Welcome to The Funny/Alerts Newsletter. Since things seem to be fairly quiet on the security front I'm going to take this time to remind you about keeping the hatches battened down. Try as we might, there are just so many holes in Microshaft products that it's impossible to tell where the next attack will come from. Take a look at the "scary" page featured in the FUN SITE area. This particular web site is safe and only demonstrates the effect. The "scary" part is that this could even be done by just clicking over to a web page that has this monster imbedded into it! It's IE oriented, so it will not run in either Netscape or Opera.
That item is really hot! There have been some 25,000 visitors to that link. People with the IE security settings on high or with "other browsers" did not get to see the DOS box and were not vulnerable. Many reported that their Viruswall software picked up that this was a virus and were protected. In IE version 6.0, Select the Tools-Internet options, Security, Custom Settings-Select HIGH and reset. That will block this kind of thing out, but also may make some sites not work properly. Disabling "Active Scripts" is a way to prevent these critters too.
More over, several people reported that their pop-up killer tools did a good job of preventing this exploit. And one more way to foil this and other common attempts is really a preventative thing: install Windows NT/2000/XP to a directory other than WINNT or WINDOWS. That may cause some other headaches, but it certainly is an idea. One can also just disable or rename the command shell. Use C:\WINNT\SYSTEM32COMMAND. C O M instead of CMD.C O M . (I'm putting spaces in between because some virus filtering software might kill this email thinking it contains some malware).
Some people commented that tinysoftware.com has a little tool that will "sandbox" untrusted software and I'm sure that there are more third party tools out there that would do the trick. The upshot of this whole thing is, that you need to have several layers of security protection in place.
GRINS & GIGGLES:
From Rodney Dangerfield
1. I was so poor growing up... if I wasn't a boy I'd have had nothing to play with.
2. A girl phoned me the other day and said, "Come on over; nobody's home." I went over and sure enough nobody was home.
3. During sex, my girlfriend always wants to talk to me. Just the other night she called me from a hotel
4. One day I came home early from work ... I saw a guy jogging naked. I said to the guy, "Hey buddy, why are you doing that?" He said "Because you came home early."
5. It's been a rough day. I got up this morning... put a shirt on and a button fell off. I picked up my briefcase, and the handle came off. I'm afraid to go to the bathroom.
6. I was such an ugly kid... When I played in the sandbox, the cat kept covering me up.
7. I could tell my parents hated me. My bath toys were a toaster and radio.
8. I was such an ugly baby...My mother never breast fed me. She told me that she only liked me as a friend.
9. I'm so ugly... My father carries around a picture of the kid who came with his wallet.
10. When I was born, the doctor came into the waiting room and said to my father, "I'm sorry. We did everything we could, but he pulled through."
11. I'm so ugly... My mother had morning sickness... AFTER I was born.
12. I remember the time that I was kidnapped and they sent a piece of my finger to my father. He said he wanted more proof.
13. Once when I was lost, I saw a policeman, and asked him to help me find my parents. I said to him, "Do you think we'll ever find them?" He said,"I don't know kid. There's so many places they can hide."
14. My wife made me join a bridge club. I jump off next Tuesday.
15. I'm so ugly... I worked in a pet shop, and people kept asking how big I'd get.
16. I went to see my doctor. "Doctor, every morning when I get up and I look in the mirror... I feel like throwing up; What's wrong with me?" He said "I don't know but your eyesight is perfect."
17. I went to the doctor because I'd swallowed a bottle of sleeping pills. My doctor told me to have a few drinks and get some rest.
18. With my old man I got no respect. I asked him, "How can I get my kite in the air?" He told me to run off a cliff.
19.Some dog I got. We call him Egypt because in every room he leaves a pyramid. His favorite bone is in my arm. Last night he went on the paper four times - three of those times I was reading it.
20. One year they wanted to make me poster boy - for birth control.
21. My uncle's dying wish was to have me sitting in his lap; he was in the electric chair.
[thanks to Roy Howard for this one]
Virus Detection and Prevention Tips
·Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
·Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
·Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
·Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network. (DP-The Internet is just a wide network and bandwidth is a precious commodity)
·Do not download any files from strangers.
·Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.
·Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well.
·Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
·When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates which include those for your operating system, web browser and email . One example is the security site section of Microsoft.
·If you are in doubt about any potential virus related situation you find yourself in, contact a reliable AV center, such McAfee's AVERT.
Q: How can I get rid of dark circles under my eyes?
A: Try an eye cream containing vitamin K. In a recent study, these creams helped repair damaged blood vessels beneath the skin.
Result: Dark circles were lightened by up to 70%. Sunlight interferes with the vitamin's healing process, so apply the cream at bedtime. UV rays worsen dark circles, so always apply sunscreen when going outdoors.
Eye creams that contain vitamin K are available over the counter from Erno Laszlo, Mary Kay and St. Ives.
Our inside source: Melvin Elson, MD, a dermatologist in private practice in Nashville.
Bad Password Policy Allows New York Times Hack
Well known 21-year old hacker Adrian Lamo did it again. This time he broke into the NYT systems through an open proxy and using a default password. Here is a small section of the story from the SecurityFocus site.
Lamo says he began his excursion at a proxy in the Times home delivery department and scanned the newspaper's IP address range for Web servers. "The proxy was on a different network, dealing with management of subscription information, but it was trusted by their internal network," says Lamo. He quickly found the intranet homepage, and an unprotected copy of a database that cataloged employees' names and Social Security numbers. "From what I've been able to tell, it was a backup database being used for research."
Armed with that information, the hacker could use the intranet account of any employee that hadn't changed their password from the default -- the last four digits of the person's Social Security number. One of those belonged to a worker that had the power to create new accounts, so Lamo set up his own account on the network with higher privileges.
One of the first lines of defense is your password. A good password is one of the best defenses you have against attack. Making it hard to "crack" doesn't necessarily mean making it impossible to remember. Simply substituting numbers for letters and throwing in a couple of capitals could be enough to stop the common snoop.
Think about crime in the real world; most of it is opportunistic. Someone leaves their window open or the keys in the ignition and a passing delinquint can't resist. Simply locking up your vehicle and hiding your valuables is usually enough to get you passed up for an easier target.
We all know that if a professional really wants to take what you have, you probably can't stop them. It's the same in the digital world. There are tools out there that professional cyber-criminals use get past most security systems. The trick is to "discourage" the common thief and delay the professional just long enough that they will go somewhere else.
A simple trick like combining words is very effective and makes for a longer, more secure password. Computers assign different values for capitalized letters and this, again, adds to your password's security. Now substitute a couple of the letters for numbers and you've raised your password's level of security another notch!
For example: one of the most common passwords is "God" and, although it's easy to remember, it's a failure in the security department. Here's why:
1) too short. The longer a password is the harder it is to figure out. For every alpha character you add, you raise the possible combinations by a factor of 26! So the word "God" is equal to 26x26x26. A good password is, at the very least, six characters long.
2) one word. Combined words are MUCH harder to guess and if they're hyphenated that throws another (non-alpha) character into the mix. Ever wonder why AOL uses this configuration?
3) personal. If you're known to be the religous type then this is the first password someone will try when attempting to get access to your information. Also, don't use the names of your family, pets or favorite atheletes/artists. Anything that's easily found out (such as your name, phone number or address) is also taboo.
I've included a simple chart here to give you an idea of how you can easily create words that will make for better security on your computer.
... now add puncuation:
Now throw in some phonetics (eg. Alpha, Bravo, Charlie) and you've created a SUPER secure password!
Or, if this is all too much for you, simply use common passwords with number substitutes. This would still be fairly secure (more so than your pet or favorite team name) and still be easy to remember. If you mix in some punctuation and/or swap capitalizations, that would be even better still.
It is also really important to get company wide password policy set, implemented and controlled.
Want To See Something Scary?
I thought you might be interested in trying this and then see your hair stand out. When I tried it just now it still worked and it's real too... yikes! This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. So... do you still trust Microshaft to take care of your security for you?
With the second link look towards the end of the page:
Just as we cannot see our own faces without looking into a mirror, we cannot know ourselves without looking at our relationships.