Mark Pace, Author at Sterling IT

Secure browsing for social networks, uninstalling old programs, and more

Posted on April 27, 2012 by Mark Pace

Newsletter – Secure browsing for social networks, uninstalling old programs, and more – SSO-NL2012-001
16 January 2012
Newsletter January 2012 (File size: 1574Kb)
Overview
The purpose of the Newsletter is to provide general advice about online security issues and help you learn to better manage the security of your computer and information when online.
This month’s newsletter will cover how to enable secure web browsing on social networks Facebook and Twitter, how to uninstall old, unused or out of date programs from your computer, a tool which makes it easier to keep windows based computer’s software up to date, and a warning regarding unsolicited technical support phone calls often purporting to be from Microsoft.
Feedback
Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
SSL Secure web browsing for Facebook and Twitter
SSL/HTTPS provides the following security features to your web session when implemented correctly.
* The ability to check the web site digital certificate to verify the identity of the web site. The purpose of this is to help provide assurance that you are connected to the correct web site and not a fake impersonation.
* The use of encryption to conceal the content of the traffic sent between your computer and the web server (including passwords and other sensitive information).
* The ability to protect the integrity of the traffic to make sure it is not modified en route.
Facebook
In this Newsletter, we provide instructions for how to enable the use of SSL/HTTPS in Facebook. There are however a number of caveats:
* Firstly, you need to be logged in before you can turn this feature on. In some circumstances (described in the December 2010 newsletter) your personal information could already be exposed. We believe it should be on by default.
* Secondly, it can be deactivated without your knowledge, if you wish to connect to a Facebook page which does not support HTTPS.
In brief the feature, allows you to opt-in to use SSL “whenever possible”. To turn on this feature, follow these steps:
1. Log into Facebook.
2. Click on the ‘Down Arrow’ in the top right corner of the Facebook page, and then select ‘Account Settings’ from the top right menu, as shown in figure 1 below.

Figure 1 – Facebook ‘Account Settings’
3. Select ‘Security’ from the menu on the left and then click ‘Edit’ on the right side of ‘Secure Browsing’, as shown in figure 2 below.

Figure 2 – Facebook ‘Security settings’
4. Tick the box next to “Browse Facebook on a secure connection (https) when possible”, and the click the ‘Save Changes’ button, as shown in Figure 3 below.

Figure 3 – Facebook ‘Secure browsing’
We recommend you activate this feature, but be aware that if you use any number of the hundreds of Facebook applications, you may find your HTTPS settings are turned off and not automatically reactivated when HTTPS becomes possible again. The result is that you your personal identifying information could be captured in some circumstances when you think it is being protected.
Remember – if you don’t see https in the web address (only http), then the traffic is being sent without encryption and potentially can be captured by third parties.
Twitter
Similarly to Facebook, Twitter also allows the use of SSL/HTTPS, but unlike Facebook it is enabled by default for Twitter. If you browse to “https://twitter.com”, the website will automatically redirect you to “https://twitter.com”, ensuring that the login process takes place using SSL/HTTPS. However, it is still possible to deactivate secure browsing from within the Twitter ‘Settings’ page, so it is a good idea to ensure that this setting is activated at all times.
To check that this feature is enabled within Twitter, follow these steps:
1. Log into Twitter
2. Click on the ‘Head and Shoulders with Down Arrow’ in the top right corner of the Twitter page, and then select ‘Settings’, as shown in Figure 4 below.

Figure 4 – Twitter ‘Settings’
3. At the bottom of the ‘Settings’ page, ensure that the box next to ‘HTTPS Only’ is ticked to ‘Always Use HTTPS’, and then click ‘Save’, as shown in Figure 5 below.

Figure 5 – Twitter ‘HTTPS Only’ Setting
Remember, just as with Facebook – if you don’t see https in the web address (only http), then the traffic is being sent without encryption and potentially can be captured by third parties.
You can read more about SSL in the SSO Factsheet – What is a web site digital certificate and why is it important to check?
Removing old, unused or out of date programs from your computer
We have often discussed the importance of updating software that is installed on your computer to the latest version to ensure that you are protected from any potential vulnerabilities which may exist in older versions. But what about those old programs you don’t use any more, and what about old versions of software that you’ve updated but the old version hasn’t been removed automatically during the update process? For example, often Java will leave previous versions on your computer even after you upgrade. These too could contain vulnerabilities that may be exploited by criminals to attack your computer, even if you are not actively using the programs themselves.
The following instructions will help you remove old, out-of-date, unwanted or unused programs from Microsoft Windows 7, Microsoft Windows Vista, Microsoft Windows XP, Apple Mac OS X, Apple Mac OS X Lion and Ubuntu.
Microsoft Windows 7
1. Click on the Windows 7 ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 6 below.

Figure 6 – Microsoft Windows 7 ‘Start Menu’
2. Below ‘Programs’, click on ‘Uninstall a program’, as shown in Figure 7 below.

Figure 7 – Microsoft Windows 7 ‘Control Panel’
3. Select a program from the list of installed programs, and then click on ‘Uninstall’, as shown in Figure 8 below.

Figure 8 – Microsoft Windows 7 ‘Programs and Features’
Microsoft Windows Vista
1. Click on the Windows Vista ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 9 below.

Figure 9 – Microsoft Windows Vista ‘Start Menu’
2. Below ‘Programs’, click on ‘Uninstall a program’, as shown in Figure 10 below.

Figure 10 – Microsoft Windows Vista ‘Control Panel’
3. Select a program from the list of installed programs, and then click on ‘Uninstall’, as shown in Figure 11 below.

Figure 11 – Microsoft Windows Vista ‘Programs and Features’
Microsoft Windows XP
1. Click on the Windows XP ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 12 below.

Figure 12 – Microsoft Windows XP ‘Start Menu’
2. Click on ‘Add or Remove Programs’ within the Control Panel, as shown in Figure 13 below.

Figure 13 – Microsoft Windows XP ‘Control Panel’
3. Select the program you would like to uninstall and click the ‘Remove’ button, as shown in Figure 14 below.

Figure 14 – Microsoft Windows XP ‘Add or Remove Programs’
Apple Mac OS X
1. Navigate to “Applications”
2. Select the program you’d like to uninstall, and either drag the application icon to the “Trash”, or right-click and select “Move to Trash”, as shown in Figure 15 below.

Figure 15 – Apple Mac OS X ‘Applications’
While these simple instructions should cover removal of most programs under Apple Mac OS X, in some rare cases, such as some software from Adobe or Microsoft, some programs include their own uninstall applications. In these cases the specific uninstall applications for the program must be used to remove the software, and depending on the program itself, these can often be found in the original DMG file or on an original installation CD or DVD.
Apple Mac OS X Lion
1. Open the “Launchpad”
2. Click on and hold the mouse button on the icon of the application you would like to uninstall.
3. When the application icon begins to move, click on the black cross icon that appears, as shown in Figure 16 below.

Figure 16 – Apple Mac OS X Lion
As with Apple Mac OS X, in rare cases some programs installed on Apple Mac OS X Lion may include their own uninstall applications.
Ubuntu
For users of Ubuntu, the “Advanced Packaging Tool” provides functionality to check for updates to installed packages, and also to clean up unused packages from the operating system.
To check for updates to already installed software, simply type ‘apt-get check’ at the console.
To perform a clean-up of unused packages from the operating system, simply type ‘apt-get autoclean’ at the console.

Figure 17 – Ubuntu ‘Terminal Window’
Additionally, certain versions of Ubuntu also include graphical tools which can perform these actions without requiring the use of the console, however the functionality of these may vary from version to version. Most other distributions of Linux also come with similar package management solutions, either text based or graphical – users of other Linux distributions should check the appropriate documentation that accompanies their distribution.
Secunia’s Personal Software Inspector 2.0
A free tool which checks to ensure that you have the latest version of plug-ins and a wide range of other software for Microsoft Windows, is Secunia’s Personal Software Inspector (PSI) 2.0 for home users only, available from:
https://secunia.com/vulnerability_scanning/personal/
Secunia has other products for businesses. To use this tool you will need to install software on your computer, but it checks for a wide range of vulnerable software – for the operating system, applications and plug-ins. It will report changes in the vulnerability of your software over time. According to the user instructions:
It constantly monitors your system for insecure software installations, notifies you when an
insecure application is installed, and even provides you with detailed instructions for
updating the application when available.
Additionally, it will report on software, which is the latest version, but is known to contain security bugs for which the vendor has not yet released a newer version which fix the security bugs. The following screenshot provides a sample of the output which would appear as the “Scan Results” after performing a scan of your PC.

Figure 18 – PSI Results displaying a number of out of date programs and offering solutions to update
This tool covers a wide range of software and can be a useful aid to checking and keeping your software up to date. Remember that if you have plug-ins or application software installed that is less common, then these may not be routinely included in the Secunia PSI check.
Criminals contacting potential victims by telephone to “repair” their computers
We have received reports that Australian Internet users are continuing to be contacted by telephone as part of scams involving their computers.
The scammer calls people at their home by telephone and claims to have information that their computer has a problem – that it is infected with a virus, that it is running slow, or that the computer software is corrupted. In many cases, the scammer often claims to work Microsoft or for a company that can fix the problem and seeks to persuade potential victim to pay for a remote repair service via credit card and also seeks to install remote access software on the victim’s computer. Sometimes the criminals involved in these scams establish web sites to give the appearance they are a legitimate business but the web site is established to facilitate the scam.
If you agree to install such software (even on a trial basis), you will give the criminal remote access and control over your computer and all data on it and may provide them continuing access for
malicious purposes, even after the software is uninstalled. Remote access software should only be installed when you know and have good reason to trust the party concerned.
For further information about how to detect such scams refer to the information in the June 2009 Stay Smart Online Newsletter.
If you believe your computer has problems that you are unable to fix, then look up the yellow pages to find a reputable local business to investigate and fix the problem for you, or if the problem affects software or hardware that is under warranty, contact the appropriate vendor. This way, if you experience any problems, such as fraud, then knowing the physical location and identity of the business involved will give you greater rights and recourse for law enforcement action under Australian law than if you do “business” with an entity that has its presence only ‘online’.
In August 2010 Microsoft published a warning to Australians regarding scams of this nature on their website which is still very relevant:
https://www.microsoft.com/australia/presspass/post/Microsoft-issues-warning-on-phone-scam

DNSChanger malware – AFFECTS ALL OPERATING SYSTEMS

Posted on April 4, 2012 by Mark Pace

Important information regarding DNSChanger malware – SSO-AL2012-010

21 March 2012

Software and platform affected

Windows (all versions)
Mac OS X (all versions)

What is the problem?

Malware which alters a computer’s DNS (Domain Name System) settings, known as “DNSChanger” malware, has been in circulation for some time. DNS is an Internet service which translates user-friendly domain names (e.g. ssoalertservice.net.au) into the numerical Internet Protocol (IP) addresses (e.g. 203.15.34.230) which are used by computers to communicate with each other. By infecting a victim’s computer with this type of malware, criminals are able to alter the DNS settings on a user’s computer. By controlling the DNS settings on victim’s computer, criminals force the infected computers to communicate with “bad” or “rogue” DNS servers, rather than legitimate “good” DNS servers. The criminals can then use these “bad” or “rogue” DNS servers to redirect the unsuspecting users to fraudulent websites or interfere with a user’s web browsing. For example, if a user’s computer is infected with the DNSChanger malware, a! nd the user enters “google.com” in their web browser, rather than take the user to the legitimate “google.com” website, they would be taken to a fraudulent website instead.

In November 2011, the FBI uncovered a network of rogue DNS servers and took steps to disable them. However, by disabling the rogue DNS network, victims who are infected by the DNSChanger malware could lose access to DNS services entirely. To address this issue, the FBI developed a private-sector, non-government entity to operate and maintain clean DNS servers for the infected victims for a temporary period. As of July 9th 2012 the FBI will no longer be operating this service; computers that are infected with the DNSChanger malware could lose access to DNS services, preventing access to the Internet, including access to legitimate websites.

What we recommend you do

The Australian Government has created a diagnostic website which will, in most cases, confirm whether or not a user’s computer is infected with DNSChanger malware: Australian Government DNSChanger Diagnostic

The FBI has provided a PDF document with detailed instructions (including screenshots) to manually check the DNS settings on both Windows and Mac OS X based computers: FBI DNSChanger Malware Document

As a minimum step, we recommend that you click on the Australian Government’s diagnostic website and see whether it displays a green box with the words, “You do not appear to be affected by DNSChanger”.

Then, if you want to be more certain that this diagnosis is correct, it is also recommended that you follow the detailed instructions in the FBI’s PDF document to help to determine whether your computer is infected with DNSChanger. You should also perform a thorough virus-scan of your computer using an up-to-date virus scanner to ensure that it is not infected with the DNSChanger malware.

If you do find that have been infected with the DNSChanger malware, you should seek professional assistance to ensure that the malware is removed successfully.

Additionally, this factsheet contains instructions to help detect and remove malware:

Factsheet 11, Parts 1-3, You suspect your computer is infected with malicious software – what should I do?

Where you can find more information

The Australian Government has also provided some additional information regarding the DNSChanger Malware here: DNSChanger Information

The FBI has also provided further information regarding internet fraud associated with the DNSChanger Malware here: Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business

Disclaimer

This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for use by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person’s circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

Apple releases iTunes 10.5

Posted on October 12, 2011 by Mark Pace

Apple releases iTunes 10.5 – SSO-AD2011-030.

12 October 2011

Software and platforms affected

The following software is affected

Apple iTunes prior to version 10.5

for the following operating system platforms:

Windows XP SP2

Windows Vista

Windows 7

What is the problem?

There is a bug in Apple iTunes software which, if not fixed, could result in your computer being attacked by criminals. Your personal and/or business information may be accessed for fraudulent or illegal purposes (eg, identity theft). Apple iTunes might crash and become unusable.

What we recommend you do

The problem can be easily fixed by updating to the latest version of the Apple iTunes software by starting iTunes, and clicking “Check for Update”. Alternatively, the latest version of Apple iTunes can be downloaded from the following location:

https://www.apple.com/itunes/download

Where you can find more information

More information about these security bugs can be found here:

https://support.apple.com/kb/HT4981

Disclaimer

This Advisory has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Advisory is not adapted to any particular person’s circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Advisory accept no responsibility or liability for information either included or referred to in the Advisory. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Advisory, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Advisory does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Advisory, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties

Fake emails pretending to be from the Department of Broadband – SSO-AD2011-029

Posted on October 3, 2011 by Mark Pace

30 September 2011
Software and platforms affected
The following operating system platforms:
All
What is the problem?
Various spam emails are circulating which are designed to trick users into visiting a website. This site could be used to gather personal information (identity theft) or infect your computer with malicious software.

The subject lines of the email include, but are not limited to (some random number codes have been replaces with 0’s):
Important Information Regarding Your Broadband Account
The from lines of the email include, but are not limited to (some random number codes have been replaces with 0’s):
Department of Broadband <acc-upgrade@dbcde.gov.au>
The emails contain a link which should not be visited.
A sample email is listed below (there may be others):
========== Start Sample Email ==========

Broadband Internet Spam Quarantine Notification
Dear Subscriber,
THIS IS A FINAL NOTICE BEFORE ACCOUNT CLOSURE
You have recieved this email because some of your mails suspected of being spam
have been quarantined.
We are sending you this message directly because,we have been receiving
messages from our registered service providers regarding complaints from their
subscribers on anonymous use of their Email accounts. In this effect,we are
deactivating Email Accounts and your account is among those to be deactivated
because,we believe that your account online user profile may have been
compromised.
A new security have been added to our broadband to avoid unauthorize use of
accounts and to give subscribers a better service.In other to avoid the
deactivation of your account, you will have to verify and upgrade your e-mail
to our new added security.
Click the Release link below and select your service provider
https://dbcde/gov/broadband/index.html/upgrade/?siteAreaIndex=.
If the requisite upgrade is not made by 31.09.2011, we reserves the right to
close your broadband account without further notice in this regard
We apologise for any inconvenience. This message is purely as a result of our
determination to provide you with the best possible service.
Regards,
Department of Broadband,
Communications and the Digital Economy

========== End Sample Email ==========
What we recommend you do
If you receive an email similar to the above emails, do not click on the link in the email. Delete the email straight away.

If you have already clicked the link, it is quite possible your computer may now be infected. It is recommended you seek professional assistance in helping detect and remove the malware.

Make sure you have anti-virus software installed and keep it updated.
Additionally, this factsheet contains instructions to help detect and remove malware:
Factsheet 11, Parts 1-3, You suspect your computer is infected with malicious software – what should I do?
Disclaimer
This Advisory has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.
The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Advisory is not adapted to any particular person’s circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.
The Commonwealth, AusCERT, and all other persons associated with this Advisory accept no responsibility or liability for information either included or referred to in the Advisory. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Advisory, whether by way of negligence or otherwise.
The listing of a person or organisation in any part of this site or Advisory does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.
Please note that material in this Advisory, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

Windows scareware fakes impending drive disaster

Posted on May 17, 2011 by Mark Pace

“Erases” files, icons as lead up to pitch for US$80 to buy worthless utility
Gregg Keizer (Computerworld (US))
17 May, 2011 03:07

Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.

The con is a variant of “scareware,” also called “rogueware,” software that pretends to be legitimate but actually is just a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software.

But Symantec researcher Eoin Ward has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access.

Dubbed “Trojan.Fakefrag” by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site — often because the scammers have manipulated search engines to get links near the top of a results list — and falls for a download pitch, typically because it’s presented as something quite different, like video of a hot news topic.

Fake system or disk cleanup programs aren’t new — Symantec has highlighted the scareware subcategory before — but this malware goes above and beyond the call of counterfeit duty.

“[Trojan.Fakefrag’s] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you that your hard drive is failing,” said Ward in a company blog Monday, referring to the name of the fake suite that the Trojan shills.

The malware kicks off the scam by moving all the files in some folders to a temporary location, by hiding others and by making desktop icons disappear. All of that is followed by a message that looks like a valid Windows warning of impending hard drive doom.

“An error occurred while reading system files,” the on-screen message reads. “Run a system diagnostic utility to check your hard disk drive for errors.”

If the user clicks “OK,” the fraudulent “Windows Recovery” application launches, runs a series of sham scans that sound technical and legit, then reports multiple problems, including disk read-write errors.

With the hook set, the scammers try to reel in the victim by trying to get them to pay $79.50 for Windows Recovery, which will supposedly fix the make-believe issues.

Since the user has just seen his files and icons vanish, he or she is much more likely to fall for the scheme.

“It does a really convincing job of making it appear as though something is wrong,” said Ward. “When it ‘deletes’ files from your desktop, it does so in a very prominent way.”

No surprise, but the files aren’t deleted; they can be found with a quick local search, said Ward.

Windows isn’t the only operating system targeted by scammers. Last week, for example, Intego Security reported finding the first-ever Mac OS X rogueware .

Scammers have upped their “scareware” game by convincing Windows users that their hard drive is ready to croak.

Hiring now 2011 -Closed 9.5.2011

Posted on April 6, 2011 by Mark Pace

Sterling IT is currently looking for 3 motivated staff. 1x junior and 2x senior technicians

Contact our office on 02 97566866 for more information.