Security Active Blog

Taken From i-hacked

I hereby declare that WED JULY 1st is Twitter Security Day (#twittersec). I do so with good reason. As it stands, the guys at http://twitpwn.com/ have declared July the “Month of Twitter Bugs” (MoTB). Taken from their site:

Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products.
Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site. As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.
Even though I have enough vulnerabilities for this month, you are more than welcomed to send me (via email or twitter) vulnerabilities you find in 3rd party Twitter services. I will do my best to publish all submitted vulnerabilities. I will, of course, credit the submitter.

So what does #twittersec mean? What should you do?

Simple: On Wed, July 1st CHANGE YOUR TWITTER PASSWORD.

How many times have you given your twitter password to a third party site? Did you change your password after you did that? Well, if not here is a good time to do so. Yes, it is true that changing your password doesn’t invalidate all of the “MoTB” however, it could help stop a few.

Even more importantly #twittersec’s goal is to raise awareness to the “MoTB” and to put pressure on the developers to fix the vulnerabilities in these third party apps.

Please help spread the word about Month of Twitter Bugs and #twittersec day!

Paramedics were called to the singer’s home around midday local time on Thursday after he stopped breathing and suffered a suspected cardiac arrest.

He was rushed by ambulance to a local medical centre, but his death was announced shortly afterwards.

The star, who had a history of health problems, had been due to begin a series of comeback concerts in the UK on 13 July.

He had a history of health problems and had not completed a concert tour in 12 years.

Look out for Spamming

As with all these types of incident with huge media exposure, we should expect to see an onslaught of spam, and phishing attacks.

I have seen mails going doing the rounds already, with stories, jokes, videos etc, so please be careful.

Just after about 8 hours of his demise, SophosLabs witnessed the first wave of spam messages employing the sad news in the subject line and body part to harvest victims’ email addresses.

In this kind of spam message, the spammer claims she/he has vital information about the death of Michael Jackson to share with somebody, ie you.

The body of spam message does not contains any call-to-action link such as url, email, or phone number. And the from email address of the message is bogus.

But the spammer can harvest receivers’ email addresses via a free live email address if the spam message is replied to.

Also keep an eye out for suspicious emails talking about having your 02 ticket refunded if you bought one. If you have questions about this contact the booking offices you made the purchases through directly.

Ok so I have installed the Microsoft Security Essentials Beta, run a quick and full scan. I have to say its not to bad.
Looks like it takes about 4,184k of memory when running, and I guess thats not as good as some of the other free AVs on the market but it does seem to do the job.

I have taken a few screen shots below so you can get an idea of the different screens. It did find and flag Kon-Boot, so its doing something.

So Microsoft’s Security Essentials Beta went live today, and I believe is limited to 75,000 users.
I got myself a copy from the MSE site, the beta is available only to customers in the United States, Israel (English only), People’s Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only). Obviously you may find ways around this.

I will install it later and give my opinions, but might want to grab a copy and see what its like.

Here is some information and screenies:

What is Microsoft Security Essentials?

You’re too busy to spend a lot of time worrying about protecting your PC. With Microsoft Security Essentials Beta, you get high-quality protection against viruses and spyware, including Trojans, worms and other malicious software. And best of all, there are no costs or annoying subscriptions to keep track of.

Security Essentials is easy to install and easy to use. Updates and upgrades are automatic, so there’s no need to worry about having the latest protection. It’s easy to tell if you’re protected – when the Security Essentials icon is green, your status is good. It’s as simple as that.

When you’re busy using your PC, you don’t want to be bothered by needless alerts. Security Essentials runs quietly in the background, only alerting you if there’s something you need to do. And it doesn’t use a lot of system resources, so it won’t get in the way of your work or fun.