Details on the
Chinese attack on Google: http://www.wired.com/threatlevel/2010/02/apt-hacks Similar attack on Adobe:
http://www.wired.com/threatlevel/2010/01/google-hack-attack Called Advanced Persistent Threats (APT), the attacks are rarely detected by antivirus and intrusion programs. They are difficult to eradicate even after a company has discovered them and taken corrective measures. Unlike criminal attacks aimed at identity theft, their focus is espionage – locating and uploading documents and email. They target companies with dealings in China, including more than 50 law firms. Uploads are disguised in legitimate outgoing traffic.
The attackers sent targeted spear-phishing e-mails to four key U.S. executives involved in the acquisition discussions that appeared to come from a colleague. When the executives clicked on a URL in the e-mail, malware loaded to their machines. Within a short time, the attackers had administrative rights on most of the company’s computers.
IE 8 is least threatened because Data Execution Prevention (DEP) is enabled by default in all versions of Windows on which IE 8 runs. See MS KB
912923 to enable DEP
. http://support.microsoft.com/kb/912923/en-us DEP will cause crashes with certain poorly written vertical market software, including Abacus Law and Micro4 practice management, among others. Test first.
Free malware scanners. Our favorite is
MalwareBytes, which seems to do a good job of catching the types of “you have a virus” spyware that tries to get you to enter a credit card. Symantec offers
Security Check, Kapersky provides
Free Virus Scan, Trend Micro has
House Call, McAfee offers
FreeScan. Running several of these may uncover infections that any one tool might miss by itself.
Be sure you are downloading the real thing - there are some malicious sites with similar spelling. Download the latest version. It is important that only one antivirus product be resident at a time. http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html IECacheView utility works nearly the same way as IEHistoryView, allows you to
see and manage what was downloaded while surfing. Sometimes useful for determining the source or extent of malware. You can save a list of the cached files as well as all the metadata about them.
www.nirsoft.net/utils/ie_cache_viewer.html Live Mesh is a
Microsoft file sharing tool, similar to DropBox. 5GB free storage in the cloud, and remote access to all your computers.
www.mesh.com New
FTC rules on Blogging require disclosing whether you are being paid to recommend a product or service.
http://ftc.gov/multimedia/video/business/endorsement-guides.shtm Specific HIPAA compliance requirements were released in January. They include a requirement to use complex passwords, and change them every 90 days. If you are storing or using protected health information, talk to us to make sure you are meeting all the requirements.
The law
http://edocket.access.gpo.gov/2009/pdf/E9-740.pdf Guidelines
http://www.cms.hhs.gov/EducationMaterials/02_HIPAAMaterials.asp Lightbox free image editor, use for photo editing. If you have MS Office, you probably already have Microsoft Picture editor, which works fine for simple photo cleanup. Google’s Picassa online photo site has similar features.
www.lightboxeditor.com http://picasa.google.com Free online movies www.movski.com YouTube now has a large selection of free full length Bollywood (Indian) movies.
www.youtube.com Also check out www.surfthechannel.com www.watch-movies-online.tv www.free-horror-movies.com Save online video - save online streaming media as AVI, MPEG, Windows Media, or QuickTime video. Turn it into a file you can store locally.
http://benderconverter.com Firefox has a plug-in file downloader:
https://addons.mozilla.org/en-US/firefox/addon/3006 More free college classes http://lifehacker.com/201979/technophilia-get-a-free-college-education-online Web tools to
enhance collaboration.
http://ozgekaraoglu.edublogs.org/2010/01/05/100-web-tools-to-enhance-collaboration-part-1 It’s a good time to wait if you plan to buy a new business PC.
New Intel VPro Core Chipset coming.
www.echannelline.com/usa/story.cfm?item=25418 Smart phone use growing -up 40% over last year.
www.echannelline.com/usa/story.cfm?item=25415 Social networking tools are expected to replace email over time.
www.echannelline.com/usa/story.cfm?item=25408 Apple Ipad news. Wait on this one.
www.apple.com www.engadget.com/2010/01/29/apple-ipad-the-definitive-guide-so-far www.wired.com/gadgetlab/2010/01/apple-ipad-ereaders www.infopackets.com/news/gadgets/2010/
20100129_win7_tablet_pcs_to_rival_ipad_hp_slate_due_soon.htm Bank sues customer who did not protect their online account.
www.computerworld.com/s/article/9149218/Bank_sues_victim_of_800_000_cybertheft?source=CTWNLE_nlt_security_2010-01-27 Security IPhone update 3.1.3 addresses security:
http://support.apple.com/kb/HT4013 Adobe Acrobat/Acrobat Reader flaws are actively being exploited. Be sure your version is current (Ver. 9.3).
http://get.adobe.com/reader Adobe Shockwave Security update. Shockwave is software used for viewing certain web sites. You may have installed it if a site requested a shockwave viewer. Uninstall the current version, and install the new one (11.5.2.602):
http://get.adobe.com/shockwave www.adobe.com/support/security/bulletins/apsb10-03.html RealPlayer critical update:
http://service.real.com/realplayer/security/01192010_player/en Google Chrome 4.0.249.78 addresses security flaws and some feature updates.
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html Haitian Charity emails may be a scam. Check this list of valid sites:
www.charitywatch.org/hottopics/Haiti.html www.bbb.org/charity-reviews/national/ General advice and links:
www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel01.shtm Internet Explorer 6 cannot be fully patched – the only reliable fix is to upgrade to a newer version. Even if you don’t use IE, it needs to be kept current and patched – just having it installed creates a potential vector for attack.
http://www.msnbc.msn.com/id/35219388/ns/technology_and_science-security Google drops support for IE6:
www.techcrunch.com/2010/01/29/google-twists-knife-in-ie6-pulls-support-from-docs-and-sites Internet Explorer Critical update – considered serious enough that it was released separately. This will show as an automatic windows update, you do not need to install it separately.
www.microsoft.com/technet/security/bulletin/ms10-002.mspx Thirteen
Windows critical updates were released Feb 9
th. Several patch known active exploits, so should be applied ASAP.
www.microsoft.com/technet/security/bulletin/ms10-feb.mspx A “
stability” update for Windows 7 was released at the end of January (KB 977074) which has
caused problems (Blue screen or no screen saver) on a few systems. It addresses minor issues with the screen saver and keyboard. The fix is to uninstall the patch, update the Bios if needed, disable antivirus, then manually download and install it.
http://support.microsoft.com/default.aspx?scid=kb;en-us;977074 http://social.technet.microsoft.com/Forums/en-SG/
w7itproperf/thread/38ebde00-c371-4e2c-a63e-bcac1ac94e57 Update MS 10-015
Kernel patch may be offered repeatedly. To fix the problem follow the advice in KB822798:
http://support.microsoft.com/kb/822798 Windows 7 may start very slowly if the monitor is set to other than 96dpi. A Hotfix is available.
http://support.microsoft.com/kb/977419 Torian Group News Lunch Bytes Seminar at the Chamber Feb 18
th 12-1pm
Windows 7 – What’s in it for me? No Charge. Microsoft has donated a copy of Office Pro as a door prize, and coupons for $150 discount on tech services for installing Windows 7 (with Open License purchase) for attendees. RSVP with the chamber at 734-5876 or Torian Group at 733-1940. Bring lunch if you wish. www.toriangroup.com/events Torian Group is implementing a new software system for tracking work and billing. Invoices and email work summaries will have a different format next month. Call if you have any questions.
Doris (our office manager for 11 years) retired this January. Sheila Kosek has taken her place. You may meet her when you call – she is answering the office phone.