TrueCrypt is a free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. With TrueCrypt you can create virtual encrypted drives,  encrypt entire partitions and removable devices or entire hard drives. Watch this tutorial by Thirdfoundation for Windows or the MAC Version by Obrien1979

This is based on an older version of TrueCrypt, but after installation you will see that it looks all the same. For the most up-to-date version go to http://www.truecrypt.org/downloads

Windows Version

MAC Version

Technorati Tags: data encryption, data protection, Security, truecrypt, virtual drives

Related Posts

• October 25, 2010 -- Laptop, mobile and Firefox security
• March 26, 2010 -- Books for sale – Linux Shell, Qmail Handbook and SSL/TLS
• February 12, 2009 -- Important SQL and Exchange Server patches
• January 31, 2009 -- Is Mac Safer?
• December 16, 2008 -- Internet Explorer new vulnerability

There has been a surge in computers infected with the Windows XP Security spyware. The user is normally affected by clicking on a very convincing fake Windows XP security warning displayed on infected websites.   Once the malware is installed, it continues to display pop-ups with security warnings and installs a heap of trojans  on the computer. This malware also disables all .exe files, making it impossible for the user to run anti virus scanners and malware removers. Here is how I recently removed this pest.

1. Disconnect your computer from the internet, this malware installs trojans which will make your computer vulnerable to remote access. Use another computer to download the following programmes, then run/install them on your infected computer in the following order.
2. RKILL stops the malware process ( http://www.bleepingcomputer.com/download/anti-virus/rkill )  – Note, the malware process did come back, but this gave me enough time to execute the next  step.
3. xp_exe_fix.reg ( you can read more about it here ) – This will fix your registry and enable the running of .EXE files, so you can install a malware remover and run your virus scan.
4. Malwarebytes’ Anti-Malware – it’s a simple and easy to use anti-malware by Malwarebytes. Install and run, it will ask you to update, reconnect the internet and allow it to update, disconnect internet after update is done. Run the full scan.
5. After malware scan finishes, click on “Remove Selected” to remove all malware from your computer.  After removal, reboot as instructed and your computer should be free.

Technorati Tags: malware, RKILL, Trojan, Virus, Windows, XP Security 2011, xp_exe_fix.reg

Related Posts

• November 7, 2011 -- Arduino the Open Source hardware
• April 22, 2011 -- Has the iPad really overtaken Linux?
• November 11, 2010 -- IPV4 is almost exhausted.. time for IPV6?
• March 11, 2010 -- The future of gaming is OpenGL
• September 18, 2009 -- Open .eps files on GIMP for Windows

I have been reading some interesting blog posts with suggested security measures for mobile devices, laptops and online.

1. Lessons I Learned When My Laptop Was Stolen – On http://lifehacker.com
2. How to Track and (Potentially) Recover Your Stolen Laptop or Android with Prey – On http://lifehacker.com
3. How To Protect Your Login Information From Firesheep – on http://techcrunch.com

The posts are really worth reading, and also the comments on them. In case you want to use this post as a bookmark for future reference, like I do, here is a list of the solutions mentioned in the posts above.

1. TrueCrypt – data encryption
2. Prey Project – track and (potentially) recover stolen laptop, Android or iPhone
3. Force-TLS Firefox addon – force selected websites to use HTTPS

Technorati Tags: Android, data encryption, Firefox, firesheep, force-tls, https, iPhone, laptop. mobile, prey, Security, stolen laptop, stolen phone, tracking

Related Posts

• August 22, 2011 -- TrueCrypt tutorial
• May 24, 2010 -- Mobile Apps overload?
• July 8, 2009 -- Android to iPhone Apps with XML
• December 16, 2008 -- Internet Explorer new vulnerability
• August 1, 2011 -- Chrome Overtakes Firefox for UK Number Two Browser Spot in July

Microsoft has released its latest security bulletins covering 31 security vulnerabilities. In a total of 10 bulletins 5 turned out as critical, the highest security rating by Microsoft.  See details below:

(extracted from http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx)

MS08-018 (Critical): Fixes two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The more severe vulnerability could allow remote code execution.  It is rated Critical for all supported editions of Microsoft Windows 2000 Server, and rated Important for supported versions of Windows XP Professional and Windows Server 2003.

MS09-019 (Critical): Patches seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Affects IE 5.01, IE 6, IE 7 and IE 8 running on all supported editions of Windows.

MS09-020 (Important): Fixes one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user.  Affects all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

MS09-021(Critical): Patches seven privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Microsoft Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.  It affects Excel 2000, Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.

MS09-022 (Critical): Covers three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.  It applies to Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

MS09-023 (Moderate): Patches a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results.

This security update is rated Moderate for Windows Search installed on all supported editions of Windows XP and Windows Server 2003.

MS09-024 (Critical): Fixes a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. Affects Word 2000, Word 2002, Word 2003 with the Microsoft Works 6–9 File Converter,  Word 2007 Service Pack 1, Microsoft Works 8.5 and Microsoft Works 9.

MS09-025 (Important): Covers two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users. Affects Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

MS09-026 (Important): Patches a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system.  Rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

MS09-027 (Critical): Covers two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Microsoft Word file. Rated Critical for all supported editions of Microsoft Office Word 2000. For all supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac, and all supported versions of Open XML File Format Converter for Mac, Microsoft Office Compatibility Pack, and Microsoft Office Word Viewers, this security update is rated Important.

Technorati Tags: Internet Explorer, Microsoft, MS Office, patches, Security bulletin, Vulnerabilities, Windows 7

Related Posts

• September 25, 2011 -- Fix Java install error 1334 and Error 1723
• March 19, 2009 -- IE 8 is ready
• March 9, 2009 -- Windows 7 with removable IE
• December 20, 2008 -- Microsoft Security patch for IE
• May 9, 2012 -- Salesforce to Outlook error

Security Focus has published a vulnerability found on Firefox (all releases and platforms) causing a serious security flaw. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious file using the affected browser.

Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn’t test). Null, but it’s being called, assuming the worst for the moment.  – extracted

Mozilla developers have already worked out  a fix which will be added to Firefox 3.0.8 which is due next week.

Technorati Tags: Browser Security, bug 485217, Firefox security, Mozilla

Related Posts

• August 1, 2011 -- Chrome Overtakes Firefox for UK Number Two Browser Spot in July
• July 21, 2009 -- Firefox Add-on Collector
• May 21, 2009 -- Mozilla FENNEC – the Firefox gone mobile
• December 17, 2008 -- Browser Password Security test – most failed

A security issue has been identified in the Microsoft SQL Server 2000 Desktop Engine (WMSDE) that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it (Bulletin MS09-004), and Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (Bulletin MS09-003).

The vulnerability in the MS Exchange Server is the most severe, Microsoft explains:

”This vulnerability means that any cybercriminal sending a well
crafted email attachment to an enterprise could gain complete control
over the server and gaining one of the keys to the kingdom…

All kinds of highly confidential and proprietary information pass
through an Exchange server every day.  Gaining control over it and its
content would be a gold mine to any cyber criminal,”  – Extracted from ZDNet

Other applications are also being patched up, Microsoft Visio and IE being included. Microsoft released its monthly security bulletin on the 10th of February.

Technorati Tags: Exchange, Microsoft Security, MS SQL, Security

Related Posts

• August 22, 2011 -- TrueCrypt tutorial
• October 25, 2010 -- Laptop, mobile and Firefox security
• March 26, 2010 -- Books for sale – Linux Shell, Qmail Handbook and SSL/TLS
• January 31, 2009 -- Is Mac Safer?
• December 16, 2008 -- Internet Explorer new vulnerability

I was reading this article on ZDNET.com “Is Mac still the safer bet?” by Adrian Kingsley-Hughes. This is a question that I have been asked many times also, “Is Mac safer than windows?” Although many times it sounded more like an affirmation than a question.

I wouldn’t say it’s safer, it’s just not as targeted. Once Mac becomes a target, the cyber criminals will have a lot of fun because of the lack of attention to security Mac users have. To switch platform with the sole reason of not having to think about security is very lame.

The Microsoft operating system is targeted  for its many vulnerabilities including the end users, who have now started to take security really seriously. Mac users have to step up on their care for security. Most problems I find with Mac users are:

•  Very simple (Unsecure) passwords
•  Blind trust in any program that is available for Macs (because its safe right!)
•  Addiction to desktop gadgets (because its safe right!)
•  Keychain unconditional love – store all and any passwords (this combined with my first point can be a disaster)
•  Will join any wireless network availabe (I am safe it’s a Mac)
•  Last but not least… they are  annoying. ;)

I do not intend to have a go at Apple/Mac and its users, but the lack of security awareness I have seen , specially the new ones recently switched from Windows, is scary. If a well developed targeted malware or virus were to be released now it would be a global disaster.

So my answer to the question is: “The operating system hasn’t been target untill then no one will know how much safer it is. Mac users brace yourselves!”

Technorati Tags: Apple, Apple Malware, Apple Virus, Mac, Security, Windows

Related Posts

• November 7, 2011 -- Arduino the Open Source hardware
• April 22, 2011 -- Has the iPad really overtaken Linux?
• March 11, 2010 -- The future of gaming is OpenGL
• May 12, 2009 -- Offline Blogging Tools
• January 28, 2009 -- Synergy – share mouse and keyboard cross platform

Google Chrome and Safari are tied at the bottom of the list of a password security test run by CIS - Chapin Information Services.

Two years ago CIS discovered a flaw on Mozilla that could give “clever attackers” access to your saved passwords. A few days ago CIS ran a security test on all the major browsers and to their horror and surprise most of them did really badly, including Internet Explorer.

Among the problems are three in particular that, when combined,
allow password thieves to take passwords without the user’s knowledge.
They are:

1. The destination where passwords are sent is not checked.
2. The location where passwords are requested is not checked.
3. Invisible form elements can trigger password management.

You can test your own browser at the CIS website.

Technorati Tags: Browser Security, Chrome, CIS, Firefox

Related Posts

• August 1, 2011 -- Chrome Overtakes Firefox for UK Number Two Browser Spot in July
• January 20, 2011 -- Push up the Web
• October 25, 2010 -- Laptop, mobile and Firefox security
• September 6, 2010 -- Echofon shamefully drops Firefox for Linux
• May 21, 2009 -- Mozilla FENNEC – the Firefox gone mobile