Complete COMPUTER SECURITY - David Woodsmall

Last Updated: 5/08/2008 - Optimized for Firefox 2.0.0.14

COPYRIGHT 1992 thru 2008 - David R. Woodsmall

UNLESS specified, Microsoft Windows is the effected Software

Feel free to link to any of my pages

Caveat Emptor - I am not responsible for any problems

I try to present accurate info

Double check any advice, before taking it

VIRUS Info Security Recommendations Recalls / Warnings Storage Tech News

SECURITY INFORMATION JUMP TABLE

WHAT DO DO IF YOUR SYSTEM IS INFECTED
COMPUTER SECURITY TUTORIALS - START HERE IF YOU ARE A NOVICE
COMPUTER SECURITY RECOMMENDATIONS - WHAT TO DO
 Advisories, Microsoft | Advisory Sites / Databases | Advisories, Specific | Advisories by OS, Product, & Vendor | ActiveX | ADOBE | Adware Detectors | AJAX | Anomynity - be anonymous| Anti-Virus Checker Reviews| Apple Computers | Articles | Backdoors | Backups | BEGINNER'S GUIDES | BHO - Browser Helper Objects | Bluetooth Vulerabilities | Books - Security, Malware, Rootkits, Spyware, Trojans, Viruses,... | BOOT CDs / Floppies | BOOT LOGGING | BOTs / ZOMBIES | Browser Hijacking | Browser REDIRECTION | Browser - Surf more Safely | Browser Security | Browser Vulnerabilities | BUGS / Recalls / Scams / Warnings / Fraud| Business Data Security | Carbon Monoxide | CERT | Certificates | Check your PCs Vulnerabilites | Conferences & Conference Papers | COOKIES | Copy Protection | Cross-Scripting | Data Held for Ransom | DB, SQL,... Vulnerabilities | DO NOT CALL PHONE LIST | DOS / DNS Attacks | Downloads | Downloaders | DRM - Digital Rights Management | Electronic gadgets infected | EMAIL security | EMULATION (WINE,...) | ENCRYPTION | Encryption Flaws | ETHERNET / 802.11 (other - security topics not covered elsewhere) | EULA | EXCEL Attacks / Flaws | Fibre security problems | FILE RECOVERY / UNDELETE | File Systems - ALL | Firefox / Mozilla | FIREWALL Info | FIREWALLS, HARDWARE| FIREWALLS, LINUX | FIREWALL, SOFTWARE | Flaws / Vulnerabilities - Software | FREE Security Programs | FREE Virus Checkers | FREEZE YOUR CREDIT TO PREVENT THEFT | GLOSSARIES - Malware | GLOSSARIES | Google & Google Desktop | Government, Federal & Official Help | HACKERS, Anti | Hardening Linux | Hardware Diagnostics | Hardware, Protecting your | HDDs - ATA, EIDE, ESATA, IDE, SATA, SATA IO, SAS, SCSI, XSATA | HELP SITES (get help) | HOAXES | Home Computer Security Specifics | your HOME SECURITY | HOSTS file | I AM USING THESE PROGRAMS TO PROTECT MY COMPUTER | Identity Theft | IM - INSTANT MESSAGING | INTEL | INTERNET EXPLORER | Intrusion Detection Languages / CISL | Intrusion Prevention | IP Filters / Filtering | IP Address - Where is it Located and who owns it? | IP Management | IP Security Problems | iPOD | ISO IMAGES | ISO 17799 & ISO17799 | JAVA and J2EE Security | Javascript Hijacking | Keyjacking | Keylogging | Linux Firewalls | Linux ROOTKITS | Linux Security | Locked Files? - Delete? | LOG FILES - LINUX | MAC Address | MAC / OS X | Malware | Malware Alerts | Malware - How some Malware works | Malware - Remove Specific | Malware - Remove Unknown | MD5 | Messenger Service Spam | Microsoft - NON-Windows | Mobile | NAT | Network Security | NEWS Sources - Security | Online Malware Checkers | Open Office | Open Source anti-virus | Outlook / Outlook Express | PASSPORTS with RFID | Passwords - Tips & Encrypted | Patching | PDA Viruses | PDF Vulnerabilities | Pharming | Pharming, Drive by | Phaxing | Phishing | Phones - Cell, Wireless,... | Photograph SCAMS / Doctored | Popup STOPPERS | Port Knocking | Port Number Assignments | Programming Vulnerabilities | QuickTime | RECOMMENDATIONS for Securing your PC | RECOVERY / RESCUE DISK - WINDOWS | RECOVERY / RESCUE DISKS - LINUX | REFERENCES | RFID | REGISTRY - Windows File | REMOVING Specific Spyware/Malware | Road Runner Security Root-kits - Detect Them | Rootkits - LINUX | Root-kits in the News | SONY's use of Root-kits | SAFE MODE BOOTING | SCAMS | SECURE CONNECTIONS| SECURITY CHECKING | SECURITY PROBLEMS | SECURITY, REFERENCES | SECURITY, SOLUTIONS | Shopping Safely Online | SMiShing | SONY's USE OF ROOT-KITS | SPAM | Spear-Phishing | SPIM - SPAM In IM | Spoofing | SPYWARE | Storage Security | SYMBIAN | TERRORISM, anti | Thunderbird | TROJANS | Trojan Removal Tools | Unix Security | USB Security | VANDALS | Virtualization | VIRUS INFO - Complete | Vishing | VISTA | VML & Markup Languages | VOIP / IP Security | VULNERABILITIES | WAP | WEP | WEB BUGS | WEB / Internet Security | What Windows Programs Run at STARTUP / BOOT ? | What is that Windows Program running in the BACKGROUND? | White Papers | Windows free Security Updates from Microsoft | Windows Media Players Problems | WINDOWS UPDATING - How to | WIRELESS / Wi-Fi SECURITY | WORD / .DOC files | WORMS | WPA | WPA2 | x64_AMD (EM64T) (64Bit) Protection | XP Security | Zero-Day Attacks (Microsoft Office - Excel, Power-Point, Word) | ZOMBIES / BOTs | Zone Alarm - Free software FIREWALL | OTHER RESOURCES | OTHER INFORMATION |

ADOBE Security Issues

Adobe Fixes Flash Flaws Time To Update (Some Versions of) Acrobat Again Adobe Publishes Workaround For Acrobat Attack Adobe's Unintended Black Comedy Critical Flash Updates - Windows, Mac, Solaris, and Linux Adobe Reader 8.1 for XP (a security patch) was released Bugs Menace Adobe Photoshop

ActiveX (Microsoft's)

Symantec confirms ActiveX bugs in its own consumer software - 4/4/2008 CLICK HERE for more information about ActiveX NoScript - a free Mozilla Firefox Extension, blocks Cross-site Scripting (XSS) Month of ActiveX Bugs (MoAxB) - one a day in May, 2007

ADWARE / SPYWARE Detectors / Removers / Anti

Best Free Adware/Spyware/Scumware Removers - techsupportalert.com Ad-Aware Personal - downloadable free of charge Lavasoft's FREE Ad-Aware - USA Lavasoft's FREE Ad-Aware - finds/deletes spyware (my favorite) also removes Cookies REMEMBER TO OCCASIONALLY CHECK FOR UPDATES TO Ad-Aware NOTE: Support for Ad-Aware 6 has EXPIRED 10/30/04 - Download the new/free AdAware SE Ver 1.06r1 NOTE: AdAware Plus, $27, works in Real-time and Blocks installation of Spyware
AdWare GLOSSERY
Another AdWare detector contender (RUN BOTH): HOME OF SPYBOT REMEMBER TO OCCASIONALLY CHECK FOR UPDATES TO SPYBOT Update to Spybot Search & Destroy Version 1.4 (or later). Info on Spybot Search & Destroy 1.3 also removes Cookies I also occasionally use the free CWShredder - a CoolWebSearch Trojan Remover. Version 2.19 is available. If all else fails, purchase Spy Sweeper, $30/yr. Version 5.5.7 (build 124), has been released. I am also using, purchased SpyWare Doctor - $30 They offer a free scan, but charge the $30/yr if you want to remove the pests. In my personal opinion, I prefer Spy Sweeper. NEVER download a spyware program without investigating it first (see below). Many free/for sale spyware detection programs cause you problems. 2007 Anti-Spyware Software Review 2007 Review of Webroot's Spy Sweeper 2007 Review of Spyware Doctor Today's Top Spyware & Security Stories - PC World Adware and Spyware: Unraveling the Costs - PDF - White Paper by McAfee PC Magazine picks Web Root's Spy Sweeper 5.0 - 9/25/2006 PC Magazine picks Spyware Doctor 4.0, as a close second choice PCworld picks Web Root's Spyware Sweeper 4.0 - Sept 2005 Microsoft's free Anti-Spyware program Beyond Ad-aware: Block Spyware and Other Pests Review: Enterprise Spyware Detectors - Sept. 16, 2005 The Many Faces of Spyware Tutorials -> Spyware/Hijacker/Malware Removal - bleepingcomputer Spyware Dictionary ASAP - Alliance of Security Analysis Professionals. Check on your Spyware program here SpyWare Guide (PC World) See What's Running on Your PC, Kill Background Programs - PCWorld WARNING - LOTS OF ANTI-SPYWARE PROGRAMS ACTUALLY INSTALL SPYWARE SpyWare Programs - Comparisons Eric Howes' Privacy & Security Page Benjamin Edelman C/NET's Spyware Software Download Center Spyware Info dot com The Definitive Spyware, Adware, Pop-Ups, and Malware Removal Guide MAJOR GEEKS SPYWARE DOWNLOAD PAGE Intermute - Internet security and content filtering solutions - owns CWShredder Privacy Watch: Gain Extra Protection With Adware Scanner Secrets Remove Trash Apps (really insistant AdWare) - a manual method for so doing Tools to ward off SpyWare ZoneAlarm Tips
CEXX Org - seems to be an anti-AdWare site
Spyware and Adware are files made by publishers that allow them to snoop on your browsing activity, see what you purchase and send you "pop-up" ads. They can slow down your PC, cause it to crash, and worse. If you are like most Internet users, chances are you are probably infected with these files. Simply surfing the Internet, reading email, downloading music or other files can infect your PC without you knowing it. Study: Tools Let Spyware Slip Through Cracks Poor (Spyware) Defenders - PCWorld 12/2004 Spyware Wrap-Up - PCWorld - 11/03/2004 GMail Vulnerable To Contact List Hijacking - Slashdot More Spyware Prevention and Removal - PCWorld 10/27/2004 More on Fighting Spyware Is Distributing Spyware a Crime? - PCWorld 10/11/2004 Spyware Primer - PCWorld - 10/13/2004 Kill Spyware by Hand

Free online scan for Spyware of your PC

Free Online PestScan - Zonelabs

AJAX Problems

AJAX - Emerging Security Threat #1 - Jim Raposa Ajax worm can hijack Web sites browser hijacking - JavaScript CLICK HERE for more information about AJAX

Anomynity - Remain Anonymous

SYMPA (Send_Your_Mail_Privately_&_Anonymously) - eRightSoft.com - freeware Proxy Lists/Info Anonymity Apps: Surf in Secret - PCmagazine Nov 30, 2004 Anonymizer, Inc. American Expressed offered some such service starting 9/2000 - I don't know if they still do.

Articles about security

to break into a computer's encrypted hard drive? Just freeze the machine's memory chip computer virus recently discovered on digital photo frame RINBOT - New computer virus attacks business networks Ten Free Must-Have Security Tools Firefox 2.0.0.14 is out Spyware Horror Story: Toxic Wine - A WINE Virus effecting Linux systems Symantec confirms ActiveX bugs in its own consumer software - 4/4/2008 Targeted Trojan: A New Online Threat to Business - PDF a brand new infected webpage discovered every 14 seconds Stripping Away Malware's Armor Blacklists Rendered Useless as Hackers Leap Ahead 2008 Internet Security Trends Report Addressing the Superuser Threat: Securing Access to Server Operating Systems Major Linux security Hole Found VALENTINE's DAY (2/14/2008) STORM WORM COMING Security design: Why UAC will not work - It's security's dirty little secret: Not having your users logged in as root or administrator will not stop malware Webroot's Spy Sweeper version 5.5.7 (build 124) has been released (update site) Smart Ways to Use Mozilla Firefox free AVG Anti-Root All Privacy & Security Downloads - PC World CES: SentrySafe's Water- and Fireproof Backup Drive guerrillamail - disposable e-mail addresses which expire after 15 MinutesJudge Rules Defendant Can't Be Forced To Divulge PGP Passphrase Security Flaw In HP Notebook Software Can you trust Facebook's registration process? Brand New, Infected Hard Drives RSA Monthly Online Fraud Report FTC Stops Explicit Popups (Windows) ProcessLibrary Upgrade Makes Troubleshooting Easier - What is that running Process? Samba Domains Vulnerable Identity theft at the gas station - how to avoid - video new malware attack using a fake YouTube mailing as the lure Zone Alarm Pro Version 7.0.462.000 has been released Thunderbird 2.0.0.14 is out AJAX - Jim Rapoza's 10 Emerging Security Threats #1 Google APPs - Emerging Security Threat #2 - Jim Raposa Mobile devices & Applications - Emerging Security Threat #3 - Jim Raposa RFID - Emerging Security Threat #4 - Jim Raposa Rich Internet Applications - Emerging Security Threat #5 - Jim Raposa RSS - Emerging Security Threat #6 - Jim Raposa Social Networks - Emerging Security Threat #7 - Jim Raposa Virtual Worlds - Emerging Security Threat #8 - Jim Raposa Virtualization - Emerging Security Threat #9 - Jim Raposa VOIP - Emerging Security Threat #10 - Jim Raposa Macrovision Driver Bug In Windows Hacked Web Site vulnerabilities often restricted to users of search engines Security Suite Smackdown 2008 Urgent Update For RealPlayer Users Russian Business Network - new record: Over 100 malware implementations on a single system - PCMag PCmagazine: Beware of Domain Name Scams in US Mail Exploit Wednesday Remote Desktop Command Fixation Attacks Security Researcher Finds Flaw in Windows Media Player Critical vulnerability found in Ask.com toolbar Skype Worm Attacks Security Software Storm Worm and the NFL Hacked .gov Sites Gone Phishing: The New Battlefront of E-mail Attacks Spot Cyber Criminals & Fight Identity Theft: A Guide by IBM Insecure Security Products Yahoo! has patched a serious vulnerability in their Messenger program Storm Worm Attacks Take On New Disguises - 8/23/2007 Symantec Launches Norton AntiBot as Public Beta the electronic trail briefly left in a computer server's RAM, by each visitor must be turned over as evidence during litigation Firefox 3.0 to Include 'Get Me Outta Here' Malware Protection 5 security risks of smartphones: How to fight back - Palm Firewalls Keep the Heat Out of Your Network - CDW Thieves Steal Herman Munster's Identity The Kaspersky Malware Awards Phishing - Where it's .at Anti-Phishing APIs The Top 5 Wireless Security Risks: Are You Safe? View all Security White Papers & Resources - Webbuyersguide.com SEX.COM and the Early Days of Internet Crime Is the WildList Still Relevant? Security Research Rootkit Rumble News Analysis: Security Appliance Vendors Blasé About CSRF Flaws BitDefender's top malware chart for May 2007 OS X Still Open to Samba Vulnerabilities Java Vulnerability Found and Patched McAfee Reports Drop in Malicious Web Search Results 6 Requirements of PCI Compliance: Are You Compliant? Don't underestimate these 6 wireless security risks More 'VV' domains were registered recently. Beware of them. Kaspersky 7.0 Announced, Reviewed Today - August 2007 MessageLabs Reports Encrypted PDF Spam Increasing Drug Spammer Gets 30 Years Monitoring Application Health is No Longer Enough - White Paper by Knoa Software Protect Yourself from the Menace of Viruses & Spam - White Paper by MessageLabs Symantec is reporting W32.Deletemusic, a worm that deletes all MP3 files on your system IBM's ISS group has announced the end of life and end of support for BlackICE PC Protection, formerly known as BlackICE Defender Mozilla Revokes Patch Pledge The Most Poisonous Bugs Firefox Vulnerable Through Old QuickTime Bug Digitally-Signed Malware Defendants Convicted in 1st Criminal CAN-SPAM Trial Peer-to-Peer Predator Pinched vulnerable 3rd party applications on your system - Secunia Software Inspector latest Storm Worm variant uses a Labor Day card Sony pleads innocent in latest rootkit fiasco Phishers Play Top 40 AT&T Introduces Pay-For-Play Parental Controls for Cell Phones Pentagon: Chinese military hacked us China Rejects U.S. Charge It Hacked Pentagon E-voting predicament: Not-so-secret ballots Windows Patch Caused Crash, Skype Says U.S. Government Threatens Retaliation Against States who Reject REAL ID Would You Like A Job With That Virus? Scammers are using online property forums to mine for information about potential customers and them offer them phony properties Firefox EV Plug-In Only Supports VeriSign Certificates Just Say "No Thank You" to Data Disclosure Windows Messenger users can't send messages containing certain strings including '.info'. Pump and Dump Excel (.XLS) Scams LinkedIn Vulnerability Exposes Users iPhone Vulnerability Announced Microsoft: No Flaw In IE, says it's Mozilla's fault Your Password or Your Life - Top Gamer kidnapped Microsoft limits search data retention, to a point Symantec Bats Botnets with New Tool Fox News server found unsecured What Are All Those .DAT Attachments? Fraudsters Use Charities To Prep Stolen Credit Cards For Sale New OneCare Open Beta version 2.0 Phishing.gov? enVivo!CMS Vulnerability Mpack installs ultra-invisible Trojan Intuit Data File Encryption Crack (Backdoor) Discovered Critical Update for Intel Core CPUs - June 27, 2007 MySpace Flux Malware A trojan horse is cleverly disguised as a Hallmark e-card Red Cross Scam Targets Military Families Fake Adobe Shockwave Player download page - delievers a Trojan Apple Shuts Down IPv6 Security Hole MPack Trojan Attack Claims 10,000 Web Sites - 6/18/2007 FBI's Operation Bot Roast More Phishers and Spammers In The Clink Vulerabilities found in Apple's beta version of it's Windows Safari Browser OpenDNS Adds Adult Site Blocking Thunderbird 2.0.0.14 is out Symantec, McAfee, and Computer Associates have all fixed serious flaws in their software New tool from Microsoft helps to prevent new Office attacks IRS Seeks to Squeeze Auction Sites for Customer Info ANI Trojan Sticks It to Tom's Hardware - patch was available The Sober Worm Resurgence - 5/2/2007 The Kaspersky Top 20 for April 2007 Month of ActiveX Bugs (MoAxB) - one a day in May, 2007 Top 10 Internet Crimes An anti-spyware bill and slicker Javascript attacks are in the news 12 Ways to Be A Security Idiot - 12 Slides Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw Make your computer HEAVY and risk of it being stolen is greatly reduced. Kaspersky Vulnerabilities WEP can now be cracked in less than ONE MINUTE Reverse code engineering More Cisco Flaws - 4/7/2007 Be very careful about opening ".HTA" (Hypertext-Application) Files: McAfee Malware Trends - 1Q2007 New Sysinternals tools from Microsoft Kill Spyware by Hand Gozi Trojan leads to Russian data hoard - Log-in, account information of thousands compromised Microsoft Windows Live OneCare Woes Microsoft Investigates IE 7 Vulnerability Over 50% of infections detected in February were spyware and ... - HNS Can a Rootkit Be Certified for Vista? Does you computer make strange sounds at unpredictable times? - It maybe AOL Instant Mess anger 6 Microsoft's OneCare Finishes Last in Anti-virus Tests What's Bugging eBay? Viruses Attacking USB Devices CERT - Home Network Security Information CERT - Home Computer Security L4m3 Attack Blocking Sites that send you ads CBC News Indepth: Computer security - How safe is your computer? Researchers say they peeled The Onion Router The Encyclopedia of Computer Security History of Computer Security weakest link in the security chain: executives who work at home JAVA - Infected GIF files can take control of your computer These JAVA versions contain fixes for this vulernability. Older JAVA versions HAVE the vulernability. Sun Java 2 Runtime Environment 1.3.1_19 Sun Java 2 Runtime Environment 1.4.2_13 Sun Java 2 Runtime Environment 5.0.Update 10 Sun Java 2 Standard Edition SDK 1.3.1_19 Sun Java 2 Standard Edition SDK 1.4.2_13 More details on the above JAVA vulnerability VML vulernability - MS fix is out - can be infected just by viewing a Web page In An Instant, Retirement Savings Vanish Vista Aims to Stop Hackers' Social Engineering Ploys Acer Preloaded Vulnerability - 1/16/2007 Exploit Released for Critical PC Hijack Flaw that Microsoft thought it had just fixed Opera users need to update to version 9.10 in order to eliminate two threats. Media, Tech Firms Probe Possible High-Def DVD Hack The First Vista Vulnerability A Trojan is in some (electronic) New Year's greeting Cards QuickBooks users regularly endanger themselves Don't Get Sucked Into Someone's Criminal Schemes DEP/NX has been included in CPUs for years to prevent malware attacks, but turned OFF Gift Card Fraud Rumors and Reality IE 7 Cautionary Tale MySpace worm uses QuickTime for exploit Cracking the BlackBerry with a $100 Key EveryDNS, OpenDNS Under Botnet DDoS Attack See GIFT CARD FRAUD WARNING IBM to offer a free anti-spam program Are Remote Users Accessing Your VPN without a Firewall? - White Paper by Trend Micro Critical Firefox & IE hole allows password theft Exploit Code Published for Apple OS X Glitch Apple: Beware of Rigged QuickTime Movies - Upgrade to QuickTime 7.1.3 About the security content of QuickTime 7.1.3 Keep Your Secrets: A Safe, Easy Way to Encrypt Files Patch those (under attack) wireless drivers WinZip Vulnerability Apple has released an update to the firmware for their Intel-based Macs, DRM hacker has cracked Apple's iPod protection A critical flaw in the Broadcom wireless driver embedded in computers Phishers Cast a Mobile Net (via cell phones) Installing McAfee products with IE 7 may create problems Windows Server 2003, Longhorn Server & Vista Security Articles ActiveX Flaw Identified - 11/6/2006 Month of Kernel Bugs Microsoft Warns of PowerPoint Attack Phishing Clusters Fake Codecs - Jargon Watch Top Phish - Citicorp Bank Account Phish Spam Trojan Installs Own Anti-Virus Scanner Black Hat Security Conference Archives Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole Crime Rings Target IE 'SetSlice' Flaw; ZProtector Released - fix due 10/10/2006 Learn about Vista's changes to user security runtime fix for the (above) vulnerability. It patches the vulnerable code in memory, without modifying any files on disk. Firefox Still Tops IE for Browser Security HOW TO UPDATE WINDOWS Security Watch: VML Bug Imperils IE Users Defective By Design Org is protesting Apple's DRM strategies Security Watch: Security Tips Galore Apple Ships Patch for MacBook Wi-Fi Hack Security Tip: Buy Password-Cracking Software Passware sells a large collection of programs for cracking passwords Beware of Rogue Antispyware and Anti-popup Products Hacker Discovers Adobe PDF Back Doors - 9/15/2006 Malware Money Tough to Trace Record number of phishing sites seen for July Another IE Hole - 9/5/2006 CA eTrust Antivirus [was erroneously] flagging Windows 2003 Server's lsass.exe infected how to compromise your server through the robots.txt file Top 8 Threats Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Windows Bug - MS06-040 Looks like Cisco's firewall is vulnerable to yet another attack Who is causing trouble on the Internet - DShield's 10 most wanted Phishers try to best banks' authentication Top 10 Spyware Threats - Webroot Top 100 Security Tools Download Free SVG Viewer 3.03 (security updates) Sony BMG is using SunnComm's MediaMax DRM on some new CDs: CDs Containing SunnComm MediaMax Version 5 Content Protection Software Two DNS servers hit by denial-of-service attacks Symantec antivirus security bug Windows - a Corrupted Font can cause a PC security breach Windows Small Business Accounting 2006 crashing on you? Microsoft Outlook 2000, XP or 2003 vulnerability The people at the Mobile Antivirus Researchers Association (MARA) are reporting that they have discovered the first PC to Handheld crossover malware written in C#. CME provides single, common identifiers to new virus threats to reduce confusion AJAX Poses Security, Performance Risks Virtual Machine Rootkits: They Live! Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes 'Mr. & Mrs. Smith' DVD Ships with Rootkit-like DRM Harder-to-Detect Oracle Rootkit on the Way Caught by a Phish Adobe Fixes Shockwave Code Execution Flaw - February 24, 2006 Who Tests the (software) Code Testers? ActiveState Returns to Open-Source Roots Adobe Patches Photoshop, Illustrator Flaws Gartner Disses Oracle Security Oracle Opens the Book on Its Recipe for 'Unbreakable' Code Find out how pharming attacks hijack Internet domains - view the video Big Hole in Symantec SMS Product Cookie Holes Expose Browsers more than 1 billion suspicious computer security events recorded in 2005 'High Risk' Flaw in Symantec AntiVirus Library Security Patch Watch: Sun Java, Symantec, Cisco Trend Micro: RSS Is Worm Bot's Next Target Security Vendors Clueless Over Rootkit Invasion News Analysis: Ca Sony's 'Rootkit' Is on 500,000 Systems, Expert Says XML-RPC Threatens Linux, Unix Systems Internet Security issue - eWeek Check if your PC is vulnerable to IE's Javascript problem Linux/BSD still exposed to WMF exploit through WINE! Hackers Exploiting Zero Day Windows Flaw Microsoft has released an advisory, suggesting IT administrators and users set the email client to read only text, and disable Windows picture and fax viewer. Patch HAS been released - 1/06/2006 Trojan, Exploit-WMF, delivers unwanted gift to Windows PCs Santa delivers more Christmas malware - The Trojan horse "MerryX.A" - 12/2005 SecurityFocus is designed to facilitate discussion on computer security OpenSSH cutting edge Demystifying Denial-Of-Service attacks, part one Tracked by cellphone Microsoft December 2005 patch release to include one critical update Sony fixes security hole in CDs, again - 12/8/2005 Survey: Most home PC users lack security WORM Attacks New Worm Targets Linux Web Service Holes Linux: Secure as You Want It to Be Windows bug allows repeat invasions - effects XP w/SP2 & Windows Server 2003 - Windows Firewall Update makes invisable entries visable in Windows Firewall Red Hat, IBM help form company to buy Linux patents New Worm Targets Linux Web Service Holes - 11/2005 Network Appliance Data ONTAP iSCSI Security Controls Can Be Bypassed Microsoft Patch (Microsoft Security Bulletin MS05-051) Problematic for Some, Security Firm Says Microsoft has re-issued Windows 2000 SP4 Update Rollup, due to problems Adobe Fixes Flaws - Acrobat and Adobe Reader plug-in buffer overflow Microsoft Exec Warns of 'Fake' XP SP3 Update - Windows XP Service Pack 3 Microsoft Bolsters Video Content Security in Vista Windows XP SP3 to ship when Vista ships Most Monitors Won't Play New HD Video & you have to upgrade to Windows Vista Read & follow PCworld's 10-step PC Security suggestions Detecting and Attacking Bluetooth-Enabled Cellphones at the Hannover Fairground existing Bluetooth hole has been opened wide - Security watch 6/6/6/05 Drive-By Download Sites Chauffeur Spyware Consider using NOD32 Anti-Virus & Anti-Spyware Software browser security-check Web sites Liberty Alliance takes on ID theft Cracking WEP in 10 minutes Spyware solutions: Technology and leadership Update Your Internet Security Arsenal Head Off Spyware, Viruses and Malware Five Linux Security Myths You Can Live Without

Advisory / Alert Sites & Databases

Technical Cyber Security Alerts - US-CERT Internet Storm Center - SANS dot ORG Vernerabilities - listed by Secunia.com Advisories Listed by PRODUCT Advisories Listed by VENDOR eEye Digital Security Latest Viruses, Worms, Trojans, Spyware, and Malware Versign iDEFENSE Publications spywareguide

Advisories, Microsoft

Security Loophole Found In Windows 2000 Operating System - 11/12/2008 Microsoft Gearing Up To Patch ShellExecute Microsoft Releases Nine Security Updates for Windows, Office - 8/14/2007 Office 2007 Vulnerability - the first one found ActiveX Flaw Identified - 11/6/2006 Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Windows Bug - MS06-040 Microsoft Advisories, Listings Sign up for Microsoft Advisories Internet Storm Center - SANS dot ORG Microsoft Security Home Page

Advisories by OS, Product, & Vendor

Advisories Listed by PRODUCT Advisories Listed by VENDOR

Advisories / Exploits, Specific

Valentine's Day (2/14/2008) Storm Worm is fast approching Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw Excel Update Problem Exploit Released for Critical PC Hijack Flaw that Microsoft thought it had just fixed The First Vista Vulnerability Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Windows Bug - MS06-040 Microsoft Windows Hyperlink Object Library Buffer Overflow - 06/2006 Lavasoft Personal Firewall Privilege Escalation Vulnerability - 07/18/2006 Ubuntu has issued an update for the kernel. This fixes a vulnerability - 07/18/2006 Red Hat update for libwmf - 07/18/2006 Red Hat update for GnuPG - 07/18/2006 Red Hat update for freetype - 07/18/2006 Microsoft PowerPoint Memory Corruption Vulnerability - 07/18/2006 rPath update for kernel - 07/18/2006

BACKDOORS

Backdoor - Wikipedia, the free encyclopedia SCROLL DOWN TO FIND BACKDOOR INFO - Computer tutorials - Trojans, spybots, backdoors - How to protect ... F-Secure Virus Descriptions : Backdoor System Backdoors Explained Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment PROGRAMMING BACKDOORS Placing Backdoors into a UNIX computer Computer Security 101: Lesson 6: viruses, worms, trojan horses hidden backdoors into most computer systems Remove Backdoors removal instructions Windows Backdoors: Greatest Security Breach Ever? Home Computer Security Virus, worms, trojans and backdoors Viruses, Worms, Trojan horses, Phishing and Anti-virus Software The Enemy Within: Firewalls and Backdoors

BEGINNER's / NOVICE / IMPROVING COMPUTER SECURITY GUIDES

Howtos, Guides, Information, Advice, Help, Newbies,...

COMPUTER SECURITY RECOMMENDATIONS Beginner's guide: How safe is your computer? - CBCnews Kevins Mitcnicks Security Advice - in blogspot - SCROLL down TO "mitcnicks" Computer Security, Firewalls, Viruses and Worms - Don Pedro Malware, Spyware, Adware Or Trojan - What's the Fuss? Computer "Malware": Worms, Trojans, Back Doors and Viruses Defining Malware: FAQ - Microsoft The Complete Layman's Guide to Cyber Safety History of Computer Security Computer insecurity - Wikipedia, the free encyclopedia Computer Security Index - faqa.org Computer Security Group - cl.cam.ac.uk Computer Security - pelttech.com IT Security - itsecurity.com Computer Security Threats - Chart of Characteristics - CACI HNS - Malware of the week: Piggi.B worm, ReverseClick.A trojan and ... Computer Security - ISTL ORG Computer Security for Students - Jmaes Madison University

BHOs - Browser Helper Objects

A BHO is a small program that extends Microsoft's Internet Explorer. Examples of BHO usage include visible add-on toolbars in IE, but can also be hidden functions. Adware and spyware as well as browser hijackers often use BHOs to display ads or follow your moves across the internet, because a BHO has access to each URL you visit and can redirect you or display other pages than you requested (sites that infect your PC with Malware or ads, for example). BHOs often use ActiveX installation programs. PERSONALLY, I BLOCK Active-X from running from non-trusted sites. I am running PCWorld's free BHOdemon2 Version: 2.0.0.22, which notifies me when BHOs try to install (I can block the installation). I can also block installed BHOs from running. Advatrix, the Browser Hell Object

Bluetooth Vulerabilities

PC World says: Disable "open" Bluetooth on your phone or PDA. Bluebugging - stealing mobile phone commands Bluejacking - sending unsolicited text messages Bluesniping - using a laptop and powerful antenna to attack from a distance Bluesnarfing - stealing information War-nibbling: driving around looking for Bluetooth signals to attack iPhone's Bluetooth Bug Under Hackers' Microscope Securing Bluetooth Devices Detecting and Attacking Bluetooth-Enabled Cellphones at the Hannover Fairground existing Bluetooth hole has been opened wide - Security watch 6/6/6/05 Bluetooth - Information about Bluebugging - stealing mobile phone commands Bluejacking - sending unsolicited text messages Bluesniping - using a laptop and powerful antenna to attack from a distance Bluesnarfing - stealing information War-nibbling - driving around looking for Bluetooth signals to attack CLICK HERE for more information about BLUETOOTH

BROWSER HIJACKING

Has Your Browser Been Hijacked? Browser Hijack Blaster (free) - Stop Web sites from changing your home page without your permission. AdFree v3.1 - replaces animated banner ads with a dummy - free AdAware Plus, $27, also blocks hijacking

BROWSER REDIRECTION (mis-direction

More Malware Redirects In Searches

BROWSER SECURITY

Browser Compatibility Tutorial IE attack then launches malicious Firefox attack - IE and Firefox Join In to Attack You Vulerabilities found in Apple's beta version of it's Windows Safari Browser Mozilla to Disable ANI Exploits' Path of Entry - 4/5/2007 Best Free Browser Protection Utilities - techsupportalert.com Scanit - browser security-check Web site Qualys - browser security-check Web site Play It Safe With the Right Browser Security Settings The Internet - Basics Safe Browsing Email Minimum Maintenance Browser Info & Updates - CNet

BROWERS - SURFING MORE SAFELY

Plugins/software to warn you of dangerous web sites. SiteAdvisor - McAfee - recommended by PCworld Scandoo (public beta) - toolbar - recommended by PCworld Mozilla fixes 9 Firefox Vulnerabilities, recently Note, as others have reported, that at least one reported bug in Firefox is unaddressed by these updates Firefox Still Tops IE for Browser Security

BROWSER VULERABILITIES

Click-to-Call Bug Found in iPhones, and probably are in other phone Browsers IE attack then launches malicious Firefox attack - IE and Firefox Join In to Attack You Firebug was discovered to have a vulnerability - update to version 1.04 FireFox users really need to install the Microsft ANI (Animated Cursor) Patch, issued 4/3/2007 - Security Bulletin MS07-017 More IE & Firefox Vulernabilities Bugs were disclosed for Firefox, IE, and even Opera, last week The Adobe Reader vulnerability also effects Browser plug-ins for IE and Firefox Opera users need to update to version 9.10 in order to eliminate two threats. vulnerability in Web-hosted PDF files revealed Adobe Reader 8 is not vulnerable to this problem. I just noticed that Adobe Reader 8 is available

BUSINESS DATA SECURITY

Protecting Personal Information: A Guide for Business - FTC

CERT

CERT - Home Computer Security CERT - Home Network Security Information Technical Cyber Security Alerts - US-CERT CERT - Computer Emergency Response Team - Carnegie Mellon US-CERT Vulnerability Notes Database

CERTIFICATES

Firefox EV Plug-In Only Supports VeriSign Certificates

CONFERENCES & CONFERENCE PAPERS

ACM Conference on Computer and Communications Security (CCS) - next: October 29 - November 2, 2007 Solutions to Real Security Problems - acsac.org - next: December 10-14th, 2007 Black Hat Security Conference Archives

COOKIES - COOKIE INFO

New Norton 360 (2008) Gets Tough With Tracking Cookies Cookie Central Both Ad-Aware & Spybot remove cookies Cookies, Internet - CIAC Unofficial Cookie FAQ Information About Cookies on Microsoft.com What is cookie? - A Word Definition From the Webopedia Computer HTTP cookie - Wikipedia, the free encyclopedia Howstuffworks "How Internet Cookies Work" Internet Cookies How to Enable Cookies Client Side State - HTTP Cookies - The original cookies specification HTTP Specifications and Drafts - Cookies Time for a new (HTTP) Cookie recipe? - Implementer's notes HTTP-wg Archive: errata for cookie spec O'Reilly Network -- Cookie Specification Vulnerabilities Bug ID: 4391956 Cookie: API should enforce Cookie spec when ... PROBLEMS WITH SPECIFIC COOKIES: Gmail cookie vulnerability exposes user's privacy CLICK HERE for more information about COOKIES

CROSS-SITE SCRIPTING (XSS)

NoScript, version 1.6.4, a free Mozilla Firefox Extension, blocks Cross-site Scripting (XSS). Cross-site scripting - Wikipedia CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client ... Cross Site Scripting (XSS) questions and answers NoScript - version 1.6.4, a free FireFox Extension that blocks Cross-Site Scripting JavaScript - Cross window scripting A cross-site scripting vulnerability - Whitepapers - www.technicalinfo.net Microsoft Security: Cross-Site Scripting Security Vulnerability Anti-Cross Site Scripting - MSDN (Microsoft) Cross Site Scripting Info - apache.org Cross-site scripting - IBM perl.com: Preventing Cross-site Scripting Attacks Cross Site Scripting - OWASP Cross-Site Scripting Worm Hits MySpace Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability Ajaxian » Ajax Cross Domain Script Cross site scripting / XSS - How to find & fix it with a web scanner WebEvent "cmd" Cross-Site Scripting Vulnerability - Advisories ... Mitigating Cross-site Scripting With HTTP-only Cookies [Cross-site Scripting] Threat Classification - Web Application ... Adobe - Cross-site scripting vulnerability in versions 7.0.8 and ... DOM Based Cross Site Scripting or XSS of the Third Kind] Web ... Download details: Anti-Cross Site Scripting Library V1.5 - Microsoft Top 10 2007-Cross Site Scripting - OWASP How to prevent cross-site scripting security issues Amazon.com: XSS Exploits: Cross Site Scripting Attacks and Defense ... Cross Site Scripting Scanner – XSS Security Audit - 42% were found to be vulnerable SA-2007-026 - Drupal Core - Cross site scripting via uploads ... Kallahar's Place: PHP XSS (cross site scripting) filter function Advanced Cross Site Scripting by Gavin Zuchlinski http://libox.net The Anatomy of Cross Site Scripting - PDF Cross Site Scripting Vulnerabilities Cross Browser Scripting Demo (with remote command execution) Cross-site scripting the top security risk - Network World

Data Held for Ransom

Strange as it sounds, one of the newer dangers is software that Encrypts your data, and then demands that you pay a ransom to get access to your data. This technique targets Windows users. Cryzip is an early example of such a program. Cryzip locates 44 different file types, zips them into an encrypted zip file, deletes the original files, and then presents you with a ransom demand. Sometimes you can recover most of your files with an undelete program. Some free File Undelete programs are here, at PC World. Other Free File UNDELETE Software PC World recommends that you do not pay the ransom, nor go to any specified links. Instead, make a police report, using an uninfected computer, search the Internet for the text in the ransom "note". Kaspersky calls it Zippo and Panda Labs calls it ZippoCryptor. The latest Trojan to hold people's data hostage apparently has a flaw. The password for all systems is the same and is stored in plaintext on the victim's system, according to LURHQ. The password is C:\Program Files\Microsoft Visual Studio\VC98. New Trojan is Holding Data Ransom Data Ransom Attempt Shows Need for Vulnerability Management

DB, SQL,... Vulnerabilities

Is SQL Injection Still a Major Security Threat?

DOS - Denial Of Service

denial-of-service attack - Nationmanster Denial of Service Attacks - CERT Denial-of-service attack - wikipedia DOS Extortion Fading

DOWNLOADS

All Privacy & Security Downloads - PC World

DOWNLOADERS

Downloaders are simple Malware programs used to download dangerous programs that try to steal your identity, passwords, money, and everything else that they consider useful to them. Dealing With Downloaders Downloader after downloader

ELECTRONIC GADGEST ARE OFTEN INFECTED

Electronic Gadgets Often Full of Computer Viruses computer virus recently discovered on digital photo frame

Email

guerrillamail - disposable e-mail addresses which expire after 15 Minutes

EMULATION (WINE on Linux,...

Spyware Horror Story: Toxic Wine - A WINE Virus effecting Linux systems Linux/BSD still exposed to WMF exploit through WINE!

ENCRYPTION (Click here)

ENCRYPTION FLAWS

to break into a computer's encrypted hard drive? Just freeze the machine's memory chip Intuit Data File Encryption Crack (Backdoor) Discovered

ETHERNET / 802.11 SECURITY - subjects not covereed elsewhere

The Unofficial 802.11 Security Web Page CLICK HERE for more information about ETHERNET

EULA -

EULAs - End User License Agreement. Click here for more information about EULAs EULAnalyzer - checks EULAs for bad agreements

EXCEL ATTACKS

Pump-and-dump scammers turn to Excel Microsoft Posts Excel 'Zero-Day' Flaw Workarounds

FIBRE OPTICS SECURITY PROBLEMS

Fiber-optic networks can be eavesdropped on using equipment costing as little as $1,000

Firefox / Mozilla

NoScript Version 1.6.4 - for Firefox - YOU NEED THIS PROTECTION Smart Ways to Use Mozilla Firefox Firefox 3 Beta 1 Is Out Firefox 3 Beta Boosts Usability, Security Firefox 3 Alpha Blocks Malware, Secures Plug-in Updates Firefox EV Plug-In Only Supports VeriSign Certificates Password vulnerability in Firefox 2.0.0.5 Microsoft: No Flaw In IE, says it's Mozilla's fault

FIREWALLS

I strongly recommend BOTH a Hardware Firewall and a Software Firewall (free ZoneAlarm works very well). ZoneAlarm (and other such software) can prevent those spyware and keylogger programs from "calling home" with your personal information. I am using ZoneAlarm Pro, version 7.0.462.000. Best Free Firewalls - techsupportalert.com What is firewall? - Webopedia How Firewalls Work - howstuffworks Understanding Windows Firewall in Windows XP Service Pack 2 - Microsoft Why you should use a computer firewall Firewall FAQ Firewall Q&A Programmatically controlling a UPnP Firewall - Knox North 2008 Firewall Software Report - toptenreviews.com Free Software Firewalls Differences and Features of Hardware & Software Firewalls Firewall Debate: Hardware vs. Software Hardware Firewalls vs. Software Firewalls Firewalls: Hardware and Software - AntiOnline (5/2004) Is the Windows XP firewall enough? What does a router (hardware) do? Internet firewalls: Frequently asked questions What You Should Know About Firewalls - PCWorld Home PC Firewall Guide Firewalls and Internet Security Firewall Reference Books The Windows (DOS) command: netstat -an will list all your open ports SEE Also: IP FILTERING SEE ALSO: What To Do

FIREWALLS, HARDWARE

These can be purchased as standalone "appliances", but people usually buy them bundled with Cable/DSL Routers. I and most security experts believe that even home users need both a Hardware Firewall and a Software Firewall. For people who know aobut firewalls, you can share your firewall intrusion logs with "DShield" a company dedicated to fighting intrusions. DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service. If you use a firewall, please consider submitting your logs to the DShield database. You may either download one of DShield's ready to go client programs, or use their Web Interface to manually submit your firewall logs. Registration is encouraged, but is not required. DShield - Home Page DShield reports and database summaries DShield - A community approach to intrusion detection Firewalls: Hardware Do You Know — Hardware Firewalls Hardware Firewalls - cybercoyote LeakTest - Hardware Firewalls/NAT Routers Hardware Tips: Keep Your PC Hidden From the Bad Guys - PCWorld What Hardware Firewalls Does ScamBusters Recommend?

FIREWALLS, SOFTWARE

ZoneAlarm - Free and Professional - my favorite Comodo Firewall Pro - a good one COMODO FIREWALL PRO VERSION (3.0) IS AWARDED HIGHEST 5-STAR RATING FROM CNET's DOWNLOAD.COM Comodo Firewall Pro 3.0 - Review - PC MAGAZINE SmoothWall Express - smoothwall dot org Use SHIELDS UP (grc.com) to see if your Firewall works - Highly rated Software Firewalls - Norton Internet Security Software Firewalls Software Firewalls versus Wormhole Tunnels Software Firewalls: Made of Straw? Part 1 of 2 SEE ALSO - LINUX FIREWALLS See also: IP Info See also: IP Addressing See also: IP Masquerade See also: Linux IP Masquerade See also: IP ROUTING - START HERE and go down the page See also: IP Sub-Netting See also: IP Filters/Filtering, Port Forwarding & IP Firewall Administration See also: IP Management See also: IP Multitask

FLAWS / VULNERABILITIES / CVE - Software

National Vulnerability Database (NVD) - NIST - includes US CERT, CVE US-CERT Vulnerability Notes Database CVE - Common Vulnerabilities and Exposures Open Source Vulnerability Database - OSVDB Acticle about the above NIST Vulnerability Database OVAL - Mitre Standard Eases Vulnerability Research SPEFIC FLAWS: Gmail cookie vulnerability exposes user's privacy VML vulernability - MS fix is out - can be infected just by viewing a Web page - JAN 2007 Acer Preloaded Vulnerability - 1/16/2007

FREE SECURITY PROGRAMS

15 free security programs that work AVG Technologies will release AVG Anti-Virus Free 8.0

GOOGLE & GOOGLE DESKTOP VULNERABILITIES

Google Desktop Vulnerability - the fix is in version 5.0.0701.30540

GOVERNMENT, FEDERAL & OFFICIAL SITES - REPORTING PROBLEMS

National White Collar Crime Center (NW3C) More coming soon.

HACKERS, ANTI, Information

NOTE: Strictly speaking, "Hackers" are not neccessarily bad guys, but these days, "Hackers" is a commonly used term for people who do "bad things" to other people's computers and/or software. Security Tip: Buy Password-Cracking Software Passware sells a large collection of programs for cracking passwords PGP users can be tricked - don't know if it's still true computer security resource - secureroot

HARDWARE DIAGNOSTICS

Hardware Diagnostics - PCworld Troubleshooting CLICK HERE for more information about FIRMWARE CLICK HERE for more information about HARDWARE

COMPUTER HARDWARE, PROTECTING YOUR

SURGE PROTECTORS WHOLE HOUSE Surge Protectors UPS / AVR Power Cleaners / AC line Filters GFI / GFCI / RCCB AFCI

HOME COMPUTER SECURITY SPECIFICS

The Ten Commandments of PC Security CBC News Indepth: Computer security - How safe is your computer? Researchers say they peeled The Onion Router The Encyclopedia of Computer Security Home Computer Security - CERT OnGuardOnline.gov provides practical tips from the federal government Microsoft - Security at Home Security Essentials - Microsoft Stay Safe Online. National Cyber Security Alliance Home PC Firewall Guide Guide for. Home. Computer. Security NIST Computer Security Division's CSRC Home page Federal Trade Commission - Consumer Information Security Security Tip No. 9 - Security for your privately owned home computer Home Computer Security Checklist - digitalchoke

HOSTS file

Access to/from Sites (URLs/Web addresses) listed in your "hosts" file are blocked or re-directed to specific IP addresses by Microsoft Windows. Hosts files were originally (an are still used) used in Unix, MAC OS, and now Linux and Windows operating systems as a method to prevent suspected, alleged, "bad/AD depositing/Spyware depositiong/..." sites from effecting your computer. The contents of your Hosts file may be edited. If you run Anti-Spyware or Anti-Virus programs, you may have to use one of those programs to edit the Hosts file (otherwise, those programs may try to proect your computer by NOT allowing you to edit to the Host file). Both your Anti-virus and Anti-Spyware programs will probably automatically add hundreds of suspected, alleged, "bad" sites to your Host file, in an effort to protect your computer from these sites. Normally, You the computer user, would have NO need to worry about, modify, nor setup your computer's Hosts file. Only Advanced users may wish to modify the Hosts file. Blocking Unwanted Parasites with a Hosts File MVPS HOSTS file is a free download - get a list of sites that MVPS says should be blocked Hosts file - Wikipedia, the free encyclopedia Host - Wikipedia, the free encyclopedia What is the Hosts file? Gorilla Design Studio Presents: The Hosts File - blocks major advertisers' hostnames The Hosts File and what it can do for you hosts-file.net - The Official Home of hpHOSTS: hpguru's HOSTS file

IDENTITY THEFT

Identity theft at the gas station - how to avoid - video Black Hat Lifts the Cover Off ID Theft Phishing Networks In An Instant, Retirement Savings Vanish Liberty Alliance takes on ID theft
Caught by a Phish Sunbelt Adds Detection for ID Theft Keylogger Spyware Researchers Discover ID Theft Ring The latest Identity Theft technique - 10/2004 Limiting Identity Theft Damage

IM - INSTANT MESSAGING

Critical AOL's IM FLAW Understanding How an IM Attack Works The Harm Public Instant Messaging Can Do to Your Business Minimizing the Security Risks of Instant Messaging How IM Causes Network Security Problems Instant Messaging Attacks - PCworld Windows Messenger users can't send messages containing certain strings including '.info'. Click here for more information

INTEL SECURITY INFORMATION

Interesting - latest Microsoft XP updates INCLUDE Intel's Processor Patches (see below) Critical Update for Intel Core CPUs - June 27, 2007 SEE ALSO: SPIM

INTERNET EXPLORER

Problems In Recent (December) IE Cumulative Update IE Automatic Component Activation Preview IE 7 Bug Reopens Debate Over Patch Responsibilities IE 7 Update Drops WGA Validation Requirement (updates available to illegal copies of IE) Microsoft: No Flaw In IE, says it's Mozilla's fault Internet Explorer 7 vulnerabilities can be used to prevent the user from leaving a Web page, even if it appears that they have done so IE attack then launches malicious Firefox attack - IE and Firefox Join In to Attack You Download IE7 beta 2? - IT'S a SCAM complicated and interesting tool for phishing attacks in IE7 Microsoft Investigates IE 7 Vulnerability TURN OFF JAVASCRIPT in IE - all versions - Microsoft says so - 6/2004 Turn OFF JAVA, at least from unknown sites. IE 7 Cautionary Tale Download tool to Remove Microsoft IE 7 beta 2 (only)

Intrusion Detection Languages / CISL

Common Intrusion Specification Language, or CISL A CISL Tutorial Common Intrusion Detection Framework, or CIDF

Intrusion Protection Systems - IPS

IPS Solutions Get Smarter IPS Devices Reach for High End

IP ADDRESS - Where is it located & who owns it?

IP address's location - networldmap Lots of lookups based on a given IP address - dnsstuff WhatIsMyIP.com 127.0.0.1 - IP Loopback Address CLICK HERE FOR MORE IP ADDRESS INFORMATION

ISO & ISO 17799

ISO 17799, ISO17799 and Computer Security News The ISO 17799 Information Security Portal See also ISO Standards See also: ISO Organization

JAVA and J2EE Security Problems

Java VM Privilege Elevation - vulnerability Java Security Traps Worsen - 5/9/2007 Tutorial: Developing real-time and safety-critical embedded Java applications - Part 1 Tutorial: Designing real-time and safety-critical embedded Java applications - Part 2 JAVA - Infected GIF files can take control of your computer These JAVA versions contain fixes for this vulernability. Older JAVA versions HAVE the vulernability. Sun Java 2 Runtime Environment 1.3.1_19 Sun Java 2 Runtime Environment 1.4.2_13 Sun Java 2 Runtime Environment 5.0.Update 10 Sun Java 2 Standard Edition SDK 1.3.1_19 Sun Java 2 Standard Edition SDK 1.4.2_13 More details on the above JAVA vulnerability CLICK HERE for more information about JAVA / J2EE / J2ME / J2SE / JAVA2 ...

Javascript Hijacking

JavaScript Attacks Get Slicker AJAX Apps Ripe Targets for JavaScript Hijacking sneaky JavaScript Datanotary Hijack - spywareinfo Preventing Web Site Hijacking or Theft Script Console - Javascript TitleTimer is a Javascript-prod ... JavaScript Hikacking - net-security CLICK HERE for more information about JavaScript

Keyjacking / Keylogging

There were 180 known, unique keyloggers in Aptril, 2006. Suggestions: 1] Use a Software Firewall (other than the Windows XP Firewall). 2] Don't use the same password for different sites. 3] Change passwords often. Sunbelt Adds Detection for ID Theft Keylogger Keyboard Spy: implementation and counter measures

Malware (Anti-Malware)

In law, Malware is sometimes known as a computer contaminant, for instance in the legal codes of California, Virginia, and several other U.S. states. WHAT TO DO IF YOU SUSPECT YOU HAVE AN INFECTED COMPUTER WHAT PROGRAMS ARE STARTED AT BOOTUP? WHAT IS RUNNING ON YOUR WINDOWS SYSTEM? Be very careful about opening ".HTA" (Hypertext-Application) Files: Five of the Dirtiest Malware Tricks McAfee Malware Trends - 1Q2007 Kaspersky Top 20 - 1Q2007 Malware, Spyware, Adware Or Trojan - What's the Fuss? Computer "Malware": Worms, Trojans, Back Doors and Viruses Defining Malware: FAQ - Microsoft Computer Security Threats - Chart of Characteristics - CACI HNS - Malware of the week: Piggi.B worm, ReverseClick.A trojan and ... Read & Run Me First - Malware Removal Guide Malware Breaks Under Pressure Free website lists programs with spyware & malicious adware - StopBADware.org Microsoft's Free Malware Remover - XP, WIN2K & WIN2003 ONLY Malware Removal - eurekster PC Magazine's Head Off Spyware, Viruses and Malware Series History of Malware Malware info - Noticebored Guide to Malware Incident Prevention and Handling - NIST CMEprovides single, common identifiers to