most welcome price tumble for the 3.06GHz i7-950, which moves down to the $294 slot currently occupied by the 2.8GHz i7-930. All this crazy talk seems to reiterate earlier suggestions coming out of HKEPC, so we advise hitting both source links and drawing your own conclusions.

Intel set to overhaul desktop CPU range with new models, lower prices originally appeared on Engadget on Fri, 02 Jul 2010 11:27:00 EDT.

How to Report Cyber Crime/Abuse/Spam/Phishing

Cyber Crimes like Stalking,Password Hacking,IdentityTheft,Cyber Frauds,Child Abuse..etc can be reported to
Indian Computer Emergency Response Team: www.cert-in.org.in or

Email: incident@cert-in.org.in

Phone: +91-11-24368572
Fax : +91-1800-11-6969

To report in your region visit Cyber Crime Investigation Cell:

http://www.cybercellmumbai.com/links/

To report a global spam send a copy of the unsolicited email to

spam@uce.gov Or Simply fill out the online form located at

http://www.ftc.gov/  [Federal Trade Commission]

You should also send an email to your internet service provider. Normally, their abuse desk will have the email address abuse@theirispname.com, or postmaster@theirispname.com. This will atleast alert them about the problem and they can block such emails. If possible also send an email to the ISP of the sender.

Customize Task Manager colors with Task Manager Modder

You may not call Task Manager up all that often -- and if you do, you've probably grown accustomed to its green-on-black color scheme. If, on the other hand, you're a customizer of all things Windows, you might want to tweak those defaults to something which coordinates better with your overall desktop theme.

Task Manager Modder is just the tool for the job. Launch it, adjust the sliders (or enter hex codes) until the color scheme meets your particular needs, then apply the changes. You can also load a custom .BMP for the memory and CPU bars. To fall back to the Windows default, just click the Restore Task Manager button.

As with any tweaking tool, it's a good idea to create a system restore point before making any changes.

Customize Task Manager colors with Task Manager Modder originally appeared on Download Squad on Tue, 29 Jun 2010 14:00:00 EST.

Intel: GPUs aren’t 100 times faster than CPUs, just 14 times. Nvidia: Oh no!

This is pretty funny. You’ve probably seen some of the propaganda over the last year or so about how GPUs are orders of magnitude faster than CPUs at certain tasks, due to their parallel processing engine. Intel got tired of hearing about it, I guess, and decided to debunk the myth. They set out to disprove the notion that a GPU can be 100 times faster than a CPU. They kind of did it, but I think this is what is termed a Pyrrhic victory.

Interestingly, they chose a rather old GPU and a comparatively new CPU to compare: an Nvidia GTX280 and a Core i7 960. Maybe they chose on price parity? Whatever the case, they found that while indeed the GPU advantage was not as great as suggested, it was significant: 2.5 times faster on average and up to 14 times faster in certain situations.

Nvidia took the opening for all it was worth:

It’s a rare day in the world of technology when a company you compete with stands up at an important conference and declares that your technology is only up to 14 times faster than theirs.

To be fair: we can’t really expect unbiased judgment from either side, and the tests in the paper are too complex to be boiled down to a “oh it’s this much faster” talking point. I just think the drama is hilarious.

[via TG Daily]

Join vCommission

Firefox 3.6.4 Protects Against Crashing Plugins

After some delay, Mozilla has finally released the bits for Firefox 3.6.4. Users can download the new code with the Check for Updates feature or by downloading it from here.
According to the release notes the main change in 3.6.4 is a stability enhancement which keeps the browser up and running when a major plugin crashes. Other stability and security enhancements are also noted.
This page in the Mozilla wiki describes this new plugin protection as 'Crash Protection.' Mozilla estimates that '...as many as one in three browser crashes are currently caused by problems with various third-party plugins.' Crash protection runs plugins out of the Firefox process, making it easier to close the tab on which the plugin is running. When it crashes, the plugin goes away and content controlled by it is disabled. Reloading the page reloads the plugin.
Crash protection initially is available only for the Windows and Linux versions of Firefox. Implementing it on the Mac is a tougher task, and Mozilla is promising it for version 4 of Firefox. The beta of Firefox 4 is due any day now, but the release code isn't due till the Fall.
It also appears that the initial Crash Protection only works with a few specific plugins: Adobe Flash, Apple Quicktime and Microsoft Silverlight. There's no specific schedule for other plugins to be added.
Version 3.6.4 also fixes 10 vulnerabilities in 7 updates, 4 of them critical. MFSA 2010-26 addresses 4 vulnerabilities, all crashes with evidence of memory corruption, Mozilla's policy is to treat these as exploitable code execution bugs without definitively proving it. The other critical fixes address freed object reuse across plugin instances, a heap buffer overflow and an integer overflow. Two moderate and one low-severity bug are also fixed.
At the same time Mozilla released Firefox 3.5.10 for those who won't upgrade to the 3.6 branch, although Mozilla strongly advises users to do so. There is not, for example, nor will there be, crash protection for the 3.5 versions.

Kaspersky Rescue Disk 10.avi

How to use Kaspersky Rescue Disc without loading windows:

Infected PC Won't Boot

How to use Avira and Kaspersky Rescue Disks to remove malware without loading to windows:

Dell debuts Inspiron R line with glosstastic new looks, Intel Wireless Display

Dell's given its Inspiron lineup a new back-to-school paint job, dubbed as the new R series, with a heavy emphasis on gloss and Dell's forward-positioned hinge designed (thrilling, we know). The lineup has mainly the same internals as the existing Inspirons, with Core i3 and Core i5 processors, but the optional Intel Wireless Display is a nice addition. Prices start at $449, with models coming in 14, 15, and 17-inch sizes, and you can configure these things to your heart's content -- including your choice of Mars Black, Promise Pink, Tomato Red, and Peacock Blue. The laptops should are available today at retail and on Dell.com, and you can find a fancy press release after the break.

Dell debuts Inspiron R line with glosstastic new looks, Intel Wireless Display originally appeared on Engadget on Sun, 20 Jun 2010 12:59:00 EDT.

Deal of the Day – HP Pavilion Elite HPE-390t Core i7-980X Six-Core Extreme Desktop PC

The LogicBUY deal of the day is up to $699 in savings + web-use $25 stackable coupon on extremely high-performance HP Pavilion Elite HPE-390t Six-Core Extreme Edition (3.33GHz, 1.5MB L2 + 12MB Shared L3 cache) Desktop PC. Plus, free upgrade to 1.5TB Hard Drive, free 15-month Norton Internet Security subscription, $80 instant rebate on select LCD Monitor and free shipping. Ends 6/24 or … [visit site to read more]

Windows XP and Windows Server 2003 hit by "Zero-Day" vulnerability

A vulnerability in the Windows Help and Support Center has recently been discovered and it could allow remote code execution on affected systems.

Only Windows XP and Windows Server 2003 are affected.

Microsoft is aware of targeted attacks currently in progress that exploit the vulnerability. These attacks make use of links on web pages or email messages that use the hcp:// prefix rather than the normal http://.

This vulnerability could allow hackers to take remote control of affected systems.

The HCP protocol is used in Windows to control links in the Help and Support Center. This vulnerability is as a result of Help and Support Center not properly validating links that make use of the HCP protocol.

Microsoft has released a Fix it script that can be run on vulnerable systems to offer protection. Be aware that this script disables all links using the HCP protocol.

Source: Zdnet